From 8ef437334f712238da4e0b7f3a4b3998240d078f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Mar 2024 21:31:57 -0600 Subject: [PATCH 0001/1043] initialized flake --- .sops.yaml | 7 + flake.lock | 100 ++++++++ flake.nix | 32 +++ hosts/emergent/configuration.nix | 5 + hosts/hesperium/configuration.nix | 5 + hosts/horizon/configuration.nix | 291 +++++++++++++++++++++++ hosts/horizon/hardware-configuration.nix | 62 +++++ hosts/threshold/configuration.nix | 5 + hosts/twilight/configuration.nix | 5 + 9 files changed, 512 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/emergent/configuration.nix create mode 100644 hosts/hesperium/configuration.nix create mode 100644 hosts/horizon/configuration.nix create mode 100644 hosts/horizon/hardware-configuration.nix create mode 100644 hosts/threshold/configuration.nix create mode 100644 hosts/twilight/configuration.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8b0366e --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f13caba --- /dev/null +++ b/flake.lock @@ -0,0 +1,100 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710033658, + "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1710039806, + "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..9be492f --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + sops-nix.url = "github:Mic92/sops-nix"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations = { + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix new file mode 100644 index 0000000..215fc8c --- /dev/null +++ b/hosts/emergent/configuration.nix @@ -0,0 +1,5 @@ +# eve desktop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix new file mode 100644 index 0000000..8cd6f61 --- /dev/null +++ b/hosts/hesperium/configuration.nix @@ -0,0 +1,5 @@ +# nas +{}: +{ + +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 0000000..a0e247e --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,291 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "leyla-laptop"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # enabled virtualisation for docker + virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Disables creating or editing users though methods not defined in this file + users.mutableUsers = false; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; + + sops.secrets."passwords/leyla".neededForUsers = true; + sops.secrets."passwords/ester".neededForUsers = true; + sops.secrets."passwords/eve".neededForUsers = true; + + # Define user accounts + users.users = { + leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden +# vscode + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; + + eve = { + isNormalUser = true; + uid = 1001; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; + + ester = { + isNormalUser = true; + uid = 1002; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + # resilio-sync + yt-dlp + spotdl + ffmpeg + chromaprint + docker + aileron +# sox +# songrec +# csvkit +# losslessaudiochecker + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # # List services that you want to enable: + # systemd.services = { + # # Start resilio sync on boot + # resilio-sync = { + # description = "Resilio Sync service"; + + # serviceConfig = { + # Type = "forking"; + # Restart = "on-failure"; + # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; + # }; + + # after = [ "network.target" "network-online.target" ]; + # wantedBy = [ "multi-user.target" ]; + # }; + # }; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 0000000..d6751d0 --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix new file mode 100644 index 0000000..305f2f7 --- /dev/null +++ b/hosts/threshold/configuration.nix @@ -0,0 +1,5 @@ +# eve laptop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 0000000..6930d8f --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,5 @@ +# leyla desktop +{}: +{ + +} \ No newline at end of file From f3ef75504210bafb30e60979fada38faff619877 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Mar 2024 21:31:57 -0600 Subject: [PATCH 0002/1043] initialized flake --- .sops.yaml | 7 + flake.lock | 100 ++++++++ flake.nix | 32 +++ hosts/emergent/configuration.nix | 5 + hosts/hesperium/configuration.nix | 5 + hosts/horizon/configuration.nix | 291 +++++++++++++++++++++++ hosts/horizon/hardware-configuration.nix | 62 +++++ hosts/threshold/configuration.nix | 5 + hosts/twilight/configuration.nix | 5 + secrets/secrets.yaml | 24 ++ 10 files changed, 536 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/emergent/configuration.nix create mode 100644 hosts/hesperium/configuration.nix create mode 100644 hosts/horizon/configuration.nix create mode 100644 hosts/horizon/hardware-configuration.nix create mode 100644 hosts/threshold/configuration.nix create mode 100644 hosts/twilight/configuration.nix create mode 100644 secrets/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8b0366e --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f13caba --- /dev/null +++ b/flake.lock @@ -0,0 +1,100 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710033658, + "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1710039806, + "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..9be492f --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + sops-nix.url = "github:Mic92/sops-nix"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations = { + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix new file mode 100644 index 0000000..215fc8c --- /dev/null +++ b/hosts/emergent/configuration.nix @@ -0,0 +1,5 @@ +# eve desktop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix new file mode 100644 index 0000000..8cd6f61 --- /dev/null +++ b/hosts/hesperium/configuration.nix @@ -0,0 +1,5 @@ +# nas +{}: +{ + +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 0000000..a0e247e --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,291 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "leyla-laptop"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # enabled virtualisation for docker + virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Disables creating or editing users though methods not defined in this file + users.mutableUsers = false; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; + + sops.secrets."passwords/leyla".neededForUsers = true; + sops.secrets."passwords/ester".neededForUsers = true; + sops.secrets."passwords/eve".neededForUsers = true; + + # Define user accounts + users.users = { + leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden +# vscode + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; + + eve = { + isNormalUser = true; + uid = 1001; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; + + ester = { + isNormalUser = true; + uid = 1002; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + # resilio-sync + yt-dlp + spotdl + ffmpeg + chromaprint + docker + aileron +# sox +# songrec +# csvkit +# losslessaudiochecker + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # # List services that you want to enable: + # systemd.services = { + # # Start resilio sync on boot + # resilio-sync = { + # description = "Resilio Sync service"; + + # serviceConfig = { + # Type = "forking"; + # Restart = "on-failure"; + # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; + # }; + + # after = [ "network.target" "network-online.target" ]; + # wantedBy = [ "multi-user.target" ]; + # }; + # }; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 0000000..d6751d0 --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix new file mode 100644 index 0000000..305f2f7 --- /dev/null +++ b/hosts/threshold/configuration.nix @@ -0,0 +1,5 @@ +# eve laptop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 0000000..6930d8f --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,5 @@ +# leyla desktop +{}: +{ + +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..5c76b34 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,24 @@ +passwords: + leyla: ENC[AES256_GCM,data:2sTuJTlW9JQv+SDSkyaYEc/CjyBhzJe9FHHvacL2SEVilnHyVKi1XpBnn9WJxsRha2UEUad9wn0iw0vu04O2dN+jZO7iLBawyg==,iv:FacSTQ3LV+An9hzYj7veeIQdZUgUZO3/RDGa+5rqo1I=,tag:PH3G1oedpe8Mh6kmm4qDIw==,type:str] + ester: ENC[AES256_GCM,data:4TkuZr9hCskJZNnTeARz8f6jFWmsEKatoi/jpWrK2JGdvJBdqcodP119p1zfTqaFGA6O67YGhXQVAPVceIxAMplUL0UfV3tK6A==,iv:kmozFDwgtHeS02avCk40Ic0EUEJXvYbE5bl4lHX80pk=,tag:r3gmve2678RbJxeF5qdM8A==,type:str] + eve: ENC[AES256_GCM,data:3xXOvblJkUaX+lcL+jgibng49PnTHldMsObE6VMwyWuGaUbZh0psRZKU8TfojW7TCgVEF93aOTc+DWxVqy8ZrfN4gN7CSudCfQ==,iv:LngLHLPXNgc33xH8WniJFnqoExhytnnEvNVBKKSnCTA=,tag:dQ7sVsMHHus39DTXpiBS+A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFdXWDJ1SGNpNEw5b0NZ + U0xjU0Q0N2krdWRUS0w5SkQwNUVUd2FHRFZjCmpkZDZxSE9laC9RbDZhTG83UjVL + UWM0S2wvUWhJRkpQMER2UGphZWhsU2sKLS0tIHFoQ3Jic2RURXNtK1NYWlBxdnJy + WTluMWJsYUxLRVpVeHQ2N0VicUhtWTAKtMgsEkDABJLQi3Wa4NnzMmW5qQw6ExoO + g6AsAMTAN/eOuxNTA6+aMP3M0hMlO07f4UHwvYGifAfHHLidDlgc2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-10T03:20:40Z" + mac: ENC[AES256_GCM,data:iqLZeEEb0PNKkCppho3BMx4rAKNco7y1aa81cvAcjim5lHvYiPKPzod4A6sd2ioc+uTVXbQO2Jt/zetYpld5YQ+lCgAyaaJ9oqI4gMruqpEYE+kQEO5e0+G84SVeMmp4DyRklCFfvsXATwPjkvpIixKASdJC+MLzqGuLkXUmueA=,iv:8h+d/gNxb3tbWdHZCtdXyTswOApjV3n9cuosHxscQu8=,tag:50mmDQcVwPJ7Ns9pkn6esQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 From b60bacf752ac9df9bc090f1d85a3752274eedc7d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 04:28:47 -0500 Subject: [PATCH 0003/1043] made user files --- README.md | 1 + flake.nix | 1 - hosts/horizon/configuration.nix | 131 ++++---------------------------- users/default.nix | 6 ++ users/ester/default.nix | 23 ++++++ users/eve/default.nix | 25 ++++++ users/leyla/default.nix | 69 +++++++++++++++++ 7 files changed, 137 insertions(+), 119 deletions(-) create mode 100644 README.md create mode 100644 users/default.nix create mode 100644 users/ester/default.nix create mode 100644 users/eve/default.nix create mode 100644 users/leyla/default.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..f3290d2 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file diff --git a/flake.nix b/flake.nix index 9be492f..bc7b3d1 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a0e247e..14520a0 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,13 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../users ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -22,13 +25,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "leyla-laptop"; # Define your hostname. + networking.hostName = "horizon"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking networking.networkmanager.enable = true; @@ -88,14 +87,11 @@ }; # enabled virtualisation for docker - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Disables creating or editing users though methods not defined in this file - users.mutableUsers = false; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; @@ -125,107 +121,6 @@ }) ]; - sops.secrets."passwords/leyla".neededForUsers = true; - sops.secrets."passwords/ester".neededForUsers = true; - sops.secrets."passwords/eve".neededForUsers = true; - - # Define user accounts - users.users = { - leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden -# vscode - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; - }; - - eve = { - isNormalUser = true; - uid = 1001; - description = "Eve"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - }; - - ester = { - isNormalUser = true; - uid = 1002; - description = "Ester"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - }; - }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -233,13 +128,13 @@ # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget + # wget # resilio-sync - yt-dlp - spotdl - ffmpeg - chromaprint - docker + # yt-dlp + # spotdl + # ffmpeg + # chromaprint + # docker aileron # sox # songrec diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..8471c05 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{...}: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 0000000..3108fca --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.ester = { + isNormalUser = true; + uid = 1001; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 0000000..c6ae188 --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.eve = { + isNormalUser = true; + uid = 1002; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 0000000..d902f51 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,69 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; +} \ No newline at end of file From 9418b91b4d3b0b8543793f21ae9213ac876f7d30 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 04:28:47 -0500 Subject: [PATCH 0004/1043] made user files --- README.md | 1 + flake.nix | 1 - hosts/horizon/configuration.nix | 131 ++++---------------------------- users/default.nix | 6 ++ users/ester/default.nix | 23 ++++++ users/eve/default.nix | 25 ++++++ users/leyla/default.nix | 69 +++++++++++++++++ 7 files changed, 137 insertions(+), 119 deletions(-) create mode 100644 README.md create mode 100644 users/default.nix create mode 100644 users/ester/default.nix create mode 100644 users/eve/default.nix create mode 100644 users/leyla/default.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..f3290d2 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file diff --git a/flake.nix b/flake.nix index 9be492f..bc7b3d1 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a0e247e..14520a0 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,13 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../users ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -22,13 +25,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "leyla-laptop"; # Define your hostname. + networking.hostName = "horizon"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking networking.networkmanager.enable = true; @@ -88,14 +87,11 @@ }; # enabled virtualisation for docker - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Disables creating or editing users though methods not defined in this file - users.mutableUsers = false; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; @@ -125,107 +121,6 @@ }) ]; - sops.secrets."passwords/leyla".neededForUsers = true; - sops.secrets."passwords/ester".neededForUsers = true; - sops.secrets."passwords/eve".neededForUsers = true; - - # Define user accounts - users.users = { - leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden -# vscode - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; - }; - - eve = { - isNormalUser = true; - uid = 1001; - description = "Eve"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - }; - - ester = { - isNormalUser = true; - uid = 1002; - description = "Ester"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - }; - }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -233,13 +128,13 @@ # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget + # wget # resilio-sync - yt-dlp - spotdl - ffmpeg - chromaprint - docker + # yt-dlp + # spotdl + # ffmpeg + # chromaprint + # docker aileron # sox # songrec diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..8471c05 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{...}: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 0000000..3108fca --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.ester = { + isNormalUser = true; + uid = 1001; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 0000000..c6ae188 --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.eve = { + isNormalUser = true; + uid = 1002; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 0000000..d902f51 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,69 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; +} \ No newline at end of file From 3b76e4a8a87beeaa82dc322561d6a79ae28d348d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH 0005/1043] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a0..c26438a 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05..077fda5 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca..0f7f3be 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188..d5b6f29 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f51..7192d10 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 0000000..491bc51 --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file From eda1db913619d357083cbd72dbc784986af0ca7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH 0006/1043] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a0..c26438a 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05..077fda5 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca..0f7f3be 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188..d5b6f29 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f51..7192d10 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 0000000..491bc51 --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file From d20cf49ba2a6aa79788abe75b4b282c797a8b66e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 19:01:23 -0500 Subject: [PATCH 0007/1043] moved overlays to own folder made environments folder --- enviroments/client/default.nix | 72 +++++++++++++++++++++++++++++ enviroments/common/default.nix | 16 +++++++ hosts/horizon/configuration.nix | 81 +-------------------------------- overlays/intellij.nix | 19 ++++++++ overlays/vscodium.nix | 15 ++++++ users/leyla/default.nix | 56 ++--------------------- users/leyla/packages.nix | 62 +++++++++++++++++++++++++ 7 files changed, 189 insertions(+), 132 deletions(-) create mode 100644 enviroments/client/default.nix create mode 100644 enviroments/common/default.nix create mode 100644 overlays/intellij.nix create mode 100644 overlays/vscodium.nix create mode 100644 users/leyla/packages.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 0000000..239058c --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us,it,de"; + xkbVariant = ""; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + # version control + git + + # helvetica font + aileron + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 0000000..3115625 --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + ]; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c26438a..3fbe076 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix - ../../users + ../../enviroments/client ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -26,68 +26,7 @@ boot.kernelModules = [ "sg" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "horizon"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; - - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -127,24 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # resilio-sync - # yt-dlp - # spotdl - # ffmpeg - # chromaprint - # docker - aileron -# sox -# songrec -# csvkit -# losslessaudiochecker - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 0000000..25ee779 --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + }) + ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 0000000..902bd78 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7192d10..14f4e38 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -3,6 +3,10 @@ let cfg = config.users.leyla; in { + imports =[ + ./packages.nix + ]; + options.users.leyla = { isNormalUser = lib.mkEnableOption "leyla"; }; @@ -30,58 +34,6 @@ in extraGroups = [ "networkmanager" "wheel" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small - # jdk - # android-tools - # android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; } else { isSystemUser = true; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 0000000..dc5bdc8 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,62 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + freecad + kicad-small + cura + makemkv + transmission-gtk + easytag + rhythmbox + + # proprietary platforms + discord + obsidian + + # development enviroments + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver + + # development tools + # TODO: move these to flakes + nodejs + + # bridges + protonvpn-gui + nextcloud-client + + # gaming + steam + # emulators + yuzu-mainline # Switch Emulator + dolphin-emu # GameCube and Wii Emulator + desmume # DS Emulator + mupen64plus # N64 Emulator + zsnes # SNES Emulator + vbam # Game Boy Advanced Emulator + fceux # NES Emulator + stella # Atari 2600 Emulator + mame # mame Emulator + + + ] + ); +} \ No newline at end of file From ffe16a8d251e62dac712de9a5832d9b65f9a76ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 19:01:23 -0500 Subject: [PATCH 0008/1043] moved overlays to own folder made environments folder --- enviroments/client/default.nix | 72 +++++++++++++++++++++++++++++ enviroments/common/default.nix | 16 +++++++ hosts/horizon/configuration.nix | 81 +-------------------------------- overlays/intellij.nix | 19 ++++++++ overlays/vscodium.nix | 15 ++++++ users/leyla/default.nix | 56 ++--------------------- users/leyla/packages.nix | 62 +++++++++++++++++++++++++ 7 files changed, 189 insertions(+), 132 deletions(-) create mode 100644 enviroments/client/default.nix create mode 100644 enviroments/common/default.nix create mode 100644 overlays/intellij.nix create mode 100644 overlays/vscodium.nix create mode 100644 users/leyla/packages.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 0000000..239058c --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us,it,de"; + xkbVariant = ""; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + # version control + git + + # helvetica font + aileron + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 0000000..3115625 --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + ]; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c26438a..3fbe076 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix - ../../users + ../../enviroments/client ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -26,68 +26,7 @@ boot.kernelModules = [ "sg" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "horizon"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; - - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -127,24 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # resilio-sync - # yt-dlp - # spotdl - # ffmpeg - # chromaprint - # docker - aileron -# sox -# songrec -# csvkit -# losslessaudiochecker - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 0000000..25ee779 --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + }) + ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 0000000..902bd78 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7192d10..14f4e38 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -3,6 +3,10 @@ let cfg = config.users.leyla; in { + imports =[ + ./packages.nix + ]; + options.users.leyla = { isNormalUser = lib.mkEnableOption "leyla"; }; @@ -30,58 +34,6 @@ in extraGroups = [ "networkmanager" "wheel" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small - # jdk - # android-tools - # android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; } else { isSystemUser = true; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 0000000..dc5bdc8 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,62 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + freecad + kicad-small + cura + makemkv + transmission-gtk + easytag + rhythmbox + + # proprietary platforms + discord + obsidian + + # development enviroments + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver + + # development tools + # TODO: move these to flakes + nodejs + + # bridges + protonvpn-gui + nextcloud-client + + # gaming + steam + # emulators + yuzu-mainline # Switch Emulator + dolphin-emu # GameCube and Wii Emulator + desmume # DS Emulator + mupen64plus # N64 Emulator + zsnes # SNES Emulator + vbam # Game Boy Advanced Emulator + fceux # NES Emulator + stella # Atari 2600 Emulator + mame # mame Emulator + + + ] + ); +} \ No newline at end of file From d828fc27dc4ca90cfa1860ec67b3fd6c74375e9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 20:13:57 -0500 Subject: [PATCH 0009/1043] installed steam --- users/leyla/packages.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index dc5bdc8..225cf92 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -44,19 +50,23 @@ in nextcloud-client # gaming - steam + # steam # emulators + # nintendo yuzu-mainline # Switch Emulator + citra-canary # 3DS emulator + cemu # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator zsnes # SNES Emulator vbam # Game Boy Advanced Emulator fceux # NES Emulator + # play station + rpcs3 # PS3 Emulator + #misc stella # Atari 2600 Emulator mame # mame Emulator - - ] ); } \ No newline at end of file From 51d567148583323b903e3c0451c2bacdaae31e37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 20:13:57 -0500 Subject: [PATCH 0010/1043] installed steam --- users/leyla/packages.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index dc5bdc8..225cf92 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -44,19 +50,23 @@ in nextcloud-client # gaming - steam + # steam # emulators + # nintendo yuzu-mainline # Switch Emulator + citra-canary # 3DS emulator + cemu # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator zsnes # SNES Emulator vbam # Game Boy Advanced Emulator fceux # NES Emulator + # play station + rpcs3 # PS3 Emulator + #misc stella # Atari 2600 Emulator mame # mame Emulator - - ] ); } \ No newline at end of file From afc0dfdb35616f9e391e103982b6adac800eab8b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 00:43:10 -0500 Subject: [PATCH 0011/1043] cleaned up packages file for leyla --- hosts/horizon/configuration.nix | 29 ------------------------- users/leyla/default.nix | 6 +++++- users/leyla/packages.nix | 38 +++++++++++++++++++++++++++------ 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3fbe076..ecb5b47 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -34,35 +34,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; - # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 14f4e38..96ea3cb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,11 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "leyla"; + isNormalUser = lib.mkEnableOption "create usable leyla user"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; config = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 225cf92..554b8c0 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -14,6 +14,12 @@ in dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + programs.noisetorch.enable = true; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -23,17 +29,26 @@ in ungoogled-chromium libreoffice inkscape + gimp + krita freecad - kicad-small cura + kicad-small makemkv transmission-gtk - easytag - rhythmbox + onionshare + # easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing # proprietary platforms discord obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) # development enviroments vscodium @@ -45,17 +60,23 @@ in # TODO: move these to flakes nodejs - # bridges + # system tools protonvpn-gui nextcloud-client - + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + # gaming # steam # emulators # nintendo - yuzu-mainline # Switch Emulator + (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator citra-canary # 3DS emulator - cemu # Wii-U emulator + (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator @@ -63,7 +84,10 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station + pcsxr # PS1 Emulator + pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator mame # mame Emulator From a6d16fe29f2d6677636157737daa8da5b3c356d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 00:43:10 -0500 Subject: [PATCH 0012/1043] cleaned up packages file for leyla --- hosts/horizon/configuration.nix | 29 ------------------------- users/leyla/default.nix | 6 +++++- users/leyla/packages.nix | 38 +++++++++++++++++++++++++++------ 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3fbe076..ecb5b47 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -34,35 +34,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; - # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 14f4e38..96ea3cb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,11 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "leyla"; + isNormalUser = lib.mkEnableOption "create usable leyla user"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; config = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 225cf92..554b8c0 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -14,6 +14,12 @@ in dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + programs.noisetorch.enable = true; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -23,17 +29,26 @@ in ungoogled-chromium libreoffice inkscape + gimp + krita freecad - kicad-small cura + kicad-small makemkv transmission-gtk - easytag - rhythmbox + onionshare + # easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing # proprietary platforms discord obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) # development enviroments vscodium @@ -45,17 +60,23 @@ in # TODO: move these to flakes nodejs - # bridges + # system tools protonvpn-gui nextcloud-client - + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + # gaming # steam # emulators # nintendo - yuzu-mainline # Switch Emulator + (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator citra-canary # 3DS emulator - cemu # Wii-U emulator + (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator @@ -63,7 +84,10 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station + pcsxr # PS1 Emulator + pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator mame # mame Emulator From 46aa44a23e445613ccc7d39c3f9c46e9ac321602 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 01:57:17 -0500 Subject: [PATCH 0013/1043] added home manager for leyla --- enviroments/client/default.nix | 6 ++- flake.lock | 8 ++-- flake.nix | 2 +- users/default.nix | 4 +- users/leyla/default.nix | 2 + users/leyla/home.nix | 82 ++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 4 +- 7 files changed, 99 insertions(+), 9 deletions(-) create mode 100644 users/leyla/home.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 239058c..fc05ac1 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -23,8 +23,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us,it,de"; - xkbVariant = ""; + xkb = { + layout = "us,it,de"; + variant = ""; + }; }; # Enable sound with pipewire. diff --git a/flake.lock b/flake.lock index f13caba..eb6a19f 100644 --- a/flake.lock +++ b/flake.lock @@ -22,16 +22,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bc7b3d1..43f8cd7 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/users/default.nix b/users/default.nix index 077fda5..97133d9 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 96ea3cb..8745e7b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -43,5 +43,7 @@ in } ) ]; + + home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 0000000..baf2ebf --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "leyla"; + home.homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 554b8c0..c1311a7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -74,8 +74,10 @@ in # steam # emulators # nintendo + # TODO: replace this with self hosted flake (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - citra-canary # 3DS emulator + # TODO: replace this with self hosted flake + # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator From 0e8697bf66a0ba66b990088e05d5a6d622102bdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 01:57:17 -0500 Subject: [PATCH 0014/1043] added home manager for leyla --- enviroments/client/default.nix | 6 ++- flake.lock | 8 ++-- flake.nix | 2 +- users/default.nix | 4 +- users/leyla/default.nix | 2 + users/leyla/home.nix | 82 ++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 4 +- 7 files changed, 99 insertions(+), 9 deletions(-) create mode 100644 users/leyla/home.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 239058c..fc05ac1 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -23,8 +23,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us,it,de"; - xkbVariant = ""; + xkb = { + layout = "us,it,de"; + variant = ""; + }; }; # Enable sound with pipewire. diff --git a/flake.lock b/flake.lock index f13caba..eb6a19f 100644 --- a/flake.lock +++ b/flake.lock @@ -22,16 +22,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bc7b3d1..43f8cd7 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/users/default.nix b/users/default.nix index 077fda5..97133d9 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 96ea3cb..8745e7b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -43,5 +43,7 @@ in } ) ]; + + home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 0000000..baf2ebf --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "leyla"; + home.homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 554b8c0..c1311a7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -74,8 +74,10 @@ in # steam # emulators # nintendo + # TODO: replace this with self hosted flake (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - citra-canary # 3DS emulator + # TODO: replace this with self hosted flake + # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator From d6ca7d5a60bdb2b549e50fa2bd434b6a8592530b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 12 Mar 2024 00:53:45 -0500 Subject: [PATCH 0015/1043] set init default branch for git to main --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index baf2ebf..3b26ed4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,6 +77,7 @@ enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; } From 6bafea9b7b85065ed466533bd8554f19a221e1d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 12 Mar 2024 00:53:45 -0500 Subject: [PATCH 0016/1043] set init default branch for git to main --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index baf2ebf..3b26ed4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,6 +77,7 @@ enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; } From a18d2d373a79fc1b791821ec3c0c6545db8bdb68 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:33:03 -0500 Subject: [PATCH 0017/1043] regenerated age keys to use leylas credentials --- .sops.yaml | 4 ++-- flake.nix | 6 ++++-- pkgs/default.nix | 4 ++++ users/leyla/packages.nix | 7 +++---- 4 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 pkgs/default.nix diff --git a/.sops.yaml b/.sops.yaml index 8b0366e..0ac5664 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - - *primary \ No newline at end of file + - *leyla diff --git a/flake.nix b/flake.nix index 43f8cd7..a0d15de 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,12 @@ outputs = { self, nixpkgs, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..b0fd62b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +pkgs: { + # yuzu-clone = pkgs.callPackage ./yuzo { }; + # citra-clone = pkgs.callPackage ./citra { }; +} \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c1311a7..3d2429b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,11 +71,10 @@ in (lib.mkIf cfg.hasViaKeyboard via) # gaming - # steam # emulators # nintendo # TODO: replace this with self hosted flake - (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator # TODO: replace this with self hosted flake # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator @@ -86,9 +85,9 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station - pcsxr # PS1 Emulator - pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + pcsx2 # PS2 Emulator + pcsxr # PS1 Emulator # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator From 9348d4094cdc71177cd51a93927e47dc981335b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:33:03 -0500 Subject: [PATCH 0018/1043] regenerated age keys to use leylas credentials --- .sops.yaml | 4 ++-- flake.nix | 6 ++++-- pkgs/default.nix | 4 ++++ secrets/secrets.yaml | 22 +++++++++++----------- users/leyla/packages.nix | 7 +++---- 5 files changed, 24 insertions(+), 19 deletions(-) create mode 100644 pkgs/default.nix diff --git a/.sops.yaml b/.sops.yaml index 8b0366e..0ac5664 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - - *primary \ No newline at end of file + - *leyla diff --git a/flake.nix b/flake.nix index 43f8cd7..a0d15de 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,12 @@ outputs = { self, nixpkgs, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..b0fd62b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +pkgs: { + # yuzu-clone = pkgs.callPackage ./yuzo { }; + # citra-clone = pkgs.callPackage ./citra { }; +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 5c76b34..fb57b2b 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,24 +1,24 @@ passwords: - leyla: ENC[AES256_GCM,data:2sTuJTlW9JQv+SDSkyaYEc/CjyBhzJe9FHHvacL2SEVilnHyVKi1XpBnn9WJxsRha2UEUad9wn0iw0vu04O2dN+jZO7iLBawyg==,iv:FacSTQ3LV+An9hzYj7veeIQdZUgUZO3/RDGa+5rqo1I=,tag:PH3G1oedpe8Mh6kmm4qDIw==,type:str] - ester: ENC[AES256_GCM,data:4TkuZr9hCskJZNnTeARz8f6jFWmsEKatoi/jpWrK2JGdvJBdqcodP119p1zfTqaFGA6O67YGhXQVAPVceIxAMplUL0UfV3tK6A==,iv:kmozFDwgtHeS02avCk40Ic0EUEJXvYbE5bl4lHX80pk=,tag:r3gmve2678RbJxeF5qdM8A==,type:str] - eve: ENC[AES256_GCM,data:3xXOvblJkUaX+lcL+jgibng49PnTHldMsObE6VMwyWuGaUbZh0psRZKU8TfojW7TCgVEF93aOTc+DWxVqy8ZrfN4gN7CSudCfQ==,iv:LngLHLPXNgc33xH8WniJFnqoExhytnnEvNVBKKSnCTA=,tag:dQ7sVsMHHus39DTXpiBS+A==,type:str] + leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] + ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] + eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - recipient: age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFdXWDJ1SGNpNEw5b0NZ - U0xjU0Q0N2krdWRUS0w5SkQwNUVUd2FHRFZjCmpkZDZxSE9laC9RbDZhTG83UjVL - UWM0S2wvUWhJRkpQMER2UGphZWhsU2sKLS0tIHFoQ3Jic2RURXNtK1NYWlBxdnJy - WTluMWJsYUxLRVpVeHQ2N0VicUhtWTAKtMgsEkDABJLQi3Wa4NnzMmW5qQw6ExoO - g6AsAMTAN/eOuxNTA6+aMP3M0hMlO07f4UHwvYGifAfHHLidDlgc2g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd3BCR2RmMms4ZkNlbTdy + SzRKQ1NqZmFmOHJIS0oxZ3BMSnUyWXAyUUVrCk9tNjNNb0xEcnkvamJpSFF5UlhU + ejF4ZHFlZzJoemxpWXd0clN3cFZvMlkKLS0tIDdoK1oxc2doQTh3QlVyc3dhUE1W + VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ + Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-10T03:20:40Z" - mac: ENC[AES256_GCM,data:iqLZeEEb0PNKkCppho3BMx4rAKNco7y1aa81cvAcjim5lHvYiPKPzod4A6sd2ioc+uTVXbQO2Jt/zetYpld5YQ+lCgAyaaJ9oqI4gMruqpEYE+kQEO5e0+G84SVeMmp4DyRklCFfvsXATwPjkvpIixKASdJC+MLzqGuLkXUmueA=,iv:8h+d/gNxb3tbWdHZCtdXyTswOApjV3n9cuosHxscQu8=,tag:50mmDQcVwPJ7Ns9pkn6esQ==,type:str] + lastmodified: "2024-04-03T01:27:28Z" + mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c1311a7..3d2429b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,11 +71,10 @@ in (lib.mkIf cfg.hasViaKeyboard via) # gaming - # steam # emulators # nintendo # TODO: replace this with self hosted flake - (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator # TODO: replace this with self hosted flake # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator @@ -86,9 +85,9 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station - pcsxr # PS1 Emulator - pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + pcsx2 # PS2 Emulator + pcsxr # PS1 Emulator # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator From cbb09462059f71eec6d2d67d3b381db7d9cff2b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:55:11 -0500 Subject: [PATCH 0019/1043] updated README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3290d2..110e05a 100644 --- a/README.md +++ b/README.md @@ -1 +1,13 @@ -sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file + + + +Build Command: +`sudo nixos-rebuild switch --flake .#hostname` + +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | Steam Desk | Leyla | Handheld | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | From 9c2d5201fc353b93965710ffd66ee3ff5d721fee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:55:11 -0500 Subject: [PATCH 0020/1043] updated README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3290d2..110e05a 100644 --- a/README.md +++ b/README.md @@ -1 +1,13 @@ -sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file + + + +Build Command: +`sudo nixos-rebuild switch --flake .#hostname` + +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | Steam Desk | Leyla | Handheld | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | From a45d441f019d791267815a9f33d022f0c55d0a4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 15:58:30 -0500 Subject: [PATCH 0021/1043] added code shell aliases --- users/leyla/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 3d2429b..55c2faa 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,10 @@ in ../../overlays/vscodium.nix ]; + programs.bash.shellAliases = { + code = "codium"; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 712ecbb8b33f833cb72705cc5598e367ff0bb1d4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 15:58:30 -0500 Subject: [PATCH 0022/1043] added code shell aliases --- users/leyla/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 3d2429b..55c2faa 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,10 @@ in ../../overlays/vscodium.nix ]; + programs.bash.shellAliases = { + code = "codium"; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 0b6065befc904e235c2ceb03d1883227ab14fc6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 16:11:16 -0500 Subject: [PATCH 0023/1043] removed node from packages --- users/leyla/packages.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 55c2faa..196373a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -54,16 +54,12 @@ in steam (lib.mkIf cfg.hasGPU davinci-resolve) - # development enviroments + # development tools vscodium androidStudioPackages.canary jetbrains.idea-community dbeaver - # development tools - # TODO: move these to flakes - nodejs - # system tools protonvpn-gui nextcloud-client From d4c2999b8ed969080a709e90e0fe1451be6f5243 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 16:11:16 -0500 Subject: [PATCH 0024/1043] removed node from packages --- users/leyla/packages.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 55c2faa..196373a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -54,16 +54,12 @@ in steam (lib.mkIf cfg.hasGPU davinci-resolve) - # development enviroments + # development tools vscodium androidStudioPackages.canary jetbrains.idea-community dbeaver - # development tools - # TODO: move these to flakes - nodejs - # system tools protonvpn-gui nextcloud-client From 8267680a0293e626d0dd8ad9953d69936293400f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Apr 2024 12:23:34 -0500 Subject: [PATCH 0025/1043] installed bruno --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 196373a..2545068 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -59,6 +59,7 @@ in androidStudioPackages.canary jetbrains.idea-community dbeaver + bruno # system tools protonvpn-gui From c568b7fb65a4f1fe2f521dbf352bffcabd26dc33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Apr 2024 12:23:34 -0500 Subject: [PATCH 0026/1043] installed bruno --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 196373a..2545068 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -59,6 +59,7 @@ in androidStudioPackages.canary jetbrains.idea-community dbeaver + bruno # system tools protonvpn-gui From f0a6d7362a8c094ed2d9a41440c90a9dda3bbfb0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 May 2024 15:10:54 -0500 Subject: [PATCH 0027/1043] installed cachefilesd --- enviroments/client/default.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fc05ac1..c0f82e0 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -70,5 +70,7 @@ # system debuging tools iputils dnsutils + + cachefilesd ]; } \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index d6751d0..e83bda5 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -23,18 +23,20 @@ fsType = "vfat"; }; + services.cachefilesd.enable = true; + fileSystems."/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/docker_home" = From 5fb145662261f301d179480e8ad044f332c33c21 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 May 2024 15:10:54 -0500 Subject: [PATCH 0028/1043] installed cachefilesd --- enviroments/client/default.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fc05ac1..c0f82e0 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -70,5 +70,7 @@ # system debuging tools iputils dnsutils + + cachefilesd ]; } \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index d6751d0..e83bda5 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -23,18 +23,20 @@ fsType = "vfat"; }; + services.cachefilesd.enable = true; + fileSystems."/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/docker_home" = From 85a34279b30e1e009f3a7b02901e449dac7c678b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:47:44 -0500 Subject: [PATCH 0029/1043] added config for framework specific hardware things --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a0d15de..b97f0a0 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); @@ -26,6 +28,7 @@ modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; }; From effeb63067b439c433efede905165af752919f3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:47:44 -0500 Subject: [PATCH 0030/1043] added config for framework specific hardware things --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a0d15de..b97f0a0 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); @@ -26,6 +28,7 @@ modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; }; From 215e5c8660a366cf7412d101a451b58c2b2b5b3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:48:02 -0500 Subject: [PATCH 0031/1043] updated flake lock --- flake.lock | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index eb6a19f..59947ee 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -20,13 +20,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -38,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710033658, - "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709968316, - "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -71,6 +87,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -81,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1710039806, - "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { From c119ceed99fda27158c3ac22507572ca7f5e8b3f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:48:02 -0500 Subject: [PATCH 0032/1043] updated flake lock --- flake.lock | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index eb6a19f..59947ee 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -20,13 +20,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -38,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710033658, - "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709968316, - "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -71,6 +87,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -81,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1710039806, - "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { From 7186c2736b709dbd6011952623780d7660e2c5f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 16:10:39 -0500 Subject: [PATCH 0033/1043] updated dbeaver --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2545068..4147054 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -58,7 +58,7 @@ in vscodium androidStudioPackages.canary jetbrains.idea-community - dbeaver + dbeaver-bin bruno # system tools From e50a9e71a5931f5e8cadd57429cb2bd2d50e8ad3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 16:10:39 -0500 Subject: [PATCH 0034/1043] updated dbeaver --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2545068..4147054 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -58,7 +58,7 @@ in vscodium androidStudioPackages.canary jetbrains.idea-community - dbeaver + dbeaver-bin bruno # system tools From 50f2c88fff4210dd1e858bdd69e40ddd27b91524 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:13 -0500 Subject: [PATCH 0035/1043] added leyla to abd users --- README.md | 2 -- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 110e05a..cedb557 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ - - Build Command: `sudo nixos-rebuild switch --flake .#hostname` diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 8745e7b..2f798be 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 4147054..0f87f9a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -20,6 +20,8 @@ in programs.noisetorch.enable = true; + programs.adb.enable = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; From 30961e681b9fb8530cc1d7c2ceab6d9f003567d3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:13 -0500 Subject: [PATCH 0036/1043] added leyla to abd users --- README.md | 2 -- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 110e05a..cedb557 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ - - Build Command: `sudo nixos-rebuild switch --flake .#hostname` diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 8745e7b..2f798be 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 4147054..0f87f9a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -20,6 +20,8 @@ in programs.noisetorch.enable = true; + programs.adb.enable = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; From e07cfe1eeb31ef79c615602b40f8b1f8fd4d63d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:34 -0500 Subject: [PATCH 0037/1043] removed emulators --- users/leyla/packages.nix | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0f87f9a..8ef0beb 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -73,28 +73,28 @@ in (lib.mkIf cfg.hasOpenRGBHardware openrgb) (lib.mkIf cfg.hasViaKeyboard via) - # gaming - # emulators - # nintendo - # TODO: replace this with self hosted flake - # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # TODO: replace this with self hosted flake - # citra-canary # 3DS emulator - (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - dolphin-emu # GameCube and Wii Emulator - desmume # DS Emulator - mupen64plus # N64 Emulator - zsnes # SNES Emulator - vbam # Game Boy Advanced Emulator - fceux # NES Emulator - # play station - rpcs3 # PS3 Emulator - pcsx2 # PS2 Emulator - pcsxr # PS1 Emulator - # TODO: more play station emulators here when they come out - #misc - stella # Atari 2600 Emulator - mame # mame Emulator + # # gaming + # # emulators + # # nintendo + # # TODO: replace this with self hosted flake + # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # # TODO: replace this with self hosted flake + # # citra-canary # 3DS emulator + # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator + # dolphin-emu # GameCube and Wii Emulator + # desmume # DS Emulator + # mupen64plus # N64 Emulator + # zsnes # SNES Emulator + # vbam # Game Boy Advanced Emulator + # fceux # NES Emulator + # # play station + # rpcs3 # PS3 Emulator + # pcsx2 # PS2 Emulator + # pcsxr # PS1 Emulator + # # TODO: more play station emulators here when they come out + # #misc + # stella # Atari 2600 Emulator + # mame # mame Emulator ] ); } \ No newline at end of file From b526c1850cc190fd3927d23ad6f075762c87f84f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:34 -0500 Subject: [PATCH 0038/1043] removed emulators --- users/leyla/packages.nix | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0f87f9a..8ef0beb 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -73,28 +73,28 @@ in (lib.mkIf cfg.hasOpenRGBHardware openrgb) (lib.mkIf cfg.hasViaKeyboard via) - # gaming - # emulators - # nintendo - # TODO: replace this with self hosted flake - # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # TODO: replace this with self hosted flake - # citra-canary # 3DS emulator - (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - dolphin-emu # GameCube and Wii Emulator - desmume # DS Emulator - mupen64plus # N64 Emulator - zsnes # SNES Emulator - vbam # Game Boy Advanced Emulator - fceux # NES Emulator - # play station - rpcs3 # PS3 Emulator - pcsx2 # PS2 Emulator - pcsxr # PS1 Emulator - # TODO: more play station emulators here when they come out - #misc - stella # Atari 2600 Emulator - mame # mame Emulator + # # gaming + # # emulators + # # nintendo + # # TODO: replace this with self hosted flake + # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # # TODO: replace this with self hosted flake + # # citra-canary # 3DS emulator + # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator + # dolphin-emu # GameCube and Wii Emulator + # desmume # DS Emulator + # mupen64plus # N64 Emulator + # zsnes # SNES Emulator + # vbam # Game Boy Advanced Emulator + # fceux # NES Emulator + # # play station + # rpcs3 # PS3 Emulator + # pcsx2 # PS2 Emulator + # pcsxr # PS1 Emulator + # # TODO: more play station emulators here when they come out + # #misc + # stella # Atari 2600 Emulator + # mame # mame Emulator ] ); } \ No newline at end of file From 09cc8450517efd3bbcda035cc367ed9521028fb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:23:15 -0500 Subject: [PATCH 0039/1043] added command line tools to leyla --- users/leyla/packages.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 8ef0beb..68e0547 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -50,6 +50,11 @@ in # rpi-imager # fritzing + # comand line tools + yt-dlp + ffmpeg + imagemagick + # proprietary platforms discord obsidian From c866449822003e086c92bf2ee6756344749393c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:23:15 -0500 Subject: [PATCH 0040/1043] added command line tools to leyla --- users/leyla/packages.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 8ef0beb..68e0547 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -50,6 +50,11 @@ in # rpi-imager # fritzing + # comand line tools + yt-dlp + ffmpeg + imagemagick + # proprietary platforms discord obsidian From f02f5046aab2a73f2b4c6cfc28a0f7ebd744f6ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 16:07:18 -0500 Subject: [PATCH 0041/1043] added back in easytag --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 68e0547..b2dffbf 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -43,7 +43,7 @@ in makemkv transmission-gtk onionshare - # easytag + easytag # rhythmbox (lib.mkIf cfg.hasGPU obs-studio) # wireshark From cae7b865833d0683a1eeef0b540912756f089465 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 16:07:18 -0500 Subject: [PATCH 0042/1043] added back in easytag --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 68e0547..b2dffbf 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -43,7 +43,7 @@ in makemkv transmission-gtk onionshare - # easytag + easytag # rhythmbox (lib.mkIf cfg.hasGPU obs-studio) # wireshark From e28365b30ee617dc619a9c10f6a5e4e6743f730c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 21:19:44 -0500 Subject: [PATCH 0043/1043] added twilight system --- flake.nix | 7 +++++++ hosts/twilight/configuration.nix | 4 ++-- hosts/twilight/hardware-configuration.nix | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 hosts/twilight/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b97f0a0..43893ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,13 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; }; }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6930d8f..06a0a3a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,5 @@ # leyla desktop -{}: +{ config, pkgs, inputs, modulesPath, ... }: { -} \ No newline at end of file +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 0000000..2ddff10 --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,4 @@ + +{ + +} \ No newline at end of file From 01fb021284f302c5c1a987db52922377b31ecaa3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 21:19:44 -0500 Subject: [PATCH 0044/1043] added twilight system --- flake.nix | 7 +++++++ hosts/twilight/configuration.nix | 4 ++-- hosts/twilight/hardware-configuration.nix | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 hosts/twilight/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b97f0a0..43893ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,13 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; }; }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6930d8f..06a0a3a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,5 @@ # leyla desktop -{}: +{ config, pkgs, inputs, modulesPath, ... }: { -} \ No newline at end of file +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 0000000..2ddff10 --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,4 @@ + +{ + +} \ No newline at end of file From cd6812e97436922b0994f587247f5439f41c58c2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 Aug 2024 19:14:29 -0500 Subject: [PATCH 0045/1043] updated packages --- enviroments/client/default.nix | 1 - flake.lock | 38 +++++++++++++++++----------------- users/leyla/packages.nix | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..041ed49 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -30,7 +30,6 @@ }; # Enable sound with pipewire. - sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { diff --git a/flake.lock b/flake.lock index 59947ee..f2b124e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717525419, - "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", + "lastModified": 1722462338, + "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", + "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -54,27 +54,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717265169, - "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717455931, - "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index b2dffbf..2266dd1 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,10 +38,10 @@ in gimp krita freecad - cura + # cura kicad-small makemkv - transmission-gtk + transmission_4-gtk onionshare easytag # rhythmbox From b2ed3dfa335502b38f44501965dbaeeed3f44766 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 Aug 2024 19:14:29 -0500 Subject: [PATCH 0046/1043] updated packages --- enviroments/client/default.nix | 1 - flake.lock | 38 +++++++++++++++++----------------- users/leyla/packages.nix | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..041ed49 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -30,7 +30,6 @@ }; # Enable sound with pipewire. - sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { diff --git a/flake.lock b/flake.lock index 59947ee..f2b124e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717525419, - "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", + "lastModified": 1722462338, + "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", + "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -54,27 +54,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717265169, - "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717455931, - "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index b2dffbf..2266dd1 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,10 +38,10 @@ in gimp krita freecad - cura + # cura kicad-small makemkv - transmission-gtk + transmission_4-gtk onionshare easytag # rhythmbox From b72941c75f8d168605d8b655b59b375ac933bb82 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:14:45 -0500 Subject: [PATCH 0047/1043] created hardware configuration for twilight --- hosts/twilight/hardware-configuration.nix | 40 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ddff10..9bd1e70 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,4 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - -} \ No newline at end of file + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + From 4e906c894da4cdc02994525ea97bf85185881b56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:14:45 -0500 Subject: [PATCH 0048/1043] created hardware configuration for twilight --- hosts/twilight/hardware-configuration.nix | 40 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ddff10..9bd1e70 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,4 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - -} \ No newline at end of file + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + From 5962641f03538532176b71eebda91678a5bb2cb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:15:20 -0500 Subject: [PATCH 0049/1043] updated twilight configuration --- enviroments/client/default.nix | 2 +- flake.nix | 2 + hosts/twilight/configuration.nix | 89 ++++++++++++++++++++++- hosts/twilight/hardware-configuration.nix | 21 ++++++ 4 files changed, 111 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..08c3171 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -16,7 +16,7 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xterm.enable = false; # Get rid of xTerm services.xserver.excludePackages = [ pkgs.xterm ]; diff --git a/flake.nix b/flake.nix index 43893ba..3902062 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); nixosConfigurations = { + # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ @@ -31,6 +32,7 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 06a0a3a..c2145e9 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,90 @@ -# leyla desktop -{ config, pkgs, inputs, modulesPath, ... }: +# leyla laptop +{ config, pkgs, inputs, ... }: { + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "twilight"; # Define your hostname. + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 9bd1e70..ef71502 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -23,6 +23,27 @@ fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; swapDevices = [ ]; From a0da53da75a987a3592b0869adf8099694b9f875 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:15:20 -0500 Subject: [PATCH 0050/1043] updated twilight configuration --- enviroments/client/default.nix | 2 +- flake.nix | 2 + hosts/twilight/configuration.nix | 89 ++++++++++++++++++++++- hosts/twilight/hardware-configuration.nix | 21 ++++++ 4 files changed, 111 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..08c3171 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -16,7 +16,7 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xterm.enable = false; # Get rid of xTerm services.xserver.excludePackages = [ pkgs.xterm ]; diff --git a/flake.nix b/flake.nix index 43893ba..3902062 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); nixosConfigurations = { + # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ @@ -31,6 +32,7 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 06a0a3a..c2145e9 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,90 @@ -# leyla desktop -{ config, pkgs, inputs, modulesPath, ... }: +# leyla laptop +{ config, pkgs, inputs, ... }: { + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "twilight"; # Define your hostname. + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 9bd1e70..ef71502 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -23,6 +23,27 @@ fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; swapDevices = [ ]; From 96ef08b010f62a0e470763eba5024cbbce29ba49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:20 -0500 Subject: [PATCH 0051/1043] created rebuild.sh for rebuilding current active system quickly --- rebuild.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 rebuild.sh diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 0000000..7f2a072 --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file From f7963b8010d063c2efddb96b6a93edaf33cbc6d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:20 -0500 Subject: [PATCH 0052/1043] created rebuild.sh for rebuilding current active system quickly --- rebuild.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 rebuild.sh diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 0000000..7f2a072 --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file From 4cd603416d71b40a1cf7028809047c95a2889464 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:46 -0500 Subject: [PATCH 0053/1043] added docker to leyla and horizon --- hosts/horizon/configuration.nix | 9 ++++++++- users/leyla/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ecb5b47..26768f8 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -29,7 +29,14 @@ networking.hostName = "horizon"; # Define your hostname. # enabled virtualisation for docker - # virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2f798be..41daeb2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { From 8d48ce99a1dda2e827c33af32693d584cc79cc15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:46 -0500 Subject: [PATCH 0054/1043] added docker to leyla and horizon --- hosts/horizon/configuration.nix | 9 ++++++++- users/leyla/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ecb5b47..26768f8 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -29,7 +29,14 @@ networking.hostName = "horizon"; # Define your hostname. # enabled virtualisation for docker - # virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2f798be..41daeb2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { From 07bdf080215d763cc1055dcc4d4a76631a094b2a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:54 -0500 Subject: [PATCH 0055/1043] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f2b124e..0869d11 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1722462338, - "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724495652, + "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { From 3cf43bbe9dc55068552cb84c73a2b41670d2795b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:54 -0500 Subject: [PATCH 0056/1043] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f2b124e..0869d11 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1722462338, - "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724495652, + "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { From aabad6f30eb20db2cfafba4e3b48dadf830a8412 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:58:05 -0500 Subject: [PATCH 0057/1043] enabled hardware graphics on horizon --- hosts/horizon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 26768f8..79fa555 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -37,6 +37,7 @@ }; }; + hardware.graphics.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From c181da1de5fba56c0d2de0ace2ba36c97afd6a70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:58:05 -0500 Subject: [PATCH 0058/1043] enabled hardware graphics on horizon --- hosts/horizon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 26768f8..79fa555 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -37,6 +37,7 @@ }; }; + hardware.graphics.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From eca25529d7ef2c9feec4d8ec7d3aabaf190052b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 Aug 2024 11:53:34 -0500 Subject: [PATCH 0059/1043] set up defiant --- README.md | 2 +- enviroments/client/default.nix | 21 --------------------- enviroments/common/default.nix | 21 +++++++++++++++++++++ enviroments/server/default.nix | 7 +++++++ flake.nix | 11 +++++++++-- hosts/defiant/configuration.nix | 12 ++++++++++++ hosts/defiant/hardware-configuration.nix | 11 +++++++++++ 7 files changed, 61 insertions(+), 24 deletions(-) create mode 100644 enviroments/server/default.nix create mode 100644 hosts/defiant/configuration.nix create mode 100644 hosts/defiant/hardware-configuration.nix diff --git a/README.md b/README.md index cedb557..1cfbddf 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Build Command: | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | Steam Desk | Leyla | Handheld | +| `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 060e51f..fba0edd 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -45,31 +45,10 @@ #media-session.enable = true; }; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - environment.systemPackages = with pkgs; [ - # version control - git - # helvetica font aileron - # system debuging tools - iputils - dnsutils - cachefilesd ]; } \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3115625..6aeeb97 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,8 +9,29 @@ # Set your time zone. time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget + + # version control + git + + # system debuging tools + iputils + dnsutils ]; } \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 0000000..861f142 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 3902062..5d86bae 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default @@ -34,12 +34,19 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/twilight/configuration.nix inputs.home-manager.nixosModules.default ]; }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inpits; } + modules = [ + ./hosts/defiant/configuration.nix + ] + }; }; }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 0000000..c148f94 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,12 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; +} \ No newline at end of file diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 0000000..f7efd4b --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,11 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + +} \ No newline at end of file From 90b53df81c20befe84adce29acf040dc4c5841d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 Aug 2024 11:53:34 -0500 Subject: [PATCH 0060/1043] set up defiant --- README.md | 2 +- enviroments/client/default.nix | 21 --------------------- enviroments/common/default.nix | 21 +++++++++++++++++++++ enviroments/server/default.nix | 7 +++++++ flake.nix | 11 +++++++++-- hosts/defiant/configuration.nix | 12 ++++++++++++ hosts/defiant/hardware-configuration.nix | 11 +++++++++++ 7 files changed, 61 insertions(+), 24 deletions(-) create mode 100644 enviroments/server/default.nix create mode 100644 hosts/defiant/configuration.nix create mode 100644 hosts/defiant/hardware-configuration.nix diff --git a/README.md b/README.md index cedb557..1cfbddf 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Build Command: | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | Steam Desk | Leyla | Handheld | +| `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 060e51f..fba0edd 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -45,31 +45,10 @@ #media-session.enable = true; }; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - environment.systemPackages = with pkgs; [ - # version control - git - # helvetica font aileron - # system debuging tools - iputils - dnsutils - cachefilesd ]; } \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3115625..6aeeb97 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,8 +9,29 @@ # Set your time zone. time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget + + # version control + git + + # system debuging tools + iputils + dnsutils ]; } \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 0000000..861f142 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 3902062..5d86bae 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default @@ -34,12 +34,19 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/twilight/configuration.nix inputs.home-manager.nixosModules.default ]; }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inpits; } + modules = [ + ./hosts/defiant/configuration.nix + ] + }; }; }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 0000000..c148f94 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,12 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; +} \ No newline at end of file diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 0000000..f7efd4b --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,11 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + +} \ No newline at end of file From feb7844c7dfe9a4389c94a74b527ebd85ddefe55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:06:36 -0500 Subject: [PATCH 0061/1043] fixed defiant configuration --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5d86bae..33b4f83 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,10 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inpits; } + specialArgs = { inherit inputs; }; modules = [ ./hosts/defiant/configuration.nix - ] + ]; }; }; }; From 8b6ed7f0a05f09288c76d238fb349c11f2d4c54b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:06:36 -0500 Subject: [PATCH 0062/1043] fixed defiant configuration --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5d86bae..33b4f83 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,10 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inpits; } + specialArgs = { inherit inputs; }; modules = [ ./hosts/defiant/configuration.nix - ] + ]; }; }; }; From 38ee264e080ffe5c3d7b03a7f66e1f234f776db2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:07:04 -0500 Subject: [PATCH 0063/1043] added gnome super t hotkey to declarative configs --- users/leyla/home.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 3b26ed4..c2fe4ea 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -80,4 +80,46 @@ extraConfig.init.defaultBranch = "main"; }; }; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + + # dconf.settings = { + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + # }; + + # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + # binding = "t"; + # command = "kgx"; + # name = "Open Terminal"; + # }; + + + # services.xserver.desktopManager.gnome3 = { + # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + # extraGSettingsOverrides = '' + # [org.gnome.settings-daemon.plugins.media-keys] + # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] + + + # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] + # binding='t' + # command='kgx' + # name='Open terminal' + # ''; + # } } From 846533f001a0407bd472495e33b6066bb25f120c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:07:04 -0500 Subject: [PATCH 0064/1043] added gnome super t hotkey to declarative configs --- users/leyla/home.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 3b26ed4..c2fe4ea 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -80,4 +80,46 @@ extraConfig.init.defaultBranch = "main"; }; }; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + + # dconf.settings = { + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + # }; + + # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + # binding = "t"; + # command = "kgx"; + # name = "Open Terminal"; + # }; + + + # services.xserver.desktopManager.gnome3 = { + # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + # extraGSettingsOverrides = '' + # [org.gnome.settings-daemon.plugins.media-keys] + # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] + + + # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] + # binding='t' + # command='kgx' + # name='Open terminal' + # ''; + # } } From cdd3967f7271f9207943b304f3f83a560d224b33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:41:15 -0500 Subject: [PATCH 0065/1043] added dash to dock for leyls --- enviroments/client/default.nix | 2 ++ users/leyla/home.nix | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fba0edd..a08942e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -50,5 +50,7 @@ aileron cachefilesd + + gnomeExtensions.dash-to-dock ]; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c2fe4ea..dd9b57e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -81,16 +81,43 @@ }; }; - dconf.settings = { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; From 394c5b815a804edf98fcf0991c62dd427f2a8ec0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:41:15 -0500 Subject: [PATCH 0066/1043] added dash to dock for leyls --- enviroments/client/default.nix | 2 ++ users/leyla/home.nix | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fba0edd..a08942e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -50,5 +50,7 @@ aileron cachefilesd + + gnomeExtensions.dash-to-dock ]; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c2fe4ea..dd9b57e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -81,16 +81,43 @@ }; }; - dconf.settings = { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; From 72b62bed3706dd15efd683595134d36fc72e354a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:30:16 -0500 Subject: [PATCH 0067/1043] added hardware config for defiant --- hosts/defiant/hardware-configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index f7efd4b..088af3f 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -7,5 +7,27 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } \ No newline at end of file From 0389206ec1afeeaac9de6b2057a2a3691a52d1c7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:30:16 -0500 Subject: [PATCH 0068/1043] added hardware config for defiant --- hosts/defiant/hardware-configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index f7efd4b..088af3f 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -7,5 +7,27 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } \ No newline at end of file From 1217959d6d76cc862d879d5845e63c585898d84c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:51:30 -0500 Subject: [PATCH 0069/1043] added password for remote user --- README.md | 21 ++++++++++++++++++--- users/remote/default.nix | 3 +++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1cfbddf..31eec77 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ +# Hosts -Build Command: -`sudo nixos-rebuild switch --flake .#hostname` - +## Host Map | Hostname | Device Description | Primary User | Role | | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | @@ -9,3 +8,19 @@ Build Command: | `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | + + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target +`./rebuild.sh` + +# New machine setup +keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt + +updating passwords: `sops secrets/secrets.yaml` + +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU + +> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ diff --git a/users/remote/default.nix b/users/remote/default.nix index 491bc51..6792b74 100644 --- a/users/remote/default.nix +++ b/users/remote/default.nix @@ -19,6 +19,9 @@ in ( if cfg.isNormalUser then { # extraGroups = [ "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/remote".path; + isNormalUser = true; openssh.authorizedKeys.keys = []; } else { From 6393af9620be93178b2df3c4aca2b8fa74f8d2a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:51:30 -0500 Subject: [PATCH 0070/1043] added password for remote user --- README.md | 21 ++++++++++++++++++--- secrets/secrets.yaml | 7 ++++--- users/remote/default.nix | 3 +++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1cfbddf..31eec77 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ +# Hosts -Build Command: -`sudo nixos-rebuild switch --flake .#hostname` - +## Host Map | Hostname | Device Description | Primary User | Role | | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | @@ -9,3 +8,19 @@ Build Command: | `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | + + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target +`./rebuild.sh` + +# New machine setup +keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt + +updating passwords: `sops secrets/secrets.yaml` + +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU + +> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index fb57b2b..dc3185e 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,6 +2,7 @@ passwords: leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] + remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-03T01:27:28Z" - mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str] + lastmodified: "2024-09-03T01:50:34Z" + mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/users/remote/default.nix b/users/remote/default.nix index 491bc51..6792b74 100644 --- a/users/remote/default.nix +++ b/users/remote/default.nix @@ -19,6 +19,9 @@ in ( if cfg.isNormalUser then { # extraGroups = [ "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/remote".path; + isNormalUser = true; openssh.authorizedKeys.keys = []; } else { From 91fe8cc1b4f1d8b067e01c38ddf09f70158a7e06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:10:22 -0500 Subject: [PATCH 0071/1043] updated defiant config so it builds --- enviroments/client/default.nix | 3 --- enviroments/common/default.nix | 3 +++ hosts/defiant/configuration.nix | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index a08942e..ccc5a55 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,9 +7,6 @@ # Enable CUPS to print documents. services.printing.enable = true; - # Enable networking - networking.networkmanager.enable = true; - # Enable the X11 windowing system. services.xserver.enable = true; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 6aeeb97..59dda19 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -6,6 +6,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "America/Chicago"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c148f94..dbf4347 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -3,10 +3,48 @@ { imports = [ + inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../enviroments/server ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = false; + users.eve.isNormalUser = false; + + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + networking.hostName = "defiant"; # Define your hostname. + + nixpkgs.config.allowUnfree = true; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } \ No newline at end of file From f8e40790e42e1f6162c19705ab36e0d588030d54 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:10:22 -0500 Subject: [PATCH 0072/1043] updated defiant config so it builds --- enviroments/client/default.nix | 3 --- enviroments/common/default.nix | 3 +++ hosts/defiant/configuration.nix | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index a08942e..ccc5a55 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,9 +7,6 @@ # Enable CUPS to print documents. services.printing.enable = true; - # Enable networking - networking.networkmanager.enable = true; - # Enable the X11 windowing system. services.xserver.enable = true; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 6aeeb97..59dda19 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -6,6 +6,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "America/Chicago"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c148f94..dbf4347 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -3,10 +3,48 @@ { imports = [ + inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../enviroments/server ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = false; + users.eve.isNormalUser = false; + + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + networking.hostName = "defiant"; # Define your hostname. + + nixpkgs.config.allowUnfree = true; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } \ No newline at end of file From dfb59a6444cfd9c0c32e739b87f6b43fe51a8bbc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:20:30 -0500 Subject: [PATCH 0073/1043] removed remote user --- users/default.nix | 2 +- users/remote/default.nix | 33 --------------------------------- 2 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 users/remote/default.nix diff --git a/users/default.nix b/users/default.nix index 97133d9..57effe3 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - imports = [ ./leyla ./ester ./eve ./remote ]; + imports = [ ./leyla ./ester ./eve ]; users.mutableUsers = false; diff --git a/users/remote/default.nix b/users/remote/default.nix deleted file mode 100644 index 6792b74..0000000 --- a/users/remote/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.users.remote; -in -{ - options.users.remote = { - isNormalUser = lib.mkEnableOption "remote"; - }; - - config.users = { - groups.remote = {}; - - users.remote = lib.mkMerge [ - { - uid = 2000; - group = "remote"; - } - - ( - if cfg.isNormalUser then { - # extraGroups = [ "wheel" ]; - - hashedPasswordFile = config.sops.secrets."passwords/remote".path; - - isNormalUser = true; - openssh.authorizedKeys.keys = []; - } else { - isSystemUser = true; - } - ) - ]; - }; -} \ No newline at end of file From 6dd46478a30d9a006c85d297367e124c9f62917d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:20:30 -0500 Subject: [PATCH 0074/1043] removed remote user --- secrets/secrets.yaml | 5 ++--- users/default.nix | 2 +- users/remote/default.nix | 33 --------------------------------- 3 files changed, 3 insertions(+), 37 deletions(-) delete mode 100644 users/remote/default.nix diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index dc3185e..1c7579e 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,7 +2,6 @@ passwords: leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] - remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +17,8 @@ sops: VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-03T01:50:34Z" - mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str] + lastmodified: "2024-09-03T02:19:43Z" + mac: ENC[AES256_GCM,data:Wc8nCiXVj6/+FANq82T+KsObOgwKUJTfkEnrK5MRU5gbLF3Skn0BY/alskV4aI9Kgi1cwh5ZBhHNzvyeIujuRB55QYyoocY0Pq7vLH5dgnA58DKEzrb09SAayiiH9hzRSTkdhtxj8FgCAdA6dWVkHEAO351ee67QNkG0nSwDdK0=,iv:vwUO50SKvzAPwACV1xhh7r+Am/OdlkNEN1pMimEVfC8=,tag:yF2CK41sLHLQqIISlQGAGg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/users/default.nix b/users/default.nix index 97133d9..57effe3 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - imports = [ ./leyla ./ester ./eve ./remote ]; + imports = [ ./leyla ./ester ./eve ]; users.mutableUsers = false; diff --git a/users/remote/default.nix b/users/remote/default.nix deleted file mode 100644 index 6792b74..0000000 --- a/users/remote/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.users.remote; -in -{ - options.users.remote = { - isNormalUser = lib.mkEnableOption "remote"; - }; - - config.users = { - groups.remote = {}; - - users.remote = lib.mkMerge [ - { - uid = 2000; - group = "remote"; - } - - ( - if cfg.isNormalUser then { - # extraGroups = [ "wheel" ]; - - hashedPasswordFile = config.sops.secrets."passwords/remote".path; - - isNormalUser = true; - openssh.authorizedKeys.keys = []; - } else { - isSystemUser = true; - } - ) - ]; - }; -} \ No newline at end of file From feb30a45bfd626cc495690bf8eec354d5bb43b5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:23:04 -0500 Subject: [PATCH 0075/1043] added ssh to defiant --- hosts/defiant/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index dbf4347..b5276c8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -40,6 +40,19 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # temp enable password auth over ssh for setup + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 4ab2cad4d2db16ae6c719b52a2b7824851228d0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:23:04 -0500 Subject: [PATCH 0076/1043] added ssh to defiant --- hosts/defiant/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index dbf4347..b5276c8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -40,6 +40,19 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # temp enable password auth over ssh for setup + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 0545051a1b252579cdc1a55a2478d370b4b41a3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:16:33 -0500 Subject: [PATCH 0077/1043] added thin user option to leyla --- hosts/defiant/configuration.nix | 2 +- users/leyla/default.nix | 8 +- users/leyla/home.nix | 29 -------- users/leyla/packages.nix | 126 ++++++++++++++------------------ 4 files changed, 64 insertions(+), 101 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b5276c8..123d612 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,10 +17,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla.isNormalUser = true; + users.leyla.isThinInstallation = true; users.ester.isNormalUser = false; users.eve.isNormalUser = false; - boot.loader.grub = { enable = true; device = "/dev/sda"; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 41daeb2..78a9261 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,6 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; + isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -35,7 +36,12 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "docker"] + ( + lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + ) + ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index dd9b57e..1ae0057 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -120,33 +120,4 @@ }; }; }; - - # dconf.settings = { - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; - # }; - - # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - # binding = "t"; - # command = "kgx"; - # name = "Open Terminal"; - # }; - - - # services.xserver.desktopManager.gnome3 = { - # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; - # extraGSettingsOverrides = '' - # [org.gnome.settings-daemon.plugins.media-keys] - # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] - - - # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] - # binding='t' - # command='kgx' - # name='Open terminal' - # ''; - # } } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2266dd1..d6e39b4 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -27,79 +27,65 @@ in ]; users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinInstallation) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing - # comand line tools - yt-dlp - ffmpeg - imagemagick + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - vscodium - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno + # system tools + protonvpn-gui + nextcloud-client + noisetorch - # system tools - protonvpn-gui - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) - - # # gaming - # # emulators - # # nintendo - # # TODO: replace this with self hosted flake - # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # # TODO: replace this with self hosted flake - # # citra-canary # 3DS emulator - # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - # dolphin-emu # GameCube and Wii Emulator - # desmume # DS Emulator - # mupen64plus # N64 Emulator - # zsnes # SNES Emulator - # vbam # Game Boy Advanced Emulator - # fceux # NES Emulator - # # play station - # rpcs3 # PS3 Emulator - # pcsx2 # PS2 Emulator - # pcsxr # PS1 Emulator - # # TODO: more play station emulators here when they come out - # #misc - # stella # Atari 2600 Emulator - # mame # mame Emulator + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) ] ); } \ No newline at end of file From fef18e7902d42ed8f8820fd747a7d0373ce8eea4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:16:33 -0500 Subject: [PATCH 0078/1043] added thin user option to leyla --- hosts/defiant/configuration.nix | 2 +- users/leyla/default.nix | 8 +- users/leyla/home.nix | 29 -------- users/leyla/packages.nix | 126 ++++++++++++++------------------ 4 files changed, 64 insertions(+), 101 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b5276c8..123d612 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,10 +17,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla.isNormalUser = true; + users.leyla.isThinInstallation = true; users.ester.isNormalUser = false; users.eve.isNormalUser = false; - boot.loader.grub = { enable = true; device = "/dev/sda"; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 41daeb2..78a9261 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,6 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; + isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -35,7 +36,12 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "docker"] + ( + lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + ) + ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index dd9b57e..1ae0057 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -120,33 +120,4 @@ }; }; }; - - # dconf.settings = { - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; - # }; - - # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - # binding = "t"; - # command = "kgx"; - # name = "Open Terminal"; - # }; - - - # services.xserver.desktopManager.gnome3 = { - # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; - # extraGSettingsOverrides = '' - # [org.gnome.settings-daemon.plugins.media-keys] - # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] - - - # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] - # binding='t' - # command='kgx' - # name='Open terminal' - # ''; - # } } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2266dd1..d6e39b4 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -27,79 +27,65 @@ in ]; users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinInstallation) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing - # comand line tools - yt-dlp - ffmpeg - imagemagick + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - vscodium - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno + # system tools + protonvpn-gui + nextcloud-client + noisetorch - # system tools - protonvpn-gui - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) - - # # gaming - # # emulators - # # nintendo - # # TODO: replace this with self hosted flake - # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # # TODO: replace this with self hosted flake - # # citra-canary # 3DS emulator - # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - # dolphin-emu # GameCube and Wii Emulator - # desmume # DS Emulator - # mupen64plus # N64 Emulator - # zsnes # SNES Emulator - # vbam # Game Boy Advanced Emulator - # fceux # NES Emulator - # # play station - # rpcs3 # PS3 Emulator - # pcsx2 # PS2 Emulator - # pcsxr # PS1 Emulator - # # TODO: more play station emulators here when they come out - # #misc - # stella # Atari 2600 Emulator - # mame # mame Emulator + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) ] ); } \ No newline at end of file From e9645905f45d6e29c0583e437a8c1f9cb92296b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:26:27 -0500 Subject: [PATCH 0079/1043] cleaned up configs --- README.md | 4 +++- hosts/defiant/configuration.nix | 6 ++++-- hosts/twilight/configuration.nix | 8 +++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 31eec77..706b38f 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ keys for decrypting password secrets for each users located at ~/.config/sops/ag updating passwords: `sops secrets/secrets.yaml` +TODO: keys.txt should prob be readable by owning user only? + > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 123d612..735d31e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,8 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.leyla.isThinInstallation = true; + users.leyla = { + isNormalUser = true; + isThinInstallation = true; + }; users.ester.isNormalUser = false; users.eve.isNormalUser = false; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2145e9..eee38be 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -16,7 +16,13 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; + users.leyla = { + isNormalUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; users.ester.isNormalUser = true; users.eve.isNormalUser = true; From 62c0faf5ce0dccbe0e18a60d8b44f1871ea856c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:26:27 -0500 Subject: [PATCH 0080/1043] cleaned up configs --- README.md | 4 +++- hosts/defiant/configuration.nix | 6 ++++-- hosts/twilight/configuration.nix | 8 +++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 31eec77..706b38f 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ keys for decrypting password secrets for each users located at ~/.config/sops/ag updating passwords: `sops secrets/secrets.yaml` +TODO: keys.txt should prob be readable by owning user only? + > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 123d612..735d31e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,8 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.leyla.isThinInstallation = true; + users.leyla = { + isNormalUser = true; + isThinInstallation = true; + }; users.ester.isNormalUser = false; users.eve.isNormalUser = false; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2145e9..eee38be 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -16,7 +16,13 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; + users.leyla = { + isNormalUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; users.ester.isNormalUser = true; users.eve.isNormalUser = true; From b1053ad5e2f748962386d8ded34ed6afdd0f122c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:31:54 -0500 Subject: [PATCH 0081/1043] created list of tech debt built up --- debt.txt | 7 +++++++ hosts/defiant/configuration.nix | 2 -- hosts/twilight/configuration.nix | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 debt.txt diff --git a/debt.txt b/debt.txt new file mode 100644 index 0000000..32af171 --- /dev/null +++ b/debt.txt @@ -0,0 +1,7 @@ +1. Open GL? +2. allowUnfree should be dynamically enabled by the users whenever they need them +3. graphics driver things should prob be in the hardware-configuration.nix +4. what does `boot.kernelModules = [ "sg" ]` do? +5. sops.age.keyFile should not just be hard coded to leyla? +6. openssh configuration for server +7. isThinInstallation -> isThinUser diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 735d31e..99cbde4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,8 +20,6 @@ isNormalUser = true; isThinInstallation = true; }; - users.ester.isNormalUser = false; - users.eve.isNormalUser = false; boot.loader.grub = { enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index eee38be..88cd750 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -44,9 +44,7 @@ nixpkgs.config.allowUnfree = true; # Enable OpenGL - hardware.opengl = { - enable = true; - }; + hardware.graphics.enable = true; # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = ["nvidia"]; From ccd44ff2085e062c46d10ce557664508b9b68cdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:31:54 -0500 Subject: [PATCH 0082/1043] created list of tech debt built up --- debt.txt | 7 +++++++ hosts/defiant/configuration.nix | 2 -- hosts/twilight/configuration.nix | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 debt.txt diff --git a/debt.txt b/debt.txt new file mode 100644 index 0000000..32af171 --- /dev/null +++ b/debt.txt @@ -0,0 +1,7 @@ +1. Open GL? +2. allowUnfree should be dynamically enabled by the users whenever they need them +3. graphics driver things should prob be in the hardware-configuration.nix +4. what does `boot.kernelModules = [ "sg" ]` do? +5. sops.age.keyFile should not just be hard coded to leyla? +6. openssh configuration for server +7. isThinInstallation -> isThinUser diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 735d31e..99cbde4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,8 +20,6 @@ isNormalUser = true; isThinInstallation = true; }; - users.ester.isNormalUser = false; - users.eve.isNormalUser = false; boot.loader.grub = { enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index eee38be..88cd750 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -44,9 +44,7 @@ nixpkgs.config.allowUnfree = true; # Enable OpenGL - hardware.opengl = { - enable = true; - }; + hardware.graphics.enable = true; # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = ["nvidia"]; From 58db4a0dee96b2e231a912d2d0b643c2263e63b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:12 -0500 Subject: [PATCH 0083/1043] removed now unused allow insecure --- users/leyla/packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d6e39b4..f2350b7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,10 +22,6 @@ in programs.adb.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( lib.mkMerge [ ( From 613d087e9cfe3174a5e7e7ee80cea1619bcc1dac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:12 -0500 Subject: [PATCH 0084/1043] removed now unused allow insecure --- users/leyla/packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d6e39b4..f2350b7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,10 +22,6 @@ in programs.adb.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( lib.mkMerge [ ( From 6149b54fd1c6c5d9fd3c85ca7132a03d0efe3594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:19 -0500 Subject: [PATCH 0085/1043] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0869d11..ec704cf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724495652, - "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 876ee45e4daf410721b0a95b678868ca2dc82c6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:19 -0500 Subject: [PATCH 0086/1043] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0869d11..ec704cf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724495652, - "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 531c90b22acc550d17c4b4e91c96fd47c53b2e4d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:42:29 -0500 Subject: [PATCH 0087/1043] renamed debt file to tasks file --- debt.txt => tasks.txt | 5 +++++ 1 file changed, 5 insertions(+) rename debt.txt => tasks.txt (62%) diff --git a/debt.txt b/tasks.txt similarity index 62% rename from debt.txt rename to tasks.txt index 32af171..be1f0e4 100644 --- a/debt.txt +++ b/tasks.txt @@ -5,3 +5,8 @@ 5. sops.age.keyFile should not just be hard coded to leyla? 6. openssh configuration for server 7. isThinInstallation -> isThinUser +8. VS code extensions should be installed declaratively +9. firefox declarative??? +10. figure out steam vr things? +11. GNOME default monitors per hardware configuration? +12. Install all the things on the NAS \ No newline at end of file From f418705e493e3dd477b0f0f49c84c55784e3d04c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:42:29 -0500 Subject: [PATCH 0088/1043] renamed debt file to tasks file --- debt.txt => tasks.txt | 5 +++++ 1 file changed, 5 insertions(+) rename debt.txt => tasks.txt (62%) diff --git a/debt.txt b/tasks.txt similarity index 62% rename from debt.txt rename to tasks.txt index 32af171..be1f0e4 100644 --- a/debt.txt +++ b/tasks.txt @@ -5,3 +5,8 @@ 5. sops.age.keyFile should not just be hard coded to leyla? 6. openssh configuration for server 7. isThinInstallation -> isThinUser +8. VS code extensions should be installed declaratively +9. firefox declarative??? +10. figure out steam vr things? +11. GNOME default monitors per hardware configuration? +12. Install all the things on the NAS \ No newline at end of file From d16deca6357267c6d7e719f47e8ec5bed3b7ca81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:00 -0500 Subject: [PATCH 0089/1043] added flake templates to tasks --- tasks.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.txt b/tasks.txt index be1f0e4..07ce8ca 100644 --- a/tasks.txt +++ b/tasks.txt @@ -9,4 +9,5 @@ 9. firefox declarative??? 10. figure out steam vr things? 11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS \ No newline at end of file +12. Install all the things on the NAS +13. Flake templates \ No newline at end of file From cc2c9093c841155d5d384b06caf10fb46e165836 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:00 -0500 Subject: [PATCH 0090/1043] added flake templates to tasks --- tasks.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.txt b/tasks.txt index be1f0e4..07ce8ca 100644 --- a/tasks.txt +++ b/tasks.txt @@ -9,4 +9,5 @@ 9. firefox declarative??? 10. figure out steam vr things? 11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS \ No newline at end of file +12. Install all the things on the NAS +13. Flake templates \ No newline at end of file From 6391b0522d45175276e9b998448a6fa3ee2f00b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:44 -0500 Subject: [PATCH 0091/1043] removed un needed comments --- pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index b0fd62b..9a81f3b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ pkgs: { - # yuzu-clone = pkgs.callPackage ./yuzo { }; - # citra-clone = pkgs.callPackage ./citra { }; + } \ No newline at end of file From e028eeeca38e4c28e2dea1fcd818324a1f0e48e5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:44 -0500 Subject: [PATCH 0092/1043] removed un needed comments --- pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index b0fd62b..9a81f3b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ pkgs: { - # yuzu-clone = pkgs.callPackage ./yuzo { }; - # citra-clone = pkgs.callPackage ./citra { }; + } \ No newline at end of file From 0e58bc282b04a1e8c78dda11ccaa95ca4483a995 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:15:01 -0500 Subject: [PATCH 0093/1043] moved tasks into README --- README.md | 20 +++++++++++++++++++- tasks.txt | 13 ------------- 2 files changed, 19 insertions(+), 14 deletions(-) delete mode 100644 tasks.txt diff --git a/README.md b/README.md index 706b38f..7cd1f81 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,22 @@ TODO: keys.txt should prob be readable by owning user only? > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` + +# Tasks: + +## Tech Debt +- allowUnfree should be dynamically enabled by the users whenever they need them +- GNOME default monitors per hardware configuration? +- graphics driver things should prob be in the hardware-configuration.nix +- what does `boot.kernelModules = [ "sg" ]` do? +- sops.age.keyFile should not just be hard coded to leyla? +- isThinInstallation -> isThinUser +## New Features +- openssh configuration for server +- VS code extensions should be installed declaratively +- Flake templates +- Install all the things on the NAS +- firefox declarative??? +- figure out steam vr things? +- Open GL? \ No newline at end of file diff --git a/tasks.txt b/tasks.txt deleted file mode 100644 index 07ce8ca..0000000 --- a/tasks.txt +++ /dev/null @@ -1,13 +0,0 @@ -1. Open GL? -2. allowUnfree should be dynamically enabled by the users whenever they need them -3. graphics driver things should prob be in the hardware-configuration.nix -4. what does `boot.kernelModules = [ "sg" ]` do? -5. sops.age.keyFile should not just be hard coded to leyla? -6. openssh configuration for server -7. isThinInstallation -> isThinUser -8. VS code extensions should be installed declaratively -9. firefox declarative??? -10. figure out steam vr things? -11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS -13. Flake templates \ No newline at end of file From 8232ae338c6004aa493972d9721e588dee615eb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:15:01 -0500 Subject: [PATCH 0094/1043] moved tasks into README --- README.md | 20 +++++++++++++++++++- tasks.txt | 13 ------------- 2 files changed, 19 insertions(+), 14 deletions(-) delete mode 100644 tasks.txt diff --git a/README.md b/README.md index 706b38f..7cd1f81 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,22 @@ TODO: keys.txt should prob be readable by owning user only? > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` + +# Tasks: + +## Tech Debt +- allowUnfree should be dynamically enabled by the users whenever they need them +- GNOME default monitors per hardware configuration? +- graphics driver things should prob be in the hardware-configuration.nix +- what does `boot.kernelModules = [ "sg" ]` do? +- sops.age.keyFile should not just be hard coded to leyla? +- isThinInstallation -> isThinUser +## New Features +- openssh configuration for server +- VS code extensions should be installed declaratively +- Flake templates +- Install all the things on the NAS +- firefox declarative??? +- figure out steam vr things? +- Open GL? \ No newline at end of file diff --git a/tasks.txt b/tasks.txt deleted file mode 100644 index 07ce8ca..0000000 --- a/tasks.txt +++ /dev/null @@ -1,13 +0,0 @@ -1. Open GL? -2. allowUnfree should be dynamically enabled by the users whenever they need them -3. graphics driver things should prob be in the hardware-configuration.nix -4. what does `boot.kernelModules = [ "sg" ]` do? -5. sops.age.keyFile should not just be hard coded to leyla? -6. openssh configuration for server -7. isThinInstallation -> isThinUser -8. VS code extensions should be installed declaratively -9. firefox declarative??? -10. figure out steam vr things? -11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS -13. Flake templates \ No newline at end of file From 30fb7851acbc3e660ac18e20a33a683acce7661c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:10 -0500 Subject: [PATCH 0095/1043] replaced isThinInstallation with isThinUser added util folder --- README.md | 7 ++++--- hosts/defiant/configuration.nix | 5 +---- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 4 ++-- util/default.nix | 8 ++++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 util/default.nix diff --git a/README.md b/README.md index 7cd1f81..4dc35cf 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,13 @@ TODO: keys.txt should prob be readable by owning user only? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? - sops.age.keyFile should not just be hard coded to leyla? -- isThinInstallation -> isThinUser +- use dashes for options not camel case ## New Features - openssh configuration for server - VS code extensions should be installed declaratively -- Flake templates +- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? -- Open GL? \ No newline at end of file +- Open GL? +- util functions \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 99cbde4..05b2f73 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,10 +16,7 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { - isNormalUser = true; - isThinInstallation = true; - }; + users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 78a9261..7d679cc 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; - isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -34,12 +34,12 @@ in } ( - if cfg.isNormalUser then { + if (cfg.isNormalUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] ( - lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) ]; @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index f2350b7..7c27a09 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,7 +22,7 @@ in programs.adb.enable = true; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ @@ -33,7 +33,7 @@ in ] ) ( - lib.mkIf (!cfg.isThinInstallation) ( + lib.mkIf (!cfg.isThinUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/util/default.nix b/util/default.nix new file mode 100644 index 0000000..795ad04 --- /dev/null +++ b/util/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +{ + mkUnless = condition: then: (mkIf (!condition) then); + mkIfElse = condition: then: else: lib.mkMerge [ + (mkIf condition then) + (mkUnless condition else) + ]; +} \ No newline at end of file From b9431f5814290764317e79022221f4669b8b6df8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:10 -0500 Subject: [PATCH 0096/1043] replaced isThinInstallation with isThinUser added util folder --- README.md | 7 ++++--- hosts/defiant/configuration.nix | 5 +---- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 4 ++-- util/default.nix | 8 ++++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 util/default.nix diff --git a/README.md b/README.md index 7cd1f81..4dc35cf 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,13 @@ TODO: keys.txt should prob be readable by owning user only? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? - sops.age.keyFile should not just be hard coded to leyla? -- isThinInstallation -> isThinUser +- use dashes for options not camel case ## New Features - openssh configuration for server - VS code extensions should be installed declaratively -- Flake templates +- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? -- Open GL? \ No newline at end of file +- Open GL? +- util functions \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 99cbde4..05b2f73 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,10 +16,7 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { - isNormalUser = true; - isThinInstallation = true; - }; + users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 78a9261..7d679cc 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; - isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -34,12 +34,12 @@ in } ( - if cfg.isNormalUser then { + if (cfg.isNormalUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] ( - lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) ]; @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index f2350b7..7c27a09 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,7 +22,7 @@ in programs.adb.enable = true; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ @@ -33,7 +33,7 @@ in ] ) ( - lib.mkIf (!cfg.isThinInstallation) ( + lib.mkIf (!cfg.isThinUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/util/default.nix b/util/default.nix new file mode 100644 index 0000000..795ad04 --- /dev/null +++ b/util/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +{ + mkUnless = condition: then: (mkIf (!condition) then); + mkIfElse = condition: then: else: lib.mkMerge [ + (mkIf condition then) + (mkUnless condition else) + ]; +} \ No newline at end of file From d9bb30a19d454fa099495249aa7bcff7790e945f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:29 -0500 Subject: [PATCH 0097/1043] created template folder --- templates/default.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..e69de29 From a459ce6eb3fe157b0ca21cf1afd04b0062c23e08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:29 -0500 Subject: [PATCH 0098/1043] created template folder --- templates/default.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..e69de29 From 9b520878c49d059ae2ad2957ecb139d420e9970b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 14:24:11 -0500 Subject: [PATCH 0099/1043] restricted more of leylas configs behind full user --- hosts/horizon/configuration.nix | 6 +++--- hosts/twilight/configuration.nix | 6 +++--- users/ester/default.nix | 6 +++--- users/eve/default.nix | 6 +++--- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 14 +++++++------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 79fa555..d28ca5b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -16,9 +16,9 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.leyla.isFullUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 88cd750..34e6922 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -17,14 +17,14 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla = { - isNormalUser = true; + isFullUser = true; hasPiperMouse = true; hasOpenRGBHardware = true; hasViaKeyboard = true; hasGPU = true; }; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 0f7f3be..4850e0f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -4,11 +4,11 @@ let in { options.users.ester = { - isNormalUser = lib.mkEnableOption "ester"; + isFullUser = lib.mkEnableOption "ester"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/eve/default.nix b/users/eve/default.nix index d5b6f29..bf2b51b 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -4,11 +4,11 @@ let in { options.users.eve = { - isNormalUser = lib.mkEnableOption "eve"; + isFullUser = lib.mkEnableOption "eve"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7d679cc..a887dfb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,7 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "create usable leyla user"; + isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -34,7 +34,7 @@ in } ( - if (cfg.isNormalUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 7c27a09..a1332cc 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,21 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = { + programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ code = "codium"; - }; + }); - programs.steam = { + programs.steam = lib.mkIf cfg.isFullUser ({ enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; + }); - programs.noisetorch.enable = true; + programs.noisetorch.enable = cfg.isFullUser; - programs.adb.enable = true; + programs.adb.enable = cfg.isFullUser; - users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ From b0de438060076df937b7ae57790c2a422dbb6b09 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 14:24:11 -0500 Subject: [PATCH 0100/1043] restricted more of leylas configs behind full user --- hosts/horizon/configuration.nix | 6 +++--- hosts/twilight/configuration.nix | 6 +++--- users/ester/default.nix | 6 +++--- users/eve/default.nix | 6 +++--- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 14 +++++++------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 79fa555..d28ca5b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -16,9 +16,9 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.leyla.isFullUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 88cd750..34e6922 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -17,14 +17,14 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla = { - isNormalUser = true; + isFullUser = true; hasPiperMouse = true; hasOpenRGBHardware = true; hasViaKeyboard = true; hasGPU = true; }; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 0f7f3be..4850e0f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -4,11 +4,11 @@ let in { options.users.ester = { - isNormalUser = lib.mkEnableOption "ester"; + isFullUser = lib.mkEnableOption "ester"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/eve/default.nix b/users/eve/default.nix index d5b6f29..bf2b51b 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -4,11 +4,11 @@ let in { options.users.eve = { - isNormalUser = lib.mkEnableOption "eve"; + isFullUser = lib.mkEnableOption "eve"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7d679cc..a887dfb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,7 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "create usable leyla user"; + isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -34,7 +34,7 @@ in } ( - if (cfg.isNormalUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 7c27a09..a1332cc 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,21 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = { + programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ code = "codium"; - }; + }); - programs.steam = { + programs.steam = lib.mkIf cfg.isFullUser ({ enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; + }); - programs.noisetorch.enable = true; + programs.noisetorch.enable = cfg.isFullUser; - programs.adb.enable = true; + programs.adb.enable = cfg.isFullUser; - users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ From 453ed74a3ac21788f40433ddd0490e36e992749f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:33:16 -0500 Subject: [PATCH 0101/1043] added note to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dc35cf..32398fd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ TODO: keys.txt should prob be readable by owning user only? > look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` +> something about ssh keys for remotes + # Tasks: ## Tech Debt From 0138aebb26f910e907082804c37e59a0c12b4d94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:33:16 -0500 Subject: [PATCH 0102/1043] added note to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dc35cf..32398fd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ TODO: keys.txt should prob be readable by owning user only? > look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` +> something about ssh keys for remotes + # Tasks: ## Tech Debt From a91f5998367fae2018e8cdef09cfedcd98826159 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:34:40 -0500 Subject: [PATCH 0103/1043] removed password auth from ssh for defiant --- hosts/defiant/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b2f73..0dc7fd1 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -42,11 +42,10 @@ enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; - PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" }; }; From aa19c47149f4a52176a13eb350377ff5755e32db Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:34:40 -0500 Subject: [PATCH 0104/1043] removed password auth from ssh for defiant --- hosts/defiant/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b2f73..0dc7fd1 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -42,11 +42,10 @@ enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; - PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" }; }; From 51a44a7f6620a4bdbaf05096fdce462bda8849e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:39:59 -0500 Subject: [PATCH 0105/1043] disabled sleep on defiant --- hosts/defiant/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 0dc7fd1..a80c520 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -37,6 +37,12 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # disable computer sleeping + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + # temp enable password auth over ssh for setup services.openssh = { enable = true; From e66c2233e81e0ed7ff427bcf49e57ab6148a3775 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:39:59 -0500 Subject: [PATCH 0106/1043] disabled sleep on defiant --- hosts/defiant/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 0dc7fd1..a80c520 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -37,6 +37,12 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # disable computer sleeping + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + # temp enable password auth over ssh for setup services.openssh = { enable = true; From 8916b78f7b7d8eaf0b9fc9d4d18be557dae74e6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:04:48 -0500 Subject: [PATCH 0107/1043] added password for leyla when thin user --- users/leyla/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a887dfb..c5bfef9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; From 67e528c0ceca6b08d01c9c0c4d207d78b26f7b78 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:04:48 -0500 Subject: [PATCH 0108/1043] added password for leyla when thin user --- users/leyla/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a887dfb..c5bfef9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; From 2f24bb0a4db89e4f0c81d4cbf16c2344e6993e1e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:54:29 -0500 Subject: [PATCH 0109/1043] removed thing from todo --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 32398fd..8544371 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- openssh configuration for server - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From a0de710c44b678590182d0591f417e0ba7444f8f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:54:29 -0500 Subject: [PATCH 0110/1043] removed thing from todo --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 32398fd..8544371 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- openssh configuration for server - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 6a309284a3bce94f607c5babc17e329eb15790f9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:23 -0500 Subject: [PATCH 0111/1043] organized flake.nix --- flake.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 33b4f83..e75e133 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,30 @@ description = "Nixos config flake"; inputs = { + # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let - forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { From 3530ee07d7ae611657f5ce997762fb64659a5c7b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:23 -0500 Subject: [PATCH 0112/1043] organized flake.nix --- flake.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 33b4f83..e75e133 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,30 @@ description = "Nixos config flake"; inputs = { + # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let - forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { From f00cec11ac0671ff033887ded040c5ca6a1aeb47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:38 -0500 Subject: [PATCH 0113/1043] added more things to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8544371..341d84b 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,13 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? -- util functions \ No newline at end of file +- util functions +- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- limit boot configurations to 2 on defiant \ No newline at end of file From 1635bdddbadcaa5dc6d45063c332ae422988fabe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:38 -0500 Subject: [PATCH 0114/1043] added more things to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8544371..341d84b 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,13 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? -- util functions \ No newline at end of file +- util functions +- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- limit boot configurations to 2 on defiant \ No newline at end of file From cee99874493c23562da6515a06a9bfe3e6fb5409 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:48 -0500 Subject: [PATCH 0115/1043] added driver to defiant --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 088af3f..575ae36 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; From c929a2c7e668877aed9f846377096c417ee7e15e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:48 -0500 Subject: [PATCH 0116/1043] added driver to defiant --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 088af3f..575ae36 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; From 696ea9872a927e0fb79e7716f4ccf137b106b853 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 20:17:41 -0500 Subject: [PATCH 0117/1043] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 341d84b..8dcfde3 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 5a6bd285e385b39cbb28d19a98ecf7c7ec5a1a69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 20:17:41 -0500 Subject: [PATCH 0118/1043] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 341d84b..8dcfde3 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 41f834d5d2c3bbd968fc05901da422d56f8b0518 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:11:27 -0500 Subject: [PATCH 0119/1043] task added to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8dcfde3..9a33b19 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 85345eedf5bcd368e2ad8aa7b8d6e614e8dc6af2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:11:27 -0500 Subject: [PATCH 0120/1043] task added to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8dcfde3..9a33b19 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From dfec548b619b81fb68247265a17a21bfa3be3a75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:26:15 -0500 Subject: [PATCH 0121/1043] updated flakes --- README.md | 3 +++ flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9a33b19..3e61367 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,9 @@ TODO: keys.txt should prob be readable by owning user only? > something about ssh keys for remotes +# Updating +`nix flake update` + # Tasks: ## Tech Debt diff --git a/flake.lock b/flake.lock index ec704cf..1e8ab51 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721466660, - "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From e507d502c75d2b69e48851472b9aa6e707bb182e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:26:15 -0500 Subject: [PATCH 0122/1043] updated flakes --- README.md | 3 +++ flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9a33b19..3e61367 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,9 @@ TODO: keys.txt should prob be readable by owning user only? > something about ssh keys for remotes +# Updating +`nix flake update` + # Tasks: ## Tech Debt diff --git a/flake.lock b/flake.lock index ec704cf..1e8ab51 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721466660, - "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From 88d8ec0077bb445cb9f68fc6adc5a632fdaef17b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 19:00:15 -0500 Subject: [PATCH 0123/1043] added openvpn to packages --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a1332cc..462c34e 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -72,6 +72,7 @@ in # system tools protonvpn-gui + openvpn nextcloud-client noisetorch From 126940814ec0b14d7c2a5a156f10ebb431c0580c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 19:00:15 -0500 Subject: [PATCH 0124/1043] added openvpn to packages --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a1332cc..462c34e 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -72,6 +72,7 @@ in # system tools protonvpn-gui + openvpn nextcloud-client noisetorch From 430e1e80124bcc2c8623ec8b835f5ef2f0a1112c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Sep 2024 17:41:48 -0500 Subject: [PATCH 0125/1043] added disko to tasks --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3e61367..6783009 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From 20e65ebf0f5a86dc1d745a6a20fa04d085fe02b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Sep 2024 17:41:48 -0500 Subject: [PATCH 0126/1043] added disko to tasks --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3e61367..6783009 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From 5df7df6129864c48f5e5b815a2a5caf4773da1d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 14 Sep 2024 09:19:08 -0500 Subject: [PATCH 0127/1043] got nixos-anywhere half working --- README.md | 21 ++-- flake.lock | 21 ++++ flake.nix | 10 +- hosts/defiant/configuration.nix | 30 +++++- hosts/defiant/disko-config.nix | 120 +++++++++++++++++++++++ hosts/defiant/hardware-configuration.nix | 8 +- 6 files changed, 193 insertions(+), 17 deletions(-) create mode 100644 hosts/defiant/disko-config.nix diff --git a/README.md b/README.md index 6783009..c3773c0 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,31 @@ `./rebuild.sh` # New machine setup + keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt +> TODO: `keys.txt`` should prob be readable by owning user only? updating passwords: `sops secrets/secrets.yaml` -TODO: keys.txt should prob be readable by owning user only? +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` - > something about ssh keys for remotes +# Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init + # Updating `nix flake update` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them +- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? @@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only? - DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively -- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Flake templates - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? - util functions -- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh -- limit boot configurations to 2 on defiant \ No newline at end of file +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1e8ab51..1182330 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,6 +106,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index e75e133..ee87ab5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,12 @@ # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # declairtive disk configuration + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # managment per user home-manager = { url = "github:nix-community/home-manager"; @@ -18,7 +24,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" @@ -53,6 +59,8 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; }; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a80c520..bff81ea 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,19 +11,39 @@ ../../enviroments/server ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + age ={ + keyFile = "/home/leyla/.config/sops/age/keys.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + + # home.sessionVariables = { + # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; + # }; users.leyla.isThinUser = true; boot.loader.grub = { enable = true; - device = "/dev/sda"; - useOSProber = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; + # mirroredBoots = [ + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } + # ]; }; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "c8985fc5"; # TODO: populate this when I get home networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 0000000..3a113eb --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,120 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + }; + # zpool = { + # zpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = [ + # { + # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + # mode = "mirror"; + # members = [ + # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + # ]; + # } + # ]; + # cache = [ ]; + # # cache = [ "ssd_2_tb_a" ]; + # }; + # }; + + # options = { + # ashift = "12"; + # }; + + # rootFsOptions = { + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; + # compression = "lz4"; + # xattr = "sa"; + # acltype = "posixacl"; + # "com.sun:auto-snapshot" = "false"; + # }; + + # datasets = { + # "root" = { + # type = "zfs_fs"; + # mountpoint = "/"; + # }; + # "nix" = { + # type = "zfs_fs"; + # mountpoint = "/nix"; + # }; + # "home" = { + # type = "zfs_fs"; + # mountpoint = "/home"; + # options = { + # "com.sun:auto-snapshot" = "true"; + # }; + # }; + # "var" = { + # type = "zfs_fs"; + # mountpoint = "/var"; + # }; + # }; + # }; + # }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 575ae36..cd075ca 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; swapDevices = [ ]; From 2a30c00ffbbcb1ac46a2fb41f7c489595294ccd8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 14 Sep 2024 09:19:08 -0500 Subject: [PATCH 0128/1043] got nixos-anywhere half working --- README.md | 21 ++-- flake.lock | 21 ++++ flake.nix | 10 +- hosts/defiant/configuration.nix | 30 +++++- hosts/defiant/disko-config.nix | 120 +++++++++++++++++++++++ hosts/defiant/hardware-configuration.nix | 8 +- 6 files changed, 193 insertions(+), 17 deletions(-) create mode 100644 hosts/defiant/disko-config.nix diff --git a/README.md b/README.md index 6783009..c3773c0 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,31 @@ `./rebuild.sh` # New machine setup + keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt +> TODO: `keys.txt`` should prob be readable by owning user only? updating passwords: `sops secrets/secrets.yaml` -TODO: keys.txt should prob be readable by owning user only? +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` - > something about ssh keys for remotes +# Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init + # Updating `nix flake update` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them +- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? @@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only? - DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively -- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Flake templates - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? - util functions -- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh -- limit boot configurations to 2 on defiant \ No newline at end of file +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1e8ab51..1182330 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,6 +106,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index e75e133..ee87ab5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,12 @@ # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # declairtive disk configuration + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # managment per user home-manager = { url = "github:nix-community/home-manager"; @@ -18,7 +24,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" @@ -53,6 +59,8 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; }; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a80c520..bff81ea 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,19 +11,39 @@ ../../enviroments/server ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + age ={ + keyFile = "/home/leyla/.config/sops/age/keys.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + + # home.sessionVariables = { + # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; + # }; users.leyla.isThinUser = true; boot.loader.grub = { enable = true; - device = "/dev/sda"; - useOSProber = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; + # mirroredBoots = [ + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } + # ]; }; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "c8985fc5"; # TODO: populate this when I get home networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 0000000..3a113eb --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,120 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + }; + # zpool = { + # zpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = [ + # { + # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + # mode = "mirror"; + # members = [ + # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + # ]; + # } + # ]; + # cache = [ ]; + # # cache = [ "ssd_2_tb_a" ]; + # }; + # }; + + # options = { + # ashift = "12"; + # }; + + # rootFsOptions = { + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; + # compression = "lz4"; + # xattr = "sa"; + # acltype = "posixacl"; + # "com.sun:auto-snapshot" = "false"; + # }; + + # datasets = { + # "root" = { + # type = "zfs_fs"; + # mountpoint = "/"; + # }; + # "nix" = { + # type = "zfs_fs"; + # mountpoint = "/nix"; + # }; + # "home" = { + # type = "zfs_fs"; + # mountpoint = "/home"; + # options = { + # "com.sun:auto-snapshot" = "true"; + # }; + # }; + # "var" = { + # type = "zfs_fs"; + # mountpoint = "/var"; + # }; + # }; + # }; + # }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 575ae36..cd075ca 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; swapDevices = [ ]; From 8f8cea0ab2690a80e895758575c5cbeb21aa3fc0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 10:12:32 -0500 Subject: [PATCH 0129/1043] added zfs disks to defiant --- hosts/defiant/configuration.nix | 1 - hosts/defiant/disko-config.nix | 130 ++++++++++++++++---------------- hosts/horizon/configuration.nix | 2 +- 3 files changed, 66 insertions(+), 67 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bff81ea..bc6c34c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -63,7 +63,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - # temp enable password auth over ssh for setup services.openssh = { enable = true; ports = [ 22 ]; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 3a113eb..7fd2427 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,14 @@ let mountpoint = "/boot"; }; }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; + # root = { + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; }; }; }; @@ -52,69 +52,69 @@ in { disk = { boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; - # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; }; - # zpool = { - # zpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = [ - # { - # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - # mode = "mirror"; - # members = [ - # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" - # ]; - # } - # ]; - # cache = [ ]; - # # cache = [ "ssd_2_tb_a" ]; - # }; - # }; + zpool = { + zpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; - # options = { - # ashift = "12"; - # }; + options = { + ashift = "12"; + }; - # rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - # compression = "lz4"; - # xattr = "sa"; - # acltype = "posixacl"; - # "com.sun:auto-snapshot" = "false"; - # }; + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # mountpoint = "/"; - # }; - # "nix" = { - # type = "zfs_fs"; - # mountpoint = "/nix"; - # }; - # "home" = { - # type = "zfs_fs"; - # mountpoint = "/home"; - # options = { - # "com.sun:auto-snapshot" = "true"; - # }; - # }; - # "var" = { - # type = "zfs_fs"; - # mountpoint = "/var"; - # }; - # }; - # }; - # }; + datasets = { + "root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; }; } diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d28ca5b..18d4348 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -71,7 +71,7 @@ # }; # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; From d22f470e2449d431aab49ca5b8070a95a2ffdb16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 10:12:32 -0500 Subject: [PATCH 0130/1043] added zfs disks to defiant --- hosts/defiant/configuration.nix | 1 - hosts/defiant/disko-config.nix | 130 ++++++++++++++++---------------- hosts/horizon/configuration.nix | 2 +- 3 files changed, 66 insertions(+), 67 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bff81ea..bc6c34c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -63,7 +63,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - # temp enable password auth over ssh for setup services.openssh = { enable = true; ports = [ 22 ]; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 3a113eb..7fd2427 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,14 @@ let mountpoint = "/boot"; }; }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; + # root = { + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; }; }; }; @@ -52,69 +52,69 @@ in { disk = { boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; - # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; }; - # zpool = { - # zpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = [ - # { - # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - # mode = "mirror"; - # members = [ - # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" - # ]; - # } - # ]; - # cache = [ ]; - # # cache = [ "ssd_2_tb_a" ]; - # }; - # }; + zpool = { + zpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; - # options = { - # ashift = "12"; - # }; + options = { + ashift = "12"; + }; - # rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - # compression = "lz4"; - # xattr = "sa"; - # acltype = "posixacl"; - # "com.sun:auto-snapshot" = "false"; - # }; + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # mountpoint = "/"; - # }; - # "nix" = { - # type = "zfs_fs"; - # mountpoint = "/nix"; - # }; - # "home" = { - # type = "zfs_fs"; - # mountpoint = "/home"; - # options = { - # "com.sun:auto-snapshot" = "true"; - # }; - # }; - # "var" = { - # type = "zfs_fs"; - # mountpoint = "/var"; - # }; - # }; - # }; - # }; + datasets = { + "root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; }; } diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d28ca5b..18d4348 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -71,7 +71,7 @@ # }; # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; From 417aafe2e82b3364306682e2a257f25f3ad263f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 12:55:31 -0500 Subject: [PATCH 0131/1043] moved sops config into common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- hosts/twilight/configuration.nix | 5 ----- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 59dda19..a6c671c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -26,6 +26,19 @@ LC_TIME = "en_US.UTF-8"; }; + users.groups.users = {}; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bc6c34c..594e83f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,17 +11,6 @@ ../../enviroments/server ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - - age ={ - keyFile = "/home/leyla/.config/sops/age/keys.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; - # generateKey = true; - }; - }; - # home.sessionVariables = { # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; # }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 34e6922..93f9265 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,11 +11,6 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { isFullUser = true; hasPiperMouse = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 4850e0f..156716f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index bf2b51b..4ed06a8 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index c5bfef9..7546613 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker"] + ["networkmanager" "wheel" "docker" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From 88ab5420eb98f7a0733346967fd01225bd02aef1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 12:55:31 -0500 Subject: [PATCH 0132/1043] moved sops config into common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- hosts/twilight/configuration.nix | 5 ----- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 59dda19..a6c671c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -26,6 +26,19 @@ LC_TIME = "en_US.UTF-8"; }; + users.groups.users = {}; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bc6c34c..594e83f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,17 +11,6 @@ ../../enviroments/server ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - - age ={ - keyFile = "/home/leyla/.config/sops/age/keys.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; - # generateKey = true; - }; - }; - # home.sessionVariables = { # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; # }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 34e6922..93f9265 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,11 +11,6 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { isFullUser = true; hasPiperMouse = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 4850e0f..156716f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index bf2b51b..4ed06a8 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index c5bfef9..7546613 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker"] + ["networkmanager" "wheel" "docker" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From d55d5933de90636459e7c15d6a36f9e211600953 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:03:53 -0500 Subject: [PATCH 0133/1043] reduced tech debt by moving things into hardware configs --- README.md | 9 ++--- hosts/horizon/configuration.nix | 40 ------------------ hosts/horizon/hardware-configuration.nix | 9 ++++- hosts/twilight/configuration.nix | 49 ----------------------- hosts/twilight/hardware-configuration.nix | 48 +++++++++++++++++++++- 5 files changed, 58 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index c3773c0..006fdb9 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ `./rebuild.sh` # New machine setup - -keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt -> TODO: `keys.txt`` should prob be readable by owning user only? +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU @@ -44,9 +42,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix -- what does `boot.kernelModules = [ "sg" ]` do? -- sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server - STOP FROM SLEEPING diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 18d4348..9eae057 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,23 +11,10 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isFullUser = true; users.ester.isFullUser = true; users.eve.isFullUser = true; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "horizon"; # Define your hostname. - # enabled virtualisation for docker virtualisation.docker = { enable = true; @@ -37,39 +24,12 @@ }; }; - hardware.graphics.enable = true; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # # List services that you want to enable: - # systemd.services = { - # # Start resilio sync on boot - # resilio-sync = { - # description = "Resilio Sync service"; - - # serviceConfig = { - # Type = "forking"; - # Restart = "on-failure"; - # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; - # }; - - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # }; - # }; - # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e83bda5..40561a9 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,9 +10,15 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.graphics.enable = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; fsType = "ext4"; @@ -57,6 +63,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking.hostName = "horizon"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 93f9265..fc4f425 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,15 +20,7 @@ }; users.ester.isFullUser = true; users.eve.isFullUser = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "sg" ]; - - networking.hostName = "twilight"; # Define your hostname. - # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -38,47 +30,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ef71502..2ab871e 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,9 +10,54 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable OpenGL + hardware.graphics.enable = true; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + fileSystems."/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; fsType = "ext4"; @@ -54,6 +99,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + networking.hostName = "twilight"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From e338b8eac5d343a4d10bfba8efd3e8dcb8170d7a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:03:53 -0500 Subject: [PATCH 0134/1043] reduced tech debt by moving things into hardware configs --- README.md | 9 ++--- hosts/horizon/configuration.nix | 40 ------------------ hosts/horizon/hardware-configuration.nix | 9 ++++- hosts/twilight/configuration.nix | 49 ----------------------- hosts/twilight/hardware-configuration.nix | 48 +++++++++++++++++++++- 5 files changed, 58 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index c3773c0..006fdb9 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ `./rebuild.sh` # New machine setup - -keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt -> TODO: `keys.txt`` should prob be readable by owning user only? +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU @@ -44,9 +42,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix -- what does `boot.kernelModules = [ "sg" ]` do? -- sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server - STOP FROM SLEEPING diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 18d4348..9eae057 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,23 +11,10 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isFullUser = true; users.ester.isFullUser = true; users.eve.isFullUser = true; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "horizon"; # Define your hostname. - # enabled virtualisation for docker virtualisation.docker = { enable = true; @@ -37,39 +24,12 @@ }; }; - hardware.graphics.enable = true; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # # List services that you want to enable: - # systemd.services = { - # # Start resilio sync on boot - # resilio-sync = { - # description = "Resilio Sync service"; - - # serviceConfig = { - # Type = "forking"; - # Restart = "on-failure"; - # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; - # }; - - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # }; - # }; - # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e83bda5..40561a9 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,9 +10,15 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.graphics.enable = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; fsType = "ext4"; @@ -57,6 +63,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking.hostName = "horizon"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 93f9265..fc4f425 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,15 +20,7 @@ }; users.ester.isFullUser = true; users.eve.isFullUser = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "sg" ]; - - networking.hostName = "twilight"; # Define your hostname. - # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -38,47 +30,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ef71502..2ab871e 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,9 +10,54 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable OpenGL + hardware.graphics.enable = true; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + fileSystems."/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; fsType = "ext4"; @@ -54,6 +99,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + networking.hostName = "twilight"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 15ce7680a6e0156bf2b9432670cf271bab82923b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:04:11 -0500 Subject: [PATCH 0135/1043] switched boot disk to using path for defiant --- hosts/defiant/disko-config.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 7fd2427..10ec163 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,6 @@ let mountpoint = "/boot"; }; }; - # root = { - # size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - # }; }; }; }; @@ -50,7 +42,7 @@ let in { disko.devices = { disk = { - boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; From 9cf91a73164e8685d6194b91a5062bba1c6d2005 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:04:11 -0500 Subject: [PATCH 0136/1043] switched boot disk to using path for defiant --- hosts/defiant/disko-config.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 7fd2427..10ec163 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,6 @@ let mountpoint = "/boot"; }; }; - # root = { - # size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - # }; }; }; }; @@ -50,7 +42,7 @@ let in { disko.devices = { disk = { - boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; From 2b10a4b81d21280e7a99623d1cf0a84175274eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:31:59 -0500 Subject: [PATCH 0137/1043] updated README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 006fdb9..b059a71 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- GNOME default monitors per hardware configuration? -- graphics driver things should prob be in the hardware-configuration.nix - use dashes for options not camel case - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server -- STOP FROM SLEEPING +- GNOME default monitors per hardware configuration? +- stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates - Install all the things on the NAS From e65143b835705cc6479b254db649d0065de05025 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:31:59 -0500 Subject: [PATCH 0138/1043] updated README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 006fdb9..b059a71 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- GNOME default monitors per hardware configuration? -- graphics driver things should prob be in the hardware-configuration.nix - use dashes for options not camel case - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server -- STOP FROM SLEEPING +- GNOME default monitors per hardware configuration? +- stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates - Install all the things on the NAS From 8934d441dc6b5f9f034ed8d544b4db22d494d9dd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 19:49:30 -0500 Subject: [PATCH 0139/1043] fixed sops age keyFile getting sent to instal target --- README.md | 2 +- enviroments/common/default.nix | 6 +++- install.sh | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100755 install.sh diff --git a/README.md b/README.md index b059a71..2bfa30d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`./install.sh --target 192.168.1.130 --flake hostname` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a6c671c..8fb75e9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,13 +31,17 @@ sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; age ={ keyFile = "/var/lib/sops-nix/key.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + sshKeyPaths = []; # generateKey = true; }; }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..0718998 --- /dev/null +++ b/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +if [ -z ${target} ]; then + echo "target is blank"; + exit 1; +fi + +if [ -z ${flake} ]; then + echo "flake is blank"; + exit 1; +fi + +temp=$(mktemp -d) +# Function to cleanup temporary directory on exit +cleanup() { + rm -rf "$temp" +} +trap cleanup EXIT + +# copy key file to temp folder to copy over to target +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION + +# commit number in this is because the main branch of nixos-anywhere is broken right now +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 16bb44f5e86b3e908105e85fcd9c5a918dae03a7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 19:49:30 -0500 Subject: [PATCH 0140/1043] fixed sops age keyFile getting sent to instal target --- README.md | 2 +- enviroments/common/default.nix | 6 +++- install.sh | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100755 install.sh diff --git a/README.md b/README.md index b059a71..2bfa30d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`./install.sh --target 192.168.1.130 --flake hostname` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a6c671c..8fb75e9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,13 +31,17 @@ sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; age ={ keyFile = "/var/lib/sops-nix/key.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + sshKeyPaths = []; # generateKey = true; }; }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..0718998 --- /dev/null +++ b/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +if [ -z ${target} ]; then + echo "target is blank"; + exit 1; +fi + +if [ -z ${flake} ]; then + echo "flake is blank"; + exit 1; +fi + +temp=$(mktemp -d) +# Function to cleanup temporary directory on exit +cleanup() { + rm -rf "$temp" +} +trap cleanup EXIT + +# copy key file to temp folder to copy over to target +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION + +# commit number in this is because the main branch of nixos-anywhere is broken right now +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 8e5978d1b58995387fe12762742b23fca05d8564 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 16 Sep 2024 21:18:08 -0500 Subject: [PATCH 0141/1043] added key for horizon to authorized keys for defiant --- users/leyla/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7546613..5e39f80 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -44,6 +44,12 @@ in ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + }; } else { isSystemUser = true; } From ad44943abe68af082001457e7ae96e9069f32346 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 16 Sep 2024 21:18:08 -0500 Subject: [PATCH 0142/1043] added key for horizon to authorized keys for defiant --- users/leyla/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7546613..5e39f80 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -44,6 +44,12 @@ in ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + }; } else { isSystemUser = true; } From 1ddce31f00f20a6fb71d6ce818727b97671c0dcd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 08:51:31 -0500 Subject: [PATCH 0143/1043] added more details to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bfa30d..eb07f88 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,4 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file From 764f7f57cbef94169eb8ef9d89de4c504f19840e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 08:51:31 -0500 Subject: [PATCH 0144/1043] added more details to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bfa30d..eb07f88 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,4 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file From f7248ab781fd147a86aae5b81dbf0209df124aea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:57:13 -0500 Subject: [PATCH 0145/1043] created disko config for defiant --- hosts/defiant/configuration.nix | 8 ++++++- hosts/defiant/disko-config.nix | 42 ++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 594e83f..e42db42 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,10 @@ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c8985fc5"; # TODO: populate this when I get home + boot.zfs.extraPools = [ "zpool" ]; + + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE + networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; @@ -46,6 +49,9 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + # disable computer sleeping systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 10ec163..653f29f 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -33,7 +33,32 @@ let size = "100%"; content = { type = "zfs"; - pool = "zpool"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; }; }; }; @@ -48,10 +73,10 @@ in { hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zpool = { + zroot = { type = "zpool"; mode = { topology = { @@ -73,7 +98,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -83,19 +108,18 @@ in { acltype = "posixacl"; "com.sun:auto-snapshot" = "false"; }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - "root" = { - type = "zfs_fs"; - mountpoint = "/"; - }; "nix" = { type = "zfs_fs"; mountpoint = "/nix"; }; "home" = { type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/mnt/home"; options = { "com.sun:auto-snapshot" = "true"; }; From c3a19fb6f91137402406e63d84abc874a23a42a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:57:13 -0500 Subject: [PATCH 0146/1043] created disko config for defiant --- hosts/defiant/configuration.nix | 8 ++++++- hosts/defiant/disko-config.nix | 42 ++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 594e83f..e42db42 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,10 @@ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c8985fc5"; # TODO: populate this when I get home + boot.zfs.extraPools = [ "zpool" ]; + + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE + networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; @@ -46,6 +49,9 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + # disable computer sleeping systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 10ec163..653f29f 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -33,7 +33,32 @@ let size = "100%"; content = { type = "zfs"; - pool = "zpool"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; }; }; }; @@ -48,10 +73,10 @@ in { hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zpool = { + zroot = { type = "zpool"; mode = { topology = { @@ -73,7 +98,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -83,19 +108,18 @@ in { acltype = "posixacl"; "com.sun:auto-snapshot" = "false"; }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - "root" = { - type = "zfs_fs"; - mountpoint = "/"; - }; "nix" = { type = "zfs_fs"; mountpoint = "/nix"; }; "home" = { type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/mnt/home"; options = { "com.sun:auto-snapshot" = "true"; }; From 6480ca95dd13600b1b1a2c9c985bfcfdff920eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:59:57 -0500 Subject: [PATCH 0147/1043] added zfs auto scrub and snapshot --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e42db42..e7b1e5e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -34,6 +34,9 @@ boot.zfs.extraPools = [ "zpool" ]; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot.enable = true; + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. From f994ba035c3750aac46f48658c6be75839c868d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:59:57 -0500 Subject: [PATCH 0148/1043] added zfs auto scrub and snapshot --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e42db42..e7b1e5e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -34,6 +34,9 @@ boot.zfs.extraPools = [ "zpool" ]; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot.enable = true; + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. From 8897a5646b8ade1d5978d1708b3ef7d7c224db4d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:00:19 -0500 Subject: [PATCH 0149/1043] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eb07f88..3ba5458 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,5 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing \ No newline at end of file From a171e586bdbe686fda342d999c4b0f3e5abbf361 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:00:19 -0500 Subject: [PATCH 0150/1043] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eb07f88..3ba5458 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,5 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing \ No newline at end of file From 63d23d6c54bbe958b5d76fb339bcd21301bd4161 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:07:44 -0500 Subject: [PATCH 0151/1043] fixed extra pool name --- hosts/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e7b1e5e..b705068 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,7 @@ boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.extraPools = [ "zpool" ]; + boot.zfs.extraPools = [ "zroot" ]; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; From afc3bab3ad0afdd28e74c99c596e2bb3178971d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:07:44 -0500 Subject: [PATCH 0152/1043] fixed extra pool name --- hosts/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e7b1e5e..b705068 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,7 @@ boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.extraPools = [ "zpool" ]; + boot.zfs.extraPools = [ "zroot" ]; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; From 76cd196363bddeeb41ff6e1a8831497d94051d97 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:14:50 -0500 Subject: [PATCH 0153/1043] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba5458..82212c9 100644 --- a/README.md +++ b/README.md @@ -56,4 +56,5 @@ updating passwords: `sops secrets/secrets.yaml` - openssh known hosts - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing \ No newline at end of file +- zfs email after scrubbing +- tail scale on clients and PiKVM \ No newline at end of file From 772c758e23cc29a6fe7b0a3256abf60e7224cf58 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:14:50 -0500 Subject: [PATCH 0154/1043] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba5458..82212c9 100644 --- a/README.md +++ b/README.md @@ -56,4 +56,5 @@ updating passwords: `sops secrets/secrets.yaml` - openssh known hosts - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing \ No newline at end of file +- zfs email after scrubbing +- tail scale on clients and PiKVM \ No newline at end of file From f0a10c122d9911c0eff6e99dedffc84cb4c46ce9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:16:11 -0500 Subject: [PATCH 0155/1043] clarified task in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82212c9..d1758c0 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case +- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server From 0f1e6a9c988045cf8428d7705b5939372b3f49c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:16:11 -0500 Subject: [PATCH 0156/1043] clarified task in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82212c9..d1758c0 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case +- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server From a3a66300315043656d0910e872e663369cbaae68 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:08 -0500 Subject: [PATCH 0157/1043] updated rebuild.sh to support remote rebuilds --- rebuild.sh | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index 7f2a072..c54dd1a 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,41 @@ #!/usr/bin/env bash -sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-h*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --mode*|-m*) + if [[ "$1" != *=* ]]; then shift; fi + mode="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +target=${target:-$(hostname)} +flake=${flake:-$target} +mode=${mode:-switch} + +if [[ "$target" == "$(hostname)" ]] +then + sudo nixos-rebuild $mode --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake +fi From 5a1bc95a1a7e1f73c5fd2b1b9b9d22e5597fd822 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:08 -0500 Subject: [PATCH 0158/1043] updated rebuild.sh to support remote rebuilds --- rebuild.sh | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index 7f2a072..c54dd1a 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,41 @@ #!/usr/bin/env bash -sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-h*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --mode*|-m*) + if [[ "$1" != *=* ]]; then shift; fi + mode="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +target=${target:-$(hostname)} +flake=${flake:-$target} +mode=${mode:-switch} + +if [[ "$target" == "$(hostname)" ]] +then + sudo nixos-rebuild $mode --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake +fi From bf0d0190473f483ee87b3a7a59c679bb1f35dbd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:23 -0500 Subject: [PATCH 0159/1043] added more details to tasks in readme --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d1758c0..afd7536 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ # Updating `nix flake update` @@ -43,12 +44,12 @@ updating passwords: `sops secrets/secrets.yaml` - use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features -- DISKO for server - GNOME default monitors per hardware configuration? - stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates -- Install all the things on the NAS +- Docker parity with existing NAS on defiant +- NFS on defiant - firefox declarative??? - figure out steam vr things? - Open GL? @@ -57,4 +58,6 @@ updating passwords: `sops secrets/secrets.yaml` - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale on clients and PiKVM \ No newline at end of file +- headscale server +- mastodon server +- tail scale clients \ No newline at end of file From 5d2b7a2ce5bbf2ad9773fb1aca5eca28d01023d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:23 -0500 Subject: [PATCH 0160/1043] added more details to tasks in readme --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d1758c0..afd7536 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ # Updating `nix flake update` @@ -43,12 +44,12 @@ updating passwords: `sops secrets/secrets.yaml` - use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features -- DISKO for server - GNOME default monitors per hardware configuration? - stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates -- Install all the things on the NAS +- Docker parity with existing NAS on defiant +- NFS on defiant - firefox declarative??? - figure out steam vr things? - Open GL? @@ -57,4 +58,6 @@ updating passwords: `sops secrets/secrets.yaml` - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale on clients and PiKVM \ No newline at end of file +- headscale server +- mastodon server +- tail scale clients \ No newline at end of file From 11603852f4c23ba718b83a201ef3341856ae752b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:40 -0500 Subject: [PATCH 0161/1043] added docker to defiant --- enviroments/common/default.nix | 1 + hosts/defiant/configuration.nix | 48 ++++++++++++++++++++++++++------- hosts/horizon/configuration.nix | 1 + users/leyla/default.nix | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e9..f0231c3 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068..1608e4a 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae057..230a83e 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f80..d0a9a96 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From f68a46c46a0d7019c5b241687c38c648853f3f37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:40 -0500 Subject: [PATCH 0162/1043] added docker to defiant --- enviroments/common/default.nix | 1 + hosts/defiant/configuration.nix | 48 ++++++++++++++++++++++++++------- hosts/horizon/configuration.nix | 1 + users/leyla/default.nix | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e9..f0231c3 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068..1608e4a 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae057..230a83e 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f80..d0a9a96 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From 0b1309dd0f64f0e5babf302d9cd30a3bd1e41016 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:49:59 -0500 Subject: [PATCH 0163/1043] ran statix linter --- enviroments/client/default.nix | 61 ++++---- hosts/defiant/configuration.nix | 136 +++++++++-------- hosts/defiant/hardware-configuration.nix | 34 +++-- hosts/emergent/configuration.nix | 5 - hosts/hesperium/configuration.nix | 5 - hosts/horizon/configuration.nix | 8 +- hosts/horizon/hardware-configuration.nix | 99 ++++++------ hosts/threshold/configuration.nix | 5 - hosts/twilight/configuration.nix | 18 ++- hosts/twilight/hardware-configuration.nix | 176 ++++++++++++---------- overlays/intellij.nix | 2 +- overlays/vscodium.nix | 2 +- templates/default.nix | 2 + users/leyla/home.nix | 118 ++++++++------- users/leyla/packages.nix | 22 +-- util/default.nix | 12 +- 16 files changed, 376 insertions(+), 329 deletions(-) delete mode 100644 hosts/emergent/configuration.nix delete mode 100644 hosts/hesperium/configuration.nix delete mode 100644 hosts/threshold/configuration.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index ccc5a55..555305f 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -4,43 +4,50 @@ ../common ]; - # Enable CUPS to print documents. - services.printing.enable = true; + services = { - # Enable the X11 windowing system. - services.xserver.enable = true; + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + xserver = { + # Enable the X11 windowing system. + enable = true; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; - # Configure keymap in X11 - services.xserver = { - xkb = { - layout = "us,it,de"; - variant = ""; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; }; }; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; environment.systemPackages = with pkgs; [ # helvetica font diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1608e4a..77d07b0 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,83 +23,91 @@ virtualisation.docker.enable = true; users.extraGroups.docker.members = [ "leyla" ]; - boot.supportedFilesystems = [ "zfs" ]; - - boot.zfs.extraPools = [ "zroot" ]; - - services.zfs.autoScrub.enable = true; - services.zfs.autoSnapshot.enable = true; - - # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE - networking.hostId = "c51763d6"; - networking.hostName = "defiant"; # Define your hostname. - nixpkgs.config.allowUnfree = true; - # temp enable desktop enviroment for setup - # Enable the X11 windowing system. - services.xserver.enable = true; + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + # Enable the GNOME Desktop Environment. + services.xserver.displayManager = { + gdm.enable = true; + }; + services.xserver.desktopManager = { + gnome.enable = true; + desktopManager.xterm.enable = false; + }; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; - # disable computer sleeping - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; + nfs.server = { + enable = true; + exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; }; }; - fileSystems."/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; }; - fileSystems."/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; + fileSystems = { + "/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + "/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + "/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + "/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; }; - fileSystems."/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - fileSystems."/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index cd075ca..3ba63d0 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,10 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; @@ -20,13 +28,17 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix deleted file mode 100644 index 215fc8c..0000000 --- a/hosts/emergent/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve desktop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix deleted file mode 100644 index 8cd6f61..0000000 --- a/hosts/hesperium/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# nas -{}: -{ - -} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 230a83e..3a27081 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,9 +11,11 @@ ../../enviroments/client ]; - users.leyla.isFullUser = true; - users.ester.isFullUser = true; - users.eve.isFullUser = true; + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; # enabled virtualisation for docker virtualisation.docker = { diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 40561a9..96f2423 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -8,62 +8,73 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; hardware.graphics.enable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; services.cachefilesd.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - networking.hostName = "horizon"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix deleted file mode 100644 index 305f2f7..0000000 --- a/hosts/threshold/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve laptop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index fc4f425..1352c8b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,15 +11,17 @@ ../../enviroments/client ]; - users.leyla = { - isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; - hasGPU = true; + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; }; - users.ester.isFullUser = true; - users.eve.isFullUser = true; # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ab871e..01f3ac6 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -8,98 +8,112 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - networking.hostName = "twilight"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 25ee779..65eef92 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 902bd78..c271af3 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/templates/default.nix b/templates/default.nix index e69de29..f9d63b0 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1ae0057..40a6926 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -3,71 +3,73 @@ { # Home Manager needs a bit of information about you and the paths it should # manage. - home.username = "leyla"; - home.homeDirectory = "/home/leyla"; + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - # EDITOR = "emacs"; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; programs = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 462c34e..ca4ec7d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,19 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ - code = "codium"; - }); + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; - programs.steam = lib.mkIf cfg.isFullUser ({ - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }); + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; - programs.noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isFullUser; - programs.adb.enable = cfg.isFullUser; + adb.enable = cfg.isFullUser; + }; users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ diff --git a/util/default.nix b/util/default.nix index 795ad04..a4fab1e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +_: { - mkUnless = condition: then: (mkIf (!condition) then); - mkIfElse = condition: then: else: lib.mkMerge [ - (mkIf condition then) - (mkUnless condition else) - ]; + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; } \ No newline at end of file From 9706360841cbfbed254d5d80c4fc63792faa4d44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:49:59 -0500 Subject: [PATCH 0164/1043] ran statix linter --- enviroments/client/default.nix | 61 ++++---- hosts/defiant/configuration.nix | 136 +++++++++-------- hosts/defiant/hardware-configuration.nix | 34 +++-- hosts/emergent/configuration.nix | 5 - hosts/hesperium/configuration.nix | 5 - hosts/horizon/configuration.nix | 8 +- hosts/horizon/hardware-configuration.nix | 99 ++++++------ hosts/threshold/configuration.nix | 5 - hosts/twilight/configuration.nix | 18 ++- hosts/twilight/hardware-configuration.nix | 176 ++++++++++++---------- overlays/intellij.nix | 2 +- overlays/vscodium.nix | 2 +- templates/default.nix | 2 + users/leyla/home.nix | 118 ++++++++------- users/leyla/packages.nix | 22 +-- util/default.nix | 12 +- 16 files changed, 376 insertions(+), 329 deletions(-) delete mode 100644 hosts/emergent/configuration.nix delete mode 100644 hosts/hesperium/configuration.nix delete mode 100644 hosts/threshold/configuration.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index ccc5a55..555305f 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -4,43 +4,50 @@ ../common ]; - # Enable CUPS to print documents. - services.printing.enable = true; + services = { - # Enable the X11 windowing system. - services.xserver.enable = true; + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + xserver = { + # Enable the X11 windowing system. + enable = true; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; - # Configure keymap in X11 - services.xserver = { - xkb = { - layout = "us,it,de"; - variant = ""; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; }; }; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; environment.systemPackages = with pkgs; [ # helvetica font diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1608e4a..77d07b0 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,83 +23,91 @@ virtualisation.docker.enable = true; users.extraGroups.docker.members = [ "leyla" ]; - boot.supportedFilesystems = [ "zfs" ]; - - boot.zfs.extraPools = [ "zroot" ]; - - services.zfs.autoScrub.enable = true; - services.zfs.autoSnapshot.enable = true; - - # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE - networking.hostId = "c51763d6"; - networking.hostName = "defiant"; # Define your hostname. - nixpkgs.config.allowUnfree = true; - # temp enable desktop enviroment for setup - # Enable the X11 windowing system. - services.xserver.enable = true; + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + # Enable the GNOME Desktop Environment. + services.xserver.displayManager = { + gdm.enable = true; + }; + services.xserver.desktopManager = { + gnome.enable = true; + desktopManager.xterm.enable = false; + }; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; - # disable computer sleeping - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; + nfs.server = { + enable = true; + exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; }; }; - fileSystems."/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; }; - fileSystems."/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; + fileSystems = { + "/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + "/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + "/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + "/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; }; - fileSystems."/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - fileSystems."/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index cd075ca..3ba63d0 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,10 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; @@ -20,13 +28,17 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix deleted file mode 100644 index 215fc8c..0000000 --- a/hosts/emergent/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve desktop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix deleted file mode 100644 index 8cd6f61..0000000 --- a/hosts/hesperium/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# nas -{}: -{ - -} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 230a83e..3a27081 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,9 +11,11 @@ ../../enviroments/client ]; - users.leyla.isFullUser = true; - users.ester.isFullUser = true; - users.eve.isFullUser = true; + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; # enabled virtualisation for docker virtualisation.docker = { diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 40561a9..96f2423 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -8,62 +8,73 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; hardware.graphics.enable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; services.cachefilesd.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - networking.hostName = "horizon"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix deleted file mode 100644 index 305f2f7..0000000 --- a/hosts/threshold/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve laptop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index fc4f425..1352c8b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,15 +11,17 @@ ../../enviroments/client ]; - users.leyla = { - isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; - hasGPU = true; + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; }; - users.ester.isFullUser = true; - users.eve.isFullUser = true; # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ab871e..01f3ac6 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -8,98 +8,112 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - networking.hostName = "twilight"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 25ee779..65eef92 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 902bd78..c271af3 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/templates/default.nix b/templates/default.nix index e69de29..f9d63b0 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1ae0057..40a6926 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -3,71 +3,73 @@ { # Home Manager needs a bit of information about you and the paths it should # manage. - home.username = "leyla"; - home.homeDirectory = "/home/leyla"; + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - # EDITOR = "emacs"; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; programs = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 462c34e..ca4ec7d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,19 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ - code = "codium"; - }); + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; - programs.steam = lib.mkIf cfg.isFullUser ({ - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }); + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; - programs.noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isFullUser; - programs.adb.enable = cfg.isFullUser; + adb.enable = cfg.isFullUser; + }; users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ diff --git a/util/default.nix b/util/default.nix index 795ad04..a4fab1e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +_: { - mkUnless = condition: then: (mkIf (!condition) then); - mkIfElse = condition: then: else: lib.mkMerge [ - (mkIf condition then) - (mkUnless condition else) - ]; + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; } \ No newline at end of file From 84877be6f473d825dc43397f921cf00a82cec625 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:22:30 -0500 Subject: [PATCH 0165/1043] removed sudo call from rebuild.sh --- rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index c54dd1a..503dfdb 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -35,7 +35,7 @@ mode=${mode:-switch} if [[ "$target" == "$(hostname)" ]] then - sudo nixos-rebuild $mode --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake fi From 04dc0cb5ba92b573a594ab39406f53c6e0cde37e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:22:30 -0500 Subject: [PATCH 0166/1043] removed sudo call from rebuild.sh --- rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index c54dd1a..503dfdb 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -35,7 +35,7 @@ mode=${mode:-switch} if [[ "$target" == "$(hostname)" ]] then - sudo nixos-rebuild $mode --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake fi From e2625d0c0ad632ba8081155ff115f126647e23c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:24:09 -0500 Subject: [PATCH 0167/1043] added user option to rebuild.sh --- rebuild.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 503dfdb..b37be13 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -14,11 +14,16 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi mode="${1#*=}" ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to install on" - echo "--flake -f: set the flake to install on the target system" - echo "--user -u: set the user to install flake as on the target system" + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -32,10 +37,11 @@ done target=${target:-$(hostname)} flake=${flake:-$target} mode=${mode:-switch} +user=${user:-$USER} if [[ "$target" == "$(hostname)" ]] then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi From 2150819f7dfff56270cecd9241ea0340cca377b9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:24:09 -0500 Subject: [PATCH 0168/1043] added user option to rebuild.sh --- rebuild.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 503dfdb..b37be13 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -14,11 +14,16 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi mode="${1#*=}" ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to install on" - echo "--flake -f: set the flake to install on the target system" - echo "--user -u: set the user to install flake as on the target system" + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -32,10 +37,11 @@ done target=${target:-$(hostname)} flake=${flake:-$target} mode=${mode:-switch} +user=${user:-$USER} if [[ "$target" == "$(hostname)" ]] then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi From 19f2deb87f4fec50850e80c599c6b6b527f8b747 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:20 -0500 Subject: [PATCH 0169/1043] added headscale service --- hosts/defiant/configuration.nix | 43 ++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 77d07b0..6c2c61f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,7 +25,9 @@ nixpkgs.config.allowUnfree = true; - services = { + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -37,12 +39,12 @@ enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager = { + displayManager = { gdm.enable = true; }; - services.xserver.desktopManager = { + desktopManager = { gnome.enable = true; - desktopManager.xterm.enable = false; + xterm.enable = false; }; # Get rid of xTerm @@ -76,6 +78,37 @@ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) ''; }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; }; # disable computer sleeping @@ -108,6 +141,8 @@ }; }; + environment.systemPackages = [ config.services.headscale.package ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From c8a6ff7e5454dc8dbcf674a5ea1d8d5c41fe622a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:20 -0500 Subject: [PATCH 0170/1043] added headscale service --- hosts/defiant/configuration.nix | 43 ++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 77d07b0..6c2c61f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,7 +25,9 @@ nixpkgs.config.allowUnfree = true; - services = { + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -37,12 +39,12 @@ enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager = { + displayManager = { gdm.enable = true; }; - services.xserver.desktopManager = { + desktopManager = { gnome.enable = true; - desktopManager.xterm.enable = false; + xterm.enable = false; }; # Get rid of xTerm @@ -76,6 +78,37 @@ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) ''; }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; }; # disable computer sleeping @@ -108,6 +141,8 @@ }; }; + environment.systemPackages = [ config.services.headscale.package ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 0ab447e00caf5d464bdb339eb6afc87ccc83b07a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:33 -0500 Subject: [PATCH 0171/1043] added task to tech debt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afd7536..d7b8371 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 41434d640056a033062c55b0a91e106fdea31ad6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:33 -0500 Subject: [PATCH 0172/1043] added task to tech debt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afd7536..d7b8371 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 615fb21505c247e865dffd5b43fd2f5badfa0a75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:43:02 -0500 Subject: [PATCH 0173/1043] added more tasks to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d7b8371..59ed515 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 22e870288eda7ad44e9ba2f4d06e667079bc98fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:43:02 -0500 Subject: [PATCH 0174/1043] added more tasks to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d7b8371..59ed515 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From b4f3349caf8056ef5e78a65309d6f011ae2a3e0c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:06 -0500 Subject: [PATCH 0175/1043] managed vs code extensions though nix --- README.md | 3 +- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ overlays/vscodium.nix | 24 +++++++------- users/leyla/packages.nix | 42 +++++++++++++++++++++-- 5 files changed, 131 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 59ed515..b728b5e 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake @@ -48,7 +48,6 @@ updating passwords: `sops secrets/secrets.yaml` ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping -- VS code extensions should be installed declaratively - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant diff --git a/flake.lock b/flake.lock index 1182330..3f277b2 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,40 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +74,28 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -108,6 +164,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -131,6 +188,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ee87ab5..033e2c2 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,12 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # vscode extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index c271af3..618af19 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,15 +1,15 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index ca4ec7d..d962b34 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, inputs, ... }: let cfg = config.users.leyla; in @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + programs = { bash.shellAliases = lib.mkIf cfg.isFullUser { code = "codium"; @@ -66,7 +72,39 @@ in (lib.mkIf cfg.hasGPU davinci-resolve) # development tools - vscodium + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + jeanp413.open-remote-ssh + ] ++ (with vscode-marketplace; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + karyfoundation.nearley + + # misc extensions + bungcip.better-toml + ]); + }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 237c01f11e0423183feb86d2869a2a7839229bd0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:06 -0500 Subject: [PATCH 0176/1043] managed vs code extensions though nix --- README.md | 3 +- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ overlays/vscodium.nix | 24 +++++++------- users/leyla/packages.nix | 42 +++++++++++++++++++++-- 5 files changed, 131 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 59ed515..b728b5e 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake @@ -48,7 +48,6 @@ updating passwords: `sops secrets/secrets.yaml` ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping -- VS code extensions should be installed declaratively - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant diff --git a/flake.lock b/flake.lock index 1182330..3f277b2 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,40 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +74,28 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -108,6 +164,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -131,6 +188,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ee87ab5..033e2c2 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,12 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # vscode extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index c271af3..618af19 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,15 +1,15 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index ca4ec7d..d962b34 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, inputs, ... }: let cfg = config.users.leyla; in @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + programs = { bash.shellAliases = lib.mkIf cfg.isFullUser { code = "codium"; @@ -66,7 +72,39 @@ in (lib.mkIf cfg.hasGPU davinci-resolve) # development tools - vscodium + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + jeanp413.open-remote-ssh + ] ++ (with vscode-marketplace; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + karyfoundation.nearley + + # misc extensions + bungcip.better-toml + ]); + }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 4fa16929615b0e205a2c8642489c5e1414bcff3f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:36 -0500 Subject: [PATCH 0177/1043] added gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2f5dd2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file From 959eb2574e487f9f8e09407b6c7aefe040706103 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:36 -0500 Subject: [PATCH 0178/1043] added gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2f5dd2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file From 29506590b2df8f7530a833e4de437a72b78ab03d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:20:05 -0500 Subject: [PATCH 0179/1043] moved extensions over to open-vsx --- users/leyla/packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d962b34..223f568 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,14 +75,13 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = with open-vsx; [ - jeanp413.open-remote-ssh - ] ++ (with vscode-marketplace; [ # vs code feel extensions ms-vscode.atom-keybindings akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh # nix extensions pinage404.nix-extension-pack @@ -99,10 +98,12 @@ in firsttris.vscode-jest-runner stylelint.vscode-stylelint tauri-apps.tauri-vscode - karyfoundation.nearley # misc extensions bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley ]); }) androidStudioPackages.canary From 49de4a1ab07f502e8bd7fbd2ab01a22289240651 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:20:05 -0500 Subject: [PATCH 0180/1043] moved extensions over to open-vsx --- users/leyla/packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d962b34..223f568 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,14 +75,13 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = with open-vsx; [ - jeanp413.open-remote-ssh - ] ++ (with vscode-marketplace; [ # vs code feel extensions ms-vscode.atom-keybindings akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh # nix extensions pinage404.nix-extension-pack @@ -99,10 +98,12 @@ in firsttris.vscode-jest-runner stylelint.vscode-stylelint tauri-apps.tauri-vscode - karyfoundation.nearley # misc extensions bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley ]); }) androidStudioPackages.canary From 9bca1e81d28a2a43d8a618b4c2af347c0a967c46 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:21:24 -0500 Subject: [PATCH 0181/1043] added tech debt task to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b728b5e..bb5fd6c 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ updating passwords: `sops secrets/secrets.yaml` - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 117f394e411ce651c2d3066f722049f2d3fe6796 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:21:24 -0500 Subject: [PATCH 0182/1043] added tech debt task to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b728b5e..bb5fd6c 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ updating passwords: `sops secrets/secrets.yaml` - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From a99368bdb25dec3dd5cc7e011389687f6043fda6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 09:40:41 -0500 Subject: [PATCH 0183/1043] disabled overlay for jetbrains idea --- overlays/intellij.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 65eef92..d83bd15 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,19 +1,19 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; } \ No newline at end of file From 513cc95af77693e6e1c56ae9ef9afe49b282b2b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 09:40:41 -0500 Subject: [PATCH 0184/1043] disabled overlay for jetbrains idea --- overlays/intellij.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 65eef92..d83bd15 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,19 +1,19 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; } \ No newline at end of file From b05f633d2e7cdd232b980f271384b1b20cabc2b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:07:17 -0500 Subject: [PATCH 0185/1043] moved openssh config to common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index f0231c3..99f3e5a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -29,6 +29,19 @@ users.groups.users = {}; + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 6c2c61f..9e4a1e6 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -51,17 +51,6 @@ excludePackages = [ pkgs.xterm ]; }; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - }; - }; - nfs.server = { enable = true; exports = '' From dbd44077549477d6e1dbf974b79fe8d7800592c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:07:17 -0500 Subject: [PATCH 0186/1043] moved openssh config to common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index f0231c3..99f3e5a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -29,6 +29,19 @@ users.groups.users = {}; + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 6c2c61f..9e4a1e6 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -51,17 +51,6 @@ excludePackages = [ pkgs.xterm ]; }; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - }; - }; - nfs.server = { enable = true; exports = '' From f758eebc424baad5936d9c497aae5a9aafd71c3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:17:11 -0500 Subject: [PATCH 0187/1043] added key generation to leyla user configuration --- users/leyla/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d0a9a96..76e5a25 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -56,6 +56,15 @@ in ) ]; + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file From e97b8738e5f06578531d519139ae67f4478d184a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:17:11 -0500 Subject: [PATCH 0188/1043] added key generation to leyla user configuration --- users/leyla/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d0a9a96..76e5a25 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -56,6 +56,15 @@ in ) ]; + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file From eafdd4c71234d3f81ff54a7fbcec1279a7bfd31c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 0189/1043] set comment on hostKeys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 76e5a25..b321cdd 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -59,6 +59,7 @@ in # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ { + comment = "leyla@" + config.networking.hostName; path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; rounds = 100; type = "ed25519"; From 45f0ffb096766cc61e59c3f1c0d3ea800d142fb8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 0190/1043] set comment on hostKeys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 76e5a25..b321cdd 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -59,6 +59,7 @@ in # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ { + comment = "leyla@" + config.networking.hostName; path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; rounds = 100; type = "ed25519"; From 1edaafcd1bf88cbe8930133439711a440866e1a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:18 -0500 Subject: [PATCH 0191/1043] added twilight key to authorized keys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index b321cdd..7a8dc54 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -48,6 +48,7 @@ in openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; } else { From f71d104f8d152e8ead21757ec4997b92d5ba7e1c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:18 -0500 Subject: [PATCH 0192/1043] added twilight key to authorized keys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index b321cdd..7a8dc54 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -48,6 +48,7 @@ in openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; } else { From 0ddd754850fe7fa6f587ef50ad37296b1627da1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:27 -0500 Subject: [PATCH 0193/1043] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bb5fd6c..2528214 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ updating passwords: `sops secrets/secrets.yaml` - zfs email after scrubbing - headscale server - mastodon server -- tail scale clients \ No newline at end of file +- tail scale clients +- wake on LAN \ No newline at end of file From ce8293167922a6f69e50efa6ecdfc35dad231202 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:27 -0500 Subject: [PATCH 0194/1043] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bb5fd6c..2528214 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ updating passwords: `sops secrets/secrets.yaml` - zfs email after scrubbing - headscale server - mastodon server -- tail scale clients \ No newline at end of file +- tail scale clients +- wake on LAN \ No newline at end of file From 29ee94d7f7302adc80a93ba265a8733177056eeb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:06:04 -0500 Subject: [PATCH 0195/1043] removed comments --- hosts/horizon/configuration.nix | 3 --- hosts/horizon/hardware-configuration.nix | 6 ------ hosts/twilight/hardware-configuration.nix | 2 -- 3 files changed, 11 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3a27081..f1c3bee 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 96f2423..76b87df 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -66,13 +66,7 @@ ]; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 01f3ac6..ab24b97 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -110,8 +110,6 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; hostName = "twilight"; # Define your hostname. }; From 24296367bcbd0a899b6998ae00980dedc4a4a7f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:06:04 -0500 Subject: [PATCH 0196/1043] removed comments --- hosts/horizon/configuration.nix | 3 --- hosts/horizon/hardware-configuration.nix | 6 ------ hosts/twilight/hardware-configuration.nix | 2 -- 3 files changed, 11 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3a27081..f1c3bee 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 96f2423..76b87df 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -66,13 +66,7 @@ ]; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 01f3ac6..ab24b97 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -110,8 +110,6 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; hostName = "twilight"; # Define your hostname. }; From c2d9b77eefe5e4852718e9d093aa4e3c15897f6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:33 -0500 Subject: [PATCH 0197/1043] moved defiant server configuration to server folder --- enviroments/server/default.nix | 58 +++++++++++++++++++++- hosts/defiant/configuration.nix | 87 +-------------------------------- 2 files changed, 58 insertions(+), 87 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 861f142..d3e9d63 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,7 +1,63 @@ -{ pkgs, ... }: +{ config, ... }: { imports = [ ../common ]; + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; } \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9e4a1e6..d2b1348 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,14 +20,9 @@ efiInstallAsRemovable = true; }; - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ "leyla" ]; - nixpkgs.config.allowUnfree = true; - services = let - headscaleDomain = "headscale.jan-leila.com"; - in { + services = { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -50,87 +45,7 @@ # Get rid of xTerm excludePackages = [ pkgs.xterm ]; }; - - nfs.server = { - enable = true; - exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - }; - - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; - }; - }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - fileSystems = { - "/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; - }; - - "/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; - }; - - "/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - "/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 62fa9b60934e1e5bf7fa4440985012af2c546ec9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:33 -0500 Subject: [PATCH 0198/1043] moved defiant server configuration to server folder --- enviroments/server/default.nix | 58 +++++++++++++++++++++- hosts/defiant/configuration.nix | 87 +-------------------------------- 2 files changed, 58 insertions(+), 87 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 861f142..d3e9d63 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,7 +1,63 @@ -{ pkgs, ... }: +{ config, ... }: { imports = [ ../common ]; + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; } \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9e4a1e6..d2b1348 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,14 +20,9 @@ efiInstallAsRemovable = true; }; - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ "leyla" ]; - nixpkgs.config.allowUnfree = true; - services = let - headscaleDomain = "headscale.jan-leila.com"; - in { + services = { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -50,87 +45,7 @@ # Get rid of xTerm excludePackages = [ pkgs.xterm ]; }; - - nfs.server = { - enable = true; - exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - }; - - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; - }; - }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - fileSystems = { - "/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; - }; - - "/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; - }; - - "/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - "/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From f74787c63936d825109d9c14971515d9f73dd1fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:51 -0500 Subject: [PATCH 0199/1043] added nfs mount points for defiant to horizon --- hosts/horizon/hardware-configuration.nix | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 76b87df..cfd9c64 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -38,20 +38,48 @@ }; "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/legacy_leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/share_home" = + "/mnt/legacy_share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/docker_home" = + "/mnt/legacy_docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; From fc6438d1212608bf67401057412da4c7ac1bcdef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:51 -0500 Subject: [PATCH 0200/1043] added nfs mount points for defiant to horizon --- hosts/horizon/hardware-configuration.nix | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 76b87df..cfd9c64 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -38,20 +38,48 @@ }; "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/legacy_leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/share_home" = + "/mnt/legacy_share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/docker_home" = + "/mnt/legacy_docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; From b364fbb7b8edfa579f1407f7c5a4e6c5bb67d82d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:28 -0500 Subject: [PATCH 0201/1043] updated tasks in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2528214..c257613 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- stop nas from sleeping +- offline access for nfs mounts (overlay with rsync might be a good option here?) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From d443c83c4d52154c37dd1b150135c5b657e5883f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:28 -0500 Subject: [PATCH 0202/1043] updated tasks in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2528214..c257613 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- stop nas from sleeping +- offline access for nfs mounts (overlay with rsync might be a good option here?) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From 0cc454bcac81fc5b40fa5e124f7ff3ee454eeef3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:52 -0500 Subject: [PATCH 0203/1043] updated options for leyla home mount --- hosts/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index cfd9c64..c940fd7 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; }; "/mnt/eve_home" = From b0e4ab8f6dba7dbc925906732fa6cf47442dd8b9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:52 -0500 Subject: [PATCH 0204/1043] updated options for leyla home mount --- hosts/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index cfd9c64..c940fd7 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; }; "/mnt/eve_home" = From 8f6e6281d6d190584ba5f0d02853f0057e72bb85 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:24:56 -0500 Subject: [PATCH 0205/1043] added more options to leyla home mount --- hosts/horizon/hardware-configuration.nix | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index c940fd7..59a900d 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; "/mnt/eve_home" = @@ -65,26 +65,26 @@ options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/legacy_leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; }; services.cachefilesd.enable = true; From b7246000975b99c7ab0e67c3d8bdc219701a19f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:24:56 -0500 Subject: [PATCH 0206/1043] added more options to leyla home mount --- hosts/horizon/hardware-configuration.nix | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index c940fd7..59a900d 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; "/mnt/eve_home" = @@ -65,26 +65,26 @@ options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/legacy_leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; }; services.cachefilesd.enable = true; From ab27e5c3a3593dbca590ad5ad4811626fb7c0b2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:25:10 -0500 Subject: [PATCH 0207/1043] added note to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c257613..b8bed40 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- offline access for nfs mounts (overlay with rsync might be a good option here?) +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From f8300aa0333f07db30a5b4dd99458cbbb4b60f0d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:25:10 -0500 Subject: [PATCH 0208/1043] added note to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c257613..b8bed40 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- offline access for nfs mounts (overlay with rsync might be a good option here?) +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From 7090db82d38a94be6e2d262e139afef493247d1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:44:04 -0500 Subject: [PATCH 0209/1043] removed un needed note --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b8bed40..662941c 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ updating passwords: `sops secrets/secrets.yaml` > something about ssh keys for remotes # Notes: -- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From a4b356c1f0f1acaf4a0a7c31797abe0d1ca1fdc8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:46:13 -0500 Subject: [PATCH 0210/1043] updated readme.md --- README.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 662941c..06850ce 100644 --- a/README.md +++ b/README.md @@ -9,24 +9,16 @@ | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | - -### Rebuild current machine to match target host: -`sudo nixos-rebuild switch --flake .#hostname` - -### Rebuild current machine maintaining current target +### Rebuilding machines `./rebuild.sh` # New machine setup -keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` and will be copied over to new machines installed with ./`install.sh` updating passwords: `sops secrets/secrets.yaml` `./install.sh --target 192.168.1.130 --flake hostname` -> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU - -> something about ssh keys for remotes - # Notes: - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh From 34d9ec4f9d41c137f619ccddb85ff3228507baad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 20:21:39 -0500 Subject: [PATCH 0211/1043] updated flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f277b2..a424800 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1726842196, + "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1725948275, - "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", + "lastModified": 1726863345, + "narHash": "sha256-fjbKe1/UJpLT6tQLAKJ/djJFdnmAh2kkdsgmylyFrQA=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", + "rev": "dfe4d334b172071e7189d971ddecd3a7f811b48d", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1726623336, - "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "lastModified": 1726796602, + "narHash": "sha256-rYMcODISSljSETcqUUTMo++ZEa1CC6Xx6d3xuydishM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "rev": "91dea80194080f017c6edf84fd94e33f6c12aec3", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1726724509, + "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726755586, + "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", "type": "github" }, "original": { From 834165443a0d0cec246999d1b354f1478e91b6ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 20:22:30 -0500 Subject: [PATCH 0212/1043] added jellyfin to server config --- enviroments/server/default.nix | 49 ++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index d3e9d63..3bdc8c4 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,10 +1,32 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ ../common ]; + users.groups.jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + users.groups.jellyfin = { + members = ["jellyfin" "leyla"]; + }; + + users.users.jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + ]; + services = let + jellyfinDomain = "jellyfin.jan-leila.com"; headscaleDomain = "headscale.jan-leila.com"; in { nfs.server = { @@ -28,6 +50,15 @@ }; }; + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + openFirewall = false; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -40,6 +71,15 @@ proxyWebsockets = true; }; }; + ${jellyfinDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:8096"; + proxyWebsockets = true; + }; + }; }; }; }; @@ -59,5 +99,10 @@ networking.firewall.allowedTCPPorts = [ 2049 ]; - environment.systemPackages = [ config.services.headscale.package ]; + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; } \ No newline at end of file From 2213d099d0f4239a2c648ba10188427132114872 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 21:28:53 -0500 Subject: [PATCH 0213/1043] moved hardware configuration software options to hardware.nix --- README.md | 2 +- hosts/defiant/hardware-configuration.nix | 12 ++-- hosts/hardware-common.nix | 16 +++++ hosts/horizon/hardware-configuration.nix | 17 +++-- hosts/twilight/configuration.nix | 3 - hosts/twilight/hardware-configuration.nix | 88 ++++++++++++----------- users/leyla/default.nix | 3 - users/leyla/packages.nix | 6 +- 8 files changed, 85 insertions(+), 62 deletions(-) create mode 100644 hosts/hardware-common.nix diff --git a/README.md b/README.md index 06850ce..96a36ab 100644 --- a/README.md +++ b/README.md @@ -32,11 +32,11 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) +- server service system users should also be on local systems for file permission reasons ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 3ba63d0..60e940b 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -41,5 +42,8 @@ }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware = { + # TODO: hardware graphics + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } \ No newline at end of file diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix new file mode 100644 index 0000000..dea9450 --- /dev/null +++ b/hosts/hardware-common.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + options = { + hardware = { + piperMouse = { + enable = lib.mkEnableOption "host has a piper mouse"; + }; + viaKeyboard = { + enable = lib.mkEnableOption "host has a via keyboard"; + }; + openRGB = { + enable = lib.mkEnableOption "host has open rgb hardware"; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 59a900d..82e1bf7 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -23,9 +24,6 @@ }; }; - - hardware.graphics.enable = true; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; @@ -100,5 +98,10 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + + hardware = { + graphics.enable = true; + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 1352c8b..727f028 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,9 +14,6 @@ users = { leyla = { isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; hasGPU = true; }; ester.isFullUser = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ab24b97..0f77e81 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -31,43 +32,6 @@ displayManager.gdm.wayland = false; }; - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - }; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; @@ -114,6 +78,48 @@ }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware = { + piperMouse.enable = true; + viaKeyboard.enable = true; + openRGB.enable = true; + + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7a8dc54..42fd3ab 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -10,9 +10,6 @@ in options.users.leyla = { isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; - hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; - hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; - hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 223f568..756593a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -118,9 +118,9 @@ in noisetorch # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) + (lib.mkIf config.hardware.piperMouse.enable piper) + (lib.mkIf config.hardware.openRGB.enable openrgb) + (lib.mkIf config.hardware.viaKeyboard.enable via) ] ) ) From 5da0753b7c5ec4fac8de6744aeadf665e3840ed7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:04:01 -0500 Subject: [PATCH 0214/1043] reformated file --- pkgs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 9a81f3b..fbc54ee 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,4 @@ -pkgs: { +_: +{ } \ No newline at end of file From dcd5accea05a7228979d2d75f7366ce6f041bd32 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:26:18 -0500 Subject: [PATCH 0215/1043] ran linter --- enviroments/client/default.nix | 9 +-- enviroments/common/default.nix | 17 +++-- enviroments/server/default.nix | 76 ++++++++++++++------ flake.nix | 84 +++++++++++----------- hosts/defiant/configuration.nix | 27 +++---- hosts/defiant/disko-config.nix | 16 ++--- hosts/defiant/hardware-configuration.nix | 26 ++++--- hosts/hardware-common.nix | 5 +- hosts/horizon/configuration.nix | 23 +++--- hosts/horizon/hardware-configuration.nix | 85 +++++++++++------------ hosts/twilight/configuration.nix | 23 +++--- hosts/twilight/hardware-configuration.nix | 84 +++++++++++----------- overlays/intellij.nix | 5 +- overlays/vscodium.nix | 5 +- pkgs/default.nix | 6 +- templates/default.nix | 3 +- users/default.nix | 9 ++- users/ester/default.nix | 21 +++--- users/eve/default.nix | 21 +++--- users/leyla/default.nix | 23 +++--- users/leyla/home.nix | 34 ++++----- users/leyla/packages.nix | 74 +++++++++++--------- util/default.nix | 5 +- 23 files changed, 372 insertions(+), 309 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 555305f..86ff67b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,11 +1,9 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { imports = [ ../common ]; services = { - # Enable CUPS to print documents. printing.enable = true; @@ -21,7 +19,7 @@ }; # Get rid of xTerm - excludePackages = [ pkgs.xterm ]; + excludePackages = [pkgs.xterm]; # Configure keymap in X11 xkb = { @@ -44,7 +42,6 @@ }; }; - # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; @@ -57,4 +54,4 @@ gnomeExtensions.dash-to-dock ]; -} \ No newline at end of file +} diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 99f3e5a..96ad012 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,11 +1,10 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { imports = [ - ../../users + ../../users ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.trusted-users = [ "leyla" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.trusted-users = ["leyla"]; # Enable networking networking.networkmanager.enable = true; @@ -32,10 +31,10 @@ services = { openssh = { enable = true; - ports = [ 22 ]; + ports = [22]; settings = { PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + AllowUsers = ["leyla"]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; }; @@ -47,7 +46,7 @@ defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; - age ={ + age = { keyFile = "/var/lib/sops-nix/key.txt"; sshKeyPaths = []; # generateKey = true; @@ -68,4 +67,4 @@ iputils dnsutils ]; -} \ No newline at end of file +} diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3bdc8c4..8b32992 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,21 +1,40 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { imports = [ ../common ]; - users.groups.jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; - }; + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - users.groups.jellyfin = { - members = ["jellyfin" "leyla"]; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - users.users.jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; + }; + + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; + # }; + }; }; systemd.tmpfiles.rules = [ @@ -23,11 +42,14 @@ "d /home/jellyfin/media 775 jellyfin jellyfin_media -" "d /home/jellyfin/config 750 jellyfin jellyfin -" "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" ]; services = let jellyfinDomain = "jellyfin.jan-leila.com"; headscaleDomain = "headscale.jan-leila.com"; + # forgejoDomain = "forgejo.jan-leila.com"; in { nfs.server = { enable = true; @@ -59,6 +81,20 @@ openFirewall = false; }; + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -66,20 +102,20 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; + proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; ${jellyfinDomain} = { forceSSL = true; enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:8096"; - proxyWebsockets = true; - }; + locations."/".proxyPass = "http://localhost:8096"; }; + # ${forgejoDomain} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; }; }; }; @@ -97,7 +133,7 @@ hybrid-sleep.enable = false; }; - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [2049]; environment.systemPackages = [ config.services.headscale.package @@ -105,4 +141,4 @@ pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; -} \ No newline at end of file +} diff --git a/flake.nix b/flake.nix index 033e2c2..70992b0 100644 --- a/flake.nix +++ b/flake.nix @@ -23,53 +23,57 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: - let - forEachSystem = nixpkgs.lib.genAttrs [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - in - { - packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + outputs = { + self, + nixpkgs, + disko, + nixos-hardware, + ... + } @ inputs: let + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); + in { + packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = { - # Leyla Laptop - horizon = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/horizon/configuration.nix - inputs.home-manager.nixosModules.default - nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - }; - # Leyla Desktop - twilight = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/twilight/configuration.nix - inputs.home-manager.nixosModules.default - ]; - }; - # NAS Service - defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - disko.nixosModules.disko - ./hosts/defiant/disko-config.nix - ./hosts/defiant/configuration.nix - ]; - }; + nixosConfigurations = { + # Leyla Laptop + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel + ]; + }; + # Leyla Desktop + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix + ./hosts/defiant/configuration.nix + ]; }; }; + }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index d2b1348..42cf19f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,15 +1,18 @@ # server nas -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/server - ]; + ./hardware-configuration.nix + + ../../enviroments/server + ]; users.leyla.isThinUser = true; @@ -27,7 +30,7 @@ autoScrub.enable = true; autoSnapshot.enable = true; }; - + # temp enable desktop enviroment for setup # Enable the X11 windowing system. xserver = { @@ -43,7 +46,7 @@ }; # Get rid of xTerm - excludePackages = [ pkgs.xterm ]; + excludePackages = [pkgs.xterm]; }; }; @@ -54,4 +57,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? -} \ No newline at end of file +} diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 653f29f..a913aeb 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -1,11 +1,10 @@ -{ lib, ... }: -let +{lib, ...}: let bootDisk = devicePath: { type = "disk"; device = devicePath; content = { type = "gpt"; - + partitions = { boot = { size = "1M"; @@ -86,11 +85,13 @@ in { # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? mode = "mirror"; members = [ - "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + "hd_13_tb_a" + "hd_13_tb_b" + "hd_13_tb_c" ]; } ]; - cache = [ ]; + cache = []; # cache = [ "ssd_2_tb_a" ]; }; }; @@ -98,7 +99,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -111,7 +112,7 @@ in { mountpoint = "/"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - + datasets = { "nix" = { type = "zfs_fs"; @@ -133,4 +134,3 @@ in { }; }; } - diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 60e940b..219b6a5 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,15 +15,15 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - - supportedFilesystems = [ "zfs" ]; + kernelModules = ["kvm-amd"]; + extraModulePackages = []; - zfs.extraPools = [ "zroot" ]; + supportedFilesystems = ["zfs"]; + + zfs.extraPools = ["zroot"]; }; # fileSystems."/" = @@ -27,7 +31,7 @@ # fsType = "ext4"; # }; - swapDevices = [ ]; + swapDevices = []; networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -46,4 +50,4 @@ # TODO: hardware graphics cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; -} \ No newline at end of file +} diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix index dea9450..920d609 100644 --- a/hosts/hardware-common.nix +++ b/hosts/hardware-common.nix @@ -1,5 +1,4 @@ -{ lib, ... }: -{ +{lib, ...}: { options = { hardware = { piperMouse = { @@ -13,4 +12,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index f1c3bee..1bd5bfc 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,15 +1,18 @@ # leyla laptop -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/client - ]; + ./hardware-configuration.nix + + ../../enviroments/client + ]; users = { leyla.isFullUser = true; @@ -25,7 +28,7 @@ setSocketVariable = true; }; }; - users.extraGroups.docker.members = [ "leyla" ]; + users.extraGroups.docker.members = ["leyla"]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 82e1bf7..1e203f3 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,12 +15,12 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-intel" "sg" ]; - extraModulePackages = [ ]; - + kernelModules = ["kvm-intel" "sg"]; + extraModulePackages = []; + # Bootloader. loader = { systemd-boot.enable = true; @@ -25,43 +29,39 @@ }; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + "/" = { + device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - "/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = { + device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; - "/mnt/leyla_home" = - { - device = "defiant:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/leyla_home" = { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/eve_home" = - { - device = "defiant:/home/eve"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/eve_home" = { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/ester_home" = - { - device = "defiant:/home/ester"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/ester_home" = { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/users_home" = - { - device = "defiant:/home/users"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/users_home" = { + device = "defiant:/home/users"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; # "/mnt/legacy_leyla_home" = # { @@ -87,9 +87,9 @@ services.cachefilesd.enable = true; - swapDevices = - [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} + ]; networking = { useDHCP = lib.mkDefault true; @@ -99,7 +99,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware = { graphics.enable = true; cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 727f028..991ecbc 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,15 +1,18 @@ # leyla laptop -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/client - ]; + ./hardware-configuration.nix + + ../../enviroments/client + ]; users = { leyla = { @@ -19,7 +22,7 @@ ester.isFullUser = true; eve.isFullUser = true; }; - + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 0f77e81..b2f11ee 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,11 +15,11 @@ boot = { initrd = { - availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" "sg" ]; - extraModulePackages = [ ]; + kernelModules = ["kvm-amd" "sg"]; + extraModulePackages = []; # Bootloader. loader = { @@ -33,40 +37,37 @@ }; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + "/" = { + device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; - "/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - "/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/boot" = { + device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - "/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/leyla_home" = { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + "/mnt/share_home" = { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; + + "/mnt/docker_home" = { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + }; }; - swapDevices = [ ]; + swapDevices = []; networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -86,7 +87,7 @@ # Enable OpenGL graphics.enable = true; - + # install graphics drivers nvidia = { # Modesetting is required. @@ -94,7 +95,7 @@ # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -104,15 +105,15 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ # Currently alpha-quality/buggy, so false is currently the recommended setting. open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. @@ -122,4 +123,3 @@ cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } - diff --git a/overlays/intellij.nix b/overlays/intellij.nix index d83bd15..c907588 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,5 +1,4 @@ -_: -{ +_: { # nixpkgs.overlays = [ # (self: super: { # # idea is too out of date for android gradle things @@ -16,4 +15,4 @@ _: # }; # }) # ]; -} \ No newline at end of file +} diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 618af19..7c5f863 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,5 +1,4 @@ -_: -{ +_: { # nixpkgs.overlays = [ # (self: super: { # # ui is broken on 1.84 @@ -12,4 +11,4 @@ _: # }); # }) # ]; -} \ No newline at end of file +} diff --git a/pkgs/default.nix b/pkgs/default.nix index fbc54ee..87a13d7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,2 @@ -_: -{ - -} \ No newline at end of file +_: { +} diff --git a/templates/default.nix b/templates/default.nix index f9d63b0..eed7124 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -1,2 +1 @@ -_: -{} \ No newline at end of file +_: {} diff --git a/users/default.nix b/users/default.nix index 57effe3..4c0b5d7 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,7 @@ -{ inputs, ... }: -{ - imports = [ ./leyla ./ester ./eve ]; +{inputs, ...}: { + imports = [./leyla ./ester ./eve]; users.mutableUsers = false; - home-manager.extraSpecialArgs = { inherit inputs; }; -} \ No newline at end of file + home-manager.extraSpecialArgs = {inherit inputs;}; +} diff --git a/users/ester/default.nix b/users/ester/default.nix index 156716f..a16b69b 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,8 +1,11 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.ester; -in { + lib, + config, + pkgs, + ... +}: let + cfg = config.users.ester; +in { options.users.ester = { isFullUser = lib.mkEnableOption "ester"; }; @@ -25,9 +28,10 @@ in } ( - if cfg.isFullUser then { + if cfg.isFullUser + then { isNormalUser = true; - extraGroups = [ "networkmanager" "users" ]; + extraGroups = ["networkmanager" "users"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; @@ -36,10 +40,11 @@ in bitwarden discord ]; - } else { + } + else { isSystemUser = true; } ) ]; }; -} \ No newline at end of file +} diff --git a/users/eve/default.nix b/users/eve/default.nix index 4ed06a8..8ad6b61 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,8 +1,11 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.eve; -in { + lib, + config, + pkgs, + ... +}: let + cfg = config.users.eve; +in { options.users.eve = { isFullUser = lib.mkEnableOption "eve"; }; @@ -25,9 +28,10 @@ in } ( - if cfg.isFullUser then { + if cfg.isFullUser + then { isNormalUser = true; - extraGroups = [ "networkmanager" "users" ]; + extraGroups = ["networkmanager" "users"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; @@ -38,10 +42,11 @@ in makemkv signal-desktop ]; - } else { + } + else { isSystemUser = true; } ) ]; }; -} \ No newline at end of file +} diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 42fd3ab..9454c2d 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,9 +1,12 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.leyla; -in { - imports =[ + lib, + config, + pkgs, + ... +}: let + cfg = config.users.leyla; +in { + imports = [ ./packages.nix ]; @@ -31,12 +34,13 @@ in } ( - if (cfg.isFullUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) + then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "users"] ( - lib.mkIf (!cfg.isThinUser) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) ["adbusers"] ) ]; @@ -48,7 +52,8 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; - } else { + } + else { isSystemUser = true; } ) @@ -66,4 +71,4 @@ in home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; -} \ No newline at end of file +} diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 40a6926..fdca257 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { # Home Manager needs a bit of information about you and the paths it should # manage. home = { @@ -73,11 +75,11 @@ }; programs = { - # Let Home Manager install and manage itself. + # Let Home Manager install and manage itself. home-manager.enable = true; git = { enable = true; - userName = "Leyla Becker"; + userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; @@ -89,18 +91,18 @@ "org/gnome/desktop/interface".color-scheme = "prefer-dark"; "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 756593a..e206d22 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,8 +1,12 @@ -{ lib, config, pkgs, inputs, ... }: -let - cfg = config.users.leyla; -in { + lib, + config, + pkgs, + inputs, + ... +}: let + cfg = config.users.leyla; +in { imports = [ ../../overlays/intellij.nix ../../overlays/vscodium.nix @@ -70,41 +74,43 @@ in obsidian steam (lib.mkIf cfg.hasGPU davinci-resolve) - + # development tools (vscode-with-extensions.override { vscode = vscodium; - vscodeExtensions = with open-vsx; [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + vscodeExtensions = with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # misc extensions - bungcip.better-toml - ] ++ (with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + ] + ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }) androidStudioPackages.canary jetbrains.idea-community @@ -126,4 +132,4 @@ in ) ] ); -} \ No newline at end of file +} diff --git a/util/default.nix b/util/default.nix index a4fab1e..acd1997 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,7 @@ -_: -{ +_: { # mkUnless = condition: then: (mkIf (!condition) then); # mkIfElse = condition: then: else: lib.mkMerge [ # (mkIf condition then) # (mkUnless condition else) # ]; -} \ No newline at end of file +} From c236668389ff2a0eb8af24209846990f812ddf1c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:27:52 -0500 Subject: [PATCH 0216/1043] added linting command to readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 96a36ab..b0458e1 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,11 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -# Updating +# Tooling +## Lint +`nix run git+https://github.com/kamadorueda/alejandra -- .` + +## Updating `nix flake update` # Tasks: From 52ae2ef47dd78ddb8ee1c559d2208f51a992172f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:12:58 -0500 Subject: [PATCH 0217/1043] added pre and post commit hooks to run linting --- hooks/post-commit | 3 +++ hooks/pre-commit | 11 +++++++++++ lint.sh | 3 +++ 3 files changed, 17 insertions(+) create mode 100755 hooks/post-commit create mode 100755 hooks/pre-commit create mode 100755 lint.sh diff --git a/hooks/post-commit b/hooks/post-commit new file mode 100755 index 0000000..7803850 --- /dev/null +++ b/hooks/post-commit @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +git stash pop -q diff --git a/hooks/pre-commit b/hooks/pre-commit new file mode 100755 index 0000000..5721472 --- /dev/null +++ b/hooks/pre-commit @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +git stash -q --keep-index + +./lint.sh + +RESULT=$? + +git add -u + +exit $RESULT \ No newline at end of file diff --git a/lint.sh b/lint.sh new file mode 100755 index 0000000..3fc29e9 --- /dev/null +++ b/lint.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +nix run git+https://github.com/kamadorueda/alejandra -- -q . From 7e4817db1c4189422afe873b576989e3d484f691 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:15:09 -0500 Subject: [PATCH 0218/1043] updated readme.md --- README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b0458e1..4bed40f 100644 --- a/README.md +++ b/README.md @@ -9,28 +9,29 @@ | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | -### Rebuilding machines +# Tooling +## Lint +`./lint.sh` + +## Rebuilding `./rebuild.sh` -# New machine setup -keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` and will be copied over to new machines installed with ./`install.sh` - -updating passwords: `sops secrets/secrets.yaml` +## Updating +`nix flake update` +## New host setup `./install.sh --target 192.168.1.130 --flake hostname` # Notes: + +## Research topics - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -# Tooling -## Lint -`nix run git+https://github.com/kamadorueda/alejandra -- .` - -## Updating -`nix flake update` +## Configuration +updating passwords: `sops secrets/secrets.yaml` # Tasks: From 6e527026b6ff45ffd5e2c17bbabdea1e0f733a60 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:17:54 -0500 Subject: [PATCH 0219/1043] added config note to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4bed40f..a33eb2c 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ ## Configuration updating passwords: `sops secrets/secrets.yaml` +set up git pre-commit and post commit hooks: `git config core.hooksPath hooks` # Tasks: From a21606e51edfbf28904aa400497143e07ebc4f79 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:20:17 -0500 Subject: [PATCH 0220/1043] updated git config note in README.md --- .gitconfig | 2 ++ README.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 .gitconfig diff --git a/.gitconfig b/.gitconfig new file mode 100644 index 0000000..1c8d4a7 --- /dev/null +++ b/.gitconfig @@ -0,0 +1,2 @@ +[core] + hooksPath = .githooks diff --git a/README.md b/README.md index a33eb2c..07276ed 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ ## Configuration updating passwords: `sops secrets/secrets.yaml` -set up git pre-commit and post commit hooks: `git config core.hooksPath hooks` +set up git configuration for local development: `git config --local include.path .gitconfig` # Tasks: From 630eb55f09d5c139be4c36bb8f6816a597e3dc6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:24:03 -0500 Subject: [PATCH 0221/1043] removed resolved task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 07276ed..d6830d5 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) From a0e047db97bb456c5b983b1e2e94644ae2a92860 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:24:54 -0500 Subject: [PATCH 0222/1043] updated hooks folder location --- .gitconfig | 2 +- {hooks => .hooks}/post-commit | 0 {hooks => .hooks}/pre-commit | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename {hooks => .hooks}/post-commit (100%) rename {hooks => .hooks}/pre-commit (100%) diff --git a/.gitconfig b/.gitconfig index 1c8d4a7..78d2a4a 100644 --- a/.gitconfig +++ b/.gitconfig @@ -1,2 +1,2 @@ [core] - hooksPath = .githooks + hooksPath = .hooks diff --git a/hooks/post-commit b/.hooks/post-commit similarity index 100% rename from hooks/post-commit rename to .hooks/post-commit diff --git a/hooks/pre-commit b/.hooks/pre-commit similarity index 100% rename from hooks/pre-commit rename to .hooks/pre-commit From e3990cb6d2991a68c767dc2f2ff6bfa25c1269fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:52:44 -0500 Subject: [PATCH 0223/1043] made services in defiant configurable --- README.md | 2 - enviroments/server/default.nix | 271 ++++++++++++++++++-------------- hosts/defiant/configuration.nix | 4 + 3 files changed, 157 insertions(+), 120 deletions(-) diff --git a/README.md b/README.md index d6830d5..bb41e97 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- move services from defiant into own flake -- made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons ## New Features diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 8b32992..f7f7e25 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,4 +1,5 @@ { + lib, config, pkgs, ... @@ -7,138 +8,172 @@ ../common ]; - users = { - groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; + options = { + domains = { + base_domain = lib.mkOption { type = lib.types.str; }; + headscale = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; }; - jellyfin = { - members = ["jellyfin" "leyla"]; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that jellyfin will be hosted at"; + default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that foregjo will be hosted at"; + default = "forgejo"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that forgejo will be hosted at"; + default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" - ]; + config = { + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - services = let - jellyfinDomain = "jellyfin.jan-leila.com"; - headscaleDomain = "headscale.jan-leila.com"; - # forgejoDomain = "forgejo.jan-leila.com"; - in { - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; }; - }; - jellyfin = { - enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache - openFirewall = false; - }; - - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; }; - ${jellyfinDomain} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; - }; - # ${forgejoDomain} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; # }; }; }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" + ]; + + services = { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + dns_config.base_domain = config.domains.base_domain; + logtail.enabled = false; + }; + }; + + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + }; + + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${config.domains.headscale.hostname} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + ${config.domains.jellyfin.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:8096"; + }; + # ${config.domains.forgejo.hostname} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [2049]; + + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - networking.firewall.allowedTCPPorts = [2049]; - - environment.systemPackages = [ - config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 42cf19f..1fd09eb 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,6 +25,10 @@ nixpkgs.config.allowUnfree = true; + domains = { + base_domain = "jan-leila.com"; + }; + services = { zfs = { autoScrub.enable = true; From 9c05ba0593392291512d67b3ef0e333f22467934 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 15:09:03 -0500 Subject: [PATCH 0224/1043] fixed headscale server url --- enviroments/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f7f7e25..0988c4d 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -101,7 +101,7 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + server_url = "http://${config.domains.headscale.subdomain}.${config.domains.base_domain}"; dns_config.base_domain = config.domains.base_domain; logtail.enabled = false; }; From 949726e8510e4caa0e6660c01a53e6d02ba95705 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 15:09:17 -0500 Subject: [PATCH 0225/1043] created postgresql service --- enviroments/server/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 0988c4d..503c37a 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -96,6 +96,22 @@ ''; }; + postgresql = { + enable = true; + ensureDatabases = [ "forgejo" ]; + identMap = '' + # ArbitraryMapName systemUser DBUser + superuser_map root postgres + superuser_map postgres postgres + superuser_map forgejo forgejo + ''; + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser auth-method optional_ident_map + local sameuser all peer map=superuser_map + ''; + }; + headscale = { enable = true; address = "0.0.0.0"; From ef9e1d7e6ac5bfe9463e3c5b5bc1fe936383219a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 16:44:22 -0500 Subject: [PATCH 0226/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bb41e97..1ef5e50 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ set up git configuration for local development: `git config --local include.path - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons +- join config for systemd.tmpfiles.rules and service directory bindings ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) From 7b4639b78c677659745f6649de7da8f8c69761f4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 16:57:08 -0500 Subject: [PATCH 0227/1043] finished forgejo configuration --- enviroments/server/default.nix | 69 ++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 503c37a..20acb89 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,17 +48,20 @@ config = { users = { groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - jellyfin = { + gid = 2000; members = ["jellyfin" "leyla"]; }; - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; + jellyfin_media = { + gid = 2001; + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + forgejo = { + uid = 2002; + members = ["forgejo" "leyla"]; + }; }; users = { @@ -68,11 +71,11 @@ isSystemUser = true; }; - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; + forgejo = { + uid = 2002; + group = "forgejo"; + isSystemUser = true; + }; }; }; @@ -81,8 +84,8 @@ "d /home/jellyfin/media 775 jellyfin jellyfin_media -" "d /home/jellyfin/config 750 jellyfin jellyfin -" "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" + "d /home/forgejo 750 forgejo forgejo -" + "d /home/forgejo/data 750 forgejo forgejo -" ]; services = { @@ -131,19 +134,19 @@ cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache }; - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; + forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.domains.forgejo.hostname; + HTTP_PORT = 8081; + }; + service.DISABLE_REGISTRATION = true; + }; + stateDir = "/home/forgejo/data"; + }; nginx = { enable = false; # TODO: enable this when you want to test all the configs @@ -161,11 +164,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:8096"; }; - # ${config.domains.forgejo.hostname} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - # }; + ${config.domains.forgejo.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + }; }; }; }; @@ -183,7 +186,7 @@ hybrid-sleep.enable = false; }; - networking.firewall.allowedTCPPorts = [2049]; + networking.firewall.allowedTCPPorts = [2049 8081]; environment.systemPackages = [ config.services.headscale.package From 8a38515694b493a038f80b62ecfeca7a02ef1b39 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:19:20 -0500 Subject: [PATCH 0228/1043] set subdomains for defiant --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1fd09eb..05c590e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -27,6 +27,9 @@ domains = { base_domain = "jan-leila.com"; + headscale.subdomain = "vpn"; + jellyfin.subdomain = "media"; + forgejo.subdomain = "git"; }; services = { From a566e56a94abc6e30a6ba99a3d16c34a0792358d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:21:29 -0500 Subject: [PATCH 0229/1043] ran linter --- enviroments/server/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 20acb89..5570207 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -10,7 +10,9 @@ options = { domains = { - base_domain = lib.mkOption { type = lib.types.str; }; + base_domain = lib.mkOption { + type = lib.types.str; + }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -101,7 +103,7 @@ postgresql = { enable = true; - ensureDatabases = [ "forgejo" ]; + ensureDatabases = ["forgejo"]; identMap = '' # ArbitraryMapName systemUser DBUser superuser_map root postgres From 521d3193999e75fe7a25f393e5f8f28fb35216c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:52:10 -0500 Subject: [PATCH 0230/1043] added research note to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1ef5e50..8222653 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ +- Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html ## Configuration updating passwords: `sops secrets/secrets.yaml` From 7c7468cf20f2c6a08d4fc8b5af6f7be46361cb7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 18:50:04 -0500 Subject: [PATCH 0231/1043] drafted out pihole config --- enviroments/server/default.nix | 90 +++++++++++++++++++++++++++------- 1 file changed, 73 insertions(+), 17 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 5570207..defb37b 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -61,9 +61,14 @@ }; forgejo = { - uid = 2002; + gid = 2002; members = ["forgejo" "leyla"]; }; + + # pihole = { + # gid = 2003; + # members = ["pihole" "leyla"]; + # }; }; users = { @@ -78,17 +83,76 @@ group = "forgejo"; isSystemUser = true; }; + + # pihole = { + # uid = 2003; + # group = "forgejo"; + # isSystemUser = true; + # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" - ]; + # virtualisation.oci-containers.containers.pihole = { + # image = "pihole/pihole:latest"; + # environment = { + # TZ = "America/Chicago"; # TODO: set this to the systems timezone + # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) + # }; + # volumes = [ + # "/home/docker/pihole:/etc/pihole:rw" # TODO; set this based on configs + # ]; + # ports = [ + # "53:53/tcp" + # "53:53/udp" + # "3000:80/tcp" # TODO: bind container ip address? + # ]; + # log-driver = "journald"; + # extraOptions = [ + # "--ip=172.18.1.5" # TODO: set this to some ip address from configs + # "--network-alias=pihole" # TODO: set this from configs + # "--network=nas_default" + # ]; + # }; + + systemd = { + tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + "d /home/forgejo 750 forgejo forgejo -" + "d /home/forgejo/data 750 forgejo forgejo -" + # "d /home/forgejo 750 pihole pihole -" + ]; + + # services = { + # pihole = { + # serviceConfig = { + # Restart = lib.mkOverride 500 "always"; + # }; + # after = [ + # "podman-network-nas_default.service" + # ]; + # requires = [ + # "podman-network-nas_default.service" + # ]; + # partOf = [ + # "podman-compose-nas-root.target" + # ]; + # wantedBy = [ + # "podman-compose-nas-root.target" + # ]; + # }; + # }; + + # disable computer sleeping + targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + }; services = { nfs.server = { @@ -180,14 +244,6 @@ defaults.email = "jan-leila@protonmail.com"; }; - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - networking.firewall.allowedTCPPorts = [2049 8081]; environment.systemPackages = [ From d7627a21c217e49c40e34cf1ea35b90894818c2f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 21:43:19 -0500 Subject: [PATCH 0232/1043] added bond network to defiant --- hosts/defiant/hardware-configuration.nix | 52 ++++++++++++++++++++---- 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 219b6a5..3d9a46c 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -34,15 +34,53 @@ swapDevices = []; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. + useNetworkd = true; + }; + + systemd.network = { + enable = true; + + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + }; + + networks = { + "30-enp4s0" = { + matchConfig.Name = "enp4s0"; + networkConfig.Bond = "bond0"; + DHCP = "ipv4"; + }; + "30-enp5s0" = { + matchConfig.Name = "enp5s0"; + networkConfig.Bond = "bond0"; + DHCP = "ipv4"; + }; + + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "carrier"; + }; + networkConfig.LinkLocalAddressing = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.1.10/24" + # TODO: ipv6 address configuration + ]; + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From edbf13b19ec4c31d7afa6ca17c40259b65072347 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 21:57:38 -0500 Subject: [PATCH 0233/1043] removed outdated unneeded comment --- hosts/defiant/hardware-configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 3d9a46c..709430e 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -26,11 +26,6 @@ zfs.extraPools = ["zroot"]; }; - # fileSystems."/" = - # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - # fsType = "ext4"; - # }; - swapDevices = []; networking = { From 10941b1e454ded43ac6cb3ec58977d85918d8b84 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 22:07:09 -0500 Subject: [PATCH 0234/1043] updated tasks in README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8222653..6387080 100644 --- a/README.md +++ b/README.md @@ -46,8 +46,11 @@ set up git configuration for local development: `git config --local include.path - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- Docker parity with existing NAS on defiant -- NFS on defiant +- home assistant virtual machine +- pi hole docker +- searxng docker +- nextcloud ??? +- samba mounts - firefox declarative??? - figure out steam vr things? - Open GL? From b9226b4b15d09b5f3e3b10aacac4eb48913977f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:21:35 -0500 Subject: [PATCH 0235/1043] ran linter --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 709430e..4b58353 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -33,7 +33,7 @@ hostName = "defiant"; # Define your hostname. useNetworkd = true; }; - + systemd.network = { enable = true; From 454f002883d00f63be8af9811f55e16fc4b2265d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:21:52 -0500 Subject: [PATCH 0236/1043] added to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6387080..9ab1f70 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ set up git configuration for local development: `git config --local include.path ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- fix pre commit hook - Flake templates - home assistant virtual machine - pi hole docker From 5c94b8f21ad261360038217c0803a51d21cdc7ba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:26:27 -0500 Subject: [PATCH 0237/1043] added automatic weekly garbage collects --- enviroments/common/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 96ad012..2152820 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -3,8 +3,13 @@ ../../users ]; - nix.settings.experimental-features = ["nix-command" "flakes"]; - nix.settings.trusted-users = ["leyla"]; + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["leyla"]; + }; + gc.automatic = true; + }; # Enable networking networking.networkmanager.enable = true; From e81cb84c21484aa7805f3c4b575223baf7b6cf98 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:28:24 -0500 Subject: [PATCH 0238/1043] updated task list --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9ab1f70..dad07c2 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ set up git configuration for local development: `git config --local include.path - Open GL? - util functions - openssh known hosts -- limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing - headscale server From 94ac2d581d41f8140219dc06a6c2523418f462bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:48:15 -0500 Subject: [PATCH 0239/1043] added note to task on README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dad07c2..2fa1c05 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ set up git configuration for local development: `git config --local include.path - server service system users should also be on local systems for file permission reasons - join config for systemd.tmpfiles.rules and service directory bindings ## New Features -- GNOME default monitors per hardware configuration? +- GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates From 54ecd6d24b9a9c161663d772d6c330dcedc0de81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:46:27 -0500 Subject: [PATCH 0240/1043] moved user configuration to common --- enviroments/common/default.nix | 77 +++++++++++++++++++++++++++++++++- enviroments/server/default.nix | 44 ------------------- users/ester/default.nix | 42 +++++++------------ users/eve/default.nix | 46 ++++++++------------ users/leyla/default.nix | 52 ++++++++++------------- 5 files changed, 131 insertions(+), 130 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 2152820..643240a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,7 +31,82 @@ LC_TIME = "en_US.UTF-8"; }; - users.groups.users = {}; + users = { + users = { + leyla = { + uid = 1000; + description = "Leyla"; + group = "leyla"; + }; + + ester = { + uid = 1001; + description = "Ester"; + group = "ester"; + }; + + eve = { + uid = 1002; + description = "Eve"; + group = "eve"; + }; + + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + forgejo = { + uid = 2002; + group = "forgejo"; + isSystemUser = true; + }; + + # pihole = { + # uid = 2003; + # group = "forgejo"; + # isSystemUser = true; + # }; + }; + + groups = { + leyla = { + gid = 1000; + members = ["lelya"]; + }; + + ester = { + gid = 1001; + members = ["ester"]; + }; + + eve = { + gid = 1002; + members = ["eve"]; + }; + + jellyfin = { + gid = 2000; + members = ["jellyfin" "leyla"]; + }; + + jellyfin_media = { + gid = 2001; + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + forgejo = { + gid = 2002; + members = ["forgejo" "leyla"]; + }; + + # pihole = { + # gid = 2003; + # members = ["pihole" "leyla"]; + # }; + }; + }; services = { openssh = { diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index defb37b..3b567eb 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,50 +48,6 @@ }; config = { - users = { - groups = { - jellyfin = { - gid = 2000; - members = ["jellyfin" "leyla"]; - }; - - jellyfin_media = { - gid = 2001; - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - - forgejo = { - gid = 2002; - members = ["forgejo" "leyla"]; - }; - - # pihole = { - # gid = 2003; - # members = ["pihole" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; - }; - - forgejo = { - uid = 2002; - group = "forgejo"; - isSystemUser = true; - }; - - # pihole = { - # uid = 2003; - # group = "forgejo"; - # isSystemUser = true; - # }; - }; - }; - # virtualisation.oci-containers.containers.pihole = { # image = "pihole/pihole:latest"; # environment = { diff --git a/users/ester/default.nix b/users/ester/default.nix index a16b69b..e3ddc15 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -18,33 +18,23 @@ in { }; }; - users.groups.ester = {}; + users.users.ester = ( + if cfg.isFullUser + then { + isNormalUser = true; + extraGroups = ["networkmanager" "users"]; - users.users.ester = lib.mkMerge [ - { - uid = 1001; - description = "Ester"; - group = "ester"; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; } - - ( - if cfg.isFullUser - then { - isNormalUser = true; - extraGroups = ["networkmanager" "users"]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - } - else { - isSystemUser = true; - } - ) - ]; + else { + isSystemUser = true; + } + ); }; } diff --git a/users/eve/default.nix b/users/eve/default.nix index 8ad6b61..32693c1 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -18,35 +18,25 @@ in { }; }; - users.groups.eve = {}; + users.users.eve = ( + if cfg.isFullUser + then { + isNormalUser = true; + extraGroups = ["networkmanager" "users"]; - users.users.eve = lib.mkMerge [ - { - uid = 1002; - description = "Eve"; - group = "eve"; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; } - - ( - if cfg.isFullUser - then { - isNormalUser = true; - extraGroups = ["networkmanager" "users"]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - } - else { - isSystemUser = true; - } - ) - ]; + else { + isSystemUser = true; + } + ); }; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 9454c2d..1934bd2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -24,40 +24,30 @@ in { }; }; - users.groups.leyla = {}; + users.users.leyla = ( + if (cfg.isFullUser || cfg.isThinUser) + then { + isNormalUser = true; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "users"] + ( + lib.mkIf (!cfg.isThinUser) ["adbusers"] + ) + ]; - users.users.leyla = lib.mkMerge [ - { - uid = 1000; - description = "Leyla"; - group = "leyla"; - } + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - ( - if (cfg.isFullUser || cfg.isThinUser) - then { - isNormalUser = true; - extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "users"] - ( - lib.mkIf (!cfg.isThinUser) ["adbusers"] - ) + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - }; - } - else { - isSystemUser = true; - } - ) - ]; + }; + } + else { + isSystemUser = true; + } + ); # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ From 79a9d08b12af1a870a1cea64fb3c8c79b70d3d4b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:47:00 -0500 Subject: [PATCH 0241/1043] removed completed tech debt task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2fa1c05..b0f0206 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) -- server service system users should also be on local systems for file permission reasons - join config for systemd.tmpfiles.rules and service directory bindings ## New Features - GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 From 6a558120b9a0867608212835f783a0ce20a6cfc8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:47:24 -0500 Subject: [PATCH 0242/1043] added notes to task in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b0f0206..ad9853a 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ set up git configuration for local development: `git config --local include.path - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- headscale server +- headscale server (just needs to be tested) - mastodon server - tail scale clients - wake on LAN \ No newline at end of file From c993929049ced998ecc24ec02e95c766fcca0bb7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:53:50 -0500 Subject: [PATCH 0243/1043] set monitor configuration pre login --- hosts/twilight/configuration.nix | 198 +++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 991ecbc..c2951f3 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -23,6 +23,204 @@ eve.isFullUser = true; }; + systemd.tmpfiles.rules = [ + "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' + + + + 0 + 156 + 1 + + + DP-4 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 2560 + 324 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 0 + 1 + + left + no + + + + HDMI-0 + HWP + HP w2207 + CND7332S88 + + + 1600 + 1000 + 59.999 + + + + + + + 0 + 0 + 1 + yes + + + DP-1 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 4480 + 226 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 2560 + 226 + 1 + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + + + 2560 + 228 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 69 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 0 + 0 + 1 + + + DP-3 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + + None-1 + unknown + unknown + unknown + + + + + ''}" + ]; + # enabled virtualisation for docker # virtualisation.docker.enable = true; From a11dbffdb39f9e0f3f249e407665fc84ebffaac0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:54:27 -0500 Subject: [PATCH 0244/1043] disabled pressure showing dash to dock --- users/leyla/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index fdca257..118d0cc 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -108,7 +108,7 @@ "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; "show-trash" = false; - "require-pressure-to-show" = true; + "require-pressure-to-show" = false; "show-mounts" = false; }; From c11e94626ac9d629483d3a2b6148ddc325d3cc25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:57:39 -0500 Subject: [PATCH 0245/1043] added tech debt task to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ad9853a..1336f55 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ set up git configuration for local development: `git config --local include.path - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings +- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` ## New Features -- GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates From 822cdc65bb1caa95ccc1f06800ca1024ee5ab0af Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 11:28:35 -0500 Subject: [PATCH 0246/1043] added task to new features in README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1336f55..471605e 100644 --- a/README.md +++ b/README.md @@ -61,4 +61,5 @@ set up git configuration for local development: `git config --local include.path - headscale server (just needs to be tested) - mastodon server - tail scale clients -- wake on LAN \ No newline at end of file +- wake on LAN +- ISO target that contains authorized keys for nixos-anywhere \ No newline at end of file From d11a24f33763bca6fefe734fe46a0fde5ca5b54f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 11:31:59 -0500 Subject: [PATCH 0247/1043] fixed folder name for pihole --- enviroments/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3b567eb..ac834a8 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -78,7 +78,7 @@ "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" - # "d /home/forgejo 750 pihole pihole -" + # "d /home/pihole 750 pihole pihole -" ]; # services = { From 8f36a609db86174579e83cadb71b55425b3bb634 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 13:05:25 -0500 Subject: [PATCH 0248/1043] moved allow unfree into user files --- README.md | 1 - hosts/defiant/configuration.nix | 2 -- hosts/horizon/configuration.nix | 3 --- hosts/twilight/configuration.nix | 3 --- users/ester/default.nix | 2 ++ users/eve/default.nix | 2 ++ users/leyla/default.nix | 3 ++- 7 files changed, 6 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 471605e..829bd2d 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ set up git configuration for local development: `git config --local include.path # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05c590e..ec5cf1d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,8 +23,6 @@ efiInstallAsRemovable = true; }; - nixpkgs.config.allowUnfree = true; - domains = { base_domain = "jan-leila.com"; headscale.subdomain = "vpn"; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 1bd5bfc..c83fcc6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2951f3..6441e2a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -227,9 +227,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/users/ester/default.nix b/users/ester/default.nix index e3ddc15..c4a18fb 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; diff --git a/users/eve/default.nix b/users/eve/default.nix index 32693c1..b674331 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 1934bd2..cd4332e 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, ... }: let cfg = config.users.leyla; @@ -17,6 +16,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; From 1e0218d928f74c438d9d6c016802d012cec2b7e1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 13:30:23 -0500 Subject: [PATCH 0249/1043] updated rebuild script to auto delete result --- rebuild.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index b37be13..9988b7b 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash +if [ -d "result" ]; +then + preserve_result=true +else + preserve_result=false +fi + while [ $# -gt 0 ]; do case "$1" in --target*|-t*) @@ -18,12 +25,20 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; + --preserve-result) + preserve_result=true + ;; + --no-preserve-result) + preserve_result=false + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: set the target system to rebuild on" echo "--flake -f: set the flake to rebuild on the target system" echo "--mode -m: set the mode to rebuild flake as on the target system" echo "--user -u: set the user to rebuild flake as on the target system" + echo "--preserve-result: do not remove the generated result folder after building" + echo "--no-preserve-result: remove any result folder after building" exit 0 ;; *) @@ -39,9 +54,17 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -if [[ "$target" == "$(hostname)" ]] +if [[ "$target" == "$(hostname)" ]]; then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi + +if [ -d "result" ]; +then + if [[ "$preserve_result" == "false" ]]; + then + rm -r result + fi +fi \ No newline at end of file From 70d1b98ce210cf43bd2c4824ee8db8a9a28173e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:03:00 -0500 Subject: [PATCH 0250/1043] added task to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 829bd2d..bce959b 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ set up git configuration for local development: `git config --local include.path - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` +- move applications in server environment into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 1be145193eddf40670ef27ab97222233c9549f13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:16:20 -0500 Subject: [PATCH 0251/1043] moved users password secret file --- enviroments/common/default.nix | 1 - enviroments/server/default.nix | 4 ++-- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 643240a..660b94d 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -122,7 +122,6 @@ }; sops = { - defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index ac834a8..c3be1e7 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -49,9 +49,9 @@ config = { # virtualisation.oci-containers.containers.pihole = { - # image = "pihole/pihole:latest"; + # image = "pihole/pihole:2024.07.0"; # environment = { - # TZ = "America/Chicago"; # TODO: set this to the systems timezone + # TZ = time.timeZone; # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) # }; # volumes = [ diff --git a/users/ester/default.nix b/users/ester/default.nix index c4a18fb..356a746 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -16,7 +16,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; diff --git a/users/eve/default.nix b/users/eve/default.nix index b674331..3d768f9 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -16,7 +16,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index cd4332e..e227fdb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -21,7 +21,7 @@ in { sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; From 4145dd770f9302c432c5cd1df5db5c87ed0f2f36 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:56:50 -0500 Subject: [PATCH 0252/1043] moved user group configuration to environment common --- enviroments/common/default.nix | 5 +++++ users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 660b94d..192d5a9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,6 +86,11 @@ members = ["eve"]; }; + useres = { + gid = 100; + members = ["lelya" "ester" "eve"]; + }; + jellyfin = { gid = 2000; members = ["jellyfin" "leyla"]; diff --git a/users/ester/default.nix b/users/ester/default.nix index 356a746..3597d2d 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -24,7 +24,7 @@ in { if cfg.isFullUser then { isNormalUser = true; - extraGroups = ["networkmanager" "users"]; + extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index 3d768f9..16787f8 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -24,7 +24,7 @@ in { if cfg.isFullUser then { isNormalUser = true; - extraGroups = ["networkmanager" "users"]; + extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index e227fdb..20f99ab 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -30,7 +30,7 @@ in { then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "users"] + ["networkmanager" "wheel"] ( lib.mkIf (!cfg.isThinUser) ["adbusers"] ) From 9603fba06277739b585310fa8607090c659656a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 19:24:59 -0500 Subject: [PATCH 0253/1043] updated secrets files --- .sops.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index 0ac5664..e9ddb56 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,11 @@ keys: - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: secrets/user-passwords.yaml$ + key_groups: + - age: + - *leyla + - path_regex: secrets/defiant-services.yaml$ key_groups: - age: - *leyla From 3159ea9a4071bcae4e59cecbd2634a3ddacd7f3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 19:25:21 -0500 Subject: [PATCH 0254/1043] fixed group name typo --- enviroments/common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 192d5a9..5236a8b 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,7 +86,7 @@ members = ["eve"]; }; - useres = { + users = { gid = 100; members = ["lelya" "ester" "eve"]; }; From 101d8941746fb028233fa464840e1d6810c88fe8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 19:59:12 -0500 Subject: [PATCH 0255/1043] reformated bond network --- hosts/defiant/hardware-configuration.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 4b58353..8601a8a 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -64,9 +64,7 @@ "40-bond0" = { matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "carrier"; - }; + linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; address = [ From 44aae0065d474c168aabc0d0043644054e79e310 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 19:59:20 -0500 Subject: [PATCH 0256/1043] added DHCP to bond network --- hosts/defiant/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 8601a8a..766a02d 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -66,6 +66,7 @@ matchConfig.Name = "bond0"; linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; + networkConfig.DHCP = "yes"; address = [ # configure addresses including subnet mask From bd7e575868b0991a60f40a6410a207e9e18f4e75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 20:27:38 -0500 Subject: [PATCH 0257/1043] changed env var for sops files --- enviroments/common/default.nix | 29 +++++++++++++++-------------- install.sh | 4 ++-- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 5236a8b..397799f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -63,11 +63,11 @@ isSystemUser = true; }; - # pihole = { - # uid = 2003; - # group = "forgejo"; - # isSystemUser = true; - # }; + pihole = { + uid = 2003; + group = "pihole"; + isSystemUser = true; + }; }; groups = { @@ -88,7 +88,7 @@ users = { gid = 100; - members = ["lelya" "ester" "eve"]; + members = ["leyla" "ester" "eve"]; }; jellyfin = { @@ -106,10 +106,10 @@ members = ["forgejo" "leyla"]; }; - # pihole = { - # gid = 2003; - # members = ["pihole" "leyla"]; - # }; + pihole = { + gid = 2003; + members = ["pihole" "leyla"]; + }; }; }; @@ -126,6 +126,11 @@ }; }; + environment.sessionVariables = rec { + AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + AGE_KEY_FILE = "${AGE_KEY_DIRECTORY}/key.txt"; + }; + sops = { defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; @@ -136,10 +141,6 @@ # generateKey = true; }; }; - environment.sessionVariables = { - AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; - }; - # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/install.sh b/install.sh index 0718998..b0a01ef 100755 --- a/install.sh +++ b/install.sh @@ -47,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$AGE_KEY_FILE_LOCATION -cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION +mkdir -p $temp$AGE_KEY_DIRECTORY +cp -r $AGE_KEY_DIRECTORY/* $temp$AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 4515bab713b87c44f7d28ab8b6b8f0b8324370ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 21:34:04 -0500 Subject: [PATCH 0258/1043] fixed password update command --- README.md | 3 ++- enviroments/common/default.nix | 4 ++-- install.sh | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bce959b..ef81d6b 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,10 @@ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html ## Configuration -updating passwords: `sops secrets/secrets.yaml` set up git configuration for local development: `git config --local include.path .gitconfig` +to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) + # Tasks: ## Tech Debt diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 397799f..0194ec1 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -127,8 +127,8 @@ }; environment.sessionVariables = rec { - AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; - AGE_KEY_FILE = "${AGE_KEY_DIRECTORY}/key.txt"; + SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; }; sops = { diff --git a/install.sh b/install.sh index b0a01ef..882a935 100755 --- a/install.sh +++ b/install.sh @@ -47,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$AGE_KEY_DIRECTORY -cp -r $AGE_KEY_DIRECTORY/* $temp$AGE_KEY_DIRECTORY +mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY +cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 8772c463235163f386fe8d2c42c87235fa07cc80 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:11:49 -0500 Subject: [PATCH 0259/1043] added pihole config to defiant --- enviroments/server/default.nix | 130 +++++++++++++++-------- hosts/defiant/hardware-configuration.nix | 4 +- 2 files changed, 89 insertions(+), 45 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3be1e7..6c18f29 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,27 +48,43 @@ }; config = { - # virtualisation.oci-containers.containers.pihole = { - # image = "pihole/pihole:2024.07.0"; - # environment = { - # TZ = time.timeZone; - # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) - # }; - # volumes = [ - # "/home/docker/pihole:/etc/pihole:rw" # TODO; set this based on configs - # ]; - # ports = [ - # "53:53/tcp" - # "53:53/udp" - # "3000:80/tcp" # TODO: bind container ip address? - # ]; - # log-driver = "journald"; - # extraOptions = [ - # "--ip=172.18.1.5" # TODO: set this to some ip address from configs - # "--network-alias=pihole" # TODO: set this from configs - # "--network=nas_default" - # ]; - # }; + sops.secrets = { + "services/pi-hole" = { + sopsFile = ../../secrets/defiant-services.yaml; + }; + }; + + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + virtualisation.oci-containers.containers.pihole = { + image = "pihole/pihole:2024.07.0"; + hostname = "pihole"; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs + "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt"; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=192.168.1.201" # TODO: set this to some ip address from configs + "--network=macvlan" + ]; + }; systemd = { tmpfiles.rules = [ @@ -78,28 +94,45 @@ "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" - # "d /home/pihole 750 pihole pihole -" + "d /home/pihole 750 pihole pihole -" ]; - # services = { - # pihole = { - # serviceConfig = { - # Restart = lib.mkOverride 500 "always"; - # }; - # after = [ - # "podman-network-nas_default.service" - # ]; - # requires = [ - # "podman-network-nas_default.service" - # ]; - # partOf = [ - # "podman-compose-nas-root.target" - # ]; - # wantedBy = [ - # "podman-compose-nas-root.target" - # ]; - # }; - # }; + services = { + "podman-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-macvlan.service" + ]; + requires = [ + "podman-network-macvlan.service" + ]; + partOf = [ + "podman-compose-root.target" + ]; + wantedBy = [ + "podman-compose-root.target" + ]; + }; + + "podman-network-macvlan" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f macvlan"; + }; + # TODO: check subnet against pi-hole ip address + # TODO: make lan configurable + # TODO: make parent interface configurable + script = '' + podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan + ''; + partOf = [ "podman-compose-root.target" ]; + wantedBy = [ "podman-compose-root.target" ]; + }; + }; # disable computer sleeping targets = { @@ -107,10 +140,23 @@ suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "podman-compose-root" = { + unitConfig = { + Description = "Root target for podman targets."; + }; + wantedBy = [ "multi-user.target" ]; + }; }; }; services = { + # DNS stub needs to be disabled so pi hole can bind + # resolved.extraConfig = "DNSStubListener=no"; + nfs.server = { enable = true; exports = '' @@ -200,7 +246,7 @@ defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [2049 8081]; + networking.firewall.allowedTCPPorts = [53 2049 3000 8081]; environment.systemPackages = [ config.services.headscale.package diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 766a02d..7755d1b 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -54,19 +54,17 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; - DHCP = "ipv4"; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; - DHCP = "ipv4"; }; "40-bond0" = { matchConfig.Name = "bond0"; linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; - networkConfig.DHCP = "yes"; + DHCP = "ipv4"; address = [ # configure addresses including subnet mask From e1ebfab7a30b063cfd9b997fcdb1313e4972cb47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:28:03 -0500 Subject: [PATCH 0260/1043] disabled DHCP on host network cards --- hosts/defiant/hardware-configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 7755d1b..edfaeee 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -54,10 +54,12 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; + DHCP = "no"; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; + DHCP = "no"; }; "40-bond0" = { From 469ba5671a36bbc70d687d7afd9d727f4e9ee4dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:28:30 -0500 Subject: [PATCH 0261/1043] moved task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef81d6b..60e9169 100644 --- a/README.md +++ b/README.md @@ -43,12 +43,12 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes +- pihole config files ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates - home assistant virtual machine -- pi hole docker - searxng docker - nextcloud ??? - samba mounts From 454cac088e8262e006de3b9d80bab2810ad2dcfa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 00:12:58 -0500 Subject: [PATCH 0262/1043] added submodule --- .gitmodules | 3 +++ secrets | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 secrets diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..810e39f --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "secrets"] + path = secrets + url = git@git.jan-leila.com:jan-leila/nix-config.git diff --git a/secrets b/secrets new file mode 160000 index 0000000..46172e9 --- /dev/null +++ b/secrets @@ -0,0 +1 @@ +Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 From 67efe92536eb40aa85d25e668666507a2b76ba4b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 00:15:21 -0500 Subject: [PATCH 0263/1043] replaced ambiguous unicode character --- hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 2 +- hosts/twilight/configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index ec5cf1d..9731f87 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -57,7 +57,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c83fcc6..018fb77 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -41,7 +41,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6441e2a..5c27001 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -229,7 +229,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). From 22ef0e838dc62507c8904f9b4c1f74e99614506c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:05:26 -0500 Subject: [PATCH 0264/1043] renamed domains to apps --- enviroments/server/default.nix | 18 +++++++++--------- hosts/defiant/configuration.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 6c18f29..f478413 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -9,7 +9,7 @@ ]; options = { - domains = { + apps = { base_domain = lib.mkOption { type = lib.types.str; }; @@ -29,7 +29,7 @@ hostname = lib.mkOption { type = lib.types.str; description = "hosname that jellyfin will be hosted at"; - default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; }; forgejo = { @@ -41,7 +41,7 @@ hostname = lib.mkOption { type = lib.types.str; description = "hosname that forgejo will be hosted at"; - default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; }; @@ -188,8 +188,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.domains.headscale.subdomain}.${config.domains.base_domain}"; - dns_config.base_domain = config.domains.base_domain; + server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns_config.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -208,7 +208,7 @@ lfs.enable = true; settings = { server = { - DOMAIN = config.domains.forgejo.hostname; + DOMAIN = config.apps.forgejo.hostname; HTTP_PORT = 8081; }; service.DISABLE_REGISTRATION = true; @@ -219,7 +219,7 @@ nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { - ${config.domains.headscale.hostname} = { + ${config.apps.headscale.hostname} = { forceSSL = true; enableACME = true; locations."/" = { @@ -227,12 +227,12 @@ proxyWebsockets = true; }; }; - ${config.domains.jellyfin.hostname} = { + ${config.apps.jellyfin.hostname} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:8096"; }; - ${config.domains.forgejo.hostname} = { + ${config.apps.forgejo.hostname} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9731f87..05b169e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,7 +23,7 @@ efiInstallAsRemovable = true; }; - domains = { + apps = { base_domain = "jan-leila.com"; headscale.subdomain = "vpn"; jellyfin.subdomain = "media"; From 8adc6b97cd424a01510f287e6bd786bb24dd8d1b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:29:22 -0500 Subject: [PATCH 0265/1043] removed git tracking requirement from rebuilds --- install.sh | 2 +- rebuild.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index 882a935..d7e10df 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target diff --git a/rebuild.sh b/rebuild.sh index 9988b7b..96cfc3d 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -54,11 +54,13 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} +# path: prefixes on rebuilds here make nix not treat this flake like it has a git repo so we can +# access secret files in the submodule this is kinda bad and we should find a way to not need it if [[ "$target" == "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake fi if [ -d "result" ]; From baced6f8fd8cefba7550ea12dc4e291659b51764 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:29:35 -0500 Subject: [PATCH 0266/1043] added config options for pihole --- enviroments/server/default.nix | 92 ++++++++++++++++++++++----------- hosts/defiant/configuration.nix | 21 ++++++-- 2 files changed, 79 insertions(+), 34 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f478413..5a55a69 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -13,6 +13,33 @@ base_domain = lib.mkOption { type = lib.types.str; }; + macvlan = { + subnet = lib.mkOption { + type = lib.types.str; + description = "Subnet for macvlan address range"; + }; + gateway = lib.mkOption { + type = lib.types.str; + description = "Gateway for macvlan"; + # TODO: see if we can default this to systemd network gateway + }; + networkInterface = lib.mkOption { + type = lib.types.str; + description = "Parent network interface for macvlan"; + # TODO: see if we can default this some interface? + }; + }; + pihole = { + image = lib.mkOption { + type = lib.types.str; + description = "container image to use for pi-hole"; + }; + # TODO: check against subnet for macvlan + ip = lib.mkOption { + type = lib.types.str; + description = "ip address to use for pi-hole"; + }; + }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -54,36 +81,42 @@ }; }; - # Runtime - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; + virtualisation = { + # Runtime + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; }; - }; - virtualisation.oci-containers.backend = "podman"; - virtualisation.oci-containers.containers.pihole = { - image = "pihole/pihole:2024.07.0"; - hostname = "pihole"; - volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs - "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt" - ]; - environment = { - TZ = config.time.timeZone; - WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt"; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; + oci-containers = { + backend = "podman"; + + containers.pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.apps.pihole.image; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.apps.pihole.ip}" + "--network=macvlan" + ]; + }; }; - log-driver = "journald"; - extraOptions = [ - "--ip=192.168.1.201" # TODO: set this to some ip address from configs - "--network=macvlan" - ]; }; systemd = { @@ -123,11 +156,8 @@ RemainAfterExit = true; ExecStop = "podman network rm -f macvlan"; }; - # TODO: check subnet against pi-hole ip address - # TODO: make lan configurable - # TODO: make parent interface configurable script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan + podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan ''; partOf = [ "podman-compose-root.target" ]; wantedBy = [ "podman-compose-root.target" ]; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b169e..9288d36 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,9 +25,24 @@ apps = { base_domain = "jan-leila.com"; - headscale.subdomain = "vpn"; - jellyfin.subdomain = "media"; - forgejo.subdomain = "git"; + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + pihole = { + image = "pihole/pihole:2024.07.0"; + ip = "192.168.1.201"; + }; + headscale = { + subdomain = "vpn"; + }; + jellyfin = { + subdomain = "media"; + }; + forgejo = { + subdomain = "git"; + }; }; services = { From 3e3f175e1b29ac04b3c5eacd89eb825f808595f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:30:28 -0500 Subject: [PATCH 0267/1043] updated task in README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 60e9169..b42f061 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes -- pihole config files ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From ac14a781b297d0496a8603e20d88676c1d7c231b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:31:02 -0500 Subject: [PATCH 0268/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b42f061..d086102 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes +- make subrepo a flake that gets imported (and then remove `path:` from build scripts) ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 27b58dc288041ab5b9004c021eec802b10cafc6d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 02:30:54 -0500 Subject: [PATCH 0269/1043] switched submodule files to non flake input --- .gitmodules | 2 +- README.md | 1 - enviroments/server/default.nix | 3 ++- flake.lock | 18 ++++++++++++++++++ flake.nix | 7 ++++++- install.sh | 2 +- rebuild.sh | 4 ++-- users/ester/default.nix | 3 ++- users/eve/default.nix | 3 ++- users/leyla/default.nix | 3 ++- 10 files changed, 36 insertions(+), 10 deletions(-) diff --git a/.gitmodules b/.gitmodules index 810e39f..dcfaddd 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "secrets"] path = secrets - url = git@git.jan-leila.com:jan-leila/nix-config.git + url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git diff --git a/README.md b/README.md index d086102..b42f061 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes -- make subrepo a flake that gets imported (and then remove `path:` from build scripts) ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 5a55a69..a36a1db 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: { imports = [ @@ -77,7 +78,7 @@ config = { sops.secrets = { "services/pi-hole" = { - sopsFile = ../../secrets/defiant-services.yaml; + sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; diff --git a/flake.lock b/flake.lock index a424800..d6f3015 100644 --- a/flake.lock +++ b/flake.lock @@ -167,9 +167,27 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "secrets": "secrets", "sops-nix": "sops-nix" } }, + "secrets": { + "flake": false, + "locked": { + "lastModified": 1727152771, + "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "ref": "main", + "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", + "revCount": 2, + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_2", diff --git a/flake.nix b/flake.nix index 70992b0..d1ff05b 100644 --- a/flake.nix +++ b/flake.nix @@ -5,9 +5,14 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # encrypt files that contain secreats that I would like to not encrypt + # encrypt files that contain secrets that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + secrets = { + url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; + flake = false; + }; + # declairtive disk configuration disko = { url = "github:nix-community/disko"; diff --git a/install.sh b/install.sh index d7e10df..882a935 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/rebuild.sh b/rebuild.sh index 96cfc3d..630a2b4 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -58,9 +58,9 @@ user=${user:-$USER} # access secret files in the submodule this is kinda bad and we should find a way to not need it if [[ "$target" == "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi if [ -d "result" ]; diff --git a/users/ester/default.nix b/users/ester/default.nix index 3597d2d..f6a1203 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: let cfg = config.users.ester; @@ -16,7 +17,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; diff --git a/users/eve/default.nix b/users/eve/default.nix index 16787f8..7902ff2 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: let cfg = config.users.eve; @@ -16,7 +17,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 20f99ab..1cd30fe 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: let cfg = config.users.leyla; @@ -21,7 +22,7 @@ in { sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; From b1fbaf169d78ed8f454b83a00cc079656a9bc14c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 17:58:47 -0500 Subject: [PATCH 0270/1043] ran linter --- enviroments/server/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index a36a1db..7d7d7b5 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -151,7 +151,7 @@ }; "podman-network-macvlan" = { - path = [ pkgs.podman ]; + path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -160,8 +160,8 @@ script = '' podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan ''; - partOf = [ "podman-compose-root.target" ]; - wantedBy = [ "podman-compose-root.target" ]; + partOf = ["podman-compose-root.target"]; + wantedBy = ["podman-compose-root.target"]; }; }; @@ -179,7 +179,7 @@ unitConfig = { Description = "Root target for podman targets."; }; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; }; }; }; From 6fc22b821448bc5eb3cb2fd7e99d6f9be15e8d24 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 17:58:54 -0500 Subject: [PATCH 0271/1043] added note to task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b42f061..8bcb5ed 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## Tech Debt - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings -- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` +- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) From aaa7f0aa3d403c9852c22f73a1bb829472075879 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 18:43:32 -0500 Subject: [PATCH 0272/1043] restructured containers object --- enviroments/server/default.nix | 38 ++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 7d7d7b5..9466c42 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -97,25 +97,27 @@ oci-containers = { backend = "podman"; - containers.pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.apps.pihole.image; - volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = config.time.timeZone; - WEBPASSWORD_FILE = passwordFileLocation; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; + containers = { + pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.apps.pihole.image; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.apps.pihole.ip}" + "--network=macvlan" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--ip=${config.apps.pihole.ip}" - "--network=macvlan" - ]; }; }; }; From a86f39668b04e40efe7d3d6e8547b81ffa09fbe2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 20:05:25 -0500 Subject: [PATCH 0273/1043] reorganized flake inputs --- flake.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index d1ff05b..f8254b7 100644 --- a/flake.nix +++ b/flake.nix @@ -5,34 +5,37 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # encrypt files that contain secrets that I would like to not encrypt + # secret encryption sops-nix.url = "github:Mic92/sops-nix"; + # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities secrets = { url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; flake = false; }; - # declairtive disk configuration + # disk configurations disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - # managment per user + # users home directories home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - # repo of hardware configs for prebuilt systems - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # pregenerated hardware configurations + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; }; outputs = { From 5916073839be3a4ca61db0c65b03a32666a883f5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 11:16:13 -0500 Subject: [PATCH 0274/1043] groups environment vars in common environment added qemu to system --- enviroments/common/default.nix | 38 +++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 0194ec1..a5e1c9c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -126,9 +126,30 @@ }; }; - environment.sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + environment = { + # List packages installed in system profile. + systemPackages = with pkgs; [ + qemu + (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' + qemu-system-x86_64 \ + -bios ${OVMF.fd}/FV/OVMF.fd \ + "$@" + '') + + wget + + # version control + git + + # system debuging tools + iputils + dnsutils + ]; + + sessionVariables = rec { + SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; }; sops = { @@ -141,15 +162,4 @@ # generateKey = true; }; }; - # List packages installed in system profile. - environment.systemPackages = with pkgs; [ - wget - - # version control - git - - # system debuging tools - iputils - dnsutils - ]; } From da7a41ce507fe19b6f009dec3003cc49af932410 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 11:16:42 -0500 Subject: [PATCH 0275/1043] updated flakes --- flake.lock | 30 +++++++++++++++--------------- flake.nix | 6 ++++++ 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index d6f3015..167e2f9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1727249977, + "narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1726863345, - "narHash": "sha256-fjbKe1/UJpLT6tQLAKJ/djJFdnmAh2kkdsgmylyFrQA=", + "lastModified": 1727246346, + "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", "owner": "nix-community", "repo": "home-manager", - "rev": "dfe4d334b172071e7189d971ddecd3a7f811b48d", + "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1726796602, - "narHash": "sha256-rYMcODISSljSETcqUUTMo++ZEa1CC6Xx6d3xuydishM=", + "lastModified": 1727228778, + "narHash": "sha256-vg1b7yLH8TgKsUi5KlctSx4GuET7MAoWUR7nqAGnU/Y=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "91dea80194080f017c6edf84fd94e33f6c12aec3", + "rev": "fb86a415579cd38eb7b47c3ada597841b97e2ea9", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726724509, - "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", + "lastModified": 1727040444, + "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", + "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726755586, - "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f8254b7..b320777 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # # virtual machine managment + # nix-virt = { + # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; From 62ad7255bae131ff46be171f0563f4734b8ba9b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 12:15:15 -0500 Subject: [PATCH 0276/1043] added ollama plugin --- users/leyla/default.nix | 26 +++++++++++++++++--------- users/leyla/packages.nix | 2 ++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 1cd30fe..69f8193 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -51,15 +51,23 @@ in { } ); - # TODO: this should reference the home directory from the user config - services.openssh.hostKeys = [ - { - comment = "leyla@" + config.networking.hostName; - path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; - rounds = 100; - type = "ed25519"; - } - ]; + services = { + ollama = { + enable = true; + acceleration = lib.mkIf cfg.hasGPU "cuda"; + }; + + + # TODO: this should reference the home directory from the user config + openssh.hostKeys = [ + { + comment = "leyla@" + config.networking.hostName; + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + }; home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index e206d22..a5960d9 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -106,6 +106,8 @@ in { # misc extensions bungcip.better-toml + + open-vsx."10nates".ollama-autocoder ] ++ (with vscode-marketplace; [ # js extensions From a625779b78639cdd50bd544b3938b3c8ed2c5ceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 19:56:54 -0500 Subject: [PATCH 0277/1043] drafted out firefox config --- flake.nix | 5 +- users/leyla/home.nix | 122 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index b320777..aa908e0 100644 --- a/flake.nix +++ b/flake.nix @@ -26,9 +26,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # # virtual machine managment - # nix-virt = { - # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + # firefox-addons = { + # url = "gitlab.com:rycee/nur-expressions?dir=pkgs/firefox-addons"; # inputs.nixpkgs.follows = "nixpkgs"; # }; diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 118d0cc..c951aaf 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -83,6 +83,128 @@ userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } }; dconf = { From e728268b9b2416d03605ec6bf962d06d8184d229 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Sep 2024 09:33:52 -0500 Subject: [PATCH 0278/1043] simplified flake.nix --- flake.lock | 20 +++----------------- flake.nix | 16 +++++++++++++--- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 167e2f9..e323be9 100644 --- a/flake.lock +++ b/flake.lock @@ -144,22 +144,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1725534445, - "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", @@ -190,7 +174,9 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/flake.nix b/flake.nix index aa908e0..8e2192e 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,10 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # secret encryption - sops-nix.url = "github:Mic92/sops-nix"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities secrets = { @@ -48,6 +51,7 @@ nixpkgs, disko, nixos-hardware, + home-manager, ... } @ inputs: let forEachSystem = nixpkgs.lib.genAttrs [ @@ -66,8 +70,14 @@ specialArgs = {inherit inputs;}; modules = [ ./hosts/horizon/configuration.nix - inputs.home-manager.nixosModules.default nixos-hardware.nixosModules.framework-11th-gen-intel + home-manager.nixosModules.default + # { + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.extraSpecialArgs = { inherit inputs; }; + # home-manager.users = import ./users; + # } ]; }; # Leyla Desktop @@ -75,7 +85,7 @@ specialArgs = {inherit inputs;}; modules = [ ./hosts/twilight/configuration.nix - inputs.home-manager.nixosModules.default + home-manager.nixosModules.default ]; }; # NAS Service From 292d9d0790a9e29aaeef77e44c8e0229c65d7b1f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Sep 2024 21:44:54 +0200 Subject: [PATCH 0279/1043] set timezone automatically --- enviroments/common/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a5e1c9c..25c221a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -15,7 +15,7 @@ networking.networkmanager.enable = true; # Set your time zone. - time.timeZone = "America/Chicago"; + # time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; @@ -114,6 +114,10 @@ }; services = { + automatic-timezoned = { + enable = true; + }; + openssh = { enable = true; ports = [22]; From f975bd047d1da96c70e67e7ccad5f3375a92ba26 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 2 Oct 2024 22:31:57 +0200 Subject: [PATCH 0280/1043] added direnv to system packages --- enviroments/client/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 86ff67b..134d7e2 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -47,6 +47,8 @@ security.rtkit.enable = true; environment.systemPackages = with pkgs; [ + direnv + # helvetica font aileron From 37d01a92b764bdcb0824905309344f921ed05bd4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:19:06 +0200 Subject: [PATCH 0281/1043] added direnv to bash.interactiveShellInit --- enviroments/client/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 134d7e2..85b5e47 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -46,6 +46,8 @@ hardware.pulseaudio.enable = false; security.rtkit.enable = true; + programs.bash.interactiveShellInit = ''eval "$(direnv hook bash)"''; + environment.systemPackages = with pkgs; [ direnv From 26b231a329cfdd72d2322befa87b58f1ca50a017 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:21:54 +0200 Subject: [PATCH 0282/1043] moved dir env to nix-direnv in home manager --- enviroments/client/default.nix | 4 ---- users/leyla/home.nix | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 85b5e47..86ff67b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -46,11 +46,7 @@ hardware.pulseaudio.enable = false; security.rtkit.enable = true; - programs.bash.interactiveShellInit = ''eval "$(direnv hook bash)"''; - environment.systemPackages = with pkgs; [ - direnv - # helvetica font aileron diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c951aaf..af3940a 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,12 +77,23 @@ programs = { # Let Home Manager install and manage itself. home-manager.enable = true; + + # set up git defaults git = { enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + bash.enable = true; # see note on other shells below + # firefox = { # enable = true; # profiles.leyla = { From ff295dc7acb6dd948026fdad5a81d7a018a8b7a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:48:14 +0200 Subject: [PATCH 0283/1043] reconfigured how home manager gets applied --- README.md | 1 + flake.nix | 14 +- hosts/horizon/configuration.nix | 4 + users/default.nix | 1 + users/home.nix | 5 + users/leyla/default.nix | 8 +- users/leyla/home.nix | 491 ++++++++++++++++---------------- users/leyla/packages.nix | 275 ++++++++++-------- 8 files changed, 438 insertions(+), 361 deletions(-) create mode 100644 users/home.nix diff --git a/README.md b/README.md index 8bcb5ed..e9f9e8f 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html +- This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ ## Configuration set up git configuration for local development: `git config --local include.path .gitconfig` diff --git a/flake.nix b/flake.nix index 8e2192e..4f551e2 100644 --- a/flake.nix +++ b/flake.nix @@ -71,13 +71,13 @@ modules = [ ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel - home-manager.nixosModules.default - # { - # home-manager.useGlobalPkgs = true; - # home-manager.useUserPackages = true; - # home-manager.extraSpecialArgs = { inherit inputs; }; - # home-manager.users = import ./users; - # } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ]; }; # Leyla Desktop diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 018fb77..714429d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,6 +14,10 @@ ../../enviroments/client ]; + home-manager.users.leyla.config = { + isFullUser = true; + }; + users = { leyla.isFullUser = true; ester.isFullUser = true; diff --git a/users/default.nix b/users/default.nix index 4c0b5d7..3dc52d9 100644 --- a/users/default.nix +++ b/users/default.nix @@ -4,4 +4,5 @@ users.mutableUsers = false; home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.users = import ./home.nix; } diff --git a/users/home.nix b/users/home.nix new file mode 100644 index 0000000..62be450 --- /dev/null +++ b/users/home.nix @@ -0,0 +1,5 @@ +{ + leyla = import ./leyla/home.nix; + # ester = import ./ester/home.nix; + # eve = import ./eve/home.nix; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 69f8193..0089d35 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -6,9 +6,9 @@ }: let cfg = config.users.leyla; in { - imports = [ - ./packages.nix - ]; + # imports = [ + # ./packages.nix + # ]; options.users.leyla = { isFullUser = lib.mkEnableOption "create usable leyla user"; @@ -69,6 +69,6 @@ in { ]; }; - home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); + # home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } diff --git a/users/leyla/home.nix b/users/leyla/home.nix index af3940a..9644e62 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,259 +1,272 @@ { + lib, config, pkgs, ... }: { - # Home Manager needs a bit of information about you and the paths it should - # manage. - home = { - username = "leyla"; - homeDirectory = "/home/leyla"; + imports = [ + ./packages.nix + ]; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # The home.packages option allows you to install Nix packages into your - # environment. - packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; + options = { + isFullUser = lib.mkEnableOption "create usable leyla user"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + config = { + # Home Manager needs a bit of information about you and the paths it should + # manage. + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; # see note on other shells below - nix-direnv.enable = true; + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + bash.enable = true; # see note on other shells below + + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } }; - bash.enable = true; # see note on other shells below - # firefox = { - # enable = true; - # profiles.leyla = { + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } - }; - - dconf = { - enable = true; - settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a5960d9..e14f157 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,17 +1,12 @@ { lib, config, + osConfig, pkgs, inputs, ... -}: let - cfg = config.users.leyla; -in { - imports = [ - ../../overlays/intellij.nix - ../../overlays/vscodium.nix - ]; - +}: +{ nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -19,119 +14,177 @@ in { }; programs = { - bash.shellAliases = lib.mkIf cfg.isFullUser { + bash.shellAliases = lib.mkIf config.isFullUser { code = "codium"; }; - steam = lib.mkIf cfg.isFullUser { + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in + { enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + }; + + extensions = with extensions.open-vsx; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }; - noisetorch.enable = cfg.isFullUser; - adb.enable = cfg.isFullUser; + # steam = lib.mkIf config.isFullUser { + # enable = true; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # }; + + # noisetorch.enable = config.isFullUser; + + # adb.enable = config.isFullUser; }; - users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( - lib.mkMerge [ - ( - with pkgs; [ - # comand line tools - yt-dlp - ffmpeg - imagemagick - ] - ) - ( - lib.mkIf (!cfg.isThinUser) ( + home = { + packages = lib.mkIf (config.isFullUser || config.isThinUser) ( + lib.mkMerge [ + ( with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing - - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # misc extensions - bungcip.better-toml - - open-vsx."10nates".ollama-autocoder - ] - ++ (with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); - }) - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno - - # system tools - protonvpn-gui - openvpn - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf config.hardware.piperMouse.enable piper) - (lib.mkIf config.hardware.openRGB.enable openrgb) - (lib.mkIf config.hardware.viaKeyboard.enable via) + # comand line tools + yt-dlp + ffmpeg + imagemagick ] ) - ) - ] - ); + ( + lib.mkIf (!config.isThinUser) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf config.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf config.hasGPU davinci-resolve) + + # development tools + # (vscode-with-extensions.override { + # vscode = vscodium; + # vscodeExtensions = with open-vsx; + # [ + # # vs code feel extensions + # ms-vscode.atom-keybindings + # akamud.vscode-theme-onedark + # streetsidesoftware.code-spell-checker + # streetsidesoftware.code-spell-checker-german + # streetsidesoftware.code-spell-checker-italian + # jeanp413.open-remote-ssh + + # # nix extensions + # pinage404.nix-extension-pack + # jnoortheen.nix-ide + + # # html extensions + # formulahendry.auto-rename-tag + # ms-vscode.live-server + + # # js extensions + # dsznajder.es7-react-js-snippets + # dbaeumer.vscode-eslint + # standard.vscode-standard + # firsttris.vscode-jest-runner + # stylelint.vscode-stylelint + # tauri-apps.tauri-vscode + + # # misc extensions + # bungcip.better-toml + + # open-vsx."10nates".ollama-autocoder + # ] + # ++ (with vscode-marketplace; [ + # # js extensions + # karyfoundation.nearley + # ]); + # }) + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf osConfig.hardware.piperMouse.enable piper) + (lib.mkIf osConfig.hardware.openRGB.enable openrgb) + (lib.mkIf osConfig.hardware.viaKeyboard.enable via) + ] + ) + ) + ] + ); + }; } From 89c8c729fac68ca4c499e071db16c7078a917739 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 15:38:03 +0200 Subject: [PATCH 0284/1043] added show-trace option to rebuild --- rebuild.sh | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 630a2b4..a4b7fdc 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -7,6 +7,8 @@ else preserve_result=false fi +show_trace=false + while [ $# -gt 0 ]; do case "$1" in --target*|-t*) @@ -31,6 +33,9 @@ while [ $# -gt 0 ]; do --no-preserve-result) preserve_result=false ;; + --show-trace) + show_trace=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: set the target system to rebuild on" @@ -39,6 +44,7 @@ while [ $# -gt 0 ]; do echo "--user -u: set the user to rebuild flake as on the target system" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" + echo "--show-trace: show trace on builds" exit 0 ;; *) @@ -54,15 +60,20 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -# path: prefixes on rebuilds here make nix not treat this flake like it has a git repo so we can -# access secret files in the submodule this is kinda bad and we should find a way to not need it -if [[ "$target" == "$(hostname)" ]]; +command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" + +if [[ "$target" != "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake .#$flake -else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake + command="$command --target-host $user@$target" fi +if [[ "$show_trace" = true ]]; +then + command="$command --show-trace" +fi + +$command + if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; From bba88fc3fe89c7256a880fb8ab4f0d67a71015c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:38:51 +0200 Subject: [PATCH 0285/1043] added home manger to all flakes --- enviroments/common/default.nix | 3 --- enviroments/server/default.nix | 2 +- flake.nix | 20 +++++++++++++++----- hosts/defiant/configuration.nix | 4 ++++ hosts/twilight/configuration.nix | 10 ++++++---- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 25c221a..a1dbdb0 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -14,9 +14,6 @@ # Enable networking networking.networkmanager.enable = true; - # Set your time zone. - # time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 9466c42..3d20a17 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -107,7 +107,7 @@ "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" ]; environment = { - TZ = config.time.timeZone; + TZ = "America/Chicago"; WEBPASSWORD_FILE = passwordFileLocation; PIHOLE_UID = toString config.users.users.pihole.uid; PIHOLE_GID = toString config.users.groups.pihole.gid; diff --git a/flake.nix b/flake.nix index 4f551e2..7567deb 100644 --- a/flake.nix +++ b/flake.nix @@ -69,23 +69,27 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - ./hosts/horizon/configuration.nix - nixos-hardware.nixosModules.framework-11th-gen-intel - home-manager.nixosModules.home-manager - { + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = { inherit inputs; }; } + ./hosts/horizon/configuration.nix + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ./hosts/twilight/configuration.nix - home-manager.nixosModules.default ]; }; # NAS Service @@ -93,6 +97,12 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9288d36..2faa378 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,6 +14,10 @@ ../../enviroments/server ]; + + home-manager.users.leyla.config = { + isThinUser = true; + }; users.leyla.isThinUser = true; boot.loader.grub = { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 5c27001..972fd72 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,11 +14,13 @@ ../../enviroments/client ]; + home-manager.users.leyla.config = { + isFullUser = true; + hasGPU = true; + }; + users = { - leyla = { - isFullUser = true; - hasGPU = true; - }; + leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; From d99da6cd44f83651e02704fc58822e4d3bc9c9bd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:39:02 +0200 Subject: [PATCH 0286/1043] added flake check to pre commit hook --- .hooks/pre-commit | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 5721472..4d465c4 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -2,6 +2,13 @@ git stash -q --keep-index + +nix flake check + +if [ $? -eq 0 ]; then + exit 1 +fi + ./lint.sh RESULT=$? From bbb4be8ac84cd4f0dd0b7a7ceb517688e5cf58b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:39:36 +0200 Subject: [PATCH 0287/1043] added optimize to nix settings --- enviroments/common/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a1dbdb0..78bd2cd 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,6 +9,7 @@ trusted-users = ["leyla"]; }; gc.automatic = true; + optimise.automatic = true; }; # Enable networking From cfa0f64f7054afb992f9f0c5cd96b9d0d9790a27 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:48:35 +0200 Subject: [PATCH 0288/1043] added weekly timers to garbage collect and optimize made garbage collector collect older then a week --- enviroments/common/default.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 78bd2cd..db1549d0 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -8,8 +8,15 @@ experimental-features = ["nix-command" "flakes"]; trusted-users = ["leyla"]; }; - gc.automatic = true; - optimise.automatic = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + dates = "weekly"; + }; }; # Enable networking From 48a321fbd518b7f8ad19255b75b541f7a9a39459 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:50:46 +0200 Subject: [PATCH 0289/1043] ran linter --- enviroments/common/default.nix | 4 +- flake.nix | 15 ++++--- hosts/defiant/configuration.nix | 1 - users/home.nix | 2 +- users/leyla/default.nix | 1 - users/leyla/home.nix | 2 +- users/leyla/packages.nix | 72 ++++++++++++++++----------------- 7 files changed, 48 insertions(+), 49 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index db1549d0..3dd24c1 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -122,7 +122,7 @@ automatic-timezoned = { enable = true; }; - + openssh = { enable = true; ports = [22]; @@ -154,7 +154,7 @@ iputils dnsutils ]; - + sessionVariables = rec { SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; diff --git a/flake.nix b/flake.nix index 7567deb..982ca67 100644 --- a/flake.nix +++ b/flake.nix @@ -69,11 +69,12 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel @@ -83,11 +84,12 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/twilight/configuration.nix ]; @@ -97,11 +99,12 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2faa378..59744c8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,7 +14,6 @@ ../../enviroments/server ]; - home-manager.users.leyla.config = { isThinUser = true; }; diff --git a/users/home.nix b/users/home.nix index 62be450..0571905 100644 --- a/users/home.nix +++ b/users/home.nix @@ -2,4 +2,4 @@ leyla = import ./leyla/home.nix; # ester = import ./ester/home.nix; # eve = import ./eve/home.nix; -} \ No newline at end of file +} diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 0089d35..102e029 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -57,7 +57,6 @@ in { acceleration = lib.mkIf cfg.hasGPU "cuda"; }; - # TODO: this should reference the home directory from the user config openssh.hostKeys = [ { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 9644e62..f8d4c42 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -105,7 +105,7 @@ nix-direnv.enable = true; }; bash.enable = true; # see note on other shells below - + # firefox = { # enable = true; # profiles.leyla = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index e14f157..294cad5 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -5,8 +5,7 @@ pkgs, inputs, ... -}: -{ +}: { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -18,14 +17,13 @@ code = "codium"; }; - vscode = let + vscode = let extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; - in - { + in { enable = true; - + package = pkgs.vscodium; mutableExtensionsDir = false; @@ -36,44 +34,44 @@ "workbench.colorTheme" = "Atom One Dark"; }; - extensions = with extensions.open-vsx; [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + extensions = with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # misc extensions - bungcip.better-toml + # misc extensions + bungcip.better-toml - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }; - # steam = lib.mkIf config.isFullUser { # enable = true; # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 67abf0d448a726487b482b48c969bb26630cea44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:56:43 +0200 Subject: [PATCH 0290/1043] fixed optimise dates value --- enviroments/common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3dd24c1..9ee0c50 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -15,7 +15,7 @@ }; optimise = { automatic = true; - dates = "weekly"; + dates = ["weekly"]; }; }; From da7b146213eaabd3a68a4fbef2aaae535b72a16c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:04:12 +0200 Subject: [PATCH 0291/1043] added tasks to tech debt --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e9f9e8f..b023e09 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,8 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes +- we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) +- Eve and Ester home-manager ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 232f31d23de402d0ab56a1c2f1fec08c105a32cd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:06:42 +0200 Subject: [PATCH 0292/1043] merged home manager configs for all systems --- flake.nix | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/flake.nix b/flake.nix index 982ca67..85d1a96 100644 --- a/flake.nix +++ b/flake.nix @@ -64,18 +64,20 @@ in { packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = { + nixosConfigurations = let + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + }; + in + { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -84,13 +86,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix ]; }; @@ -99,13 +95,7 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; From 6f3022c23bb77bff590d32d2b39af8b6ff3a3fa5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:06:49 +0200 Subject: [PATCH 0293/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b023e09..ce7ed16 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - move applications in server environment into their own flakes - we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) - Eve and Ester home-manager +- get rid of default config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 3cc48070339fd5c173fafdb4c05517912c6e785d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:07:22 +0200 Subject: [PATCH 0294/1043] moved home-manager-config variable up --- flake.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 85d1a96..6a25fab 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,12 @@ home-manager, ... } @ inputs: let + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + }; forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" "aarch64-linux" @@ -64,15 +70,7 @@ in { packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = let - home-manager-config = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - }; - in - { + nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; From 6eb6ac12785b2e9cdf3e57349b348f85d9da8b89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:20:16 +0200 Subject: [PATCH 0295/1043] removed non home manager isFullUser and isThinUser for leyla --- hosts/defiant/configuration.nix | 1 - hosts/horizon/configuration.nix | 1 - hosts/twilight/configuration.nix | 1 - users/leyla/default.nix | 14 +---------- users/leyla/packages.nix | 41 ++------------------------------ 5 files changed, 3 insertions(+), 55 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 59744c8..09c51a4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,7 +17,6 @@ home-manager.users.leyla.config = { isThinUser = true; }; - users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 714429d..7086276 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -19,7 +19,6 @@ }; users = { - leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 972fd72..39bf38b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,7 +20,6 @@ }; users = { - leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 102e029..10e9ae9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -4,18 +4,8 @@ inputs, ... }: let - cfg = config.users.leyla; + cfg = config.home-manager.users.leyla; in { - # imports = [ - # ./packages.nix - # ]; - - options.users.leyla = { - isFullUser = lib.mkEnableOption "create usable leyla user"; - isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - config = { nixpkgs.config.allowUnfree = true; @@ -67,7 +57,5 @@ in { } ]; }; - - # home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 294cad5..6b64616 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,7 +75,8 @@ # steam = lib.mkIf config.isFullUser { # enable = true; # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer + # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers # }; # noisetorch.enable = config.isFullUser; @@ -126,44 +127,6 @@ (lib.mkIf config.hasGPU davinci-resolve) # development tools - # (vscode-with-extensions.override { - # vscode = vscodium; - # vscodeExtensions = with open-vsx; - # [ - # # vs code feel extensions - # ms-vscode.atom-keybindings - # akamud.vscode-theme-onedark - # streetsidesoftware.code-spell-checker - # streetsidesoftware.code-spell-checker-german - # streetsidesoftware.code-spell-checker-italian - # jeanp413.open-remote-ssh - - # # nix extensions - # pinage404.nix-extension-pack - # jnoortheen.nix-ide - - # # html extensions - # formulahendry.auto-rename-tag - # ms-vscode.live-server - - # # js extensions - # dsznajder.es7-react-js-snippets - # dbaeumer.vscode-eslint - # standard.vscode-standard - # firsttris.vscode-jest-runner - # stylelint.vscode-stylelint - # tauri-apps.tauri-vscode - - # # misc extensions - # bungcip.better-toml - - # open-vsx."10nates".ollama-autocoder - # ] - # ++ (with vscode-marketplace; [ - # # js extensions - # karyfoundation.nearley - # ]); - # }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 27406218b5cde8426adeba95669bdd9074dca5c0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:20:44 +0200 Subject: [PATCH 0296/1043] removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ce7ed16..0132d4a 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) - Eve and Ester home-manager - get rid of default config and import it in hardware-configuration.nix ## New Features From da4f1299c768262dca43c517561919a72a28f974 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:41:12 +0200 Subject: [PATCH 0297/1043] added configs for steam noisetorch and adb back in --- users/leyla/default.nix | 13 +++++++++++++ users/leyla/packages.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 10e9ae9..a9efe1c 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -57,5 +57,18 @@ in { } ]; }; + + programs = { + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + + noisetorch.enable = cfg.isFullUser; + + adb.enable = cfg.isFullUser; + }; }; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 6b64616..eabd4ba 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,17 +71,6 @@ karyfoundation.nearley ]); }; - - # steam = lib.mkIf config.isFullUser { - # enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer - # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - # }; - - # noisetorch.enable = config.isFullUser; - - # adb.enable = config.isFullUser; }; home = { From 1cef697f9b53605055cab272ab87d0815b3c1107 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:43:00 +0200 Subject: [PATCH 0298/1043] fixed task typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0132d4a..dd6a036 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes - Eve and Ester home-manager -- get rid of default config and import it in hardware-configuration.nix +- get rid of disko config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From dd6046af2766bd8de8b376ec1a9257beaf275c1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 18:11:52 +0200 Subject: [PATCH 0299/1043] added spell check words --- users/leyla/packages.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index eabd4ba..2239ff2 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -32,6 +32,9 @@ userSettings = { "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; }; extensions = with extensions.open-vsx; From 2d6b16950b424c10dc8bca6522f057e84d29b723 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:42:30 +0200 Subject: [PATCH 0300/1043] added util to lib --- flake.nix | 11 ++++++----- users/leyla/default.nix | 2 +- util/default.nix | 16 ++++++++++------ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index 6a25fab..bfd7292 100644 --- a/flake.nix +++ b/flake.nix @@ -67,13 +67,14 @@ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - in { - packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); + callPackage = nixpkgs.lib.callPackageWith (nixpkgs // { lib = lib; }); + lib = callPackage ./util {} // nixpkgs.lib; + in { nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix @@ -82,7 +83,7 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix @@ -90,7 +91,7 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a9efe1c..47b3edb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -23,7 +23,7 @@ in { extraGroups = lib.mkMerge [ ["networkmanager" "wheel"] ( - lib.mkIf (!cfg.isThinUser) ["adbusers"] + lib.mkUnless cfg.isThinUser ["adbusers"] ) ]; diff --git a/util/default.nix b/util/default.nix index acd1997..3d16bf3 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,7 +1,11 @@ -_: { - # mkUnless = condition: then: (mkIf (!condition) then); - # mkIfElse = condition: then: else: lib.mkMerge [ - # (mkIf condition then) - # (mkUnless condition else) - # ]; +{ + lib, + ... +}: +{ + mkUnless = condition: yes: (lib.mkIf (!condition) yes); + mkIfElse = condition: yes: no: lib.mkMerge [ + (lib.mkIf condition yes) + (lib.mkUnless condition no) + ]; } From 8f4e70c0d0e454aac16dd56b569c20f826efdb05 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:48:52 +0200 Subject: [PATCH 0301/1043] moved vscode to own file --- README.md | 1 - users/leyla/packages.nix | 72 ++----------------------------------- users/leyla/vscode.nix | 77 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 70 deletions(-) create mode 100644 users/leyla/vscode.nix diff --git a/README.md b/README.md index dd6a036..4f1e59b 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. # Tasks: ## Tech Debt -- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2239ff2..1478d1d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -6,75 +6,9 @@ inputs, ... }: { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = lib.mkIf config.isFullUser { - code = "codium"; - }; - - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; - - package = pkgs.vscodium; - - mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - }; - - extensions = with extensions.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # misc extensions - bungcip.better-toml - - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); - }; - }; + imports = [ + ./vscode.nix + ]; home = { packages = lib.mkIf (config.isFullUser || config.isThinUser) ( diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix new file mode 100644 index 0000000..ffe84b6 --- /dev/null +++ b/users/leyla/vscode.nix @@ -0,0 +1,77 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = lib.mkIf config.isFullUser { + code = "codium"; + }; + + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + }; + + extensions = with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); + }; + }; +} \ No newline at end of file From cb1f8665e52d41d1146092ac3d5a8e55ab11cd3e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:52:53 +0200 Subject: [PATCH 0302/1043] ran linted --- flake.nix | 11 +++++++---- users/leyla/vscode.nix | 2 +- util/default.nix | 15 ++++++--------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index bfd7292..efffbd2 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,7 @@ ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - callPackage = nixpkgs.lib.callPackageWith (nixpkgs // { lib = lib; }); + callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); lib = callPackage ./util {} // nixpkgs.lib; in { nixosConfigurations = { @@ -76,7 +76,8 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -85,7 +86,8 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/twilight/configuration.nix ]; }; @@ -94,7 +96,8 @@ specialArgs = {inherit inputs lib;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index ffe84b6..37fc4be 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -74,4 +74,4 @@ ]); }; }; -} \ No newline at end of file +} diff --git a/util/default.nix b/util/default.nix index 3d16bf3..a06ac29 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,11 +1,8 @@ -{ - lib, - ... -}: -{ +{lib, ...}: { mkUnless = condition: yes: (lib.mkIf (!condition) yes); - mkIfElse = condition: yes: no: lib.mkMerge [ - (lib.mkIf condition yes) - (lib.mkUnless condition no) - ]; + mkIfElse = condition: yes: no: + lib.mkMerge [ + (lib.mkIf condition yes) + (lib.mkUnless condition no) + ]; } From c0167bd5d188af037d35f9f31c1591bc2f17b2a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:04:17 +0200 Subject: [PATCH 0303/1043] updated README --- .hooks/pre-commit | 5 +++-- README.md | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 4d465c4..524d4e5 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -2,13 +2,14 @@ git stash -q --keep-index - +echo "checking flakes all compile" nix flake check -if [ $? -eq 0 ]; then +if [ ! $? -eq 0 ]; then exit 1 fi +echo "running linter" ./lint.sh RESULT=$? diff --git a/README.md b/README.md index 4f1e59b..f639b53 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ ## Configuration -set up git configuration for local development: `git config --local include.path .gitconfig` +set up git configuration for local development: `git config core.hooksPath .hooks` to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) From 8da184333e7384d09e56c5caed34c8e5565efbe2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:06:12 +0200 Subject: [PATCH 0304/1043] added logging to commit hooks --- .hooks/post-commit | 2 ++ .hooks/pre-commit | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.hooks/post-commit b/.hooks/post-commit index 7803850..93d7f15 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -1,3 +1,5 @@ #!/usr/bin/env bash +echo "restoring stashed changes" + git stash pop -q diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 524d4e5..6687ec0 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,5 +1,6 @@ #!/usr/bin/env bash +echo "stashing all uncommitted changes" git stash -q --keep-index echo "checking flakes all compile" @@ -14,6 +15,7 @@ echo "running linter" RESULT=$? +echo "adding lint changes to commit" git add -u exit $RESULT \ No newline at end of file From dec1ef1d963804884d11510b5c54c1cb09a58712 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:07:27 +0200 Subject: [PATCH 0305/1043] removed completed task from README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index f639b53..8e7e794 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - get rid of disko config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- fix pre commit hook - Flake templates - home assistant virtual machine - searxng docker From 04871258ee4233cb29d9662eb8ba6eb2de9d3197 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:01:41 +0200 Subject: [PATCH 0306/1043] moved ester and eve over to home manager --- README.md | 2 +- enviroments/common/default.nix | 3 ++ hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 17 +++++--- hosts/twilight/configuration.nix | 19 ++++---- users/default.nix | 1 - users/ester/default.nix | 16 ++----- users/ester/home.nix | 73 +++++++++++++++++++++++++++++++ users/eve/default.nix | 18 ++------ users/eve/home.nix | 75 ++++++++++++++++++++++++++++++++ users/home.nix | 4 +- users/leyla/default.nix | 22 +++++----- users/leyla/home.nix | 29 ++---------- users/leyla/packages.nix | 4 +- users/leyla/vscode.nix | 67 ++++++++++++++-------------- 15 files changed, 233 insertions(+), 119 deletions(-) create mode 100644 users/ester/home.nix create mode 100644 users/eve/home.nix diff --git a/README.md b/README.md index 8e7e794..677971c 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,8 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- Eve and Ester home-manager - get rid of disko config and import it in hardware-configuration.nix +- why does users.users..home conflict with home-manager.users..home.homeDirectory ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 9ee0c50..3416c1a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -42,18 +42,21 @@ uid = 1000; description = "Leyla"; group = "leyla"; + home = "/home/leyla"; }; ester = { uid = 1001; description = "Ester"; group = "ester"; + home = "/home/ester"; }; eve = { uid = 1002; description = "Eve"; group = "eve"; + home = "/home/eve"; }; jellyfin = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 09c51a4..bbe9601 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -15,7 +15,7 @@ ]; home-manager.users.leyla.config = { - isThinUser = true; + isTerminalUser = true; }; boot.loader.grub = { diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 7086276..ef042d6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,13 +14,16 @@ ../../enviroments/client ]; - home-manager.users.leyla.config = { - isFullUser = true; - }; - - users = { - ester.isFullUser = true; - eve.isFullUser = true; + home-manager.users = { + leyla.config = { + isDesktopUser = true; + }; + ester.config = { + isDesktopUser = true; + }; + eve.config = { + isDesktopUser = true; + }; }; # enabled virtualisation for docker diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 39bf38b..4de1e5f 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,14 +14,17 @@ ../../enviroments/client ]; - home-manager.users.leyla.config = { - isFullUser = true; - hasGPU = true; - }; - - users = { - ester.isFullUser = true; - eve.isFullUser = true; + home-manager.users = { + leyla.config = { + isDesktopUser = true; + hasGPU = true; + }; + ester.config = { + isDesktopUser = true; + }; + eve.config = { + isDesktopUser = true; + }; }; systemd.tmpfiles.rules = [ diff --git a/users/default.nix b/users/default.nix index 3dc52d9..ab74274 100644 --- a/users/default.nix +++ b/users/default.nix @@ -3,6 +3,5 @@ users.mutableUsers = false; - home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.users = import ./home.nix; } diff --git a/users/ester/default.nix b/users/ester/default.nix index f6a1203..61e0d4e 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -5,16 +5,12 @@ inputs, ... }: let - cfg = config.users.ester; + cfg = config.home-manager.users.ester; in { - options.users.ester = { - isFullUser = lib.mkEnableOption "ester"; - }; - config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf cfg.isDesktopUser { "passwords/ester" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -22,18 +18,12 @@ in { }; users.users.ester = ( - if cfg.isFullUser + if cfg.isDesktopUser then { isNormalUser = true; extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; } else { isSystemUser = true; diff --git a/users/ester/home.nix b/users/ester/home.nix new file mode 100644 index 0000000..1d3a2a2 --- /dev/null +++ b/users/ester/home.nix @@ -0,0 +1,73 @@ +{ + pkgs, + lib, + config, + ... +}: { + options = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + + config = { + home = { + username = "ester"; + homeDirectory = "/home/ester"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/ester/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + + packages = lib.mkIf config.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + }; + }; +} diff --git a/users/eve/default.nix b/users/eve/default.nix index 7902ff2..4956dea 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -5,16 +5,12 @@ inputs, ... }: let - cfg = config.users.eve; + cfg = config.home-manager.users.eve; in { - options.users.eve = { - isFullUser = lib.mkEnableOption "eve"; - }; - config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf cfg.isDesktopUser { "passwords/eve" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -22,20 +18,12 @@ in { }; users.users.eve = ( - if cfg.isFullUser + if cfg.isDesktopUser then { isNormalUser = true; extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; } else { isSystemUser = true; diff --git a/users/eve/home.nix b/users/eve/home.nix new file mode 100644 index 0000000..461458d --- /dev/null +++ b/users/eve/home.nix @@ -0,0 +1,75 @@ +{ + pkgs, + lib, + config, + ... +}: { + options = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + + config = { + home = { + username = "eve"; + homeDirectory = "/home/eve"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + + packages = lib.mkIf config.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + }; + }; +} diff --git a/users/home.nix b/users/home.nix index 0571905..88d6337 100644 --- a/users/home.nix +++ b/users/home.nix @@ -1,5 +1,5 @@ { leyla = import ./leyla/home.nix; - # ester = import ./ester/home.nix; - # eve = import ./eve/home.nix; + ester = import ./ester/home.nix; + eve = import ./eve/home.nix; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 47b3edb..e8baee3 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in { config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { + sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) { "passwords/leyla" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -17,15 +17,13 @@ in { }; users.users.leyla = ( - if (cfg.isFullUser || cfg.isThinUser) + if (cfg.isDesktopUser || cfg.isTerminalUser) then { isNormalUser = true; - extraGroups = lib.mkMerge [ + extraGroups = ( ["networkmanager" "wheel"] - ( - lib.mkUnless cfg.isThinUser ["adbusers"] - ) - ]; + ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" + ); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; @@ -43,8 +41,8 @@ in { services = { ollama = { - enable = true; - acceleration = lib.mkIf cfg.hasGPU "cuda"; + enable = cfg.hasGPU; + acceleration = "cuda"; }; # TODO: this should reference the home directory from the user config @@ -59,16 +57,16 @@ in { }; programs = { - steam = lib.mkIf cfg.isFullUser { + steam = lib.mkIf cfg.isDesktopUser { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers }; - noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isDesktopUser; - adb.enable = cfg.isFullUser; + adb.enable = cfg.isDesktopUser; }; }; } diff --git a/users/leyla/home.nix b/users/leyla/home.nix index f8d4c42..ac513de 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -9,8 +9,8 @@ ]; options = { - isFullUser = lib.mkEnableOption "create usable leyla user"; - isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; @@ -30,27 +30,6 @@ # release notes. stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage # plain files is through 'home.file'. file = { @@ -101,10 +80,10 @@ # add direnv to auto load flakes for development direnv = { enable = true; - enableBashIntegration = true; # see note on other shells below + enableBashIntegration = true; nix-direnv.enable = true; }; - bash.enable = true; # see note on other shells below + bash.enable = true; # firefox = { # enable = true; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 1478d1d..d59696d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -11,7 +11,7 @@ ]; home = { - packages = lib.mkIf (config.isFullUser || config.isThinUser) ( + packages = lib.mkIf (config.isDesktopUser || config.isTerminalUser) ( lib.mkMerge [ ( with pkgs; [ @@ -22,7 +22,7 @@ ] ) ( - lib.mkIf (!config.isThinUser) ( + lib.mkIf (!config.isTerminalUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index 37fc4be..dbb5ae0 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -12,7 +12,7 @@ }; programs = { - bash.shellAliases = lib.mkIf config.isFullUser { + bash.shellAliases = lib.mkIf config.isDesktopUser { code = "codium"; }; @@ -36,42 +36,45 @@ ]; }; - extensions = with extensions.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + extensions = ( + with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # misc extensions - bungcip.better-toml + # misc extensions + bungcip.better-toml - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + open-vsx."10nates".ollama-autocoder + ] + ++ ( + with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); }; }; } From ce2f59a386a559117f8871064c51dd1ba50efa04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:05:35 +0200 Subject: [PATCH 0307/1043] moved firefox draft to own file --- users/leyla/firefox.nix | 132 +++++++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 1 + 2 files changed, 133 insertions(+) create mode 100644 users/leyla/firefox.nix diff --git a/users/leyla/firefox.nix b/users/leyla/firefox.nix new file mode 100644 index 0000000..615b3e3 --- /dev/null +++ b/users/leyla/firefox.nix @@ -0,0 +1,132 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: { + programs = { + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d59696d..bf3589c 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,7 @@ }: { imports = [ ./vscode.nix + ./firefox.nix ]; home = { From 60fba00be909e9fc9a5adfa97227557c1735ec41 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:51:38 +0200 Subject: [PATCH 0308/1043] moved user config back into user file from home file --- hosts/defiant/configuration.nix | 6 ++++-- hosts/horizon/configuration.nix | 8 ++++---- hosts/twilight/configuration.nix | 9 ++++----- users/default.nix | 11 +++++++++-- users/ester/default.nix | 6 +++++- users/ester/home.nix | 13 ++++++------- users/eve/default.nix | 6 +++++- users/eve/home.nix | 14 ++++++-------- users/home.nix | 10 +++++++--- users/leyla/default.nix | 8 +++++++- users/leyla/home.nix | 10 ++-------- users/leyla/packages.nix | 12 +++++++----- users/leyla/vscode.nix | 8 +++++--- 13 files changed, 71 insertions(+), 50 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bbe9601..07017bd 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,8 +14,10 @@ ../../enviroments/server ]; - home-manager.users.leyla.config = { - isTerminalUser = true; + nixos.users = { + leyla = { + isTerminalUser = true; + }; }; boot.loader.grub = { diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ef042d6..f49e83d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,14 +14,14 @@ ../../enviroments/client ]; - home-manager.users = { - leyla.config = { + nixos.users = { + leyla = { isDesktopUser = true; }; - ester.config = { + ester = { isDesktopUser = true; }; - eve.config = { + eve = { isDesktopUser = true; }; }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 4de1e5f..0ed47c8 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -13,16 +13,15 @@ ../../enviroments/client ]; - - home-manager.users = { - leyla.config = { + nixos.users = { + leyla = { isDesktopUser = true; hasGPU = true; }; - ester.config = { + ester = { isDesktopUser = true; }; - eve.config = { + eve = { isDesktopUser = true; }; }; diff --git a/users/default.nix b/users/default.nix index ab74274..fd1f6a4 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,7 +1,14 @@ -{inputs, ...}: { +{ + lib, + config, + ... +}: { imports = [./leyla ./ester ./eve]; users.mutableUsers = false; - home-manager.users = import ./home.nix; + home-manager.users = import ./home.nix { + lib = lib; + config = config; + }; } diff --git a/users/ester/default.nix b/users/ester/default.nix index 61e0d4e..ec5449c 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -5,8 +5,12 @@ inputs, ... }: let - cfg = config.home-manager.users.ester; + cfg = config.nixos.users.ester; in { + options.nixos.users.ester = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/ester/home.nix b/users/ester/home.nix index 1d3a2a2..773c13c 100644 --- a/users/ester/home.nix +++ b/users/ester/home.nix @@ -2,16 +2,15 @@ pkgs, lib, config, + osConfig, ... -}: { - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - +}: let + cfg = osConfig.nixos.users.ester; +in { config = { home = { username = "ester"; - homeDirectory = "/home/ester"; + homeDirectory = osConfig.users.users.ester.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release @@ -56,7 +55,7 @@ # EDITOR = "emacs"; }; - packages = lib.mkIf config.isDesktopUser ( + packages = lib.mkIf cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/users/eve/default.nix b/users/eve/default.nix index 4956dea..46c9a8a 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -5,8 +5,12 @@ inputs, ... }: let - cfg = config.home-manager.users.eve; + cfg = config.nixos.users.eve; in { + options.nixos.users.eve = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/eve/home.nix b/users/eve/home.nix index 461458d..0b1d25c 100644 --- a/users/eve/home.nix +++ b/users/eve/home.nix @@ -1,17 +1,15 @@ { pkgs, lib, - config, + osConfig, ... -}: { - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - +}: let + cfg = osConfig.nixos.users.eve; +in { config = { home = { username = "eve"; - homeDirectory = "/home/eve"; + homeDirectory = osConfig.users.users.eve.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release @@ -56,7 +54,7 @@ # EDITOR = "emacs"; }; - packages = lib.mkIf config.isDesktopUser ( + packages = lib.mkIf cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/users/home.nix b/users/home.nix index 88d6337..d32f2df 100644 --- a/users/home.nix +++ b/users/home.nix @@ -1,5 +1,9 @@ { - leyla = import ./leyla/home.nix; - ester = import ./ester/home.nix; - eve = import ./eve/home.nix; + lib, + config, + ... +}: { + leyla = lib.mkIf (config.nixos.users.leyla.isDesktopUser || config.nixos.users.leyla.isTerminalUser) (import ./leyla/home.nix); + ester = lib.mkIf config.nixos.users.ester.isDesktopUser (import ./ester/home.nix); + eve = lib.mkIf config.nixos.users.eve.isDesktopUser (import ./eve/home.nix); } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index e8baee3..48e3c98 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -4,8 +4,14 @@ inputs, ... }: let - cfg = config.home-manager.users.leyla; + cfg = config.nixos.users.leyla; in { + options.nixos.users.leyla = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/home.nix b/users/leyla/home.nix index ac513de..14f4e8b 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,25 +1,19 @@ { lib, - config, pkgs, + osConfig, ... }: { imports = [ ./packages.nix ]; - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - config = { # Home Manager needs a bit of information about you and the paths it should # manage. home = { username = "leyla"; - homeDirectory = "/home/leyla"; + homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index bf3589c..0b40333 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -5,14 +5,16 @@ pkgs, inputs, ... -}: { +}: let + cfg = osConfig.nixos.users.leyla; +in { imports = [ ./vscode.nix ./firefox.nix ]; home = { - packages = lib.mkIf (config.isDesktopUser || config.isTerminalUser) ( + packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( lib.mkMerge [ ( with pkgs; [ @@ -23,7 +25,7 @@ ] ) ( - lib.mkIf (!config.isTerminalUser) ( + lib.mkIf (!cfg.isTerminalUser) ( with pkgs; [ #foss platforms signal-desktop @@ -42,7 +44,7 @@ onionshare easytag # rhythmbox - (lib.mkIf config.hasGPU obs-studio) + (lib.mkIf cfg.hasGPU obs-studio) # wireshark # rpi-imager # fritzing @@ -51,7 +53,7 @@ discord obsidian steam - (lib.mkIf config.hasGPU davinci-resolve) + (lib.mkIf cfg.hasGPU davinci-resolve) # development tools androidStudioPackages.canary diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index dbb5ae0..a0dd27c 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -1,10 +1,12 @@ { lib, - config, + osConfig, pkgs, inputs, ... -}: { +}: let + cfg = osConfig.nixos.users.leyla; +in { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -12,7 +14,7 @@ }; programs = { - bash.shellAliases = lib.mkIf config.isDesktopUser { + bash.shellAliases = lib.mkIf cfg.isDesktopUser { code = "codium"; }; From 3cf6791d9e3a6bc80d302ceca05bf965b1e09d4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Oct 2024 17:16:59 +0200 Subject: [PATCH 0309/1043] installed anki --- users/leyla/packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0b40333..33bdc28 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -55,6 +55,8 @@ in { steam (lib.mkIf cfg.hasGPU davinci-resolve) + anki-bin + # development tools androidStudioPackages.canary jetbrains.idea-community From 8dc253056cd34d5d95e81242cc37239f126a6726 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Oct 2024 17:35:54 +0200 Subject: [PATCH 0310/1043] updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index e323be9..9f0181a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1727249977, - "narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=", + "lastModified": 1728659696, + "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", "owner": "nix-community", "repo": "disko", - "rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa", + "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1727246346, - "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", + "lastModified": 1728650932, + "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", + "rev": "65ae9c147349829d3df0222151f53f79821c5134", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1727228778, - "narHash": "sha256-vg1b7yLH8TgKsUi5KlctSx4GuET7MAoWUR7nqAGnU/Y=", + "lastModified": 1728179514, + "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "fb86a415579cd38eb7b47c3ada597841b97e2ea9", + "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { From f6e0b8684cf5d2739e17a13ff1e1c1e59fdc3c38 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Oct 2024 20:21:36 +0200 Subject: [PATCH 0311/1043] added home assistant to defiant --- enviroments/server/default.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3d20a17..f2f32bf 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -72,6 +72,18 @@ default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; + home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that home-assistant will be hosted at"; + default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -249,6 +261,17 @@ stateDir = "/home/forgejo/data"; }; + home-assistant = { + enable = true; + config.http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -270,6 +293,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; + ${config.apps.home-assistant.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + }; }; }; }; @@ -279,7 +307,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [53 2049 3000 8081]; + # TODO: remove 8081 and 8082 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; environment.systemPackages = [ config.services.headscale.package From abede83bfac00d9ec9169f26bdb0a452112e0c42 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Oct 2024 19:13:36 -0500 Subject: [PATCH 0312/1043] added legacy mount points back to horizon --- hosts/horizon/hardware-configuration.nix | 33 +++++++++++------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 1e203f3..3645905 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -63,26 +63,23 @@ options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - # "/mnt/legacy_leyla_home" = - # { - # device = "server.arpa:/home/leyla"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - # }; + "/mnt/legacy_leyla_home" = { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - # "/mnt/legacy_share_home" = - # { - # device = "server.arpa:/home/share"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - # }; + "/mnt/legacy_share_home" = { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - # "/mnt/legacy_docker_home" = - # { - # device = "server.arpa:/home/docker"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - # }; + "/mnt/legacy_docker_home" = { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + }; }; services.cachefilesd.enable = true; From b2ee04dce5aa9cc2a429bd252be1927b39067e22 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Oct 2024 19:21:07 -0500 Subject: [PATCH 0313/1043] added more hass config --- enviroments/common/default.nix | 17 ++++++++++++++++- enviroments/server/default.nix | 16 +++++++++------- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3416c1a..db170db 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { imports = [ ../../users ]; @@ -76,6 +80,12 @@ group = "pihole"; isSystemUser = true; }; + + hass = { + uid = lib.mkForce 2004; + group = "hass"; + isSystemUser = true; + }; }; groups = { @@ -118,6 +128,11 @@ gid = 2003; members = ["pihole" "leyla"]; }; + + hass = { + gid = lib.mkForce 2004; + members = ["hass" "leyla"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f2f32bf..c3e6464 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -137,12 +137,13 @@ systemd = { tmpfiles.rules = [ "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d /home/jellyfin/config 750 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" # is /home/docker/jellyfin/cache on existing server "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" - "d /home/pihole 750 pihole pihole -" + "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server + "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system + "d /home/hass 750 hass hass -" # is /home/docker/hass on old system ]; services = { @@ -243,8 +244,8 @@ enable = true; user = "jellyfin"; group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + dataDir = "/home/jellyfin/config"; + cacheDir = "/home/jellyfin/cache"; }; forgejo = { @@ -263,6 +264,7 @@ home-assistant = { enable = true; + configDir = "/home/hass"; config.http = { server_port = 8082; use_x_forwarded_for = true; From 7c3aaf241a9f1199efdd263c4c27ae8a935e03c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 19 Oct 2024 11:15:13 -0500 Subject: [PATCH 0314/1043] added searxng --- README.md | 3 +-- enviroments/server/default.nix | 40 ++++++++++++++++++++++++++++++---- flake.lock | 38 ++++++++++++++++---------------- secrets | 2 +- 4 files changed, 57 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 677971c..32b2a22 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- home assistant virtual machine -- searxng docker +- searxng - nextcloud ??? - samba mounts - firefox declarative??? diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3e6464..7d44a14 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -84,6 +84,18 @@ default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; + searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "search"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that searx will be hosted at"; + default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -92,6 +104,9 @@ "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; virtualisation = { @@ -234,8 +249,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns_config.base_domain = config.apps.base_domain; + # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -274,6 +289,18 @@ }; }; + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + base_url = config.apps.searx.hostname; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -300,6 +327,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; + ${config.apps.searx.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + }; }; }; }; @@ -309,8 +341,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081 and 8082 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; + # TODO: remove 8081, 8082, 8083 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 9f0181a..0e62de9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1728659696, - "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", + "lastModified": 1729281548, + "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", "owner": "nix-community", "repo": "disko", - "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", + "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1728650932, - "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", + "lastModified": 1729321331, + "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", "owner": "nix-community", "repo": "home-manager", - "rev": "65ae9c147349829d3df0222151f53f79821c5134", + "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1728179514, - "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", + "lastModified": 1729302344, + "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", + "rev": "a2a26f1bada2202572599346eb952bd3e130af66", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1729333370, + "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1727152771, - "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "lastModified": 1729353554, + "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", "ref": "main", - "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", - "revCount": 2, + "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", + "revCount": 3, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, diff --git a/secrets b/secrets index 46172e9..73b4f30 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 +Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb From 1790d785f528ca8473953bcdc9975e85f03368bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 22 Oct 2024 10:27:51 -0500 Subject: [PATCH 0315/1043] installed flipperq --- enviroments/client/default.nix | 1 + flake.lock | 30 +++++++++++++++--------------- users/leyla/packages.nix | 3 ++- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 86ff67b..9dfa06b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -44,6 +44,7 @@ # Enable sound with pipewire. hardware.pulseaudio.enable = false; + hardware.flipperzero.enable = true; security.rtkit.enable = true; environment.systemPackages = with pkgs; [ diff --git a/flake.lock b/flake.lock index 0e62de9..7fc8f4b 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1729321331, - "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", + "lastModified": 1729551526, + "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", + "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1729302344, - "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", + "lastModified": 1729475384, + "narHash": "sha256-x7ODafOKfxXMdgs/wPXVpmf04vOr7cJLEDWYT/TBjY0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a2a26f1bada2202572599346eb952bd3e130af66", + "rev": "77a421d6c7ea09381c7e33d90c3017c9727dfbc3", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729333370, - "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", + "lastModified": 1729509737, + "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", + "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728156290, - "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", + "lastModified": 1729357638, + "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17ae88b569bb15590549ff478bab6494dde4a907", + "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1728345710, - "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", + "lastModified": 1729394972, + "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", + "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 33bdc28..c8c5058 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,7 +38,7 @@ in { krita freecad # cura - kicad-small + # kicad-small makemkv transmission_4-gtk onionshare @@ -62,6 +62,7 @@ in { jetbrains.idea-community dbeaver-bin bruno + qFlipper # system tools protonvpn-gui From 77e3d687d4d4db1b5df94b5f6595855682e71bee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Oct 2024 12:10:25 -0500 Subject: [PATCH 0316/1043] added nix language server removed ollama --- enviroments/client/default.nix | 13 ++++++++++++- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 2 -- users/leyla/vscode.nix | 14 +++++++++++--- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 9dfa06b..0e07090 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,8 +1,16 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ../common ]; + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + services = { # Enable CUPS to print documents. printing.enable = true; @@ -51,6 +59,9 @@ # helvetica font aileron + # nix langauge server + nixd + cachefilesd gnomeExtensions.dash-to-dock diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 48e3c98..2698b8e 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -46,10 +46,10 @@ in { ); services = { - ollama = { - enable = cfg.hasGPU; - acceleration = "cuda"; - }; + # ollama = { + # enable = cfg.hasGPU; + # acceleration = "cuda"; + # }; # TODO: this should reference the home directory from the user config openssh.hostKeys = [ diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c8c5058..1406f6d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,9 +1,7 @@ { lib, - config, osConfig, pkgs, - inputs, ... }: let cfg = osConfig.nixos.users.leyla; diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index a0dd27c..2da1844 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -36,10 +36,18 @@ in { "cSpell.userWords" = [ "webdav" ]; + "nix.serverPath" = "nixd"; + "nix.enableLanguageServer" = true; + "nixpkgs" = { + "expr" = "import {}"; + }; + # "fomratting": { + # "command": [ "alejandra" ]; + # }; }; extensions = ( - with extensions.open-vsx; + with open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -68,10 +76,10 @@ in { # misc extensions bungcip.better-toml - open-vsx."10nates".ollama-autocoder + # lib.mkIf open-vsx."10nates".ollama-autocoder ] ++ ( - with extensions.vscode-marketplace; [ + with vscode-marketplace; [ # js extensions karyfoundation.nearley ] From f132f44b9603a93c6daed26ce61340bc19a2b93f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Oct 2024 13:16:14 -0500 Subject: [PATCH 0317/1043] installed proxmark tools --- README.md | 1 + flake.nix | 11 +++++++++-- overlays/default.nix | 7 +++++++ pkgs/default.nix | 3 ++- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 6 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 overlays/default.nix diff --git a/README.md b/README.md index 32b2a22..94476a5 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ +- https://nixos-and-flakes.thiscute.world/ ## Configuration set up git configuration for local development: `git config core.hooksPath .hooks` diff --git a/flake.nix b/flake.nix index efffbd2..aaf2266 100644 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,6 @@ }; outputs = { - self, nixpkgs, disko, nixos-hardware, @@ -60,22 +59,28 @@ home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; }; - forEachSystem = nixpkgs.lib.genAttrs [ + systems = [ "aarch64-darwin" "aarch64-linux" "x86_64-darwin" "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs systems; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); lib = callPackage ./util {} // nixpkgs.lib; in { + packages = forEachPkgs (import ./pkgs); + + formatter = forEachPkgs (system: system.alejandra); + nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix @@ -86,6 +91,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix @@ -95,6 +101,7 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..4957ab8 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,7 @@ +{...}: { + nixpkgs.overlays = [ + ( + self: super: import ../pkgs {pkgs = super;} + ) + ]; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 87a13d7..b02ba6c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,2 +1,3 @@ -_: { +{...}: { + # package = pkgs.callPackage ./package.nix {}; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2698b8e..2c1f87b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -27,7 +27,7 @@ in { then { isNormalUser = true; extraGroups = ( - ["networkmanager" "wheel"] + ["networkmanager" "wheel" "dialout"] ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" ); diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 1406f6d..8aa3a72 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -61,6 +61,8 @@ in { dbeaver-bin bruno qFlipper + proxmark3 + mfoc # system tools protonvpn-gui From 3e11cfd967714bc3e4665db4bca6673a5d29bf8a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 2 Nov 2024 15:58:03 -0500 Subject: [PATCH 0318/1043] fixed configs connection to nginx --- enviroments/common/default.nix | 11 +++ enviroments/server/default.nix | 153 ++++++++++++++++++++++++++------- 2 files changed, 133 insertions(+), 31 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index db170db..c07382f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,6 +86,12 @@ group = "hass"; isSystemUser = true; }; + + headscale = { + uid = 2005; + group = "headscale"; + isSystemUser = true; + }; }; groups = { @@ -133,6 +139,11 @@ gid = lib.mkForce 2004; members = ["hass" "leyla"]; }; + + headscale = { + gid = 2005; + members = ["headscale"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 7d44a14..fee58c6 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -4,7 +4,13 @@ pkgs, inputs, ... -}: { +}: let + jellyfinPort = 8096; + nfsPort = 2049; + dnsPort = 53; + httpPort = 80; + httpsPort = 443; +in { imports = [ ../common ]; @@ -47,6 +53,11 @@ description = "subdomain of base domain that headscale will be hosted at"; default = "headscale"; }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that headscale will be hosted at"; + default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + }; }; jellyfin = { subdomain = lib.mkOption { @@ -59,6 +70,43 @@ description = "hosname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; + directory = { + root = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will be at"; + default = "/home/jellyfin"; + }; + mediaDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the media in"; + default = "media"; + }; + mediaDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its media in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.mediaDirectoryName}"; + }; + dataDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the config in"; + default = "data"; + }; + dataDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its config in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.dataDirectoryName}"; + }; + cacheDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the cache in"; + default = "cache"; + }; + cacheDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its cache in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.cacheDirectoryName}"; + }; + }; }; forgejo = { subdomain = lib.mkOption { @@ -151,10 +199,10 @@ systemd = { tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server - "d /home/jellyfin/config 750 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" # is /home/docker/jellyfin/cache on existing server + "d ${config.apps.jellyfin.directory.root} 755 jellyfin jellyfin -" + "d ${config.apps.jellyfin.directory.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d ${config.apps.jellyfin.directory.dataDirectory} 2770 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server + "d ${config.apps.jellyfin.directory.cacheDirectory} 2750 jellyfin jellyfin -" # is /home/docker/jellyfin/cache on existing server "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system @@ -230,28 +278,57 @@ postgresql = { enable = true; - ensureDatabases = ["forgejo"]; + ensureDatabases = ["forgejo" "headscale"]; + ensureUsers = [ + { + name = "postgres"; + } + { + name = "forgejo"; + } + { + name = "headscale"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser - superuser_map root postgres + + # Administration Users superuser_map postgres postgres + superuser_map root postgres + superuser_map leyla postgres + + # Client Users superuser_map forgejo forgejo + # superuser_map headscale headscale ''; # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser auth-method optional_ident_map - local sameuser all peer map=superuser_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map ''; }; headscale = { enable = true; + user = "headscale"; + group = "headscale"; address = "0.0.0.0"; port = 8080; settings = { - # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns.base_domain = config.apps.base_domain; - logtail.enabled = false; + server_url = "https://${config.apps.headscale.hostname}"; + dns.base_domain = "clients.${config.apps.headscale.hostname}"; + logtail.enabled = true; + # database = { + # type = "postgres"; + # postgres = { + # host = "localhost"; + # port = 5432; + # user = "headscale"; + # name = "headscale"; + # }; + # }; }; }; @@ -259,13 +336,19 @@ enable = true; user = "jellyfin"; group = "jellyfin"; - dataDir = "/home/jellyfin/config"; - cacheDir = "/home/jellyfin/cache"; + dataDir = config.apps.jellyfin.directory.dataDirectory; + cacheDir = config.apps.jellyfin.directory.cacheDirectory; }; forgejo = { enable = true; - database.type = "postgres"; + database = { + type = "postgres"; + host = "localhost"; + port = 5432; + user = "forgejo"; + name = "forgejo"; + }; lfs.enable = true; settings = { server = { @@ -278,7 +361,7 @@ }; home-assistant = { - enable = true; + enable = false; configDir = "/home/hass"; config.http = { server_port = 8082; @@ -295,42 +378,41 @@ settings = { server = { port = 8083; - base_url = config.apps.searx.hostname; secret_key = "@SEARXNG_SECRET@"; }; }; }; nginx = { - enable = false; # TODO: enable this when you want to test all the configs + enable = true; virtualHosts = { ${config.apps.headscale.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/" = { proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; ${config.apps.jellyfin.hostname} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; + # forceSSL = true; + # enableACME = true; + locations."/".proxyPass = "http://localhost:${toString jellyfinPort}"; }; ${config.apps.forgejo.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; ${config.apps.home-assistant.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; ${config.apps.searx.hostname} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + # forceSSL = true; + # enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; }; @@ -341,8 +423,17 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081, 8082, 8083 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + dnsPort + nfsPort + jellyfinPort + config.services.headscale.port + config.services.forgejo.settings.server.HTTP_PORT + # config.services.home-assistant.config.http.server_port + config.services.searx.settings.server.port + ]; environment.systemPackages = [ config.services.headscale.package From 4e08a8ecf721e2f347dffe211694aab2fef1b1c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:15:48 -0600 Subject: [PATCH 0319/1043] removed rev number from install script --- install.sh | 2 +- secrets | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 882a935..bed56a9 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/secrets b/secrets index 73b4f30..ef623d6 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb +Subproject commit ef623d6a9e25c1f0ec9d282ab5ed5dff54674816 From 87895e29b592cf4c881f95604ea3a1fc57ad99ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:47:09 -0600 Subject: [PATCH 0320/1043] fixed database and permissions on service directories --- README.md | 3 - enviroments/common/default.nix | 11 ++ enviroments/server/default.nix | 176 +++++++++++++++++--------------- flake.lock | 48 +++++---- hosts/defiant/configuration.nix | 4 +- 5 files changed, 130 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index 94476a5..5f4848e 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- searxng -- nextcloud ??? - samba mounts - firefox declarative??? - figure out steam vr things? @@ -59,7 +57,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- headscale server (just needs to be tested) - mastodon server - tail scale clients - wake on LAN diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index c07382f..8df4c0e 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -92,6 +92,12 @@ group = "headscale"; isSystemUser = true; }; + + nextcloud = { + uid = 2006; + group = "nextcloud"; + isSystemUser = true; + }; }; groups = { @@ -144,6 +150,11 @@ gid = 2005; members = ["headscale"]; }; + + nextcloud = { + gid = 2006; + members = ["nextcloud"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index fee58c6..4cd45ff 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -10,6 +10,7 @@ dnsPort = 53; httpPort = 80; httpsPort = 443; + isDebug = false; in { imports = [ ../common @@ -46,6 +47,18 @@ in { type = lib.types.str; description = "ip address to use for pi-hole"; }; + directory = { + root = lib.mkOption { + type = lib.types.str; + description = "directory that piholes will be hosted at"; + default = "/var/lib/pihole"; + }; + data = lib.mkOption { + type = lib.types.str; + description = "directory that piholes data will be hosted at"; + default = "${config.apps.pihole.directory.root}/data"; + }; + }; }; headscale = { subdomain = lib.mkOption { @@ -70,48 +83,16 @@ in { description = "hosname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; - directory = { - root = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will be at"; - default = "/home/jellyfin"; - }; - mediaDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the media in"; - default = "media"; - }; - mediaDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its media in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.mediaDirectoryName}"; - }; - dataDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the config in"; - default = "data"; - }; - dataDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its config in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.dataDirectoryName}"; - }; - cacheDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the cache in"; - default = "cache"; - }; - cacheDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its cache in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.cacheDirectoryName}"; - }; + mediaDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will be at"; + default = "/home/jellyfin"; }; }; forgejo = { subdomain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that foregjo will be hosted at"; + description = "subdomain of base domain that forgejo will be hosted at"; default = "forgejo"; }; hostname = lib.mkOption { @@ -144,6 +125,18 @@ in { default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; }; }; + nextcloud = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that nextcloud will be hosted at"; + default = "nextcloud"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that nextcloud will be hosted at"; + default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -155,6 +148,10 @@ in { "services/searx" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/nextcloud_adminpass" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + owner = config.users.users.nextcloud.name; + }; }; virtualisation = { @@ -178,7 +175,7 @@ in { in { image = config.apps.pihole.image; volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.apps.pihole.directory.data}:/etc/pihole:rw" "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" ]; environment = { @@ -197,16 +194,12 @@ in { }; }; + # TODO: dynamic users systemd = { tmpfiles.rules = [ - "d ${config.apps.jellyfin.directory.root} 755 jellyfin jellyfin -" - "d ${config.apps.jellyfin.directory.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server - "d ${config.apps.jellyfin.directory.dataDirectory} 2770 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server - "d ${config.apps.jellyfin.directory.cacheDirectory} 2750 jellyfin jellyfin -" # is /home/docker/jellyfin/cache on existing server - "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server - "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system - "d /home/hass 750 hass hass -" # is /home/docker/hass on old system + "d ${config.apps.jellyfin.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system + "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system ]; services = { @@ -241,6 +234,13 @@ in { partOf = ["podman-compose-root.target"]; wantedBy = ["podman-compose-root.target"]; }; + # nextcloud-setup = { + # after = ["network.target"]; + # }; + headscale = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; }; # disable computer sleeping @@ -278,18 +278,24 @@ in { postgresql = { enable = true; - ensureDatabases = ["forgejo" "headscale"]; ensureUsers = [ { name = "postgres"; } { name = "forgejo"; + ensureDBOwnership = true; } { name = "headscale"; + ensureDBOwnership = true; } ]; + ensureDatabases = [ + "forgejo" + "headscale" + # "nextcloud" + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -300,13 +306,13 @@ in { # Client Users superuser_map forgejo forgejo - # superuser_map headscale headscale + superuser_map headscale headscale ''; # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map ''; }; @@ -320,34 +326,27 @@ in { server_url = "https://${config.apps.headscale.hostname}"; dns.base_domain = "clients.${config.apps.headscale.hostname}"; logtail.enabled = true; - # database = { - # type = "postgres"; - # postgres = { - # host = "localhost"; - # port = 5432; - # user = "headscale"; - # name = "headscale"; - # }; - # }; + database = { + type = "postgres"; + postgres = { + host = "/run/postgresql"; + port = config.services.postgresql.settings.port; + user = "headscale"; + name = "headscale"; + }; + }; }; }; jellyfin = { enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = config.apps.jellyfin.directory.dataDirectory; - cacheDir = config.apps.jellyfin.directory.cacheDirectory; }; forgejo = { enable = true; database = { type = "postgres"; - host = "localhost"; - port = 5432; - user = "forgejo"; - name = "forgejo"; + socket = "/run/postgresql"; }; lfs.enable = true; settings = { @@ -355,14 +354,11 @@ in { DOMAIN = config.apps.forgejo.hostname; HTTP_PORT = 8081; }; - service.DISABLE_REGISTRATION = true; }; - stateDir = "/home/forgejo/data"; }; home-assistant = { - enable = false; - configDir = "/home/hass"; + enable = true; config.http = { server_port = 8082; use_x_forwarded_for = true; @@ -383,6 +379,16 @@ in { }; }; + # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = config.apps.nextcloud.hostname; + config = { + adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + }; + }; + nginx = { enable = true; virtualHosts = { @@ -423,17 +429,21 @@ in { defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - dnsPort - nfsPort - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - # config.services.home-assistant.config.http.server_port - config.services.searx.settings.server.port - ]; + networking.firewall.allowedTCPPorts = + [ + httpPort + httpsPort + dnsPort + nfsPort + ] + ++ (lib.optional isDebug [ + jellyfinPort + config.services.headscale.port + config.services.forgejo.settings.server.HTTP_PORT + config.services.home-assistant.config.http.server_port + config.services.postgresql.settings.port + config.services.searx.settings.server.port + ]); environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 7fc8f4b..4d181fa 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1729281548, - "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", + "lastModified": 1730751873, + "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", "owner": "nix-community", "repo": "disko", - "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", + "rev": "856a2902156ba304efebd4c1096dbf7465569454", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1729551526, - "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", + "lastModified": 1730633670, + "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", + "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1729475384, - "narHash": "sha256-x7ODafOKfxXMdgs/wPXVpmf04vOr7cJLEDWYT/TBjY0=", + "lastModified": 1730685024, + "narHash": "sha256-w0cQSTjLBaUSziPGwyI0nbWVD64+N3ByoSxC0CEZmeI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "77a421d6c7ea09381c7e33d90c3017c9727dfbc3", + "rev": "16ca007ec37c29a8b97e4899f33c013defbdb2f9", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729509737, - "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", + "lastModified": 1730537918, + "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", + "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", "type": "github" }, "original": { @@ -114,11 +114,9 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729256560, - "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", + "rev": "6eef3d72452247a6d9baafe05cffc1c9bc93f1c4", "type": "github" }, "original": { @@ -130,11 +128,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1729357638, - "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -158,11 +156,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1729353554, - "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", + "lastModified": 1730665670, + "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", "ref": "main", - "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", - "revCount": 3, + "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", + "revCount": 6, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, @@ -180,11 +178,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1729394972, - "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", + "lastModified": 1730746162, + "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", + "rev": "59d6988329626132eaf107761643f55eb979eef1", "type": "github" }, "original": { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 07017bd..76dba60 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,6 +1,5 @@ # server nas { - config, pkgs, inputs, ... @@ -47,6 +46,9 @@ forgejo = { subdomain = "git"; }; + nextcloud = { + subdomain = "drive"; + }; }; services = { From c4cf83298f0a687913e5e7ba905d62bbfa74f757 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:49:44 -0600 Subject: [PATCH 0321/1043] added tail scale to clients --- enviroments/client/default.nix | 4 ++++ hosts/horizon/configuration.nix | 7 +------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 0e07090..921d7b5 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -48,6 +48,10 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; + + tailscale = { + enable = true; + }; }; # Enable sound with pipewire. diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index f49e83d..15a52e9 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,10 +1,5 @@ # leyla laptop -{ - config, - pkgs, - inputs, - ... -}: { +{inputs, ...}: { imports = [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops From 89bbccb9db7a5a28e55fb79cd2e48c3e9c86f3f2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 22:25:10 -0600 Subject: [PATCH 0322/1043] added user dirs to leyla home manager --- users/leyla/home.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 14f4e8b..342be5e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,5 +1,4 @@ { - lib, pkgs, osConfig, ... @@ -37,6 +36,25 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; + ".config/user-dirs.dirs" = { + force = true; + text = '' + # This file is written by xdg-user-dirs-update + # If you want to change or add directories, just edit the line you're + # interested in. All local changes will be retained on the next run. + # Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped + # homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an + # absolute path. No other format is supported. + # + XDG_DESKTOP_DIR="$HOME/desktop" + XDG_DOWNLOAD_DIR="$HOME/downloads" + XDG_DOCUMENTS_DIR="$HOME/documents" + XDG_TEMPLATES_DIR="$HOME/documents/templates" + XDG_MUSIC_DIR="$HOME/documents/music" + XDG_PICTURES_DIR="$HOME/documents/photos" + XDG_VIDEOS_DIR="$HOME/documents/videos" + ''; + }; }; # Home Manager can also manage your environment variables through From 8553f6fcd8ec55a8be748f2cc74b3b6d130ae351 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:12:31 -0600 Subject: [PATCH 0323/1043] disabled tails scale on clients --- enviroments/client/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 921d7b5..16e3263 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -49,9 +49,9 @@ #media-session.enable = true; }; - tailscale = { - enable = true; - }; + # tailscale = { + # enable = true; + # }; }; # Enable sound with pipewire. From 818110419ef458fa8a5487ce2a49c9ee0f103385 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:16:09 -0600 Subject: [PATCH 0324/1043] added public share to leyla home --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 342be5e..c74037a 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -53,6 +53,7 @@ XDG_MUSIC_DIR="$HOME/documents/music" XDG_PICTURES_DIR="$HOME/documents/photos" XDG_VIDEOS_DIR="$HOME/documents/videos" + XDG_PUBLICSHARE_DIR="$HOME/documents/public" ''; }; }; From 22f6a37ea89f7247008e9afccfcc8ecf277a8fc0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:17:50 -0600 Subject: [PATCH 0325/1043] drafted out impermanence for defiant --- README.md | 2 +- flake.lock | 16 ++++ flake.nix | 6 ++ hosts/defiant/disko-config.nix | 91 +++++++++--------- hosts/defiant/hardware-configuration.nix | 113 ++++++++++++++++++++++- 5 files changed, 182 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 5f4848e..e94d8b3 100644 --- a/README.md +++ b/README.md @@ -60,4 +60,4 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - mastodon server - tail scale clients - wake on LAN -- ISO target that contains authorized keys for nixos-anywhere \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file diff --git a/flake.lock b/flake.lock index 4d181fa..ed31d1e 100644 --- a/flake.lock +++ b/flake.lock @@ -74,6 +74,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1730403150, + "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat", @@ -146,6 +161,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index aaf2266..7e716ec 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + impermanence = { + url = "github:nix-community/impermanence"; + }; + # users home directories home-manager = { url = "github:nix-community/home-manager"; @@ -49,6 +53,7 @@ outputs = { nixpkgs, disko, + impermanence, nixos-hardware, home-manager, ... @@ -102,6 +107,7 @@ specialArgs = {inherit inputs lib;}; modules = [ ./overlays + impermanence.nixosModules.impermanence disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index a913aeb..0be19c4 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -1,10 +1,9 @@ -{lib, ...}: let +{...}: let bootDisk = devicePath: { type = "disk"; device = devicePath; content = { type = "gpt"; - partitions = { boot = { size = "1M"; @@ -32,37 +31,37 @@ size = "100%"; content = { type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - cacheDisk = devicePath: swapSize: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - encryptedSwap = { - size = swapSize; - content = { - type = "swap"; - randomEncryption = true; - discardPolicy = "both"; - resumeDevice = true; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; + pool = "rpool"; }; }; }; }; }; + # cacheDisk = devicePath: swapSize: { + # type = "disk"; + # device = devicePath; + # content = { + # type = "gpt"; + # partitions = { + # encryptedSwap = { + # size = swapSize; + # content = { + # type = "swap"; + # randomEncryption = true; + # discardPolicy = "both"; + # resumeDevice = true; + # }; + # }; + # zfs = { + # size = "100%"; + # content = { + # type = "zfs"; + # pool = "rpool"; + # }; + # }; + # }; + # }; + # }; in { disko.devices = { disk = { @@ -75,7 +74,7 @@ in { # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zroot = { + rpool = { type = "zpool"; mode = { topology = { @@ -92,7 +91,7 @@ in { } ]; cache = []; - # cache = [ "ssd_2_tb_a" ]; + # cache = [ "ssd_2_tb_a" ];z }; }; @@ -101,34 +100,40 @@ in { }; rootFsOptions = { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; compression = "lz4"; xattr = "sa"; acltype = "posixacl"; + canmount = "off"; "com.sun:auto-snapshot" = "false"; }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - datasets = { - "nix" = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + options.mountpoint = "legacy"; + postCreateHook = "zfs snapshot rpool/root@blank"; + }; + home = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + postCreateHook = "zfs snapshot rpool/home@blank"; + }; + nix = { type = "zfs_fs"; mountpoint = "/nix"; }; - "home" = { + persistent = { type = "zfs_fs"; - mountpoint = "/mnt/home"; + mountpoint = "/persistent"; options = { "com.sun:auto-snapshot" = "true"; }; }; - "var" = { - type = "zfs_fs"; - mountpoint = "/var"; - }; }; }; }; diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index edfaeee..0d345f2 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -2,9 +2,9 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { + pkgs, config, lib, - pkgs, modulesPath, ... }: { @@ -13,27 +13,136 @@ ../hardware-common.nix ]; + security.sudo.extraConfig = "Defaults lecture=never"; + boot = { initrd = { availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; kernelModules = []; + # TODO: figure out some kind of snapshotting before rolebacks + # postDeviceCommands = lib.mkAfter '' + # zfs rollback -r rpool/root@blank + # zfs rollback -r rpool/home@blank + # ''; + systemd = { + enable = lib.mkDefault true; + services.rollback = { + description = "Rollback root filesystem to a pristine state on boot"; + wantedBy = [ + "zfs.target" + "initrd.target" + ]; + after = [ + "zfs-import-rpool.service" + ]; + before = [ + "sysroot.mount" + "fs.target" + ]; + path = with pkgs; [ + zfs + ]; + unitConfig.DefaultDependencies = "no"; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = + # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; + # }; + serviceConfig.Type = "oneshot"; + script = '' + zfs list -t snapshot || echo + zfs rollback -r rpool/root@blank + zfs rollback -r rpool/home@blank + ''; + }; + }; }; kernelModules = ["kvm-amd"]; + kernelParams = ["quiet"]; extraModulePackages = []; supportedFilesystems = ["zfs"]; - zfs.extraPools = ["zroot"]; + zfs.extraPools = ["rpool"]; }; swapDevices = []; + fileSystems = { + "/" = { + neededForBoot = true; + }; + + "/home" = { + neededForBoot = true; + }; + + "/persistent" = { + neededForBoot = true; + }; + }; + networking = { hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. useNetworkd = true; }; + environment.persistence."/persistent" = { + enable = true; + hideMounts = true; + directories = [ + # "/run/secrets" + + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + # config.environment.sessionVariables.SOPS_AGE_KEY_FILE + ]; + users.leyla = { + directories = [ + "documents" + ".ssh" + ]; + files = []; + }; + }; + + # systemd.services = { + # # https://github.com/openzfs/zfs/issues/10891 + # systemd-udev-settle.enable = false; + # # Snapshots are not accessable on boot for some reason this should fix it + # # https://github.com/NixOS/nixpkgs/issues/257505 + # zfs-mount = { + # serviceConfig = { + # # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ]; + # ExecStart = [ + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount" + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount" + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" + # ]; + # }; + # }; + # }; + systemd.network = { enable = true; From 64d547aa16f52f757a7e1cdc459ba69f6a87eea7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 18:38:44 -0600 Subject: [PATCH 0326/1043] switched to using dev shells for local development environment --- .envrc | 1 + .gitignore | 3 ++- .hooks/post-commit | 3 ++- .hooks/pre-commit | 5 +++-- README.md | 14 ++++++-------- const/sops_age_key_directory.nix | 1 + enviroments/common/default.nix | 2 +- flake.lock | 17 ++++++++++++++++- flake.nix | 18 +++++++++++++++++- install.sh | 2 +- lint.sh | 3 --- shell.nix | 14 ++++++++++++++ 12 files changed, 64 insertions(+), 19 deletions(-) create mode 100644 .envrc create mode 100644 const/sops_age_key_directory.nix delete mode 100755 lint.sh create mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..8392d15 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake \ No newline at end of file diff --git a/.gitignore b/.gitignore index e2f5dd2..d1da3a8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -result \ No newline at end of file +result +.direnv \ No newline at end of file diff --git a/.hooks/post-commit b/.hooks/post-commit index 93d7f15..56c439d 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix echo "restoring stashed changes" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 6687ec0..f98c64f 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix echo "stashing all uncommitted changes" git stash -q --keep-index @@ -11,7 +12,7 @@ if [ ! $? -eq 0 ]; then fi echo "running linter" -./lint.sh +alejandra -q . RESULT=$? diff --git a/README.md b/README.md index e94d8b3..afd4f90 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | | `defiant` | NAS Server | Leyla | Service | -| `emergent` | Desktop Computer | Eve | Laptop | -| `threshold` | Laptop | Eve | Desktop | +| `emergent` | Desktop Computer | Eve | Desktop | +| `threshold` | Laptop | Eve | Laptop | # Tooling ## Lint @@ -22,10 +22,13 @@ ## New host setup `./install.sh --target 192.168.1.130 --flake hostname` +## Updating Secrets +`sops -c sops secrets/secrets_file_here.yaml` + # Notes: ## Research topics -- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ @@ -33,11 +36,6 @@ - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ - https://nixos-and-flakes.thiscute.world/ -## Configuration -set up git configuration for local development: `git config core.hooksPath .hooks` - -to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) - # Tasks: ## Tech Debt diff --git a/const/sops_age_key_directory.nix b/const/sops_age_key_directory.nix new file mode 100644 index 0000000..cf948df --- /dev/null +++ b/const/sops_age_key_directory.nix @@ -0,0 +1 @@ +"/var/lib/sops-nix" diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8df4c0e..36b86ac 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -196,7 +196,7 @@ ]; sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; }; }; diff --git a/flake.lock b/flake.lock index ed31d1e..f77c46a 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,20 @@ } }, "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -91,7 +105,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -160,6 +174,7 @@ "root": { "inputs": { "disko": "disko", + "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", diff --git a/flake.nix b/flake.nix index 7e716ec..1d10485 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,10 @@ nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; + + flake-compat = { + url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + }; }; outputs = { @@ -78,7 +82,19 @@ in { packages = forEachPkgs (import ./pkgs); - formatter = forEachPkgs (system: system.alejandra); + formatter = forEachPkgs (pkgs: pkgs.alejandra); + + devShells = forEachPkgs (pkgs: { + default = pkgs.mkShell { + packages = with pkgs; [git sops alejandra nixos-anywhere]; + + SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; + + shellHook = '' + git config core.hooksPath .hooks + ''; + }; + }); nixosConfigurations = { # Leyla Laptop diff --git a/install.sh b/install.sh index bed56a9..0ed7cb8 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/lint.sh b/lint.sh deleted file mode 100755 index 3fc29e9..0000000 --- a/lint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -nix run git+https://github.com/kamadorueda/alejandra -- -q . diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d7c46b9 --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +( + import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + {src = ./.;} +) +.shellNix From 0bea01b6ba4e9c254c1363f02f332f8ddb5c038c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 19:01:56 -0600 Subject: [PATCH 0327/1043] installed lix on horizon --- flake.lock | 142 +++++++++++++++++++++++++++++++++++++++++++---------- flake.nix | 11 ++++- 2 files changed, 126 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f77c46a..4854b9d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1730751873, - "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "owner": "nix-community", "repo": "disko", - "rev": "856a2902156ba304efebd4c1096dbf7465569454", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "type": "github" }, "original": { @@ -24,14 +24,15 @@ "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" } }, "flake-compat_2": { @@ -54,6 +55,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -68,6 +87,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -75,11 +109,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -90,11 +124,11 @@ }, "impermanence": { "locked": { - "lastModified": 1730403150, - "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", "type": "github" }, "original": { @@ -103,20 +137,58 @@ "type": "github" } }, - "nix-vscode-extensions": { + "lix": { + "flake": false, + "locked": { + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + } + }, + "lix-module": { "inputs": { - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1730685024, - "narHash": "sha256-w0cQSTjLBaUSziPGwyI0nbWVD64+N3ByoSxC0CEZmeI=", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "ref": "stable", + "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", + "revCount": 110, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "ref": "stable", + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731289628, + "narHash": "sha256-bMqsWKoGMe4phm6xk2skjlGCCVv44AOom7Wb0eWv5Ic=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "16ca007ec37c29a8b97e4899f33c013defbdb2f9", + "rev": "91665308e59ce26cdcefa73dc85dfd9b39be725c", "type": "github" }, "original": { @@ -127,11 +199,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730537918, - "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", + "lastModified": 1731332224, + "narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", + "rev": "184687ae1a3139faa4746168baf071f60d0310c8", "type": "github" }, "original": { @@ -143,9 +215,11 @@ }, "nixpkgs": { "locked": { + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6eef3d72452247a6d9baafe05cffc1c9bc93f1c4", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -177,6 +251,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", @@ -209,11 +284,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730746162, - "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", + "lastModified": 1731364708, + "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "59d6988329626132eaf107761643f55eb979eef1", + "rev": "4c91d52db103e757fc25b58998b0576ae702d659", "type": "github" }, "original": { @@ -236,6 +311,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1d10485..02d86d7 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,12 @@ }; flake-compat = { - url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + url = "github:edolstra/flake-compat"; + }; + + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -60,6 +65,7 @@ impermanence, nixos-hardware, home-manager, + lix-module, ... } @ inputs: let home-manager-config = { @@ -101,6 +107,7 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays home-manager.nixosModules.home-manager home-manager-config @@ -112,6 +119,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays home-manager.nixosModules.home-manager home-manager-config @@ -122,6 +130,7 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays impermanence.nixosModules.impermanence disko.nixosModules.disko From 5ba3a082e6cc081f347f9c1830858f30741c1571 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 19:06:51 -0600 Subject: [PATCH 0328/1043] disabled impermanence --- enviroments/common/default.nix | 7 -- flake.lock | 16 --- flake.nix | 10 +- hosts/defiant/hardware-configuration.nix | 151 +++++++++++------------ 4 files changed, 80 insertions(+), 104 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 36b86ac..8b18f78 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -178,13 +178,6 @@ environment = { # List packages installed in system profile. systemPackages = with pkgs; [ - qemu - (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' - qemu-system-x86_64 \ - -bios ${OVMF.fd}/FV/OVMF.fd \ - "$@" - '') - wget # version control diff --git a/flake.lock b/flake.lock index 4854b9d..b092a6d 100644 --- a/flake.lock +++ b/flake.lock @@ -122,21 +122,6 @@ "type": "github" } }, - "impermanence": { - "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -250,7 +235,6 @@ "disko": "disko", "flake-compat": "flake-compat", "home-manager": "home-manager", - "impermanence": "impermanence", "lix-module": "lix-module", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 02d86d7..7d24c4c 100644 --- a/flake.nix +++ b/flake.nix @@ -23,9 +23,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - impermanence = { - url = "github:nix-community/impermanence"; - }; + # impermanence = { + # url = "github:nix-community/impermanence"; + # }; # users home directories home-manager = { @@ -62,7 +62,7 @@ outputs = { nixpkgs, disko, - impermanence, + # impermanence, nixos-hardware, home-manager, lix-module, @@ -132,7 +132,7 @@ modules = [ lix-module.nixosModules.default ./overlays - impermanence.nixosModules.impermanence + # impermanence.nixosModules.impermanence disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 0d345f2..13e4d5e 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -2,7 +2,6 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - pkgs, config, lib, modulesPath, @@ -24,38 +23,38 @@ # zfs rollback -r rpool/root@blank # zfs rollback -r rpool/home@blank # ''; - systemd = { - enable = lib.mkDefault true; - services.rollback = { - description = "Rollback root filesystem to a pristine state on boot"; - wantedBy = [ - "zfs.target" - "initrd.target" - ]; - after = [ - "zfs-import-rpool.service" - ]; - before = [ - "sysroot.mount" - "fs.target" - ]; - path = with pkgs; [ - zfs - ]; - unitConfig.DefaultDependencies = "no"; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = - # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; - # }; - serviceConfig.Type = "oneshot"; - script = '' - zfs list -t snapshot || echo - zfs rollback -r rpool/root@blank - zfs rollback -r rpool/home@blank - ''; - }; - }; + # systemd = { + # enable = lib.mkDefault true; + # services.rollback = { + # description = "Rollback root filesystem to a pristine state on boot"; + # wantedBy = [ + # "zfs.target" + # "initrd.target" + # ]; + # after = [ + # "zfs-import-rpool.service" + # ]; + # before = [ + # "sysroot.mount" + # "fs.target" + # ]; + # path = with pkgs; [ + # zfs + # ]; + # unitConfig.DefaultDependencies = "no"; + # # serviceConfig = { + # # Type = "oneshot"; + # # ExecStart = + # # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; + # # }; + # serviceConfig.Type = "oneshot"; + # script = '' + # zfs list -t snapshot || echo + # zfs rollback -r rpool/root@blank + # zfs rollback -r rpool/home@blank + # ''; + # }; + # }; }; kernelModules = ["kvm-amd"]; kernelParams = ["quiet"]; @@ -68,19 +67,19 @@ swapDevices = []; - fileSystems = { - "/" = { - neededForBoot = true; - }; + # fileSystems = { + # "/" = { + # neededForBoot = true; + # }; - "/home" = { - neededForBoot = true; - }; + # "/home" = { + # neededForBoot = true; + # }; - "/persistent" = { - neededForBoot = true; - }; - }; + # "/persistent" = { + # neededForBoot = true; + # }; + # }; networking = { hostId = "c51763d6"; @@ -88,43 +87,43 @@ useNetworkd = true; }; - environment.persistence."/persistent" = { - enable = true; - hideMounts = true; - directories = [ - # "/run/secrets" + # environment.persistence."/persistent" = { + # enable = true; + # hideMounts = true; + # directories = [ + # # "/run/secrets" - "/etc/ssh" + # "/etc/ssh" - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" + # "/var/log" + # "/var/lib/nixos" + # "/var/lib/systemd/coredump" - # config.apps.pihole.directory.root + # # config.apps.pihole.directory.root - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir + # # config.apps.jellyfin.mediaDirectory + # # config.services.jellyfin.configDir + # # config.services.jellyfin.cacheDir + # # config.services.jellyfin.dataDir - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home - ]; - files = [ - "/etc/machine-id" - # config.environment.sessionVariables.SOPS_AGE_KEY_FILE - ]; - users.leyla = { - directories = [ - "documents" - ".ssh" - ]; - files = []; - }; - }; + # # "/var/hass" # config.users.users.hass.home + # # "/var/postgresql" # config.users.users.postgresql.home + # # "/var/forgejo" # config.users.users.forgejo.home + # # "/var/nextcloud" # config.users.users.nextcloud.home + # # "/var/headscale" # config.users.users.headscale.home + # ]; + # files = [ + # "/etc/machine-id" + # # config.environment.sessionVariables.SOPS_AGE_KEY_FILE + # ]; + # users.leyla = { + # directories = [ + # "documents" + # ".ssh" + # ]; + # files = []; + # }; + # }; # systemd.services = { # # https://github.com/openzfs/zfs/issues/10891 From 47c8a79178bb08260c66782fb81eba8f03b0d1a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 20:18:24 -0600 Subject: [PATCH 0329/1043] installed nix-inspect in dev shell --- README.md | 3 +++ flake.nix | 8 +++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index afd4f90..d04a328 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,9 @@ ## Updating Secrets `sops -c sops secrets/secrets_file_here.yaml` +## Inspecting a configuration +`nix-inspect -p .` + # Notes: ## Research topics diff --git a/flake.nix b/flake.nix index 7d24c4c..4485df3 100644 --- a/flake.nix +++ b/flake.nix @@ -92,7 +92,13 @@ devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { - packages = with pkgs; [git sops alejandra nixos-anywhere]; + packages = with pkgs; [ + git + sops + alejandra + nix-inspect + nixos-anywhere + ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; From db36e48564fb14abe2eef7fd7ef571f20b18f472 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 13 Nov 2024 18:49:06 -0600 Subject: [PATCH 0330/1043] added hide env diff to direnv config --- users/leyla/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c74037a..1cb93f5 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -95,6 +95,9 @@ enable = true; enableBashIntegration = true; nix-direnv.enable = true; + config = { + hide_env_diff = true; + }; }; bash.enable = true; From 1179b3a6057e8e5e1c43fb4ec4c78a1308824f86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 16 Nov 2024 23:35:02 +0000 Subject: [PATCH 0331/1043] added nix-config to direnv whitelist --- users/leyla/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1cb93f5..f87768e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -96,7 +96,8 @@ enableBashIntegration = true; nix-direnv.enable = true; config = { - hide_env_diff = true; + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; }; }; bash.enable = true; From da8f80584fc79521fe1dbb9e48d58a8d386c80be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 17 Nov 2024 19:18:14 -0600 Subject: [PATCH 0332/1043] installed plugins for astro blog development --- users/leyla/vscode.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index 2da1844..1a118db 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -73,6 +73,10 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + # misc extensions bungcip.better-toml From c8e7944da51575860e7b8396cf1b64a0bf95042f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Nov 2024 22:02:11 -0600 Subject: [PATCH 0333/1043] added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d04a328..1c3dac4 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates +- default open file types - samba mounts - firefox declarative??? - figure out steam vr things? From 18f51a65c267eff00cfb55c29701f57f505827eb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 00:51:10 -0600 Subject: [PATCH 0334/1043] restructured project to split out home manager --- enviroments/common/default.nix | 2 +- enviroments/common/users/default.nix | 9 + .../common/users}/ester/default.nix | 1 - .../common/users}/eve/default.nix | 1 - .../common/users}/leyla/default.nix | 0 flake.nix | 78 +---- homes/default.nix | 5 + .../ester/home.nix => homes/ester/default.nix | 1 - users/eve/home.nix => homes/eve/default.nix | 0 .../leyla/home.nix => homes/leyla/default.nix | 0 homes/leyla/firefox.nix | 304 ++++++++++++++++++ {users => homes}/leyla/packages.nix | 0 {users => homes}/leyla/vscode.nix | 2 +- hosts/defiant/configuration.nix | 8 +- hosts/defiant/default.nix | 8 + hosts/horizon/configuration.nix | 18 +- hosts/horizon/default.nix | 7 + hosts/twilight/configuration.nix | 13 +- hosts/twilight/default.nix | 7 + secrets | 1 - users/default.nix | 14 - users/home.nix | 9 - users/leyla/firefox.nix | 132 -------- util/default.nix | 55 +++- 24 files changed, 421 insertions(+), 254 deletions(-) create mode 100644 enviroments/common/users/default.nix rename {users => enviroments/common/users}/ester/default.nix (98%) rename {users => enviroments/common/users}/eve/default.nix (98%) rename {users => enviroments/common/users}/leyla/default.nix (100%) create mode 100644 homes/default.nix rename users/ester/home.nix => homes/ester/default.nix (99%) rename users/eve/home.nix => homes/eve/default.nix (100%) rename users/leyla/home.nix => homes/leyla/default.nix (100%) create mode 100644 homes/leyla/firefox.nix rename {users => homes}/leyla/packages.nix (100%) rename {users => homes}/leyla/vscode.nix (98%) create mode 100644 hosts/defiant/default.nix create mode 100644 hosts/horizon/default.nix create mode 100644 hosts/twilight/default.nix delete mode 160000 secrets delete mode 100644 users/default.nix delete mode 100644 users/home.nix delete mode 100644 users/leyla/firefox.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8b18f78..cd8d588 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -4,7 +4,7 @@ ... }: { imports = [ - ../../users + ./users ]; nix = { diff --git a/enviroments/common/users/default.nix b/enviroments/common/users/default.nix new file mode 100644 index 0000000..ab0baa9 --- /dev/null +++ b/enviroments/common/users/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + ./leyla + ./ester + ./eve + ]; + + users.mutableUsers = false; +} diff --git a/users/ester/default.nix b/enviroments/common/users/ester/default.nix similarity index 98% rename from users/ester/default.nix rename to enviroments/common/users/ester/default.nix index ec5449c..0ebd7d1 100644 --- a/users/ester/default.nix +++ b/enviroments/common/users/ester/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: let diff --git a/users/eve/default.nix b/enviroments/common/users/eve/default.nix similarity index 98% rename from users/eve/default.nix rename to enviroments/common/users/eve/default.nix index 46c9a8a..fa40112 100644 --- a/users/eve/default.nix +++ b/enviroments/common/users/eve/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: let diff --git a/users/leyla/default.nix b/enviroments/common/users/leyla/default.nix similarity index 100% rename from users/leyla/default.nix rename to enviroments/common/users/leyla/default.nix diff --git a/flake.nix b/flake.nix index 4485df3..4ebc7ec 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,7 @@ }; # firefox-addons = { - # url = "gitlab.com:rycee/nur-expressions?dir=pkgs/firefox-addons"; + # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; # inputs.nixpkgs.follows = "nixpkgs"; # }; @@ -59,32 +59,13 @@ }; }; - outputs = { - nixpkgs, - disko, - # impermanence, - nixos-hardware, - home-manager, - lix-module, - ... - } @ inputs: let - home-manager-config = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - }; - systems = [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachSystem = nixpkgs.lib.genAttrs systems; - forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - - callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); - lib = callPackage ./util {} // nixpkgs.lib; + outputs = {...} @ inputs: let + util = import ./util {inherit inputs;}; + forEachPkgs = util.forEachPkgs; + mkSystem = util.mkSystem; + # mkHome = util.mkHome; + # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); + # lib = callPackage ./lib {} // nixpkgs.lib; in { packages = forEachPkgs (import ./pkgs); @@ -108,44 +89,15 @@ }; }); + # homeConfigurations = { + # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; + # }; + nixosConfigurations = { # Leyla Laptop - horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/horizon/configuration.nix - nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - }; - # Leyla Desktop - twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/twilight/configuration.nix - ]; - }; - # NAS Service - defiant = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - # impermanence.nixosModules.impermanence - disko.nixosModules.disko - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/defiant/disko-config.nix - ./hosts/defiant/configuration.nix - ]; - }; + horizon = mkSystem "horizon"; + twilight = mkSystem "twilight"; + defiant = mkSystem "defiant"; }; }; } diff --git a/homes/default.nix b/homes/default.nix new file mode 100644 index 0000000..8b44126 --- /dev/null +++ b/homes/default.nix @@ -0,0 +1,5 @@ +{ + leyla = import ./leyla; + ester = import ./ester; + eve = import ./eve; +} diff --git a/users/ester/home.nix b/homes/ester/default.nix similarity index 99% rename from users/ester/home.nix rename to homes/ester/default.nix index 773c13c..3edfca4 100644 --- a/users/ester/home.nix +++ b/homes/ester/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - config, osConfig, ... }: let diff --git a/users/eve/home.nix b/homes/eve/default.nix similarity index 100% rename from users/eve/home.nix rename to homes/eve/default.nix diff --git a/users/leyla/home.nix b/homes/leyla/default.nix similarity index 100% rename from users/leyla/home.nix rename to homes/leyla/default.nix diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix new file mode 100644 index 0000000..b9c2153 --- /dev/null +++ b/homes/leyla/firefox.nix @@ -0,0 +1,304 @@ +{ + lib, + osConfig, + # buildFirefoxXpiAddon, + pkgs, + inputs, + ... +}: let + cfg = osConfig.nixos.users.leyla; +in { + # programs.firefox = { + # enable = cfg.isDesktopUser; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with inputs.firefox-addons.packages."x86_64-linux"; [ + # bitwarden + # terms-of-service-didnt-read + # multi-account-containers + # shinigami-eyes + + # ublock-origin + # sponsorblock + # dearrow + # df-youtube + # return-youtube-dislikes + + # privacy-badger + # decentraleyes + # clearurls + # localcdn + + # snowflake + + # deutsch-de-language-pack + # dictionary-german + + # # ( + # # buildFirefoxXpiAddon rec { + # # pname = "italiano-it-language-pack"; + # # version = "132.0.20241110.231641"; + # # addonId = "langpack-it@firefox.mozilla.org"; + # # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # # sha256 = ""; + # # meta = with lib; + # # { + # # description = "Firefox Language Pack for Italiano (it) – Italian"; + # # license = licenses.mpl20; + # # mozPermissions = []; + # # platforms = platforms.all; + # # }; + # # } + # # ) + # # ( + # # buildFirefoxXpiAddon rec { + # # pname = "dizionario-italiano"; + # # version = "5.1"; + # # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # # sha256 = ""; + # # meta = with lib; + # # { + # # description = "Add support for Italian to spellchecking"; + # # license = licenses.gpl3; + # # mozPermissions = []; + # # platforms = platforms.all; + # # }; + # # } + # # ) + # ]; + + # settings = { + # # Disable irritating first-run stuff + # "browser.disableResetPrompt" = true; + # "browser.download.panel.shown" = true; + # "browser.feeds.showFirstRunUI" = false; + # "browser.messaging-system.whatsNewPanel.enabled" = false; + # "browser.rights.3.shown" = true; + # "browser.shell.checkDefaultBrowser" = false; + # "browser.shell.defaultBrowserCheckCount" = 1; + # "browser.startup.homepage_override.mstone" = "ignore"; + # "browser.uitour.enabled" = false; + # "startup.homepage_override_url" = ""; + # "trailhead.firstrun.didSeeAboutWelcome" = true; + # "browser.bookmarks.restore_default_bookmarks" = false; + # "browser.bookmarks.addedImportButton" = true; + + # # Usage Experiance + # "browser.startup.homepage" = "about:home"; + # "browser.download.useDownloadDir" = false; + # "browser.uiCustomization.state" = builtins.toJSON { + # "currentVersion" = 20; + # "newElementCount" = 6; + # "dirtyAreaCache" = [ + # "nav-bar" + # "PersonalToolbar" + # "toolbar-menubar" + # "TabsToolbar" + # "unified-extensions-area" + # "vertical-tabs" + # ]; + # "placements" = { + # "widget-overflow-fixed-list" = []; + # "unified-extensions-area"= [ + # "ublock0_raymondhill_net-browser-action" + # "sponsorblocker_ajay_app-browser-action" + # "dearrow_ajay_app-browser-action" + # "privacy_privacy_com-browser-action" + # "addon_simplelogin-browser-action" + # ]; + # "nav-bar" = [ + # "back-button" + # "forward-button" + # "stop-reload-button" + # "urlbar-container" + # "downloads-button" + # "unified-extensions-button" + # "reset-pbm-toolbar-button" + # ]; + # "toolbar-menubar" = [ + # "menubar-items" + # ]; + # "TabsToolbar" = [ + # "firefox-view-button" + # "tabbrowser-tabs" + # "new-tab-button" + # "alltabs-button" + # ]; + # "vertical-tabs" = []; + # "PersonalToolbar" = [ + # "import-button" + # "personal-bookmarks" + # ]; + # }; + # "seen" = [ + # "save-to-pocket-button" + # "developer-button" + # "privacy_privacy_com-browser-action" + # "sponsorblocker_ajay_app-browser-action" + # "ublock0_raymondhill_net-browser-action" + # "addon_simplelogin-browser-action" + # "dearrow_ajay_app-browser-action" + # ]; + # }; + # "browser.newtabpage.activity-stream.feeds.topsites" = false; + # "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + # "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + # "browser.newtabpage.blocked" = lib.genAttrs [ + # # Facebook + # "4gPpjkxgZzXPVtuEoAL9Ig==" + # # Reddit + # "gLv0ja2RYVgxKdp0I5qwvA==" + # # Amazon + # "K00ILysCaEq8+bEqV/3nuw==" + # # Twitter + # "T9nJot5PurhJSy8n038xGA==" + # ] (_: 1); + # "signon.rememberSignons" = false; + # "identity.fxaccounts.enabled" = false; + + # # Security + # "privacy.trackingprotection.enabled" = true; + # "dom.security.https_only_mode" = true; + + # # Disable telemetry + # "app.shield.optoutstudies.enabled" = false; + # "browser.discovery.enabled" = false; + # "browser.newtabpage.activity-stream.feeds.telemetry" = false; + # "browser.newtabpage.activity-stream.telemetry" = false; + # "browser.ping-centre.telemetry" = false; + # "datareporting.healthreport.service.enabled" = false; + # "datareporting.healthreport.uploadEnabled" = false; + # "datareporting.policy.dataSubmissionEnabled" = false; + # "datareporting.sessions.current.clean" = true; + # "devtools.onboarding.telemetry.logged" = false; + # "toolkit.telemetry.archive.enabled" = false; + # "toolkit.telemetry.bhrPing.enabled" = false; + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.firstShutdownPing.enabled" = false; + # "toolkit.telemetry.hybridContent.enabled" = false; + # "toolkit.telemetry.newProfilePing.enabled" = false; + # "toolkit.telemetry.prompted" = 2; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.reportingpolicy.firstRun" = false; + # "toolkit.telemetry.server" = ""; + # "toolkit.telemetry.shutdownPingSender.enabled" = false; + # "toolkit.telemetry.unified" = false; + # "toolkit.telemetry.unifiedIsOptIn" = false; + # "toolkit.telemetry.updatePing.enabled" = false; + # }; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # # url = "https://media.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://mspsocial.net"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # }; +} diff --git a/users/leyla/packages.nix b/homes/leyla/packages.nix similarity index 100% rename from users/leyla/packages.nix rename to homes/leyla/packages.nix diff --git a/users/leyla/vscode.nix b/homes/leyla/vscode.nix similarity index 98% rename from users/leyla/vscode.nix rename to homes/leyla/vscode.nix index 1a118db..02411ad 100644 --- a/users/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -23,7 +23,7 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = true; + enable = cfg.isDesktopUser; package = pkgs.vscodium; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 76dba60..06724b4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,15 +1,11 @@ # server nas { - pkgs, inputs, + pkgs, ... }: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix - + inputs.disko.nixosModules.disko ../../enviroments/server ]; diff --git a/hosts/defiant/default.nix b/hosts/defiant/default.nix new file mode 100644 index 0000000..36e1b6f --- /dev/null +++ b/hosts/defiant/default.nix @@ -0,0 +1,8 @@ +# server nas +{...}: { + imports = [ + ./configuration.nix + ./disko-config.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 15a52e9..d176522 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,10 +1,6 @@ -# leyla laptop {inputs, ...}: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix + inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client ]; @@ -13,12 +9,12 @@ leyla = { isDesktopUser = true; }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; - }; + # ester = { + # isDesktopUser = true; + # }; + # eve = { + # isDesktopUser = true; + # }; }; # enabled virtualisation for docker diff --git a/hosts/horizon/default.nix b/hosts/horizon/default.nix new file mode 100644 index 0000000..1263215 --- /dev/null +++ b/hosts/horizon/default.nix @@ -0,0 +1,7 @@ +# leyla laptop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 0ed47c8..264ea40 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,16 +1,5 @@ -# leyla laptop -{ - config, - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix - ../../enviroments/client ]; nixos.users = { diff --git a/hosts/twilight/default.nix b/hosts/twilight/default.nix new file mode 100644 index 0000000..edfb3f6 --- /dev/null +++ b/hosts/twilight/default.nix @@ -0,0 +1,7 @@ +# leyla desktop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/secrets b/secrets deleted file mode 160000 index ef623d6..0000000 --- a/secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ef623d6a9e25c1f0ec9d282ab5ed5dff54674816 diff --git a/users/default.nix b/users/default.nix deleted file mode 100644 index fd1f6a4..0000000 --- a/users/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - lib, - config, - ... -}: { - imports = [./leyla ./ester ./eve]; - - users.mutableUsers = false; - - home-manager.users = import ./home.nix { - lib = lib; - config = config; - }; -} diff --git a/users/home.nix b/users/home.nix deleted file mode 100644 index d32f2df..0000000 --- a/users/home.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: { - leyla = lib.mkIf (config.nixos.users.leyla.isDesktopUser || config.nixos.users.leyla.isTerminalUser) (import ./leyla/home.nix); - ester = lib.mkIf config.nixos.users.ester.isDesktopUser (import ./ester/home.nix); - eve = lib.mkIf config.nixos.users.eve.isDesktopUser (import ./eve/home.nix); -} diff --git a/users/leyla/firefox.nix b/users/leyla/firefox.nix deleted file mode 100644 index 615b3e3..0000000 --- a/users/leyla/firefox.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: { - programs = { - # firefox = { - # enable = true; - # profiles.leyla = { - - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; - - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; - - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden - - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } - }; -} diff --git a/util/default.nix b/util/default.nix index a06ac29..e091d80 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,61 @@ -{lib, ...}: { +{inputs}: let + util = (import ./default.nix) {inherit inputs;}; + outputs = inputs.self.outputs; + + lib = inputs.lib; + lix-module = inputs.lix-module; + nixpkgs = inputs.nixpkgs; + home-manager = inputs.home-manager; + sops-nix = inputs.sops-nix; + + systems = [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachSystem = nixpkgs.lib.genAttrs systems; + pkgsFor = system: nixpkgs.legacyPackages.${system}; + + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.users = import ../homes; + }; +in { + forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: lib.mkMerge [ (lib.mkIf condition yes) (lib.mkUnless condition no) ]; + + mkSystem = host: + inputs.nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs util;}; + modules = [ + lix-module.nixosModules.default + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + home-manager-config + ../overlays + ../hosts/${host} + ]; + }; + + # mkHome = user: host: + # home-manager.lib.homeManagerConfiguration { + # # pkgs = pkgsFor system; + # extraSpecialArgs = { + # inherit inputs util outputs; + # }; + # modules = [ + # # config + # outputs.homeManagerModules.default + # ]; + # }; } From bf8d87600d8ded556a3e1d29b4643aeb1bc9723e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 00:53:37 -0600 Subject: [PATCH 0335/1043] commented out temporary unused imports in firefox --- homes/leyla/firefox.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index b9c2153..49796a0 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,12 +1,12 @@ { - lib, - osConfig, + # lib, + # osConfig, # buildFirefoxXpiAddon, - pkgs, - inputs, + # pkgs, + # inputs, ... }: let - cfg = osConfig.nixos.users.leyla; + # cfg = osConfig.nixos.users.leyla; in { # programs.firefox = { # enable = cfg.isDesktopUser; From 7d71802ba16605490f9cb30d6c221fe0358fd1f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 01:06:02 -0600 Subject: [PATCH 0336/1043] managed firefox though home manager --- README.md | 2 +- flake.lock | 45 ++- flake.nix | 8 +- homes/leyla/firefox.nix | 579 ++++++++++++++++++++------------------- homes/leyla/packages.nix | 1 - 5 files changed, 340 insertions(+), 295 deletions(-) diff --git a/README.md b/README.md index 1c3dac4..72c77cf 100644 --- a/README.md +++ b/README.md @@ -36,8 +36,8 @@ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html -- This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ - https://nixos-and-flakes.thiscute.world/ +- `homeConfigurations` https://github.com/diego-vicente/dotfiles/blob/6c47284868f9e99483da34257144bd03ae5edbbe/flake.nix # Tasks: diff --git a/flake.lock b/flake.lock index b092a6d..d107388 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,29 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1732248209, + "narHash": "sha256-Mv8k0VuGdb6YhhKt+8SIvhMdmI4xZhw/3ycSvlAq19Q=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "4a8ba00d1be3f3745428ed56efbb32155c548192", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-compat": { "locked": { "lastModified": 1696426674, @@ -52,6 +75,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -69,7 +107,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -138,7 +176,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -163,7 +201,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -233,6 +271,7 @@ "root": { "inputs": { "disko": "disko", + "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index 4ebc7ec..6302960 100644 --- a/flake.nix +++ b/flake.nix @@ -33,10 +33,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # firefox-addons = { - # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # vscode extensions nix-vscode-extensions = { diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index 49796a0..f69af0e 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,304 +1,311 @@ { - # lib, - # osConfig, + lib, + osConfig, # buildFirefoxXpiAddon, - # pkgs, - # inputs, + pkgs, + inputs, ... }: let - # cfg = osConfig.nixos.users.leyla; + cfg = osConfig.nixos.users.leyla; in { - # programs.firefox = { - # enable = cfg.isDesktopUser; - # profiles.leyla = { + programs.firefox = { + enable = cfg.isDesktopUser; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; + extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - # extentions = with inputs.firefox-addons.packages."x86_64-linux"; [ - # bitwarden - # terms-of-service-didnt-read - # multi-account-containers - # shinigami-eyes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - # ublock-origin - # sponsorblock - # dearrow - # df-youtube - # return-youtube-dislikes + privacy-badger + decentraleyes + clearurls + localcdn - # privacy-badger - # decentraleyes - # clearurls - # localcdn + snowflake - # snowflake + deutsch-de-language-pack + dictionary-german - # deutsch-de-language-pack - # dictionary-german + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - # # ( - # # buildFirefoxXpiAddon rec { - # # pname = "italiano-it-language-pack"; - # # version = "132.0.20241110.231641"; - # # addonId = "langpack-it@firefox.mozilla.org"; - # # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # # sha256 = ""; - # # meta = with lib; - # # { - # # description = "Firefox Language Pack for Italiano (it) – Italian"; - # # license = licenses.mpl20; - # # mozPermissions = []; - # # platforms = platforms.all; - # # }; - # # } - # # ) - # # ( - # # buildFirefoxXpiAddon rec { - # # pname = "dizionario-italiano"; - # # version = "5.1"; - # # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # # sha256 = ""; - # # meta = with lib; - # # { - # # description = "Add support for Italian to spellchecking"; - # # license = licenses.gpl3; - # # mozPermissions = []; - # # platforms = platforms.all; - # # }; - # # } - # # ) - # ]; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; - # settings = { - # # Disable irritating first-run stuff - # "browser.disableResetPrompt" = true; - # "browser.download.panel.shown" = true; - # "browser.feeds.showFirstRunUI" = false; - # "browser.messaging-system.whatsNewPanel.enabled" = false; - # "browser.rights.3.shown" = true; - # "browser.shell.checkDefaultBrowser" = false; - # "browser.shell.defaultBrowserCheckCount" = 1; - # "browser.startup.homepage_override.mstone" = "ignore"; - # "browser.uitour.enabled" = false; - # "startup.homepage_override_url" = ""; - # "trailhead.firstrun.didSeeAboutWelcome" = true; - # "browser.bookmarks.restore_default_bookmarks" = false; - # "browser.bookmarks.addedImportButton" = true; + # Usage Experiance + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "privacy_privacy_com-browser-action" + "addon_simplelogin-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "signon.rememberSignons" = false; + "identity.fxaccounts.enabled" = false; - # # Usage Experiance - # "browser.startup.homepage" = "about:home"; - # "browser.download.useDownloadDir" = false; - # "browser.uiCustomization.state" = builtins.toJSON { - # "currentVersion" = 20; - # "newElementCount" = 6; - # "dirtyAreaCache" = [ - # "nav-bar" - # "PersonalToolbar" - # "toolbar-menubar" - # "TabsToolbar" - # "unified-extensions-area" - # "vertical-tabs" - # ]; - # "placements" = { - # "widget-overflow-fixed-list" = []; - # "unified-extensions-area"= [ - # "ublock0_raymondhill_net-browser-action" - # "sponsorblocker_ajay_app-browser-action" - # "dearrow_ajay_app-browser-action" - # "privacy_privacy_com-browser-action" - # "addon_simplelogin-browser-action" - # ]; - # "nav-bar" = [ - # "back-button" - # "forward-button" - # "stop-reload-button" - # "urlbar-container" - # "downloads-button" - # "unified-extensions-button" - # "reset-pbm-toolbar-button" - # ]; - # "toolbar-menubar" = [ - # "menubar-items" - # ]; - # "TabsToolbar" = [ - # "firefox-view-button" - # "tabbrowser-tabs" - # "new-tab-button" - # "alltabs-button" - # ]; - # "vertical-tabs" = []; - # "PersonalToolbar" = [ - # "import-button" - # "personal-bookmarks" - # ]; - # }; - # "seen" = [ - # "save-to-pocket-button" - # "developer-button" - # "privacy_privacy_com-browser-action" - # "sponsorblocker_ajay_app-browser-action" - # "ublock0_raymondhill_net-browser-action" - # "addon_simplelogin-browser-action" - # "dearrow_ajay_app-browser-action" - # ]; - # }; - # "browser.newtabpage.activity-stream.feeds.topsites" = false; - # "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - # "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - # "browser.newtabpage.blocked" = lib.genAttrs [ - # # Facebook - # "4gPpjkxgZzXPVtuEoAL9Ig==" - # # Reddit - # "gLv0ja2RYVgxKdp0I5qwvA==" - # # Amazon - # "K00ILysCaEq8+bEqV/3nuw==" - # # Twitter - # "T9nJot5PurhJSy8n038xGA==" - # ] (_: 1); - # "signon.rememberSignons" = false; - # "identity.fxaccounts.enabled" = false; + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; - # # Security - # "privacy.trackingprotection.enabled" = true; - # "dom.security.https_only_mode" = true; + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; - # # Disable telemetry - # "app.shield.optoutstudies.enabled" = false; - # "browser.discovery.enabled" = false; - # "browser.newtabpage.activity-stream.feeds.telemetry" = false; - # "browser.newtabpage.activity-stream.telemetry" = false; - # "browser.ping-centre.telemetry" = false; - # "datareporting.healthreport.service.enabled" = false; - # "datareporting.healthreport.uploadEnabled" = false; - # "datareporting.policy.dataSubmissionEnabled" = false; - # "datareporting.sessions.current.clean" = true; - # "devtools.onboarding.telemetry.logged" = false; - # "toolkit.telemetry.archive.enabled" = false; - # "toolkit.telemetry.bhrPing.enabled" = false; - # "toolkit.telemetry.enabled" = false; - # "toolkit.telemetry.firstShutdownPing.enabled" = false; - # "toolkit.telemetry.hybridContent.enabled" = false; - # "toolkit.telemetry.newProfilePing.enabled" = false; - # "toolkit.telemetry.prompted" = 2; - # "toolkit.telemetry.rejected" = true; - # "toolkit.telemetry.reportingpolicy.firstRun" = false; - # "toolkit.telemetry.server" = ""; - # "toolkit.telemetry.shutdownPingSender.enabled" = false; - # "toolkit.telemetry.unified" = false; - # "toolkit.telemetry.unifiedIsOptIn" = false; - # "toolkit.telemetry.updatePing.enabled" = false; - # }; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # # url = "https://media.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://mspsocial.net"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # }; + bookmarks = [ + { + name = "Media"; + url = "https://jellyfin.jan-leila.com/"; + # url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Drive"; + url = "https://drive.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home-assistant.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; } diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 8aa3a72..bfa9f18 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -28,7 +28,6 @@ in { #foss platforms signal-desktop bitwarden - firefox ungoogled-chromium libreoffice inkscape From 962aae64433db92d27512d042e57001fb490319e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 01:10:02 -0600 Subject: [PATCH 0337/1043] removed unused templates folder --- templates/default.nix | 1 - 1 file changed, 1 deletion(-) delete mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix deleted file mode 100644 index eed7124..0000000 --- a/templates/default.nix +++ /dev/null @@ -1 +0,0 @@ -_: {} From d74342427bf158acdb3f2d929f01d0353fcae538 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:09:58 -0600 Subject: [PATCH 0338/1043] tightened up firefox extensions configuration --- homes/leyla/firefox.nix | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index f69af0e..c325495 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -143,11 +143,22 @@ in { "placements" = { "widget-overflow-fixed-list" = []; "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" "dearrow_ajay_app-browser-action" - "privacy_privacy_com-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; "nav-bar" = [ "back-button" @@ -181,6 +192,16 @@ in { "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; }; "browser.newtabpage.activity-stream.feeds.topsites" = false; @@ -196,13 +217,24 @@ in { # Twitter "T9nJot5PurhJSy8n038xGA==" ] (_: 1); - "signon.rememberSignons" = false; "identity.fxaccounts.enabled" = false; # Security "privacy.trackingprotection.enabled" = true; "dom.security.https_only_mode" = true; + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + # Disable telemetry "app.shield.optoutstudies.enabled" = false; "browser.discovery.enabled" = false; From 747119936bef06812bb8f583327636c6eff134ae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:11:09 -0600 Subject: [PATCH 0339/1043] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 72c77cf..593444e 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,6 @@ - Flake templates - default open file types - samba mounts -- firefox declarative??? - figure out steam vr things? - Open GL? - util functions From a71ddaf5bd21c60f576938e7c9891c4a2e632b44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:19:41 -0600 Subject: [PATCH 0340/1043] re enabled ester and eve users on horizon --- hosts/horizon/configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d176522..7b85581 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -9,12 +9,12 @@ leyla = { isDesktopUser = true; }; - # ester = { - # isDesktopUser = true; - # }; - # eve = { - # isDesktopUser = true; - # }; + ester = { + isDesktopUser = true; + }; + eve = { + isDesktopUser = true; + }; }; # enabled virtualisation for docker From 131f04d901a9c102ef1b81b0e7f6de1840d79716 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 23:47:06 -0600 Subject: [PATCH 0341/1043] added comments to flake inputs --- README.md | 1 + flake.nix | 3 +++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 593444e..8a34032 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ - move applications in server environment into their own flakes - get rid of disko config and import it in hardware-configuration.nix - why does users.users..home conflict with home-manager.users..home.homeDirectory +- get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates diff --git a/flake.nix b/flake.nix index 6302960..13f7b9a 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # firefox extensions firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; @@ -49,10 +50,12 @@ url = "github:NixOS/nixos-hardware/master"; }; + # this is just here so that we have a lock on it for our dev shells flake-compat = { url = "github:edolstra/flake-compat"; }; + # lix in nice ig lix-module = { url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; inputs.nixpkgs.follows = "nixpkgs"; From ab7d031045232ffbb0e2263b8bb6c6793a3ce6e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Nov 2024 00:05:55 -0600 Subject: [PATCH 0342/1043] added another description to a flake input --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 13f7b9a..e895b5b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # delete your darlings # impermanence = { # url = "github:nix-community/impermanence"; # }; From d6cccdc41b2a21001180de76fe0adba8ac457a31 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Nov 2024 16:08:31 -0600 Subject: [PATCH 0343/1043] installed godot_4-mono --- homes/leyla/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index bfa9f18..86da04a 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -45,6 +45,7 @@ in { # wireshark # rpi-imager # fritzing + mfoc # proprietary platforms discord @@ -61,7 +62,7 @@ in { bruno qFlipper proxmark3 - mfoc + godot_4-mono # system tools protonvpn-gui From ddc087a5480811c1644ab6c380ea882d3a721c5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 00:47:36 -0600 Subject: [PATCH 0344/1043] removed users from common removed common hardware --- enviroments/common/default.nix | 128 +---------- enviroments/common/users/default.nix | 9 - enviroments/common/users/ester/default.nix | 36 --- enviroments/common/users/eve/default.nix | 36 --- enviroments/common/users/leyla/default.nix | 78 ------- homes/default.nix | 12 +- homes/ester/default.nix | 4 +- homes/eve/default.nix | 4 +- homes/leyla/default.nix | 2 +- homes/leyla/firefox.nix | 6 +- homes/leyla/packages.nix | 128 ++++++----- homes/leyla/vscode.nix | 8 +- hosts/defiant/configuration.nix | 16 +- hosts/defiant/hardware-configuration.nix | 1 - hosts/hardware-common.nix | 15 -- hosts/horizon/configuration.nix | 37 +-- hosts/horizon/hardware-configuration.nix | 1 - hosts/twilight/configuration.nix | 25 ++- hosts/twilight/hardware-configuration.nix | 5 - modules/hardware.nix | 16 ++ modules/users.nix | 249 +++++++++++++++++++++ util/default.nix | 4 +- 22 files changed, 400 insertions(+), 420 deletions(-) delete mode 100644 enviroments/common/users/default.nix delete mode 100644 enviroments/common/users/ester/default.nix delete mode 100644 enviroments/common/users/eve/default.nix delete mode 100644 enviroments/common/users/leyla/default.nix delete mode 100644 hosts/hardware-common.nix create mode 100644 modules/hardware.nix create mode 100644 modules/users.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index cd8d588..e2c9e40 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,11 +1,5 @@ -{ - pkgs, - lib, - ... -}: { - imports = [ - ./users - ]; +{pkgs, ...}: { + imports = []; nix = { settings = { @@ -40,124 +34,6 @@ LC_TIME = "en_US.UTF-8"; }; - users = { - users = { - leyla = { - uid = 1000; - description = "Leyla"; - group = "leyla"; - home = "/home/leyla"; - }; - - ester = { - uid = 1001; - description = "Ester"; - group = "ester"; - home = "/home/ester"; - }; - - eve = { - uid = 1002; - description = "Eve"; - group = "eve"; - home = "/home/eve"; - }; - - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; - }; - - forgejo = { - uid = 2002; - group = "forgejo"; - isSystemUser = true; - }; - - pihole = { - uid = 2003; - group = "pihole"; - isSystemUser = true; - }; - - hass = { - uid = lib.mkForce 2004; - group = "hass"; - isSystemUser = true; - }; - - headscale = { - uid = 2005; - group = "headscale"; - isSystemUser = true; - }; - - nextcloud = { - uid = 2006; - group = "nextcloud"; - isSystemUser = true; - }; - }; - - groups = { - leyla = { - gid = 1000; - members = ["lelya"]; - }; - - ester = { - gid = 1001; - members = ["ester"]; - }; - - eve = { - gid = 1002; - members = ["eve"]; - }; - - users = { - gid = 100; - members = ["leyla" "ester" "eve"]; - }; - - jellyfin = { - gid = 2000; - members = ["jellyfin" "leyla"]; - }; - - jellyfin_media = { - gid = 2001; - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - - forgejo = { - gid = 2002; - members = ["forgejo" "leyla"]; - }; - - pihole = { - gid = 2003; - members = ["pihole" "leyla"]; - }; - - hass = { - gid = lib.mkForce 2004; - members = ["hass" "leyla"]; - }; - - headscale = { - gid = 2005; - members = ["headscale"]; - }; - - nextcloud = { - gid = 2006; - members = ["nextcloud"]; - }; - }; - }; - services = { automatic-timezoned = { enable = true; diff --git a/enviroments/common/users/default.nix b/enviroments/common/users/default.nix deleted file mode 100644 index ab0baa9..0000000 --- a/enviroments/common/users/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - ./leyla - ./ester - ./eve - ]; - - users.mutableUsers = false; -} diff --git a/enviroments/common/users/ester/default.nix b/enviroments/common/users/ester/default.nix deleted file mode 100644 index 0ebd7d1..0000000 --- a/enviroments/common/users/ester/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.ester; -in { - options.nixos.users.ester = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf cfg.isDesktopUser { - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.ester = ( - if cfg.isDesktopUser - then { - isNormalUser = true; - extraGroups = ["networkmanager"]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - } - else { - isSystemUser = true; - } - ); - }; -} diff --git a/enviroments/common/users/eve/default.nix b/enviroments/common/users/eve/default.nix deleted file mode 100644 index fa40112..0000000 --- a/enviroments/common/users/eve/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.eve; -in { - options.nixos.users.eve = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf cfg.isDesktopUser { - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.eve = ( - if cfg.isDesktopUser - then { - isNormalUser = true; - extraGroups = ["networkmanager"]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - } - else { - isSystemUser = true; - } - ); - }; -} diff --git a/enviroments/common/users/leyla/default.nix b/enviroments/common/users/leyla/default.nix deleted file mode 100644 index 2c1f87b..0000000 --- a/enviroments/common/users/leyla/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.leyla; -in { - options.nixos.users.leyla = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.leyla = ( - if (cfg.isDesktopUser || cfg.isTerminalUser) - then { - isNormalUser = true; - extraGroups = ( - ["networkmanager" "wheel" "dialout"] - ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" - ); - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - }; - } - else { - isSystemUser = true; - } - ); - - services = { - # ollama = { - # enable = cfg.hasGPU; - # acceleration = "cuda"; - # }; - - # TODO: this should reference the home directory from the user config - openssh.hostKeys = [ - { - comment = "leyla@" + config.networking.hostName; - path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; - rounds = 100; - type = "ed25519"; - } - ]; - }; - - programs = { - steam = lib.mkIf cfg.isDesktopUser { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; - - noisetorch.enable = cfg.isDesktopUser; - - adb.enable = cfg.isDesktopUser; - }; - }; -} diff --git a/homes/default.nix b/homes/default.nix index 8b44126..587d1c2 100644 --- a/homes/default.nix +++ b/homes/default.nix @@ -1,5 +1,11 @@ { - leyla = import ./leyla; - ester = import ./ester; - eve = import ./eve; + lib, + config, + ... +}: let + users = config.host.users; +in { + leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); + ester = lib.mkIf users.ester.isNormalUser (import ./ester); + eve = lib.mkIf users.eve.isNormalUser (import ./eve); } diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 3edfca4..1e5d579 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.nixos.users.ester; + cfg = osConfig.host.users.ester; in { config = { home = { @@ -54,7 +54,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.mkIf cfg.isDesktopUser ( + packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 0b1d25c..d358b0d 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.nixos.users.eve; + cfg = osConfig.host.users.eve; in { config = { home = { @@ -54,7 +54,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.mkIf cfg.isDesktopUser ( + packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index f87768e..fe90ccd 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -12,7 +12,7 @@ # manage. home = { username = "leyla"; - homeDirectory = osConfig.users.users.leyla.home; + # homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index c325495..32a3c6b 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -5,11 +5,9 @@ pkgs, inputs, ... -}: let - cfg = osConfig.nixos.users.leyla; -in { +}: { programs.firefox = { - enable = cfg.isDesktopUser; + enable = true; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 86da04a..97327ce 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,8 @@ pkgs, ... }: let - cfg = osConfig.nixos.users.leyla; + cfg = osConfig.host.users.leyla; + hardware = osConfig.host.hardware; in { imports = [ ./vscode.nix @@ -12,72 +13,69 @@ in { ]; home = { - packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( - lib.mkMerge [ - ( + packages = + lib.lists.optionals cfg.isTerminalUser ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ++ ( + lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ - # comand line tools - yt-dlp - ffmpeg - imagemagick + #foss platforms + signal-desktop + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + anki-bin + + # development tools + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + qFlipper + proxmark3 + godot_4-mono + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) ] ) - ( - lib.mkIf (!cfg.isTerminalUser) ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - anki-bin - - # development tools - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno - qFlipper - proxmark3 - godot_4-mono - - # system tools - protonvpn-gui - openvpn - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf osConfig.hardware.piperMouse.enable piper) - (lib.mkIf osConfig.hardware.openRGB.enable openrgb) - (lib.mkIf osConfig.hardware.viaKeyboard.enable via) - ] - ) - ) - ] - ); + ); }; } diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 02411ad..37127f4 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -4,9 +4,7 @@ pkgs, inputs, ... -}: let - cfg = osConfig.nixos.users.leyla; -in { +}: { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -14,7 +12,7 @@ in { }; programs = { - bash.shellAliases = lib.mkIf cfg.isDesktopUser { + bash.shellAliases = { code = "codium"; }; @@ -23,7 +21,7 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = cfg.isDesktopUser; + enable = true; package = pkgs.vscodium; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 06724b4..78c4ab5 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -7,11 +7,21 @@ imports = [ inputs.disko.nixosModules.disko ../../enviroments/server + + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isTerminalUser = true; + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla = { + isTerminalUser = true; + isDesktopUser = true; + }; + ester.isNormalUser = false; + eve.isNormalUser = false; }; }; diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 13e4d5e..c84a9b4 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -9,7 +9,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; security.sudo.extraConfig = "Defaults lecture=never"; diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix deleted file mode 100644 index 920d609..0000000 --- a/hosts/hardware-common.nix +++ /dev/null @@ -1,15 +0,0 @@ -{lib, ...}: { - options = { - hardware = { - piperMouse = { - enable = lib.mkEnableOption "host has a piper mouse"; - }; - viaKeyboard = { - enable = lib.mkEnableOption "host has a via keyboard"; - }; - openRGB = { - enable = lib.mkEnableOption "host has open rgb hardware"; - }; - }; - }; -} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 7b85581..53d04e9 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,29 +3,32 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isDesktopUser = true; - }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + }; + ester.isDesktopUser = true; + eve.isDesktopUser = true; }; }; # enabled virtualisation for docker - virtualisation.docker = { - enable = true; - rootless = { - enable = true; - setSocketVariable = true; - }; - }; - users.extraGroups.docker.members = ["leyla"]; + # virtualisation.docker = { + # enable = true; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; + # }; + # users.extraGroups.docker.members = ["leyla"]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 3645905..e333702 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; boot = { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 264ea40..17d7a9e 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,17 +1,24 @@ {pkgs, ...}: { imports = [ ../../enviroments/client + + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isDesktopUser = true; - hasGPU = true; + + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla.isDesktopUser = true; + ester.isDesktopUser = true; + eve.isDesktopUser = true; }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; + hardware = { + piperMouse.enable = true; + viaKeyboard.enable = true; + openRGB.enable = true; + graphicsAcceleration.enable = true; }; }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index b2f11ee..fe2353b 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; boot = { @@ -81,10 +80,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { - piperMouse.enable = true; - viaKeyboard.enable = true; - openRGB.enable = true; - # Enable OpenGL graphics.enable = true; diff --git a/modules/hardware.nix b/modules/hardware.nix new file mode 100644 index 0000000..b002658 --- /dev/null +++ b/modules/hardware.nix @@ -0,0 +1,16 @@ +{lib, ...}: { + options.host.hardware = { + piperMouse = { + enable = lib.mkEnableOption "host has a piper mouse"; + }; + viaKeyboard = { + enable = lib.mkEnableOption "host has a via keyboard"; + }; + openRGB = { + enable = lib.mkEnableOption "host has open rgb hardware"; + }; + graphicsAcceleration = { + enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; + }; + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..849fd68 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,249 @@ +{ + lib, + config, + inputs, + ... +}: let + uids = { + leyla = 1000; + ester = 1001; + eve = 1002; + jellyfin = 2000; + forgejo = 2002; + pihole = 2003; + hass = 2004; + headscale = 2005; + nextcloud = 2006; + }; + + gids = { + leyla = 1000; + ester = 1001; + eve = 1002; + users = 100; + jellyfin_media = 2001; + jellyfin = 2000; + forgejo = 2002; + pihole = 2003; + hass = 2004; + headscale = 2005; + nextcloud = 2006; + }; + + users = config.users.users; + leyla = users.leyla.name; + ester = users.ester.name; + eve = users.eve.name; +in { + options.host.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + + config = { + # set up user passwords + sops.secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + }; + + users = { + mutableUsers = false; + users = { + leyla = { + uid = lib.mkForce uids.leyla; + description = "Leyla"; + extraGroups = + (lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"]) + ++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]); + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + isNormalUser = config.host.users.leyla.isNormalUser; + isSystemUser = !config.host.users.leyla.isNormalUser; + group = config.users.users.leyla.name; + }; + + ester = { + uid = lib.mkForce uids.ester; + description = "Ester"; + extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + isNormalUser = config.host.users.ester.isNormalUser; + isSystemUser = !config.host.users.ester.isNormalUser; + group = config.users.users.ester.name; + }; + + eve = { + uid = lib.mkForce uids.eve; + description = "Eve"; + extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + isNormalUser = config.host.users.eve.isNormalUser; + isSystemUser = !config.host.users.eve.isNormalUser; + group = config.users.users.eve.name; + }; + + jellyfin = { + uid = lib.mkForce uids.jellyfin; + isSystemUser = true; + group = config.users.users.jellyfin.name; + }; + + forgejo = { + uid = lib.mkForce uids.forgejo; + isSystemUser = true; + group = config.users.users.forgejo.name; + }; + + pihole = { + uid = lib.mkForce uids.pihole; + isSystemUser = true; + group = config.users.users.pihole.name; + }; + + hass = { + uid = lib.mkForce uids.hass; + isSystemUser = true; + group = config.users.users.hass.name; + }; + + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + + nextcloud = { + uid = lib.mkForce uids.nextcloud; + isSystemUser = true; + group = config.users.users.nextcloud.name; + }; + }; + + groups = { + leyla = { + gid = lib.mkForce gids.leyla; + members = [ + leyla + ]; + }; + + ester = { + gid = lib.mkForce gids.ester; + members = [ + ester + ]; + }; + + eve = { + gid = lib.mkForce gids.eve; + members = [ + eve + ]; + }; + + users = { + gid = lib.mkForce gids.users; + members = [ + leyla + ester + eve + ]; + }; + + jellyfin_media = { + gid = lib.mkForce gids.jellyfin_media; + members = [ + users.jellyfin.name + leyla + ester + eve + ]; + }; + + jellyfin = { + gid = lib.mkForce gids.jellyfin; + members = [ + users.jellyfin.name + # leyla + ]; + }; + + forgejo = { + gid = lib.mkForce gids.forgejo; + members = [ + users.forgejo.name + # leyla + ]; + }; + + pihole = { + gid = lib.mkForce gids.pihole; + members = [ + users.pihole.name + # leyla + ]; + }; + + hass = { + gid = lib.mkForce gids.hass; + members = [ + users.hass.name + # leyla + ]; + }; + + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + + nextcloud = { + gid = lib.mkForce gids.nextcloud; + members = [ + users.nextcloud.name + # leyla + ]; + }; + }; + }; + }; +} diff --git a/util/default.nix b/util/default.nix index e091d80..6146610 100644 --- a/util/default.nix +++ b/util/default.nix @@ -17,12 +17,12 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; - home-manager-config = { + home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; - home-manager.users = import ../homes; + home-manager.users = import ../homes nixpkgs; }; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); From aa7c2a2a15d88797574e58adb1f8107bab78df43 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 12:43:12 -0600 Subject: [PATCH 0345/1043] added isPrincipleUser to users --- enviroments/common/default.nix | 32 ------ hosts/defiant/configuration.nix | 3 +- hosts/horizon/configuration.nix | 1 + hosts/twilight/configuration.nix | 6 +- modules/users.nix | 189 +++++++++++++++++++++++-------- 5 files changed, 148 insertions(+), 83 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index e2c9e40..e79a47a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -4,7 +4,6 @@ nix = { settings = { experimental-features = ["nix-command" "flakes"]; - trusted-users = ["leyla"]; }; gc = { automatic = true; @@ -44,40 +43,9 @@ ports = [22]; settings = { PasswordAuthentication = false; - AllowUsers = ["leyla"]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; }; }; }; - - environment = { - # List packages installed in system profile. - systemPackages = with pkgs; [ - wget - - # version control - git - - # system debuging tools - iputils - dnsutils - ]; - - sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 78c4ab5..c52fd74 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,8 +17,9 @@ host = { users = { leyla = { - isTerminalUser = true; isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; }; ester.isNormalUser = false; eve.isNormalUser = false; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 53d04e9..529417d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,6 +14,7 @@ leyla = { isDesktopUser = true; isTerminalUser = true; + isPrincipleUser = true; }; ester.isDesktopUser = true; eve.isDesktopUser = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 17d7a9e..a958cca 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -10,7 +10,11 @@ host = { users = { - leyla.isDesktopUser = true; + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; ester.isDesktopUser = true; eve.isDesktopUser = true; }; diff --git a/modules/users.nix b/modules/users.nix index 849fd68..b85f408 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -4,6 +4,15 @@ inputs, ... }: let + SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix; + + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; + terminalUsers = host.terminalUsers; + normalUsers = host.normalUsers; + uids = { leyla = 1000; ester = 1001; @@ -35,51 +44,129 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + options.host = { + users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.string; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; }; config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + + # principle users are by definition trusted + nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; + + # we should only be able to ssh into principle users of a computer who are also set up for terminal access + services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); + + # we need to set up env variables to nix can find keys to decrypt passwords on rebuild + environment = { + sessionVariables = { + SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; + }; + # set up user passwords - sops.secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + sops = { + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + + secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; @@ -88,33 +175,37 @@ in { users = { leyla = { uid = lib.mkForce uids.leyla; + name = lib.mkForce host.users.leyla.name; description = "Leyla"; extraGroups = - (lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"]) - ++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]); + (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = config.host.users.leyla.isNormalUser; - isSystemUser = !config.host.users.leyla.isNormalUser; + isNormalUser = host.users.leyla.isNormalUser; + isSystemUser = !host.users.leyla.isNormalUser; group = config.users.users.leyla.name; }; ester = { uid = lib.mkForce uids.ester; + name = lib.mkForce host.users.ester.name; description = "Ester"; - extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"]; + extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = config.host.users.ester.isNormalUser; - isSystemUser = !config.host.users.ester.isNormalUser; + isNormalUser = host.users.ester.isNormalUser; + isSystemUser = !host.users.ester.isNormalUser; group = config.users.users.ester.name; }; eve = { uid = lib.mkForce uids.eve; + name = lib.mkForce host.users.eve.name; description = "Eve"; - extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"]; + extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = config.host.users.eve.isNormalUser; - isSystemUser = !config.host.users.eve.isNormalUser; + isNormalUser = host.users.eve.isNormalUser; + isSystemUser = !host.users.eve.isNormalUser; group = config.users.users.eve.name; }; From fa3cb19c0bdd752d158454f82dcec7fe9d75269f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:07:15 -0600 Subject: [PATCH 0346/1043] moved more out of common config --- enviroments/client/default.nix | 51 ------------- homes/leyla/default.nix | 125 +------------------------------ hosts/defiant/configuration.nix | 2 + hosts/horizon/configuration.nix | 2 + hosts/twilight/configuration.nix | 2 + modules/desktop.nix | 38 ++++++++++ modules/nix-development.nix | 14 ++++ 7 files changed, 60 insertions(+), 174 deletions(-) create mode 100644 modules/desktop.nix create mode 100644 modules/nix-development.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 16e3263..8f3c2cf 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,55 +7,7 @@ ../common ]; - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; - - services = { - # Enable CUPS to print documents. - printing.enable = true; - - xserver = { - # Enable the X11 windowing system. - enable = true; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - xterm.enable = false; - }; - - # Get rid of xTerm - excludePackages = [pkgs.xterm]; - - # Configure keymap in X11 - xkb = { - layout = "us,it,de"; - variant = ""; - }; - }; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # tailscale = { - # enable = true; - # }; - }; - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; hardware.flipperzero.enable = true; security.rtkit.enable = true; @@ -63,9 +15,6 @@ # helvetica font aileron - # nix langauge server - nixd - cachefilesd gnomeExtensions.dash-to-dock diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index fe90ccd..9886335 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -58,6 +58,8 @@ }; }; + keyboard.layout = "us,it,de"; + # Home Manager can also manage your environment variables through # 'home.sessionVariables'. If you don't want to manage your shell through Home # Manager then you have to manually source 'hm-session-vars.sh' located at @@ -101,129 +103,6 @@ }; }; bash.enable = true; - - # firefox = { - # enable = true; - # profiles.leyla = { - - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; - - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; - - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden - - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } }; dconf = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c52fd74..cd76cdf 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -10,6 +10,8 @@ ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 529417d..a656840 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -5,6 +5,8 @@ ../../enviroments/client ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index a958cca..b49baa5 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -4,6 +4,8 @@ ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..f67407d --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,38 @@ +{pkgs, ...}: { + services = { + # Enable CUPS to print documents. + printing.enable = true; + + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + + # Get rid of xTerm + desktopManager.xterm.enable = false; + excludePackages = [pkgs.xterm]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + }; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; +} diff --git a/modules/nix-development.nix b/modules/nix-development.nix new file mode 100644 index 0000000..c4eacac --- /dev/null +++ b/modules/nix-development.nix @@ -0,0 +1,14 @@ +{ + inputs, + pkgs, + ... +}: { + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + + environment.systemPackages = with pkgs; [ + # nix langauge server + nixd + ]; +} From 9215e04043c94f28439167550724c83baea87838 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:13:33 -0600 Subject: [PATCH 0347/1043] moved some system packages to home manager --- enviroments/client/default.nix | 5 ----- homes/ester/default.nix | 3 +++ homes/leyla/packages.nix | 5 +++++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 8f3c2cf..2bf0b75 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -12,11 +12,6 @@ security.rtkit.enable = true; environment.systemPackages = with pkgs; [ - # helvetica font - aileron - cachefilesd - - gnomeExtensions.dash-to-dock ]; } diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 1e5d579..e0d5e86 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -56,6 +56,9 @@ in { packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ + # helvetica font + aileron + firefox bitwarden discord diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 97327ce..a64909f 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -25,6 +25,11 @@ in { ++ ( lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + #foss platforms signal-desktop bitwarden From eaa19be74115c877915480ed60257f4cb15d6a8d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:15:40 -0600 Subject: [PATCH 0348/1043] moved another config to desktop module --- enviroments/client/default.nix | 1 - modules/desktop.nix | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 2bf0b75..bf2b35e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -9,7 +9,6 @@ # Enable sound with pipewire. hardware.flipperzero.enable = true; - security.rtkit.enable = true; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/modules/desktop.nix b/modules/desktop.nix index f67407d..14580ba 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -35,4 +35,7 @@ # Enable sound with pipewire. hardware.pulseaudio.enable = false; + + # enable RealtimeKit for pulse audio + security.rtkit.enable = true; } From bf0686a14bf0adac1423a979e5174ce197f28b63 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:17:32 -0600 Subject: [PATCH 0349/1043] added enables to modules and made base module that imports all other modules --- enviroments/common/default.nix | 2 +- hosts/defiant/configuration.nix | 5 +- hosts/horizon/configuration.nix | 5 +- hosts/twilight/configuration.nix | 5 +- modules/default.nix | 8 +++ modules/desktop.nix | 84 +++++++++++++++++++------------- modules/nix-development.nix | 25 +++++++--- 7 files changed, 79 insertions(+), 55 deletions(-) create mode 100644 modules/default.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index e79a47a..691acc7 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{...}: { imports = []; nix = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index cd76cdf..2063579 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -8,10 +8,7 @@ inputs.disko.nixosModules.disko ../../enviroments/server - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a656840..6940726 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,7 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index b49baa5..4a99069 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -2,10 +2,7 @@ imports = [ ../../enviroments/client - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..58b93a0 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,8 @@ +{...}: { + imports = [ + ./hardware.nix + ./users.nix + ./desktop.nix + ./nix-development.nix + ]; +} diff --git a/modules/desktop.nix b/modules/desktop.nix index 14580ba..e349abe 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -1,41 +1,55 @@ -{pkgs, ...}: { - services = { - # Enable CUPS to print documents. - printing.enable = true; +{ + lib, + pkgs, + config, + ... +}: { + options.host.desktop.enable = lib.mkEnableOption "should desktop configuration be enabled"; - xserver = { - # Enable the X11 windowing system. - enable = true; + config = lib.mkMerge [ + { + host.desktop.enable = lib.mkDefault true; + } + (lib.mkIf config.host.desktop.enable { + services = { + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + + # Get rid of xTerm + desktopManager.xterm.enable = false; + excludePackages = [pkgs.xterm]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; }; - # Get rid of xTerm - desktopManager.xterm.enable = false; - excludePackages = [pkgs.xterm]; - }; + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - }; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - - # enable RealtimeKit for pulse audio - security.rtkit.enable = true; + # enable RealtimeKit for pulse audio + security.rtkit.enable = true; + }) + ]; } diff --git a/modules/nix-development.nix b/modules/nix-development.nix index c4eacac..d670418 100644 --- a/modules/nix-development.nix +++ b/modules/nix-development.nix @@ -1,14 +1,25 @@ { - inputs, + lib, + config, pkgs, + inputs, ... }: { - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; + options.host.nix-development.enable = lib.mkEnableOption "should desktop configuration be enabled"; - environment.systemPackages = with pkgs; [ - # nix langauge server - nixd + config = lib.mkMerge [ + { + host.nix-development.enable = lib.mkDefault true; + } + (lib.mkIf config.host.nix-development.enable { + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + + environment.systemPackages = with pkgs; [ + # nix langauge server + nixd + ]; + }) ]; } From c039e60c4ed24cd16980e38886d5a0763d813d25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:29:37 -0600 Subject: [PATCH 0350/1043] created system module --- enviroments/client/default.nix | 6 +----- enviroments/common/default.nix | 33 --------------------------------- modules/default.nix | 1 + modules/desktop.nix | 4 ++++ modules/system.nix | 28 ++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 38 deletions(-) create mode 100644 modules/system.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index bf2b35e..75265b8 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,8 +1,4 @@ -{ - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { imports = [ ../common ]; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 691acc7..83201c4 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,21 +1,4 @@ {...}: { - imports = []; - - nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - optimise = { - automatic = true; - dates = ["weekly"]; - }; - }; - # Enable networking networking.networkmanager.enable = true; @@ -32,20 +15,4 @@ LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; - - services = { - automatic-timezoned = { - enable = true; - }; - - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/default.nix b/modules/default.nix index 58b93a0..2087f1a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./system.nix ./hardware.nix ./users.nix ./desktop.nix diff --git a/modules/desktop.nix b/modules/desktop.nix index e349abe..6f119af 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -43,6 +43,10 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; + + automatic-timezoned = { + enable = true; + }; }; # Enable sound with pipewire. diff --git a/modules/system.nix b/modules/system.nix new file mode 100644 index 0000000..918c219 --- /dev/null +++ b/modules/system.nix @@ -0,0 +1,28 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + dates = ["weekly"]; + }; + }; + + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} From d46cdc8b1b0dc6abe78c1fb953ef0acbb48bddd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:31:11 -0600 Subject: [PATCH 0351/1043] ran linted --- modules/desktop.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/desktop.nix b/modules/desktop.nix index 6f119af..d1b0517 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -43,7 +43,6 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; - automatic-timezoned = { enable = true; }; From 755c7f0e3a216390fd385cedf1b8974d1c35c59f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:32:27 -0600 Subject: [PATCH 0352/1043] commented out unused variable --- modules/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users.nix b/modules/users.nix index b85f408..3f75a4b 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -11,7 +11,7 @@ hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; - normalUsers = host.normalUsers; + # normalUsers = host.normalUsers; uids = { leyla = 1000; From a755b9ff48a0202014a2ddac82b17a48a208921d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:55:19 -0600 Subject: [PATCH 0353/1043] moved modules into host-modules --- enviroments/client/default.nix | 4 ++-- {modules => host-modules}/default.nix | 0 {modules => host-modules}/desktop.nix | 0 {modules => host-modules}/hardware.nix | 0 {modules => host-modules}/nix-development.nix | 0 {modules => host-modules}/system.nix | 0 {modules => host-modules}/users.nix | 0 hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 2 +- hosts/twilight/configuration.nix | 2 +- 10 files changed, 5 insertions(+), 5 deletions(-) rename {modules => host-modules}/default.nix (100%) rename {modules => host-modules}/desktop.nix (100%) rename {modules => host-modules}/hardware.nix (100%) rename {modules => host-modules}/nix-development.nix (100%) rename {modules => host-modules}/system.nix (100%) rename {modules => host-modules}/users.nix (100%) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 75265b8..052651e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -3,8 +3,8 @@ ../common ]; - # Enable sound with pipewire. - hardware.flipperzero.enable = true; + # # Enable sound with pipewire. + # hardware.flipperzero.enable = true; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/modules/default.nix b/host-modules/default.nix similarity index 100% rename from modules/default.nix rename to host-modules/default.nix diff --git a/modules/desktop.nix b/host-modules/desktop.nix similarity index 100% rename from modules/desktop.nix rename to host-modules/desktop.nix diff --git a/modules/hardware.nix b/host-modules/hardware.nix similarity index 100% rename from modules/hardware.nix rename to host-modules/hardware.nix diff --git a/modules/nix-development.nix b/host-modules/nix-development.nix similarity index 100% rename from modules/nix-development.nix rename to host-modules/nix-development.nix diff --git a/modules/system.nix b/host-modules/system.nix similarity index 100% rename from modules/system.nix rename to host-modules/system.nix diff --git a/modules/users.nix b/host-modules/users.nix similarity index 100% rename from modules/users.nix rename to host-modules/users.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2063579..2068b6f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -8,7 +8,7 @@ inputs.disko.nixosModules.disko ../../enviroments/server - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 6940726..c784ef6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,7 +3,7 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 4a99069..182c867 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -2,7 +2,7 @@ imports = [ ../../enviroments/client - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; From 90f0c114b3ad3b00149b05122205ae9999465bb4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 15:23:04 -0600 Subject: [PATCH 0354/1043] created home manager nixos adapter modules --- enviroments/client/default.nix | 3 --- home-modules/default.nix | 5 +++++ home-modules/flipperzero.nix | 3 +++ homes/ester/default.nix | 4 ++++ homes/eve/default.nix | 4 ++++ homes/leyla/default.nix | 7 ++----- host-modules/default.nix | 1 + host-modules/home-manager/default.nix | 6 ++++++ host-modules/home-manager/flipperzero.nix | 9 +++++++++ 9 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 home-modules/default.nix create mode 100644 home-modules/flipperzero.nix create mode 100644 host-modules/home-manager/default.nix create mode 100644 host-modules/home-manager/flipperzero.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 052651e..f1de375 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -3,9 +3,6 @@ ../common ]; - # # Enable sound with pipewire. - # hardware.flipperzero.enable = true; - environment.systemPackages = with pkgs; [ cachefilesd ]; diff --git a/home-modules/default.nix b/home-modules/default.nix new file mode 100644 index 0000000..1fb9724 --- /dev/null +++ b/home-modules/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./flipperzero.nix + ]; +} diff --git a/home-modules/flipperzero.nix b/home-modules/flipperzero.nix new file mode 100644 index 0000000..6354bc0 --- /dev/null +++ b/home-modules/flipperzero.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + options.hardware.flipperzero.enable = lib.mkEnableOption "enable flipperzero hardware"; +} diff --git a/homes/ester/default.nix b/homes/ester/default.nix index e0d5e86..dfe8175 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -6,6 +6,10 @@ }: let cfg = osConfig.host.users.ester; in { + imports = [ + ../../home-modules + ]; + config = { home = { username = "ester"; diff --git a/homes/eve/default.nix b/homes/eve/default.nix index d358b0d..3d7d7c3 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -6,6 +6,10 @@ }: let cfg = osConfig.host.users.eve; in { + imports = [ + ../../home-modules + ]; + config = { home = { username = "eve"; diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 9886335..84eb5bf 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -1,10 +1,7 @@ -{ - pkgs, - osConfig, - ... -}: { +{pkgs, ...}: { imports = [ ./packages.nix + ../../home-modules ]; config = { diff --git a/host-modules/default.nix b/host-modules/default.nix index 2087f1a..a90caf1 100644 --- a/host-modules/default.nix +++ b/host-modules/default.nix @@ -5,5 +5,6 @@ ./users.nix ./desktop.nix ./nix-development.nix + ./home-manager ]; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix new file mode 100644 index 0000000..885e035 --- /dev/null +++ b/host-modules/home-manager/default.nix @@ -0,0 +1,6 @@ +# modules in this folder are to adapt home manager modules defined in `home-modules` to any nix module configs that they need to set +{...}: { + imports = [ + ./flipperzero.nix + ]; +} diff --git a/host-modules/home-manager/flipperzero.nix b/host-modules/home-manager/flipperzero.nix new file mode 100644 index 0000000..6c94773 --- /dev/null +++ b/host-modules/home-manager/flipperzero.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: let + home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; +in { + hardware.flipperzero.enable = lib.lists.any (home-user: home-user.hardware.flipperzero.enable) home-users; +} From 3fdee879c712002e790a682ea19c1d417621adcd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 21:51:42 -0600 Subject: [PATCH 0355/1043] added home manager configurations to output --- flake.nix | 19 +++++++++++++++++-- homes/ester/default.nix | 6 +++--- homes/eve/default.nix | 6 +++--- homes/leyla/default.nix | 10 +++++++--- homes/leyla/firefox.nix | 2 -- homes/leyla/packages.nix | 6 +++--- homes/leyla/vscode.nix | 4 ---- host-modules/users.nix | 2 +- util/default.nix | 22 +++++++++++----------- 9 files changed, 45 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index e895b5b..1d95a4f 100644 --- a/flake.nix +++ b/flake.nix @@ -63,11 +63,15 @@ }; }; - outputs = {...} @ inputs: let + outputs = { + self, + nixpkgs, + ... + } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; mkSystem = util.mkSystem; - # mkHome = util.mkHome; + mkHome = util.mkHome; # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); # lib = callPackage ./lib {} // nixpkgs.lib; in { @@ -93,6 +97,17 @@ }; }); + homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( + nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( + nixpkgs.lib.attrsets.mapAttrs' (user: _: { + name = "${user}@${hostname}"; + value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + }) + system.config.home-manager.users + )) + self.nixosConfigurations + ); + # homeConfigurations = { # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; # }; diff --git a/homes/ester/default.nix b/homes/ester/default.nix index dfe8175..bf37a9d 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.host.users.ester; + userConfig = osConfig.host.users.ester; in { imports = [ ../../home-modules @@ -12,7 +12,7 @@ in { config = { home = { - username = "ester"; + username = userConfig.name; homeDirectory = osConfig.users.users.ester.home; # This value determines the Home Manager release that your configuration is @@ -58,7 +58,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.lists.optionals cfg.isDesktopUser ( + packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 3d7d7c3..21b4a8a 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.host.users.eve; + userConfig = osConfig.host.users.eve; in { imports = [ ../../home-modules @@ -12,7 +12,7 @@ in { config = { home = { - username = "eve"; + username = userConfig.name; homeDirectory = osConfig.users.users.eve.home; # This value determines the Home Manager release that your configuration is @@ -58,7 +58,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.lists.optionals cfg.isDesktopUser ( + packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 84eb5bf..1a1d284 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + ... +}: { imports = [ ./packages.nix ../../home-modules @@ -8,8 +12,8 @@ # Home Manager needs a bit of information about you and the paths it should # manage. home = { - username = "leyla"; - # homeDirectory = osConfig.users.users.leyla.home; + username = osConfig.host.users.leyla.name; + homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index 32a3c6b..e8e0c6c 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,7 +1,5 @@ { lib, - osConfig, - # buildFirefoxXpiAddon, pkgs, inputs, ... diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index a64909f..12bef3a 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - cfg = osConfig.host.users.leyla; + userConifg = osConfig.host.users.leyla; hardware = osConfig.host.hardware; in { imports = [ @@ -14,7 +14,7 @@ in { home = { packages = - lib.lists.optionals cfg.isTerminalUser ( + lib.lists.optionals userConifg.isTerminalUser ( with pkgs; [ # comand line tools yt-dlp @@ -23,7 +23,7 @@ in { ] ) ++ ( - lib.lists.optionals cfg.isDesktopUser ( + lib.lists.optionals userConifg.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 37127f4..6676546 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -1,6 +1,4 @@ { - lib, - osConfig, pkgs, inputs, ... @@ -77,8 +75,6 @@ # misc extensions bungcip.better-toml - - # lib.mkIf open-vsx."10nates".ollama-autocoder ] ++ ( with vscode-marketplace; [ diff --git a/host-modules/users.nix b/host-modules/users.nix index 3f75a4b..154de89 100644 --- a/host-modules/users.nix +++ b/host-modules/users.nix @@ -88,7 +88,7 @@ in { type = lib.types.bool; default = config.isDesktopUser || config.isTerminalUser; description = '' - User should install their applications + User should install their applications and can log in ''; defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; }; diff --git a/util/default.nix b/util/default.nix index 6146610..7ea1a8c 100644 --- a/util/default.nix +++ b/util/default.nix @@ -47,15 +47,15 @@ in { ]; }; - # mkHome = user: host: - # home-manager.lib.homeManagerConfiguration { - # # pkgs = pkgsFor system; - # extraSpecialArgs = { - # inherit inputs util outputs; - # }; - # modules = [ - # # config - # outputs.homeManagerModules.default - # ]; - # }; + mkHome = user: host: system: osConfig: + home-manager.lib.homeManagerConfiguration { + pkgs = pkgsFor system; + extraSpecialArgs = { + inherit inputs util outputs osConfig; + }; + modules = [ + # outputs.homeManagerModules.default + ../homes/${user} + ]; + }; } From 11092d11b5e35d99d386a0adc3c6844f025399f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:03:23 -0600 Subject: [PATCH 0356/1043] added overlays to home manager --- overlays/default.nix | 5 ----- overlays/intellij.nix | 18 ------------------ overlays/vscodium.nix | 14 -------------- util/default.nix | 2 +- 4 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 overlays/intellij.nix delete mode 100644 overlays/vscodium.nix diff --git a/overlays/default.nix b/overlays/default.nix index 4957ab8..ea8f50d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,2 @@ {...}: { - nixpkgs.overlays = [ - ( - self: super: import ../pkgs {pkgs = super;} - ) - ]; } diff --git a/overlays/intellij.nix b/overlays/intellij.nix deleted file mode 100644 index c907588..0000000 --- a/overlays/intellij.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - # nixpkgs.overlays = [ - # (self: super: { - # # idea is too out of date for android gradle things - # jetbrains = { - # jdk = super.jdk17; - # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - # version = "2023.3.3"; - # name = "idea-community-${version}"; - # src = super.fetchurl { - # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - # }; - # }); - # }; - # }) - # ]; -} diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix deleted file mode 100644 index 7c5f863..0000000 --- a/overlays/vscodium.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - # nixpkgs.overlays = [ - # (self: super: { - # # ui is broken on 1.84 - # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - # version = "1.85.2.24019"; - # src = super.fetchurl { - # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - # }; - # }); - # }) - # ]; -} diff --git a/util/default.nix b/util/default.nix index 7ea1a8c..c64bd4d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -54,7 +54,7 @@ in { inherit inputs util outputs osConfig; }; modules = [ - # outputs.homeManagerModules.default + ../overlays ../homes/${user} ]; }; From b1b43bb7f0800b8de9047c69aa069d2b63b5dae8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:29:00 -0600 Subject: [PATCH 0357/1043] cleaned up configuration structure to have common modules folder --- flake.nix | 2 -- homes/ester/default.nix | 4 +--- homes/eve/default.nix | 4 +--- homes/leyla/default.nix | 1 - hosts/defiant/configuration.nix | 2 -- hosts/horizon/configuration.nix | 1 - hosts/horizon/hardware-configuration.nix | 1 - hosts/twilight/configuration.nix | 2 -- modules/default.nix | 7 +++++++ modules/overlays/default.nix | 3 +++ {pkgs => modules/pkgs}/default.nix | 1 + overlays/default.nix | 2 -- util/default.nix | 17 ++++++++++++----- 13 files changed, 25 insertions(+), 22 deletions(-) create mode 100644 modules/default.nix create mode 100644 modules/overlays/default.nix rename {pkgs => modules/pkgs}/default.nix (60%) delete mode 100644 overlays/default.nix diff --git a/flake.nix b/flake.nix index 1d95a4f..642e031 100644 --- a/flake.nix +++ b/flake.nix @@ -75,8 +75,6 @@ # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); # lib = callPackage ./lib {} // nixpkgs.lib; in { - packages = forEachPkgs (import ./pkgs); - formatter = forEachPkgs (pkgs: pkgs.alejandra); devShells = forEachPkgs (pkgs: { diff --git a/homes/ester/default.nix b/homes/ester/default.nix index bf37a9d..29d668f 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -6,9 +6,7 @@ }: let userConfig = osConfig.host.users.ester; in { - imports = [ - ../../home-modules - ]; + imports = []; config = { home = { diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 21b4a8a..0c6c0b2 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -6,9 +6,7 @@ }: let userConfig = osConfig.host.users.eve; in { - imports = [ - ../../home-modules - ]; + imports = []; config = { home = { diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 1a1d284..a879526 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -5,7 +5,6 @@ }: { imports = [ ./packages.nix - ../../home-modules ]; config = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2068b6f..178aedf 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -7,8 +7,6 @@ imports = [ inputs.disko.nixosModules.disko ../../enviroments/server - - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c784ef6..50b574b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,7 +3,6 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e333702..ed6246a 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 182c867..872e944 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,8 +1,6 @@ {pkgs, ...}: { imports = [ ../../enviroments/client - - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..3dd1923 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,7 @@ +# this folder is for modules that are common between nixos, home-manager, and darwin +{...}: { + imports = [ + ./overlays + ./pkgs + ]; +} diff --git a/modules/overlays/default.nix b/modules/overlays/default.nix new file mode 100644 index 0000000..08085f5 --- /dev/null +++ b/modules/overlays/default.nix @@ -0,0 +1,3 @@ +# this folder is for derivation overlays +{...}: { +} diff --git a/pkgs/default.nix b/modules/pkgs/default.nix similarity index 60% rename from pkgs/default.nix rename to modules/pkgs/default.nix index b02ba6c..3e4456b 100644 --- a/pkgs/default.nix +++ b/modules/pkgs/default.nix @@ -1,3 +1,4 @@ +# this folder is for custom derivations {...}: { # package = pkgs.callPackage ./package.nix {}; } diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index ea8f50d..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{...}: { -} diff --git a/util/default.nix b/util/default.nix index c64bd4d..ae298ad 100644 --- a/util/default.nix +++ b/util/default.nix @@ -17,12 +17,17 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; + home-manager-shared-modules = [ + ../modules + ../home-modules + ]; home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.users = import ../homes nixpkgs; + home-manager.sharedModules = home-manager-shared-modules; }; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -42,7 +47,8 @@ in { sops-nix.nixosModules.sops home-manager.nixosModules.home-manager home-manager-config - ../overlays + ../modules + ../host-modules ../hosts/${host} ]; }; @@ -53,9 +59,10 @@ in { extraSpecialArgs = { inherit inputs util outputs osConfig; }; - modules = [ - ../overlays - ../homes/${user} - ]; + modules = + home-manager-shared-modules + ++ [ + ../homes/${user} + ]; }; } From 41f6d138c45c082c6dfa809ceaf2f96e521e1ed5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:33:05 -0600 Subject: [PATCH 0358/1043] cleaned up teaks in README.md --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 8a34032..60d00a0 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,6 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ -- `homeConfigurations` https://github.com/diego-vicente/dotfiles/blob/6c47284868f9e99483da34257144bd03ae5edbbe/flake.nix # Tasks: @@ -45,17 +44,13 @@ - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- get rid of disko config and import it in hardware-configuration.nix -- why does users.users..home conflict with home-manager.users..home.homeDirectory - get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- default open file types - samba mounts - figure out steam vr things? - Open GL? -- util functions - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing From 533ad19e7c98c26879d9b2575329fa7e17b5c2fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:51:40 -0600 Subject: [PATCH 0359/1043] added note to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 60d00a0..9ad4261 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ - get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Flake templates +- Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init - samba mounts - figure out steam vr things? - Open GL? From bc53ae6ee20b69226f2eb3852f01f6dfb438b9e4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 23:04:04 -0600 Subject: [PATCH 0360/1043] removed unneeded code from flake.nix --- flake.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 642e031..6845fcf 100644 --- a/flake.nix +++ b/flake.nix @@ -72,11 +72,11 @@ forEachPkgs = util.forEachPkgs; mkSystem = util.mkSystem; mkHome = util.mkHome; - # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); - # lib = callPackage ./lib {} // nixpkgs.lib; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); + # templates = import ./templates; + devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ @@ -106,12 +106,7 @@ self.nixosConfigurations ); - # homeConfigurations = { - # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; - # }; - nixosConfigurations = { - # Leyla Laptop horizon = mkSystem "horizon"; twilight = mkSystem "twilight"; defiant = mkSystem "defiant"; From 4d191a27ccff4153428bc2919767b251ea3321d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 00:59:05 -0600 Subject: [PATCH 0361/1043] moved local to modules --- README.md | 3 -- enviroments/common/default.nix | 14 --------- home-modules/default.nix | 1 + home-modules/i18n.nix | 42 +++++++++++++++++++++++++++ homes/ester/default.nix | 2 ++ homes/leyla/default.nix | 1 + homes/leyla/i18n.nix | 12 ++++++++ host-modules/default.nix | 1 + host-modules/home-manager/default.nix | 1 + host-modules/home-manager/i18n.nix | 26 +++++++++++++++++ host-modules/i18n.nix | 3 ++ host-modules/users.nix | 2 +- 12 files changed, 90 insertions(+), 18 deletions(-) create mode 100644 home-modules/i18n.nix create mode 100644 homes/leyla/i18n.nix create mode 100644 host-modules/home-manager/i18n.nix create mode 100644 host-modules/i18n.nix diff --git a/README.md b/README.md index 9ad4261..1f152e9 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,6 @@ | `threshold` | Laptop | Eve | Laptop | # Tooling -## Lint -`./lint.sh` - ## Rebuilding `./rebuild.sh` diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 83201c4..d6d44ed 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,18 +1,4 @@ {...}: { # Enable networking networking.networkmanager.enable = true; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; } diff --git a/home-modules/default.nix b/home-modules/default.nix index 1fb9724..b3f5c45 100644 --- a/home-modules/default.nix +++ b/home-modules/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./flipperzero.nix + ./i18n.nix ]; } diff --git a/home-modules/i18n.nix b/home-modules/i18n.nix new file mode 100644 index 0000000..2c93e59 --- /dev/null +++ b/home-modules/i18n.nix @@ -0,0 +1,42 @@ +{ + lib, + config, + ... +}: { + options = { + i18n = { + defaultLocale = lib.mkOption { + type = lib.types.str; + default = "en_US.UTF-8"; + example = "nl_NL.UTF-8"; + description = '' + The default locale. It determines the language for program + messages, the format for dates and times, sort order, and so on. + It also determines the character set, such as UTF-8. + ''; + }; + + extraLocaleSettings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + example = { + LC_MESSAGES = "en_US.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + description = '' + A set of additional system-wide locale settings other than + `LANG` which can be configured with + {option}`i18n.defaultLocale`. + ''; + }; + }; + }; + + config = { + home.sessionVariables = + { + LANG = config.i18n.defaultLocale; + } + // config.i18n.extraLocaleSettings; + }; +} diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 29d668f..181a487 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -37,6 +37,8 @@ in { # ''; }; + keyboard.layout = "it,us"; + # Home Manager can also manage your environment variables through # 'home.sessionVariables'. If you don't want to manage your shell through Home # Manager then you have to manually source 'hm-session-vars.sh' located at diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index a879526..ba8535d 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -4,6 +4,7 @@ ... }: { imports = [ + ./i18n.nix ./packages.nix ]; diff --git a/homes/leyla/i18n.nix b/homes/leyla/i18n.nix new file mode 100644 index 0000000..a4f41dd --- /dev/null +++ b/homes/leyla/i18n.nix @@ -0,0 +1,12 @@ +{...}: { + i18n = { + defaultLocale = "en_IE.UTF-8"; + + extraLocaleSettings = { + # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now + # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now + LC_MONETARY = "en_US.UTF-8"; # to be changed once I move + LC_PAPER = "en_US.UTF-8"; # convient for american printers until I move + }; + }; +} diff --git a/host-modules/default.nix b/host-modules/default.nix index a90caf1..4ad79d0 100644 --- a/host-modules/default.nix +++ b/host-modules/default.nix @@ -5,6 +5,7 @@ ./users.nix ./desktop.nix ./nix-development.nix + ./i18n.nix ./home-manager ]; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix index 885e035..5454594 100644 --- a/host-modules/home-manager/default.nix +++ b/host-modules/home-manager/default.nix @@ -2,5 +2,6 @@ {...}: { imports = [ ./flipperzero.nix + ./i18n.nix ]; } diff --git a/host-modules/home-manager/i18n.nix b/host-modules/home-manager/i18n.nix new file mode 100644 index 0000000..78b86fa --- /dev/null +++ b/host-modules/home-manager/i18n.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; +in { + config = { + i18n.supportedLocales = + lib.unique + (builtins.map (l: (lib.replaceStrings ["utf8" "utf-8" "UTF8"] ["UTF-8" "UTF-8" "UTF-8"] l) + "/UTF-8") ( + [ + "C.UTF-8" + "en_US.UTF-8" + config.i18n.defaultLocale + ] + ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) + ++ ( + map (user-config: user-config.i18n.defaultLocale) home-users + ) + ++ (lib.lists.flatten ( + map (user-config: lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") user-config.i18n.extraLocaleSettings)) home-users + )) + )); + }; +} diff --git a/host-modules/i18n.nix b/host-modules/i18n.nix new file mode 100644 index 0000000..eada12c --- /dev/null +++ b/host-modules/i18n.nix @@ -0,0 +1,3 @@ +{...}: { + i18n.defaultLocale = "en_IE.UTF-8"; +} diff --git a/host-modules/users.nix b/host-modules/users.nix index 154de89..23771a3 100644 --- a/host-modules/users.nix +++ b/host-modules/users.nix @@ -53,7 +53,7 @@ in { }: { options = { name = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = name; description = '' What should this users name on the system be From cef6ad71256db5051ee9bcf6b8b246a58b37f158 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:11:22 -0600 Subject: [PATCH 0362/1043] moved network manager out of environments --- enviroments/client/default.nix | 4 +--- enviroments/common/default.nix | 4 ---- enviroments/server/default.nix | 4 +--- hosts/defiant/hardware-configuration.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 1 + hosts/twilight/hardware-configuration.nix | 1 + 6 files changed, 6 insertions(+), 10 deletions(-) delete mode 100644 enviroments/common/default.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index f1de375..56f5422 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,7 +1,5 @@ {pkgs, ...}: { - imports = [ - ../common - ]; + imports = []; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix deleted file mode 100644 index d6d44ed..0000000 --- a/enviroments/common/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - # Enable networking - networking.networkmanager.enable = true; -} diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 4cd45ff..8614e36 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -12,9 +12,7 @@ httpsPort = 443; isDebug = false; in { - imports = [ - ../common - ]; + imports = []; options = { apps = { diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index c84a9b4..ce994d9 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -184,6 +184,8 @@ }; }; + networking.networkmanager.enable = true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { # TODO: hardware graphics diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index ed6246a..9b4074d 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -87,6 +87,7 @@ ]; networking = { + networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index fe2353b..f1cd73f 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -69,6 +69,7 @@ swapDevices = []; networking = { + networkmanager.enable = true; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction From 047d1e4d8f768204521ac04899792fa524b397da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:13:31 -0600 Subject: [PATCH 0363/1043] removed client form environments --- enviroments/client/default.nix | 7 ------- hosts/horizon/configuration.nix | 2 -- hosts/horizon/hardware-configuration.nix | 5 +++++ hosts/twilight/configuration.nix | 4 ---- hosts/twilight/hardware-configuration.nix | 4 ++++ 5 files changed, 9 insertions(+), 13 deletions(-) delete mode 100644 enviroments/client/default.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix deleted file mode 100644 index 56f5422..0000000 --- a/enviroments/client/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - imports = []; - - environment.systemPackages = with pkgs; [ - cachefilesd - ]; -} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 50b574b..593274c 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,8 +1,6 @@ {inputs, ...}: { imports = [ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel - - ../../enviroments/client ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 9b4074d..184be7a 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,6 +4,7 @@ { config, lib, + pkgs, modulesPath, ... }: { @@ -80,6 +81,10 @@ }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + services.cachefilesd.enable = true; swapDevices = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 872e944..75c8dc7 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,8 +1,4 @@ {pkgs, ...}: { - imports = [ - ../../enviroments/client - ]; - nixpkgs.config.allowUnfree = true; host = { diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index f1cd73f..d547c9c 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -66,6 +66,10 @@ }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + swapDevices = []; networking = { From 7da7741ea53de2546ee4b61ae1d346dbf3c18149 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:15:06 -0600 Subject: [PATCH 0364/1043] moved environment/server into defiant config --- hosts/defiant/configuration.nix | 2 +- enviroments/server/default.nix => hosts/defiant/services.nix | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename enviroments/server/default.nix => hosts/defiant/services.nix (100%) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 178aedf..009442e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -6,7 +6,7 @@ }: { imports = [ inputs.disko.nixosModules.disko - ../../enviroments/server + ./services.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/enviroments/server/default.nix b/hosts/defiant/services.nix similarity index 100% rename from enviroments/server/default.nix rename to hosts/defiant/services.nix From e94f7e6637f9406286633128147190da00c564cd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:35:31 -0600 Subject: [PATCH 0365/1043] updated flake.lock --- flake.lock | 61 ++++++++++++-------------------- homes/leyla/vscode.nix | 1 - host-modules/nix-development.nix | 5 --- 3 files changed, 22 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index d107388..bf4e9d1 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1732482708, + "narHash": "sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732248209, - "narHash": "sha256-Mv8k0VuGdb6YhhKt+8SIvhMdmI4xZhw/3ycSvlAq19Q=", + "lastModified": 1732479769, + "narHash": "sha256-barZy95JsQt4G9EDZ7RNrjgTneelXXfSzRLJJvokjsI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4a8ba00d1be3f3745428ed56efbb32155c548192", + "rev": "80bf66046d8b8624c5991a0c8e512b211acce2b2", "type": "gitlab" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1731235328, - "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "60bb110917844d354f3c18e05450606a435d2d10", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1731289628, - "narHash": "sha256-bMqsWKoGMe4phm6xk2skjlGCCVv44AOom7Wb0eWv5Ic=", + "lastModified": 1732499683, + "narHash": "sha256-Hw95rpgNiyAL4v9pJF2756PMud6O0p/1XQixs5f/Shk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "91665308e59ce26cdcefa73dc85dfd9b39be725c", + "rev": "b376bfa567fd25f9f22b6f51ffaa4f84d0b7c72f", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731332224, - "narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "184687ae1a3139faa4746168baf071f60d0310c8", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { @@ -238,11 +238,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -252,22 +252,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", @@ -303,15 +287,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1731364708, - "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", + "lastModified": 1732186149, + "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c91d52db103e757fc25b58998b0576ae702d659", + "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", "type": "github" }, "original": { diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 6676546..3772949 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -32,7 +32,6 @@ "cSpell.userWords" = [ "webdav" ]; - "nix.serverPath" = "nixd"; "nix.enableLanguageServer" = true; "nixpkgs" = { "expr" = "import {}"; diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index d670418..e350026 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -15,11 +15,6 @@ nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; }; - - environment.systemPackages = with pkgs; [ - # nix langauge server - nixd - ]; }) ]; } From 814817eb5b2d56b6314617a2fb67b9c95841f868 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:39:22 -0600 Subject: [PATCH 0366/1043] removed completed task from README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 1f152e9..4381a4c 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,7 @@ ## Tech Debt - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in server environment into their own flakes -- get rid of environments folder +- move applications in `defiant/services.nix` into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 265997fc7f9b82314a7a6064acd0c1c8ee3008d6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:43:49 -0600 Subject: [PATCH 0367/1043] removed unused parameter in module --- host-modules/nix-development.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index e350026..2608ba3 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: { From 5dd16b04bda9f6a6bff1ae99106df93206fe1e81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:01:00 -0600 Subject: [PATCH 0368/1043] added nix language server and formatter to vscode --- homes/leyla/vscode.nix | 51 +++++++++++++++++++++----------- host-modules/nix-development.nix | 7 +++++ 2 files changed, 40 insertions(+), 18 deletions(-) diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 3772949..d921604 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -1,8 +1,12 @@ { + lib, pkgs, inputs, + osConfig, ... -}: { +}: let + nix-development-enabled = osConfig.host.nix-development.enable; +in { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -27,19 +31,28 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - "nix.enableLanguageServer" = true; - "nixpkgs" = { - "expr" = "import {}"; - }; - # "fomratting": { - # "command": [ "alejandra" ]; - # }; - }; + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + ]; extensions = ( with open-vsx; @@ -52,10 +65,6 @@ streetsidesoftware.code-spell-checker-italian jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - # html extensions formulahendry.auto-rename-tag ms-vscode.live-server @@ -75,6 +84,12 @@ # misc extensions bungcip.better-toml ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) ++ ( with vscode-marketplace; [ # js extensions diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index 2608ba3..6eeddc4 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, inputs, ... @@ -14,6 +15,12 @@ nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; }; + environment.systemPackages = with pkgs; [ + # nix language server + nil + # nix formatter + alejandra + ]; }) ]; } From c38754530f8efccfc70a5217be5c9a7373921c1d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:01:55 -0600 Subject: [PATCH 0369/1043] ran linter From db799a8253db07d61be6329dbe6c814b5f3e50e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:14:50 -0600 Subject: [PATCH 0370/1043] moved spellcheck to separate file --- .gitignore | 4 +- .vscode/settings.json | 19 +++++ homes/leyla/i18n.nix | 2 +- homes/leyla/packages.nix | 8 +- homes/leyla/vscode/default.nix | 101 +++++++++++++++++++++++ homes/leyla/vscode/user-words.nix | 3 + hosts/defiant/hardware-configuration.nix | 4 +- hosts/defiant/services.nix | 16 ++-- 8 files changed, 141 insertions(+), 16 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 homes/leyla/vscode/default.nix create mode 100644 homes/leyla/vscode/user-words.nix diff --git a/.gitignore b/.gitignore index d1da3a8..ce2538f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ result -.direnv \ No newline at end of file +.direnv +.vscode/* +!.vscode/settings.json \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..b152cc4 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,19 @@ +{ + "cSpell.words": [ + "bitwarden", + "forgejo", + "gids", + "headscale", + "jellyfin", + "macvlan", + "nextcloud", + "nixos", + "nixpkgs", + "pihole", + "pkgs", + "rpool", + "searx", + "ublock", + "uids" + ] +} \ No newline at end of file diff --git a/homes/leyla/i18n.nix b/homes/leyla/i18n.nix index a4f41dd..f12cd95 100644 --- a/homes/leyla/i18n.nix +++ b/homes/leyla/i18n.nix @@ -6,7 +6,7 @@ # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now LC_MONETARY = "en_US.UTF-8"; # to be changed once I move - LC_PAPER = "en_US.UTF-8"; # convient for american printers until I move + LC_PAPER = "en_US.UTF-8"; # convenient for american printers until I move }; }; } diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 12bef3a..1845f65 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - userConifg = osConfig.host.users.leyla; + userConfig = osConfig.host.users.leyla; hardware = osConfig.host.hardware; in { imports = [ @@ -14,16 +14,16 @@ in { home = { packages = - lib.lists.optionals userConifg.isTerminalUser ( + lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ - # comand line tools + # command line tools yt-dlp ffmpeg imagemagick ] ) ++ ( - lib.lists.optionals userConifg.isDesktopUser ( + lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/leyla/vscode/default.nix b/homes/leyla/vscode/default.nix new file mode 100644 index 0000000..641fff9 --- /dev/null +++ b/homes/leyla/vscode/default.nix @@ -0,0 +1,101 @@ +{ + lib, + pkgs, + inputs, + osConfig, + ... +}: let + nix-development-enabled = osConfig.host.nix-development.enable; +in { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = { + code = "codium"; + }; + + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.language" = "en,de-DE,it"; + "cSpell.userWords" = import ./user-words.nix; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + ]; + + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + bungcip.better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); + }; + }; +} diff --git a/homes/leyla/vscode/user-words.nix b/homes/leyla/vscode/user-words.nix new file mode 100644 index 0000000..94a85a2 --- /dev/null +++ b/homes/leyla/vscode/user-words.nix @@ -0,0 +1,3 @@ +[ + "leyla" +] diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index ce994d9..b55bcfd 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -17,7 +17,7 @@ initrd = { availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; kernelModules = []; - # TODO: figure out some kind of snapshotting before rolebacks + # TODO: figure out some kind of snapshotting before rollbacks # postDeviceCommands = lib.mkAfter '' # zfs rollback -r rpool/root@blank # zfs rollback -r rpool/home@blank @@ -127,7 +127,7 @@ # systemd.services = { # # https://github.com/openzfs/zfs/issues/10891 # systemd-udev-settle.enable = false; - # # Snapshots are not accessable on boot for some reason this should fix it + # # Snapshots are not accessible on boot for some reason this should fix it # # https://github.com/NixOS/nixpkgs/issues/257505 # zfs-mount = { # serviceConfig = { diff --git a/hosts/defiant/services.nix b/hosts/defiant/services.nix index 8614e36..ac1d02b 100644 --- a/hosts/defiant/services.nix +++ b/hosts/defiant/services.nix @@ -48,12 +48,12 @@ in { directory = { root = lib.mkOption { type = lib.types.str; - description = "directory that piholes will be hosted at"; + description = "directory that pihole will be hosted at"; default = "/var/lib/pihole"; }; data = lib.mkOption { type = lib.types.str; - description = "directory that piholes data will be hosted at"; + description = "directory that pihole data will be hosted at"; default = "${config.apps.pihole.directory.root}/data"; }; }; @@ -66,7 +66,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that headscale will be hosted at"; + description = "hostname that headscale will be hosted at"; default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; @@ -78,7 +78,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that jellyfin will be hosted at"; + description = "hostname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; mediaDirectory = lib.mkOption { @@ -95,7 +95,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that forgejo will be hosted at"; + description = "hostname that forgejo will be hosted at"; default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; @@ -107,7 +107,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that home-assistant will be hosted at"; + description = "hostname that home-assistant will be hosted at"; default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; @@ -119,7 +119,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that searx will be hosted at"; + description = "hostname that searx will be hosted at"; default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; }; }; @@ -131,7 +131,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that nextcloud will be hosted at"; + description = "hostname that nextcloud will be hosted at"; default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; }; }; From 4c025e0cca58699c56487a073a114be90894dca6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:56:51 -0600 Subject: [PATCH 0371/1043] cleaned up default.nix --- util/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/default.nix b/util/default.nix index ae298ad..efd58c8 100644 --- a/util/default.nix +++ b/util/default.nix @@ -25,7 +25,7 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.extraSpecialArgs = {inherit inputs outputs util;}; home-manager.users = import ../homes nixpkgs; home-manager.sharedModules = home-manager-shared-modules; }; @@ -40,7 +40,7 @@ in { ]; mkSystem = host: - inputs.nixpkgs.lib.nixosSystem { + nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; modules = [ lix-module.nixosModules.default From 3924a5aa8d5b62963c6a39bc0f6123f33376707a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 16:03:55 -0600 Subject: [PATCH 0372/1043] fixed language in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4381a4c..0ff8534 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ ## Tech Debt - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in `defiant/services.nix` into their own flakes +- move applications in `defiant/services.nix` into their own modules ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 0d0443a02a9440fd048d249d3e67611aadbaa066 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 16:58:12 -0600 Subject: [PATCH 0373/1043] restructured repo to support nix-darwin --- .vscode/settings.json | 2 + configurations/darwin/hesperium/default.nix | 1 + .../home-manager}/default.nix | 0 .../home-manager}/ester/default.nix | 0 .../home-manager}/eve/default.nix | 0 .../home-manager}/leyla/default.nix | 0 .../home-manager}/leyla/firefox.nix | 0 .../home-manager}/leyla/i18n.nix | 0 .../home-manager}/leyla/packages.nix | 0 .../home-manager}/leyla/vscode.nix | 0 .../home-manager}/leyla/vscode/default.nix | 0 .../home-manager}/leyla/vscode/user-words.nix | 0 .../nixos}/defiant/configuration.nix | 0 .../nixos}/defiant/default.nix | 0 .../nixos}/defiant/disko-config.nix | 0 .../nixos}/defiant/hardware-configuration.nix | 0 .../nixos}/defiant/services.nix | 0 .../nixos}/horizon/configuration.nix | 0 .../nixos}/horizon/default.nix | 0 .../nixos}/horizon/hardware-configuration.nix | 0 .../nixos}/twilight/configuration.nix | 0 .../nixos}/twilight/default.nix | 0 .../twilight/hardware-configuration.nix | 0 flake.lock | 21 +++++++ flake.nix | 26 +++++--- host-modules/home-manager/default.nix | 7 --- modules/{ => common-modules}/default.nix | 0 .../{ => common-modules}/overlays/default.nix | 0 modules/{ => common-modules}/pkgs/default.nix | 0 modules/darwin-modules/default.nix | 6 ++ .../darwin-modules/home-manager/default.nix | 2 + .../home-manager-modules}/default.nix | 1 + .../home-manager-modules}/flipperzero.nix | 0 .../home-manager-modules}/i18n.nix | 0 .../nixos-modules}/default.nix | 3 +- .../nixos-modules}/desktop.nix | 0 .../nixos-modules}/hardware.nix | 0 .../nixos-modules/home-manager/default.nix | 7 +++ .../home-manager/flipperzero.nix | 0 .../nixos-modules}/home-manager/i18n.nix | 0 .../nixos-modules}/i18n.nix | 0 .../nixos-modules}/nix-development.nix | 0 .../nixos-modules}/system.nix | 0 .../nixos-modules}/users.nix | 2 +- modules/system-modules/default.nix | 6 ++ .../system-modules/home-manager/default.nix | 2 + util/default.nix | 59 +++++++++++++------ 47 files changed, 111 insertions(+), 34 deletions(-) create mode 100644 configurations/darwin/hesperium/default.nix rename {homes => configurations/home-manager}/default.nix (100%) rename {homes => configurations/home-manager}/ester/default.nix (100%) rename {homes => configurations/home-manager}/eve/default.nix (100%) rename {homes => configurations/home-manager}/leyla/default.nix (100%) rename {homes => configurations/home-manager}/leyla/firefox.nix (100%) rename {homes => configurations/home-manager}/leyla/i18n.nix (100%) rename {homes => configurations/home-manager}/leyla/packages.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode/default.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode/user-words.nix (100%) rename {hosts => configurations/nixos}/defiant/configuration.nix (100%) rename {hosts => configurations/nixos}/defiant/default.nix (100%) rename {hosts => configurations/nixos}/defiant/disko-config.nix (100%) rename {hosts => configurations/nixos}/defiant/hardware-configuration.nix (100%) rename {hosts => configurations/nixos}/defiant/services.nix (100%) rename {hosts => configurations/nixos}/horizon/configuration.nix (100%) rename {hosts => configurations/nixos}/horizon/default.nix (100%) rename {hosts => configurations/nixos}/horizon/hardware-configuration.nix (100%) rename {hosts => configurations/nixos}/twilight/configuration.nix (100%) rename {hosts => configurations/nixos}/twilight/default.nix (100%) rename {hosts => configurations/nixos}/twilight/hardware-configuration.nix (100%) delete mode 100644 host-modules/home-manager/default.nix rename modules/{ => common-modules}/default.nix (100%) rename modules/{ => common-modules}/overlays/default.nix (100%) rename modules/{ => common-modules}/pkgs/default.nix (100%) create mode 100644 modules/darwin-modules/default.nix create mode 100644 modules/darwin-modules/home-manager/default.nix rename {home-modules => modules/home-manager-modules}/default.nix (51%) rename {home-modules => modules/home-manager-modules}/flipperzero.nix (100%) rename {home-modules => modules/home-manager-modules}/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/default.nix (74%) rename {host-modules => modules/nixos-modules}/desktop.nix (100%) rename {host-modules => modules/nixos-modules}/hardware.nix (100%) create mode 100644 modules/nixos-modules/home-manager/default.nix rename {host-modules => modules/nixos-modules}/home-manager/flipperzero.nix (100%) rename {host-modules => modules/nixos-modules}/home-manager/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/nix-development.nix (100%) rename {host-modules => modules/nixos-modules}/system.nix (100%) rename {host-modules => modules/nixos-modules}/users.nix (99%) create mode 100644 modules/system-modules/default.nix create mode 100644 modules/system-modules/home-manager/default.nix diff --git a/.vscode/settings.json b/.vscode/settings.json index b152cc4..8d6717e 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,9 +1,11 @@ { "cSpell.words": [ + "attrsets", "bitwarden", "forgejo", "gids", "headscale", + "hesperium", "jellyfin", "macvlan", "nextcloud", diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix new file mode 100644 index 0000000..6462967 --- /dev/null +++ b/configurations/darwin/hesperium/default.nix @@ -0,0 +1 @@ +{...}: {} diff --git a/homes/default.nix b/configurations/home-manager/default.nix similarity index 100% rename from homes/default.nix rename to configurations/home-manager/default.nix diff --git a/homes/ester/default.nix b/configurations/home-manager/ester/default.nix similarity index 100% rename from homes/ester/default.nix rename to configurations/home-manager/ester/default.nix diff --git a/homes/eve/default.nix b/configurations/home-manager/eve/default.nix similarity index 100% rename from homes/eve/default.nix rename to configurations/home-manager/eve/default.nix diff --git a/homes/leyla/default.nix b/configurations/home-manager/leyla/default.nix similarity index 100% rename from homes/leyla/default.nix rename to configurations/home-manager/leyla/default.nix diff --git a/homes/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix similarity index 100% rename from homes/leyla/firefox.nix rename to configurations/home-manager/leyla/firefox.nix diff --git a/homes/leyla/i18n.nix b/configurations/home-manager/leyla/i18n.nix similarity index 100% rename from homes/leyla/i18n.nix rename to configurations/home-manager/leyla/i18n.nix diff --git a/homes/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix similarity index 100% rename from homes/leyla/packages.nix rename to configurations/home-manager/leyla/packages.nix diff --git a/homes/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix similarity index 100% rename from homes/leyla/vscode.nix rename to configurations/home-manager/leyla/vscode.nix diff --git a/homes/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix similarity index 100% rename from homes/leyla/vscode/default.nix rename to configurations/home-manager/leyla/vscode/default.nix diff --git a/homes/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix similarity index 100% rename from homes/leyla/vscode/user-words.nix rename to configurations/home-manager/leyla/vscode/user-words.nix diff --git a/hosts/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix similarity index 100% rename from hosts/defiant/configuration.nix rename to configurations/nixos/defiant/configuration.nix diff --git a/hosts/defiant/default.nix b/configurations/nixos/defiant/default.nix similarity index 100% rename from hosts/defiant/default.nix rename to configurations/nixos/defiant/default.nix diff --git a/hosts/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix similarity index 100% rename from hosts/defiant/disko-config.nix rename to configurations/nixos/defiant/disko-config.nix diff --git a/hosts/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix similarity index 100% rename from hosts/defiant/hardware-configuration.nix rename to configurations/nixos/defiant/hardware-configuration.nix diff --git a/hosts/defiant/services.nix b/configurations/nixos/defiant/services.nix similarity index 100% rename from hosts/defiant/services.nix rename to configurations/nixos/defiant/services.nix diff --git a/hosts/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix similarity index 100% rename from hosts/horizon/configuration.nix rename to configurations/nixos/horizon/configuration.nix diff --git a/hosts/horizon/default.nix b/configurations/nixos/horizon/default.nix similarity index 100% rename from hosts/horizon/default.nix rename to configurations/nixos/horizon/default.nix diff --git a/hosts/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix similarity index 100% rename from hosts/horizon/hardware-configuration.nix rename to configurations/nixos/horizon/hardware-configuration.nix diff --git a/hosts/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix similarity index 100% rename from hosts/twilight/configuration.nix rename to configurations/nixos/twilight/configuration.nix diff --git a/hosts/twilight/default.nix b/configurations/nixos/twilight/default.nix similarity index 100% rename from hosts/twilight/default.nix rename to configurations/nixos/twilight/default.nix diff --git a/hosts/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix similarity index 100% rename from hosts/twilight/hardware-configuration.nix rename to configurations/nixos/twilight/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index bf4e9d1..90c0c06 100644 --- a/flake.lock +++ b/flake.lock @@ -198,6 +198,26 @@ "url": "https://git.lix.systems/lix-project/nixos-module" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732420287, + "narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", @@ -259,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "lix-module": "lix-module", + "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 6845fcf..566102c 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities + # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities secrets = { url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; flake = false; @@ -28,6 +28,11 @@ # url = "github:nix-community/impermanence"; # }; + nix-darwin = { + url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # users home directories home-manager = { url = "github:nix-community/home-manager"; @@ -70,7 +75,8 @@ } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkSystem = util.mkSystem; + mkNixosSystem = util.mkNixosSystem; + mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -95,6 +101,16 @@ }; }); + nixosConfigurations = { + horizon = mkNixosSystem "horizon"; + twilight = mkNixosSystem "twilight"; + defiant = mkNixosSystem "defiant"; + }; + + darwinConfigurations = { + hesperium = mkDarwinSystem "hesperium"; + }; + homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { @@ -105,11 +121,5 @@ )) self.nixosConfigurations ); - - nixosConfigurations = { - horizon = mkSystem "horizon"; - twilight = mkSystem "twilight"; - defiant = mkSystem "defiant"; - }; }; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix deleted file mode 100644 index 5454594..0000000 --- a/host-modules/home-manager/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -# modules in this folder are to adapt home manager modules defined in `home-modules` to any nix module configs that they need to set -{...}: { - imports = [ - ./flipperzero.nix - ./i18n.nix - ]; -} diff --git a/modules/default.nix b/modules/common-modules/default.nix similarity index 100% rename from modules/default.nix rename to modules/common-modules/default.nix diff --git a/modules/overlays/default.nix b/modules/common-modules/overlays/default.nix similarity index 100% rename from modules/overlays/default.nix rename to modules/common-modules/overlays/default.nix diff --git a/modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix similarity index 100% rename from modules/pkgs/default.nix rename to modules/common-modules/pkgs/default.nix diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix new file mode 100644 index 0000000..ddf2323 --- /dev/null +++ b/modules/darwin-modules/default.nix @@ -0,0 +1,6 @@ +# this folder container modules that are for darwin only +{...}: { + imports = [ + ./home-manager + ]; +} diff --git a/modules/darwin-modules/home-manager/default.nix b/modules/darwin-modules/home-manager/default.nix new file mode 100644 index 0000000..1ebec5f --- /dev/null +++ b/modules/darwin-modules/home-manager/default.nix @@ -0,0 +1,2 @@ +# modules in this folder are to adapt home-manager modules configs to darwin-module configs +{...}: {} diff --git a/home-modules/default.nix b/modules/home-manager-modules/default.nix similarity index 51% rename from home-modules/default.nix rename to modules/home-manager-modules/default.nix index b3f5c45..9fb37f2 100644 --- a/home-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,3 +1,4 @@ +# this folder container modules that are for home manager only {...}: { imports = [ ./flipperzero.nix diff --git a/home-modules/flipperzero.nix b/modules/home-manager-modules/flipperzero.nix similarity index 100% rename from home-modules/flipperzero.nix rename to modules/home-manager-modules/flipperzero.nix diff --git a/home-modules/i18n.nix b/modules/home-manager-modules/i18n.nix similarity index 100% rename from home-modules/i18n.nix rename to modules/home-manager-modules/i18n.nix diff --git a/host-modules/default.nix b/modules/nixos-modules/default.nix similarity index 74% rename from host-modules/default.nix rename to modules/nixos-modules/default.nix index 4ad79d0..1414cf2 100644 --- a/host-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -1,11 +1,12 @@ +# this folder container modules that are for nixos only {...}: { imports = [ + ./home-manager ./system.nix ./hardware.nix ./users.nix ./desktop.nix ./nix-development.nix ./i18n.nix - ./home-manager ]; } diff --git a/host-modules/desktop.nix b/modules/nixos-modules/desktop.nix similarity index 100% rename from host-modules/desktop.nix rename to modules/nixos-modules/desktop.nix diff --git a/host-modules/hardware.nix b/modules/nixos-modules/hardware.nix similarity index 100% rename from host-modules/hardware.nix rename to modules/nixos-modules/hardware.nix diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix new file mode 100644 index 0000000..3848e1b --- /dev/null +++ b/modules/nixos-modules/home-manager/default.nix @@ -0,0 +1,7 @@ +# modules in this folder are to adapt home-manager modules configs to nixos-module configs +{...}: { + imports = [ + ./flipperzero.nix + ./i18n.nix + ]; +} diff --git a/host-modules/home-manager/flipperzero.nix b/modules/nixos-modules/home-manager/flipperzero.nix similarity index 100% rename from host-modules/home-manager/flipperzero.nix rename to modules/nixos-modules/home-manager/flipperzero.nix diff --git a/host-modules/home-manager/i18n.nix b/modules/nixos-modules/home-manager/i18n.nix similarity index 100% rename from host-modules/home-manager/i18n.nix rename to modules/nixos-modules/home-manager/i18n.nix diff --git a/host-modules/i18n.nix b/modules/nixos-modules/i18n.nix similarity index 100% rename from host-modules/i18n.nix rename to modules/nixos-modules/i18n.nix diff --git a/host-modules/nix-development.nix b/modules/nixos-modules/nix-development.nix similarity index 100% rename from host-modules/nix-development.nix rename to modules/nixos-modules/nix-development.nix diff --git a/host-modules/system.nix b/modules/nixos-modules/system.nix similarity index 100% rename from host-modules/system.nix rename to modules/nixos-modules/system.nix diff --git a/host-modules/users.nix b/modules/nixos-modules/users.nix similarity index 99% rename from host-modules/users.nix rename to modules/nixos-modules/users.nix index 23771a3..e5a8a91 100644 --- a/host-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -4,7 +4,7 @@ inputs, ... }: let - SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix; + SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; host = config.host; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix new file mode 100644 index 0000000..f6605ce --- /dev/null +++ b/modules/system-modules/default.nix @@ -0,0 +1,6 @@ +# this folder container modules that are for nixos and darwin +{...}: { + imports = [ + ./home-manager + ]; +} diff --git a/modules/system-modules/home-manager/default.nix b/modules/system-modules/home-manager/default.nix new file mode 100644 index 0000000..3745b8f --- /dev/null +++ b/modules/system-modules/home-manager/default.nix @@ -0,0 +1,2 @@ +# modules in this folder are to adapt home-manager modules configs to system-module configs +{...}: {} diff --git a/util/default.nix b/util/default.nix index efd58c8..32acca1 100644 --- a/util/default.nix +++ b/util/default.nix @@ -6,6 +6,7 @@ lix-module = inputs.lix-module; nixpkgs = inputs.nixpkgs; home-manager = inputs.home-manager; + nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; systems = [ @@ -17,18 +18,34 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; - home-manager-shared-modules = [ - ../modules - ../home-modules + common-modules = [ + lix-module.nixosModules.default + ../modules/common-modules ]; + + home-manager-modules = + common-modules + ++ [ + ../modules/home-manager-modules + ]; + home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs outputs util;}; - home-manager.users = import ../homes nixpkgs; - home-manager.sharedModules = home-manager-shared-modules; + home-manager.users = import ../configurations/home-manager nixpkgs; + home-manager.sharedModules = home-manager-modules; }; + + system-modules = + common-modules + ++ [ + ../modules/system-modules + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + home-manager-config + ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -39,18 +56,26 @@ in { (lib.mkUnless condition no) ]; - mkSystem = host: + mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; - modules = [ - lix-module.nixosModules.default - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager - home-manager-config - ../modules - ../host-modules - ../hosts/${host} - ]; + modules = + system-modules + ++ [ + ../modules/nixos-modules + ../configurations/nixos/${host} + ]; + }; + + mkDarwinSystem = host: + nix-darwin.lib.darwinSystem { + specialArgs = {inherit inputs outputs util;}; + modules = + system-modules + ++ [ + ../modules/darwin-modules + ../configurations/darwin/${host} + ]; }; mkHome = user: host: system: osConfig: @@ -60,9 +85,9 @@ in { inherit inputs util outputs osConfig; }; modules = - home-manager-shared-modules + home-manager-modules ++ [ - ../homes/${user} + ../configurations/home-manager/${user} ]; }; } From 5f21fd43ff6eb643762c81e6380eb878f9b6d8ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 18:28:55 -0600 Subject: [PATCH 0374/1043] fixed nix-darwin building --- .../darwin/hesperium/configuration.nix | 20 ++++ configurations/darwin/hesperium/default.nix | 6 +- modules/darwin-modules/default.nix | 2 + modules/darwin-modules/system.nix | 27 ++++++ modules/darwin-modules/users.nix | 20 ++++ modules/nixos-modules/default.nix | 2 +- modules/nixos-modules/ssh.nix | 13 +++ modules/nixos-modules/system.nix | 15 --- modules/nixos-modules/users.nix | 85 ---------------- modules/system-modules/default.nix | 3 + .../nix-development.nix | 0 modules/system-modules/system.nix | 7 ++ modules/system-modules/users.nix | 97 +++++++++++++++++++ util/default.nix | 9 +- 14 files changed, 201 insertions(+), 105 deletions(-) create mode 100644 configurations/darwin/hesperium/configuration.nix create mode 100644 modules/darwin-modules/system.nix create mode 100644 modules/darwin-modules/users.nix create mode 100644 modules/nixos-modules/ssh.nix rename modules/{nixos-modules => system-modules}/nix-development.nix (100%) create mode 100644 modules/system-modules/system.nix create mode 100644 modules/system-modules/users.nix diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix new file mode 100644 index 0000000..08fc59f --- /dev/null +++ b/configurations/darwin/hesperium/configuration.nix @@ -0,0 +1,20 @@ +{...}: { + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + ester = { + isPrincipleUser = true; + isNormalUser = true; + }; + eve.isNormalUser = false; + }; + }; + + system.stateVersion = 5; + + nixpkgs.hostPlatform = "aarch64-darwin"; +} diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix index 6462967..220a6fb 100644 --- a/configurations/darwin/hesperium/default.nix +++ b/configurations/darwin/hesperium/default.nix @@ -1 +1,5 @@ -{...}: {} +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix index ddf2323..5f4447b 100644 --- a/modules/darwin-modules/default.nix +++ b/modules/darwin-modules/default.nix @@ -2,5 +2,7 @@ {...}: { imports = [ ./home-manager + ./users.nix + ./system.nix ]; } diff --git a/modules/darwin-modules/system.nix b/modules/darwin-modules/system.nix new file mode 100644 index 0000000..ee56162 --- /dev/null +++ b/modules/darwin-modules/system.nix @@ -0,0 +1,27 @@ +{self, ...}: { + system.configurationRevision = self.rev or self.dirtyRev or null; + + nix = { + gc = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + }; + }; +} diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix new file mode 100644 index 0000000..f0b55c0 --- /dev/null +++ b/modules/darwin-modules/users.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + host = config.host; +in { + users = { + users = { + leyla = { + name = lib.mkForce host.users.leyla.name; + home = lib.mkForce "/home/${host.users.leyla.name}"; + }; + ester = { + name = lib.mkForce host.users.ester.name; + home = lib.mkForce "/home/${host.users.ester.name}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 1414cf2..85e6c5a 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -6,7 +6,7 @@ ./hardware.nix ./users.nix ./desktop.nix - ./nix-development.nix + ./ssh.nix ./i18n.nix ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix new file mode 100644 index 0000000..0360cfc --- /dev/null +++ b/modules/nixos-modules/ssh.nix @@ -0,0 +1,13 @@ +{...}: { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 918c219..b839067 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,8 +1,5 @@ {...}: { nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; gc = { automatic = true; dates = "weekly"; @@ -13,16 +10,4 @@ dates = ["weekly"]; }; }; - - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e5a8a91..214ccd6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -8,7 +8,6 @@ host = config.host; - hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; # normalUsers = host.normalUsers; @@ -44,91 +43,7 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host = { - users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - config, - name, - ... - }: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - isPrincipleUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should be configured as root and have ssh access - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; - }; - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications and can log in - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); - }; - hostUsers = lib.mkOption { - default = lib.attrsets.mapAttrsToList (_: user: user) host.users; - }; - principleUsers = lib.mkOption { - default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; - }; - normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; - }; - terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; - }; - }; - config = { - assertions = - ( - builtins.map (user: { - assertion = !(user.isPrincipleUser && !user.isNormalUser); - message = '' - Non normal user ${user.name} can not be a principle user. - ''; - }) - hostUsers - ) - ++ [ - { - assertion = (builtins.length principleUsers) > 0; - message = '' - At least one user must be a principle user. - ''; - } - ]; - # principle users are by definition trusted nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix index f6605ce..637b6b5 100644 --- a/modules/system-modules/default.nix +++ b/modules/system-modules/default.nix @@ -2,5 +2,8 @@ {...}: { imports = [ ./home-manager + ./system.nix + ./nix-development.nix + ./users.nix ]; } diff --git a/modules/nixos-modules/nix-development.nix b/modules/system-modules/nix-development.nix similarity index 100% rename from modules/nixos-modules/nix-development.nix rename to modules/system-modules/nix-development.nix diff --git a/modules/system-modules/system.nix b/modules/system-modules/system.nix new file mode 100644 index 0000000..f464835 --- /dev/null +++ b/modules/system-modules/system.nix @@ -0,0 +1,7 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + }; +} diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix new file mode 100644 index 0000000..33df3d1 --- /dev/null +++ b/modules/system-modules/users.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + ... +}: let + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; +in { + options.host = { + users = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications and can log in + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + }; + + config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + }; +} diff --git a/util/default.nix b/util/default.nix index 32acca1..f04f9c9 100644 --- a/util/default.nix +++ b/util/default.nix @@ -26,6 +26,7 @@ home-manager-modules = common-modules ++ [ + sops-nix.homeManagerModules.sops ../modules/home-manager-modules ]; @@ -41,10 +42,8 @@ system-modules = common-modules ++ [ - ../modules/system-modules - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager home-manager-config + ../modules/system-modules ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -62,6 +61,8 @@ in { modules = system-modules ++ [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} ]; @@ -73,6 +74,8 @@ in { modules = system-modules ++ [ + sops-nix.darwinModules.sops + home-manager.darwinModules.home-manager ../modules/darwin-modules ../configurations/darwin/${host} ]; From 25838886153aac3477c22f04ddcc621ca3df9086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 19:05:13 -0600 Subject: [PATCH 0375/1043] added darwinConfigurations to homeConfigurations outputs --- flake.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 566102c..152ea63 100644 --- a/flake.nix +++ b/flake.nix @@ -75,9 +75,21 @@ } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; + mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + + systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( + nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( + nixpkgs.lib.attrsets.mapAttrs' (user: _: { + name = "${user}@${hostname}"; + value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + }) + system.config.home-manager.users + )) + (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations) + ); in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -111,15 +123,11 @@ hesperium = mkDarwinSystem "hesperium"; }; - homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( - nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( - nixpkgs.lib.attrsets.mapAttrs' (user: _: { - name = "${user}@${hostname}"; - value = mkHome user hostname system.pkgs.hostPlatform.system system.config; - }) - system.config.home-manager.users - )) - self.nixosConfigurations - ); + homeConfigurations = + systemsHomes + // { + # stand alone configurations here: + # name = mkHome "name" + }; }; } From c487b261125b1c3c92fdabfac6362b120fcb36b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 20:32:25 -0600 Subject: [PATCH 0376/1043] added entry to host map --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ff8534..f1f554f 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | NAS Server | Leyla | Service | +| `defiant` | NAS Server | Leyla | Server | +| `hesperium` | Mac | ????? | ??? | | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | From 9d888222669e6f2ebd4e875d5f6dab7dcdb97f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 22:37:08 -0600 Subject: [PATCH 0377/1043] started draft for installer --- build-installer.sh | 30 +++++++++++++ .../installer/basic/configuration.nix | 19 ++++++++ configurations/installer/basic/default.nix | 5 +++ flake.nix | 45 ++++++++++++------- util/default.nix | 10 +++++ 5 files changed, 94 insertions(+), 15 deletions(-) create mode 100644 build-installer.sh create mode 100644 configurations/installer/basic/configuration.nix create mode 100644 configurations/installer/basic/default.nix diff --git a/build-installer.sh b/build-installer.sh new file mode 100644 index 0000000..e124091 --- /dev/null +++ b/build-installer.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + # --user*|-u*) + # if [[ "$1" != *=* ]]; then shift; fi + # user="${1#*=}" + # ;; + --help|-h) + echo "--help -h: print this message" + echo "--flake -f: set the flake to build an installer for" + # echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +flake=${flake:-"basic"} +user=${user:-$USER} + +nix build .#installerConfigurations.$flake.config.system.build.isoImage \ No newline at end of file diff --git a/configurations/installer/basic/configuration.nix b/configurations/installer/basic/configuration.nix new file mode 100644 index 0000000..4e63727 --- /dev/null +++ b/configurations/installer/basic/configuration.nix @@ -0,0 +1,19 @@ +{ + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")]; + + systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host" + ]; + + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + + networking.hostName = "installer"; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/configurations/installer/basic/default.nix b/configurations/installer/basic/default.nix new file mode 100644 index 0000000..220a6fb --- /dev/null +++ b/configurations/installer/basic/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/flake.nix b/flake.nix index 152ea63..e90e17c 100644 --- a/flake.nix +++ b/flake.nix @@ -76,10 +76,30 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; + mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + installerSystems = { + basic = mkNixosInstaller "basic" []; + }; + + nixosSystems = { + horizon = mkNixosSystem "horizon"; + twilight = mkNixosSystem "twilight"; + defiant = mkNixosSystem "defiant"; + }; + + darwinSystems = { + hesperium = mkDarwinSystem "hesperium"; + }; + + homeSystems = { + # stand alone home manager configurations here: + # name = mkHome "name" + }; + systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { @@ -88,8 +108,12 @@ }) system.config.home-manager.users )) - (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations) + (nixosSystems // darwinSystems) ); + + homeConfigurations = + systemsHomes + // homeSystems; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -113,21 +137,12 @@ }; }); - nixosConfigurations = { - horizon = mkNixosSystem "horizon"; - twilight = mkNixosSystem "twilight"; - defiant = mkNixosSystem "defiant"; - }; + installerConfigurations = installerSystems; - darwinConfigurations = { - hesperium = mkDarwinSystem "hesperium"; - }; + nixosConfigurations = nixosSystems; - homeConfigurations = - systemsHomes - // { - # stand alone configurations here: - # name = mkHome "name" - }; + darwinConfigurations = darwinSystems; + + homeConfigurations = homeConfigurations; }; } diff --git a/util/default.nix b/util/default.nix index f04f9c9..41d985a 100644 --- a/util/default.nix +++ b/util/default.nix @@ -55,6 +55,16 @@ in { (lib.mkUnless condition no) ]; + mkNixosInstaller = host: userKeys: + nixpkgs.lib.nixosSystem { + modules = [ + { + # TODO: authorized keys for all users + } + ../configurations/nixos/${host} + ]; + }; + mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; From aa5ac89d24d874b32d2b04ac9bada9a64a2ac85c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 29 Nov 2024 15:24:04 -0600 Subject: [PATCH 0378/1043] updated flake.lock --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 90c0c06..b87338f 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732482708, - "narHash": "sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk=", + "lastModified": 1732894783, + "narHash": "sha256-7hBU7L07hYPNjamlm/v5scUUwsHQJvyb1a4flozHNt0=", "owner": "nix-community", "repo": "disko", - "rev": "47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a", + "rev": "a75ba3b87b7ff230ca8b3a1fbfd4ad907a1a5fa2", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732479769, - "narHash": "sha256-barZy95JsQt4G9EDZ7RNrjgTneelXXfSzRLJJvokjsI=", + "lastModified": 1732885410, + "narHash": "sha256-2j7D78uvwmlK8pjrMlgLQ8TaeBanDh+XelecDIhYBuY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "80bf66046d8b8624c5991a0c8e512b211acce2b2", + "rev": "9eee63f59ec8d181539d1920a0540094769706ac", "type": "gitlab" }, "original": { @@ -45,11 +45,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1732722421, + "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", "ref": "stable", - "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", - "revCount": 110, + "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", + "revCount": 113, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -205,11 +205,11 @@ ] }, "locked": { - "lastModified": 1732420287, - "narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=", + "lastModified": 1732603785, + "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a", + "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1732499683, - "narHash": "sha256-Hw95rpgNiyAL4v9pJF2756PMud6O0p/1XQixs5f/Shk=", + "lastModified": 1732845259, + "narHash": "sha256-9TCmYZDamS853/KYtIESi8sAKomQWZXSxI1MaB3rGJ8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b376bfa567fd25f9f22b6f51ffaa4f84d0b7c72f", + "rev": "06e54246d3c91e3d5015027516100b58fc3ec986", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -311,11 +311,11 @@ ] }, "locked": { - "lastModified": 1732186149, - "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", + "lastModified": 1732575825, + "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", + "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "type": "github" }, "original": { From 7c296ffb6aba1c6d4bdb24f7e9e8b46631822a25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Dec 2024 06:56:44 -0600 Subject: [PATCH 0379/1043] added task to README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f1f554f..b503706 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ +- this guy might have a working zfs disko impermanence system - https://github.com/djacu/nixos-config/blob/main/hosts/adalon/disko-config.nix # Tasks: @@ -54,4 +55,5 @@ - mastodon server - tail scale clients - wake on LAN -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- Immich \ No newline at end of file From c016efc0ee79e04a02b3d444c8be49aee9dcd10e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Dec 2024 18:37:36 -0600 Subject: [PATCH 0380/1043] added note to install script --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 0ed7cb8..c77d748 100755 --- a/install.sh +++ b/install.sh @@ -39,6 +39,7 @@ if [ -z ${flake} ]; then exit 1; fi +# TODO: we might not need to copy the key over here anymore? temp=$(mktemp -d) # Function to cleanup temporary directory on exit cleanup() { From d2b3f0116e7e50907cb4e64988b1e5318c70456e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Dec 2024 20:06:57 -0600 Subject: [PATCH 0381/1043] updated flake lock and removed lix --- flake.lock | 143 ++++++++++------------------------------------- flake.nix | 6 -- util/default.nix | 2 - 3 files changed, 28 insertions(+), 123 deletions(-) diff --git a/flake.lock b/flake.lock index b87338f..7d882de 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732894783, - "narHash": "sha256-7hBU7L07hYPNjamlm/v5scUUwsHQJvyb1a4flozHNt0=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "a75ba3b87b7ff230ca8b3a1fbfd4ad907a1a5fa2", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732885410, - "narHash": "sha256-2j7D78uvwmlK8pjrMlgLQ8TaeBanDh+XelecDIhYBuY=", + "lastModified": 1733354814, + "narHash": "sha256-GNtstc88gUJllOun6UFQzg7P+fDtWkajxN4kUKPLFsw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9eee63f59ec8d181539d1920a0540094769706ac", + "rev": "fd1cc13f297bb18b85a776060edca35b18c7a324", "type": "gitlab" }, "original": { @@ -45,11 +45,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -93,24 +93,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -125,21 +107,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -147,11 +114,11 @@ ] }, "locked": { - "lastModified": 1732884235, - "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", + "lastModified": 1733354384, + "narHash": "sha256-foZG2PLwumxYZkpXq7ajHDhuQlXaUeKfOpFfQpMviLM=", "owner": "nix-community", "repo": "home-manager", - "rev": "819f682269f4e002884702b87e445c82840c68f2", + "rev": "0daaded612b0e6eaed0a63fc9d0778d8f05940fe", "type": "github" }, "original": { @@ -160,44 +127,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "ref": "stable", - "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", - "revCount": 113, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "stable", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -205,11 +134,11 @@ ] }, "locked": { - "lastModified": 1732603785, - "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", + "lastModified": 1733351379, + "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", + "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", "type": "github" }, "original": { @@ -221,17 +150,17 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1732845259, - "narHash": "sha256-9TCmYZDamS853/KYtIESi8sAKomQWZXSxI1MaB3rGJ8=", + "lastModified": 1733277416, + "narHash": "sha256-+r1bhEqW0ACV+E8TID6FvW0/YJ+46SQ9yk6DpyHtRWg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "06e54246d3c91e3d5015027516100b58fc3ec986", + "rev": "3ea774bace6ac2f8db48a1c1d59271e0209e4b96", "type": "github" }, "original": { @@ -242,11 +171,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733217105, + "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", "type": "github" }, "original": { @@ -258,11 +187,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -278,7 +207,6 @@ "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -311,11 +239,11 @@ ] }, "locked": { - "lastModified": 1732575825, - "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { @@ -338,21 +266,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e90e17c..bcc31d7 100644 --- a/flake.nix +++ b/flake.nix @@ -60,12 +60,6 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; - - # lix in nice ig - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { diff --git a/util/default.nix b/util/default.nix index 41d985a..ce85a7f 100644 --- a/util/default.nix +++ b/util/default.nix @@ -3,7 +3,6 @@ outputs = inputs.self.outputs; lib = inputs.lib; - lix-module = inputs.lix-module; nixpkgs = inputs.nixpkgs; home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; @@ -19,7 +18,6 @@ pkgsFor = system: nixpkgs.legacyPackages.${system}; common-modules = [ - lix-module.nixosModules.default ../modules/common-modules ]; From 848c57caa04b2c6b103144b552c4cad8a555a511 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Dec 2024 21:58:11 -0600 Subject: [PATCH 0382/1043] got impermanence to wipe drive --- configurations/home-manager/leyla/default.nix | 1 + .../home-manager/leyla/impermanence.nix | 21 ++ .../nixos/defiant/configuration.nix | 57 +++-- configurations/nixos/defiant/default.nix | 3 +- configurations/nixos/defiant/disko-config.nix | 196 ++++++++++-------- .../nixos/defiant/hardware-configuration.nix | 122 +---------- configurations/nixos/defiant/impermanence.nix | 87 ++++++++ flake.lock | 16 ++ flake.nix | 9 +- util/default.nix | 3 + 10 files changed, 281 insertions(+), 234 deletions(-) create mode 100644 configurations/home-manager/leyla/impermanence.nix create mode 100644 configurations/nixos/defiant/impermanence.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index ba8535d..48d38db 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -6,6 +6,7 @@ imports = [ ./i18n.nix ./packages.nix + ./impermanence.nix ]; config = { diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix new file mode 100644 index 0000000..c5f228f --- /dev/null +++ b/configurations/home-manager/leyla/impermanence.nix @@ -0,0 +1,21 @@ +{...}: { + home.persistence."/persistent/home/leyla" = { + directories = [ + "desktop" + "downloads" + "documents" + ".ssh" + ".nixops" + ".local/share/keyrings" + ".local/share/direnv" + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; + # files = [ + # ".screenrc" + # ]; + allowOther = true; + }; +} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 009442e..ec728ca 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -6,7 +6,7 @@ }: { imports = [ inputs.disko.nixosModules.disko - ./services.nix + # ./services.nix ]; nixpkgs.config.allowUnfree = true; @@ -23,37 +23,30 @@ }; }; - boot.loader.grub = { - enable = true; - zfsSupport = true; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - apps = { - base_domain = "jan-leila.com"; - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - pihole = { - image = "pihole/pihole:2024.07.0"; - ip = "192.168.1.201"; - }; - headscale = { - subdomain = "vpn"; - }; - jellyfin = { - subdomain = "media"; - }; - forgejo = { - subdomain = "git"; - }; - nextcloud = { - subdomain = "drive"; - }; - }; + # apps = { + # base_domain = "jan-leila.com"; + # macvlan = { + # subnet = "192.168.1.0/24"; + # gateway = "192.168.1.1"; + # networkInterface = "bond0"; + # }; + # pihole = { + # image = "pihole/pihole:2024.07.0"; + # ip = "192.168.1.201"; + # }; + # headscale = { + # subdomain = "vpn"; + # }; + # jellyfin = { + # subdomain = "media"; + # }; + # forgejo = { + # subdomain = "git"; + # }; + # nextcloud = { + # subdomain = "drive"; + # }; + # }; services = { zfs = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 36e1b6f..d5ea594 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -1,8 +1,9 @@ # server nas {...}: { imports = [ - ./configuration.nix ./disko-config.nix ./hardware-configuration.nix + ./impermanence.nix + ./configuration.nix ]; } diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix index 0be19c4..82fd480 100644 --- a/configurations/nixos/defiant/disko-config.nix +++ b/configurations/nixos/defiant/disko-config.nix @@ -1,26 +1,4 @@ -{...}: let - bootDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - }; - }; - }; +{lib, ...}: let zfsDisk = devicePath: { type = "disk"; device = devicePath; @@ -37,41 +15,41 @@ }; }; }; - # cacheDisk = devicePath: swapSize: { - # type = "disk"; - # device = devicePath; - # content = { - # type = "gpt"; - # partitions = { - # encryptedSwap = { - # size = swapSize; - # content = { - # type = "swap"; - # randomEncryption = true; - # discardPolicy = "both"; - # resumeDevice = true; - # }; - # }; - # zfs = { - # size = "100%"; - # content = { - # type = "zfs"; - # pool = "rpool"; - # }; - # }; - # }; - # }; - # }; + cacheDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; in { disko.devices = { disk = { - boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - - # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; + ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; }; zpool = { rpool = { @@ -84,58 +62,106 @@ in { # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? mode = "mirror"; members = [ - "hd_13_tb_a" - "hd_13_tb_b" - "hd_13_tb_c" + "hd_18_tb_a" + "hd_18_tb_b" + "hd_18_tb_c" ]; } ]; - cache = []; - # cache = [ "ssd_2_tb_a" ];z + cache = ["ssd_4_tb_a"]; }; }; options = { ashift = "12"; + autotrim = "on"; }; - rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - compression = "lz4"; - xattr = "sa"; - acltype = "posixacl"; - canmount = "off"; - "com.sun:auto-snapshot" = "false"; - }; + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + + compression = "lz4"; + + "com.sun:auto-snapshot" = "false"; + } + # TODO: have an option to enable encryption + // lib.attrsets.optionalAttrs false { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + }; datasets = { - root = { + # local datasets are for data that should be considered ephemeral + "local" = { type = "zfs_fs"; - mountpoint = "/"; - options.mountpoint = "legacy"; - postCreateHook = "zfs snapshot rpool/root@blank"; + options.canmount = "off"; }; - home = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/home"; - postCreateHook = "zfs snapshot rpool/home@blank"; - }; - nix = { + # the nix directory is local because its all generable from our configuration + "local/system/nix" = { type = "zfs_fs"; mountpoint = "/nix"; - }; - persistent = { - type = "zfs_fs"; - mountpoint = "/persistent"; options = { - "com.sun:auto-snapshot" = "true"; + atime = "off"; + relatime = "off"; + canmount = "on"; }; }; + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + "local/home/leyla" = { + type = "zfs_fs"; + mountpoint = "/home/leyla"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/home/leyla@blank + ''; + }; + + # persist datasets are datasets that contain information that we would like to keep around + "persist" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/persist/system/root"; + options = { + "com.sun:auto-snapshot" = "true"; + mountpoint = "/persist/system/root"; + }; + }; + "persist/home/leyla" = { + type = "zfs_fs"; + mountpoint = "/persist/home/leyla"; + options = { + "com.sun:auto-snapshot" = "true"; + mountpoint = "/persist/home/leyla"; + }; + }; + + # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system }; }; }; }; + networking = { + hostId = "c51763d6"; + }; } diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index b55bcfd..425cbc2 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -11,136 +11,32 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - security.sudo.extraConfig = "Defaults lecture=never"; - boot = { initrd = { - availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; + availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod"]; kernelModules = []; - # TODO: figure out some kind of snapshotting before rollbacks - # postDeviceCommands = lib.mkAfter '' - # zfs rollback -r rpool/root@blank - # zfs rollback -r rpool/home@blank - # ''; - # systemd = { - # enable = lib.mkDefault true; - # services.rollback = { - # description = "Rollback root filesystem to a pristine state on boot"; - # wantedBy = [ - # "zfs.target" - # "initrd.target" - # ]; - # after = [ - # "zfs-import-rpool.service" - # ]; - # before = [ - # "sysroot.mount" - # "fs.target" - # ]; - # path = with pkgs; [ - # zfs - # ]; - # unitConfig.DefaultDependencies = "no"; - # # serviceConfig = { - # # Type = "oneshot"; - # # ExecStart = - # # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; - # # }; - # serviceConfig.Type = "oneshot"; - # script = '' - # zfs list -t snapshot || echo - # zfs rollback -r rpool/root@blank - # zfs rollback -r rpool/home@blank - # ''; - # }; - # }; }; kernelModules = ["kvm-amd"]; - kernelParams = ["quiet"]; extraModulePackages = []; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; supportedFilesystems = ["zfs"]; zfs.extraPools = ["rpool"]; }; - swapDevices = []; - - # fileSystems = { - # "/" = { - # neededForBoot = true; - # }; - - # "/home" = { - # neededForBoot = true; - # }; - - # "/persistent" = { - # neededForBoot = true; - # }; - # }; - networking = { - hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. useNetworkd = true; }; - # environment.persistence."/persistent" = { - # enable = true; - # hideMounts = true; - # directories = [ - # # "/run/secrets" - - # "/etc/ssh" - - # "/var/log" - # "/var/lib/nixos" - # "/var/lib/systemd/coredump" - - # # config.apps.pihole.directory.root - - # # config.apps.jellyfin.mediaDirectory - # # config.services.jellyfin.configDir - # # config.services.jellyfin.cacheDir - # # config.services.jellyfin.dataDir - - # # "/var/hass" # config.users.users.hass.home - # # "/var/postgresql" # config.users.users.postgresql.home - # # "/var/forgejo" # config.users.users.forgejo.home - # # "/var/nextcloud" # config.users.users.nextcloud.home - # # "/var/headscale" # config.users.users.headscale.home - # ]; - # files = [ - # "/etc/machine-id" - # # config.environment.sessionVariables.SOPS_AGE_KEY_FILE - # ]; - # users.leyla = { - # directories = [ - # "documents" - # ".ssh" - # ]; - # files = []; - # }; - # }; - - # systemd.services = { - # # https://github.com/openzfs/zfs/issues/10891 - # systemd-udev-settle.enable = false; - # # Snapshots are not accessible on boot for some reason this should fix it - # # https://github.com/NixOS/nixpkgs/issues/257505 - # zfs-mount = { - # serviceConfig = { - # # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ]; - # ExecStart = [ - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount" - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount" - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" - # ]; - # }; - # }; - # }; - systemd.network = { enable = true; diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix new file mode 100644 index 0000000..9d8b2af --- /dev/null +++ b/configurations/nixos/defiant/impermanence.nix @@ -0,0 +1,87 @@ +{ + lib, + config, + ... +}: { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/local/home/leyla@blank + ''; + + # systemd.services = { + # # https://github.com/openzfs/zfs/issues/10891 + # systemd-udev-settle.enable = false; + # # Snapshots are not accessible on boot for some reason this should fix it + # # https://github.com/NixOS/nixpkgs/issues/257505 + # zfs-mount = { + # serviceConfig = { + # ExecStart = ["zfs mount -a -o remount"]; + # # ExecStart = [ + # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount" + # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" + # # ]; + # }; + # }; + # }; + + # boot.initrd.systemd.services.rollback = { + # description = "Rollback filesystem to a pristine state on boot"; + # wantedBy = [ + # "initrd.target" + # ]; + # after = [ + # "zfs-import-rpool.service" + # ]; + # before = [ + # "sysroot.mount" + # ]; + # requiredBy = [ + # "sysroot.mount" + # ]; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = '' + # zfs rollback -r rpool/local/system/root@blank + # zfs rollback -r rpool/local/home@blank + # ''; + # }; + # }; + + fileSystems."/".neededForBoot = true; + fileSystems."/home/leyla".neededForBoot = true; + fileSystems."/persist/system/root".neededForBoot = true; + fileSystems."/persist/home/leyla".neededForBoot = true; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/run/secrets" + + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + config.environment.sessionVariables.SOPS_AGE_KEY_FILE + ]; + }; + + security.sudo.extraConfig = "Defaults lecture=never"; +} diff --git a/flake.lock b/flake.lock index 7d882de..83f85f8 100644 --- a/flake.lock +++ b/flake.lock @@ -127,6 +127,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -207,6 +222,7 @@ "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index bcc31d7..54d1f7d 100644 --- a/flake.nix +++ b/flake.nix @@ -24,9 +24,9 @@ }; # delete your darlings - # impermanence = { - # url = "github:nix-community/impermanence"; - # }; + impermanence = { + url = "github:nix-community/impermanence"; + }; nix-darwin = { url = "github:LnL7/nix-darwin"; @@ -65,6 +65,9 @@ outputs = { self, nixpkgs, + sops-nix, + home-manager, + impermanence, ... } @ inputs: let util = import ./util {inherit inputs;}; diff --git a/util/default.nix b/util/default.nix index ce85a7f..9ddb5e8 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + impermanence = inputs.impermanence; systems = [ "aarch64-darwin" @@ -25,6 +26,7 @@ common-modules ++ [ sops-nix.homeManagerModules.sops + impermanence.homeManagerModules.impermanence ../modules/home-manager-modules ]; @@ -70,6 +72,7 @@ in { system-modules ++ [ sops-nix.nixosModules.sops + impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} From 131f730caf2acd8bdaa2683c2fa85ffb4e3b0fcb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 9 Dec 2024 10:52:59 -0600 Subject: [PATCH 0383/1043] added webtoons dl --- configurations/nixos/horizon/configuration.nix | 12 +++++++++++- configurations/nixos/horizon/webtoon-dl.nix | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 configurations/nixos/horizon/webtoon-dl.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 593274c..2d16c74 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + pkgs, + ... +}: { imports = [ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -17,6 +21,12 @@ }; }; + environment.systemPackages = [ + (pkgs.callPackage + ./webtoon-dl.nix + {}) + ]; + # enabled virtualisation for docker # virtualisation.docker = { # enable = true; diff --git a/configurations/nixos/horizon/webtoon-dl.nix b/configurations/nixos/horizon/webtoon-dl.nix new file mode 100644 index 0000000..4341098 --- /dev/null +++ b/configurations/nixos/horizon/webtoon-dl.nix @@ -0,0 +1,18 @@ +{ + buildGoModule, + fetchFromGitHub, + ... +}: +buildGoModule rec { + pname = "webtoon-dl"; + version = "0.0.10"; + + src = fetchFromGitHub { + owner = "robinovitch61"; + repo = "webtoon-dl"; + rev = "v${version}"; + hash = "sha256-geVb3LFPZxPQYARZnaqOr5sgaN6mqkEX5ZiLvg8mF5k="; + }; + + vendorHash = "sha256-NTqUygJ6b6kTnLUnJqxCo/URzaRouPLACEPi2Ob1s9w="; +} From c28731a1a7a26393c854992c4b1914cf0b640ddf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 9 Dec 2024 16:57:13 -0600 Subject: [PATCH 0384/1043] made impermanence work --- configurations/nixos/defiant/disko-config.nix | 18 ++++++++++++++++-- configurations/nixos/defiant/impermanence.nix | 8 ++------ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix index 82fd480..677a646 100644 --- a/configurations/nixos/defiant/disko-config.nix +++ b/configurations/nixos/defiant/disko-config.nix @@ -48,6 +48,9 @@ in { hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q"; + hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J"; + hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV"; ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; }; @@ -59,12 +62,14 @@ in { type = "topology"; vdev = [ { - # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - mode = "mirror"; + mode = "raidz2"; members = [ "hd_18_tb_a" "hd_18_tb_b" "hd_18_tb_c" + "hd_18_tb_d" + "hd_18_tb_e" + "hd_18_tb_f" ]; } ]; @@ -113,6 +118,15 @@ in { canmount = "on"; }; }; + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = import ../../../const/sops_age_key_directory.nix; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; "local/system/root" = { type = "zfs_fs"; mountpoint = "/"; diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix index 9d8b2af..13a380e 100644 --- a/configurations/nixos/defiant/impermanence.nix +++ b/configurations/nixos/defiant/impermanence.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{lib, ...}: { boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank zfs rollback -r rpool/local/home/leyla@blank @@ -51,6 +47,7 @@ fileSystems."/home/leyla".neededForBoot = true; fileSystems."/persist/system/root".neededForBoot = true; fileSystems."/persist/home/leyla".neededForBoot = true; + fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true; environment.persistence."/persist/system/root" = { enable = true; @@ -79,7 +76,6 @@ ]; files = [ "/etc/machine-id" - config.environment.sessionVariables.SOPS_AGE_KEY_FILE ]; }; From 30ad3c91b9951535cb5f9ce69f6391ffa2bc5b48 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Dec 2024 23:43:53 -0600 Subject: [PATCH 0385/1043] made disko/impermanence config into a module --- .../nixos/defiant/configuration.nix | 34 +- configurations/nixos/defiant/default.nix | 2 - configurations/nixos/defiant/disko-config.nix | 181 ------- configurations/nixos/defiant/impermanence.nix | 85 +--- modules/nixos-modules/default.nix | 2 + modules/nixos-modules/disko.nix | 168 +++++++ modules/nixos-modules/impermanence.nix | 110 +++++ modules/nixos-modules/users.nix | 446 ++++++++++-------- modules/system-modules/users.nix | 7 +- util/default.nix | 2 + 10 files changed, 571 insertions(+), 466 deletions(-) delete mode 100644 configurations/nixos/defiant/disko-config.nix create mode 100644 modules/nixos-modules/disko.nix create mode 100644 modules/nixos-modules/impermanence.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ec728ca..c7aec9b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,11 +1,6 @@ # server nas -{ - inputs, - pkgs, - ... -}: { +{pkgs, ...}: { imports = [ - inputs.disko.nixosModules.disko # ./services.nix ]; @@ -21,6 +16,33 @@ ester.isNormalUser = false; eve.isNormalUser = false; }; + impermanence.enable = true; + storage = { + enable = true; + encryption = true; + pool = { + drives = [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NT001-3NF101_ZVTEZACV" + ]; + cache = [ + "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" + ]; + # extraDatasets = { + # "persist/system/var/lib/jellyfin/media" = { + # type = "zfs_fs"; + # mountpoint = "/persist/system/var/lib/jellyfin/media"; + # }; + # }; + }; + }; + }; + networking = { + hostId = "c51763d6"; }; # apps = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index d5ea594..fe850af 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -1,9 +1,7 @@ # server nas {...}: { imports = [ - ./disko-config.nix ./hardware-configuration.nix - ./impermanence.nix ./configuration.nix ]; } diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix deleted file mode 100644 index 677a646..0000000 --- a/configurations/nixos/defiant/disko-config.nix +++ /dev/null @@ -1,181 +0,0 @@ -{lib, ...}: let - zfsDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; - cacheDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - size = "64M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; -in { - disko.devices = { - disk = { - hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q"; - hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J"; - hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV"; - - ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; - }; - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = [ - { - mode = "raidz2"; - members = [ - "hd_18_tb_a" - "hd_18_tb_b" - "hd_18_tb_c" - "hd_18_tb_d" - "hd_18_tb_e" - "hd_18_tb_f" - ]; - } - ]; - cache = ["ssd_4_tb_a"]; - }; - }; - - options = { - ashift = "12"; - autotrim = "on"; - }; - - rootFsOptions = - { - canmount = "off"; - mountpoint = "none"; - - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - - compression = "lz4"; - - "com.sun:auto-snapshot" = "false"; - } - # TODO: have an option to enable encryption - // lib.attrsets.optionalAttrs false { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; - }; - - datasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # the nix directory is local because its all generable from our configuration - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = import ../../../const/sops_age_key_directory.nix; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - "local/home/leyla" = { - type = "zfs_fs"; - mountpoint = "/home/leyla"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/leyla@blank - ''; - }; - - # persist datasets are datasets that contain information that we would like to keep around - "persist" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - "persist/system/root" = { - type = "zfs_fs"; - mountpoint = "/persist/system/root"; - options = { - "com.sun:auto-snapshot" = "true"; - mountpoint = "/persist/system/root"; - }; - }; - "persist/home/leyla" = { - type = "zfs_fs"; - mountpoint = "/persist/home/leyla"; - options = { - "com.sun:auto-snapshot" = "true"; - mountpoint = "/persist/home/leyla"; - }; - }; - - # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system - }; - }; - }; - }; - networking = { - hostId = "c51763d6"; - }; -} diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix index 13a380e..9339d40 100644 --- a/configurations/nixos/defiant/impermanence.nix +++ b/configurations/nixos/defiant/impermanence.nix @@ -1,83 +1,4 @@ -{lib, ...}: { - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - zfs rollback -r rpool/local/home/leyla@blank - ''; - - # systemd.services = { - # # https://github.com/openzfs/zfs/issues/10891 - # systemd-udev-settle.enable = false; - # # Snapshots are not accessible on boot for some reason this should fix it - # # https://github.com/NixOS/nixpkgs/issues/257505 - # zfs-mount = { - # serviceConfig = { - # ExecStart = ["zfs mount -a -o remount"]; - # # ExecStart = [ - # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount" - # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" - # # ]; - # }; - # }; - # }; - - # boot.initrd.systemd.services.rollback = { - # description = "Rollback filesystem to a pristine state on boot"; - # wantedBy = [ - # "initrd.target" - # ]; - # after = [ - # "zfs-import-rpool.service" - # ]; - # before = [ - # "sysroot.mount" - # ]; - # requiredBy = [ - # "sysroot.mount" - # ]; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = '' - # zfs rollback -r rpool/local/system/root@blank - # zfs rollback -r rpool/local/home@blank - # ''; - # }; - # }; - - fileSystems."/".neededForBoot = true; - fileSystems."/home/leyla".neededForBoot = true; - fileSystems."/persist/system/root".neededForBoot = true; - fileSystems."/persist/home/leyla".neededForBoot = true; - fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/run/secrets" - - "/etc/ssh" - - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - - # config.apps.pihole.directory.root - - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir - - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home - ]; - files = [ - "/etc/machine-id" - ]; - }; - - security.sudo.extraConfig = "Defaults lecture=never"; +{...}: { + # fileSystems."/home/leyla".neededForBoot = true; + # fileSystems."/persist/home/leyla".neededForBoot = true; } diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 85e6c5a..9461612 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,5 +8,7 @@ ./desktop.nix ./ssh.nix ./i18n.nix + ./impermanence.nix + ./disko.nix ]; } diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix new file mode 100644 index 0000000..b65538d --- /dev/null +++ b/modules/nixos-modules/disko.nix @@ -0,0 +1,168 @@ +{ + lib, + config, + inputs, + ... +}: let + # there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to + # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + vdevs = + builtins.map ( + disks: + builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks + ) + config.host.storage.pool.vdevs; + cache = + builtins.map ( + disk: lib.attrsets.nameValuePair (hashDisk disk) disk + ) + config.host.storage.pool.cache; +in { + options.host.storage = { + enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; + encryption = lib.mkEnableOption "is the vdev going to be encrypted"; + pool = { + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + drives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be in the vdev"; + default = []; + }; + cache = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be used as cache"; + default = []; + }; + extraDatasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + description = "List of datasets to define"; + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.storage.enable { + disko.devices = { + disk = ( + builtins.listToAttrs ( + ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + (lib.lists.flatten vdevs) + ) + ++ ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + cache + ) + ) + ); + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = ( + builtins.map (disks: { + mode = "raidz2"; + members = + builtins.map (disk: disk.name) disks; + }) + vdevs + ); + cache = builtins.map (disk: disk.name) cache; + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + + compression = "lz4"; + + "com.sun:auto-snapshot" = "false"; + } + // ( + lib.attrsets.optionalAttrs config.host.storage.encryption { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + } + ); + + datasets = lib.mkMerge [ + (lib.attrsets.mapAttrs (name: value: { + type = value.type; + options = value.options; + mountpoint = value.mountpoint; + postCreateHook = value.postCreateHook; + }) + config.host.storage.pool.extraDatasets) + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix new file mode 100644 index 0000000..a923b82 --- /dev/null +++ b/modules/nixos-modules/impermanence.nix @@ -0,0 +1,110 @@ +{ + config, + lib, + ... +}: { + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; + + # TODO: validate that config.host.storage.enable is enabled + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.impermanence.enable && !config.host.storage.enable); + message = '' + Disko storage must be enabled to use impermanence. + ''; + } + ]; + } + ( + lib.mkIf config.host.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + 1 ''; + + fileSystems = { + "/".neededForBoot = true; + "/persist/system/root".neededForBoot = true; + }; + + host.storage.pool.extraDatasets = { + # local datasets are for data that should be considered ephemeral + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + + # persist datasets are datasets that contain information that we would like to keep around + "persist" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # this is where root data actually lives + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/persist/system/root"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mountpoint = "/persist/system/var/log"; + }; + }; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + ]; + }; + + security.sudo.extraConfig = "Defaults lecture=never"; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 214ccd6..6fe37fd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -10,7 +10,7 @@ principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; - # normalUsers = host.normalUsers; + normalUsers = host.normalUsers; uids = { leyla = 1000; @@ -43,213 +43,273 @@ ester = users.ester.name; eve = users.eve.name; in { - config = { - # principle users are by definition trusted - nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; + config = lib.mkMerge [ + { + # principle users are by definition trusted + nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; - # we should only be able to ssh into principle users of a computer who are also set up for terminal access - services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); + # we should only be able to ssh into principle users of a computer who are also set up for terminal access + services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); - # we need to set up env variables to nix can find keys to decrypt passwords on rebuild - environment = { - sessionVariables = { - SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - # set up user passwords - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - - secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + # we need to set up env variables to nix can find keys to decrypt passwords on rebuild + environment = { + sessionVariables = { + SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; + }; + + # set up user passwords + sops = { + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; + }; + + secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; - }; - users = { - mutableUsers = false; users = { - leyla = { - uid = lib.mkForce uids.leyla; - name = lib.mkForce host.users.leyla.name; - description = "Leyla"; - extraGroups = - (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) - ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) - ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = host.users.leyla.isNormalUser; - isSystemUser = !host.users.leyla.isNormalUser; - group = config.users.users.leyla.name; - }; - - ester = { - uid = lib.mkForce uids.ester; - name = lib.mkForce host.users.ester.name; - description = "Ester"; - extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = host.users.ester.isNormalUser; - isSystemUser = !host.users.ester.isNormalUser; - group = config.users.users.ester.name; - }; - - eve = { - uid = lib.mkForce uids.eve; - name = lib.mkForce host.users.eve.name; - description = "Eve"; - extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = host.users.eve.isNormalUser; - isSystemUser = !host.users.eve.isNormalUser; - group = config.users.users.eve.name; - }; - - jellyfin = { - uid = lib.mkForce uids.jellyfin; - isSystemUser = true; - group = config.users.users.jellyfin.name; - }; - - forgejo = { - uid = lib.mkForce uids.forgejo; - isSystemUser = true; - group = config.users.users.forgejo.name; - }; - - pihole = { - uid = lib.mkForce uids.pihole; - isSystemUser = true; - group = config.users.users.pihole.name; - }; - - hass = { - uid = lib.mkForce uids.hass; - isSystemUser = true; - group = config.users.users.hass.name; - }; - - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - - nextcloud = { - uid = lib.mkForce uids.nextcloud; - isSystemUser = true; - group = config.users.users.nextcloud.name; - }; - }; - - groups = { - leyla = { - gid = lib.mkForce gids.leyla; - members = [ - leyla - ]; - }; - - ester = { - gid = lib.mkForce gids.ester; - members = [ - ester - ]; - }; - - eve = { - gid = lib.mkForce gids.eve; - members = [ - eve - ]; - }; - + mutableUsers = false; users = { - gid = lib.mkForce gids.users; - members = [ - leyla - ester - eve - ]; + leyla = { + uid = lib.mkForce uids.leyla; + name = lib.mkForce host.users.leyla.name; + description = "Leyla"; + extraGroups = + (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + isNormalUser = host.users.leyla.isNormalUser; + isSystemUser = !host.users.leyla.isNormalUser; + group = config.users.users.leyla.name; + }; + + ester = { + uid = lib.mkForce uids.ester; + name = lib.mkForce host.users.ester.name; + description = "Ester"; + extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + isNormalUser = host.users.ester.isNormalUser; + isSystemUser = !host.users.ester.isNormalUser; + group = config.users.users.ester.name; + }; + + eve = { + uid = lib.mkForce uids.eve; + name = lib.mkForce host.users.eve.name; + description = "Eve"; + extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + isNormalUser = host.users.eve.isNormalUser; + isSystemUser = !host.users.eve.isNormalUser; + group = config.users.users.eve.name; + }; + + jellyfin = { + uid = lib.mkForce uids.jellyfin; + isSystemUser = true; + group = config.users.users.jellyfin.name; + }; + + forgejo = { + uid = lib.mkForce uids.forgejo; + isSystemUser = true; + group = config.users.users.forgejo.name; + }; + + pihole = { + uid = lib.mkForce uids.pihole; + isSystemUser = true; + group = config.users.users.pihole.name; + }; + + hass = { + uid = lib.mkForce uids.hass; + isSystemUser = true; + group = config.users.users.hass.name; + }; + + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + + nextcloud = { + uid = lib.mkForce uids.nextcloud; + isSystemUser = true; + group = config.users.users.nextcloud.name; + }; }; - jellyfin_media = { - gid = lib.mkForce gids.jellyfin_media; - members = [ - users.jellyfin.name - leyla - ester - eve - ]; - }; + groups = { + leyla = { + gid = lib.mkForce gids.leyla; + members = [ + leyla + ]; + }; - jellyfin = { - gid = lib.mkForce gids.jellyfin; - members = [ - users.jellyfin.name - # leyla - ]; - }; + ester = { + gid = lib.mkForce gids.ester; + members = [ + ester + ]; + }; - forgejo = { - gid = lib.mkForce gids.forgejo; - members = [ - users.forgejo.name - # leyla - ]; - }; + eve = { + gid = lib.mkForce gids.eve; + members = [ + eve + ]; + }; - pihole = { - gid = lib.mkForce gids.pihole; - members = [ - users.pihole.name - # leyla - ]; - }; + users = { + gid = lib.mkForce gids.users; + members = [ + leyla + ester + eve + ]; + }; - hass = { - gid = lib.mkForce gids.hass; - members = [ - users.hass.name - # leyla - ]; - }; + jellyfin_media = { + gid = lib.mkForce gids.jellyfin_media; + members = [ + users.jellyfin.name + leyla + ester + eve + ]; + }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; + jellyfin = { + gid = lib.mkForce gids.jellyfin; + members = [ + users.jellyfin.name + # leyla + ]; + }; - nextcloud = { - gid = lib.mkForce gids.nextcloud; - members = [ - users.nextcloud.name - # leyla - ]; + forgejo = { + gid = lib.mkForce gids.forgejo; + members = [ + users.forgejo.name + # leyla + ]; + }; + + pihole = { + gid = lib.mkForce gids.pihole; + members = [ + users.pihole.name + # leyla + ]; + }; + + hass = { + gid = lib.mkForce gids.hass; + members = [ + users.hass.name + # leyla + ]; + }; + + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + + nextcloud = { + gid = lib.mkForce gids.nextcloud; + members = [ + users.nextcloud.name + # leyla + ]; + }; }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatStrings (builtins.map (user: '' + zfs rollback -r rpool/local/home/${user.name}@blank + '') + normalUsers) + ); + + fileSystems.${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/run/secrets" + ]; + }; + + host.storage.pool.extraDatasets = lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = SOPS_AGE_KEY_DIRECTORY; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + } + ( + lib.mkMerge + ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/home/${user.name}"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/home/${user.name}@blank + ''; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/persist/home/${user.name}"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + }) + normalUsers + ) + ) + ]; + }) + ]; } diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index 33df3d1..afda7d4 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -67,10 +67,13 @@ in { default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; }; normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + desktopUsers = lib.mkOption { + default = lib.lists.filter (user: user.isDesktopUser) hostUsers; }; terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; }; }; diff --git a/util/default.nix b/util/default.nix index 9ddb5e8..33942a8 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + disko = inputs.disko; impermanence = inputs.impermanence; systems = [ @@ -74,6 +75,7 @@ in { sops-nix.nixosModules.sops impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager + disko.nixosModules.disko ../modules/nixos-modules ../configurations/nixos/${host} ]; From 5eea6cdb04db4bdf80e88d578d2fb2a7f6ba04a7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 17:33:50 -0600 Subject: [PATCH 0386/1043] made users not need to be disabled --- configurations/nixos/defiant/configuration.nix | 2 -- modules/system-modules/users.nix | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c7aec9b..3f7bcdd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -13,8 +13,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isNormalUser = false; - eve.isNormalUser = false; }; impermanence.enable = true; storage = { diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index afda7d4..fe88850 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -78,6 +78,24 @@ in { }; config = { + host.users = { + leyla = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + ester = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + eve = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + }; + assertions = ( builtins.map (user: { From 835945c925f8f3af8162976e3cd7ed3192b4f5c2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 20:06:26 -0600 Subject: [PATCH 0387/1043] created nfs exports --- .../nixos/defiant/configuration.nix | 29 ++++++ modules/nixos-modules/default.nix | 1 + modules/nixos-modules/server/default.nix | 5 ++ .../server/network_storage/default.nix | 90 +++++++++++++++++++ .../server/network_storage/nfs.nix | 50 +++++++++++ modules/nixos-modules/users.nix | 4 +- 6 files changed, 176 insertions(+), 3 deletions(-) create mode 100644 modules/nixos-modules/server/default.nix create mode 100644 modules/nixos-modules/server/network_storage/default.nix create mode 100644 modules/nixos-modules/server/network_storage/nfs.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3f7bcdd..3a37cbb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -38,6 +38,35 @@ # }; }; }; + network_storage = { + enable = true; + directories = [ + { + folder = "leyla"; + user = "leyla"; + group = "leyla"; + } + { + folder = "eve"; + user = "eve"; + group = "eve"; + } + { + folder = "ester"; + user = "ester"; + group = "ester"; + } + { + folder = "users"; + user = "users"; + group = "users"; + } + ]; + nfs = { + enable = true; + directories = ["leyla" "eve"]; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 9461612..4ac744a 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -10,5 +10,6 @@ ./i18n.nix ./impermanence.nix ./disko.nix + ./server ]; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix new file mode 100644 index 0000000..8fc94e5 --- /dev/null +++ b/modules/nixos-modules/server/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./network_storage + ]; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix new file mode 100644 index 0000000..11019cb --- /dev/null +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + imports = [ + ./nfs.nix + ]; + + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.string; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.string; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.string; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 root root -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + config.host.network_storage.export_directory + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix new file mode 100644 index 0000000..5ed217e --- /dev/null +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: { + options = { + host.network_storage.nfs = { + enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + directories = lib.mkOption { + type = lib.types.listOf ( + lib.types.enum ( + builtins.map ( + directory: directory.folder + ) + config.host.network_storage.directories + ) + ); + description = "list of exported directories to be exported via nfs"; + }; + }; + }; + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable); + message = "nfs cant be enabled with network storage disabled"; + } + ]; + } + ( + lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { + services.nfs.server = { + enable = true; + exports = lib.strings.concatLines ( + builtins.map ( + directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) + ); + }; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 6fe37fd..0c1e1d6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -255,9 +255,7 @@ in { } (lib.mkIf config.host.impermanence.enable { boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatStrings (builtins.map (user: '' - zfs rollback -r rpool/local/home/${user.name}@blank - '') + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") normalUsers) ); From 3d5aad50c40728b101452e00317e02e8d14b5edb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 20:52:34 -0600 Subject: [PATCH 0388/1043] added port to nfs --- configurations/nixos/defiant/services.nix | 12 ------------ modules/nixos-modules/server/network_storage/nfs.nix | 8 ++++++++ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index ac1d02b..97a6711 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -6,7 +6,6 @@ ... }: let jellyfinPort = 8096; - nfsPort = 2049; dnsPort = 53; httpPort = 80; httpsPort = 443; @@ -264,16 +263,6 @@ in { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; - postgresql = { enable = true; ensureUsers = [ @@ -432,7 +421,6 @@ in { httpPort httpsPort dnsPort - nfsPort ] ++ (lib.optional isDebug [ jellyfinPort diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 5ed217e..5881310 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -6,6 +6,11 @@ options = { host.network_storage.nfs = { enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + port = lib.mkOption { + type = lib.types.int; + default = 2049; + description = "port that nfs will run on"; + }; directories = lib.mkOption { type = lib.types.listOf ( lib.types.enum ( @@ -44,6 +49,9 @@ ) ); }; + networking.firewall.allowedTCPPorts = [ + config.host.network_storage.nfs.port + ]; } ) ]; From 12658718a7df77fad3677ef04bc81385286b3d6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 21:07:46 -0600 Subject: [PATCH 0389/1043] removed unused file --- configurations/nixos/defiant/impermanence.nix | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 configurations/nixos/defiant/impermanence.nix diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix deleted file mode 100644 index 9339d40..0000000 --- a/configurations/nixos/defiant/impermanence.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - # fileSystems."/home/leyla".neededForBoot = true; - # fileSystems."/persist/home/leyla".neededForBoot = true; -} From 86a690a3218dd23075215f387464a0a0ec54f9e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:00:42 -0600 Subject: [PATCH 0390/1043] created reverse_proxy.nix --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/reverse_proxy.nix | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 modules/nixos-modules/server/reverse_proxy.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8fc94e5..3c5c55f 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./network_storage + ./reverse_proxy.nix ]; } diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix new file mode 100644 index 0000000..86db3a2 --- /dev/null +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.host.reverse_proxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + hostname = lib.mkOption { + type = lib.type.string; + description = "what host name are we going to be proxying from"; + }; + forceSSL = lib.mkOption { + type = lib.type.boolean; + description = "force connections to use https"; + default = true; + }; + enableACME = lib.mkOption { + type = lib.type.boolean; + description = "auto renew certificates"; + default = true; + }; + subdomains = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + target = lib.mkOption { + type = lib.types.string; + description = "where should this host point to"; + }; + websockets = lib.mkEnableOption "should websockets be proxied"; + }; + })); + }; + }; + + config = { + services.nginx = { + enable = config.host.reverse_proxy.enable; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { + forceSSL = config.home.reverse_proxy.forceSSL; + enableACME = config.home.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + }; +} From 4420ab6b43758e38a2f5c7bf5728630c09b5cb45 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:17:18 -0600 Subject: [PATCH 0391/1043] added note to reverse proxy --- modules/nixos-modules/server/reverse_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 86db3a2..664b3c3 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -32,6 +32,7 @@ }; }; + # TODO: impermanence for ACME keys config = { services.nginx = { enable = config.host.reverse_proxy.enable; From 72322b0544e280c7502f54f0f0ad81c0236d493e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:44:26 -0600 Subject: [PATCH 0392/1043] created jellyfin service --- configurations/nixos/defiant/services.nix | 30 ------------ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/jellyfin.nix | 60 +++++++++++++++++++++++ 3 files changed, 61 insertions(+), 30 deletions(-) create mode 100644 modules/nixos-modules/server/jellyfin.nix diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 97a6711..7ef6cde 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -69,23 +69,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that jellyfin will be hosted at"; - default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; - }; - mediaDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will be at"; - default = "/home/jellyfin"; - }; - }; forgejo = { subdomain = lib.mkOption { type = lib.types.str; @@ -194,7 +177,6 @@ in { # TODO: dynamic users systemd = { tmpfiles.rules = [ - "d ${config.apps.jellyfin.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system ]; @@ -325,10 +307,6 @@ in { }; }; - jellyfin = { - enable = true; - }; - forgejo = { enable = true; database = { @@ -387,11 +365,6 @@ in { proxyWebsockets = true; }; }; - ${config.apps.jellyfin.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString jellyfinPort}"; - }; ${config.apps.forgejo.hostname} = { # forceSSL = true; # enableACME = true; @@ -433,9 +406,6 @@ in { environment.systemPackages = [ config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg ]; }; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 3c5c55f..7e4d36b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,5 +2,6 @@ imports = [ ./network_storage ./reverse_proxy.nix + ./jellyfin.nix ]; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix new file mode 100644 index 0000000..81ad91a --- /dev/null +++ b/modules/nixos-modules/server/jellyfin.nix @@ -0,0 +1,60 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; +in { + options.host.jellyfin = { + enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + }; + + config = lib.mkIf config.host.jellyfin.enable ( + lib.mkMerge [ + { + services.jellyfin.enable = true; + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + } + (lib.mkIf config.host.impermanence.enable { + # TODO: add an assertion here that directories matches jellyfin directories + + environment.persistence."/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + "/var/lib/jellyfin" + "/var/cache/jellyfin" + ]; + }; + + host.storage.pool.extraDatasets = [ + { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + } + ]; + }) + ] + ); +} From 194287e22ab9eeebd3d45ff306f71b00e061dac8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:02:09 -0600 Subject: [PATCH 0393/1043] added assertion for jellyfin persistence --- modules/nixos-modules/server/jellyfin.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 81ad91a..a582eda 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -5,6 +5,8 @@ ... }: let jellyfinPort = 8096; + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -29,14 +31,23 @@ in { ]; } (lib.mkIf config.host.impermanence.enable { - # TODO: add an assertion here that directories matches jellyfin directories + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + description = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + description = "jellyfin cache directory does not match persistence"; + } + ]; environment.persistence."/persist/system/jellyfin" = { enable = true; hideMounts = true; directories = [ - "/var/lib/jellyfin" - "/var/cache/jellyfin" + jellyfin_data_directory + jellyfin_cache_directory ]; }; From 2a3501fea4f8a181066b84c636447fae7f5805ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:20:23 -0600 Subject: [PATCH 0394/1043] enabled jellyfin for defiant --- .../nixos/defiant/configuration.nix | 8 ++++++ modules/nixos-modules/server/jellyfin.nix | 26 +++++++++---------- .../nixos-modules/server/reverse_proxy.nix | 17 +++++++----- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3a37cbb..00100be 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,6 +67,14 @@ directories = ["leyla" "eve"]; }; }; + reverse_proxy = { + enable = true; + hostname = "jan-leila.com"; + }; + jellyfin = { + enable = true; + subdomain = "media"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a582eda..57a9cde 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -51,20 +51,20 @@ in { ]; }; - host.storage.pool.extraDatasets = [ - { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; + fileSystems."/persist/system/jellyfin".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; }; - } - ]; + }; + }; }) ] ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 664b3c3..311724b 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,16 +6,16 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.type.string; + type = lib.types.string; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { - type = lib.type.boolean; + type = lib.types.bool; description = "force connections to use https"; default = true; }; enableACME = lib.mkOption { - type = lib.type.boolean; + type = lib.types.bool; description = "auto renew certificates"; default = true; }; @@ -34,12 +34,17 @@ # TODO: impermanence for ACME keys config = { + security.acme = lib.mkIf config.host.reverse_proxy.enableACME { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + services.nginx = { enable = config.host.reverse_proxy.enable; virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { - forceSSL = config.home.reverse_proxy.forceSSL; - enableACME = config.home.reverse_proxy.enableACME; + lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; locations."/" = { proxyPass = value.target; proxyWebsockets = value.websockets; From cd60afa05452dfc214420777d5b20cfae6b1647a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:24:31 -0600 Subject: [PATCH 0395/1043] switched hostname --- configurations/nixos/defiant/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 00100be..d4306af 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -68,8 +68,8 @@ }; }; reverse_proxy = { - enable = true; - hostname = "jan-leila.com"; + enable = false; + hostname = "volpe.social"; }; jellyfin = { enable = true; From b0e6a17fe6d2cd67985d4cc268e76aee9aaca422 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:30:21 -0600 Subject: [PATCH 0396/1043] removed outdated comment --- configurations/nixos/defiant/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d4306af..1a7571f 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -30,12 +30,6 @@ cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" ]; - # extraDatasets = { - # "persist/system/var/lib/jellyfin/media" = { - # type = "zfs_fs"; - # mountpoint = "/persist/system/var/lib/jellyfin/media"; - # }; - # }; }; }; network_storage = { From 6b1eaa730850b4e166820324ce68077e3bdae93c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:53:15 -0600 Subject: [PATCH 0397/1043] added authorized ssh key --- modules/nixos-modules/ssh.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc..bda4e81 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,4 +1,12 @@ -{...}: { +{ + lib, + config, + ... +}: { + users.users.leyla.openssh.authorizedKeys.keys = lib.mkIf config.host.users.leyla.isTerminalUser [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + services = { openssh = { enable = true; From b6f1704af3ae8a8026b6d9b0f7f182a03cbbf8c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:40:47 -0600 Subject: [PATCH 0398/1043] added assertion --- modules/nixos-modules/impermanence.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index a923b82..e6e1ecc 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -5,7 +5,6 @@ }: { options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; - # TODO: validate that config.host.storage.enable is enabled config = lib.mkMerge [ { assertions = [ @@ -19,6 +18,13 @@ } ( lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.host.impermanence.enable && config.host.storage.enable; + message = "Impermanence can not be used without managed host storage."; + } + ]; + boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank 1 ''; From e54981fffc689aad3344628eeabf1d93c6e8a355 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:48:43 -0600 Subject: [PATCH 0399/1043] added needed for boot to user persist directories --- modules/nixos-modules/users.nix | 84 +++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 0c1e1d6..1799f81 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -259,7 +259,20 @@ in { normalUsers) ); - fileSystems.${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + fileSystems = lib.mkMerge [ + { + ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + } + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/persist/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) + ]; environment.persistence."/persist/system/root" = { enable = true; @@ -269,45 +282,44 @@ in { ]; }; - host.storage.pool.extraDatasets = lib.mkMerge [ - { - # sops age key needs to be available to pre persist for user generation - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = SOPS_AGE_KEY_DIRECTORY; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; + host.storage.pool.extraDatasets = lib.mkMerge ( + [ + { + # sops age key needs to be available to pre persist for user generation + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = SOPS_AGE_KEY_DIRECTORY; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; }; - }; - } - ( - lib.mkMerge - ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/home/${user.name}"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/${user.name}@blank - ''; + } + ] + ++ ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/home/${user.name}"; + options = { + canmount = "on"; }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/persist/home/${user.name}"; - options = { - "com.sun:auto-snapshot" = "true"; - }; + postCreateHook = '' + zfs snapshot rpool/local/home/${user.name}@blank + ''; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/persist/home/${user.name}"; + options = { + "com.sun:auto-snapshot" = "true"; }; - }) - normalUsers - ) + }; + }) + normalUsers ) - ]; + ); }) ]; } From 431efa448e48658279974b16c127377a6206c27b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:55:28 -0600 Subject: [PATCH 0400/1043] added host to map --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b503706..7857f3e 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ | `hesperium` | Mac | ????? | ??? | | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | +| `wolfram` | Steam Deck | House | Handheld | # Tooling ## Rebuilding From 1f19f9bf149e213fac70ea0d40b2f382fee50b9c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:59:50 -0600 Subject: [PATCH 0401/1043] added TODO --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1a7571f..011f00d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -100,6 +100,7 @@ # }; services = { + # TODO: move zfs scrubbing into module zfs = { autoScrub.enable = true; autoSnapshot.enable = true; From f9947cd93df4314c3f069d8c250639f041655d59 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Dec 2024 15:24:28 -0600 Subject: [PATCH 0402/1043] updated flake --- flake.lock | 61 +++++++++++++++---------------- flake.nix | 2 +- modules/nixos-modules/default.nix | 4 ++ 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index 83f85f8..2bf12ba 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1733354814, - "narHash": "sha256-GNtstc88gUJllOun6UFQzg7P+fDtWkajxN4kUKPLFsw=", + "lastModified": 1734895221, + "narHash": "sha256-2xcBQH/SJPeMOaGo2n5+7sylwxOHAZl3WBCpKTxYVHI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fd1cc13f297bb18b85a776060edca35b18c7a324", + "rev": "f1c1ba5caba14503c50955489564b38410ce05e2", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1733354384, - "narHash": "sha256-foZG2PLwumxYZkpXq7ajHDhuQlXaUeKfOpFfQpMviLM=", + "lastModified": 1734893333, + "narHash": "sha256-0Ft7iTkl3UWAix72teY5nflYQD7GE0KvIiT+ox4wkB8=", "owner": "nix-community", "repo": "home-manager", - "rev": "0daaded612b0e6eaed0a63fc9d0778d8f05940fe", + "rev": "1f74238a4c8e534a1b6be72cb5153043071ffd17", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734772301, + "narHash": "sha256-mQEQQzCTUlDiEw/EbblB510P/GQOmIPtKoJrqDqeGVc=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "0ab2f858dfefe73402eb53fbe6a3bad4f6702d5f", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1733351379, - "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1733277416, - "narHash": "sha256-+r1bhEqW0ACV+E8TID6FvW0/YJ+46SQ9yk6DpyHtRWg=", + "lastModified": 1734832456, + "narHash": "sha256-gyp5aVMSA83OV8kP/a1FBA6KGJqNkswUK9VdAh1hLS4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3ea774bace6ac2f8db48a1c1d59271e0209e4b96", + "rev": "c567c5f3bc53723d726f286ea94d5aebac55d4c5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1734862644, + "narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -236,16 +236,15 @@ "locked": { "lastModified": 1730665670, "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", - "ref": "main", + "ref": "refs/heads/main", "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", "revCount": 6, "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, "original": { - "ref": "main", "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" } }, "sops-nix": { @@ -255,11 +254,11 @@ ] }, "locked": { - "lastModified": 1733128155, - "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 54d1f7d..1849afc 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities secrets = { - url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; + url = "git+ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"; flake = false; }; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 4ac744a..41e0619 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,4 +12,8 @@ ./disko.nix ./server ]; + + nixpkgs.config.permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + ]; } From 14fcd3b13bf3299878f76ffda98f095612b301da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Dec 2024 14:45:51 -0600 Subject: [PATCH 0403/1043] remove idea community and android studio temporally --- configurations/home-manager/leyla/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 1845f65..92e29f4 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -61,8 +61,8 @@ in { anki-bin # development tools - androidStudioPackages.canary - jetbrains.idea-community + # androidStudioPackages.canary + # jetbrains.idea-community dbeaver-bin bruno qFlipper From 5139d41d176536d9e804a93ea4dbe0ae67d8d640 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Dec 2024 14:47:55 -0600 Subject: [PATCH 0404/1043] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 2bf12ba..4920a27 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1734895221, - "narHash": "sha256-2xcBQH/SJPeMOaGo2n5+7sylwxOHAZl3WBCpKTxYVHI=", + "lastModified": 1734943800, + "narHash": "sha256-T6tJ1fGRcVksmRqbDRsvYD3Qnw8AU3e2j0Im01twFcI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f1c1ba5caba14503c50955489564b38410ce05e2", + "rev": "2c702b4a038306dce64a90fc011c92ebabb82f63", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1734893333, - "narHash": "sha256-0Ft7iTkl3UWAix72teY5nflYQD7GE0KvIiT+ox4wkB8=", + "lastModified": 1734944412, + "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1f74238a4c8e534a1b6be72cb5153043071ffd17", + "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734772301, - "narHash": "sha256-mQEQQzCTUlDiEw/EbblB510P/GQOmIPtKoJrqDqeGVc=", + "lastModified": 1734945620, + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "owner": "nix-community", "repo": "impermanence", - "rev": "0ab2f858dfefe73402eb53fbe6a3bad4f6702d5f", + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1734832456, - "narHash": "sha256-gyp5aVMSA83OV8kP/a1FBA6KGJqNkswUK9VdAh1hLS4=", + "lastModified": 1734918633, + "narHash": "sha256-9lveBNV+g9UKBY8POH+53cRaslqnjmF2WePg/f2ojBY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c567c5f3bc53723d726f286ea94d5aebac55d4c5", + "rev": "c21a6eceed82873917324144895491603cf6d457", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734862644, - "narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { From 46c6ffce547dc687b3a55b9d788e0fc1a7786a55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 13:52:29 -0600 Subject: [PATCH 0405/1043] updated flake --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 4920a27..4500044 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1734701201, - "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", + "lastModified": 1735048446, + "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", "owner": "nix-community", "repo": "disko", - "rev": "2ee76c861af3b895b3b104bae04777b61397485b", + "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1734943800, - "narHash": "sha256-T6tJ1fGRcVksmRqbDRsvYD3Qnw8AU3e2j0Im01twFcI=", + "lastModified": 1735054826, + "narHash": "sha256-n1x41VFZFeG144KS1tu7R2qpXlS3kk7iguGO8B1uIuE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "2c702b4a038306dce64a90fc011c92ebabb82f63", + "rev": "d558686ba23132b3e98329952023d31bb5f7289c", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1734944412, - "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", + "lastModified": 1735053786, + "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", "owner": "nix-community", "repo": "home-manager", - "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", + "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1734918633, - "narHash": "sha256-9lveBNV+g9UKBY8POH+53cRaslqnjmF2WePg/f2ojBY=", + "lastModified": 1735004869, + "narHash": "sha256-b92HYukQ0xnCvtfygUh7TMqzBj/mSvfYlQ4Px+V3y5I=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c21a6eceed82873917324144895491603cf6d457", + "rev": "86abacab7bbf83c0179e0a9b9274be762ef0fc1a", "type": "github" }, "original": { From 4eacddfce17405078e1c897e4726cf1b55d87237 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:00:08 -0600 Subject: [PATCH 0406/1043] fixed home manager on horizon --- configurations/home-manager/leyla/impermanence.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index c5f228f..4a24310 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,5 +1,9 @@ -{...}: { - home.persistence."/persistent/home/leyla" = { +{ + lib, + osConfig, + ... +}: { + home.persistence."/persist/home/leyla" = lib.mkIf osConfig.host.impermanence.enable { directories = [ "desktop" "downloads" From e8a1562eae022a9b357fe2262ee0a49db01a2439 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:05:17 -0600 Subject: [PATCH 0407/1043] installed tor --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 92e29f4..ebe9787 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -51,6 +51,7 @@ in { # rpi-imager # fritzing mfoc + tor # proprietary platforms discord From d760992a06fc9c756a533c8566cf1e14892d09b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:55:49 -0600 Subject: [PATCH 0408/1043] switched to tor-browser package --- configurations/home-manager/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index ebe9787..2c2ae4b 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -51,7 +51,7 @@ in { # rpi-imager # fritzing mfoc - tor + tor-browser # proprietary platforms discord From 2d5e37b1eb9fc72e0c13f2b0c14fca42c433514e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 16:01:37 -0600 Subject: [PATCH 0409/1043] moved openssh config into home manager configs --- configurations/home-manager/leyla/default.nix | 4 ++++ modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/openssh.nix | 8 ++++++++ modules/nixos-modules/home-manager/default.nix | 1 + modules/nixos-modules/home-manager/openssh.nix | 11 +++++++++++ modules/nixos-modules/ssh.nix | 10 +--------- 6 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 modules/home-manager-modules/openssh.nix create mode 100644 modules/nixos-modules/home-manager/openssh.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 48d38db..8b41e3a 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -105,6 +105,10 @@ }; }; bash.enable = true; + + openssh.authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; }; dconf = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 9fb37f2..ef9bf0a 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -3,5 +3,6 @@ imports = [ ./flipperzero.nix ./i18n.nix + ./openssh.nix ]; } diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix new file mode 100644 index 0000000..ef4f11f --- /dev/null +++ b/modules/home-manager-modules/openssh.nix @@ -0,0 +1,8 @@ +{lib, ...}: { + options.programs = { + openssh.authorizedKeys = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; + }; +} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index 3848e1b..cab004b 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -3,5 +3,6 @@ imports = [ ./flipperzero.nix ./i18n.nix + ./openssh.nix ]; } diff --git a/modules/nixos-modules/home-manager/openssh.nix b/modules/nixos-modules/home-manager/openssh.nix new file mode 100644 index 0000000..31a785f --- /dev/null +++ b/modules/nixos-modules/home-manager/openssh.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + ... +}: { + users.users = + lib.attrsets.mapAttrs (name: value: { + openssh.authorizedKeys.keys = value.programs.openssh.authorizedKeys; + }) + config.home-manager.users; +} diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index bda4e81..0360cfc 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,12 +1,4 @@ -{ - lib, - config, - ... -}: { - users.users.leyla.openssh.authorizedKeys.keys = lib.mkIf config.host.users.leyla.isTerminalUser [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - ]; - +{...}: { services = { openssh = { enable = true; From 48dc0b11509af39e020e7f1a155049d287c8d2a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Dec 2024 18:21:10 -0600 Subject: [PATCH 0410/1043] made impermanence config work slightly better --- .../nixos/defiant/configuration.nix | 4 +- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/impermanence.nix | 10 +++++ modules/nixos-modules/impermanence.nix | 16 +++++--- .../server/network_storage/default.nix | 10 ++--- .../nixos-modules/server/reverse_proxy.nix | 4 +- modules/nixos-modules/ssh.nix | 37 +++++++++++++------ modules/nixos-modules/users.nix | 9 +++++ 8 files changed, 66 insertions(+), 25 deletions(-) create mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 011f00d..bb5f450 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -52,13 +52,13 @@ } { folder = "users"; - user = "users"; + user = "root"; group = "users"; } ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla" "eve" "ester"]; }; }; reverse_proxy = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a..22736d2 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 0000000..4768b7e --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,10 @@ +{config, ...}: { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e6e1ecc..a187226 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -26,12 +26,13 @@ ]; boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - 1 ''; + zfs rollback -r rpool/local/system/root@blank + ''; fileSystems = { "/".neededForBoot = true; "/persist/system/root".neededForBoot = true; + "/persist/system/var/log".neededForBoot = true; }; host.storage.pool.extraDatasets = { @@ -81,13 +82,18 @@ }; }; + environment.persistence."/persist/system/var/log" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + ]; + }; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - "/etc/ssh" - - "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 11019cb..fecc05f 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -21,7 +21,7 @@ in { type = lib.types.listOf (lib.types.submodule ({config, ...}: { options = { folder = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what is the name of this export directory"; }; bind = lib.mkOption { @@ -30,12 +30,12 @@ in { default = null; }; user = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what user owns this directory"; default = "nouser"; }; group = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what group owns this directory"; default = "nogroup"; }; @@ -57,11 +57,11 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2770 root root -" ] ++ ( builtins.map ( - directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" ) config.host.network_storage.directories ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 311724b..7eecdd0 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,7 +6,7 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { @@ -23,7 +23,7 @@ type = lib.types.attrsOf (lib.types.submodule ({...}: { options = { target = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc..17593aa 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,13 +1,28 @@ -{...}: { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; +{ + lib, + config, + ... +}: { + config = lib.mkMerge [ + { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + directories = [ + "/etc/ssh" + ]; + }; + }) + ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 1799f81..e2a8074 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -272,6 +272,15 @@ in { normalUsers ) ) + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) ]; environment.persistence."/persist/system/root" = { From 7127b9f9e8815100af86b00fe2126313b35beb28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 26 Dec 2024 23:05:23 -0600 Subject: [PATCH 0411/1043] updated packages --- flake.lock | 18 +++++++-------- modules/home-manager-modules/impermanence.nix | 23 ++++++++++++------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 4500044..44359f8 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735054826, - "narHash": "sha256-n1x41VFZFeG144KS1tu7R2qpXlS3kk7iguGO8B1uIuE=", + "lastModified": 1735202720, + "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", "owner": "rycee", "repo": "nur-expressions", - "rev": "d558686ba23132b3e98329952023d31bb5f7289c", + "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", "type": "gitlab" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1733570843, - "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", + "lastModified": 1735218083, + "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a35b08d09efda83625bef267eb24347b446c80b8", + "rev": "bc03f7818771a75716966ce8c23110b715eff2aa", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735004869, - "narHash": "sha256-b92HYukQ0xnCvtfygUh7TMqzBj/mSvfYlQ4Px+V3y5I=", + "lastModified": 1735264033, + "narHash": "sha256-ss9vVSK9M2o8hW4nFs+GuVxsrIZ8X3zxQfeWhEKgMT0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "86abacab7bbf83c0179e0a9b9274be762ef0fc1a", + "rev": "b5223dca0334d671787531a204bdba7717b48a72", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 4768b7e..a48fe9d 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -1,10 +1,17 @@ -{config, ...}: { - home.persistence."/persistent/home/${config.home.username}" = { - directories = [ - ".ssh" - "desktop" - "downloads" - "documents" - ]; +{ + lib, + config, + osConfig, + ... +}: { + config = lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; }; } From a43b14a9fa171894e7e6437c2fcd7e813d08f83f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 27 Dec 2024 17:29:51 -0600 Subject: [PATCH 0412/1043] installed adb on horizon --- configurations/nixos/horizon/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 2d16c74..787df3d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -27,6 +27,8 @@ {}) ]; + programs.adb.enable = true; + # enabled virtualisation for docker # virtualisation.docker = { # enable = true; From 21eea779db5d3ace7129bba078df0bae2aedc90e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Dec 2024 15:57:07 -0600 Subject: [PATCH 0413/1043] added task to README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7857f3e..2097d8c 100644 --- a/README.md +++ b/README.md @@ -57,4 +57,5 @@ - tail scale clients - wake on LAN - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich \ No newline at end of file +- Immich +- Syncthing declarative set up for devices https://nixos.wiki/wiki/Syncthing \ No newline at end of file From 905c4e73b244b3afa563078edef8631ce6f588a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 20:05:52 -0600 Subject: [PATCH 0414/1043] added syncthing --- README.md | 5 +- .../nixos/horizon/configuration.nix | 10 +++ modules/nixos-modules/default.nix | 1 + modules/nixos-modules/sync.nix | 87 +++++++++++++++++++ modules/nixos-modules/users.nix | 18 ++++ 5 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/sync.nix diff --git a/README.md b/README.md index 2097d8c..2f7b5df 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | | `wolfram` | Steam Deck | House | Handheld | +| `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | +| `skate` | A4 Tablet (not using nix) | Leyla | Tablet | # Tooling ## Rebuilding @@ -57,5 +59,4 @@ - tail scale clients - wake on LAN - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich -- Syncthing declarative set up for devices https://nixos.wiki/wiki/Syncthing \ No newline at end of file +- Immich \ No newline at end of file diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 787df3d..bc96142 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,6 +19,16 @@ ester.isDesktopUser = true; eve.isDesktopUser = true; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; environment.systemPackages = [ diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 41e0619..63b2757 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,6 +8,7 @@ ./desktop.nix ./ssh.nix ./i18n.nix + ./sync.nix ./impermanence.nix ./disko.nix ./server diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix new file mode 100644 index 0000000..532038e --- /dev/null +++ b/modules/nixos-modules/sync.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + ... +}: let + mountDir = "/mnt/sync"; +in { + options.host.sync = { + enable = lib.mkEnableOption "should sync thing be enabled on this device"; + folders = { + leyla = { + documents = { + enable = lib.mkEnableOption "should the documents folder be synced"; + }; + calendar = { + enable = lib.mkEnableOption "should the calendar folder be synced"; + }; + notes = { + enable = lib.mkEnableOption "should the notes folder by synced"; + }; + }; + extraFolders = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + path = lib.mkOption { + type = lib.types.str; + }; + devices = lib.mkOption { + type = lib.types.listof lib.types.str; + }; + }; + })); + default = {}; + }; + }; + }; + + config = { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "d ${mountDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" + ]; + }; + services.syncthing = { + enable = config.host.sync.enable; + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = "/etc/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + }; + }; + folders = lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "/mnt/sync/leyla/documents"; + devices = ["ceder"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "/mnt/sync/leyla/calendar"; + devices = ["ceder"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "/mnt/sync/leyla/notes"; + devices = ["ceder"]; + }; + }) + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e2a8074..af7dcb2 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -22,6 +22,7 @@ hass = 2004; headscale = 2005; nextcloud = 2006; + syncthing = 2007; }; gids = { @@ -36,6 +37,7 @@ hass = 2004; headscale = 2005; nextcloud = 2006; + syncthing = 2007; }; users = config.users.users; @@ -160,6 +162,12 @@ in { isSystemUser = true; group = config.users.users.nextcloud.name; }; + + syncthing = { + uid = lib.mkForce uids.syncthing; + isSystemUser = true; + group = config.users.users.syncthing.name; + }; }; groups = { @@ -250,6 +258,16 @@ in { # leyla ]; }; + + syncthing = { + gid = lib.mkForce gids.syncthing; + members = [ + users.syncthing.name + leyla + ester + eve + ]; + }; }; }; } From dd9ca10ae44e9ca8eefdcf70c51cbc72476f11ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 20:08:44 -0600 Subject: [PATCH 0415/1043] updated README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f7b5df..c39c360 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,8 @@ | `threshold` | Laptop | Eve | Laptop | | `wolfram` | Steam Deck | House | Handheld | | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | -| `skate` | A4 Tablet (not using nix) | Leyla | Tablet | +| `skate` | A6 Tablet (not using nix) | Leyla | Tablet | +| `shale` | A6 Tablet (not using nix) | Eve | Tablet | # Tooling ## Rebuilding From 15e0c1b6c4277ccfe33af1a9be716d6142a1f159 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 22:05:58 -0600 Subject: [PATCH 0416/1043] switched to anki from anki-bin --- configurations/home-manager/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 2c2ae4b..836a22b 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -59,7 +59,7 @@ in { steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - anki-bin + anki # development tools # androidStudioPackages.canary From 22b40edb241063ce182629b4aa1f9ef34168c185 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 17:02:46 -0600 Subject: [PATCH 0417/1043] fixed SSH on defiant --- modules/nixos-modules/ssh.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 17593aa..69bd185 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -19,8 +19,11 @@ } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { - directories = [ - "/etc/ssh" + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" ]; }; }) From 5abc647d98421d3bb2338e22adbf6ee01e75cf0c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:19:32 -0600 Subject: [PATCH 0418/1043] fixed home manager with impermanence --- .../home-manager/leyla/impermanence.nix | 32 ++++++++----------- modules/home-manager-modules/default.nix | 1 - modules/home-manager-modules/impermanence.nix | 17 ---------- modules/nixos-modules/users.nix | 8 +++++ 4 files changed, 22 insertions(+), 36 deletions(-) delete mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 4a24310..ddb2f42 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -3,23 +3,19 @@ osConfig, ... }: { - home.persistence."/persist/home/leyla" = lib.mkIf osConfig.host.impermanence.enable { - directories = [ - "desktop" - "downloads" - "documents" - ".ssh" - ".nixops" - ".local/share/keyrings" - ".local/share/direnv" - { - directory = ".local/share/Steam"; - method = "symlink"; - } - ]; - # files = [ - # ".screenrc" - # ]; - allowOther = true; + config = lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist/home/leyla" = { + directories = [ + "desktop" + "downloads" + "documents" + ".ssh" + ".config/gnome-initial-setup-done" + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; + }; }; } diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 22736d2..ef9bf0a 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,6 +4,5 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix deleted file mode 100644 index a48fe9d..0000000 --- a/modules/home-manager-modules/impermanence.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - config = lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persistent/home/${config.home.username}" = { - directories = [ - ".ssh" - "desktop" - "downloads" - "documents" - ]; - }; - }; -} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index af7dcb2..efd39f3 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -277,6 +277,14 @@ in { normalUsers) ); + systemd = { + tmpfiles.rules = + builtins.map ( + user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + ) + normalUsers; + }; + fileSystems = lib.mkMerge [ { ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; From 7a4c2a2b8d73e857fe2aa996929f54792a6c5347 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:23:13 -0600 Subject: [PATCH 0419/1043] updated README.md --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index c39c360..3ba68b2 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ # Tasks: ## Tech Debt -- join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in `defiant/services.nix` into their own modules ## New Features @@ -56,8 +55,7 @@ - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- mastodon server - tail scale clients -- wake on LAN +- wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich \ No newline at end of file From 8e946972246aa78e9897afba938ea7cd2f5bfc7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:24:08 -0600 Subject: [PATCH 0420/1043] added task to README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba68b2..1111fe8 100644 --- a/README.md +++ b/README.md @@ -58,4 +58,5 @@ - tail scale clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich \ No newline at end of file +- Immich +- zfs encryption FIDO2 2fa \ No newline at end of file From ee5b794113d36bbd0ea0d18db05167d91d207e6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:25:27 -0600 Subject: [PATCH 0421/1043] removed sections from research topics --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 1111fe8..3f47f61 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ `sops -c sops secrets/secrets_file_here.yaml` ## Inspecting a configuration -`nix-inspect -p .` +`./inspect.sh` # Notes: @@ -37,9 +37,7 @@ - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -- Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ -- this guy might have a working zfs disko impermanence system - https://github.com/djacu/nixos-config/blob/main/hosts/adalon/disko-config.nix # Tasks: From 1ee9b9a87d461af9c89bba6d78811e1d1a4b87c5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:26:38 -0600 Subject: [PATCH 0422/1043] added back inspect command --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3f47f61..6843275 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ `sops -c sops secrets/secrets_file_here.yaml` ## Inspecting a configuration -`./inspect.sh` +`nix-inspect -p .` # Notes: From 46edb7363d64c5dfe8c2c1daf646312c23e03bcb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 20:01:44 -0600 Subject: [PATCH 0423/1043] disabled sleeping on defiant --- configurations/nixos/defiant/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index bb5f450..c1a18c7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -125,6 +125,14 @@ }; }; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave From c523e6075b1778243952126dc25dbc6d2a9f7067 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 20:03:01 -0600 Subject: [PATCH 0424/1043] added scrubbing and aut snapshot to defiant --- modules/nixos-modules/disko.nix | 5 +++++ modules/nixos-modules/impermanence.nix | 10 +++++++--- modules/nixos-modules/users.nix | 3 --- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index b65538d..f95edcf 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; config = lib.mkIf config.host.storage.enable { + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + disko.devices = { disk = ( builtins.listToAttrs ( diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index a187226..66139ce 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -67,18 +67,22 @@ "persist" = { type = "zfs_fs"; options.canmount = "off"; + options = { + "com.sun:auto-snapshot" = "true"; + }; }; # this is where root data actually lives "persist/system/root" = { type = "zfs_fs"; mountpoint = "/persist/system/root"; - options = { - "com.sun:auto-snapshot" = "true"; - }; }; "persist/system/var/log" = { type = "zfs_fs"; mountpoint = "/persist/system/var/log"; + # logs should be append only so we shouldn't need to snapshot them + options = { + "com.sun:auto-snapshot" = "false"; + }; }; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index efd39f3..704413a 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -347,9 +347,6 @@ in { "persist/home/${user.name}" = { type = "zfs_fs"; mountpoint = "/persist/home/${user.name}"; - options = { - "com.sun:auto-snapshot" = "true"; - }; }; }) normalUsers From 1a072188c9efdb10082bc14dd239fd80ee16fc00 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:41:39 -0600 Subject: [PATCH 0425/1043] added device to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6843275..b348b03 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | | `skate` | A6 Tablet (not using nix) | Leyla | Tablet | | `shale` | A6 Tablet (not using nix) | Eve | Tablet | +| `coven` | Pixel 8 (not using nix) | Leyla | Android | # Tooling ## Rebuilding From afa04e1080e6d63be91f9e60495f612847120add Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:43:17 -0600 Subject: [PATCH 0426/1043] disabled gdm auto suspend --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c1a18c7..724f86e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -132,6 +132,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; + services.xserver.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 6d2850e78f93b93d110d4804afdcf94f4c9e4be9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:46:50 -0600 Subject: [PATCH 0427/1043] added postgres service --- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/postgres.nix | 86 +++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 modules/nixos-modules/server/postgres.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7e4d36b..9f06565 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -3,5 +3,6 @@ ./network_storage ./reverse_proxy.nix ./jellyfin.nix + ./postgres.nix ]; } diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix new file mode 100644 index 0000000..2aae5fa --- /dev/null +++ b/modules/nixos-modules/server/postgres.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + ... +}: { + options = { + host.postgres = { + enable = lib.mkEnableOption "enable postgres"; + extraAdminUsers = lib.mkOption { + type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + }; + }); + default = {}; + }; + extraDatabaseUsers = lib.mkOption { + type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + }; + }); + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.postgres.enable { + services = { + postgresql = { + enable = true; + ensureUsers = + [ + { + name = "postgres"; + } + ] + + (lib.attrsets.mapAttrsToList (user: { + name = user.name; + ensureDBOwnership = true; + }) + config.host.postgres.extraDatabaseUsers); + ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map + ''; + }; + }; + }; +} From 6a5c7773fd4bb734d429b7919c92bc7f8f93ec0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:55:07 -0600 Subject: [PATCH 0428/1043] added taask to TODO --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b348b03..6d5119d 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in `defiant/services.nix` into their own modules +- syncthing password ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From fe1f2adf9f1aedc9d9b54ff4d3b4621e7be1e28d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 16:09:43 -0600 Subject: [PATCH 0429/1043] added files to persistence --- configurations/home-manager/leyla/impermanence.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ddb2f42..3f85d14 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -10,12 +10,15 @@ "downloads" "documents" ".ssh" - ".config/gnome-initial-setup-done" { directory = ".local/share/Steam"; method = "symlink"; } ]; + files = [ + ".config/gnome-initial-setup-done" # gnome welcome message + ".local/share/recently-used.xbel" # gnome recently viewed files + ]; }; }; } From 9ecba48dcf302a1e564165bb731fd1dd1c916e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 16:21:44 -0600 Subject: [PATCH 0430/1043] created forgejo service --- modules/nixos-modules/server/forgejo.nix | 36 ++++++++ modules/nixos-modules/server/postgres.nix | 102 +++++++++++++--------- 2 files changed, 97 insertions(+), 41 deletions(-) create mode 100644 modules/nixos-modules/server/forgejo.nix diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix new file mode 100644 index 0000000..96b9aeb --- /dev/null +++ b/modules/nixos-modules/server/forgejo.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + forgejoPort = 8081; +in { + options.host.forgejo = { + enable = lib.mkEnableOption "should forgejo be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + + config = + lib.mkIf config.host.forgejo.enable + { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 2aae5fa..d22be17 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -3,7 +3,9 @@ lib, pkgs, ... -}: { +}: let + dataDir = "/var/lib/postgresql/15"; +in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; @@ -40,47 +42,65 @@ }; }; - config = lib.mkIf config.host.postgres.enable { - services = { - postgresql = { - enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; - identMap = - '' - # ArbitraryMapName systemUser DBUser + config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ + { + services = { + postgresql = { + enable = true; + ensureUsers = + [ + { + name = "postgres"; + } + ] + + (lib.attrsets.mapAttrsToList (user: { + name = user.name; + ensureDBOwnership = true; + }) + config.host.postgres.extraDatabaseUsers); + ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + identMap = + '' + # ArbitraryMapName systemUser DBUser - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) - ) - + '' + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + ) + + '' - # Client Users - '' - + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map - ''; + # Client Users + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map + ''; + }; }; - }; - }; + } + + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + description = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + dataDir + ]; + }; + }) + ]); } From 8f59f8aecaf9452c950ebc98d7c1099db2c9b22c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:22:05 -0600 Subject: [PATCH 0431/1043] fixed postgres config for forgejo --- .../nixos/defiant/configuration.nix | 4 ++ modules/nixos-modules/server/default.nix | 3 +- modules/nixos-modules/server/forgejo.nix | 37 ++++++++---- modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/postgres.nix | 59 +++++++------------ 5 files changed, 55 insertions(+), 52 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 724f86e..668e10a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -69,6 +69,10 @@ enable = true; subdomain = "media"; }; + forgejo = { + enable = true; + subdomain = "git"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9f06565..65d79d9 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,7 +2,8 @@ imports = [ ./network_storage ./reverse_proxy.nix - ./jellyfin.nix ./postgres.nix + ./jellyfin.nix + ./forgejo.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 96b9aeb..7ed3312 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -17,20 +17,33 @@ in { config = lib.mkIf config.host.forgejo.enable { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; + host = { + reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + postgres = { + enable = true; + extraUsers = { + forgejo = { + isClient = true; + }; + }; }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; + + services.forgejo = { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 57a9cde..d6e3fe8 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -34,11 +34,11 @@ in { assertions = [ { assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - description = "jellyfin data directory does not match persistence"; + message = "jellyfin data directory does not match persistence"; } { assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - description = "jellyfin cache directory does not match persistence"; + message = "jellyfin cache directory does not match persistence"; } ]; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index d22be17..fde5c97 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -5,38 +5,29 @@ ... }: let dataDir = "/var/lib/postgresql/15"; + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; - extraAdminUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { name = lib.mkOption { type = lib.types.str; default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; }; }; - }); - default = {}; - }; - extraDatabaseUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - }; - }); + })); default = {}; }; }; @@ -47,18 +38,12 @@ in { services = { postgresql = { enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + package = pkgs.postgresql_15; + ensureUsers = [ + { + name = "postgres"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -68,14 +53,14 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' @@ -91,7 +76,7 @@ in { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; - description = "postgres data directory does not match persistence"; + message = "postgres data directory does not match persistence"; } ]; environment.persistence."/persist/system/root" = { From 2742eea9c536f3a7b95353206ea61660b07f5d27 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:25:39 -0600 Subject: [PATCH 0432/1043] added forgejo state dir to persist --- modules/nixos-modules/server/forgejo.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 7ed3312..3c5b5fa 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -4,6 +4,7 @@ ... }: let forgejoPort = 8081; + stateDir = "/var/lib/forgejo"; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; @@ -14,8 +15,7 @@ in { }; }; - config = - lib.mkIf config.host.forgejo.enable + config = lib.mkIf config.host.forgejo.enable (lib.mkMerge [ { host = { reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { @@ -45,5 +45,21 @@ in { }; }; }; - }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + stateDir + ]; + }; + }) + ]); } From 5a04603c85d3f85c01b065d2a37d0c7f5ea69778 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:58:13 -0600 Subject: [PATCH 0433/1043] removed replaced code from service.nix --- configurations/nixos/defiant/services.nix | 68 ----------------------- 1 file changed, 68 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 7ef6cde..6b42717 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -69,18 +69,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that forgejo will be hosted at"; - default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; - }; - }; home-assistant = { subdomain = lib.mkOption { type = lib.types.str; @@ -244,47 +232,6 @@ in { services = { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; - - postgresql = { - enable = true; - ensureUsers = [ - { - name = "postgres"; - } - { - name = "forgejo"; - ensureDBOwnership = true; - } - { - name = "headscale"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ - "forgejo" - "headscale" - # "nextcloud" - ]; - identMap = '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map postgres postgres - superuser_map root postgres - superuser_map leyla postgres - - # Client Users - superuser_map forgejo forgejo - superuser_map headscale headscale - ''; - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map - ''; - }; - headscale = { enable = true; user = "headscale"; @@ -307,21 +254,6 @@ in { }; }; - forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.apps.forgejo.hostname; - HTTP_PORT = 8081; - }; - }; - }; - home-assistant = { enable = true; config.http = { From 1824bc8cc9a3d4fc549a0f7eec94632f6e6754fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:13:10 -0600 Subject: [PATCH 0434/1043] added searx service --- .../nixos/defiant/configuration.nix | 4 ++ configurations/nixos/defiant/services.nix | 32 --------------- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/searx.nix | 40 +++++++++++++++++++ 4 files changed, 45 insertions(+), 32 deletions(-) create mode 100644 modules/nixos-modules/server/searx.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 668e10a..5ebea98 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -73,6 +73,10 @@ enable = true; subdomain = "git"; }; + searx = { + enable = true; + subdomain = "search"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 6b42717..f98e680 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -81,18 +81,6 @@ in { default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; - searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "search"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that searx will be hosted at"; - default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -113,9 +101,6 @@ in { "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; "services/nextcloud_adminpass" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; owner = config.users.users.nextcloud.name; @@ -265,17 +250,6 @@ in { }; }; - searx = { - enable = true; - environmentFile = config.sops.secrets."services/searx".path; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - }; - }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres nextcloud = { enable = true; @@ -307,11 +281,6 @@ in { # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; - ${config.apps.searx.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; }; }; }; @@ -333,7 +302,6 @@ in { config.services.forgejo.settings.server.HTTP_PORT config.services.home-assistant.config.http.server_port config.services.postgresql.settings.port - config.services.searx.settings.server.port ]); environment.systemPackages = [ diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 65d79d9..c38d60c 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -5,5 +5,6 @@ ./postgres.nix ./jellyfin.nix ./forgejo.nix + ./searx.nix ]; } diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix new file mode 100644 index 0000000..5af4c57 --- /dev/null +++ b/modules/nixos-modules/server/searx.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + inputs, + ... +}: { + options.host.searx = { + enable = lib.mkEnableOption "should searx be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + + config = lib.mkIf config.host.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + host = { + reverse_proxy.subdomains.${config.host.searx.subdomain} = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; + }; + services = { + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + }; + }; +} From a4e308650fe81c2197aa2718102ab91efb71bc04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:22:05 -0600 Subject: [PATCH 0435/1043] created home assistant service --- .../nixos/defiant/configuration.nix | 4 ++ configurations/nixos/defiant/services.nix | 21 -------- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 51 +++++++++++++++++++ 4 files changed, 56 insertions(+), 21 deletions(-) create mode 100644 modules/nixos-modules/server/home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5ebea98..f366a60 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -77,6 +77,10 @@ enable = true; subdomain = "search"; }; + home-assistant = { + enable = true; + subdomain = "home"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index f98e680..0a6bb46 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -239,17 +239,6 @@ in { }; }; - home-assistant = { - enable = true; - config.http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres nextcloud = { enable = true; @@ -271,16 +260,6 @@ in { proxyWebsockets = true; }; }; - ${config.apps.forgejo.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - }; - ${config.apps.home-assistant.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - }; }; }; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index c38d60c..38516d8 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -6,5 +6,6 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix + ./home-assistant.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix new file mode 100644 index 0000000..27b6a55 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant.nix @@ -0,0 +1,51 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in { + options.host.home-assistant = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; + + config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + enable = true; + config.http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + }; + host = { + reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + configDir + ]; + }; + }) + ]); +} From e97061ab64d8996a5e5622f65f72dcc01a4a6774 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:34:53 -0600 Subject: [PATCH 0436/1043] added groups and users to impermanence directories --- modules/nixos-modules/server/forgejo.nix | 6 +++++- modules/nixos-modules/server/home-assistant.nix | 6 +++++- modules/nixos-modules/server/jellyfin.nix | 12 ++++++++++-- modules/nixos-modules/server/postgres.nix | 6 +++++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 3c5b5fa..fa8ebb6 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -57,7 +57,11 @@ in { enable = true; hideMounts = true; directories = [ - stateDir + { + directory = stateDir; + user = "forgejo"; + group = "forgejo"; + } ]; }; }) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 27b6a55..ba6d81f 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -43,7 +43,11 @@ in { enable = true; hideMounts = true; directories = [ - configDir + { + directory = configDir; + user = "hass"; + group = "hass"; + } ]; }; }) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index d6e3fe8..6d6874a 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -46,8 +46,16 @@ in { enable = true; hideMounts = true; directories = [ - jellyfin_data_directory - jellyfin_cache_directory + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } ]; }; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index fde5c97..252e488 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -83,7 +83,11 @@ in { enable = true; hideMounts = true; directories = [ - dataDir + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } ]; }; }) From e6852cc537fd2905b0768d9c07588edd4204e973 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 19:31:39 -0600 Subject: [PATCH 0437/1043] fixed searx secrets not loading --- modules/nixos-modules/users.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 704413a..c3a316e 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -309,14 +309,6 @@ in { ) ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/run/secrets" - ]; - }; - host.storage.pool.extraDatasets = lib.mkMerge ( [ { From b02bd1a5e2d89e219174fcd13c8ca5e325e31bbb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 21:39:39 -0600 Subject: [PATCH 0438/1043] created config for pihole --- .../nixos/defiant/configuration.nix | 11 ++ configurations/nixos/defiant/services.nix | 129 ------------------ modules/nixos-modules/server/default.nix | 2 + modules/nixos-modules/server/pihole.nix | 98 +++++++++++++ modules/nixos-modules/server/podman.nix | 74 ++++++++++ 5 files changed, 185 insertions(+), 129 deletions(-) create mode 100644 modules/nixos-modules/server/pihole.nix create mode 100644 modules/nixos-modules/server/podman.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f366a60..e86dbc4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -81,6 +81,17 @@ enable = true; subdomain = "home"; }; + pihole = { + enable = true; + ip = "192.168.1.201"; + }; + podman = { + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 0a6bb46..2774a1d 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -18,45 +18,6 @@ in { base_domain = lib.mkOption { type = lib.types.str; }; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - pihole = { - image = lib.mkOption { - type = lib.types.str; - description = "container image to use for pi-hole"; - }; - # TODO: check against subnet for macvlan - ip = lib.mkOption { - type = lib.types.str; - description = "ip address to use for pi-hole"; - }; - directory = { - root = lib.mkOption { - type = lib.types.str; - description = "directory that pihole will be hosted at"; - default = "/var/lib/pihole"; - }; - data = lib.mkOption { - type = lib.types.str; - description = "directory that pihole data will be hosted at"; - default = "${config.apps.pihole.directory.root}/data"; - }; - }; - }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -98,94 +59,14 @@ in { config = { sops.secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; "services/nextcloud_adminpass" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; owner = config.users.users.nextcloud.name; }; }; - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; - }; - - oci-containers = { - backend = "podman"; - - containers = { - pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.apps.pihole.image; - volumes = [ - "${config.apps.pihole.directory.data}:/etc/pihole:rw" - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = "America/Chicago"; - WEBPASSWORD_FILE = passwordFileLocation; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; - }; - log-driver = "journald"; - extraOptions = [ - "--ip=${config.apps.pihole.ip}" - "--network=macvlan" - ]; - }; - }; - }; - }; - - # TODO: dynamic users systemd = { - tmpfiles.rules = [ - "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system - "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system - ]; - services = { - "podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - after = [ - "podman-network-macvlan.service" - ]; - requires = [ - "podman-network-macvlan.service" - ]; - partOf = [ - "podman-compose-root.target" - ]; - wantedBy = [ - "podman-compose-root.target" - ]; - }; - - "podman-network-macvlan" = { - path = [pkgs.podman]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f macvlan"; - }; - script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan - ''; - partOf = ["podman-compose-root.target"]; - wantedBy = ["podman-compose-root.target"]; - }; # nextcloud-setup = { # after = ["network.target"]; # }; @@ -201,16 +82,6 @@ in { suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; }; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 38516d8..dd19cfd 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -3,9 +3,11 @@ ./network_storage ./reverse_proxy.nix ./postgres.nix + ./podman.nix ./jellyfin.nix ./forgejo.nix ./searx.nix ./home-assistant.nix + ./pihole.nix ]; } diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix new file mode 100644 index 0000000..df86b97 --- /dev/null +++ b/modules/nixos-modules/server/pihole.nix @@ -0,0 +1,98 @@ +{ + lib, + config, + inputs, + ... +}: { + options.host.pihole = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + directory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/pihole"; + }; + image = lib.mkOption { + type = lib.types.str; + default = "pihole/pihole:2024.07.0"; + description = "container image to use for pi-hole"; + }; + ip = lib.mkOption { + type = lib.types.str; + description = "ip address to use for pi-hole"; + }; + }; + config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ + { + host.podman.enable = true; + sops.secrets = { + "services/pi-hole" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + systemd = { + tmpfiles.rules = [ + "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system + ]; + + services = { + "podman-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-macvlan.service" + ]; + requires = [ + "podman-network-macvlan.service" + ]; + partOf = [ + "podman-compose-root.target" + ]; + wantedBy = [ + "podman-compose-root.target" + ]; + }; + }; + }; + + virtualisation = { + oci-containers = { + containers = { + pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.host.pihole.image; + volumes = [ + "${config.host.pihole.directory}:/etc/pihole:rw" + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = "America/Chicago"; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.host.pihole.ip}" + "--network=macvlan" + ]; + }; + }; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.host.pihole.directory; + user = "pihole"; + group = "pihole"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix new file mode 100644 index 0000000..0f48ac9 --- /dev/null +++ b/modules/nixos-modules/server/podman.nix @@ -0,0 +1,74 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.host.podman = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + macvlan = { + subnet = lib.mkOption { + type = lib.types.str; + description = "Subnet for macvlan address range"; + }; + gateway = lib.mkOption { + type = lib.types.str; + description = "Gateway for macvlan"; + # TODO: see if we can default this to systemd network gateway + }; + networkInterface = lib.mkOption { + type = lib.types.str; + description = "Parent network interface for macvlan"; + # TODO: see if we can default this some interface? + }; + }; + }; + config = lib.mkIf config.host.podman.enable { + systemd = { + services = { + "podman-network-macvlan" = { + path = [pkgs.podman]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f macvlan"; + }; + script = '' + podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan + ''; + partOf = ["podman-compose-root.target"]; + wantedBy = ["podman-compose-root.target"]; + }; + }; + # disable computer sleeping + targets = { + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "podman-compose-root" = { + unitConfig = { + Description = "Root target for podman targets."; + }; + wantedBy = ["multi-user.target"]; + }; + }; + }; + + virtualisation = { + # Runtime + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + + oci-containers = { + backend = "podman"; + }; + }; + }; +} From 6ab64fafe1d6a57c2e9256812d824b3b02ddfab5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:07:52 -0600 Subject: [PATCH 0439/1043] added acme to impermanence --- configurations/nixos/defiant/services.nix | 5 -- .../nixos-modules/server/reverse_proxy.nix | 65 +++++++++++++------ 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 2774a1d..73c7024 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -135,11 +135,6 @@ in { }; }; - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - networking.firewall.allowedTCPPorts = [ httpPort diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 7eecdd0..bd39d4c 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -2,7 +2,9 @@ lib, config, ... -}: { +}: let + dataDir = "/var/lib/acme"; +in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { @@ -32,25 +34,46 @@ }; }; - # TODO: impermanence for ACME keys - config = { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; + config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ + { + security.acme = lib.mkIf config.host.reverse_proxy.enableACME { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; - services.nginx = { - enable = config.host.reverse_proxy.enable; - virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations."/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets; - }; - }) - config.host.reverse_proxy.subdomains; - }; - }; + services.nginx = { + enable = true; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + } + (lib.mkIf config.host.impermanence.enable { + # TODO: figure out how to write an assertion for this + # assertions = [ + # { + # assertion = security.acme.certs..directory == dataDir; + # message = "postgres data directory does not match persistence"; + # } + # ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }) + ]); } From 12e1f8067b7e4938728397ab4505a9f340cc4124 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:23:06 -0600 Subject: [PATCH 0440/1043] added port forwards to services --- configurations/nixos/defiant/services.nix | 34 +------------------ modules/nixos-modules/server/pihole.nix | 7 +++- .../nixos-modules/server/reverse_proxy.nix | 7 ++++ 3 files changed, 14 insertions(+), 34 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 73c7024..fdb0383 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -4,13 +4,7 @@ pkgs, inputs, ... -}: let - jellyfinPort = 8096; - dnsPort = 53; - httpPort = 80; - httpsPort = 443; - isDebug = false; -in { +}: { imports = []; options = { @@ -30,18 +24,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that home-assistant will be hosted at"; - default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -135,20 +117,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = - [ - httpPort - httpsPort - dnsPort - ] - ++ (lib.optional isDebug [ - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - config.services.home-assistant.config.http.server_port - config.services.postgresql.settings.port - ]); - environment.systemPackages = [ config.services.headscale.package ]; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index df86b97..6ec7628 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -3,7 +3,9 @@ config, inputs, ... -}: { +}: let + dnsPort = 53; +in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; directory = lib.mkOption { @@ -80,6 +82,9 @@ }; }; }; + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index bd39d4c..12fe757 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -4,6 +4,8 @@ ... }: let dataDir = "/var/lib/acme"; + httpPort = 80; + httpsPort = 443; in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; @@ -54,6 +56,11 @@ in { }) config.host.reverse_proxy.subdomains; }; + + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + ]; } (lib.mkIf config.host.impermanence.enable { # TODO: figure out how to write an assertion for this From 7dfb67f1f4e5418f244cab887e8f9dd734476eb9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:39:08 -0600 Subject: [PATCH 0441/1043] created nextcloud service --- configurations/nixos/defiant/services.nix | 30 ------------ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/nextcloud.nix | 55 ++++++++++++++++++++++ 3 files changed, 56 insertions(+), 30 deletions(-) create mode 100644 modules/nixos-modules/server/nextcloud.nix diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index fdb0383..958bc08 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -1,8 +1,6 @@ { lib, config, - pkgs, - inputs, ... }: { imports = []; @@ -40,31 +38,13 @@ }; config = { - sops.secrets = { - "services/nextcloud_adminpass" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - owner = config.users.users.nextcloud.name; - }; - }; - systemd = { services = { - # nextcloud-setup = { - # after = ["network.target"]; - # }; headscale = { after = ["postgresql.service"]; requires = ["postgresql.service"]; }; }; - - # disable computer sleeping - targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; }; services = { @@ -92,16 +72,6 @@ }; }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres - nextcloud = { - enable = true; - package = pkgs.nextcloud30; - hostName = config.apps.nextcloud.hostname; - config = { - adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; - }; - }; - nginx = { enable = true; virtualHosts = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index dd19cfd..b44eec7 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,5 +9,6 @@ ./searx.nix ./home-assistant.nix ./pihole.nix + ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix new file mode 100644 index 0000000..126ddd5 --- /dev/null +++ b/modules/nixos-modules/server/nextcloud.nix @@ -0,0 +1,55 @@ +{ + lib, + pkgs, + config, + inputs, + ... +}: let + dataDir = "/var/lib/nextcloud"; +in { + options.host.nextcloud = { + enable = lib.mkEnableOption "should nextcloud be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that nextcloud will be hosted at"; + default = "nextcloud"; + }; + }; + + config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [ + { + sops.secrets = { + "services/nextcloud_adminpass" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + owner = config.users.users.nextcloud.name; + }; + }; + + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {}; + + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; + config = { + adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + }; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "nextcloud"; + group = "nextcloud"; + } + ]; + }; + }) + ]); +} From 0e5cf348098f549c85ee684f57ef26aad11e13d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:48:03 -0600 Subject: [PATCH 0442/1043] added headscale service --- .../nixos/defiant/configuration.nix | 8 ++ configurations/nixos/defiant/services.nix | 94 ------------------- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/headscale.nix | 61 ++++++++++++ 4 files changed, 70 insertions(+), 94 deletions(-) delete mode 100644 configurations/nixos/defiant/services.nix create mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e86dbc4..c6a9e01 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -92,6 +92,14 @@ networkInterface = "bond0"; }; }; + nextcloud = { + enable = true; + subdomain = "drive"; + }; + headscale = { + enable = true; + subdomain = "vpn"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix deleted file mode 100644 index 958bc08..0000000 --- a/configurations/nixos/defiant/services.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ - lib, - config, - ... -}: { - imports = []; - - options = { - apps = { - base_domain = lib.mkOption { - type = lib.types.str; - }; - headscale = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that headscale will be hosted at"; - default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - }; - }; - nextcloud = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that nextcloud will be hosted at"; - default = "nextcloud"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that nextcloud will be hosted at"; - default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; - }; - }; - }; - }; - - config = { - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${config.apps.headscale.hostname}"; - dns.base_domain = "clients.${config.apps.headscale.hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - - nginx = { - enable = true; - virtualHosts = { - ${config.apps.headscale.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index b44eec7..9696617 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix + ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix new file mode 100644 index 0000000..4495a4a --- /dev/null +++ b/modules/nixos-modules/server/headscale.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; +in { + options.host.headscale = { + enable = lib.mkEnableOption "should headscale be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; + }; + + config = lib.mkIf config.host.headscale.enable { + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString config.services.headscale.port}"; + }; + + systemd = { + services = { + headscale = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + }; + }; + + services = { + # DNS stub needs to be disabled so pi hole can bind + # resolved.extraConfig = "DNSStubListener=no"; + headscale = { + enable = true; + user = "headscale"; + group = "headscale"; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${hostname}"; + dns.base_domain = "clients.${hostname}"; + logtail.enabled = true; + database = { + type = "postgres"; + postgres = { + host = "/run/postgresql"; + port = config.services.postgresql.settings.port; + user = "headscale"; + name = "headscale"; + }; + }; + }; + }; + }; + + environment.systemPackages = [ + config.services.headscale.package + ]; + }; +} From da8919b999024424f68becfbdecca47c1e6bbae7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 16:34:15 -0600 Subject: [PATCH 0443/1043] removed headscale --- .../nixos/defiant/configuration.nix | 40 +++--------- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/headscale.nix | 61 ------------------- modules/nixos-modules/server/postgres.nix | 39 +++++++++--- 4 files changed, 39 insertions(+), 102 deletions(-) delete mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c6a9e01..c32b6b3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,9 +1,5 @@ # server nas {pkgs, ...}: { - imports = [ - # ./services.nix - ]; - nixpkgs.config.allowUnfree = true; host = { @@ -65,6 +61,13 @@ enable = false; hostname = "volpe.social"; }; + postgres = { + extraUsers = { + leyla = { + isAdmin = true; + }; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -96,40 +99,11 @@ enable = true; subdomain = "drive"; }; - headscale = { - enable = true; - subdomain = "vpn"; - }; }; networking = { hostId = "c51763d6"; }; - # apps = { - # base_domain = "jan-leila.com"; - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # pihole = { - # image = "pihole/pihole:2024.07.0"; - # ip = "192.168.1.201"; - # }; - # headscale = { - # subdomain = "vpn"; - # }; - # jellyfin = { - # subdomain = "media"; - # }; - # forgejo = { - # subdomain = "git"; - # }; - # nextcloud = { - # subdomain = "drive"; - # }; - # }; - services = { # TODO: move zfs scrubbing into module zfs = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9696617..b44eec7 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix - ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix deleted file mode 100644 index 4495a4a..0000000 --- a/modules/nixos-modules/server/headscale.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; -in { - options.host.headscale = { - enable = lib.mkEnableOption "should headscale be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - }; - - config = lib.mkIf config.host.headscale.enable { - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString config.services.headscale.port}"; - }; - - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${hostname}"; - dns.base_domain = "clients.${hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 252e488..450fafa 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -7,6 +7,8 @@ dataDir = "/var/lib/postgresql/15"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; in { options = { host.postgres = { @@ -26,6 +28,21 @@ in { type = lib.types.bool; default = false; }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; }; })); default = {}; @@ -39,11 +56,19 @@ in { postgresql = { enable = true; package = pkgs.postgresql_15; - ensureUsers = [ - { - name = "postgres"; - } - ]; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; identMap = '' # ArbitraryMapName systemUser DBUser @@ -60,13 +85,13 @@ in { # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + local sameuser all peer map=user_map ''; }; }; From 4c7d6bf8374b22d526b3207d1d389d491cc02533 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 17:09:10 -0600 Subject: [PATCH 0444/1043] enabled reverse proxy --- configurations/nixos/defiant/configuration.nix | 4 ++-- modules/nixos-modules/server/reverse_proxy.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c32b6b3..a619c03 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -58,8 +58,8 @@ }; }; reverse_proxy = { - enable = false; - hostname = "volpe.social"; + enable = true; + hostname = "jan-leila.com"; }; postgres = { extraUsers = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 12fe757..acadbe8 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -16,7 +16,7 @@ in { forceSSL = lib.mkOption { type = lib.types.bool; description = "force connections to use https"; - default = true; + default = config.host.reverse_proxy.enableACME; }; enableACME = lib.mkOption { type = lib.types.bool; From a379f146d6c6ae43e8068abf6ac09ca0a35c07c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 17:51:08 -0600 Subject: [PATCH 0445/1043] updated flake.lock --- .../home-manager/leyla/packages.nix | 1 - flake.lock | 48 +++++++++---------- modules/nixos-modules/desktop.nix | 6 +-- 3 files changed, 27 insertions(+), 28 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 836a22b..9593ba0 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -68,7 +68,6 @@ in { bruno qFlipper proxmark3 - godot_4-mono # system tools protonvpn-gui diff --git a/flake.lock b/flake.lock index 44359f8..9fe7962 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735048446, - "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735202720, - "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", + "lastModified": 1735926627, + "narHash": "sha256-L8uuPK8ieuNJLbYsZ3nhBZ0+6btvbCqRm9wG51tbOdE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", + "rev": "a3943ec69fff6fb80227e62acca22adc016ada63", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1735053786, - "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", + "lastModified": 1735947440, + "narHash": "sha256-jnEcfmOhWntmVEcqlvs+j532+mvmgsKtQSSfukgkn+A=", "owner": "nix-community", "repo": "home-manager", - "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", + "rev": "a9987622b7b93c82e147f198574e8e6ffbf5e327", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1735218083, - "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=", + "lastModified": 1735685839, + "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bc03f7818771a75716966ce8c23110b715eff2aa", + "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735264033, - "narHash": "sha256-ss9vVSK9M2o8hW4nFs+GuVxsrIZ8X3zxQfeWhEKgMT0=", + "lastModified": 1735868868, + "narHash": "sha256-U4Oy2o/CmBg6gexAHamH++52oAgvvEwcq9fkEmcvjyw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b5223dca0334d671787531a204bdba7717b48a72", + "rev": "b0f7a59cee0ca77c157ab4e0c60d4a9df6bccb86", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1735388221, + "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1734546875, - "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", + "lastModified": 1735844895, + "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", + "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index d1b0517..c6d3dfa 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -46,10 +46,10 @@ automatic-timezoned = { enable = true; }; - }; - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; + # Enable sound with pipewire. + pulseaudio.enable = false; + }; # enable RealtimeKit for pulse audio security.rtkit.enable = true; From c9a7ce7150b60f8b641aefce46abfbe7c3fed929 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 18:27:49 -0600 Subject: [PATCH 0446/1043] reorganized configs in configuration.nix --- configurations/nixos/defiant/configuration.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a619c03..a5e9c7d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -68,6 +68,13 @@ }; }; }; + podman = { + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -88,13 +95,6 @@ enable = true; ip = "192.168.1.201"; }; - podman = { - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - }; nextcloud = { enable = true; subdomain = "drive"; From 31a9d201581350a4118369a27dce4549a3b84a91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:46:43 -0600 Subject: [PATCH 0447/1043] fixed mount points for new nfs server --- configurations/nixos/horizon/hardware-configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 184be7a..a30decb 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -39,25 +39,25 @@ }; "/mnt/leyla_home" = { - device = "defiant:/home/leyla"; + device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/eve_home" = { - device = "defiant:/home/eve"; + device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/ester_home" = { - device = "defiant:/home/ester"; + device = "defiant:/exports/ester"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/users_home" = { - device = "defiant:/home/users"; + device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; From dc6d05a0b05d7c4216f1549d70ed4968fdc0db50 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:47:43 -0600 Subject: [PATCH 0448/1043] added default to subdomains --- modules/nixos-modules/server/reverse_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index acadbe8..a218b3f 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -33,6 +33,7 @@ in { websockets = lib.mkEnableOption "should websockets be proxied"; }; })); + default = {}; }; }; From 1374696401d2ff6f41d74af004f34f0d410484af Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:48:55 -0600 Subject: [PATCH 0449/1043] removed un needed comment --- configurations/nixos/horizon/configuration.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index bc96142..0c48bb3 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -39,16 +39,6 @@ programs.adb.enable = true; - # enabled virtualisation for docker - # virtualisation.docker = { - # enable = true; - # rootless = { - # enable = true; - # setSocketVariable = true; - # }; - # }; - # users.extraGroups.docker.members = ["leyla"]; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From 994234c18b73292a4e45c203b36fdce8657353f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:58:22 -0600 Subject: [PATCH 0450/1043] increased side of boot partition --- modules/nixos-modules/disko.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index f95edcf..b2685af 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -90,7 +90,8 @@ in { partitions = { # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA ESP = { - size = "64M"; + # 2G here because its not much relative to how much storage we have for caching + size = "2G"; type = "EF00"; content = { type = "filesystem"; From e2d3bb5d01e54221b2989e8ab483967b05f258f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 15:20:51 -0600 Subject: [PATCH 0451/1043] added auto key generation to ssh --- README.md | 4 + .../home-manager/leyla/impermanence.nix | 1 - modules/home-manager-modules/openssh.nix | 100 +++++++++++++++++- modules/nixos-modules/ssh.nix | 9 +- 4 files changed, 104 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 6d5119d..626e3f2 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ +# nix-config + + + # Hosts ## Host Map diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 3f85d14..b3d058d 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -9,7 +9,6 @@ "desktop" "downloads" "documents" - ".ssh" { directory = ".local/share/Steam"; method = "symlink"; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index ef4f11f..4710cd9 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -1,8 +1,102 @@ -{lib, ...}: { - options.programs = { - openssh.authorizedKeys = lib.mkOption { +{ + pkgs, + config, + osConfig, + lib, + ... +}: { + options.programs.openssh = { + authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; }; + hostKeys = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + default = [ + { + type = "rsa"; + bits = 4096; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + } + { + type = "ed25519"; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + example = [ + { + type = "rsa"; + bits = 4096; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + rounds = 100; + openSSHFormat = true; + } + { + type = "ed25519"; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + rounds = 100; + comment = "key comment"; + } + ]; + description = '' + NixOS can automatically generate SSH host keys. This option + specifies the path, type and size of each key. See + {manpage}`ssh-keygen(1)` for supported types + and sizes. Paths are relative to home directory + ''; + }; }; + + config = lib.mkMerge [ + { + systemd.user.services."${config.home.username}-ssh-keygen" = { + Unit = { + description = "Generate SSH keys for user"; + }; + Install = { + wantedBy = ["sshd.target" "multi-user.target" "default.target"]; + }; + Service = { + ExecStart = "${ + pkgs.writeShellScript "ssh-keygen" + '' + # Make sure we don't write to stdout, since in case of + # socket activation, it goes to the remote side (#19589). + exec >&2 + + ${lib.flip lib.concatMapStrings config.programs.openssh.hostKeys (k: let + path = "${config.home.homeDirectory}/${k.path}"; + in '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ssh-keygen \ + -t "${k.type}" \ + ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \ + ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \ + ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \ + ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + fi + '')} + '' + }"; + KillMode = "process"; + Restart = "always"; + Type = "simple"; + }; + }; + } + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.programs.openssh.hostKeys + ); + }; + }) + ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 69bd185..6f5fac1 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -19,12 +19,9 @@ } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; + files = lib.lists.flatten ( + builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys + ); }; }) ]; From 19a9b06c4e7ba08e13bfa8c92c373d7fa83d6769 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 15:23:33 -0600 Subject: [PATCH 0452/1043] added header to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 626e3f2..bed915f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # nix-config +https://git.jan-leila.com/jan-leila/nix-config +nix multi user, multi system, configuration with `sops` secret management, `home-manager`, and `nixos-anywhere` setup via `disko` with `zfs` + `impermanence` # Hosts From caa08f1c1823816a9ec4426263bf14259e2d956b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 17:48:02 -0600 Subject: [PATCH 0453/1043] removed rsa from default hostKeys --- modules/home-manager-modules/openssh.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 4710cd9..ae81bd1 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -13,11 +13,6 @@ hostKeys = lib.mkOption { type = lib.types.listOf lib.types.attrs; default = [ - { - type = "rsa"; - bits = 4096; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; - } { type = "ed25519"; path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; From 0c5b21d60a6628dfc4cff3853e7222d62877a8a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:29:29 -0600 Subject: [PATCH 0454/1043] fixed ssh key generation --- configurations/home-manager/leyla/default.nix | 16 +++- modules/home-manager-modules/openssh.nix | 94 +++++++++---------- 2 files changed, 58 insertions(+), 52 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 8b41e3a..bb65a35 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,6 +1,7 @@ { pkgs, osConfig, + config, ... }: { imports = [ @@ -106,9 +107,18 @@ }; bash.enable = true; - openssh.authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - ]; + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; }; dconf = { diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index ae81bd1..652b0fb 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -12,23 +12,18 @@ }; hostKeys = lib.mkOption { type = lib.types.listOf lib.types.attrs; - default = [ - { - type = "ed25519"; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; + default = []; example = [ { type = "rsa"; bits = 4096; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + path = "${config.home.username}_${osConfig.networking.hostName}_rsa"; rounds = 100; openSSHFormat = true; } { type = "ed25519"; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; rounds = 100; comment = "key comment"; } @@ -43,53 +38,54 @@ }; config = lib.mkMerge [ - { - systemd.user.services."${config.home.username}-ssh-keygen" = { - Unit = { - description = "Generate SSH keys for user"; + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + addKeysToAgent = "yes"; }; - Install = { - wantedBy = ["sshd.target" "multi-user.target" "default.target"]; - }; - Service = { - ExecStart = "${ - pkgs.writeShellScript "ssh-keygen" - '' - # Make sure we don't write to stdout, since in case of - # socket activation, it goes to the remote side (#19589). - exec >&2 - ${lib.flip lib.concatMapStrings config.programs.openssh.hostKeys (k: let - path = "${config.home.homeDirectory}/${k.path}"; - in '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ssh-keygen \ - -t "${k.type}" \ - ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \ - ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \ - ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \ - ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - fi - '')} - '' - }"; - KillMode = "process"; - Restart = "always"; - Type = "simple"; - }; - }; - } + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) (lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( - builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.programs.openssh.hostKeys + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); }; }) From c557523bd6fb893fb7cbf6456fffe1f1df5fc815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:42:14 -0600 Subject: [PATCH 0455/1043] configured ssh options --- modules/home-manager-modules/openssh.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 652b0fb..12107c8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -43,7 +43,8 @@ services.ssh-agent.enable = true; programs.ssh = { enable = true; - addKeysToAgent = "yes"; + compression = true; + addKeysToAgent = "prompt"; }; systemd.user.services = builtins.listToAttrs ( From 445df7eb5baaca3e1cb78e01c3127a1c80734a04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:50:24 -0600 Subject: [PATCH 0456/1043] fixed identities not being found automatically --- modules/home-manager-modules/openssh.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 12107c8..df78828 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -44,7 +44,10 @@ programs.ssh = { enable = true; compression = true; - addKeysToAgent = "prompt"; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); }; systemd.user.services = builtins.listToAttrs ( From 89f2ada23336621024dfafa15d580ad3997756f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:56:01 -0600 Subject: [PATCH 0457/1043] added coven to sync --- modules/nixos-modules/sync.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 532038e..ce9a247 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -56,6 +56,9 @@ in { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; }; + coven = { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + }; }; folders = lib.mkMerge [ config.host.sync.folders.extraFolders @@ -63,21 +66,21 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "/mnt/sync/leyla/documents"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) (lib.mkIf config.host.sync.folders.leyla.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; path = "/mnt/sync/leyla/calendar"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "/mnt/sync/leyla/notes"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) ]; From 81a1c9cc3f5f1c81eb559093182f8d4c80ae1c59 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 Jan 2025 10:46:43 -0600 Subject: [PATCH 0458/1043] removed completed tasks from README.md --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index bed915f..ff08fb8 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - https://nixos-and-flakes.thiscute.world/ @@ -50,7 +49,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in `defiant/services.nix` into their own modules - syncthing password ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -58,7 +56,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - samba mounts - figure out steam vr things? - Open GL? -- openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing - tail scale clients From 84698ba68b22c8e5a9b4d4556ca9c1f452e19324 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 11:57:01 -0600 Subject: [PATCH 0459/1043] fixed coven id for sync --- modules/nixos-modules/sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index ce9a247..00036f4 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -57,7 +57,7 @@ in { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; }; coven = { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; }; }; folders = lib.mkMerge [ From 46fd27f76892b5ae02c3993e508d70042001be12 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:06:26 -0600 Subject: [PATCH 0460/1043] added fail2ban --- .../nixos/defiant/configuration.nix | 3 + modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/fail2ban.nix | 90 +++++++++++++++++++ modules/nixos-modules/server/nextcloud.nix | 8 ++ 4 files changed, 102 insertions(+) create mode 100644 modules/nixos-modules/server/fail2ban.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a5e9c7d..f65421c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -28,6 +28,9 @@ ]; }; }; + fail2ban = { + enable = true; + }; network_storage = { enable = true; directories = [ diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index b44eec7..c8e17a9 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./fail2ban.nix ./network_storage ./reverse_proxy.nix ./postgres.nix diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix new file mode 100644 index 0000000..f68ef9d --- /dev/null +++ b/modules/nixos-modules/server/fail2ban.nix @@ -0,0 +1,90 @@ +{ + lib, + config, + ... +}: { + options.host.fail2ban = { + enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; + }; + + config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ + { + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + failregex = "limiting requests, excess:.* by zone.*client: "; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\."; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable { + filter = "nextcloud"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.nextcloud.datadir}/*.log"; + backend = "auto"; + failregex = '' + ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ + ''; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.stateDir}/log/*.log"; + backend = "auto"; + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from "; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + filter = "home-assistant"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + }) + ]); +} diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index 126ddd5..a1ad0cf 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -32,6 +32,7 @@ in { enable = true; package = pkgs.nextcloud30; hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; + settings.log_type = "file"; config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; }; @@ -39,6 +40,13 @@ in { }; } (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.nextcloud.datadir == dataDir; + message = "nextcloud data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 6a8daadb4e256f439b8cd6bdb4e9901808544815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:07:19 -0600 Subject: [PATCH 0461/1043] fixed gnome tour showing on reboot --- configurations/home-manager/leyla/impermanence.nix | 2 +- configurations/nixos/defiant/configuration.nix | 1 + modules/nixos-modules/desktop.nix | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index b3d058d..8cbc254 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -15,7 +15,7 @@ } ]; files = [ - ".config/gnome-initial-setup-done" # gnome welcome message + ".bash_history" # keep shell history around ".local/share/recently-used.xbel" # gnome recently viewed files ]; }; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f65421c..f60e146 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -62,6 +62,7 @@ }; reverse_proxy = { enable = true; + enableACME = false; hostname = "jan-leila.com"; }; postgres = { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index c6d3dfa..22a7b65 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -53,6 +53,8 @@ # enable RealtimeKit for pulse audio security.rtkit.enable = true; + # disable welcome tour + environment.gnome.excludePackages = [pkgs.gnome-tour]; }) ]; } From b9b5c1b2e3985d6f75c85afde60354b27d9027b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:11:29 -0600 Subject: [PATCH 0462/1043] added impermanence to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f68ef9d..e59d8a5 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -2,7 +2,9 @@ lib, config, ... -}: { +}: let + dataFile = "/var/lib/fail2ban/fail2ban.sqlite3"; +in { options.host.fail2ban = { enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; }; @@ -85,6 +87,20 @@ }; } (lib.mkIf config.host.impermanence.enable { - }) + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == dataFile; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + files = [ + dataFile + ]; + }; + }) ]); } From b18cd526d7991eb541c39c0a1951e682943350b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 20:03:32 -0600 Subject: [PATCH 0463/1043] added tasks to README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ff08fb8..4798a5d 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich -- zfs encryption FIDO2 2fa \ No newline at end of file +- zfs encryption FIDO2 2fa +- ISO installer - https://github.com/nix-community/nixos-generators +- Secure Boot - https://github.com/nix-community/lanzaboote From 8b1551266b387a8ec507c9f8334d72f34c63b6f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 7 Jan 2025 15:59:31 -0600 Subject: [PATCH 0464/1043] added host option to rebuild script --- rebuild.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index a4b7fdc..45dae64 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -15,7 +15,7 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` target="${1#*=}" ;; - --flake*|-h*) + --flake*|-f*) if [[ "$1" != *=* ]]; then shift; fi flake="${1#*=}" ;; @@ -27,6 +27,10 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; + --host*) + if [[ "$1" != *=* ]]; then shift; fi + host="${1#*=}" + ;; --preserve-result) preserve_result=true ;; @@ -42,6 +46,7 @@ while [ $# -gt 0 ]; do echo "--flake -f: set the flake to rebuild on the target system" echo "--mode -m: set the mode to rebuild flake as on the target system" echo "--user -u: set the user to rebuild flake as on the target system" + echo "--host: set the host that the flake will be rebuilt on (unset for current machine)" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" @@ -62,6 +67,11 @@ user=${user:-$USER} command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" +if [[ $host ]]; +then + command="$command --build-host $host" +fi + if [[ "$target" != "$(hostname)" ]]; then command="$command --target-host $user@$target" @@ -72,6 +82,7 @@ then command="$command --show-trace" fi +echo $command $command if [ -d "result" ]; From 0d952467cc3a92f8641b9f8311f406afa6fb0718 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 7 Jan 2025 21:42:14 -0600 Subject: [PATCH 0465/1043] moved monitors to separate file --- .../nixos/twilight/configuration.nix | 204 +----------------- configurations/nixos/twilight/monitors.nix | 199 +++++++++++++++++ 2 files changed, 204 insertions(+), 199 deletions(-) create mode 100644 configurations/nixos/twilight/monitors.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 75c8dc7..18e9972 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{...}: { + imports = [ + ./monitors.nix + ]; + nixpkgs.config.allowUnfree = true; host = { @@ -19,204 +23,6 @@ }; }; - systemd.tmpfiles.rules = [ - "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' - - - - 0 - 156 - 1 - - - DP-4 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 2560 - 324 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 0 - 1 - - left - no - - - - HDMI-0 - HWP - HP w2207 - CND7332S88 - - - 1600 - 1000 - 59.999 - - - - - - - 0 - 0 - 1 - yes - - - DP-1 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 4480 - 226 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 2560 - 226 - 1 - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - - - 2560 - 228 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 69 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 0 - 0 - 1 - - - DP-3 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - - None-1 - unknown - unknown - unknown - - - - - ''}" - ]; - # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/monitors.nix b/configurations/nixos/twilight/monitors.nix new file mode 100644 index 0000000..1308f50 --- /dev/null +++ b/configurations/nixos/twilight/monitors.nix @@ -0,0 +1,199 @@ +{pkgs, ...}: { + systemd.tmpfiles.rules = [ + "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' + + + + 0 + 156 + 1 + + + DP-4 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 2560 + 324 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 0 + 1 + + left + no + + + + HDMI-0 + HWP + HP w2207 + CND7332S88 + + + 1600 + 1000 + 59.999 + + + + + + + 0 + 0 + 1 + yes + + + DP-1 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 4480 + 226 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 2560 + 226 + 1 + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + + + 2560 + 228 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 69 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 0 + 0 + 1 + + + DP-3 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + + None-1 + unknown + unknown + unknown + + + + + ''}" + ]; +} From e7a53a5df01b866d9001a21754ba32dceeb72ec8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Jan 2025 13:04:23 -0600 Subject: [PATCH 0466/1043] updated jellyfin persist folders --- modules/nixos-modules/server/jellyfin.nix | 72 ++++++++++++++--------- 1 file changed, 44 insertions(+), 28 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 6d6874a..a10470a 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -7,6 +7,7 @@ jellyfinPort = 8096; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; + jellyfin_media_directory = "/srv/jellyfin/media"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -31,34 +32,6 @@ in { ]; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { @@ -73,6 +46,49 @@ in { }; }; }; + + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + + "/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = jellyfin_media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + }; }) ] ); From f55abeb587c81f48f8692d694ad4141ade5e2e13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Jan 2025 15:06:50 -0600 Subject: [PATCH 0467/1043] added target to nextcloud proxy --- modules/nixos-modules/server/nextcloud.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index a1ad0cf..fcc612b 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -25,7 +25,11 @@ in { }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {}; + host = { + reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = { + target = "http://localhost:${toString 8009}"; + }; + }; services = { nextcloud = { @@ -35,6 +39,7 @@ in { settings.log_type = "file"; config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + adminuser = "admin"; }; }; }; From 266d0f9ec157027401f61257b2e9301325d87833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 12 Jan 2025 11:31:54 -0600 Subject: [PATCH 0468/1043] updated flake.lock --- .../home-manager/leyla/packages.nix | 2 +- flake.lock | 48 +++++++++---------- modules/nixos-modules/server/nextcloud.nix | 1 + 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 9593ba0..597fe2f 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -63,7 +63,7 @@ in { # development tools # androidStudioPackages.canary - # jetbrains.idea-community + jetbrains.idea-community dbeaver-bin bruno qFlipper diff --git a/flake.lock b/flake.lock index 9fe7962..781f077 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735468753, - "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", + "lastModified": 1736591904, + "narHash": "sha256-LFO8pSrPKrH8OPq2HaAuBG5skk8/MNJ/9YmK3KsnSks=", "owner": "nix-community", "repo": "disko", - "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", + "rev": "33827d2bd16bfe2e21b62956526c72d313595dfd", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735926627, - "narHash": "sha256-L8uuPK8ieuNJLbYsZ3nhBZ0+6btvbCqRm9wG51tbOdE=", + "lastModified": 1736568198, + "narHash": "sha256-RBTk5KavYsPZ56m9C2evS4pDkEu3+NdxY6mFNbo8DH8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a3943ec69fff6fb80227e62acca22adc016ada63", + "rev": "7f8746a7ef2d15b8fb4acc63cb0d7e3a407739bf", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1735947440, - "narHash": "sha256-jnEcfmOhWntmVEcqlvs+j532+mvmgsKtQSSfukgkn+A=", + "lastModified": 1736508663, + "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9987622b7b93c82e147f198574e8e6ffbf5e327", + "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1735685839, - "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", + "lastModified": 1736631212, + "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", + "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735868868, - "narHash": "sha256-U4Oy2o/CmBg6gexAHamH++52oAgvvEwcq9fkEmcvjyw=", + "lastModified": 1736560114, + "narHash": "sha256-+kL+Nw3eEToKDalXJqa6fjLQqgTftTWLypr4Hj7tFKw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0f7a59cee0ca77c157ab4e0c60d4a9df6bccb86", + "rev": "e26efb7bac0fcdc28b92596c5c2acaaf4713124f", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1735388221, - "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736344531, + "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1735844895, - "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=", + "lastModified": 1736515725, + "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32", + "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index fcc612b..6acd01d 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -40,6 +40,7 @@ in { config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; adminuser = "admin"; + dbtype = "sqlite"; }; }; }; From 2ecb7e29931883df11e17ba9dc3219048939f992 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Jan 2025 12:02:10 -0600 Subject: [PATCH 0469/1043] update postgres --- configurations/home-manager/leyla/impermanence.nix | 1 + modules/nixos-modules/server/postgres.nix | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 8cbc254..29936b5 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -18,6 +18,7 @@ ".bash_history" # keep shell history around ".local/share/recently-used.xbel" # gnome recently viewed files ]; + allowOther = true; }; }; } diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 450fafa..8d57d42 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - dataDir = "/var/lib/postgresql/15"; + dataDir = "/var/lib/postgresql/16"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); @@ -55,7 +55,7 @@ in { services = { postgresql = { enable = true; - package = pkgs.postgresql_15; + package = pkgs.postgresql_16; ensureUsers = [ { From cd825313dcd0cecae826e37cc4c55b6a7c146314 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Jan 2025 13:00:53 -0600 Subject: [PATCH 0470/1043] added programs.fuse.userAllowOther to impermanence module --- modules/nixos-modules/impermanence.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 66139ce..008f060 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,8 @@ } ]; + programs.fuse.userAllowOther = true; + boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank ''; From 4d0aa119b07b37b8a1b7606693b465f6966ac42d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Jan 2025 15:56:40 -0600 Subject: [PATCH 0471/1043] removed ester user --- .../darwin/hesperium/configuration.nix | 4 - configurations/home-manager/default.nix | 1 - configurations/home-manager/ester/default.nix | 78 ------------------- .../nixos/defiant/configuration.nix | 7 +- .../nixos/horizon/configuration.nix | 1 - .../nixos/horizon/hardware-configuration.nix | 6 -- .../nixos/twilight/configuration.nix | 1 - modules/darwin-modules/users.nix | 4 - modules/nixos-modules/users.nix | 28 ------- modules/system-modules/users.nix | 5 -- 10 files changed, 1 insertion(+), 134 deletions(-) delete mode 100644 configurations/home-manager/ester/default.nix diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix index 08fc59f..f8af5c8 100644 --- a/configurations/darwin/hesperium/configuration.nix +++ b/configurations/darwin/hesperium/configuration.nix @@ -6,10 +6,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester = { - isPrincipleUser = true; - isNormalUser = true; - }; eve.isNormalUser = false; }; }; diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 587d1c2..3aa4c0e 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -6,6 +6,5 @@ users = config.host.users; in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); - ester = lib.mkIf users.ester.isNormalUser (import ./ester); eve = lib.mkIf users.eve.isNormalUser (import ./eve); } diff --git a/configurations/home-manager/ester/default.nix b/configurations/home-manager/ester/default.nix deleted file mode 100644 index 181a487..0000000 --- a/configurations/home-manager/ester/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - pkgs, - lib, - osConfig, - ... -}: let - userConfig = osConfig.host.users.ester; -in { - imports = []; - - config = { - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.ester.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - keyboard.layout = "it,us"; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/ester/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - # helvetica font - aileron - - firefox - bitwarden - discord - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - }; - }; -} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f60e146..ca24db1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -44,11 +44,6 @@ user = "eve"; group = "eve"; } - { - folder = "ester"; - user = "ester"; - group = "ester"; - } { folder = "users"; user = "root"; @@ -57,7 +52,7 @@ ]; nfs = { enable = true; - directories = ["leyla" "eve" "ester"]; + directories = ["leyla" "eve"]; }; }; reverse_proxy = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0c48bb3..232456c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -16,7 +16,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isDesktopUser = true; eve.isDesktopUser = true; }; sync = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index a30decb..ca6bf4b 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -50,12 +50,6 @@ options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/ester_home" = { - device = "defiant:/exports/ester"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - "/mnt/users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 18e9972..c288149 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -12,7 +12,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isDesktopUser = true; eve.isDesktopUser = true; }; hardware = { diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix index f0b55c0..72fd1b1 100644 --- a/modules/darwin-modules/users.nix +++ b/modules/darwin-modules/users.nix @@ -11,10 +11,6 @@ in { name = lib.mkForce host.users.leyla.name; home = lib.mkForce "/home/${host.users.leyla.name}"; }; - ester = { - name = lib.mkForce host.users.ester.name; - home = lib.mkForce "/home/${host.users.ester.name}"; - }; }; }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index c3a316e..5cfa7fb 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -14,7 +14,6 @@ uids = { leyla = 1000; - ester = 1001; eve = 1002; jellyfin = 2000; forgejo = 2002; @@ -27,7 +26,6 @@ gids = { leyla = 1000; - ester = 1001; eve = 1002; users = 100; jellyfin_media = 2001; @@ -42,7 +40,6 @@ users = config.users.users; leyla = users.leyla.name; - ester = users.ester.name; eve = users.eve.name; in { config = lib.mkMerge [ @@ -77,10 +74,6 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; "passwords/eve" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -105,17 +98,6 @@ in { group = config.users.users.leyla.name; }; - ester = { - uid = lib.mkForce uids.ester; - name = lib.mkForce host.users.ester.name; - description = "Ester"; - extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = host.users.ester.isNormalUser; - isSystemUser = !host.users.ester.isNormalUser; - group = config.users.users.ester.name; - }; - eve = { uid = lib.mkForce uids.eve; name = lib.mkForce host.users.eve.name; @@ -178,13 +160,6 @@ in { ]; }; - ester = { - gid = lib.mkForce gids.ester; - members = [ - ester - ]; - }; - eve = { gid = lib.mkForce gids.eve; members = [ @@ -196,7 +171,6 @@ in { gid = lib.mkForce gids.users; members = [ leyla - ester eve ]; }; @@ -206,7 +180,6 @@ in { members = [ users.jellyfin.name leyla - ester eve ]; }; @@ -264,7 +237,6 @@ in { members = [ users.syncthing.name leyla - ester eve ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index fe88850..cd9c900 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -84,11 +84,6 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; - ester = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; eve = { isPrincipleUser = lib.mkDefault false; isDesktopUser = lib.mkDefault false; From b6605dff271f803e4f0cfc2b430e44ab6c2d25b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Jan 2025 13:59:22 -0600 Subject: [PATCH 0472/1043] fixed permissions on fail2ban database file --- modules/nixos-modules/server/fail2ban.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index e59d8a5..39a8fd2 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -3,7 +3,8 @@ config, ... }: let - dataFile = "/var/lib/fail2ban/fail2ban.sqlite3"; + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; in { options.host.fail2ban = { enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; @@ -89,7 +90,7 @@ in { (lib.mkIf config.host.impermanence.enable { assertions = [ { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == dataFile; + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; message = "fail2ban data file does not match persistence"; } ]; @@ -97,8 +98,12 @@ in { environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; - files = [ - dataFile + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } ]; }; }) From 95c84185914453d3cfaa7e5ca2cb9f70240dfdba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 29 Jan 2025 19:07:49 -0600 Subject: [PATCH 0473/1043] installed ollama --- configurations/home-manager/leyla/vscode.nix | 12 ++++++++++++ configurations/nixos/horizon/configuration.nix | 9 +++++++++ configurations/nixos/twilight/configuration.nix | 10 ++++++++++ 3 files changed, 31 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index d921604..c9d779d 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -52,6 +52,13 @@ in { "expr" = "import {}"; }; }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; + + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) ]; extensions = ( @@ -84,6 +91,11 @@ in { # misc extensions bungcip.better-toml ] + ++ ( + lib.lists.optionals osConfig.services.ollama.enable [ + rjmacarthy.twinny + ] + ) ++ (lib.lists.optionals nix-development-enabled [ # nix extensions pinage404.nix-extension-pack diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 232456c..73b0fef 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -38,6 +38,15 @@ programs.adb.enable = true; + services.ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:1.3b" + "deepseek-r1:1.5b" + ]; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index c288149..4667ee4 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -22,6 +22,16 @@ }; }; + services.ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:70b" + ]; + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; From f623a33863a1d2c59266df466287670e0c88d2f0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 29 Jan 2025 19:43:02 -0600 Subject: [PATCH 0474/1043] updated models listed for different configurations --- configurations/nixos/defiant/configuration.nix | 11 +++++++++++ configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca24db1..7363772 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -127,6 +127,17 @@ # Get rid of xTerm excludePackages = [pkgs.xterm]; }; + + ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" + "deepseek-r1:70b" + ]; + }; }; # disable computer sleeping diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4667ee4..bf42209 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -28,7 +28,7 @@ loadModels = [ "deepseek-coder:6.7b" "deepseek-r1:8b" - "deepseek-r1:70b" + "deepseek-r1:32b" ]; }; From aaaf7514357ffe90626042d41697f7cca8f95e8a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Feb 2025 19:48:53 -0600 Subject: [PATCH 0475/1043] added ollama configs --- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/ollama.nix | 27 +++++++++++++++++++++++++++ modules/nixos-modules/users.nix | 15 +++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 modules/nixos-modules/ollama.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 63b2757..371a156 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -11,6 +11,7 @@ ./sync.nix ./impermanence.nix ./disko.nix + ./ollama.nix ./server ]; diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix new file mode 100644 index 0000000..5cdc041 --- /dev/null +++ b/modules/nixos-modules/ollama.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + config = lib.mkMerge [ + { + services.ollama = { + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + })) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 5cfa7fb..15631a9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -22,6 +22,7 @@ headscale = 2005; nextcloud = 2006; syncthing = 2007; + ollama = 2008; }; gids = { @@ -36,6 +37,7 @@ headscale = 2005; nextcloud = 2006; syncthing = 2007; + ollama = 2008; }; users = config.users.users; @@ -150,6 +152,12 @@ in { isSystemUser = true; group = config.users.users.syncthing.name; }; + + ollama = { + uid = lib.mkForce uids.ollama; + isSystemUser = true; + group = config.users.users.ollama.name; + }; }; groups = { @@ -240,6 +248,13 @@ in { eve ]; }; + + ollama = { + gid = lib.mkForce gids.ollama; + members = [ + users.ollama.name + ]; + }; }; }; } From 561766c67671a2553161e6e4be2c88dd3edf2092 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Feb 2025 19:51:33 -0600 Subject: [PATCH 0476/1043] added more network card configuration --- .../nixos/defiant/hardware-configuration.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 425cbc2..f312f88 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -35,6 +35,12 @@ networking = { hostName = "defiant"; # Define your hostname. useNetworkd = true; + interfaces = { + bond0.useDHCP = lib.mkDefault true; + bonding_masters.useDHCP = lib.mkDefault true; + enol.useDHCP = lib.mkDefault true; + eno2.useDHCP = lib.mkDefault true; + }; }; systemd.network = { @@ -57,12 +63,20 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; - DHCP = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.2.1/24" + ]; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; - DHCP = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.2.2/24" + ]; }; "40-bond0" = { @@ -74,7 +88,6 @@ address = [ # configure addresses including subnet mask "192.168.1.10/24" - # TODO: ipv6 address configuration ]; }; }; From 07514ed043d473e9a7eb5400bffcf861abe48833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Feb 2025 18:23:36 -0600 Subject: [PATCH 0477/1043] added fprintd to horizon --- configurations/nixos/horizon/configuration.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 73b0fef..ee32059 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -38,13 +38,19 @@ programs.adb.enable = true; - services.ollama = { - enable = true; + services = { + # sudo fprintd-enroll + fprintd = { + enable = true; + }; + ollama = { + enable = true; - loadModels = [ - "deepseek-coder:1.3b" - "deepseek-r1:1.5b" - ]; + loadModels = [ + "deepseek-coder:1.3b" + "deepseek-r1:1.5b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From e6a738f3f6e632513e474881b140f858cc8bb927 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Feb 2025 13:32:11 -0600 Subject: [PATCH 0478/1043] added cuda acceleration to twilight --- configurations/nixos/twilight/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bf42209..985f9ce 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,6 +30,8 @@ "deepseek-r1:8b" "deepseek-r1:32b" ]; + + acceleration = "cuda"; }; # enabled virtualisation for docker From c7766de8bb6ffe62eb6003af68c232e532685301 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 19:55:02 -0600 Subject: [PATCH 0479/1043] added back lix --- flake.lock | 86 +++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++ util/default.nix | 2 ++ 3 files changed, 92 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 781f077..5707998 100644 --- a/flake.lock +++ b/flake.lock @@ -93,6 +93,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -107,6 +125,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -142,6 +175,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -165,7 +233,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -223,6 +291,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -281,6 +350,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1849afc..a4e97a8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,11 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # secret encryption sops-nix = { url = "github:Mic92/sops-nix"; diff --git a/util/default.nix b/util/default.nix index 33942a8..6f9e08a 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,6 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -76,6 +77,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From a99b35d1b18ae88b6410b2b0dd41168d77f15f5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 20:41:39 -0600 Subject: [PATCH 0480/1043] temp disabled lix --- flake.lock | 86 +----------------------------------------------- flake.nix | 9 ++--- util/default.nix | 4 +-- 3 files changed, 8 insertions(+), 91 deletions(-) diff --git a/flake.lock b/flake.lock index 5707998..781f077 100644 --- a/flake.lock +++ b/flake.lock @@ -93,24 +93,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -125,21 +107,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -175,41 +142,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -233,7 +165,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -291,7 +223,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -350,21 +281,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a4e97a8..96cc582 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,11 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # TODO: figure out why things fail to build with lix + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 6f9e08a..3c35b0e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,7 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -77,7 +77,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9895ae6899adf2eebb734ee9110a157fd0e35a81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 20:52:00 -0600 Subject: [PATCH 0481/1043] updated flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 781f077..b3babe3 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736591904, - "narHash": "sha256-LFO8pSrPKrH8OPq2HaAuBG5skk8/MNJ/9YmK3KsnSks=", + "lastModified": 1739353546, + "narHash": "sha256-YTqXhBZvCdZLMBupWlCDvRFaTEhaHa2/Xc/p1sUdSZU=", "owner": "nix-community", "repo": "disko", - "rev": "33827d2bd16bfe2e21b62956526c72d313595dfd", + "rev": "26ade1005191e0602a78b0f141970648445bafd9", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1736568198, - "narHash": "sha256-RBTk5KavYsPZ56m9C2evS4pDkEu3+NdxY6mFNbo8DH8=", + "lastModified": 1739399387, + "narHash": "sha256-7oXm3SXUZLwLG9ks5SWOZJTmogocrTXM1SVTFZ9xrno=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7f8746a7ef2d15b8fb4acc63cb0d7e3a407739bf", + "rev": "4d32808bd51c7349ce036b7a037fb56d5e7c06ae", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1736508663, - "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", + "lastModified": 1739381933, + "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", + "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734945620, - "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1736631212, - "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", + "lastModified": 1739302241, + "narHash": "sha256-NXQXFU6HOschZ+8ZKrNOlwlHelez8vPl+dCiUaJ82/U=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", + "rev": "a6746213b138fe7add88b19bafacd446de574ca7", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1736560114, - "narHash": "sha256-+kL+Nw3eEToKDalXJqa6fjLQqgTftTWLypr4Hj7tFKw=", + "lastModified": 1739411363, + "narHash": "sha256-QAXvfAXyBtMOdBAz+ivmVVk9V7/d3nSgFprH4C0XOr0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e26efb7bac0fcdc28b92596c5c2acaaf4713124f", + "rev": "142aabf9bb589535f150afff4a439f39bd04c21e", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1738816619, + "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736344531, - "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1736515725, - "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { From a3d065d674b0ba31a658812a6f56d37a66662976 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 21:34:48 -0600 Subject: [PATCH 0482/1043] renamed mounts on horizon --- .../nixos/horizon/hardware-configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ca6bf4b..48a4680 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,37 +38,37 @@ fsType = "vfat"; }; - "/mnt/leyla_home" = { + "/mnt/new_leyla_home" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/eve_home" = { + "/mnt/new_eve_home" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/new_users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_leyla_home" = { + "/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_share_home" = { + "/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_docker_home" = { + "/mnt/docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; From 4c1d84928d3b63f1f4242db2e39c2d77fc571472 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Feb 2025 15:14:44 -0600 Subject: [PATCH 0483/1043] installed ungoogled-chromium on eve user --- configurations/home-manager/eve/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0c6c0b2..97b72e3 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -63,6 +63,7 @@ in { discord makemkv signal-desktop + ungoogled-chromium ] ); }; From 9aa469779068c1fed14caea3746362959b8349ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 18:23:34 -0600 Subject: [PATCH 0484/1043] added leyla@twilight to authorizedKeys --- configurations/home-manager/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index bb65a35..20fc7eb 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -111,6 +111,7 @@ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; hostKeys = [ { From 64856bd72687748b4579ea102388fbb4d6b2e6e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:26:24 -0600 Subject: [PATCH 0485/1043] moved dconf.nix to own file --- configurations/home-manager/leyla/dconf.nix | 106 ++++++++++++++++++ configurations/home-manager/leyla/default.nix | 42 +------ 2 files changed, 107 insertions(+), 41 deletions(-) create mode 100644 configurations/home-manager/leyla/dconf.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix new file mode 100644 index 0000000..19a60c7 --- /dev/null +++ b/configurations/home-manager/leyla/dconf.nix @@ -0,0 +1,106 @@ +{ + lib, + pkgs, + ... +}: { + config = { + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + + "org/gnome/shell" = { + favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; + # app-picker-layout = + # builtins.map ( + # applications: + # lib.hm.gvariant (builtins.listToAttrs (lib.lists.imap0 (i: v: lib.attrsets.nameValuePair v (lib.hm.gvariant.mkVariant "{'position': <${i}>}")) applications)) + # ) [ + # [ + # "org.gnome.Nautilus.desktop" + # "bitwarden.desktop" + # "firefox.desktop" + # "torbrowser.desktop" + # "chromium-browser.desktop" + # "codium.desktop" + # "idea-community.desktop" + # "org.gnome.TextEditor.desktop" + # "dbeaver.desktop" + # "bruno.desktop" + # "anki.desktop" + # "obsidian.desktop" + # "signal-desktop.desktop" + # "discord.desktop" + # "gimp.desktop" + # "org.inkscape.Inkscape.desktop" + # "org.kde.krita.desktop" + # "davinci-resolve.desktop" + # "com.obsproject.Studio.desktop" + # "org.freecad.FreeCAD.desktop" + # "makemkv.desktop" + # "easytag.desktop" + # "transmission-gtk.desktop" + # ] + # [ + # "SteamVR.desktop" + # "Beat Saber.desktop" + # "Noun Town.desktop" + # "WEBFISHING.desktop" + # "Factorio.desktop" + # ] + # [ + # "org.gnome.Settings.desktop" + # "org.gnome.SystemMonitor.desktop" + # "org.gnome.Snapshot.desktop" + # "org.gnome.Usage.desktop" + # "org.gnome.DiskUtility.desktop" + # "org.gnome.Evince.desktop" + # "org.gnome.fonts.desktop" + # "noisetorch.desktop" + # "nvidia-settings.desktop" + # "OpnRGB.desktop" + # "org.freedesktop.Piper.desktop" + # "via-nativia.desktop" + # "protonvpn-app.desktop" + # "simple-scan.desktop" + # ] + # ]; + }; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 20fc7eb..f2c14e1 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,5 +1,4 @@ { - pkgs, osConfig, config, ... @@ -8,6 +7,7 @@ ./i18n.nix ./packages.nix ./impermanence.nix + ./dconf.nix ]; config = { @@ -121,45 +121,5 @@ ]; }; }; - - dconf = { - enable = true; - settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - }; - }; }; } From 2dccc10b4429892d47712e81e00e5c0139f8a631 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:28:15 -0600 Subject: [PATCH 0486/1043] removed cuda from twilight ollama --- configurations/nixos/twilight/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 985f9ce..bf42209 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,8 +30,6 @@ "deepseek-r1:8b" "deepseek-r1:32b" ]; - - acceleration = "cuda"; }; # enabled virtualisation for docker From 3dc579073d18dee1f9218e60746a466c1fb7c369 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:30:05 -0600 Subject: [PATCH 0487/1043] added reasons for every package in dev shell --- flake.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 96cc582..fd46f2f 100644 --- a/flake.nix +++ b/flake.nix @@ -125,10 +125,15 @@ devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ + # for version controlling this repo git - sops + # for formatting code in this repo alejandra + # for editing secrets in the secrets repo + sops + # for viewing configuration options defined in this repo nix-inspect + # for installing flakes from this repo onto other systems nixos-anywhere ]; From 6d776eabcb7ddb6141c471eedb3ea33c46ca12ce Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Feb 2025 19:12:36 -0600 Subject: [PATCH 0488/1043] fixed steam in twilight --- .../home-manager/leyla/packages.nix | 2 +- .../nixos/twilight/configuration.nix | 6 ++++ flake.lock | 36 +++++++++---------- 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 597fe2f..0667260 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,7 +56,7 @@ in { # proprietary platforms discord obsidian - steam + # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) anki diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bf42209..2735f20 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -32,6 +32,12 @@ ]; }; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/flake.lock b/flake.lock index b3babe3..2b76fbf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739353546, - "narHash": "sha256-YTqXhBZvCdZLMBupWlCDvRFaTEhaHa2/Xc/p1sUdSZU=", + "lastModified": 1739634831, + "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", "owner": "nix-community", "repo": "disko", - "rev": "26ade1005191e0602a78b0f141970648445bafd9", + "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1739399387, - "narHash": "sha256-7oXm3SXUZLwLG9ks5SWOZJTmogocrTXM1SVTFZ9xrno=", + "lastModified": 1739658907, + "narHash": "sha256-1FjsTgkNpgKUBRiXFbUXXSIw4W4/b11tpj2/F2+8C2A=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4d32808bd51c7349ce036b7a037fb56d5e7c06ae", + "rev": "1da2d9b1c5a10f43a0000ebe3d22ea924ee98ecb", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1739381933, - "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", + "lastModified": 1739658904, + "narHash": "sha256-2o/JuD6qD0CtPNVvdPNL3bEDFITaSfSLceajHcIzmw4=", "owner": "nix-community", "repo": "home-manager", - "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", + "rev": "45c07fcf7d28b5fb3ee189c260dee0a2e4d14317", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1739302241, - "narHash": "sha256-NXQXFU6HOschZ+8ZKrNOlwlHelez8vPl+dCiUaJ82/U=", + "lastModified": 1739548217, + "narHash": "sha256-rlv64erpr36xdmMDPgf9rhRXBYZ0BZb5nrw2ZPSk1sQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a6746213b138fe7add88b19bafacd446de574ca7", + "rev": "678b22642abde2ee77ae2218ab41d802f010e5b0", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1739411363, - "narHash": "sha256-QAXvfAXyBtMOdBAz+ivmVVk9V7/d3nSgFprH4C0XOr0=", + "lastModified": 1739584108, + "narHash": "sha256-vnZZZNPDYofQOuSQODd0uz3ToZnZIYV5snQH37tCEOA=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "142aabf9bb589535f150afff4a439f39bd04c21e", + "rev": "80eb37310c3d73b93d3b2e1005a2b742192f514e", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739446958, + "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", "type": "github" }, "original": { From 4ed1972ffa5f8e5dfba4e58db68ecd6955e12b9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Feb 2025 20:49:50 -0600 Subject: [PATCH 0489/1043] set owner of generated ssh keys --- modules/home-manager-modules/openssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index df78828..7b646b8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -77,6 +77,8 @@ ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ -f "${path}" \ -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* fi '' }"; From 00a169a1309816f77b6d77b16c6c98631377b91d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Feb 2025 19:32:01 -0600 Subject: [PATCH 0490/1043] disabled registration on forgejo --- modules/nixos-modules/server/forgejo.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index fa8ebb6..cba5313 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -43,6 +43,9 @@ in { DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; HTTP_PORT = forgejoPort; }; + service = { + DISABLE_REGISTRATION = true; + }; }; }; } From ca20590d140b4d41b82a16029d7fbd3403f4ac55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Feb 2025 18:33:35 -0600 Subject: [PATCH 0491/1043] removed unused value --- configurations/home-manager/leyla/dconf.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 19a60c7..a960d75 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,8 +1,4 @@ -{ - lib, - pkgs, - ... -}: { +{pkgs, ...}: { config = { dconf = { enable = true; From c6bdff8603e3beaf17fd87a3e3261ab68a12e0dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 20 Feb 2025 19:48:52 -0600 Subject: [PATCH 0492/1043] drafted up ssh config for forgejo --- configurations/nixos/horizon/configuration.nix | 8 ++++++++ modules/nixos-modules/server/forgejo.nix | 18 +++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index ee32059..8638145 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -53,6 +53,14 @@ }; }; + # networking.extraHosts = '' + # # 192.168.1.204 jan-leila.com + # 192.168.1.204 media.jan-leila.com + # # 192.168.1.204 drive.jan-leila.com + # 192.168.1.204 git.jan-leila.com + # # 192.168.1.204 search.jan-leila.com + # ''; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index cba5313..db1549d6 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -5,6 +5,8 @@ }: let forgejoPort = 8081; stateDir = "/var/lib/forgejo"; + db_user = "forgejo"; + sshPort = 2222; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; @@ -24,7 +26,7 @@ in { postgres = { enable = true; extraUsers = { - forgejo = { + ${db_user} = { isClient = true; }; }; @@ -42,12 +44,26 @@ in { server = { DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys + BUILTIN_SSH_SERVER_USER = "git"; }; service = { DISABLE_REGISTRATION = true; }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; }; }; + + networking.firewall.allowedTCPPorts = [ + config.services.forgejo.settings.server.SSH_LISTEN_PORT + ]; } (lib.mkIf config.host.impermanence.enable { assertions = [ From bc71cc2a63d666eda4b6774c42c9369be661caff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Feb 2025 17:00:33 -0600 Subject: [PATCH 0493/1043] updated firefox flake --- configurations/home-manager/leyla/firefox.nix | 2 +- flake.lock | 42 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index e8e0c6c..3f6a09c 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -50,7 +50,7 @@ }; }; - extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers diff --git a/flake.lock b/flake.lock index 2b76fbf..25eef18 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739634831, - "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", + "lastModified": 1739841949, + "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", "owner": "nix-community", "repo": "disko", - "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", + "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1739658907, - "narHash": "sha256-1FjsTgkNpgKUBRiXFbUXXSIw4W4/b11tpj2/F2+8C2A=", + "lastModified": 1740164177, + "narHash": "sha256-hNEgYjKKkSICKrmyLBK+Ght7KGxOryiSGiTRViUrKWw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1da2d9b1c5a10f43a0000ebe3d22ea924ee98ecb", + "rev": "16c8c7e376b09119913bbc4d8e6852b7918ca7cc", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1739658904, - "narHash": "sha256-2o/JuD6qD0CtPNVvdPNL3bEDFITaSfSLceajHcIzmw4=", + "lastModified": 1740177427, + "narHash": "sha256-1xUiN0Yvvl/r+XyyXiJHxw64FwUGBfKF+XA7Ugm8ElU=", "owner": "nix-community", "repo": "home-manager", - "rev": "45c07fcf7d28b5fb3ee189c260dee0a2e4d14317", + "rev": "9f74e14a2d9af4c6f2024cca7813b830b020f45e", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1739548217, - "narHash": "sha256-rlv64erpr36xdmMDPgf9rhRXBYZ0BZb5nrw2ZPSk1sQ=", + "lastModified": 1739933872, + "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "678b22642abde2ee77ae2218ab41d802f010e5b0", + "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1739584108, - "narHash": "sha256-vnZZZNPDYofQOuSQODd0uz3ToZnZIYV5snQH37tCEOA=", + "lastModified": 1740102704, + "narHash": "sha256-Gs3BREQKsFcfkFyes2PTq1tNAkMHq8Tq0bYME7ZhyjY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "80eb37310c3d73b93d3b2e1005a2b742192f514e", + "rev": "1262db8fa5e165ed5da3d91ec8202bfe640264ef", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738816619, - "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", + "lastModified": 1740089251, + "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", + "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1739866667, + "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", "type": "github" }, "original": { From c851a1baeb80eb2360186f49ca2e993d5997d553 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Feb 2025 17:13:50 -0600 Subject: [PATCH 0494/1043] removed home-manager.useGlobalPkgs --- configurations/home-manager/eve/default.nix | 118 +++++++++--------- .../home-manager/leyla/packages.nix | 4 + .../nixos/defiant/configuration.nix | 2 - .../nixos/horizon/configuration.nix | 2 - util/default.nix | 1 - 5 files changed, 63 insertions(+), 64 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 97b72e3..3042382 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -6,71 +6,71 @@ }: let userConfig = osConfig.host.users.eve; in { - imports = []; + nixpkgs.config = { + allowUnfree = true; + }; - config = { - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.eve.home; + home = { + username = userConfig.name; + homeDirectory = osConfig.users.users.eve.home; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ungoogled-chromium - ] - ); + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; }; - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; }; + + packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ungoogled-chromium + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; }; } diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 0667260..11c7af1 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -12,6 +12,10 @@ in { ./firefox.nix ]; + nixpkgs.config = { + allowUnfree = true; + }; + home = { packages = lib.lists.optionals userConfig.isTerminalUser ( diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7363772..155b35b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,7 +1,5 @@ # server nas {pkgs, ...}: { - nixpkgs.config.allowUnfree = true; - host = { users = { leyla = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8638145..75657d2 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -7,8 +7,6 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; - nixpkgs.config.allowUnfree = true; - host = { users = { leyla = { diff --git a/util/default.nix b/util/default.nix index 3c35b0e..02e7155 100644 --- a/util/default.nix +++ b/util/default.nix @@ -33,7 +33,6 @@ ]; home-manager-config = nixpkgs: { - home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs outputs util;}; From 489106956b7749431c35c35f3d1d230f8f1c6e5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 17:00:05 -0600 Subject: [PATCH 0495/1043] added wireguard sops config --- .sops.yaml | 4 +++ README.md | 2 +- .../nixos/horizon/hardware-configuration.nix | 5 ++++ flake.lock | 26 +++++++++---------- 4 files changed, 23 insertions(+), 14 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index e9ddb56..3f54dcc 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,3 +9,7 @@ creation_rules: key_groups: - age: - *leyla + - path_regex: secrets/wireguard-keys.yaml$ + key_groups: + - age: + - *leyla diff --git a/README.md b/README.md index 4798a5d..c59d815 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home `./install.sh --target 192.168.1.130 --flake hostname` ## Updating Secrets -`sops -c sops secrets/secrets_file_here.yaml` +`sops secrets/secrets_file_here.yaml` ## Inspecting a configuration `nix-inspect -p .` diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 48a4680..c94d150 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -89,6 +89,11 @@ networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. + + wireguard.interfaces = { + proton = { + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/flake.lock b/flake.lock index 25eef18..e563eb0 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740164177, - "narHash": "sha256-hNEgYjKKkSICKrmyLBK+Ght7KGxOryiSGiTRViUrKWw=", + "lastModified": 1740212040, + "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "16c8c7e376b09119913bbc4d8e6852b7918ca7cc", + "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740177427, - "narHash": "sha256-1xUiN0Yvvl/r+XyyXiJHxw64FwUGBfKF+XA7Ugm8ElU=", + "lastModified": 1740254115, + "narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "9f74e14a2d9af4c6f2024cca7813b830b020f45e", + "rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1740102704, - "narHash": "sha256-Gs3BREQKsFcfkFyes2PTq1tNAkMHq8Tq0bYME7ZhyjY=", + "lastModified": 1740188781, + "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1262db8fa5e165ed5da3d91ec8202bfe640264ef", + "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1730665670, - "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", + "lastModified": 1740265180, + "narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", "ref": "refs/heads/main", - "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", - "revCount": 6, + "rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", + "revCount": 7, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From 9471b1f393f50a890064800fdc70dbe770e84df9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 17:38:02 -0600 Subject: [PATCH 0496/1043] added wireguard config --- README.md | 3 ++- .../nixos/horizon/hardware-configuration.nix | 24 ++++++++++++++++++- flake.lock | 14 +++++------ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c59d815..69f4e26 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale clients +- common wireguard config +- configure wireguard on all clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index c94d150..94f902c 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -6,12 +6,19 @@ lib, pkgs, modulesPath, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + sops.secrets = { + "wireguard-keys/proton/horizon" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; + boot = { initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; @@ -90,8 +97,23 @@ useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - wireguard.interfaces = { + wg-quick.interfaces = { proton = { + # IP address of this machine in the *tunnel network* + address = ["10.2.0.1/32"]; + + listenPort = 51820; + + privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + + peers = [ + { + publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "84.17.63.8:51820"; + persistentKeepalive = 25; + } + ]; }; }; }; diff --git a/flake.lock b/flake.lock index e563eb0..73eac0e 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740254115, - "narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", + "lastModified": 1740265252, + "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=", "owner": "nix-community", "repo": "home-manager", - "rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", + "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740265180, - "narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", + "lastModified": 1740267388, + "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=", "ref": "refs/heads/main", - "rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", - "revCount": 7, + "rev": "f5af565aee98df0a78056c49c85cda640ce290fd", + "revCount": 10, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From 9bfa5c9e8d8978daebb893653b09413164720c94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 22:46:31 -0600 Subject: [PATCH 0497/1043] disabled wireguard interface on horizon --- .../nixos/horizon/hardware-configuration.nix | 42 ++++++++++++------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 94f902c..1c84e97 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -97,25 +97,35 @@ useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - wg-quick.interfaces = { - proton = { - # IP address of this machine in the *tunnel network* - address = ["10.2.0.1/32"]; + # wg-quick.interfaces = { + # proton = { + # # IP address of this machine in the *tunnel network* + # address = ["10.2.0.1/32"]; - listenPort = 51820; + # listenPort = 51820; - privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - peers = [ - { - publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "84.17.63.8:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; + # peers = [ + # { + # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "84.17.63.8:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "68.169.42.242:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; + # allowedIPs = ["0.0.0.0/0"]; + # } + # ]; + # }; + # }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From 2e0f71a6fa2da47fae321660bd86919ef052cec9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 11:10:16 -0600 Subject: [PATCH 0498/1043] installed tailscale on all machines --- README.md | 2 - .../nixos/defiant/configuration.nix | 17 ++++++- .../nixos/horizon/configuration.nix | 46 +++++++++++++++++++ .../nixos/horizon/hardware-configuration.nix | 37 --------------- .../nixos/twilight/configuration.nix | 33 +++++++++---- flake.lock | 26 +++++------ modules/nixos-modules/tailscale.nix | 34 ++++++++++++++ 7 files changed, 133 insertions(+), 62 deletions(-) create mode 100644 modules/nixos-modules/tailscale.nix diff --git a/README.md b/README.md index 69f4e26..0e8ff07 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- common wireguard config -- configure wireguard on all clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 155b35b..19b8f65 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,5 +1,16 @@ # server nas -{pkgs, ...}: { +{ + inputs, + config, + pkgs, + ... +}: { + sops.secrets = { + "wireguard-keys/tailscale-authkey/defiant" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; + host = { users = { leyla = { @@ -136,6 +147,10 @@ "deepseek-r1:70b" ]; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + }; }; # disable computer sleeping diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 75657d2..a4f4f77 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,4 +1,5 @@ { + config, inputs, pkgs, ... @@ -36,6 +37,15 @@ programs.adb.enable = true; + sops.secrets = { + "wireguard-keys/tailscale-authkey/horizon" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + # "wireguard-keys/proton/horizon" = { + # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + # }; + }; + services = { # sudo fprintd-enroll fprintd = { @@ -49,6 +59,42 @@ "deepseek-r1:1.5b" ]; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + }; + }; + + networking = { + # wg-quick.interfaces = { + # proton = { + # # IP address of this machine in the *tunnel network* + # address = ["10.2.0.1/32"]; + + # listenPort = 51820; + + # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + + # peers = [ + # { + # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "84.17.63.8:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "68.169.42.242:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; + # allowedIPs = ["0.0.0.0/0"]; + # } + # ]; + # }; + # }; }; # networking.extraHosts = '' diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 1c84e97..48a4680 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -6,19 +6,12 @@ lib, pkgs, modulesPath, - inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - sops.secrets = { - "wireguard-keys/proton/horizon" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - }; - }; - boot = { initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; @@ -96,36 +89,6 @@ networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - - # wg-quick.interfaces = { - # proton = { - # # IP address of this machine in the *tunnel network* - # address = ["10.2.0.1/32"]; - - # listenPort = 51820; - - # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - - # peers = [ - # { - # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "84.17.63.8:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "68.169.42.242:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; - # allowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; - # }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 2735f20..4f4b355 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,10 +1,19 @@ -{...}: { +{ + inputs, + config, + ... +}: { imports = [ ./monitors.nix ]; nixpkgs.config.allowUnfree = true; + sops.secrets = { + "wireguard-keys/tailscale-authkey/twilight" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; host = { users = { leyla = { @@ -22,16 +31,22 @@ }; }; - services.ollama = { - enable = true; + services = { + ollama = { + enable = true; - loadModels = [ - "deepseek-coder:6.7b" - "deepseek-r1:8b" - "deepseek-r1:32b" - ]; + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" + ]; + }; + + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + }; }; - programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play diff --git a/flake.lock b/flake.lock index 73eac0e..ffdbb04 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740265252, - "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=", + "lastModified": 1740318342, + "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16", + "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1740188781, - "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", + "lastModified": 1740275623, + "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", + "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739866667, - "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", + "lastModified": 1740126099, + "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", + "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740267388, - "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=", + "lastModified": 1740328351, + "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", "ref": "refs/heads/main", - "rev": "f5af565aee98df0a78056c49c85cda640ce290fd", - "revCount": 10, + "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", + "revCount": 11, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix new file mode 100644 index 0000000..a998f49 --- /dev/null +++ b/modules/nixos-modules/tailscale.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: let + tailscale_data_directory = "/var/lib/tailscale"; +in { + options.host.tailscale = { + enable = lib.mkEnableOption "should tailscale be enabled on this computer"; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + { + # any configs we want shared between all machines + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = tailscale_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + }; + }) + ] + ); +} From af568c7b7075b766bf18f69cc85a00c081b141e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 11:13:18 -0600 Subject: [PATCH 0499/1043] fixed deprecation warnings for vscode configs --- configurations/home-manager/leyla/vscode.nix | 149 ++++++++++--------- 1 file changed, 76 insertions(+), 73 deletions(-) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index c9d779d..c6f8586 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -28,87 +28,90 @@ in { package = pkgs.vscodium; mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - # builtins.elemAt osConfig.services.ollama.loadModels 0; - }) - ]; + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - bungcip.better-toml - ] - ++ ( - lib.lists.optionals osConfig.services.ollama.enable [ - rjmacarthy.twinny - ] - ) - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; [ # js extensions - karyfoundation.nearley + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + bungcip.better-toml ] - ) - ); + ++ ( + lib.lists.optionals osConfig.services.ollama.enable [ + rjmacarthy.twinny + ] + ) + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); + }; }; }; } From 0a00be96515f767ef66312956e096725ea3df5da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 13:56:22 -0600 Subject: [PATCH 0500/1043] added email config to disko zfs config --- README.md | 2 +- .../nixos/defiant/configuration.nix | 11 ++++ flake.lock | 8 +-- modules/nixos-modules/disko.nix | 60 +++++++++++++++++++ 4 files changed, 76 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0e8ff07..6b3441d 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - figure out steam vr things? - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing +- zfs email after scrubbing # TODO: test this - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 19b8f65..c8edcba 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,6 +9,9 @@ "wireguard-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; }; + "services/zfs_smtp_token" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; host = { @@ -23,6 +26,14 @@ storage = { enable = true; encryption = true; + notifications = { + enable = true; + host = "smtp.protonmail.ch"; + port = 587; + to = "leyla@jan-leila.com"; + user = "leyla@jan-leila.com"; + tokenFile = config.sops.secrets."services/zfs_smtp_token".path; + }; pool = { drives = [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/flake.lock b/flake.lock index ffdbb04..56057f2 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740328351, - "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", + "lastModified": 1740340309, + "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=", "ref": "refs/heads/main", - "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", - "revCount": 11, + "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6", + "revCount": 12, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index b2685af..28afab1 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, inputs, ... @@ -23,6 +24,26 @@ in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; encryption = lib.mkEnableOption "is the vdev going to be encrypted"; + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption {}; # TODO: make this a secrets file + }; pool = { vdevs = lib.mkOption { type = lib.types.listOf (lib.types.listOf lib.types.str); @@ -50,9 +71,48 @@ in { }; config = lib.mkIf config.host.storage.enable { + programs.msmtp = lib.mkIf config.host.storage.notifications.enable { + enable = true; + setSendmail = true; + defaults = { + aliases = "/etc/aliases"; + port = config.host.storage.notifications.port; + tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + accounts = { + zfs_notifications = { + host = config.host.storage.notifications.host; + passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; + user = config.host.storage.notifications.user; + from = config.host.storage.notifications.user; + }; + }; + }; + services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; + + zed = lib.mkIf config.host.storage.notifications.enable { + # this option is broken we are just going to disable it + enableMail = false; + + settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = "@ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; }; disko.devices = { From 5be14739d82f4b3c82db05744615adb591544ae1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:10:04 -0600 Subject: [PATCH 0501/1043] fixed permissions on tailscale persist --- modules/nixos-modules/tailscale.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix index a998f49..db664e8 100644 --- a/modules/nixos-modules/tailscale.nix +++ b/modules/nixos-modules/tailscale.nix @@ -22,8 +22,8 @@ in { directories = [ { directory = tailscale_data_directory; - user = "jellyfin"; - group = "jellyfin"; + user = "root"; + group = "root"; } ]; }; From b7bf91727496bdf99ceddea31f2d917ac881b3bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:50:40 -0600 Subject: [PATCH 0502/1043] imported tailscale config in default.nix --- modules/nixos-modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 371a156..fdbdc7e 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,6 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix + ./tailscale.nix ./server ]; From 21d09b469d45c6778e2437317e149729656aeab5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:52:25 -0600 Subject: [PATCH 0503/1043] updated secrets --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 56057f2..67e9794 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740318342, - "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", + "lastModified": 1740347597, + "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", + "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740340309, - "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=", + "lastModified": 1740354712, + "narHash": "sha256-1PMVP2txoD4lhW7k3fbYa7CZ+hLBJO5f91EWtegrqEg=", "ref": "refs/heads/main", - "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6", - "revCount": 12, + "rev": "db6d65e814bc0c99f6e9b95308184b004038243e", + "revCount": 13, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From ff3ef808434f4f9d1206d39575e47f1a7e530ac4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 18:04:56 -0600 Subject: [PATCH 0504/1043] added task to new features --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6b3441d..20abdf2 100644 --- a/README.md +++ b/README.md @@ -64,3 +64,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs encryption FIDO2 2fa - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote +- SMART test with email results \ No newline at end of file From d4f3820e25fa06e9e09f909fce622fa67d0846ed Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 18:56:10 -0600 Subject: [PATCH 0505/1043] added note to task for readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 20abdf2..6914691 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init -- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - https://nixos-and-flakes.thiscute.world/ # Tasks: @@ -61,7 +60,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich -- zfs encryption FIDO2 2fa +- zfs encryption FIDO2 2fa (look into shavee) - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results \ No newline at end of file From 70fb2d9be2ef24448d1a7dbae88c385d782ee5f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:06:38 -0600 Subject: [PATCH 0506/1043] set use routing features for tailscale --- configurations/nixos/defiant/configuration.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c8edcba..18ef99e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -161,6 +161,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + useRoutingFeatures = "server"; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index a4f4f77..1dc88b7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -62,6 +62,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + useRoutingFeatures = "client"; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4f4b355..00facbe 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -45,6 +45,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + useRoutingFeatures = "both"; }; }; programs.steam = { From 79c130dc4bd542d3d346fad0ba087a643586bdb3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:10:01 -0600 Subject: [PATCH 0507/1043] disabled ollama on defiant --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 18ef99e..1ba8127 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -149,7 +149,7 @@ }; ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:6.7b" From 500cbc213c9916b72d1154b29d86b2b8740cbdea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:23:12 -0600 Subject: [PATCH 0508/1043] added advertise-exit-node flags to tailscale --- configurations/nixos/defiant/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1ba8127..e8674a2 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -162,6 +162,7 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; + extraUpFlags = ["--advertise-exit-node"]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 00facbe..488c748 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -46,6 +46,7 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; + extraUpFlags = ["--advertise-exit-node"]; }; }; programs.steam = { From ab94cb1dae10631b87f37d603aaa5d00fe9b1c11 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:27:29 -0600 Subject: [PATCH 0509/1043] added advertise-routes to defiant tailscale config --- configurations/nixos/defiant/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e8674a2..189ee9e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -162,7 +162,10 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; - extraUpFlags = ["--advertise-exit-node"]; + extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.1.0/24" + ]; }; }; From 6d6e34e06a6a103ad06cb15afc4d45f0e120d335 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:38:42 -0600 Subject: [PATCH 0510/1043] added extra set flags to configs --- configurations/nixos/defiant/configuration.nix | 4 ++++ configurations/nixos/twilight/configuration.nix | 3 +++ 2 files changed, 7 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 189ee9e..80308ed 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -166,6 +166,10 @@ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" ]; + extraSetFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.1.0/24" + ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 488c748..27b47ac 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -47,6 +47,9 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; extraUpFlags = ["--advertise-exit-node"]; + extraSetFlags = [ + "--advertise-exit-node" + ]; }; }; programs.steam = { From c9bc06f594901a28df37ed00ad3e5f9aeda55813 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:49:54 -0600 Subject: [PATCH 0511/1043] added syncthing to other computers --- .../nixos/defiant/configuration.nix | 10 ++ .../nixos/twilight/configuration.nix | 10 ++ modules/nixos-modules/sync.nix | 131 +++++++++++------- 3 files changed, 101 insertions(+), 50 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 80308ed..f300185 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -118,6 +118,16 @@ enable = true; subdomain = "drive"; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 27b47ac..46dfd8a 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -29,6 +29,16 @@ openRGB.enable = true; graphicsAcceleration.enable = true; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; services = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 00036f4..ac399f2 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -35,56 +35,87 @@ in { }; }; - config = { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "d ${mountDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - services.syncthing = { - enable = config.host.sync.enable; - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = "/etc/syncthing"; - overrideDevices = true; - overrideFolders = true; - settings = { - devices = { - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - }; - }; - folders = lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "/mnt/sync/leyla/documents"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "/mnt/sync/leyla/calendar"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "/mnt/sync/leyla/notes"; - devices = ["ceder" "coven"]; - }; - }) + config = lib.mkMerge [ + { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "d ${mountDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" ]; }; - }; - }; + } + (lib.mkIf config.host.sync.enable (lib.mkMerge [ + { + services.syncthing = { + enable = true; + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = "/etc/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + }; + coven = { + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + }; + defiant = lib.mkIf (config.networking.hostName != "defiant") { + id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; + }; + twilight = lib.mkIf (config.networking.hostName != "twilight") { + id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + }; + horizon = lib.mkIf (config.networking.hostName != "horizon") { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + }; + }; + folders = lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "${mountDir}/leyla/documents"; + devices = ["ceder" "coven"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "${mountDir}/leyla/calendar"; + devices = ["ceder" "coven"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "${mountDir}/leyla/notes"; + devices = ["ceder" "coven"]; + }; + }) + ]; + }; + }; + } + + (lib.mkIf config.host.impermanence.enable { + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mountDir; + user = "syncthing"; + group = "syncthing"; + } + ]; + }; + }; + }) + ])) + ]; } From 87beef314926028f5ae1a37a3aabe0746914db29 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:52:34 -0600 Subject: [PATCH 0512/1043] added notes to pihole for tailscale --- modules/nixos-modules/server/pihole.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index 6ec7628..e877864 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -56,6 +56,13 @@ in { }; }; + # TODO: we need to have a tailscale container here and use that to define the network_mode of pihole container + # TS_ACCEPT_DNS = "false"; + # TS_AUTHKEY = ${something from a secrets file???} + # TS_HOSTNAME = "pihole"; + # TS_USERSPACE = "false"; + # TODO: volumes for tailnet container with impermanence config + # https://tailscale.com/kb/1282/docker virtualisation = { oci-containers = { containers = { From d2b43225ee7e6b4319d6a821bc35071faeed609a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 13:01:34 -0600 Subject: [PATCH 0513/1043] set devices on folders --- modules/nixos-modules/sync.nix | 57 ++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index ac399f2..0df2a78 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -73,30 +73,39 @@ in { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; }; }; - folders = lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "${mountDir}/leyla/documents"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "${mountDir}/leyla/calendar"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "${mountDir}/leyla/notes"; - devices = ["ceder" "coven"]; - }; - }) - ]; + folders = let + allDevices = [ + "ceder" + "coven" + (lib.mkIf (config.networking.hostName != "defiant") "defiant") + (lib.mkIf (config.networking.hostName != "twilight") "twilight") + (lib.mkIf (config.networking.hostName != "horizon") "horizon") + ]; + in + lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "${mountDir}/leyla/documents"; + devices = allDevices; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "${mountDir}/leyla/calendar"; + devices = allDevices; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "${mountDir}/leyla/notes"; + devices = allDevices; + }; + }) + ]; }; }; } From 98b475e4c888273228ec81f7285fccd1b1135fad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:10:57 -0600 Subject: [PATCH 0514/1043] updated permission on syncing mnt dir --- modules/nixos-modules/sync.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 0df2a78..402d580 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -39,8 +39,8 @@ in { { systemd = lib.mkIf config.services.syncthing.enable { tmpfiles.rules = [ - "d ${mountDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${mountDir} 2755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" ]; }; From 50d1e8d5ea53df6d4ddc6f40f22b13925c1cc1a4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:35:35 -0600 Subject: [PATCH 0515/1043] added share folder config --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/sync.nix | 42 +++++++++++++++---- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f300185..788a46b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,6 +121,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; calendar.enable = true; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 402d580..b067bfb 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -8,6 +8,9 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; folders = { + share = { + enable = lib.mkEnableOption "should the share folder by synced"; + }; leyla = { documents = { enable = lib.mkEnableOption "should the documents folder be synced"; @@ -72,14 +75,24 @@ in { horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; }; + shale = { + id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + }; }; folders = let - allDevices = [ - "ceder" - "coven" - (lib.mkIf (config.networking.hostName != "defiant") "defiant") - (lib.mkIf (config.networking.hostName != "twilight") "twilight") - (lib.mkIf (config.networking.hostName != "horizon") "horizon") + ceder = "ceder"; + coven = "coven"; + shale = "shale"; + defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; + twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; + horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; + leylaDevices = [ + ceder + coven + shale + defiant + twilight + horizon ]; in lib.mkMerge [ @@ -88,21 +101,32 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "${mountDir}/leyla/documents"; - devices = allDevices; + devices = leylaDevices; }; }) (lib.mkIf config.host.sync.folders.leyla.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; path = "${mountDir}/leyla/calendar"; - devices = allDevices; + devices = leylaDevices; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = allDevices; + devices = leylaDevices; + }; + }) + (lib.mkIf config.host.sync.folders.share.enable { + "share" = { + id = "73ot0-cxmkx"; + path = "${mountDir}/default/share"; + devices = [ + ceder + shale + defiant + ]; }; }) ]; From d04c5183ca860a739f56a79401c9af15bcdd6988 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:40:52 -0600 Subject: [PATCH 0516/1043] removed shale from leylas devices --- modules/nixos-modules/sync.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index b067bfb..07d7bb3 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -87,13 +87,17 @@ in { twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; leylaDevices = [ + defiant ceder coven - shale - defiant twilight horizon ]; + superNoteTablets = [ + defiant + ceder + shale + ]; in lib.mkMerge [ config.host.sync.folders.extraFolders From a7888cb1642d9540f7789603ec261459836b03c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:43:09 -0600 Subject: [PATCH 0517/1043] removed horizon and twilight from notes and calendar share --- modules/nixos-modules/sync.nix | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 07d7bb3..72795aa 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -86,6 +86,14 @@ in { defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; + allDevices = [ + defiant + ceder + coven + twilight + horizon + shale + ]; leylaDevices = [ defiant ceder @@ -112,25 +120,21 @@ in { "calendar" = { id = "8oatl-1rv6w"; path = "${mountDir}/leyla/calendar"; - devices = leylaDevices; + devices = superNoteTablets; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = leylaDevices; + devices = superNoteTablets; }; }) (lib.mkIf config.host.sync.folders.share.enable { "share" = { id = "73ot0-cxmkx"; path = "${mountDir}/default/share"; - devices = [ - ceder - shale - defiant - ]; + devices = allDevices; }; }) ]; From a7c734871b15b2baccc7503cfa07ed5ebf4fc154 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:48:06 -0600 Subject: [PATCH 0518/1043] fixed shares between devices --- .../nixos/defiant/configuration.nix | 6 +- .../nixos/horizon/configuration.nix | 2 - .../nixos/twilight/configuration.nix | 2 - modules/nixos-modules/sync.nix | 58 +++++++++---------- 4 files changed, 33 insertions(+), 35 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 788a46b..6394e77 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,10 +121,12 @@ sync = { enable = true; folders = { - share.enable = true; + share = { + enable = true; + calendar.enable = true; + }; leyla = { documents.enable = true; - calendar.enable = true; notes.enable = true; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 1dc88b7..822d80a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -22,8 +22,6 @@ folders = { leyla = { documents.enable = true; - calendar.enable = true; - notes.enable = true; }; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 46dfd8a..0a75713 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -34,8 +34,6 @@ folders = { leyla = { documents.enable = true; - calendar.enable = true; - notes.enable = true; }; }; }; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 72795aa..94961e7 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -10,14 +10,14 @@ in { folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; + calendar = { + enable = lib.mkEnableOption "should the calendar folder be synced"; + }; }; leyla = { documents = { enable = lib.mkEnableOption "should the documents folder be synced"; }; - calendar = { - enable = lib.mkEnableOption "should the calendar folder be synced"; - }; notes = { enable = lib.mkEnableOption "should the notes folder by synced"; }; @@ -86,26 +86,6 @@ in { defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; - allDevices = [ - defiant - ceder - coven - twilight - horizon - shale - ]; - leylaDevices = [ - defiant - ceder - coven - twilight - horizon - ]; - superNoteTablets = [ - defiant - ceder - shale - ]; in lib.mkMerge [ config.host.sync.folders.extraFolders @@ -113,28 +93,48 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "${mountDir}/leyla/documents"; - devices = leylaDevices; + devices = [ + defiant + ceder + coven + twilight + horizon + ]; }; }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + (lib.mkIf config.host.sync.folders.share.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; - path = "${mountDir}/leyla/calendar"; - devices = superNoteTablets; + path = "${mountDir}/share/calendar"; + devices = [ + defiant + ceder + shale + ]; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = superNoteTablets; + devices = [ + defiant + ceder + ]; }; }) (lib.mkIf config.host.sync.folders.share.enable { "share" = { id = "73ot0-cxmkx"; path = "${mountDir}/default/share"; - devices = allDevices; + devices = [ + defiant + ceder + coven + twilight + horizon + shale + ]; }; }) ]; From e2bd3d9af690c8e2807ea6fe4969f8a5ecc81af3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:57:28 -0600 Subject: [PATCH 0519/1043] moved cal dir --- configurations/nixos/horizon/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + modules/nixos-modules/sync.nix | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 822d80a..8a26487 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -20,6 +20,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0a75713..555eb05 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -32,6 +32,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; }; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 94961e7..48fd2c3 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -105,7 +105,7 @@ in { (lib.mkIf config.host.sync.folders.share.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; - path = "${mountDir}/share/calendar"; + path = "${mountDir}/default/calendar"; devices = [ defiant ceder From ac580d8e51f9c1a19fe1754c3ecd90b12d1ec4ae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 19:19:59 -0600 Subject: [PATCH 0520/1043] added task to tech debt --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6914691..197c292 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing password +- syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations +- syncthing folder passwords ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 53301d0e45e4e6d97cdf40ded57c0ebdc2f1e783 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 22:56:32 -0600 Subject: [PATCH 0521/1043] fixed pihole config --- .../nixos/defiant/configuration.nix | 18 ++-- modules/nixos-modules/server/pihole.nix | 88 ++++++++++++++----- modules/nixos-modules/server/podman.nix | 27 +++--- 3 files changed, 91 insertions(+), 42 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6394e77..9d61f65 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -87,13 +87,13 @@ }; }; }; - podman = { - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - }; + # podman = { + # macvlan = { + # subnet = "192.168.1.0/24"; + # gateway = "192.168.1.1"; + # networkInterface = "bond0"; + # }; + # }; jellyfin = { enable = true; subdomain = "media"; @@ -112,7 +112,7 @@ }; pihole = { enable = true; - ip = "192.168.1.201"; + # ip = "192.168.1.201"; }; nextcloud = { enable = true; @@ -178,10 +178,12 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" + "--accept-dns=false" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" + "--accept-dns=false" ]; }; }; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index e877864..aee6105 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -5,6 +5,7 @@ ... }: let dnsPort = 53; + webPort = 8090; in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -14,9 +15,27 @@ in { }; image = lib.mkOption { type = lib.types.str; - default = "pihole/pihole:2024.07.0"; + default = "pihole/pihole:latest"; description = "container image to use for pi-hole"; }; + # piholeStateDirectory = { + # type = lib.types.str; + # default = "${config.host.pihole.directory}/pihole"; + # }; + # tailscaleStateDirectory = { + # type = lib.types.str; + # default = "${config.host.pihole.directory}/tailscale"; + # }; + # piholeImage = lib.mkOption { + # type = lib.types.str; + # default = "pihole/pihole:2024.07.0"; + # description = "container image to use for pi-hole"; + # }; + # tailscaleImage = lib.mkOption { + # type = lib.types.str; + # default = "tailscale/tailscale:latest"; + # description = "container image to use for pi-holes tail scale"; + # }; ip = lib.mkOption { type = lib.types.str; description = "ip address to use for pi-hole"; @@ -25,14 +44,24 @@ in { config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ { host.podman.enable = true; - sops.secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; + sops = { + secrets = { + "services/pi-hole" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + # "wireguard-keys/tailscale-authkey/pihole" = { + # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + # }; }; + templates."pihole.env".content = '' + FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"} + ''; }; systemd = { tmpfiles.rules = [ "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system + # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -" + # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -" ]; services = { @@ -40,12 +69,12 @@ in { serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - after = [ - "podman-network-macvlan.service" - ]; - requires = [ - "podman-network-macvlan.service" - ]; + # after = [ + # "podman-network-macvlan.service" + # ]; + # requires = [ + # "podman-network-macvlan.service" + # ]; partOf = [ "podman-compose-root.target" ]; @@ -56,13 +85,8 @@ in { }; }; - # TODO: we need to have a tailscale container here and use that to define the network_mode of pihole container - # TS_ACCEPT_DNS = "false"; - # TS_AUTHKEY = ${something from a secrets file???} - # TS_HOSTNAME = "pihole"; - # TS_USERSPACE = "false"; - # TODO: volumes for tailnet container with impermanence config - # https://tailscale.com/kb/1282/docker + services.resolved.enable = false; + virtualisation = { oci-containers = { containers = { @@ -76,16 +100,40 @@ in { ]; environment = { TZ = "America/Chicago"; - WEBPASSWORD_FILE = passwordFileLocation; + FTLCONF_webserver_port = toString webPort; PIHOLE_UID = toString config.users.users.pihole.uid; PIHOLE_GID = toString config.users.groups.pihole.gid; }; + environmentFiles = [ + config.sops.templates."pihole.env".path + ]; log-driver = "journald"; extraOptions = [ - "--ip=${config.host.pihole.ip}" - "--network=macvlan" + "--network=host" + # "--network=container:${tailscale container id}" ]; }; + # ts-pihole = { + # image = config.host.pihole.tailscaleImage; + # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale"; + # environment = { + # TS_ACCEPT_DNS = "false"; + # TS_HOSTNAME = "pihole"; + # TS_STATE_DIR = "/var/lib/tailscale"; + # TS_USERSPACE = "false"; + # TS_EXTRA_ARGS = "--advertise-tags=tag:container"; + # }; + # environmentFiles = [ + # config.sops.templates."tailscale-pihole.env".path + # ]; + # devices = [ + # "/dev/net/tun:/dev/net/tun" + # ]; + # extraOptions = [ + # "--ip=${config.host.pihole.ip}" + # "--network=macvlan" + # ]; + # }; }; }; }; diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index 0f48ac9..b75c56f 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -1,6 +1,5 @@ { lib, - pkgs, config, ... }: { @@ -26,19 +25,19 @@ config = lib.mkIf config.host.podman.enable { systemd = { services = { - "podman-network-macvlan" = { - path = [pkgs.podman]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f macvlan"; - }; - script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - ''; - partOf = ["podman-compose-root.target"]; - wantedBy = ["podman-compose-root.target"]; - }; + # "podman-network-macvlan" = { + # path = [pkgs.podman]; + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + # ExecStop = "podman network rm -f macvlan"; + # }; + # script = '' + # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan + # ''; + # partOf = ["podman-compose-root.target"]; + # wantedBy = ["podman-compose-root.target"]; + # }; }; # disable computer sleeping targets = { From 8d02ff00fefb9f6740eb0d19a102203543f86802 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:34:40 -0600 Subject: [PATCH 0522/1043] added tor to tasks --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 197c292..7d9aaf2 100644 --- a/README.md +++ b/README.md @@ -64,4 +64,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs encryption FIDO2 2fa (look into shavee) - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results \ No newline at end of file +- SMART test with email results +- Create Tor guard/relay server From 2b9737b8f2f99a213ebe5654e4cd3c49d9486c87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:39:58 -0600 Subject: [PATCH 0523/1043] added tailscale network to nfs server exports --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 5881310..92b6591 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -39,7 +39,7 @@ enable = true; exports = lib.strings.concatLines ( builtins.map ( - directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)" ) ( builtins.filter ( From f8966f062f6cf4f201c23f8ffbba681f0a14ce87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:42:53 -0600 Subject: [PATCH 0524/1043] made nfs only open firewall on tailscale interface --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 92b6591..e793b16 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -49,7 +49,7 @@ ) ); }; - networking.firewall.allowedTCPPorts = [ + networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ config.host.network_storage.nfs.port ]; } From 14f170cdc9ee5d134e6c6efde54e6a3b9dbb7f6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:54:53 -0600 Subject: [PATCH 0525/1043] added type to tokenFile --- modules/nixos-modules/disko.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 28afab1..13ddb8f 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -42,7 +42,10 @@ in { type = lib.types.str; description = "what user is the email going to be set from"; }; - tokenFile = lib.mkOption {}; # TODO: make this a secrets file + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; }; pool = { vdevs = lib.mkOption { From b2c0efd30540848a08b77fe78079a7031ce7d07a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:28:48 -0600 Subject: [PATCH 0526/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7d9aaf2..8ed797d 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords +- move fail2ban configs out of fail2ban.nix and into configs for their respective services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 88fa10a3f45961a43e503dc34616f9457a1139f9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:36:17 -0600 Subject: [PATCH 0527/1043] added auto accept to syncthing config --- .../nixos/defiant/configuration.nix | 7 ++++++ .../nixos/horizon/configuration.nix | 5 +++++ .../nixos/twilight/configuration.nix | 5 +++++ modules/nixos-modules/sync.nix | 22 +++++++++++++++++++ 4 files changed, 39 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9d61f65..7e46330 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -120,6 +120,13 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + twilight.autoAcceptFolders = true; + horizon.autoAcceptFolders = true; + shale.autoAcceptFolders = true; + }; folders = { share = { enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8a26487..05c1b50 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,6 +19,11 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + twilight.autoAcceptFolders = true; + }; folders = { share.enable = true; leyla = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 555eb05..7f5d01b 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -31,6 +31,11 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + horizon.autoAcceptFolders = true; + }; folders = { share.enable = true; leyla = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 48fd2c3..f4bfbfc 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -7,6 +7,23 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; + devices = { + ceder = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from ceder"; + }; + coven = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from coven"; + }; + twilight = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from twilight"; + }; + horizon = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from horizon"; + }; + shale = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from shale"; + }; + }; folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; @@ -62,21 +79,26 @@ in { devices = { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + autoAcceptFolders = config.host.sync.devices.ceder.autoAcceptFolders; }; coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + autoAcceptFolders = config.host.sync.devices.twilight.autoAcceptFolders; }; horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + autoAcceptFolders = config.host.sync.devices.horizon.autoAcceptFolders; }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + autoAcceptFolders = config.host.sync.devices.shale.autoAcceptFolders; }; }; folders = let From 24d6e9653b104336708dad937ac193a00e9c8cab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:41:16 -0600 Subject: [PATCH 0528/1043] added task to techdebt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8ed797d..eab1983 100644 --- a/README.md +++ b/README.md @@ -67,3 +67,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results - Create Tor guard/relay server +- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html From b5110878b192a17e013e3badcb30bd21709041b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:50:30 -0600 Subject: [PATCH 0529/1043] added more config to searx --- modules/nixos-modules/server/searx.nix | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index 5af4c57..b18eb14 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -28,11 +28,46 @@ searx = { enable = true; environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + settings = { server = { port = 8083; secret_key = "@SEARXNG_SECRET@"; }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; }; }; }; From 59743790b02a9f7de4def7af4c8c403af6769a28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Feb 2025 19:07:50 -0600 Subject: [PATCH 0530/1043] installed go vscode extensions --- configurations/home-manager/leyla/vscode.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index c6f8586..2aa4059 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -86,6 +86,9 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # go extensions + golang.go + # astro blog extensions astro-build.astro-vscode unifiedjs.vscode-mdx From 1347363fb0750314f361b742cf9917f5377fe7d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 14:50:21 -0600 Subject: [PATCH 0531/1043] added back minimize and maximize buttons to gnome --- configurations/home-manager/leyla/dconf.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index a960d75..7177da6 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,6 +5,8 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + "org/gnome/desktop/wm/preferences".button-layout = "close,maximize,minimize:"; + "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions enabled-extensions = [ From 57806433dc976aaf8049d4ba9ae393b9b87fbf5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 15:03:09 -0600 Subject: [PATCH 0532/1043] switched order of gnome window buttons --- configurations/home-manager/leyla/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 7177da6..ea1cd5f 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,7 +5,7 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/preferences".button-layout = "close,maximize,minimize:"; + "org/gnome/desktop/wm/preferences".button-layout = ":close,minimize,maximize"; "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions From eb13447136532c5f6389ea35beb61ba740c6851c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 15:23:45 -0600 Subject: [PATCH 0533/1043] switched order of gnome window buttons --- configurations/home-manager/leyla/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index ea1cd5f..5818641 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,7 +5,7 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/preferences".button-layout = ":close,minimize,maximize"; + "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions From 2a811955633613cc25ec40cc77654549e17c33fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 2 Mar 2025 15:25:48 -0600 Subject: [PATCH 0534/1043] added syncthing configDir to persistence --- modules/nixos-modules/sync.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index f4bfbfc..a5e81ec 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -4,6 +4,7 @@ ... }: let mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; @@ -72,7 +73,7 @@ in { user = "syncthing"; group = "syncthing"; dataDir = "${mountDir}/default"; - configDir = "/etc/syncthing"; + configDir = configDir; overrideDevices = true; overrideFolders = true; settings = { @@ -165,6 +166,12 @@ in { } (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ]; environment.persistence = { "/persist/system/root" = { enable = true; @@ -175,6 +182,11 @@ in { user = "syncthing"; group = "syncthing"; } + { + directory = configDir; + user = "syncthing"; + group = "syncthing"; + } ]; }; }; From c2d7f1f481f36aaaefa387d539b0c105f7e8c049 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 2 Mar 2025 15:40:28 -0600 Subject: [PATCH 0535/1043] updated syncthing defiant id --- modules/nixos-modules/sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index a5e81ec..50c4ae3 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -87,7 +87,7 @@ in { autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { - id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; + id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; From 34bc5b19336a086e0c26c5acb633be1fb2ea12e1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Mar 2025 21:30:45 -0600 Subject: [PATCH 0536/1043] added tailnet devices to fail2ban whitelist --- modules/nixos-modules/server/fail2ban.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 39a8fd2..2f6dc58 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -20,6 +20,10 @@ in { "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" ]; bantime = "24h"; # Ban IPs for one day on the first ban bantime-increment = { From 59bf355353f86a9cfcea1de92d523e8bb1a52458 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Mar 2025 21:39:12 -0600 Subject: [PATCH 0537/1043] added extra jellyfin domain --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/jellyfin.nix | 21 ++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7e46330..a524e96 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -97,6 +97,7 @@ jellyfin = { enable = true; subdomain = "media"; + extraSubdomains = ["jellyfin"]; }; forgejo = { enable = true; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a10470a..78afbc7 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -16,15 +16,30 @@ in { description = "subdomain of base domain that jellyfin will be hosted at"; default = "jellyfin"; }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; }; config = lib.mkIf config.host.jellyfin.enable ( lib.mkMerge [ { services.jellyfin.enable = true; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - }; + host.reverse_proxy.subdomains = lib.mkMerge ([ + { + ${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + } + ] + ++ (builtins.map (subdomain: { + ${subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + }) + config.host.jellyfin.extraSubdomains)); environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web From b2fbcc0e63ad474abb78332f4ba14a691e2dc48b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 10:23:09 -0600 Subject: [PATCH 0538/1043] installed lix --- flake.lock | 86 +++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 9 +++-- util/default.nix | 4 +-- 3 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 67e9794..1b96238 100644 --- a/flake.lock +++ b/flake.lock @@ -93,6 +93,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -107,6 +125,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -142,6 +175,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -165,7 +233,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -223,6 +291,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -281,6 +350,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fd46f2f..f36ee44 100644 --- a/flake.nix +++ b/flake.nix @@ -5,11 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # TODO: figure out why things fail to build with lix - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 02e7155..cdc0caa 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,7 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -76,7 +76,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9b5dfa16e29d52efe627de82e074591c1285527e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 11:50:18 -0600 Subject: [PATCH 0539/1043] updated flake lock --- .../nixos/defiant/configuration.nix | 7 --- .../nixos/horizon/configuration.nix | 5 -- .../nixos/twilight/configuration.nix | 5 -- flake.lock | 50 +++++++++---------- modules/nixos-modules/sync.nix | 22 -------- nix-config-secrets | 1 + 6 files changed, 26 insertions(+), 64 deletions(-) create mode 160000 nix-config-secrets diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a524e96..de267d3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,13 +121,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - twilight.autoAcceptFolders = true; - horizon.autoAcceptFolders = true; - shale.autoAcceptFolders = true; - }; folders = { share = { enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 05c1b50..8a26487 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,11 +19,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - twilight.autoAcceptFolders = true; - }; folders = { share.enable = true; leyla = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 7f5d01b..555eb05 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -31,11 +31,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - horizon.autoAcceptFolders = true; - }; folders = { share.enable = true; leyla = { diff --git a/flake.lock b/flake.lock index 1b96238..ce9b77d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739841949, - "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", "owner": "nix-community", "repo": "disko", - "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740212040, - "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", + "lastModified": 1741233805, + "narHash": "sha256-aNmlbxeKPUfuOynHvIMBPrNgEs1ldHDIz1wbkitKDSs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", + "rev": "a1cc22e90f45f6075a991348e896f1595c4efce9", "type": "gitlab" }, "original": { @@ -112,11 +112,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1740347597, - "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", + "lastModified": 1741217763, + "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", "owner": "nix-community", "repo": "home-manager", - "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", + "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", "type": "github" }, "original": { @@ -203,7 +203,7 @@ "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz?rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba" }, "original": { "type": "tarball", @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1739933872, - "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=", + "lastModified": 1741229100, + "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53", + "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740089251, - "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", + "lastModified": 1740646007, + "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", + "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740126099, - "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", + "lastModified": 1741173522, + "narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", + "rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049", "type": "github" }, "original": { @@ -323,11 +323,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1741043164, + "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", "type": "github" }, "original": { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 50c4ae3..516e141 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -8,23 +8,6 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; - devices = { - ceder = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from ceder"; - }; - coven = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from coven"; - }; - twilight = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from twilight"; - }; - horizon = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from horizon"; - }; - shale = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from shale"; - }; - }; folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; @@ -80,26 +63,21 @@ in { devices = { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - autoAcceptFolders = config.host.sync.devices.ceder.autoAcceptFolders; }; coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - autoAcceptFolders = config.host.sync.devices.twilight.autoAcceptFolders; }; horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - autoAcceptFolders = config.host.sync.devices.horizon.autoAcceptFolders; }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - autoAcceptFolders = config.host.sync.devices.shale.autoAcceptFolders; }; }; folders = let diff --git a/nix-config-secrets b/nix-config-secrets new file mode 160000 index 0000000..db6d65e --- /dev/null +++ b/nix-config-secrets @@ -0,0 +1 @@ +Subproject commit db6d65e814bc0c99f6e9b95308184b004038243e From c6c17935dc3228a73ed49ee25ee8a4581a0c79a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 11:59:11 -0600 Subject: [PATCH 0540/1043] updated next cloud package --- modules/nixos-modules/server/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index 6acd01d..ada61dd 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -34,7 +34,7 @@ in { services = { nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; settings.log_type = "file"; config = { From 4dc7fa293c961aff99ff28ed4a0f9ad58884d9ce Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 12:04:31 -0600 Subject: [PATCH 0541/1043] disabled ollama --- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8a26487..c97a892 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -51,7 +51,7 @@ enable = true; }; ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:1.3b" diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 555eb05..5238b84 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -42,7 +42,7 @@ services = { ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:6.7b" From c4a7c711fbb731e6c71852f0f08cad50fab5c7cb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 13:09:38 -0600 Subject: [PATCH 0542/1043] updated network config for defiant --- .../nixos/defiant/configuration.nix | 8 ----- .../nixos/defiant/hardware-configuration.nix | 33 +++++-------------- 2 files changed, 9 insertions(+), 32 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index de267d3..bfd5a50 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -87,13 +87,6 @@ }; }; }; - # podman = { - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # }; jellyfin = { enable = true; subdomain = "media"; @@ -113,7 +106,6 @@ }; pihole = { enable = true; - # ip = "192.168.1.201"; }; nextcloud = { enable = true; diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index f312f88..da19108 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -35,12 +35,6 @@ networking = { hostName = "defiant"; # Define your hostname. useNetworkd = true; - interfaces = { - bond0.useDHCP = lib.mkDefault true; - bonding_masters.useDHCP = lib.mkDefault true; - enol.useDHCP = lib.mkDefault true; - eno2.useDHCP = lib.mkDefault true; - }; }; systemd.network = { @@ -60,33 +54,24 @@ }; networks = { - "30-enp4s0" = { - matchConfig.Name = "enp4s0"; + "30-eno1" = { + matchConfig.Name = "eno1"; networkConfig.Bond = "bond0"; - - address = [ - # configure addresses including subnet mask - "192.168.2.1/24" - ]; }; - "30-enp5s0" = { - matchConfig.Name = "enp5s0"; + "30-eno2" = { + matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; - - address = [ - # configure addresses including subnet mask - "192.168.2.2/24" - ]; }; "40-bond0" = { matchConfig.Name = "bond0"; - linkConfig.RequiredForOnline = "carrier"; - networkConfig.LinkLocalAddressing = "no"; - DHCP = "ipv4"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; address = [ - # configure addresses including subnet mask "192.168.1.10/24" ]; }; From 591566cc2a499998db353718c34b03e7fcc47d70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 14:23:12 -0600 Subject: [PATCH 0543/1043] removed pihole started drafting out adguardhome --- .../nixos/defiant/configuration.nix | 4 +- .../nixos/defiant/hardware-configuration.nix | 3 + modules/nixos-modules/impermanence.nix | 13 -- modules/nixos-modules/server/adguardhome.nix | 72 ++++++++ modules/nixos-modules/server/default.nix | 2 +- modules/nixos-modules/server/pihole.nix | 158 ------------------ modules/nixos-modules/server/podman.nix | 8 +- modules/nixos-modules/users.nix | 16 +- 8 files changed, 90 insertions(+), 186 deletions(-) create mode 100644 modules/nixos-modules/server/adguardhome.nix delete mode 100644 modules/nixos-modules/server/pihole.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index bfd5a50..3ea37e9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -104,8 +104,8 @@ enable = true; subdomain = "home"; }; - pihole = { - enable = true; + adguardhome = { + enable = false; }; nextcloud = { enable = true; diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index da19108..85dcd9e 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -74,6 +74,9 @@ address = [ "192.168.1.10/24" ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; }; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 008f060..e969e20 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -102,19 +102,6 @@ directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" - - # config.apps.pihole.directory.root - - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir - - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home ]; files = [ "/etc/machine-id" diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix new file mode 100644 index 0000000..866ad8a --- /dev/null +++ b/modules/nixos-modules/server/adguardhome.nix @@ -0,0 +1,72 @@ +{ + lib, + config, + ... +}: let + dnsPort = 53; +in { + options.host.adguardhome = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + directory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/AdGuardHome/"; + }; + }; + config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ + { + services.adguardhome = { + enable = true; + mutableSettings = false; + settings = { + dns = { + bootstrap_dns = [ + "1.1.1.1" + "9.9.9.9" + ]; + upstream_dns = [ + "dns.quad9.net" + ]; + }; + filtering = { + protection_enabled = true; + filtering_enabled = true; + + parental_enabled = false; # Parental control-based DNS requests filtering. + safe_search = { + enabled = false; # Enforcing "Safe search" option for search engines, when possible. + }; + }; + # The following notation uses map + # to not have to manually create {enabled = true; url = "";} for every filter + # This is, however, fully optional + filters = + map (url: { + enabled = true; + url = url; + }) [ + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.host.adguardhome.directory; + user = "adguardhome"; + group = "adguardhome"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index c8e17a9..a031b0d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./pihole.nix + ./adguardhome.nix ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix deleted file mode 100644 index aee6105..0000000 --- a/modules/nixos-modules/server/pihole.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - dnsPort = 53; - webPort = 8090; -in { - options.host.pihole = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/pihole"; - }; - image = lib.mkOption { - type = lib.types.str; - default = "pihole/pihole:latest"; - description = "container image to use for pi-hole"; - }; - # piholeStateDirectory = { - # type = lib.types.str; - # default = "${config.host.pihole.directory}/pihole"; - # }; - # tailscaleStateDirectory = { - # type = lib.types.str; - # default = "${config.host.pihole.directory}/tailscale"; - # }; - # piholeImage = lib.mkOption { - # type = lib.types.str; - # default = "pihole/pihole:2024.07.0"; - # description = "container image to use for pi-hole"; - # }; - # tailscaleImage = lib.mkOption { - # type = lib.types.str; - # default = "tailscale/tailscale:latest"; - # description = "container image to use for pi-holes tail scale"; - # }; - ip = lib.mkOption { - type = lib.types.str; - description = "ip address to use for pi-hole"; - }; - }; - config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ - { - host.podman.enable = true; - sops = { - secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - # "wireguard-keys/tailscale-authkey/pihole" = { - # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - # }; - }; - templates."pihole.env".content = '' - FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"} - ''; - }; - systemd = { - tmpfiles.rules = [ - "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system - # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -" - # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -" - ]; - - services = { - "podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - # after = [ - # "podman-network-macvlan.service" - # ]; - # requires = [ - # "podman-network-macvlan.service" - # ]; - partOf = [ - "podman-compose-root.target" - ]; - wantedBy = [ - "podman-compose-root.target" - ]; - }; - }; - }; - - services.resolved.enable = false; - - virtualisation = { - oci-containers = { - containers = { - pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.host.pihole.image; - volumes = [ - "${config.host.pihole.directory}:/etc/pihole:rw" - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = "America/Chicago"; - FTLCONF_webserver_port = toString webPort; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; - }; - environmentFiles = [ - config.sops.templates."pihole.env".path - ]; - log-driver = "journald"; - extraOptions = [ - "--network=host" - # "--network=container:${tailscale container id}" - ]; - }; - # ts-pihole = { - # image = config.host.pihole.tailscaleImage; - # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale"; - # environment = { - # TS_ACCEPT_DNS = "false"; - # TS_HOSTNAME = "pihole"; - # TS_STATE_DIR = "/var/lib/tailscale"; - # TS_USERSPACE = "false"; - # TS_EXTRA_ARGS = "--advertise-tags=tag:container"; - # }; - # environmentFiles = [ - # config.sops.templates."tailscale-pihole.env".path - # ]; - # devices = [ - # "/dev/net/tun:/dev/net/tun" - # ]; - # extraOptions = [ - # "--ip=${config.host.pihole.ip}" - # "--network=macvlan" - # ]; - # }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.pihole.directory; - user = "pihole"; - group = "pihole"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index b75c56f..e806e65 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -59,10 +59,10 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; + # defaultNetwork.settings = { + # # Required for container networking to be able to use names. + # dns_enabled = true; + # }; }; oci-containers = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 15631a9..f57e894 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -17,7 +17,7 @@ eve = 1002; jellyfin = 2000; forgejo = 2002; - pihole = 2003; + adguardhome = 2003; hass = 2004; headscale = 2005; nextcloud = 2006; @@ -32,7 +32,7 @@ jellyfin_media = 2001; jellyfin = 2000; forgejo = 2002; - pihole = 2003; + adguardhome = 2003; hass = 2004; headscale = 2005; nextcloud = 2006; @@ -123,10 +123,10 @@ in { group = config.users.users.forgejo.name; }; - pihole = { - uid = lib.mkForce uids.pihole; + adguardhome = { + uid = lib.mkForce uids.adguardhome; isSystemUser = true; - group = config.users.users.pihole.name; + group = config.users.users.adguardhome.name; }; hass = { @@ -208,10 +208,10 @@ in { ]; }; - pihole = { - gid = lib.mkForce gids.pihole; + adguardhome = { + gid = lib.mkForce gids.adguardhome; members = [ - users.pihole.name + users.adguardhome.name # leyla ]; }; From 651a988558bd7b14fe5506e688d7a954c0c30c7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 15:05:04 -0600 Subject: [PATCH 0544/1043] updated ROOT_URL for forgejo --- modules/nixos-modules/server/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index db1549d6..a6b3ede 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -49,6 +49,7 @@ in { SSH_PORT = 22; # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com:"; }; service = { DISABLE_REGISTRATION = true; From 46615cc36153e04de43274c474582868c91ae6b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 15:10:37 -0600 Subject: [PATCH 0545/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index eab1983..448c91d 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords - move fail2ban configs out of fail2ban.nix and into configs for their respective services +- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 62abf65e5af948a5fad393a19587a6d0ab6edd6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:14:42 -0600 Subject: [PATCH 0546/1043] enabled ACME --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ea37e9..9d6a434 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -77,7 +77,7 @@ }; reverse_proxy = { enable = true; - enableACME = false; + enableACME = true; hostname = "jan-leila.com"; }; postgres = { From 8b39a8084950929f1c4c260f23bead1ccde6f9f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:18:37 -0600 Subject: [PATCH 0547/1043] added extra config to services --- .../nixos-modules/server/home-assistant.nix | 19 +++++++++++- modules/nixos-modules/server/jellyfin.nix | 30 +++++++++++++++++++ .../nixos-modules/server/reverse_proxy.nix | 8 +++++ 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index ba6d81f..cadb607 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -18,10 +18,15 @@ in { { services.home-assistant = { enable = true; + extraComponents = [ + "esphome" + "met" + "radio_browser" + ]; config.http = { server_port = 8082; use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; + trusted_proxies = ["127.0.0.1" "::1"]; ip_ban_enabled = true; login_attempts_threshold = 10; }; @@ -29,6 +34,18 @@ in { host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + websockets = true; + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 90; + ''; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 78afbc7..4746ad3 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -31,12 +31,42 @@ in { { ${config.host.jellyfin.subdomain} = { target = "http://localhost:${toString jellyfinPort}"; + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + ''; }; } ] ++ (builtins.map (subdomain: { ${subdomain} = { target = "http://localhost:${toString jellyfinPort}"; + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + ''; }; }) config.host.jellyfin.extraSubdomains)); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index a218b3f..a406b14 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -31,6 +31,13 @@ in { description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; + extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + description = '' + These lines go to the end of the upstream verbatim. + ''; + }; }; })); default = {}; @@ -53,6 +60,7 @@ in { locations."/" = { proxyPass = value.target; proxyWebsockets = value.websockets; + extraConfig = value.extraConfig; }; }) config.host.reverse_proxy.subdomains; From 86c585111cf58f3aae11697cdf524d5e591f8f0d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:35:41 -0600 Subject: [PATCH 0548/1043] added packages for home assistant --- modules/nixos-modules/server/home-assistant.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index cadb607..63f67d2 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -22,6 +22,7 @@ in { "esphome" "met" "radio_browser" + "isal" ]; config.http = { server_port = 8082; @@ -30,6 +31,11 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + extraPackages = python3Packages: + with python3Packages; [ + numpy + gtts + ]; }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { From 99e57603c768e5e75abf8984568178e68592987d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:54:22 -0600 Subject: [PATCH 0549/1043] added components to home assistant --- modules/nixos-modules/server/home-assistant.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 63f67d2..8ff688f 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -18,11 +18,22 @@ in { { services.home-assistant = { enable = true; + configDir = configDir; extraComponents = [ "esphome" "met" "radio_browser" "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "minecraft_server" + "openweathermap" ]; config.http = { server_port = 8082; @@ -44,12 +55,16 @@ in { extraConfig = '' add_header Upgrade $http_upgrade; add_header Connection \"upgrade\"; + proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_buffering off; + proxy_read_timeout 90; ''; }; From 9715517af68766b21316600c3dbdfd45b662fcdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 19:53:11 -0600 Subject: [PATCH 0550/1043] added more config to home assistant --- .../nixos-modules/server/home-assistant.nix | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 8ff688f..967846a 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -20,7 +20,6 @@ in { enable = true; configDir = configDir; extraComponents = [ - "esphome" "met" "radio_browser" "isal" @@ -35,12 +34,22 @@ in { "minecraft_server" "openweathermap" ]; - config.http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; + config = { + homeassistant = { + name = "Home"; + latitude = "!secret latitude"; + longitude = "!secret longitude"; + elevation = "!secret elevation"; + unit_system = "metric"; + time_zone = "CDT"; + }; + http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; }; extraPackages = python3Packages: with python3Packages; [ From 0e5d8e3335764f411f4d1d27d2fdff8fd5a8925a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Mar 2025 05:05:32 -0600 Subject: [PATCH 0551/1043] added postgres config to home assistant --- .../nixos-modules/server/home-assistant.nix | 42 +++++++++++++++---- modules/nixos-modules/server/postgres.nix | 1 + 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 967846a..5c4b81f 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,9 +1,11 @@ { lib, + pkgs, config, ... }: let configDir = "/var/lib/hass"; + db_user = "hass"; in { options.host.home-assistant = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -16,8 +18,18 @@ in { config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ { + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; services.home-assistant = { enable = true; + package = + (pkgs.home-assistant.override { + extraPackages = py: with py; [psycopg2]; + }) + .overrideAttrs (oldAttrs: { + doInstallCheck = false; + }); configDir = configDir; extraComponents = [ "met" @@ -35,14 +47,6 @@ in { "openweathermap" ]; config = { - homeassistant = { - name = "Home"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - unit_system = "metric"; - time_zone = "CDT"; - }; http = { server_port = 8082; use_x_forwarded_for = true; @@ -50,6 +54,9 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + recorder.db_url = "postgresql://@/${db_user}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; }; extraPackages = python3Packages: with python3Packages; [ @@ -57,6 +64,11 @@ in { gtts ]; }; + systemd.services.home-assistant = { + requires = [ + "postgresql.service" + ]; + }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; @@ -77,6 +89,20 @@ in { proxy_read_timeout 90; ''; }; + postgres = { + enable = true; + extraUsers = { + ${db_user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; + }; + }; + }; }; } (lib.mkIf config.host.impermanence.enable { diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 8d57d42..71ce44c 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -65,6 +65,7 @@ in { ++ ( builtins.map (user: { name = user.name; + ensureDBOwnership = true; }) createUsers ); From f5c67b812f7b4d00f8977b6034d2c0141d8f12a4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Mar 2025 16:16:03 -0600 Subject: [PATCH 0552/1043] updated nfs mounts --- .../nixos/horizon/hardware-configuration.nix | 24 +++---------------- .../nixos/twilight/hardware-configuration.nix | 12 +++------- 2 files changed, 6 insertions(+), 30 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 48a4680..b7e7d84 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,41 +38,23 @@ fsType = "vfat"; }; - "/mnt/new_leyla_home" = { + "/mnt/leyla_home" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/new_eve_home" = { + "/mnt/eve_home" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/new_users_home" = { + "/mnt/users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - - "/mnt/leyla_home" = { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - - "/mnt/share_home" = { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - - "/mnt/docker_home" = { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; - }; }; environment.systemPackages = with pkgs; [ diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index d547c9c..53e8cc2 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -48,22 +48,16 @@ }; "/mnt/leyla_home" = { - device = "server.arpa:/home/leyla"; + device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/share_home" = { - device = "server.arpa:/home/share"; + "/mnt/users_home" = { + device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - - "/mnt/docker_home" = { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; - }; }; environment.systemPackages = with pkgs; [ From 1e98b54454f86dc3963dd1ca6e3522dd2289d6aa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:10:50 -0500 Subject: [PATCH 0553/1043] added more config for nfs mounts --- configurations/nixos/defiant/configuration.nix | 7 +++++++ .../nixos/horizon/hardware-configuration.nix | 12 +++++++++--- .../nixos/twilight/hardware-configuration.nix | 4 ++-- modules/nixos-modules/server/jellyfin.nix | 8 ++++++-- .../nixos-modules/server/network_storage/default.nix | 2 +- modules/nixos-modules/server/network_storage/nfs.nix | 4 ++-- 6 files changed, 27 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9d6a434..2ec7914 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -58,6 +58,7 @@ folder = "leyla"; user = "leyla"; group = "leyla"; + bind = "/home/leyla/documents"; } { folder = "eve"; @@ -69,6 +70,12 @@ user = "root"; group = "users"; } + { + folder = "media"; + user = "jellyfin"; + group = "jellyfin_media"; + bind = config.host.jellyfin.media_directory; + } ]; nfs = { enable = true; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index b7e7d84..f5342a1 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,23 +38,29 @@ fsType = "vfat"; }; - "/mnt/leyla_home" = { + "/mnt/leyla_documents" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/eve_home" = { + "/mnt/eve_documents" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/users_documents" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; }; environment.systemPackages = with pkgs; [ diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 53e8cc2..c215e02 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -47,13 +47,13 @@ options = ["fmask=0022" "dmask=0022"]; }; - "/mnt/leyla_home" = { + "/mnt/leyla_documents" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/users_documents" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 4746ad3..ba58fe9 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -7,7 +7,6 @@ jellyfinPort = 8096; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; - jellyfin_media_directory = "/srv/jellyfin/media"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -21,6 +20,11 @@ in { description = "ex subdomain of base domain that jellyfin will be hosted at"; default = []; }; + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; }; config = lib.mkIf config.host.jellyfin.enable ( @@ -126,7 +130,7 @@ in { hideMounts = true; directories = [ { - directory = jellyfin_media_directory; + directory = config.host.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index fecc05f..f756738 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2770 root root -" + "d ${config.host.network_storage.export_directory} 2775 root root -" ] ++ ( builtins.map ( diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index e793b16..9aaab39 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -38,8 +38,8 @@ services.nfs.server = { enable = true; exports = lib.strings.concatLines ( - builtins.map ( - directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)" + lib.lists.imap0 ( + i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})" ) ( builtins.filter ( From 7b9b394ad26fa67fe50acdf1cde582f29805c3df Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:24:15 -0500 Subject: [PATCH 0554/1043] exported export folder from nfs --- configurations/home-manager/leyla/packages.nix | 1 - configurations/nixos/defiant/configuration.nix | 2 +- configurations/nixos/horizon/hardware-configuration.nix | 2 +- configurations/nixos/twilight/hardware-configuration.nix | 6 ++++++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 11c7af1..cceffb6 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -76,7 +76,6 @@ in { # system tools protonvpn-gui openvpn - nextcloud-client noisetorch # hardware managment tools diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2ec7914..f70a15d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -115,7 +115,7 @@ enable = false; }; nextcloud = { - enable = true; + enable = false; subdomain = "drive"; }; sync = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index f5342a1..cb72d55 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -59,7 +59,7 @@ "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; }; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index c215e02..81b32ae 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -58,6 +58,12 @@ fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; }; environment.systemPackages = with pkgs; [ From 06adc798da01e0380de78d07a55e300e5ad695d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:41:01 -0500 Subject: [PATCH 0555/1043] added more config to media folder --- configurations/nixos/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index cb72d55..f5342a1 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -59,7 +59,7 @@ "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; }; From c4c84503f58a99bee9938b967b9a326ab7368f88 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 21:48:27 -0500 Subject: [PATCH 0556/1043] added package to home assistant --- modules/nixos-modules/server/home-assistant.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 5c4b81f..0922312 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -60,6 +60,7 @@ in { }; extraPackages = python3Packages: with python3Packages; [ + hassil numpy gtts ]; From 769da44f84dc8ddb2931d38b7eb6c35d4ed6ff20 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 21:50:09 -0500 Subject: [PATCH 0557/1043] removed next cloud --- .../nixos/defiant/configuration.nix | 4 -- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/fail2ban.nix | 60 +++++++++++----- modules/nixos-modules/server/nextcloud.nix | 69 ------------------- 4 files changed, 41 insertions(+), 93 deletions(-) delete mode 100644 modules/nixos-modules/server/nextcloud.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f70a15d..89d1af5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,10 +114,6 @@ adguardhome = { enable = false; }; - nextcloud = { - enable = false; - subdomain = "drive"; - }; sync = { enable = true; folders = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index a031b0d..8854936 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix - ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 2f6dc58..cd2a978 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -12,6 +13,41 @@ in { config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." + '') + ); + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + services.fail2ban = { enable = true; maxretry = 5; @@ -34,54 +70,40 @@ in { }; jails = { nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; filter = "nginx"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; backend = "auto"; - failregex = "limiting requests, excess:.* by zone.*client: "; findtime = 600; bantime = 600; maxretry = 5; }; jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.jellyfin.dataDir}/log/*.log"; backend = "auto"; - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\."; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable { - filter = "nextcloud"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.nextcloud.datadir}/*.log"; - backend = "auto"; - failregex = '' - ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ - ''; findtime = 600; bantime = 600; maxretry = 5; }; forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; filter = "forgejo"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.forgejo.stateDir}/log/*.log"; backend = "auto"; - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from "; findtime = 600; bantime = 600; maxretry = 5; }; home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - filter = "home-assistant"; + enabled = true; + filter = "hass"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.home-assistant.configDir}/*.log"; backend = "auto"; - failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$"; findtime = 600; bantime = 600; maxretry = 5; diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix deleted file mode 100644 index ada61dd..0000000 --- a/modules/nixos-modules/server/nextcloud.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - dataDir = "/var/lib/nextcloud"; -in { - options.host.nextcloud = { - enable = lib.mkEnableOption "should nextcloud be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that nextcloud will be hosted at"; - default = "nextcloud"; - }; - }; - - config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [ - { - sops.secrets = { - "services/nextcloud_adminpass" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - owner = config.users.users.nextcloud.name; - }; - }; - - host = { - reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = { - target = "http://localhost:${toString 8009}"; - }; - }; - - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; - settings.log_type = "file"; - config = { - adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; - adminuser = "admin"; - dbtype = "sqlite"; - }; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.nextcloud.datadir == dataDir; - message = "nextcloud data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "nextcloud"; - group = "nextcloud"; - } - ]; - }; - }) - ]); -} From 682e911e3cdbe9630757c8e874ed195d75ddfb40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 00:41:56 -0500 Subject: [PATCH 0558/1043] updated bookmarks in firefox --- configurations/home-manager/leyla/firefox.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 3f6a09c..59450c4 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -261,14 +261,7 @@ bookmarks = [ { name = "Media"; - url = "https://jellyfin.jan-leila.com/"; - # url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Drive"; - url = "https://drive.jan-leila.com/"; + url = "https://media.jan-leila.com/"; keyword = ""; tags = [""]; } @@ -280,7 +273,7 @@ } { name = "Home Automation"; - url = "https://home-assistant.jan-leila.com/"; + url = "https://home.jan-leila.com/"; keyword = ""; tags = [""]; } From 9ef33d0d8be906d3c1ff4f789055546f57b45620 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 17:55:00 -0500 Subject: [PATCH 0559/1043] fixed nfs shares --- .../nixos/defiant/configuration.nix | 8 ++++---- .../nixos/horizon/hardware-configuration.nix | 6 +++--- .../server/network_storage/nfs.nix | 19 +++++++++++-------- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 89d1af5..3923715 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -55,18 +55,18 @@ enable = true; directories = [ { - folder = "leyla"; + folder = "leyla_documents"; user = "leyla"; group = "leyla"; bind = "/home/leyla/documents"; } { - folder = "eve"; + folder = "eve_documents"; user = "eve"; group = "eve"; } { - folder = "users"; + folder = "users_documents"; user = "root"; group = "users"; } @@ -79,7 +79,7 @@ ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; reverse_proxy = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index f5342a1..65c2aa2 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -39,19 +39,19 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve"; + device = "defiant:/exports/eve_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 9aaab39..b398582 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -38,15 +38,18 @@ services.nfs.server = { enable = true; exports = lib.strings.concatLines ( - lib.lists.imap0 ( - i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + [ + "/export 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + ] + ++ (builtins.map ( + directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" ) - config.host.network_storage.directories - ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + )) ); }; networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ From 596455406003dda4a3842424361efcd156fa191c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 18:00:30 -0500 Subject: [PATCH 0560/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 448c91d..9a1c362 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords +- nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services - nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features From 3cd17b36931a0ec8314b56031aef34598dda1c78 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 11 Mar 2025 00:33:23 -0500 Subject: [PATCH 0561/1043] removed postgres from home-assistant db --- flake.lock | 53 +++++++------------ .../nixos-modules/server/home-assistant.nix | 31 +---------- 2 files changed, 19 insertions(+), 65 deletions(-) diff --git a/flake.lock b/flake.lock index ce9b77d..da1433e 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741233805, - "narHash": "sha256-aNmlbxeKPUfuOynHvIMBPrNgEs1ldHDIz1wbkitKDSs=", + "lastModified": 1741665811, + "narHash": "sha256-yQwFid0LSC2syNBTXCSJTZ1EX1OQjBoGk0fSIaaiC+Q=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a1cc22e90f45f6075a991348e896f1595c4efce9", + "rev": "ba7a019fc6c9ee63e3e1a425e0bbf8dd697f7b16", "type": "gitlab" }, "original": { @@ -58,22 +58,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1629284811, @@ -147,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741217763, - "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", + "lastModified": 1741635347, + "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", "owner": "nix-community", "repo": "home-manager", - "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", + "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", "type": "github" }, "original": { @@ -232,18 +216,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1740275623, - "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", + "lastModified": 1741657825, + "narHash": "sha256-QzO/VwD7OAedSFpDuj7XCQSpiGEy597nrQNii5wPW5Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", + "rev": "c87cf45f4901c86a62fae357a06a6ad84af2a496", "type": "github" }, "original": { @@ -254,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740646007, - "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -270,11 +253,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741173522, - "narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=", + "lastModified": 1741513245, + "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049", + "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", "type": "github" }, "original": { @@ -323,11 +306,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 0922312..01423e6 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,11 +1,9 @@ { lib, - pkgs, config, ... }: let configDir = "/var/lib/hass"; - db_user = "hass"; in { options.host.home-assistant = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -23,13 +21,6 @@ in { ]; services.home-assistant = { enable = true; - package = - (pkgs.home-assistant.override { - extraPackages = py: with py; [psycopg2]; - }) - .overrideAttrs (oldAttrs: { - doInstallCheck = false; - }); configDir = configDir; extraComponents = [ "met" @@ -43,7 +34,6 @@ in { "sonos" "analytics_insights" "unifi" - "minecraft_server" "openweathermap" ]; config = { @@ -54,7 +44,7 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; - recorder.db_url = "postgresql://@/${db_user}"; + # recorder.db_url = "postgresql://@/${db_user}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; }; @@ -65,11 +55,6 @@ in { gtts ]; }; - systemd.services.home-assistant = { - requires = [ - "postgresql.service" - ]; - }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; @@ -90,20 +75,6 @@ in { proxy_read_timeout 90; ''; }; - postgres = { - enable = true; - extraUsers = { - ${db_user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${db_user} = { - name = db_user; - }; - }; - }; }; } (lib.mkIf config.host.impermanence.enable { From 32e00602f0cdda6f2b72cc460ddfa434fa42b30f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 11 Mar 2025 18:48:44 -0500 Subject: [PATCH 0562/1043] removed some extra config from jellyfin nginx config to fix webos --- modules/nixos-modules/server/jellyfin.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index ba58fe9..e3eb986 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -38,8 +38,6 @@ in { extraConfig = '' client_max_body_size 20M; add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; - add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -59,8 +57,6 @@ in { extraConfig = '' client_max_body_size 20M; add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; - add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; From 80092713e3672756a0e2c55993a503602ff57531 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Mar 2025 01:40:26 -0500 Subject: [PATCH 0563/1043] updated flake lock --- flake.lock | 36 ++++++++++++++++++------------------ flake.nix | 2 ++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index da1433e..0ef39bc 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1740485968, - "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "lastModified": 1741786315, + "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "owner": "nix-community", "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741665811, - "narHash": "sha256-yQwFid0LSC2syNBTXCSJTZ1EX1OQjBoGk0fSIaaiC+Q=", + "lastModified": 1741786843, + "narHash": "sha256-1m1krwWuROjou56kuILpYZ3imlOgpW2hPqczObinQwQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "ba7a019fc6c9ee63e3e1a425e0bbf8dd697f7b16", + "rev": "51bc10cdd5c2ea8f2cd5adcc587ba0479409312e", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741635347, - "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", + "lastModified": 1741791118, + "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", + "rev": "18780912345970e5b546b1b085385789b6935a83", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741229100, - "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", + "lastModified": 1741794429, + "narHash": "sha256-4J46D8sOZ3UroVyGYKYMU3peq9gv0tjRX0KbZihWhhw=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", + "rev": "2fb6b09b678a1ab258cf88e3ea4a966edceec6a8", "type": "github" }, "original": { @@ -222,11 +222,11 @@ ] }, "locked": { - "lastModified": 1741657825, - "narHash": "sha256-QzO/VwD7OAedSFpDuj7XCQSpiGEy597nrQNii5wPW5Q=", + "lastModified": 1741772639, + "narHash": "sha256-u6jSqRGsfm4Af+tUKJsJ346XwJuomL6Qxiu/BZieowU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c87cf45f4901c86a62fae357a06a6ad84af2a496", + "rev": "2f079586510bc77bac539cf330edaebb9d51e0e0", "type": "github" }, "original": { @@ -237,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1741792691, + "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "e1f12151258b12c567f456d8248e4694e9390613", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f36ee44..bf9976d 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,8 @@ flake = false; }; + # common config for syncthing + # disk configurations disko = { url = "github:nix-community/disko"; From 395a25eff1e6647c2bfe6e2348ab15800b4dc8f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Mar 2025 02:13:11 -0500 Subject: [PATCH 0564/1043] adopted new syncthing flake --- configurations/syncthing/default.nix | 95 +++++++++++++++++++++++++ flake.lock | 34 +++++++-- flake.nix | 8 +++ modules/nixos-modules/sync.nix | 102 ++++----------------------- util/default.nix | 8 +++ 5 files changed, 154 insertions(+), 93 deletions(-) create mode 100644 configurations/syncthing/default.nix diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix new file mode 100644 index 0000000..bc557eb --- /dev/null +++ b/configurations/syncthing/default.nix @@ -0,0 +1,95 @@ +{config, ...}: { + folders = { + leyla_documents = { + id = "hvrj0-9bm1p"; + }; + leyla_calendar = { + id = "8oatl-1rv6w"; + }; + leyla_notes = { + id = "dwbuv-zffnf"; + }; + share = { + id = "73ot0-cxmkx"; + }; + }; + devices = { + defiant = { + id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + leyla_calendar = { + folder = config.folders.leyla_calendar; + path = "/mnt/sync/leyla/calendar"; + }; + leyla_notes = { + folder = config.folders.leyla_notes; + path = "/mnt/sync/leyla/notes"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + twilight = { + id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + horizon = { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + coven = { + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + folders = { + share = { + folder = config.folders.share; + }; + }; + }; + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + folders = { + share = { + folder = config.folders.share; + }; + leyla_calendar = { + folder = config.folders.leyla_calendar; + }; + leyla_notes = { + folder = config.folders.leyla_notes; + }; + }; + }; + shale = { + id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + folders = { + share = { + folder = config.folders.share; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 0ef39bc..11bbff8 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741786843, - "narHash": "sha256-1m1krwWuROjou56kuILpYZ3imlOgpW2hPqczObinQwQ=", + "lastModified": 1741838604, + "narHash": "sha256-ytHdrfSbbPvla43Ykd61cVkS2JLA8wBEHcnf4yLFP7Y=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51bc10cdd5c2ea8f2cd5adcc587ba0479409312e", + "rev": "e41884886e7798003973f487f37b979ee92f7d99", "type": "gitlab" }, "original": { @@ -214,6 +214,27 @@ "type": "github" } }, + "nix-syncthing": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741849924, + "narHash": "sha256-5vyb1H6HtW24QVqfI56P4QVQP6vHh1jS9ULwnunCO94=", + "ref": "main", + "rev": "86bcb200c83b6a5d13b3583126b9d8dc6770613a", + "revCount": 6, + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils_3", @@ -222,11 +243,11 @@ ] }, "locked": { - "lastModified": 1741772639, - "narHash": "sha256-u6jSqRGsfm4Af+tUKJsJ346XwJuomL6Qxiu/BZieowU=", + "lastModified": 1741830545, + "narHash": "sha256-SzbDILDATgMCYk2SxPYLCBVdT6mHtlyeYZDn2SZaIuU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2f079586510bc77bac539cf330edaebb9d51e0e0", + "rev": "28318c164b39b70a14851aed7ad0ea7f03ca417e", "type": "github" }, "original": { @@ -276,6 +297,7 @@ "impermanence": "impermanence", "lix-module": "lix-module", "nix-darwin": "nix-darwin", + "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index bf9976d..8c64e2b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ }; # common config for syncthing + nix-syncthing = { + url = "git+https://git.jan-leila.com/jan-leila/nix-syncthing?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # disk configurations disko = { @@ -73,6 +77,7 @@ self, nixpkgs, sops-nix, + nix-syncthing, home-manager, impermanence, ... @@ -84,6 +89,7 @@ mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + syncthingConfiguration = util.syncthingConfiguration; installerSystems = { basic = mkNixosInstaller "basic" []; @@ -153,5 +159,7 @@ darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; + + syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 516e141..e185781 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,6 +1,7 @@ { config, lib, + outputs, ... }: let mountDir = "/mnt/sync"; @@ -59,97 +60,24 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - settings = { - devices = { - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - }; - defiant = lib.mkIf (config.networking.hostName != "defiant") { - id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; - }; - twilight = lib.mkIf (config.networking.hostName != "twilight") { - id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - }; - horizon = lib.mkIf (config.networking.hostName != "horizon") { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - }; - shale = { - id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - }; - }; - folders = let - ceder = "ceder"; - coven = "coven"; - shale = "shale"; - defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; - twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; - horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; - in - lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "${mountDir}/leyla/documents"; - devices = [ - defiant - ceder - coven - twilight - horizon - ]; - }; - }) - (lib.mkIf config.host.sync.folders.share.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "${mountDir}/default/calendar"; - devices = [ - defiant - ceder - shale - ]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "${mountDir}/leyla/notes"; - devices = [ - defiant - ceder - ]; - }; - }) - (lib.mkIf config.host.sync.folders.share.enable { - "share" = { - id = "73ot0-cxmkx"; - path = "${mountDir}/default/share"; - devices = [ - defiant - ceder - coven - twilight - horizon - shale - ]; - }; - }) - ]; - }; + configuration = outputs.syncthingConfiguration; + deviceName = config.networking.hostName; }; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ]; + assertions = + [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ] + ++ lib.attrsets.mapAttrsToList (_: folder: { + assertion = lib.strings.hasPrefix mountDir folder.path; + message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; + }) + config.services.syncthing.folders; environment.persistence = { "/persist/system/root" = { enable = true; diff --git a/util/default.nix b/util/default.nix index cdc0caa..028212c 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; lix-module = inputs.lix-module; @@ -73,6 +74,7 @@ in { system-modules ++ [ sops-nix.nixosModules.sops + nix-syncthing.nixosModules.syncthing impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko @@ -107,4 +109,10 @@ in { ../configurations/home-manager/${user} ]; }; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; } From f5bef1ad43c16d8bf4fd6ea9f545166e9acaff01 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 02:04:20 -0500 Subject: [PATCH 0565/1043] removed completed task from tech debt --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9a1c362..a6b726e 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services From f81878afd71fca857028050ffa143d3dae238a94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 11:32:50 -0500 Subject: [PATCH 0566/1043] added talk to new features --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a6b726e..095b9c5 100644 --- a/README.md +++ b/README.md @@ -69,3 +69,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html +- migrate away from flakes and move to npins \ No newline at end of file From c1f90f07c972e5166d027689754a763db69de266 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 11:45:07 -0500 Subject: [PATCH 0567/1043] updated path for fail2ban config --- modules/nixos-modules/server/fail2ban.nix | 2 +- modules/nixos-modules/sync.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index cd2a978..a84b5ad 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -92,7 +92,7 @@ in { enabled = true; filter = "forgejo"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.stateDir}/log/*.log"; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; backend = "auto"; findtime = 600; bantime = 600; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index e185781..de361e6 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -77,7 +77,7 @@ in { assertion = lib.strings.hasPrefix mountDir folder.path; message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; }) - config.services.syncthing.folders; + config.services.syncthing.settings.folders; environment.persistence = { "/persist/system/root" = { enable = true; From a31230fe6728193872fe77178a72febcf9436b6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 12:02:39 -0500 Subject: [PATCH 0568/1043] added new feature to tasks --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 095b9c5..ad643c2 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init - samba mounts - figure out steam vr things? - Open GL? @@ -69,4 +68,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins \ No newline at end of file +- migrate away from flakes and move to npins +- forgejo dedicated sshd that can only do forgejo things and that the main deamon proxies to when trying to log in with the git user, with the goal of being able to host that deamon on port 22222 and set up a port forward rule on gateway for 22 -> deamon:22222 \ No newline at end of file From 9b857234f4fe62ee3f71d8130d301e1d9ceb1100 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 12:29:42 -0500 Subject: [PATCH 0569/1043] updated port number for forgejo internal ssh server --- modules/nixos-modules/server/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index a6b3ede..ee98305 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -6,7 +6,7 @@ forgejoPort = 8081; stateDir = "/var/lib/forgejo"; db_user = "forgejo"; - sshPort = 2222; + sshPort = 22222; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; From 34dce8d9d17aeb192b39447452cb7a6e3ca3dcb7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 19:47:02 -0500 Subject: [PATCH 0570/1043] fixed exports folder on nfs --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index b398582..405ea2c 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -39,7 +39,7 @@ enable = true; exports = lib.strings.concatLines ( [ - "/export 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + "/exports 100.64.0.0/10(rw,fsid=0,no_subtree_check)" ] ++ (builtins.map ( directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" From 44d6b4827db34649ab62294d55af0afeeaf797e6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 19:49:11 -0500 Subject: [PATCH 0571/1043] fixed forgejo ssh --- modules/nixos-modules/server/forgejo.nix | 49 ++++++++++++------------ modules/nixos-modules/users.nix | 32 ++++++++-------- 2 files changed, 41 insertions(+), 40 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index ee98305..f0c1974 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -33,31 +33,32 @@ in { }; }; - services.forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com:"; - }; - service = { - DISABLE_REGISTRATION = true; - }; + services = { + forgejo = { + enable = true; database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; }; }; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index f57e894..92f4016 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -20,9 +20,9 @@ adguardhome = 2003; hass = 2004; headscale = 2005; - nextcloud = 2006; syncthing = 2007; ollama = 2008; + git = 2009; }; gids = { @@ -35,9 +35,9 @@ adguardhome = 2003; hass = 2004; headscale = 2005; - nextcloud = 2006; syncthing = 2007; ollama = 2008; + git = 2009; }; users = config.users.users; @@ -141,12 +141,6 @@ in { group = config.users.users.headscale.name; }; - nextcloud = { - uid = lib.mkForce uids.nextcloud; - isSystemUser = true; - group = config.users.users.nextcloud.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -158,6 +152,13 @@ in { isSystemUser = true; group = config.users.users.ollama.name; }; + + git = { + uid = lib.mkForce uids.git; + isSystemUser = !config.services.forgejo.enable; + isNormalUser = config.services.forgejo.enable; + group = config.users.users.git.name; + }; }; groups = { @@ -232,14 +233,6 @@ in { ]; }; - nextcloud = { - gid = lib.mkForce gids.nextcloud; - members = [ - users.nextcloud.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +248,13 @@ in { users.ollama.name ]; }; + + git = { + gid = lib.mkForce gids.git; + members = [ + users.git.name + ]; + }; }; }; } From da78b208cdf94f653a7a036f511625ec312ecf6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:21:18 -0500 Subject: [PATCH 0572/1043] added ssh config for local git pushes --- configurations/home-manager/default.nix | 2 ++ configurations/home-manager/git/default.nix | 20 ++++++++++++++++++++ flake.nix | 7 ++++++- util/default.nix | 18 ++++++++++++++---- 4 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 configurations/home-manager/git/default.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 3aa4c0e..a7fa478 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -1,10 +1,12 @@ { lib, config, + osConfig, ... }: let users = config.host.users; in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); + git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix new file mode 100644 index 0000000..2276e7a --- /dev/null +++ b/configurations/home-manager/git/default.nix @@ -0,0 +1,20 @@ +{osConfig, ...}: { + home = { + username = osConfig.users.users.git.name; + homeDirectory = osConfig.users.users.git.home; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + }; + + programs.ssh.extraConfig = '' + AuthorizedKeysFile + /var/lib/forgejo/.ssh/authorized_keys + ''; +} diff --git a/flake.nix b/flake.nix index 8c64e2b..f9cb9a6 100644 --- a/flake.nix +++ b/flake.nix @@ -114,7 +114,12 @@ nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { name = "${user}@${hostname}"; - value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + value = mkHome { + user = user; + host = hostname; + system = system.pkgs.hostPlatform.system; + osConfig = system.config; + }; }) system.config.home-manager.users )) diff --git a/util/default.nix b/util/default.nix index 028212c..c6e0e06 100644 --- a/util/default.nix +++ b/util/default.nix @@ -36,8 +36,13 @@ home-manager-config = nixpkgs: { home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs outputs util;}; - home-manager.users = import ../configurations/home-manager nixpkgs; + home-manager.extraSpecialArgs = { + inherit inputs outputs util; + }; + home-manager.users = import ../configurations/home-manager (nixpkgs + // { + osConfig = nixpkgs.config; + }); home-manager.sharedModules = home-manager-modules; }; @@ -61,7 +66,7 @@ in { nixpkgs.lib.nixosSystem { modules = [ { - # TODO: authorized keys for all users + # TODO: authorized keys for all users and hosts } ../configurations/nixos/${host} ]; @@ -97,7 +102,12 @@ in { ]; }; - mkHome = user: host: system: osConfig: + mkHome = { + user, + host, + system, + osConfig, + }: home-manager.lib.homeManagerConfiguration { pkgs = pkgsFor system; extraSpecialArgs = { From fc8877ff1050e4cc5539c233511c655ecffadec8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:35:11 -0500 Subject: [PATCH 0573/1043] added fsid to all nfs mounts --- .../server/network_storage/nfs.nix | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 405ea2c..1b52d26 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -37,20 +37,15 @@ lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { services.nfs.server = { enable = true; - exports = lib.strings.concatLines ( - [ - "/exports 100.64.0.0/10(rw,fsid=0,no_subtree_check)" - ] - ++ (builtins.map ( - directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" + exports = lib.strings.concatLines (lib.lists.imap0 ( + i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories - ) - config.host.network_storage.directories - )) - ); + config.host.network_storage.directories + )); }; networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ config.host.network_storage.nfs.port From ade8d1ec83b689a2143d675167b63d8b465371b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:50:18 -0500 Subject: [PATCH 0574/1043] removed completed task from new features --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index ad643c2..9b72e49 100644 --- a/README.md +++ b/README.md @@ -68,5 +68,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- forgejo dedicated sshd that can only do forgejo things and that the main deamon proxies to when trying to log in with the git user, with the goal of being able to host that deamon on port 22222 and set up a port forward rule on gateway for 22 -> deamon:22222 \ No newline at end of file +- migrate away from flakes and move to npins \ No newline at end of file From 6d4cfec975c81b2d7a23eb9c2c6355be7a527726 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Mar 2025 12:30:26 -0500 Subject: [PATCH 0575/1043] added more config to nfs --- .../nixos/horizon/hardware-configuration.nix | 49 ++++++++++++++-- .../server/network_storage/nfs.nix | 56 ++++++++++++++----- 2 files changed, 88 insertions(+), 17 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 65c2aa2..ed743e9 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -25,6 +25,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; + + supportedFilesystems = ["nfs"]; }; fileSystems = { @@ -41,25 +43,64 @@ "/mnt/leyla_documents" = { device = "defiant:/exports/leyla_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/eve_documents" = { device = "defiant:/exports/eve_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/users_documents" = { device = "defiant:/exports/users_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; }; }; diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 1b52d26..138ca93 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -35,21 +35,51 @@ } ( lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { - services.nfs.server = { - enable = true; - exports = lib.strings.concatLines (lib.lists.imap0 ( - i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + services.nfs = { + settings = { + nfsd = { + threads = 32; + port = config.host.network_storage.nfs.port; + }; + }; + server = { + enable = true; + + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + + exports = lib.strings.concatLines ( + [ + "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + ] + ++ ( + lib.lists.imap1 ( + i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) ) - config.host.network_storage.directories - )); + ); + }; + }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + ports = [ + 111 + config.host.network_storage.nfs.port + config.services.nfs.server.lockdPort + config.services.nfs.server.mountdPort + config.services.nfs.server.statdPort + 20048 + ]; + in { + allowedTCPPorts = ports; + allowedUDPPorts = ports; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ - config.host.network_storage.nfs.port - ]; } ) ]; From 2ea0592c647889e3e75f276235e14af8a05daad9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 12:19:23 -0500 Subject: [PATCH 0576/1043] added local network and loopback addresses to nfs mount --- modules/nixos-modules/server/network_storage/nfs.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 138ca93..6273e59 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -55,7 +55,9 @@ ] ++ ( lib.lists.imap1 ( - i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)" + i: directory: let + options = "(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"; + in "${directory._directory} 100.64.0.0/10${options} 192.168.0.0/24${options} 127.0.0.1${options}" ) ( builtins.filter ( From 16959837423616b4a5f103fc127dd25d95dc5fea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 13:34:06 -0500 Subject: [PATCH 0577/1043] updated nfs config for twilight --- .../nixos/twilight/hardware-configuration.nix | 43 ++++++++++++++++--- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 81b32ae..1cba7de 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,6 +25,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; + + supportedFilesystems = ["nfs"]; }; services.xserver = { @@ -48,21 +50,52 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; }; }; From 33ea6db98bbbbc816829fe9b618ac14e9b46b4f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 14:30:04 -0500 Subject: [PATCH 0578/1043] made every address space for nfs use a different fsid --- modules/nixos-modules/server/network_storage/nfs.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 6273e59..26480d6 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -54,10 +54,16 @@ "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" ] ++ ( - lib.lists.imap1 ( + lib.lists.imap0 ( i: directory: let - options = "(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"; - in "${directory._directory} 100.64.0.0/10${options} 192.168.0.0/24${options} 127.0.0.1${options}" + option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + options = lib.strings.concatStrings ( + lib.strings.intersperse " " ( + lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + ) + ); + in "${directory._directory} ${options}" ) ( builtins.filter ( From de6a43a239c5d89889bdc6676f06b9849c5d76e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 15:31:34 -0500 Subject: [PATCH 0579/1043] added leyla documents to more syncthing devices --- configurations/syncthing/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bc557eb..1934684 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -67,6 +67,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; }; }; ceder = { @@ -75,6 +78,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; leyla_calendar = { folder = config.folders.leyla_calendar; }; From 7c0c94b47a6f325266b941651ad85e1ec8ae3faf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 20:34:09 -0500 Subject: [PATCH 0580/1043] updated nfs config --- .../server/network_storage/default.nix | 22 +++++++++---------- .../server/network_storage/nfs.nix | 15 ++++++++++--- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index f756738..00ea7ac 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/exports"; + default = "/export"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" ] ++ ( builtins.map ( @@ -77,14 +77,14 @@ in { ) ); } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - config.host.network_storage.export_directory - ]; - }; - }) + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) ]); } diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 26480d6..bad0452 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -56,11 +56,20 @@ ++ ( lib.lists.imap0 ( i: directory: let - option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; - addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = [ + # loopback + "127.0.0.1" + "::1" + # local network + # "192.168.0.0/24" + # tailscale + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; options = lib.strings.concatStrings ( lib.strings.intersperse " " ( - lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses ) ); in "${directory._directory} ${options}" From 4b014ed29ff60adf6934c6f72d12c37c178585cb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 20:56:20 -0500 Subject: [PATCH 0581/1043] added more options to nfs config on horizon --- .../nixos/horizon/hardware-configuration.nix | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ed743e9..e88d8dc 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -41,65 +41,71 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; + device = "defiant:/export/leyla_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve_documents"; + device = "defiant:/export/eve_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; + device = "defiant:/export/users_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/media" = { - device = "defiant:/exports/media"; + device = "defiant:/export/media"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "noatime" "nodiratime" "relatime" - "rsize=32768" - "wsize=32768" "fsc" + "timeo=600" + "retrans=2" ]; }; }; From 3ec99b599bc3f022249c6a604f3793061f664865 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 21:00:44 -0500 Subject: [PATCH 0582/1043] created immich config --- .../nixos/defiant/configuration.nix | 4 ++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/immich.nix | 68 +++++++++++++++++++ modules/nixos-modules/users.nix | 32 ++++----- 4 files changed, 89 insertions(+), 16 deletions(-) create mode 100644 modules/nixos-modules/server/immich.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3923715..0b7214b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,6 +114,10 @@ adguardhome = { enable = false; }; + immich = { + enable = true; + subdomain = "photos"; + }; sync = { enable = true; folders = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8854936..956ad9e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix + ./immich.nix ]; } diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix new file mode 100644 index 0000000..7dd3a0f --- /dev/null +++ b/modules/nixos-modules/server/immich.nix @@ -0,0 +1,68 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + options.host.immich = { + enable = lib.mkEnableOption "should immich be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.host.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + + services.immich = { + enable = true; + port = 2283; + # redis.enable = false; + }; + + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + allowedUDPPorts = [ + config.services.immich.port + ]; + allowedTCPPorts = [ + config.services.immich.port + ]; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 92f4016..7bdb3dd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -19,10 +19,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; gids = { @@ -34,10 +34,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; users = config.users.users; @@ -135,12 +135,6 @@ in { group = config.users.users.hass.name; }; - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -159,6 +153,12 @@ in { isNormalUser = config.services.forgejo.enable; group = config.users.users.git.name; }; + + immich = { + uid = lib.mkForce uids.immich; + isSystemUser = true; + group = config.users.users.immich.name; + }; }; groups = { @@ -225,14 +225,6 @@ in { ]; }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +247,14 @@ in { users.git.name ]; }; + + immich = { + gid = lib.mkForce gids.immich; + members = [ + users.immich.name + # leyla + ]; + }; }; }; } From 6614c4a5535505909a3bd85c358f40122854aff6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 14:32:50 -0500 Subject: [PATCH 0583/1043] added extra config to immich proxy --- modules/nixos-modules/server/immich.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 7dd3a0f..f8ea5e3 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -19,6 +19,27 @@ in { host = { reverse_proxy.subdomains.${config.host.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # Set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # enable websockets: http://nginx.org/en/docs/http/websocket.html + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; }; postgres = { enable = true; From b45fe04a2bc2b3d09a475f5205801d700c4fb13f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 17:13:37 -0500 Subject: [PATCH 0584/1043] removed duplicate task from tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9b72e49..6d2c56b 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich - zfs encryption FIDO2 2fa (look into shavee) -- ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results - Create Tor guard/relay server From 8e98273fcf40d7946e0af4b08b785b1e3cd0d833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 17:40:35 -0500 Subject: [PATCH 0585/1043] added photos bookmark to firefox --- configurations/home-manager/leyla/firefox.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 59450c4..5bc49db 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -265,6 +265,12 @@ keyword = ""; tags = [""]; } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } { name = "Git"; url = "https://git.jan-leila.com/"; From 9bc13861b4a54072b25677fde81dcfc3b6f6021c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 18:32:57 -0500 Subject: [PATCH 0586/1043] added fail2ban filter for immich --- modules/nixos-modules/server/fail2ban.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index a84b5ad..f486d73 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -46,6 +46,16 @@ in { datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S '') ); + "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + '') + ); }; services.fail2ban = { @@ -108,6 +118,11 @@ in { bantime = 600; maxretry = 5; }; + immich-iptables.settings = lib.mkIf config.services.immich.enable { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 68185640aa1209e1973c7557f7ed45e7f2243033 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 18:34:35 -0500 Subject: [PATCH 0587/1043] updated fail2ban filter --- modules/nixos-modules/server/fail2ban.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f486d73..e3f6280 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -48,9 +48,6 @@ in { ); "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - [Definition] failregex = immich-server.*Failed login attempt for user.+from ip address\s? journalmatch = CONTAINER_TAG=immich-server From 4c430404b3cd33f69b63096fa0cf899c8709a483 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 21:15:23 -0500 Subject: [PATCH 0588/1043] added tasks to README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d2c56b..6ddb2a9 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins \ No newline at end of file +- migrate away from flakes and move to npins +- fix nfs +- fix home assistant +- create adguard server \ No newline at end of file From 2350eb43ec0c4658a8670276241203230680fb63 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:13:38 -0500 Subject: [PATCH 0589/1043] simplified nginx config --- README.md | 1 - .../nixos-modules/server/home-assistant.nix | 12 ++-- modules/nixos-modules/server/immich.nix | 17 ++--- modules/nixos-modules/server/jellyfin.nix | 47 ++++---------- .../nixos-modules/server/reverse_proxy.nix | 63 ++++++++++++++----- modules/nixos-modules/server/searx.nix | 3 +- 6 files changed, 71 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 6ddb2a9..6f43733 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services -- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 01423e6..254e183 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -58,18 +58,14 @@ in { host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - websockets = true; + + websockets.enable = true; + forwardHeaders.enable = true; + extraConfig = '' add_header Upgrade $http_upgrade; add_header Connection \"upgrade\"; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; proxy_read_timeout 90; diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index f8ea5e3..2756e5c 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -19,26 +19,19 @@ in { host = { reverse_proxy.subdomains.${config.host.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + extraConfig = '' # allow large file uploads client_max_body_size 50000M; - # Set headers - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # enable websockets: http://nginx.org/en/docs/http/websocket.html - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_redirect off; - # set timeout proxy_read_timeout 600s; proxy_send_timeout 600s; send_timeout 600s; + proxy_redirect off; ''; }; postgres = { diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index e3eb986..77d5744 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -31,45 +31,22 @@ in { lib.mkMerge [ { services.jellyfin.enable = true; - host.reverse_proxy.subdomains = lib.mkMerge ([ - { - ${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; + host.reverse_proxy.subdomains.jellyfin = { + target = "http://localhost:${toString jellyfinPort}"; - proxy_buffering off; - ''; - }; - } - ] - ++ (builtins.map (subdomain: { - ${subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; + subdomain = config.host.jellyfin.subdomain; + extraSubdomains = config.host.jellyfin.extraSubdomains; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; + forwardHeaders.enable = true; - proxy_buffering off; - ''; - }; - }) - config.host.jellyfin.extraSubdomains)); + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + + proxy_buffering off; + ''; + }; environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index a406b14..26b4374 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -24,13 +24,28 @@ in { default = true; }; subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({...}: { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + target = lib.mkOption { type = lib.types.str; - description = "where should this host point to"; + description = "what url will all traffic to this application be forwarded to"; }; - websockets = lib.mkEnableOption "should websockets be proxied"; + + websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + extraConfig = lib.mkOption { type = lib.types.lines; default = ""; @@ -40,7 +55,6 @@ in { }; }; })); - default = {}; }; }; @@ -53,17 +67,36 @@ in { services.nginx = { enable = true; - virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations."/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets; - extraConfig = value.extraConfig; - }; - }) - config.host.reverse_proxy.subdomains; + virtualHosts = lib.mkMerge ( + lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: value: let + hostConfig = { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; + locations = { + "/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets.enable; + recommendedProxySettings = value.forwardHeaders.enable; + extraConfig = + value.extraConfig; + }; + }; + }; + in ( + [ + { + ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; + } + ] + ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) + value.extraSubdomains + ) + ) + config.host.reverse_proxy.subdomains + ) + ); }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index b18eb14..c578b41 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -20,7 +20,8 @@ }; }; host = { - reverse_proxy.subdomains.${config.host.searx.subdomain} = { + reverse_proxy.subdomains.searx = { + subdomain = config.host.searx.subdomain; target = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; From c81622a65cedde239ff5e28b20443cd95175de97 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:21:16 -0500 Subject: [PATCH 0590/1043] removed completed new feature from tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6f43733..2c46110 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs email after scrubbing # TODO: test this - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results From ae19af996e619251e70b9653173f58b96c60fbc5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:22:53 -0500 Subject: [PATCH 0591/1043] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2c46110..7c1908e 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services +- move extra custom configuration for services out of host config and instead extend services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts From 24e651205983fbde33e1c421677fc68796a38752 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 19:57:12 -0500 Subject: [PATCH 0592/1043] updated flake.lock --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 11bbff8..dfdc765 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741838604, - "narHash": "sha256-ytHdrfSbbPvla43Ykd61cVkS2JLA8wBEHcnf4yLFP7Y=", + "lastModified": 1742417054, + "narHash": "sha256-xZrOGER/WjdotrDqHGqz0GGtXKmMw0yzrop6TtZSB7w=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e41884886e7798003973f487f37b979ee92f7d99", + "rev": "9c8d89103be887c38fac9951d4d8900a91fff5d6", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741791118, - "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", + "lastModified": 1742416832, + "narHash": "sha256-ycok0eJJcoknqaibdv/TEEEOUqovC42XCqbfLDYmnoQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "18780912345970e5b546b1b085385789b6935a83", + "rev": "eb0f617aecbaf1eff5bacec789891e775af2f5a3", "type": "github" }, "original": { @@ -163,14 +163,14 @@ "flake": false, "locked": { "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "lastModified": 1741892773, + "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", + "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz?rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" }, "original": { "type": "tarball", @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741794429, - "narHash": "sha256-4J46D8sOZ3UroVyGYKYMU3peq9gv0tjRX0KbZihWhhw=", + "lastModified": 1742373336, + "narHash": "sha256-oEF5dBlq8wGD3mkJ5PmFS1PGb28uYmvuy1IH6roIGkQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2fb6b09b678a1ab258cf88e3ea4a966edceec6a8", + "rev": "2d9b63316926aa130a5a51136d93b9be28808f26", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1741830545, - "narHash": "sha256-SzbDILDATgMCYk2SxPYLCBVdT6mHtlyeYZDn2SZaIuU=", + "lastModified": 1742349195, + "narHash": "sha256-6Jd1bVeDtg1Tx5pfTI2pkVSc5OUsWzlzyRBE6uucvKk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "28318c164b39b70a14851aed7ad0ea7f03ca417e", + "rev": "627c4ca40954a81d52753e2c754863f244cf81ba", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741792691, - "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", + "lastModified": 1742376361, + "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1f12151258b12c567f456d8248e4694e9390613", + "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9", "type": "github" }, "original": { @@ -274,11 +274,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741513245, - "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", + "lastModified": 1742288794, + "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", + "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "type": "github" }, "original": { @@ -328,11 +328,11 @@ ] }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1742406979, + "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", "type": "github" }, "original": { From a821b1ab164d4cab03cd63c40449373d05848f67 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 20:05:25 -0500 Subject: [PATCH 0593/1043] updated firefox config for leyla home manager --- configurations/home-manager/leyla/firefox.nix | 157 +++++++++--------- 1 file changed, 80 insertions(+), 77 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 5bc49db..eef5d88 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -37,13 +37,13 @@ }; "NixOS Wiki" = { urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = ["@nw"]; }; "Searx" = { urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = ["@searx"]; }; @@ -258,81 +258,84 @@ "toolkit.telemetry.updatePing.enabled" = false; }; - bookmarks = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; }; }; } From 6c6f9a11bc9d29a93d0e32bbbb25705293c20617 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 20 Mar 2025 00:45:49 -0500 Subject: [PATCH 0594/1043] updated flake lock --- flake.lock | 26 +++++++++++++------------- nix-config-secrets | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index dfdc765..3a40e4c 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742417054, - "narHash": "sha256-xZrOGER/WjdotrDqHGqz0GGtXKmMw0yzrop6TtZSB7w=", + "lastModified": 1742442833, + "narHash": "sha256-fPRAEtERJoDi0wIK3pGUbkpTL4N4AW1gHFJ8LcfjFbI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9c8d89103be887c38fac9951d4d8900a91fff5d6", + "rev": "5b4fc9b4b510ee8b2e26c47261c1262bbd12800d", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742416832, - "narHash": "sha256-ycok0eJJcoknqaibdv/TEEEOUqovC42XCqbfLDYmnoQ=", + "lastModified": 1742442527, + "narHash": "sha256-P3hEYEIryixLQWeKOYjyxv6bIQIDoyNAuvEq+tfJc6k=", "owner": "nix-community", "repo": "home-manager", - "rev": "eb0f617aecbaf1eff5bacec789891e775af2f5a3", + "rev": "97a00e0659b2807454507eb3a593bd09b099bd80", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1742349195, - "narHash": "sha256-6Jd1bVeDtg1Tx5pfTI2pkVSc5OUsWzlzyRBE6uucvKk=", + "lastModified": 1742435492, + "narHash": "sha256-ndzDOuL+HFcWwrHfEy+29b2sAc96DY78xRasLg0ONiI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "627c4ca40954a81d52753e2c754863f244cf81ba", + "rev": "fee770e654c49d69aacbdaf291c8af819a67bb35", "type": "github" }, "original": { @@ -308,11 +308,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740354712, - "narHash": "sha256-1PMVP2txoD4lhW7k3fbYa7CZ+hLBJO5f91EWtegrqEg=", + "lastModified": 1742444385, + "narHash": "sha256-QUcFbv7JG9SqtLmBUEhoFRTaMefQnb/GeY/Ql4LcA6Y=", "ref": "refs/heads/main", - "rev": "db6d65e814bc0c99f6e9b95308184b004038243e", - "revCount": 13, + "rev": "839273dc72d1e82d7941ba2459e5ed228f398573", + "revCount": 14, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index db6d65e..839273d 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit db6d65e814bc0c99f6e9b95308184b004038243e +Subproject commit 839273dc72d1e82d7941ba2459e5ed228f398573 From 186dd689ebcce8fb8e4259136376ea3cd549b87a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 17:34:29 -0500 Subject: [PATCH 0595/1043] added extra tailscale config --- configurations/nixos/defiant/configuration.nix | 6 ++++-- configurations/nixos/horizon/configuration.nix | 6 ++++++ configurations/nixos/twilight/configuration.nix | 8 +++++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b7214b..87fff9b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -177,13 +177,15 @@ useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" - "--advertise-routes=192.168.1.0/24" + "--advertise-routes=192.168.0.0/24" "--accept-dns=false" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" - "--advertise-routes=192.168.1.0/24" + "--advertise-routes=192.168.0.0/24" "--accept-dns=false" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index c97a892..5ed6d01 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -62,6 +62,12 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; + extraUpFlags = [ + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; + extraSetFlags = [ + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 5238b84..fbfe66d 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -55,9 +55,15 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; - extraUpFlags = ["--advertise-exit-node"]; + extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.0.0/24" + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; extraSetFlags = [ "--advertise-exit-node" + "--advertise-routes=192.168.0.0/24" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; From 0d7da663ed1d9fa20ab482cc962872dc548afd52 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 17:56:26 -0500 Subject: [PATCH 0596/1043] removed leyla tag from advertise-tags --- .../nixos/defiant/configuration.nix | 3 +- .../nixos/horizon/configuration.nix | 5 +-- .../nixos/twilight/configuration.nix | 3 +- flake.lock | 44 +++++++++---------- nix-config-secrets | 2 +- 5 files changed, 26 insertions(+), 31 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 87fff9b..9de9b38 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -179,13 +179,12 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5ed6d01..2f98cf8 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,10 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:leyla,tag:server,tag:static" - ]; - extraSetFlags = [ - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index fbfe66d..2c1b3d5 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,12 +58,11 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/flake.lock b/flake.lock index 3a40e4c..56a5cd1 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742442833, - "narHash": "sha256-fPRAEtERJoDi0wIK3pGUbkpTL4N4AW1gHFJ8LcfjFbI=", + "lastModified": 1742489760, + "narHash": "sha256-OkYl/wf09cKviSV1R6SshcRmeX1iDNEKCMg5KlmTwK0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5b4fc9b4b510ee8b2e26c47261c1262bbd12800d", + "rev": "10f7b577f5081b30ca6b7fd5f98de8d7dfdb5a27", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742442527, - "narHash": "sha256-P3hEYEIryixLQWeKOYjyxv6bIQIDoyNAuvEq+tfJc6k=", + "lastModified": 1742588233, + "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=", "owner": "nix-community", "repo": "home-manager", - "rev": "97a00e0659b2807454507eb3a593bd09b099bd80", + "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1742373336, - "narHash": "sha256-oEF5dBlq8wGD3mkJ5PmFS1PGb28uYmvuy1IH6roIGkQ=", + "lastModified": 1742595055, + "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2d9b63316926aa130a5a51136d93b9be28808f26", + "rev": "e9f41de2a81f04390afd106959adf352a207628f", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1742435492, - "narHash": "sha256-ndzDOuL+HFcWwrHfEy+29b2sAc96DY78xRasLg0ONiI=", + "lastModified": 1742522036, + "narHash": "sha256-OmIHuzgZt38vn9SkysbS5D+KaAbKadtaKfODh0iWALk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "fee770e654c49d69aacbdaf291c8af819a67bb35", + "rev": "4cff80a994fd6edb6c62ee5439cd587b50871cf3", "type": "github" }, "original": { @@ -274,11 +274,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742422364, + "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", "type": "github" }, "original": { @@ -308,11 +308,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1742444385, - "narHash": "sha256-QUcFbv7JG9SqtLmBUEhoFRTaMefQnb/GeY/Ql4LcA6Y=", + "lastModified": 1742597341, + "narHash": "sha256-r9Tid/fvcxi6LjAtW7YbXGN1HAtz/XEQkWZVPw3pLvk=", "ref": "refs/heads/main", - "rev": "839273dc72d1e82d7941ba2459e5ed228f398573", - "revCount": 14, + "rev": "d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433", + "revCount": 15, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -328,11 +328,11 @@ ] }, "locked": { - "lastModified": 1742406979, - "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", + "lastModified": 1742595978, + "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", + "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d", "type": "github" }, "original": { diff --git a/nix-config-secrets b/nix-config-secrets index 839273d..d022f6b 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 839273dc72d1e82d7941ba2459e5ed228f398573 +Subproject commit d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433 From 2dfdb79f06967d64e0bda75e9fd92c6c8b3ae063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 18:33:57 -0500 Subject: [PATCH 0597/1043] fixed advertised tags on clients --- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 2f98cf8..c9ad6e8 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,7 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:server,tag:static" + "--advertise-tags=tag:client,tag:mobile" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 2c1b3d5..5da8a77 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,7 +58,7 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:server,tag:static" + "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 4f3064351316e803d23d941c3e1b7ad4ef6c8e86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 18:47:00 -0500 Subject: [PATCH 0598/1043] removed advertise tags from devices --- configurations/nixos/defiant/configuration.nix | 2 +- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9de9b38..6c2336a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -179,7 +179,7 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:server,tag:static" + # "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index c9ad6e8..b59b7e9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,7 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:client,tag:mobile" + # "--advertise-tags=tag:client,tag:mobile" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 5da8a77..6def768 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,7 +58,7 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:client,tag:static" + # "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 76d68cf146e11b75c86b9c1270d53b38593bf127 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 12:50:17 -0500 Subject: [PATCH 0599/1043] disabled home assistant --- .../nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/server/fail2ban.nix | 42 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6c2336a..5c3a7ed 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -108,7 +108,7 @@ subdomain = "search"; }; home-assistant = { - enable = true; + enable = false; subdomain = "home"; }; adguardhome = { diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index e3f6280..f410aeb 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -32,20 +32,20 @@ in { failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " '') ); - "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf + # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + # [INCLUDES] + # before = common.conf - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + # [Definition] + # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - ignoreregex = + # ignoreregex = - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); + # [Init] + # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + # '') + # ); "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] @@ -105,16 +105,16 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; + # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + # enabled = true; + # filter = "hass"; + # action = ''iptables-multiport[name=HTTP, port="http,https"]''; + # logpath = "${config.services.home-assistant.configDir}/*.log"; + # backend = "auto"; + # findtime = 600; + # bantime = 600; + # maxretry = 5; + # }; immich-iptables.settings = lib.mkIf config.services.immich.enable { enabled = true; filter = "immich"; From c7938c3fe796a1ca95ec4f05342c52ecab18be6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 13:01:25 -0500 Subject: [PATCH 0600/1043] moved fail2ban configs into service configs --- modules/nixos-modules/server/fail2ban.nix | 44 ----------------------- modules/nixos-modules/server/forgejo.nix | 26 ++++++++++++++ modules/nixos-modules/server/immich.nix | 22 ++++++++++++ modules/nixos-modules/server/jellyfin.nix | 25 +++++++++++++ 4 files changed, 73 insertions(+), 44 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f410aeb..6fdfd6a 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -20,18 +20,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." - '') - ); - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' # [INCLUDES] @@ -46,13 +34,6 @@ in { # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S # '') # ); - "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - '') - ); }; services.fail2ban = { @@ -85,26 +66,6 @@ in { bantime = 600; maxretry = 5; }; - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { # enabled = true; # filter = "hass"; @@ -115,11 +76,6 @@ in { # bantime = 600; # maxretry = 5; # }; - immich-iptables.settings = lib.mkIf config.services.immich.enable { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index f0c1974..d19e0ae 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: let forgejoPort = 8081; @@ -67,6 +68,31 @@ in { config.services.forgejo.settings.server.SSH_LISTEN_PORT ]; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + }; + + services.fail2ban = { + jails = { + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 2756e5c..5160701 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: let mediaLocation = "/var/lib/immich"; @@ -59,6 +60,27 @@ in { ]; }; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + '') + ); + }; + + services.fail2ban = { + jails = { + immich-iptables.settings = lib.mkIf config.services.immich.enable { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 77d5744..79e0ffa 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -53,6 +53,31 @@ in { pkgs.jellyfin-ffmpeg ]; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." + '') + ); + }; + + services.fail2ban = { + jails = { + jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + enabled = true; + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; From 597c25b49dcaded5ff32864fa42ac99cc8dcff4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 13:27:04 -0500 Subject: [PATCH 0601/1043] moved service config out of host namespace --- README.md | 1 - .../nixos/defiant/configuration.nix | 45 +++++----- modules/nixos-modules/server/fail2ban.nix | 9 +- modules/nixos-modules/server/forgejo.nix | 54 ++++++------ modules/nixos-modules/server/immich.nix | 15 +--- modules/nixos-modules/server/jellyfin.nix | 15 ++-- modules/nixos-modules/server/searx.nix | 84 +++++++++---------- 7 files changed, 98 insertions(+), 125 deletions(-) diff --git a/README.md b/README.md index 7c1908e..2c46110 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services -- move extra custom configuration for services out of host config and instead extend services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5c3a7ed..78c215d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -48,9 +48,6 @@ ]; }; }; - fail2ban = { - enable = true; - }; network_storage = { enable = true; directories = [ @@ -74,7 +71,7 @@ folder = "media"; user = "jellyfin"; group = "jellyfin_media"; - bind = config.host.jellyfin.media_directory; + bind = config.services.jellyfin.media_directory; } ]; nfs = { @@ -94,19 +91,6 @@ }; }; }; - jellyfin = { - enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; - }; - forgejo = { - enable = true; - subdomain = "git"; - }; - searx = { - enable = true; - subdomain = "search"; - }; home-assistant = { enable = false; subdomain = "home"; @@ -114,10 +98,6 @@ adguardhome = { enable = false; }; - immich = { - enable = true; - subdomain = "photos"; - }; sync = { enable = true; folders = { @@ -187,6 +167,29 @@ "--accept-dns=false" ]; }; + + fail2ban.enable = true; + + jellyfin = { + enable = true; + subdomain = "media"; + extraSubdomains = ["jellyfin"]; + }; + + immich = { + enable = true; + subdomain = "photos"; + }; + + forgejo = { + enable = true; + subdomain = "git"; + }; + + searx = { + enable = true; + subdomain = "search"; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 6fdfd6a..be83e6f 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -7,11 +7,7 @@ dataFolder = "/var/lib/fail2ban"; dataFile = "fail2ban.sqlite3"; in { - options.host.fail2ban = { - enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; - }; - - config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ + config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ { environment.etc = { "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( @@ -37,7 +33,6 @@ in { }; services.fail2ban = { - enable = true; maxretry = 5; ignoreIP = [ # Whitelist local networks @@ -90,8 +85,6 @@ in { ]; environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = dataFolder; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index d19e0ae..40a5303 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -9,8 +9,7 @@ db_user = "forgejo"; sshPort = 22222; in { - options.host.forgejo = { - enable = lib.mkEnableOption "should forgejo be enabled on this computer"; + options.services.forgejo = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that forgejo will be hosted at"; @@ -18,10 +17,10 @@ in { }; }; - config = lib.mkIf config.host.forgejo.enable (lib.mkMerge [ + config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString forgejoPort}"; }; postgres = { @@ -34,32 +33,29 @@ in { }; }; - services = { - forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + ROOT_URL = "https://git.jan-leila.com"; }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = config.users.users.git.name; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; }; }; }; diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 5160701..e7088a9 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -6,8 +6,7 @@ }: let mediaLocation = "/var/lib/immich"; in { - options.host.immich = { - enable = lib.mkEnableOption "should immich be enabled on this computer"; + options.services.immich = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that immich will be hosted at"; @@ -15,10 +14,10 @@ in { }; }; - config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.host.immich.subdomain} = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; websockets.enable = true; @@ -45,12 +44,6 @@ in { }; }; - services.immich = { - enable = true; - port = 2283; - # redis.enable = false; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedUDPPorts = [ config.services.immich.port @@ -89,8 +82,6 @@ in { } ]; environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = mediaLocation; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 79e0ffa..010ea1a 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -8,8 +8,7 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - options.host.jellyfin = { - enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; + options.services.jellyfin = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that jellyfin will be hosted at"; @@ -27,16 +26,14 @@ in { }; }; - config = lib.mkIf config.host.jellyfin.enable ( + config = lib.mkIf config.services.jellyfin.enable ( lib.mkMerge [ { - services.jellyfin.enable = true; - host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; - subdomain = config.host.jellyfin.subdomain; - extraSubdomains = config.host.jellyfin.extraSubdomains; + subdomain = config.services.jellyfin.subdomain; + extraSubdomains = config.services.jellyfin.extraSubdomains; forwardHeaders.enable = true; @@ -107,8 +104,6 @@ in { environment.persistence = { "/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = jellyfin_data_directory; @@ -128,7 +123,7 @@ in { hideMounts = true; directories = [ { - directory = config.host.jellyfin.media_directory; + directory = config.services.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index c578b41..d357308 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -4,8 +4,7 @@ inputs, ... }: { - options.host.searx = { - enable = lib.mkEnableOption "should searx be enabled on this computer"; + options.services.searx = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that searx will be hosted at"; @@ -13,7 +12,7 @@ }; }; - config = lib.mkIf config.host.searx.enable { + config = lib.mkIf config.services.searx.enable { sops.secrets = { "services/searx" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -21,56 +20,53 @@ }; host = { reverse_proxy.subdomains.searx = { - subdomain = config.host.searx.subdomain; + subdomain = config.services.searx.subdomain; target = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; - services = { - searx = { - enable = true; - environmentFile = config.sops.secrets."services/searx".path; + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; }; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; }; }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; }; }; } From 759390af8d4c650055d99c0f872dfb9002f9dd86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 14:35:54 -0500 Subject: [PATCH 0602/1043] removed unused syncthing config options --- .../nixos/defiant/configuration.nix | 15 ++------ .../nixos/horizon/configuration.nix | 11 ++---- .../nixos/twilight/configuration.nix | 11 ++---- modules/nixos-modules/sync.nix | 36 +------------------ 4 files changed, 7 insertions(+), 66 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 78c215d..e3d59bd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -98,19 +98,6 @@ adguardhome = { enable = false; }; - sync = { - enable = true; - folders = { - share = { - enable = true; - calendar.enable = true; - }; - leyla = { - documents.enable = true; - notes.enable = true; - }; - }; - }; }; networking = { hostId = "c51763d6"; @@ -168,6 +155,8 @@ ]; }; + syncthing.enable = true; + fail2ban.enable = true; jellyfin = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index b59b7e9..6375003 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -17,15 +17,6 @@ }; eve.isDesktopUser = true; }; - sync = { - enable = true; - folders = { - share.enable = true; - leyla = { - documents.enable = true; - }; - }; - }; }; environment.systemPackages = [ @@ -66,6 +57,8 @@ # "--advertise-tags=tag:client,tag:mobile" ]; }; + + syncthing.enable = true; }; networking = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 6def768..8467003 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -29,15 +29,6 @@ openRGB.enable = true; graphicsAcceleration.enable = true; }; - sync = { - enable = true; - folders = { - share.enable = true; - leyla = { - documents.enable = true; - }; - }; - }; }; services = { @@ -65,6 +56,8 @@ "--advertise-routes=192.168.0.0/24" ]; }; + + syncthing.enable = true; }; programs.steam = { enable = true; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index de361e6..8915dc8 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -7,39 +7,6 @@ mountDir = "/mnt/sync"; configDir = "/etc/syncthing"; in { - options.host.sync = { - enable = lib.mkEnableOption "should sync thing be enabled on this device"; - folders = { - share = { - enable = lib.mkEnableOption "should the share folder by synced"; - calendar = { - enable = lib.mkEnableOption "should the calendar folder be synced"; - }; - }; - leyla = { - documents = { - enable = lib.mkEnableOption "should the documents folder be synced"; - }; - notes = { - enable = lib.mkEnableOption "should the notes folder by synced"; - }; - }; - extraFolders = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({...}: { - options = { - path = lib.mkOption { - type = lib.types.str; - }; - devices = lib.mkOption { - type = lib.types.listof lib.types.str; - }; - }; - })); - default = {}; - }; - }; - }; - config = lib.mkMerge [ { systemd = lib.mkIf config.services.syncthing.enable { @@ -50,10 +17,9 @@ in { ]; }; } - (lib.mkIf config.host.sync.enable (lib.mkMerge [ + (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ { services.syncthing = { - enable = true; user = "syncthing"; group = "syncthing"; dataDir = "${mountDir}/default"; From ba5d5a14876d2398b4ca4bf4b7bdb80a84306cca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 14:39:19 -0500 Subject: [PATCH 0603/1043] removed all advertise tags comments --- configurations/nixos/defiant/configuration.nix | 1 - configurations/nixos/horizon/configuration.nix | 3 --- configurations/nixos/twilight/configuration.nix | 1 - 3 files changed, 5 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e3d59bd..f7131fd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -146,7 +146,6 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - # "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 6375003..082824d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -53,9 +53,6 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; - extraUpFlags = [ - # "--advertise-tags=tag:client,tag:mobile" - ]; }; syncthing.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 8467003..bbd8835 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -49,7 +49,6 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - # "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 77f1aa30b78f5f8fdaee3b23a787da509c105636 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Mar 2025 19:16:02 -0500 Subject: [PATCH 0604/1043] drafted out virt home assistant --- .../nixos/defiant/configuration.nix | 14 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 174 +++++++++++------- .../server/virt-home-assistant.nix | 155 ++++++++++++++++ 4 files changed, 270 insertions(+), 75 deletions(-) create mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f7131fd..7209aa9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -91,10 +91,10 @@ }; }; }; - home-assistant = { - enable = false; - subdomain = "home"; - }; + # home-assistant = { + # enable = false; + # subdomain = "home"; + # }; adguardhome = { enable = false; }; @@ -178,6 +178,12 @@ enable = true; subdomain = "search"; }; + + virt-home-assistant = { + enable = false; + networkBridge = "bond0"; + hostDevice = "0x10c4:0xea60"; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 956ad9e..6c3ba8e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./home-assistant.nix + ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 254e183..a90bd6d 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: let configDir = "/var/lib/hass"; @@ -16,81 +17,114 @@ in { config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ { - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - services.home-assistant = { - enable = true; - configDir = configDir; - extraComponents = [ - "met" - "radio_browser" - "isal" - "zha" - "jellyfin" - "webostv" - "tailscale" - "syncthing" - "sonos" - "analytics_insights" - "unifi" - "openweathermap" - ]; - config = { - http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - # recorder.db_url = "postgresql://@/${db_user}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts + virtualisation.libvirt = { + swtpm.enable = true; + connections."qemu:///session" = { + networks = [ + { + definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge + { + uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; + subnet_byte = 71; + }); + active = true; + } + ]; + domains = [ + { + definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux + { + name = "Home Assistant"; + uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; + memory = { + count = 4; + unit = "GiB"; + }; + # storage_vol = { + # pool = "MyPool"; + # volume = "Penguin.qcow2"; + # }; + }); + } ]; - }; - host = { - reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; }; }; + + # systemd.tmpfiles.rules = [ + # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + # ]; + # services.home-assistant = { + # enable = true; + # configDir = configDir; + # extraComponents = [ + # "met" + # "radio_browser" + # "isal" + # "zha" + # "jellyfin" + # "webostv" + # "tailscale" + # "syncthing" + # "sonos" + # "analytics_insights" + # "unifi" + # "openweathermap" + # ]; + # config = { + # http = { + # server_port = 8082; + # use_x_forwarded_for = true; + # trusted_proxies = ["127.0.0.1" "::1"]; + # ip_ban_enabled = true; + # login_attempts_threshold = 10; + # }; + # # recorder.db_url = "postgresql://@/${db_user}"; + # "automation manual" = []; + # "automation ui" = "!include automations.yaml"; + # }; + # extraPackages = python3Packages: + # with python3Packages; [ + # hassil + # numpy + # gtts + # ]; + # }; + # host = { + # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { + # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + # websockets.enable = true; + # forwardHeaders.enable = true; + + # extraConfig = '' + # add_header Upgrade $http_upgrade; + # add_header Connection \"upgrade\"; + + # proxy_buffering off; + + # proxy_read_timeout 90; + # ''; + # }; + # }; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; + # assertions = [ + # { + # assertion = config.services.home-assistant.configDir == configDir; + # message = "home assistant config directory does not match persistence"; + # } + # ]; + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # { + # directory = configDir; + # user = "hass"; + # group = "hass"; + # } + # ]; + # }; }) ]); } diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix new file mode 100644 index 0000000..4212668 --- /dev/null +++ b/modules/nixos-modules/server/virt-home-assistant.nix @@ -0,0 +1,155 @@ +{ + config, + lib, + pkgs, + ... +}: { + options.services.virt-home-assistant = { + enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; + networkBridge = lib.mkOption { + type = lib.types.str; + description = "what network bridge should we attach to the image"; + }; + hostDevice = lib.mkOption { + type = lib.types.str; + description = "what host devices should be attached to the image"; + }; + initialVersion = lib.mkOption { + type = lib.types.str; + description = "what home assistant image version should we pull for initial instal"; + default = "15.0"; + }; + imageName = lib.mkOption { + type = lib.types.str; + description = "where should the image be installed to"; + default = "home-assistant.qcow2"; + }; + installLocation = lib.mkOption { + type = lib.types.str; + description = "where should the image be installed to"; + default = "/etc/hass"; + }; + virtualMachineName = lib.mkOption { + type = lib.types.str; + description = "what name should we give the virtual machine"; + default = "home-assistant"; + }; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; + config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ + { + # environment.systemPackages = with pkgs; [ + # virt-manager + # ]; + + # TODO: move this to external module and just have an assertion here that its enabled + # enable virtualization on the system + virtualisation = { + libvirtd = { + enable = true; + qemu.ovmf.enable = true; + }; + }; + + # TODO: deactivation script? + # create service to install and start the container + systemd.services.virt-install-home-assistant = let + # TODO: all of these need to be escaped to be used in commands reliably + bridgedNetwork = config.services.virt-home-assistant.networkBridge; + hostDevice = config.services.virt-home-assistant.hostDevice; + virtualMachineName = config.services.virt-home-assistant.virtualMachineName; + imageName = config.services.virt-home-assistant.imageName; + installLocation = config.services.virt-home-assistant.installLocation; + installImage = "${installLocation}/${imageName}"; + initialVersion = config.services.virt-home-assistant.initialVersion; + + home-assistant-qcow2 = pkgs.fetchurl { + name = "home-assistant.qcow2"; + url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; + hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; + postFetch = '' + cp $out src.xz + rm -r $out + ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} + ''; + }; + + # Write a script to install the Home Assistant OS qcow2 image + virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' + # Copy the initial image out of the package store to the install location if we don't have one yet + if [ ! -f ${installImage} ]; then + cp ${home-assistant-qcow2} ${installLocation} + fi + + # Check if VM already exists, and other pre-conditions + if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then + ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ + --description "Home Assistant OS" \ + --os-variant=generic \ + --boot uefi \ + --ram=2048 \ + --vcpus=2 \ + --import \ + --disk ${installImage},bus=sata \ + --network bridge=${bridgedNetwork} \ + --host-device ${hostDevice} \ + --graphics none + ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} + fi + ''; + in { + description = "Install and start Home Assistant"; + wantedBy = ["multi-user.target"]; + after = ["local-fs.target"]; + requires = ["libvirtd.service"]; + serviceConfig.Type = "oneshot"; + serviceConfig = { + ExecStart = "${virtInstallScript}/bin/virt-install-hass"; + }; + }; + + # TODO: figure out what we need to proxy to the virtual image + # host = { + # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { + # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + # websockets.enable = true; + # forwardHeaders.enable = true; + + # extraConfig = '' + # add_header Upgrade $http_upgrade; + # add_header Connection \"upgrade\"; + + # proxy_buffering off; + + # proxy_read_timeout 90; + # ''; + # }; + # }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: figure out how to write a config for this, prob based on nginx proxy logs? + }) + (lib.mkIf config.host.impermanence.enable { + # assertions = [ + # { + # assertion = config.services.virt-home-assistant.installLocation == configDir; + # message = "home assistant install location does not match persistence"; + # } + # ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.virt-home-assistant.installLocation; + } + ]; + }; + }) + ]); +} From 629357a416f681c9aa72ed4b8eb1f470d358c2c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Mar 2025 17:22:46 -0500 Subject: [PATCH 0605/1043] port forwarded jellyfin port to stop logs from getting spammed --- .../nixos/defiant/hardware-configuration.nix | 2 +- .../nixos/horizon/configuration.nix | 43 ------------------- modules/nixos-modules/server/jellyfin.nix | 2 + 3 files changed, 3 insertions(+), 44 deletions(-) diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 85dcd9e..3b3ac45 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -72,7 +72,7 @@ networkConfig.DHCP = "yes"; address = [ - "192.168.1.10/24" + "192.168.1.10" ]; gateway = ["192.168.1.1"]; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 082824d..dabb2cf 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -31,9 +31,6 @@ "wireguard-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; }; - # "wireguard-keys/proton/horizon" = { - # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - # }; }; services = { @@ -58,46 +55,6 @@ syncthing.enable = true; }; - networking = { - # wg-quick.interfaces = { - # proton = { - # # IP address of this machine in the *tunnel network* - # address = ["10.2.0.1/32"]; - - # listenPort = 51820; - - # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - - # peers = [ - # { - # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "84.17.63.8:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "68.169.42.242:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; - # allowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; - # }; - }; - - # networking.extraHosts = '' - # # 192.168.1.204 jan-leila.com - # 192.168.1.204 media.jan-leila.com - # # 192.168.1.204 drive.jan-leila.com - # 192.168.1.204 git.jan-leila.com - # # 192.168.1.204 search.jan-leila.com - # ''; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 010ea1a..49d9a9f 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -49,6 +49,8 @@ in { pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From 239ab58b5c728cd132017d7b5b15f5ffac22c6a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 13:09:34 -0500 Subject: [PATCH 0606/1043] installed paperwork --- configurations/home-manager/leyla/packages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index cceffb6..f015e40 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -48,7 +48,6 @@ in { makemkv transmission_4-gtk onionshare - easytag # rhythmbox (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark @@ -56,6 +55,8 @@ in { # fritzing mfoc tor-browser + anki + paperwork # proprietary platforms discord @@ -63,8 +64,6 @@ in { # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - anki - # development tools # androidStudioPackages.canary jetbrains.idea-community From fd9d764e67aa415fd18438232cee44b872f98c0b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 14:24:43 -0500 Subject: [PATCH 0607/1043] uninstalled paperwork --- configurations/home-manager/leyla/packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index f015e40..5bc82b7 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,7 +56,6 @@ in { mfoc tor-browser anki - paperwork # proprietary platforms discord From 508e831a2a7b6db5e0d795582db21e6695e4021b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 15:40:12 -0500 Subject: [PATCH 0608/1043] renamed supernote notes share --- configurations/syncthing/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index 1934684..bd05d9f 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -6,7 +6,7 @@ leyla_calendar = { id = "8oatl-1rv6w"; }; - leyla_notes = { + leyla_supernote_notes = { id = "dwbuv-zffnf"; }; share = { @@ -25,8 +25,8 @@ folder = config.folders.leyla_calendar; path = "/mnt/sync/leyla/calendar"; }; - leyla_notes = { - folder = config.folders.leyla_notes; + leyla_supernote_notes = { + folder = config.folders.leyla_supernote_notes; path = "/mnt/sync/leyla/notes"; }; share = { @@ -64,12 +64,12 @@ coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; folders = { - share = { - folder = config.folders.share; - }; leyla_documents = { folder = config.folders.leyla_documents; }; + share = { + folder = config.folders.share; + }; }; }; ceder = { @@ -85,7 +85,7 @@ folder = config.folders.leyla_calendar; }; leyla_notes = { - folder = config.folders.leyla_notes; + folder = config.folders.leyla_supernote_notes; }; }; }; From bd608563c0a839d8941e3e9e14279323ef8afed4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 15:56:18 -0500 Subject: [PATCH 0609/1043] added emergent and eves records folders --- configurations/syncthing/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bd05d9f..397f678 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -9,6 +9,9 @@ leyla_supernote_notes = { id = "dwbuv-zffnf"; }; + eve_records = { + id = "by6at-d4h9n"; + }; share = { id = "73ot0-cxmkx"; }; @@ -29,6 +32,10 @@ folder = config.folders.leyla_supernote_notes; path = "/mnt/sync/leyla/notes"; }; + eve_records = { + folder = config.folders.eve_records; + path = "/mnt/sync/eve/records"; + }; share = { folder = config.folders.share; path = "/mnt/sync/default/share"; @@ -89,6 +96,17 @@ }; }; }; + emergent = { + id = "6MIDMKJ-7IFHXVX-FIR3YTB-KVE75LN-PA6IOTN-I257LWR-MMC4K6C-5H4SHQN"; + folders = { + eve_records = { + folder = config.folders.eve_records; + }; + share = { + folder = config.folders.share; + }; + }; + }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; folders = { From 70ed1618b5ad7af115afa97af089f71aad14d876 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 17:11:22 -0500 Subject: [PATCH 0610/1043] added pdfarranger and calibre to applications --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 5bc82b7..c4bfda2 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,6 +56,7 @@ in { mfoc tor-browser anki + pdfarranger # proprietary platforms discord From 89534b38d36de9cceb7f6576c5cbe632ace6102d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 10:06:31 -0500 Subject: [PATCH 0611/1043] added calibre to leyla packages --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index c4bfda2..43124a7 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -57,6 +57,7 @@ in { tor-browser anki pdfarranger + calibre # proprietary platforms discord From f77ff8d28422d7bc68c6dbc6184666ccc1b8288d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 11:43:51 -0500 Subject: [PATCH 0612/1043] updated flake lock and disabled lix again --- flake.lock | 128 ++++++++--------------------------------------- flake.nix | 8 +-- util/default.nix | 4 +- 3 files changed, 28 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 56a5cd1..b9809b3 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742489760, - "narHash": "sha256-OkYl/wf09cKviSV1R6SshcRmeX1iDNEKCMg5KlmTwK0=", + "lastModified": 1743119709, + "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "10f7b577f5081b30ca6b7fd5f98de8d7dfdb5a27", + "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65", "type": "gitlab" }, "original": { @@ -91,39 +91,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -131,11 +98,11 @@ ] }, "locked": { - "lastModified": 1742588233, - "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=", + "lastModified": 1743259333, + "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d", + "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68", "type": "github" }, "original": { @@ -159,41 +126,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -201,11 +133,11 @@ ] }, "locked": { - "lastModified": 1742595055, - "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", + "lastModified": 1743221873, + "narHash": "sha256-i8VPNm4UBsC3Ni6VwjojVJvCpS9GZ4vPrpFRtCGJzBs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e9f41de2a81f04390afd106959adf352a207628f", + "rev": "53d0f0ed11487a4476741fde757d0feabef4cc4e", "type": "github" }, "original": { @@ -237,17 +169,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1742522036, - "narHash": "sha256-OmIHuzgZt38vn9SkysbS5D+KaAbKadtaKfODh0iWALk=", + "lastModified": 1743213162, + "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4cff80a994fd6edb6c62ee5439cd587b50871cf3", + "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742376361, - "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=", + "lastModified": 1743167577, + "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9", + "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42", "type": "github" }, "original": { @@ -274,11 +206,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1743095683, + "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", "type": "github" }, "original": { @@ -295,7 +227,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -328,11 +259,11 @@ ] }, "locked": { - "lastModified": 1742595978, - "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -355,21 +286,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f9cb9a6..c5968db 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index c6e0e06..4b713da 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From c1b52262b686226212ad052e06b740f959cadfca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 14:56:30 -0500 Subject: [PATCH 0613/1043] removed completed task from tech debt tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2c46110..bc31eca 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folder passwords - nfs export should be backed by the same values for server and client -- move fail2ban configs out of fail2ban.nix and into configs for their respective services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts From 8a3aaba17c4ddf321c0ea5e0a2525c69e27360d4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Mar 2025 13:23:16 -0500 Subject: [PATCH 0614/1043] added qbittorrent package --- configurations/home-manager/leyla/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 43124a7..449e828 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -58,6 +58,7 @@ in { anki pdfarranger calibre + qbittorrent # proprietary platforms discord @@ -78,7 +79,7 @@ in { openvpn noisetorch - # hardware managment tools + # hardware management tools (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) From 2f6e566acca7919850108eeebe28379a2f7de860 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 15:25:22 -0500 Subject: [PATCH 0615/1043] updated wireguard keys file to vpn keys file --- .sops.yaml | 2 +- .../nixos/defiant/configuration.nix | 6 +- .../nixos/horizon/configuration.nix | 6 +- .../nixos/twilight/configuration.nix | 6 +- flake.lock | 56 +++++++++---------- nix-config-secrets | 2 +- 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 3f54dcc..b8b0adf 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,7 @@ creation_rules: key_groups: - age: - *leyla - - path_regex: secrets/wireguard-keys.yaml$ + - path_regex: secrets/vpn-keys.yaml$ key_groups: - age: - *leyla diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7209aa9..7455812 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -6,8 +6,8 @@ ... }: { sops.secrets = { - "wireguard-keys/tailscale-authkey/defiant" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/defiant" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -140,7 +140,7 @@ }; tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index dabb2cf..5f1fd3a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -28,8 +28,8 @@ programs.adb.enable = true; sops.secrets = { - "wireguard-keys/tailscale-authkey/horizon" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/horizon" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; }; @@ -48,7 +48,7 @@ }; tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bbd8835..73dd642 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,8 +10,8 @@ nixpkgs.config.allowUnfree = true; sops.secrets = { - "wireguard-keys/tailscale-authkey/twilight" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/twilight" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; }; host = { @@ -44,7 +44,7 @@ tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; extraUpFlags = [ "--advertise-exit-node" diff --git a/flake.lock b/flake.lock index b9809b3..d9ea0b7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1743524395, + "narHash": "sha256-BXVan1TBC2iDJODFvCoz2XrbAOyZ9KWjwyIkOYwO4Mc=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "f6dbc8952df9e40afafbe38449751bfad12d64f2", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1743119709, - "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=", + "lastModified": 1743527765, + "narHash": "sha256-Y7TQ4bseuTjnXu3/Km8ylRIkyiYrZjwp5cqcb/7bJzs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65", + "rev": "d7c0454483cf3644c8e5d3094ad2f1ee2cdcc6b0", "type": "gitlab" }, "original": { @@ -98,11 +98,11 @@ ] }, "locked": { - "lastModified": 1743259333, - "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=", + "lastModified": 1743527271, + "narHash": "sha256-EuanEW1qqXZ2h0zJnq7uz8BoHbsgHgUrqWkCZHwZ9FA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68", + "rev": "f4d9d1e2ad19d544a0a0cf3f8f371c6139c762e9", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1743221873, - "narHash": "sha256-i8VPNm4UBsC3Ni6VwjojVJvCpS9GZ4vPrpFRtCGJzBs=", + "lastModified": 1743496612, + "narHash": "sha256-emPWa5lmKbnyuj8c1mSJUkzJNT+iJoU9GMcXwjp2oVM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "53d0f0ed11487a4476741fde757d0feabef4cc4e", + "rev": "73d59580d01e9b9f957ba749f336a272869c42dd", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1743213162, - "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", + "lastModified": 1743473153, + "narHash": "sha256-RVOgS/5+Nd/Oq3aXhIk8Y3aAILCYwm8nmrvLogy1hI0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", + "rev": "57ed10b9d4395687b38277f422fbb0700f65e632", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743167577, - "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -206,11 +206,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743095683, - "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", "type": "github" }, "original": { @@ -239,11 +239,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1742597341, - "narHash": "sha256-r9Tid/fvcxi6LjAtW7YbXGN1HAtz/XEQkWZVPw3pLvk=", + "lastModified": 1743538790, + "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", "ref": "refs/heads/main", - "rev": "d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433", - "revCount": 15, + "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", + "revCount": 17, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -259,11 +259,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1743502316, + "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", "type": "github" }, "original": { diff --git a/nix-config-secrets b/nix-config-secrets index d022f6b..3d63dff 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433 +Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 From 899617266f486b447a503bf056eb6642b4c03ed4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 16:22:44 -0500 Subject: [PATCH 0616/1043] created p2p wireguard interface for defiant --- .../nixos/defiant/configuration.nix | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7455812..ae69c26 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,6 +9,9 @@ "vpn-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; + "vpn-keys/proton-wireguard/defiant-p2p" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; @@ -101,6 +104,24 @@ }; networking = { hostId = "c51763d6"; + + wireguard.interfaces = { + p2p = { + ips = ["10.2.0.2/32"]; + listenPort = 51820; + + privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + + peers = [ + { + publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "185.230.126.146:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; }; services = { From 89c8cff8a9e37adde267630a425f658af5259f87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 20:47:32 -0500 Subject: [PATCH 0617/1043] created qbittorrent config --- flake.nix | 2 + modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/qbittorent.nix | 160 ++++++++++++++++++++ modules/nixos-modules/users.nix | 16 ++ 4 files changed, 179 insertions(+) create mode 100644 modules/nixos-modules/server/qbittorent.nix diff --git a/flake.nix b/flake.nix index c5968db..ba10d20 100644 --- a/flake.nix +++ b/flake.nix @@ -147,6 +147,8 @@ nix-inspect # for installing flakes from this repo onto other systems nixos-anywhere + # for updating disko configurations + disko ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 6c3ba8e..7beee8b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -11,5 +11,6 @@ ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix + ./qbittorent.nix ]; } diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix new file mode 100644 index 0000000..9b7b7e8 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent.nix @@ -0,0 +1,160 @@ +{ + lib, + pkgs, + config, + ... +}: let + qbittorent_data_directory = "/var/lib/qbittorrent"; +in { + options.services.qbittorrent = { + enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/qbittorrent"; + description = lib.mdDoc '' + The directory where qBittorrent stores its data files. + ''; + }; + + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + User account under which qBittorrent runs. + ''; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + Group under which qBittorrent runs. + ''; + }; + + webPort = lib.mkOption { + type = lib.types.port; + default = 8080; + description = lib.mdDoc '' + qBittorrent web UI port. + ''; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open services.qBittorrent.webPort to the outside network."; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.qbittorrent-nox; + defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; + description = "The qbittorrent package to use."; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ + { + networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { + allowedTCPPorts = [config.services.qbittorrent.webPort]; + }; + + systemd.services.qbittorrent = { + # based on the plex.nix service module and + # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in + description = "qBittorrent-nox service"; + documentation = ["man:qbittorrent-nox(1)"]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + Type = "simple"; + User = config.services.qbittorrent.user; + Group = config.services.qbittorrent.group; + + # Run the pre-start script with full permissions (the "!" prefix) so it + # can create the data directory if necessary. + ExecStartPre = let + preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' + #!${pkgs.bash}/bin/bash + + # Create data directory if it doesn't exist + if ! test -d "$QBT_PROFILE"; then + echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" + install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" + fi + ''; + in "!${preStartScript}"; + + #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; + ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; + # To prevent "Quit & shutdown daemon" from working; we want systemd to + # manage it! + #Restart = "on-success"; + #UMask = "0002"; + #LimitNOFILE = cfg.openFilesLimit; + }; + + environment = { + QBT_PROFILE = config.services.qbittorrent.dataDir; + QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_data_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7bdb3dd..18cf06f 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -23,6 +23,7 @@ ollama = 2008; git = 2009; immich = 2010; + qbittorrent = 2011; }; gids = { @@ -38,6 +39,7 @@ ollama = 2008; git = 2009; immich = 2010; + qbittorrent = 2011; }; users = config.users.users; @@ -159,6 +161,12 @@ in { isSystemUser = true; group = config.users.users.immich.name; }; + + qbittorrent = { + uid = lib.mkForce uids.qbittorrent; + isNormalUser = true; + group = config.users.users.qbittorrent.name; + }; }; groups = { @@ -255,6 +263,14 @@ in { # leyla ]; }; + + qbittorrent = { + gid = lib.mkForce gids.qbittorrent; + members = [ + users.qbittorrent.name + leyla + ]; + }; }; }; } From e293c838417da265765183073cf7ced505423122 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 22:33:18 -0500 Subject: [PATCH 0618/1043] tried to fix wireguard config --- .../nixos/defiant/configuration.nix | 92 ++++++++++++++++--- .../nixos/defiant/hardware-configuration.nix | 30 +----- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae69c26..199c1ba 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -11,6 +11,9 @@ }; "vpn-keys/proton-wireguard/defiant-p2p" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + mode = "0640"; + owner = "root"; + group = "systemd-network"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -102,26 +105,84 @@ enable = false; }; }; - networking = { - hostId = "c51763d6"; - wireguard.interfaces = { - p2p = { - ips = ["10.2.0.2/32"]; - listenPort = 51820; + systemd.network = { + enable = true; - privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + config = { + routeTables = { + p2p = 1; + }; + }; - peers = [ + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + + "15-p2p" = { + netdevConfig = { + Kind = "wireguard"; + Name = "p2p0"; + MTUBytes = "1300"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + # RouteTable = "p2p"; + }; + wireguardPeers = [ { - publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "185.230.126.146:51820"; - persistentKeepalive = 25; + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + AllowedIPs = ["0.0.0.0/0"]; + RouteTable = "off"; } ]; }; }; + networks = { + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; + + address = [ + "192.168.1.10/32" + ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; + }; + + "45-p2p" = { + matchConfig.Name = "p2p0"; + address = [ + "10.2.0.2/32" + ]; + # routingPolicyRules = [ + # { + # From = "10.2.0.2/32"; + # Table = "p2p"; + # } + # { + # To = "10.2.0.2/32"; + # Table = "p2p"; + # } + # ]; + linkConfig.RequiredForOnline = false; + }; + }; }; services = { @@ -205,6 +266,13 @@ networkBridge = "bond0"; hostDevice = "0x10c4:0xea60"; }; + + qbittorrent = { + enable = true; + mediaDir = "/srv/qbittorent"; + openFirewall = true; + webPort = 8084; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 3b3ac45..d4a638b 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -34,25 +34,13 @@ networking = { hostName = "defiant"; # Define your hostname. + hostId = "c51763d6"; useNetworkd = true; }; systemd.network = { enable = true; - netdevs = { - "10-bond0" = { - netdevConfig = { - Kind = "bond"; - Name = "bond0"; - }; - bondConfig = { - Mode = "802.3ad"; - TransmitHashPolicy = "layer3+4"; - }; - }; - }; - networks = { "30-eno1" = { matchConfig.Name = "eno1"; @@ -62,22 +50,6 @@ matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; }; - - "40-bond0" = { - matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "degraded-carrier"; - RequiredFamilyForOnline = "any"; - }; - networkConfig.DHCP = "yes"; - - address = [ - "192.168.1.10" - ]; - - gateway = ["192.168.1.1"]; - dns = ["192.168.1.1"]; - }; }; }; From 669132d67f47b0b8806a56fe1a9990c955e7a089 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 02:59:28 -0500 Subject: [PATCH 0619/1043] installed sox --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 449e828..d9f1b32 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -21,6 +21,7 @@ in { lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ # command line tools + sox yt-dlp ffmpeg imagemagick From eb738c14770b626f7e1bd367ee24258c0029658f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 03:14:35 -0500 Subject: [PATCH 0620/1043] cleaned up excluded packages --- .../nixos/defiant/configuration.nix | 25 ++++++------------- modules/nixos-modules/desktop.nix | 20 ++++++++++++++- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 199c1ba..ca9a291 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -127,11 +127,11 @@ }; }; - "15-p2p" = { + "15-p2p0" = { netdevConfig = { Kind = "wireguard"; Name = "p2p0"; - MTUBytes = "1300"; + MTUBytes = "1280"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; @@ -165,21 +165,16 @@ dns = ["192.168.1.1"]; }; - "45-p2p" = { + "45-p2p0" = { matchConfig.Name = "p2p0"; address = [ "10.2.0.2/32" ]; - # routingPolicyRules = [ - # { - # From = "10.2.0.2/32"; - # Table = "p2p"; - # } - # { - # To = "10.2.0.2/32"; - # Table = "p2p"; - # } - # ]; + routes = [ + { + Destination = "0.0.0.0/0"; + } + ]; linkConfig.RequiredForOnline = false; }; }; @@ -203,11 +198,7 @@ }; desktopManager = { gnome.enable = true; - xterm.enable = false; }; - - # Get rid of xTerm - excludePackages = [pkgs.xterm]; }; ollama = { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 22a7b65..2182cb2 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -27,7 +27,25 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = [pkgs.xterm]; + excludePackages = with pkgs; [ + xterm + transmission_4-qt + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + geary # email reader + gedit # text editor + gnome-characters + gnome-music + gnome-photos + gnome-tour + gnome-logs + gnome-maps + hitori # sudoku game + iagno # go game + tali # poker game + yelp # help viewer + ]; }; pipewire = { From 1637a83f846f6e3d7b5f5b5ea5f869cbcc014d40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 03:18:39 -0500 Subject: [PATCH 0621/1043] removed unused variable --- configurations/nixos/defiant/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca9a291..713eaf9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -2,7 +2,6 @@ { inputs, config, - pkgs, ... }: { sops.secrets = { From 4eea3aa57d7e7b2c51f3cdc2f06a473f1b5b2244 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 17:17:56 -0500 Subject: [PATCH 0622/1043] exposed jellyfin dlan --- modules/nixos-modules/server/jellyfin.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 49d9a9f..a8bbe71 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -5,6 +5,7 @@ ... }: let jellyfinPort = 8096; + dlanPort = 1900; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { @@ -50,7 +51,7 @@ in { pkgs.jellyfin-ffmpeg ]; - networking.firewall.allowedTCPPorts = [jellyfinPort]; + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From ee0697f4061de60453897e4cc4acc998284f685f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 22:37:31 -0500 Subject: [PATCH 0623/1043] updated flake --- flake.lock | 66 +++++++++++++++++++++--------------------------------- 1 file changed, 25 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index d9ea0b7..5e946bb 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1743524395, - "narHash": "sha256-BXVan1TBC2iDJODFvCoz2XrbAOyZ9KWjwyIkOYwO4Mc=", + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", "owner": "nix-community", "repo": "disko", - "rev": "f6dbc8952df9e40afafbe38449751bfad12d64f2", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", "type": "github" }, "original": { @@ -22,18 +22,17 @@ }, "firefox-addons": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1743527765, - "narHash": "sha256-Y7TQ4bseuTjnXu3/Km8ylRIkyiYrZjwp5cqcb/7bJzs=", + "lastModified": 1744586538, + "narHash": "sha256-cg6T6QnfIwAino7ruCQdqB4g6mj2aKg8Rbqjo6LiBDs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "d7c0454483cf3644c8e5d3094ad2f1ee2cdcc6b0", + "rev": "a3fe27c14a5cdd64a5319b3f83a1c65e29c9b4e1", "type": "gitlab" }, "original": { @@ -59,21 +58,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1629284811, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -98,11 +82,11 @@ ] }, "locked": { - "lastModified": 1743527271, - "narHash": "sha256-EuanEW1qqXZ2h0zJnq7uz8BoHbsgHgUrqWkCZHwZ9FA=", + "lastModified": 1744600951, + "narHash": "sha256-LNAAfQTDXSwtYYlh/v/tMwnCqeQAEHlBC9PgyQK5b/Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "f4d9d1e2ad19d544a0a0cf3f8f371c6139c762e9", + "rev": "e980d0e0e216f527ea73cfd12c7b019eceffa7f1", "type": "github" }, "original": { @@ -133,11 +117,11 @@ ] }, "locked": { - "lastModified": 1743496612, - "narHash": "sha256-emPWa5lmKbnyuj8c1mSJUkzJNT+iJoU9GMcXwjp2oVM=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "73d59580d01e9b9f957ba749f336a272869c42dd", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -169,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1743473153, - "narHash": "sha256-RVOgS/5+Nd/Oq3aXhIk8Y3aAILCYwm8nmrvLogy1hI0=", + "lastModified": 1744595919, + "narHash": "sha256-lFuezewhTch2FFZfB6Bx31Ls3+ixt2UYp7rJtpOlgFI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "57ed10b9d4395687b38277f422fbb0700f65e632", + "rev": "ea3fe071c83dae7e6a485f7f648b4914eabea683", "type": "github" }, "original": { @@ -190,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -206,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -259,11 +243,11 @@ ] }, "locked": { - "lastModified": 1743502316, - "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", + "lastModified": 1744518500, + "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", + "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", "type": "github" }, "original": { From 7f6f36378ce3f8a0b338c58dedd865aef4ceebdf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 23:07:57 -0500 Subject: [PATCH 0624/1043] removed many packages from defiant --- .../home-manager/leyla/packages.nix | 94 ++++++++++--------- .../nixos/horizon/configuration.nix | 4 + .../nixos/twilight/configuration.nix | 1 + modules/nixos-modules/desktop.nix | 1 - modules/nixos-modules/hardware.nix | 3 + 5 files changed, 57 insertions(+), 46 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index d9f1b32..460fa1f 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -29,62 +29,66 @@ in { ) ++ ( lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ + (with pkgs; [ # helvetica font aileron gnomeExtensions.dash-to-dock - #foss platforms - signal-desktop - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - transmission_4-gtk - onionshare - # rhythmbox - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - anki - pdfarranger - calibre - qbittorrent - - # proprietary platforms - discord - obsidian - # steam - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - # development tools - # androidStudioPackages.canary - jetbrains.idea-community dbeaver-bin bruno - qFlipper proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent - # system tools - protonvpn-gui - openvpn - noisetorch + # proprietary platforms + discord + obsidian + # steam + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ] + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) ) ); }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5f1fd3a..ae0c8de 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -17,6 +17,10 @@ }; eve.isDesktopUser = true; }; + + hardware = { + directAccess.enable = true; + }; }; environment.systemPackages = [ diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 73dd642..47e41ec 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -28,6 +28,7 @@ viaKeyboard.enable = true; openRGB.enable = true; graphicsAcceleration.enable = true; + directAccess.enable = true; }; }; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 2182cb2..cf59cd9 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -29,7 +29,6 @@ desktopManager.xterm.enable = false; excludePackages = with pkgs; [ xterm - transmission_4-qt atomix # puzzle game cheese # webcam tool epiphany # web browser diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index b002658..1b22ece 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -12,5 +12,8 @@ graphicsAcceleration = { enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; }; + directAccess = { + enable = lib.mkEnableOption "can a host be used on its own"; + }; }; } From 004dd743ed479f078396586d79532d95f158f610 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 15 Apr 2025 20:05:12 -0500 Subject: [PATCH 0625/1043] added import on file move setting to vs code --- configurations/home-manager/leyla/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index 2aa4059..9ea3898 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -39,6 +39,7 @@ in { "cSpell.userWords" = [ "webdav" ]; + "javascript.updateImportsOnFileMove.enabled" = "always"; } (lib.mkIf nix-development-enabled { "nix.enableLanguageServer" = true; From e20b752d11ddd26eeb3ac4ee76c964cf2fc888e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:05:04 -0500 Subject: [PATCH 0626/1043] default to tabs with a tab size of 2 --- configurations/home-manager/leyla/vscode.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index 9ea3898..a721c5f 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -40,6 +40,8 @@ in { "webdav" ]; "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; } (lib.mkIf nix-development-enabled { "nix.enableLanguageServer" = true; From af894531cdacc15947dabd7dc7223cb0471246a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:07:36 -0500 Subject: [PATCH 0627/1043] updated signal package for eve --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 3042382..0ea88ee 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -63,7 +63,7 @@ in { bitwarden discord makemkv - signal-desktop + signal-desktop-bin ungoogled-chromium ] ); From 060dff826adec559f19ce9969c6a82d0b4b388fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:18:27 -0500 Subject: [PATCH 0628/1043] replaced better toml --- configurations/home-manager/leyla/vscode.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index a721c5f..e42c4cd 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -97,7 +97,7 @@ in { unifiedjs.vscode-mdx # misc extensions - bungcip.better-toml + tamasfe.even-better-toml ] ++ ( lib.lists.optionals osConfig.services.ollama.enable [ From 1f610845c814bb24cc9e4b627c1593c8d5859f60 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:30:32 -0500 Subject: [PATCH 0629/1043] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5e946bb..f1cb717 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744586538, - "narHash": "sha256-cg6T6QnfIwAino7ruCQdqB4g6mj2aKg8Rbqjo6LiBDs=", + "lastModified": 1744813899, + "narHash": "sha256-5J6kSkPbtuyX0tRggqadwulpqdgWHyQEDwhqVnY0T+g=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a3fe27c14a5cdd64a5319b3f83a1c65e29c9b4e1", + "rev": "f6dff741f9f485b3596a368704ec171d9eb8c7cd", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1744600951, - "narHash": "sha256-LNAAfQTDXSwtYYlh/v/tMwnCqeQAEHlBC9PgyQK5b/Q=", + "lastModified": 1744820898, + "narHash": "sha256-gUldr3LtCm/OfEnbH6sFFlyyxqPMCsfMs2Ha+0fdPDs=", "owner": "nix-community", "repo": "home-manager", - "rev": "e980d0e0e216f527ea73cfd12c7b019eceffa7f1", + "rev": "7ede02c32a729db0d6340bdb41d10e73ec511ca0", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1744595919, - "narHash": "sha256-lFuezewhTch2FFZfB6Bx31Ls3+ixt2UYp7rJtpOlgFI=", + "lastModified": 1744768710, + "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ea3fe071c83dae7e6a485f7f648b4914eabea683", + "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1744518500, - "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { From 3994002e0d60785d0d1d33cd901ed632eeff99e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 17 Apr 2025 00:44:44 -0500 Subject: [PATCH 0630/1043] installed picard --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 460fa1f..0be9ab5 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -66,6 +66,7 @@ in { pdfarranger calibre qbittorrent + picard # proprietary platforms discord From bc3efbe2cbebdfaa7c2329373116040cf97054c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 19 Apr 2025 11:02:25 -0500 Subject: [PATCH 0631/1043] disabled vpn on defiant --- .../nixos/defiant/configuration.nix | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 713eaf9..8e1eab8 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" + "ata-ST18000NT001-3NF101_ZVTEZACV" # this one is broken replace with "ata-ST18000NT001-XXXXXX_ZVTJ732N" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" @@ -108,11 +108,11 @@ systemd.network = { enable = true; - config = { - routeTables = { - p2p = 1; - }; - }; + # config = { + # routeTables = { + # p2p = 1; + # }; + # }; netdevs = { "10-bond0" = { @@ -126,26 +126,26 @@ }; }; - "15-p2p0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "p2p0"; - MTUBytes = "1280"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - ListenPort = 51820; - # RouteTable = "p2p"; - }; - wireguardPeers = [ - { - PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - Endpoint = "185.230.126.146:51820"; - AllowedIPs = ["0.0.0.0/0"]; - RouteTable = "off"; - } - ]; - }; + # "15-p2p0" = { + # netdevConfig = { + # Kind = "wireguard"; + # Name = "p2p0"; + # MTUBytes = "1280"; + # }; + # wireguardConfig = { + # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + # ListenPort = 51820; + # # RouteTable = "p2p"; + # }; + # wireguardPeers = [ + # { + # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + # Endpoint = "185.230.126.146:51820"; + # AllowedIPs = ["0.0.0.0/0"]; + # RouteTable = "off"; + # } + # ]; + # }; }; networks = { "40-bond0" = { @@ -164,18 +164,18 @@ dns = ["192.168.1.1"]; }; - "45-p2p0" = { - matchConfig.Name = "p2p0"; - address = [ - "10.2.0.2/32" - ]; - routes = [ - { - Destination = "0.0.0.0/0"; - } - ]; - linkConfig.RequiredForOnline = false; - }; + # "45-p2p0" = { + # matchConfig.Name = "p2p0"; + # address = [ + # "10.2.0.2/32" + # ]; + # routes = [ + # { + # Destination = "0.0.0.0/0"; + # } + # ]; + # linkConfig.RequiredForOnline = false; + # }; }; }; From 3978d58c1a69adeb23257a5fa37dd57b7ef9460f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 24 Apr 2025 19:12:26 -0500 Subject: [PATCH 0632/1043] installed steam on horizon --- configurations/home-manager/leyla/packages.nix | 1 - configurations/nixos/horizon/configuration.nix | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 0be9ab5..506c2b3 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -71,7 +71,6 @@ in { # proprietary platforms discord obsidian - # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index ae0c8de..63ed59d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -8,6 +8,8 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; + nixpkgs.config.allowUnfree = true; + host = { users = { leyla = { @@ -29,7 +31,14 @@ {}) ]; - programs.adb.enable = true; + programs = { + adb.enable = true; + steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + }; sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { From 3f37eea9a82bf2360144d5a2f288bdd33ba9d228 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 May 2025 22:18:04 -0500 Subject: [PATCH 0633/1043] enabled ollama on twilight --- configurations/nixos/twilight/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 47e41ec..3d8e6b1 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -34,7 +34,7 @@ services = { ollama = { - enable = false; + enable = true; loadModels = [ "deepseek-coder:6.7b" From 7644c3a4305fb59f0da0e205cc57d2e9650cd5be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 2 May 2025 17:20:35 -0500 Subject: [PATCH 0634/1043] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f1cb717..cba3bfe 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1745812220, + "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744813899, - "narHash": "sha256-5J6kSkPbtuyX0tRggqadwulpqdgWHyQEDwhqVnY0T+g=", + "lastModified": 1746187242, + "narHash": "sha256-wtfhdDEPsxKYaJHCt0+eYaLm9pFVw594MZzQqP6iIE0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f6dff741f9f485b3596a368704ec171d9eb8c7cd", + "rev": "982ed2da17695d932b695eacaec05c8ca053f8fc", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1744820898, - "narHash": "sha256-gUldr3LtCm/OfEnbH6sFFlyyxqPMCsfMs2Ha+0fdPDs=", + "lastModified": 1746204974, + "narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=", "owner": "nix-community", "repo": "home-manager", - "rev": "7ede02c32a729db0d6340bdb41d10e73ec511ca0", + "rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1745816321, + "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1744768710, - "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", + "lastModified": 1746151051, + "narHash": "sha256-zdPTKcfvZ/mL9urzbJuQVbsIJTNIKVmI9QEimb7xIAM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", + "rev": "31e24801a4d8eabd8c500237af732ca2ab305326", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1745955289, + "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { From 17fc9618ba116bd1f13df4776f2c0a47d9bf8110 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 10 May 2025 16:44:47 -0500 Subject: [PATCH 0635/1043] disabled activity feed on home page --- configurations/home-manager/leyla/firefox.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index eef5d88..2781fe4 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -121,6 +121,7 @@ "trailhead.firstrun.didSeeAboutWelcome" = true; "browser.bookmarks.restore_default_bookmarks" = false; "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; # Usage Experiance "browser.startup.homepage" = "about:home"; From 825bdfc50610dfd55e897ef0401febc6a3b47f48 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 10 May 2025 16:58:04 -0500 Subject: [PATCH 0636/1043] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index cba3bfe..ad193be 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1745812220, - "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", + "lastModified": 1746729224, + "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", "owner": "nix-community", "repo": "disko", - "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", + "rev": "85555d27ded84604ad6657ecca255a03fd878607", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1746187242, - "narHash": "sha256-wtfhdDEPsxKYaJHCt0+eYaLm9pFVw594MZzQqP6iIE0=", + "lastModified": 1746849806, + "narHash": "sha256-6vJX4DnhDlWNtOOh3v08YqPgjJblfgHnV9562nPHNEo=", "owner": "rycee", "repo": "nur-expressions", - "rev": "982ed2da17695d932b695eacaec05c8ca053f8fc", + "rev": "e2408d3f94a6b658e12f135501aa7fd38efabc72", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1746204974, - "narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=", + "lastModified": 1746912617, + "narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f", + "rev": "9ef92f1c6b77944198fd368ec805ced842352a1d", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1745816321, - "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=", + "lastModified": 1746708654, + "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01", + "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746151051, - "narHash": "sha256-zdPTKcfvZ/mL9urzbJuQVbsIJTNIKVmI9QEimb7xIAM=", + "lastModified": 1746842090, + "narHash": "sha256-W/WqQ8VGZ4tlV6BAFGY6BDEc5ShAm4i3pv5c3s3YlUI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "31e24801a4d8eabd8c500237af732ca2ab305326", + "rev": "5603fb6fb99f68dfc244429c79a7b706ed9a2fd7", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745955289, - "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", + "lastModified": 1746814339, + "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", + "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1746663147, + "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { From aa15f1ffe5fd0bc0f9798911c7e19cc73bd914ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:07:56 -0500 Subject: [PATCH 0637/1043] updated flake lock --- flake.lock | 54 ++++++++++++++++---------------- modules/nixos-modules/system.nix | 1 + 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index ad193be..1a03eab 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1746729224, - "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "85555d27ded84604ad6657ecca255a03fd878607", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1746849806, - "narHash": "sha256-6vJX4DnhDlWNtOOh3v08YqPgjJblfgHnV9562nPHNEo=", + "lastModified": 1747973023, + "narHash": "sha256-v2OgykASspKAyL+hYKlfa9PM4cwlFZ7/WQ1uvd256ko=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e2408d3f94a6b658e12f135501aa7fd38efabc72", + "rev": "c7ee05a5dc9b52ba7a6a660537fabaf711b7790a", "type": "gitlab" }, "original": { @@ -44,11 +44,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1746912617, - "narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9ef92f1c6b77944198fd368ec805ced842352a1d", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1746708654, - "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", + "lastModified": 1748004251, + "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", + "rev": "33220d4791784e4dd4739edd3f6c028020082f91", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746842090, - "narHash": "sha256-W/WqQ8VGZ4tlV6BAFGY6BDEc5ShAm4i3pv5c3s3YlUI=", + "lastModified": 1747965670, + "narHash": "sha256-O91kjsTL7xccgTQr2KITmGhhLTpX9zh+oRvvV8ScOrg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5603fb6fb99f68dfc244429c79a7b706ed9a2fd7", + "rev": "d3099346fa5e9e33d0989a4e6afc3e8dedd25311", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1746814339, - "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746663147, - "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index b839067..51a92ed 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,5 +1,6 @@ {...}: { nix = { + settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; From 85e766a571a1cb430ab0510588f1dbbf7d89434a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:27:07 -0500 Subject: [PATCH 0638/1043] fixed vs code configuration --- .../home-manager/leyla/packages.nix | 2 +- configurations/home-manager/leyla/vscode.nix | 123 ------------------ .../home-manager/leyla/vscode/default.nix | 76 +++++++---- .../home-manager/leyla/vscode/user-words.nix | 1 + .../nixos/twilight/configuration.nix | 9 +- 5 files changed, 56 insertions(+), 155 deletions(-) delete mode 100644 configurations/home-manager/leyla/vscode.nix diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 506c2b3..13263ea 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -8,7 +8,7 @@ hardware = osConfig.host.hardware; in { imports = [ - ./vscode.nix + ./vscode/default.nix ./firefox.nix ]; diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix deleted file mode 100644 index e42c4cd..0000000 --- a/configurations/home-manager/leyla/vscode.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - lib, - pkgs, - inputs, - osConfig, - ... -}: let - nix-development-enabled = osConfig.host.nix-development.enable; -in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; - }; - - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; - - package = pkgs.vscodium; - - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; - - # builtins.elemAt osConfig.services.ollama.loadModels 0; - }) - ]; - - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ++ ( - lib.lists.optionals osConfig.services.ollama.enable [ - rjmacarthy.twinny - ] - ) - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ] - ) - ); - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 641fff9..f6cbac7 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -6,6 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; + ai-tooling-enabled = osConfig.services.ollama.enable; in { nixpkgs = { overlays = [ @@ -28,30 +29,42 @@ in { package = pkgs.vscodium; mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.language" = "en,de-DE,it"; - "cSpell.userWords" = import ./user-words.nix; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; + + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) + ]; + }; extensions = ( with open-vsx; @@ -76,12 +89,15 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # go extensions + golang.go + # astro blog extensions astro-build.astro-vscode unifiedjs.vscode-mdx # misc extensions - bungcip.better-toml + tamasfe.even-better-toml ] ++ (lib.lists.optionals nix-development-enabled [ # nix extensions @@ -90,10 +106,14 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ] + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) ) ); }; diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix index 94a85a2..4444c30 100644 --- a/configurations/home-manager/leyla/vscode/user-words.nix +++ b/configurations/home-manager/leyla/vscode/user-words.nix @@ -1,3 +1,4 @@ [ "leyla" + "webdav" ] diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 3d8e6b1..c007932 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,9 +37,12 @@ enable = true; loadModels = [ - "deepseek-coder:6.7b" - "deepseek-r1:8b" - "deepseek-r1:32b" + "llama3.1:8b" + "qwen2.5-coder:1.5b-base" + "nomic-embed-text:latest" + # "deepseek-coder:6.7b" + # "deepseek-r1:8b" + # "deepseek-r1:32b" ]; }; From f3431e3028b92580e4dad4f8260d24721be62702 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:30:39 -0500 Subject: [PATCH 0639/1043] disabled telemetry --- configurations/home-manager/leyla/vscode/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index f6cbac7..5db972c 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -57,9 +57,7 @@ in { }; }) (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; + "continue.telemetryEnabled" = false; # builtins.elemAt osConfig.services.ollama.loadModels 0; }) From 705554dd16794f84b702f41cbb2e340417c08522 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:33:08 -0500 Subject: [PATCH 0640/1043] added TODO notes --- configurations/home-manager/leyla/vscode/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 5db972c..e123149 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -14,6 +14,9 @@ in { ]; }; + # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use remote hosted on defiant + # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use use better models hosted on defiant + programs = { bash.shellAliases = { code = "codium"; From c95186093051ef5d6f01f1dcdc96bbb589a24563 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:53:37 -0500 Subject: [PATCH 0641/1043] re enabled deep seek models for twilight --- configurations/nixos/twilight/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index c007932..be7056f 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -40,9 +40,9 @@ "llama3.1:8b" "qwen2.5-coder:1.5b-base" "nomic-embed-text:latest" - # "deepseek-coder:6.7b" - # "deepseek-r1:8b" - # "deepseek-r1:32b" + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" ]; }; From c6ec40a3f7a12e2be5eed3fc7419a4c75accd105 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 21:14:09 -0500 Subject: [PATCH 0642/1043] organized models for twilight --- configurations/nixos/twilight/configuration.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index be7056f..f851b08 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,12 +37,22 @@ enable = true; loadModels = [ + # conversation models "llama3.1:8b" - "qwen2.5-coder:1.5b-base" - "nomic-embed-text:latest" - "deepseek-coder:6.7b" "deepseek-r1:8b" "deepseek-r1:32b" + + # auto complete models + "qwen2.5-coder:1.5b-base" + "qwen2.5-coder:7b" + "deepseek-coder:6.7b" + "deepseek-coder:33b" + + # agent models + "qwen3:32b" + + # embedding models + "nomic-embed-text:latest" ]; }; From 5cc41542e168be054b508e4ce5861675a160cb43 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 21:51:19 -0500 Subject: [PATCH 0643/1043] fixed spelling of comment --- configurations/home-manager/leyla/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 2781fe4..4f8c624 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -123,7 +123,7 @@ "browser.bookmarks.addedImportButton" = true; "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experiance + # Usage Experience "browser.startup.homepage" = "about:home"; "browser.download.useDownloadDir" = false; "browser.uiCustomization.state" = builtins.toJSON { From 7b6344b41972d6165606d23ce84b5f783f6272ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 22:17:19 -0500 Subject: [PATCH 0644/1043] added ollama to defiant --- .../home-manager/leyla/vscode/user-words.nix | 2 ++ .../nixos/defiant/configuration.nix | 19 +++++++++++++++++-- modules/nixos-modules/ollama.nix | 13 +++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix index 4444c30..b581118 100644 --- a/configurations/home-manager/leyla/vscode/user-words.nix +++ b/configurations/home-manager/leyla/vscode/user-words.nix @@ -1,4 +1,6 @@ [ "leyla" "webdav" + "ollama" + "optimise" ] diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8e1eab8..59ad2c9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,13 +201,28 @@ }; ollama = { - enable = false; + enable = true; + exposePort = true; loadModels = [ - "deepseek-coder:6.7b" + # conversation models + "llama3.1:8b" "deepseek-r1:8b" "deepseek-r1:32b" "deepseek-r1:70b" + + # auto complete models + "qwen2.5-coder:1.5b-base" + "qwen2.5-coder:7b" + "deepseek-coder:6.7b" + "deepseek-coder:33b" + + # agent models + "qwen3:8b" + "qwen3:32b" + + # embedding models + "nomic-embed-text:latest" ]; }; tailscale = { diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 5cdc041..6b1d5bb 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -3,6 +3,10 @@ lib, ... }: { + options = { + services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; + }; + config = lib.mkMerge [ { services.ollama = { @@ -22,6 +26,15 @@ } ]; }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + ports = [ + config.services.ollama.port + ]; + in + lib.mkIf config.services.ollama.exposePort { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; })) ]; } From 77ab4781ac005f89a76eef72113f766ed2b6828b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 23:03:20 -0500 Subject: [PATCH 0645/1043] started to draft out configuration of continue models --- .../home-manager/leyla/vscode/default.nix | 102 +++++++++--------- .../nixos/twilight/configuration.nix | 59 +++++++++- modules/nixos-modules/continue.nix | 44 ++++++++ modules/nixos-modules/default.nix | 1 + 4 files changed, 154 insertions(+), 52 deletions(-) create mode 100644 modules/nixos-modules/continue.nix diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index e123149..1108f2f 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -65,58 +65,58 @@ in { # builtins.elemAt osConfig.services.ollama.loadModels 0; }) ]; + + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # go extensions + golang.go + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); }; - - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); }; }; } diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index f851b08..12d9151 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,8 +30,65 @@ graphicsAcceleration.enable = true; directAccess.enable = true; }; - }; + ai = { + enable = true; + # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant + models = { + # conversation models + "lamma3.1:8b" = { + model = "lamma3.1:8b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-r1:8b" = { + model = "deepseek-r1:8b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-r1:32b" = { + model = "deepseek-r1:32b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + # auto complete models + "qwen2.5-coder:1.5b-base" = { + model = "qwen2.5-coder:1.5b-base"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "qwen2.5-coder:7b" = { + model = "qwen2.5-coder:7b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-coder:6.7b" = { + model = "deepseek-coder:6.7b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-coder:33b" = { + model = "deepseek-coder:33b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + + # agent models + "qwen3:32b" = { + model = "qwen3:32b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + + # embedding models + "nomic-embed-text:latest" = { + model = "nomic-embed-text:latest"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + }; + }; + }; services = { ollama = { enable = true; diff --git a/modules/nixos-modules/continue.nix b/modules/nixos-modules/continue.nix new file mode 100644 index 0000000..73ff4db --- /dev/null +++ b/modules/nixos-modules/continue.nix @@ -0,0 +1,44 @@ +{lib, ...}: { + options.host = { + ai = { + enable = lib.mkEnableOption "should we use AI on this machine"; + models = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + option = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + model = { + type = lib.types.str; + }; + provider = { + type = lib.types.str; + default = "ollama"; + }; + apiBase = { + type = lib.types.str; + default = null; + }; + roles = { + type = lib.types.listOf lib.types.enumOf [ + "chat" + "autocomplete" + "embed" + "rerank" + "edit" + "apply" + "summarize" + ]; + }; + }; + })); + }; + }; + }; + + config = { + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is null + # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index fdbdc7e..67c75ce 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,6 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix + ./continue.nix ./tailscale.nix ./server ]; From 3f88b989d112f6d11fb086331dc60c30db214f40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 23:27:11 -0500 Subject: [PATCH 0646/1043] added more notes about continue configuration --- modules/home-manager-modules/continue.nix | 3 +++ modules/nixos-modules/{continue.nix => ai.nix} | 0 modules/nixos-modules/default.nix | 2 +- modules/nixos-modules/ollama.nix | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/continue.nix rename modules/nixos-modules/{continue.nix => ai.nix} (100%) diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix new file mode 100644 index 0000000..fce3b38 --- /dev/null +++ b/modules/home-manager-modules/continue.nix @@ -0,0 +1,3 @@ +{...}: { + # TODO: enable option for continue.yaml for home based on options defined in osConfig.ai.models +} diff --git a/modules/nixos-modules/continue.nix b/modules/nixos-modules/ai.nix similarity index 100% rename from modules/nixos-modules/continue.nix rename to modules/nixos-modules/ai.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 67c75ce..8cdeae9 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,7 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix - ./continue.nix + ./ai.nix ./tailscale.nix ./server ]; diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 6b1d5bb..1d515f8 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -10,6 +10,7 @@ config = lib.mkMerge [ { services.ollama = { + # TODO: these should match whats set in the users file group = "ollama"; user = "ollama"; }; From 2c77cf2ed40682a3e005441c88f7d650df7028b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 01:32:05 -0500 Subject: [PATCH 0647/1043] updated list of models on twilight --- .../nixos/twilight/configuration.nix | 27 +++++++------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 12d9151..4a2c838 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,54 +37,45 @@ # conversation models "lamma3.1:8b" = { model = "lamma3.1:8b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; "deepseek-r1:8b" = { model = "deepseek-r1:8b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; "deepseek-r1:32b" = { model = "deepseek-r1:32b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; # auto complete models "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "qwen2.5-coder:7b" = { model = "qwen2.5-coder:7b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "deepseek-coder:6.7b" = { model = "deepseek-coder:6.7b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "deepseek-coder:33b" = { model = "deepseek-coder:33b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; # agent models "qwen3:32b" = { model = "qwen3:32b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; # embedding models "nomic-embed-text:latest" = { model = "nomic-embed-text:latest"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["embed"]; }; }; }; From 393f468be2699d49512aeda7f0624f767ddfe708 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 13:07:32 -0500 Subject: [PATCH 0648/1043] generate .continue/config.yaml via configuration --- configurations/home-manager/leyla/default.nix | 26 +++++++ .../home-manager/leyla/vscode/default.nix | 10 +-- .../nixos/twilight/configuration.nix | 2 +- modules/home-manager-modules/continue.nix | 76 ++++++++++++++++++- modules/home-manager-modules/default.nix | 1 + modules/nixos-modules/ai.nix | 22 +++--- 6 files changed, 117 insertions(+), 20 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index f2c14e1..0c90ab1 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -83,6 +83,32 @@ }; }; + user = { + continue = { + enable = true; + docs = { + "Continue Docs" = { + startUrl = "https://docs.continue.dev"; + }; + "Nixpkgs" = { + startUrl = "https://ryantm.github.io/nixpkgs/#preface"; + }; + "Nix Manual" = { + startUrl = "https://nixos.org/manual/nixos/stable/"; + }; + "Home manager Manual" = { + startUrl = "https://nix-community.github.io/home-manager/"; + }; + "Nix Docs" = { + startUrl = "https://nix.dev/index.html"; + }; + "Linux Man Page" = { + startUrl = "https://linux.die.net/man/"; + }; + }; + }; + }; + programs = { # Let Home Manager install and manage itself. home-manager.enable = true; diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 1108f2f..2f3c455 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -2,11 +2,12 @@ lib, pkgs, inputs, + config, osConfig, ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = osConfig.services.ollama.enable; + ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { nixpkgs = { overlays = [ @@ -14,9 +15,6 @@ in { ]; }; - # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use remote hosted on defiant - # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use use better models hosted on defiant - programs = { bash.shellAliases = { code = "codium"; @@ -59,10 +57,8 @@ in { "expr" = "import {}"; }; }) - (lib.mkIf osConfig.services.ollama.enable { + (lib.mkIf ai-tooling-enabled { "continue.telemetryEnabled" = false; - - # builtins.elemAt osConfig.services.ollama.loadModels 0; }) ]; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4a2c838..82ca9b7 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -35,7 +35,7 @@ # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant models = { # conversation models - "lamma3.1:8b" = { + "Llama 3.1 8B" = { model = "lamma3.1:8b"; roles = ["chat" "edit" "apply"]; }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index fce3b38..327ee44 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -1,3 +1,75 @@ -{...}: { - # TODO: enable option for continue.yaml for home based on options defined in osConfig.ai.models +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; +in { + options = { + user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + startUrl = lib.mkOption { + type = lib.types.str; + }; + }; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; + }; + }; + }; + }; + + config = + lib.mkIf ai-tooling-enabled + (lib.mkMerge [ + { + home = { + file = { + ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { + name = "Assistant"; + version = "1.0.0"; + schema = "v1"; + models = lib.attrsets.attrValues osConfig.host.ai.models; + context = lib.attrsets.attrValues config.user.continue.context; + docs = lib.attrsets.attrValues config.user.continue.docs; + }; + }; + }; + } + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".continue/index" + ".continue/sessions" + ]; + allowOther = true; + }; + }) + ]); } diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a..ee47fb5 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./continue.nix ]; } diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 73ff4db..8cc19ff 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -4,24 +4,24 @@ enable = lib.mkEnableOption "should we use AI on this machine"; models = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - option = { + options = { name = lib.mkOption { type = lib.types.str; default = name; }; - model = { + model = lib.mkOption { type = lib.types.str; }; - provider = { + provider = lib.mkOption { type = lib.types.str; default = "ollama"; }; - apiBase = { - type = lib.types.str; - default = null; - }; - roles = { - type = lib.types.listOf lib.types.enumOf [ + # apiBase = lib.mkOption { + # type = lib.types.nullOr lib.types.str; + # default = null; + # }; + roles = lib.mkOption { + type = lib.types.listOf (lib.types.enum [ "chat" "autocomplete" "embed" @@ -29,11 +29,13 @@ "edit" "apply" "summarize" - ]; + ]); + default = []; }; }; })); }; + default = {}; }; }; From 089fbb8717f4770b1dd38946ac0cf0806ec15823 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 13:49:03 -0500 Subject: [PATCH 0649/1043] changed formatting for ollama.nix to wrap all of configurations in its enable option --- modules/nixos-modules/ollama.nix | 53 +++++++++++++++++--------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 1d515f8..155ec5d 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -7,35 +7,38 @@ services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; }; - config = lib.mkMerge [ - { - services.ollama = { - # TODO: these should match whats set in the users file - group = "ollama"; - user = "ollama"; - }; - } - (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - } - ]; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + { + services.ollama = { + # TODO: these should match whats set in the users file + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.services.ollama.exposePort (let ports = [ config.services.ollama.port ]; - in - lib.mkIf config.services.ollama.exposePort { + in { + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; }; - })) - ]; + })) + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + }) + ] + ); } From 60f8b0265a01419542ee36cc777a77ccbb9c6aff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 17:42:53 -0500 Subject: [PATCH 0650/1043] fixed ollama on defiant --- modules/nixos-modules/ollama.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 155ec5d..81ad3d0 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -36,6 +36,13 @@ user = config.services.ollama.user; group = config.services.ollama.group; } + { + directory = "/var/lib/private/ollama"; + user = config.services.ollama.user; + group = config.services.ollama.group; + mode = "0700"; + defaultPerms.mode = "0700"; + } ]; }; }) From c6dfa3e7ce4c61074a3be2c416240808129ce933 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 21:33:41 -0500 Subject: [PATCH 0651/1043] replaced disko disk --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 59ad2c9..97e8edf 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" # this one is broken replace with "ata-ST18000NT001-XXXXXX_ZVTJ732N" + "ata-ST18000NT001-3NF101_ZVTEZACV" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From 0a7bbdbc8f63213a784b4e95a0e14cf24a6ef709 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 21:48:13 -0500 Subject: [PATCH 0652/1043] fixed disk name --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 97e8edf..be906a7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" + "ata-ST18000NE000-3G6101_ZVTJ7359" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From b1cd64e23e2cbcfb935234e635973cff7fa51664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 12:23:58 -0500 Subject: [PATCH 0653/1043] added new drives to defiant --- .../nixos/defiant/configuration.nix | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index be906a7..fef7a56 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,13 +40,24 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { - drives = [ - "ata-ST18000NE000-3G6101_ZVTCXVEB" - "ata-ST18000NE000-3G6101_ZVTCXWSC" - "ata-ST18000NE000-3G6101_ZVTD10EH" - "ata-ST18000NT001-3NF101_ZVTE0S3Q" - "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NE000-3G6101_ZVTJ7359" + vdevs = [ + [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NE000-3G6101_ZVTJ7359" + ] + # TODO: this needs to be configured manually + [ + "ata-ST4000NE001-2MA101_WS2275P3" + "ata-ST4000NE001-2MA101_WS227B9F" + "ata-ST4000NE001-2MA101_WS227CEW" + "ata-ST4000NE001-2MA101_WS227CYN" + "ata-ST4000NE001-2MA101_WS23TBWV" + "ata-ST4000NE001-2MA101_WS23TC5F" + ] ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From 0bd483147dd1b0e3473c42d479ea5ae184022e0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:48:25 -0500 Subject: [PATCH 0654/1043] updated flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 1a03eab..b70bb5a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1747742835, - "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "owner": "nix-community", "repo": "disko", - "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1747973023, - "narHash": "sha256-v2OgykASspKAyL+hYKlfa9PM4cwlFZ7/WQ1uvd256ko=", + "lastModified": 1748232210, + "narHash": "sha256-hyXsQVgl/URb13iWEONwV3gGZ9IU90Q9yPmn5xoWP/8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c7ee05a5dc9b52ba7a6a660537fabaf711b7790a", + "rev": "26c86ba664f227c6abb383d3ca8db9365f275766", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1748227609, + "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1748004251, - "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=", + "lastModified": 1748149228, + "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "33220d4791784e4dd4739edd3f6c028020082f91", + "rev": "a9939228f661df370c4094fe85f683e45d761dbe", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747965670, - "narHash": "sha256-O91kjsTL7xccgTQr2KITmGhhLTpX9zh+oRvvV8ScOrg=", + "lastModified": 1748225039, + "narHash": "sha256-Lvl26mCEatC5akRHywuXkYM6ZKc7R5T9m6u7rBPtNQw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d3099346fa5e9e33d0989a4e6afc3e8dedd25311", + "rev": "cde730cb9dc2759104d7c8c27cb36d73189be1e2", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { From 8c36fe5a72b0a6a408ae7419941155d5cf0e7592 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:49:47 -0500 Subject: [PATCH 0655/1043] set default api base for ai models to localhost --- configurations/nixos/horizon/configuration.nix | 8 -------- modules/nixos-modules/ai.nix | 10 +++++----- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 63ed59d..f27f585 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -51,14 +51,6 @@ fprintd = { enable = true; }; - ollama = { - enable = false; - - loadModels = [ - "deepseek-coder:1.3b" - "deepseek-r1:1.5b" - ]; - }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 8cc19ff..646e1b5 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -16,10 +16,10 @@ type = lib.types.str; default = "ollama"; }; - # apiBase = lib.mkOption { - # type = lib.types.nullOr lib.types.str; - # default = null; - # }; + apiBase = lib.mkOption { + type = lib.types.str; + default = "http://localhost:11434"; + }; roles = lib.mkOption { type = lib.types.listOf (lib.types.enum [ "chat" @@ -40,7 +40,7 @@ }; config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is null + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is the default value # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true }; } From f96f9f767537857f3b2bee4400e19ff20e4ee95c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:54:09 -0500 Subject: [PATCH 0656/1043] set horizon up to use twilight ollama models --- .../nixos/horizon/configuration.nix | 23 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 1 + modules/nixos-modules/ai.nix | 4 ++-- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f27f585..8448654 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -23,6 +23,29 @@ hardware = { directAccess.enable = true; }; + + ai = { + enable = true; + models = { + "Llama 3.1 8B" = { + model = "lamma3.1:8b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + + "qwen2.5-coder:1.5b-base" = { + model = "qwen2.5-coder:1.5b-base"; + roles = ["autocomplete"]; + apiBase = "http://twilight:11434"; + }; + + "nomic-embed-text:latest" = { + model = "nomic-embed-text:latest"; + roles = ["embed"]; + apiBase = "http://twilight:11434"; + }; + }; + }; }; environment.systemPackages = [ diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 82ca9b7..10f2606 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -83,6 +83,7 @@ services = { ollama = { enable = true; + exposePort = true; loadModels = [ # conversation models diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 646e1b5..d8cd63d 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -40,7 +40,7 @@ }; config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is the default value - # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is localhost + # TODO: if we have any models that have a non localhost options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true }; } From 3e27429c74d60ecc79f23dacadc9b2bc7a7ffd2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 18:49:17 -0500 Subject: [PATCH 0657/1043] set host when exporting port --- modules/nixos-modules/ollama.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 81ad3d0..8f194cf 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -21,6 +21,7 @@ config.services.ollama.port ]; in { + services.ollama.host = "0.0.0.0"; networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; From bdbe98dd6582ad1801f7e496fe154f4ba49b27e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 19:36:21 -0500 Subject: [PATCH 0658/1043] enabled steam hardware --- configurations/nixos/twilight/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 10f2606..e9032d8 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -126,6 +126,7 @@ remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index # enabled virtualisation for docker # virtualisation.docker.enable = true; From 1b30c7d0ff17bb6510e92c76db9f3f16e55266d3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 15:28:03 -0500 Subject: [PATCH 0659/1043] updated nix flake --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index b70bb5a..fa3ad83 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748232210, - "narHash": "sha256-hyXsQVgl/URb13iWEONwV3gGZ9IU90Q9yPmn5xoWP/8=", + "lastModified": 1748405006, + "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "26c86ba664f227c6abb383d3ca8db9365f275766", + "rev": "f9801a86d6603260940890c36650275090d1dceb", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1748227609, - "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", + "lastModified": 1748455938, + "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", "owner": "nix-community", "repo": "home-manager", - "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", + "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1748149228, - "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", + "lastModified": 1748352827, + "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a9939228f661df370c4094fe85f683e45d761dbe", + "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1748225039, - "narHash": "sha256-Lvl26mCEatC5akRHywuXkYM6ZKc7R5T9m6u7rBPtNQw=", + "lastModified": 1748397853, + "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "cde730cb9dc2759104d7c8c27cb36d73189be1e2", + "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748190013, - "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { From 210a4084f7e4c15edc7551d39fc6c1fcda816eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 15:54:58 -0500 Subject: [PATCH 0660/1043] created prostudiomasters package --- configurations/nixos/horizon/configuration.nix | 4 ++++ configurations/nixos/horizon/prostudiomasters.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 configurations/nixos/horizon/prostudiomasters.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8448654..99e3268 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -52,6 +52,10 @@ (pkgs.callPackage ./webtoon-dl.nix {}) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (pkgs.callPackage + ./prostudiomasters.nix + {}) ]; programs = { diff --git a/configurations/nixos/horizon/prostudiomasters.nix b/configurations/nixos/horizon/prostudiomasters.nix new file mode 100644 index 0000000..c1c03fe --- /dev/null +++ b/configurations/nixos/horizon/prostudiomasters.nix @@ -0,0 +1,14 @@ +{ + fetchurl, + appimageTools, +}: let + pname = "prostudiomasters"; + version = "2.5.6"; + src = fetchurl { + url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; + hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; + }; +in + appimageTools.wrapType2 { + inherit pname version src; + } From 7923f493eba3c870d691b25cc440a2ce037ad767 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 16:03:05 -0500 Subject: [PATCH 0661/1043] moved deviations living under horizon to common shared folder --- configurations/nixos/horizon/configuration.nix | 11 +++-------- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/packages/default.nix | 17 +++++++++++++++++ .../packages}/prostudiomasters.nix | 0 .../nixos-modules/packages}/webtoon-dl.nix | 0 5 files changed, 21 insertions(+), 8 deletions(-) create mode 100644 modules/nixos-modules/packages/default.nix rename {configurations/nixos/horizon => modules/nixos-modules/packages}/prostudiomasters.nix (100%) rename {configurations/nixos/horizon => modules/nixos-modules/packages}/webtoon-dl.nix (100%) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 99e3268..7e2ab8a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -48,14 +48,9 @@ }; }; - environment.systemPackages = [ - (pkgs.callPackage - ./webtoon-dl.nix - {}) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (pkgs.callPackage - ./prostudiomasters.nix - {}) + environment.systemPackages = with pkgs; [ + webtoon-dl + prostudiomasters ]; programs = { diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 8cdeae9..d668a74 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,6 +15,7 @@ ./ai.nix ./tailscale.nix ./server + ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix new file mode 100644 index 0000000..208ee24 --- /dev/null +++ b/modules/nixos-modules/packages/default.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; +} diff --git a/configurations/nixos/horizon/prostudiomasters.nix b/modules/nixos-modules/packages/prostudiomasters.nix similarity index 100% rename from configurations/nixos/horizon/prostudiomasters.nix rename to modules/nixos-modules/packages/prostudiomasters.nix diff --git a/configurations/nixos/horizon/webtoon-dl.nix b/modules/nixos-modules/packages/webtoon-dl.nix similarity index 100% rename from configurations/nixos/horizon/webtoon-dl.nix rename to modules/nixos-modules/packages/webtoon-dl.nix From 1be7eb162af7abd255828fdfbbf5cf9b50d9b08b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 11:22:46 -0500 Subject: [PATCH 0662/1043] enabled qmk if via keyboard is enabled --- modules/nixos-modules/keyboard.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 modules/nixos-modules/keyboard.nix diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix new file mode 100644 index 0000000..06a85c5 --- /dev/null +++ b/modules/nixos-modules/keyboard.nix @@ -0,0 +1,12 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf config.host.hardware.viaKeyboard { + hardware.keyboard.qmk.enable = true; + }; + + services.udev.packages = [pkgs.via]; +} From ee389bdb92796558667d8aa8771c41df422029eb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 12:58:01 -0500 Subject: [PATCH 0663/1043] added via to udev --- modules/nixos-modules/keyboard.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix index 06a85c5..f820c48 100644 --- a/modules/nixos-modules/keyboard.nix +++ b/modules/nixos-modules/keyboard.nix @@ -6,7 +6,7 @@ }: { config = lib.mkIf config.host.hardware.viaKeyboard { hardware.keyboard.qmk.enable = true; - }; - services.udev.packages = [pkgs.via]; + services.udev.packages = [pkgs.via]; + }; } From 5dd2b2282164f87a674f160da175afe472e1489b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 13:00:47 -0500 Subject: [PATCH 0664/1043] moved keyboard config to hardware.nix --- modules/nixos-modules/hardware.nix | 17 ++++++++++++++++- modules/nixos-modules/keyboard.nix | 12 ------------ 2 files changed, 16 insertions(+), 13 deletions(-) delete mode 100644 modules/nixos-modules/keyboard.nix diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index 1b22ece..8f4cc01 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -1,4 +1,9 @@ -{lib, ...}: { +{ + lib, + config, + pkgs, + ... +}: { options.host.hardware = { piperMouse = { enable = lib.mkEnableOption "host has a piper mouse"; @@ -16,4 +21,14 @@ enable = lib.mkEnableOption "can a host be used on its own"; }; }; + config = lib.mkMerge [ + (lib.mkIf config.host.hardware.piperMouse.enable { + services.udev.packages = [pkgs.piper]; + }) + (lib.mkIf config.host.hardware.viaKeyboard.enable { + hardware.keyboard.qmk.enable = true; + + services.udev.packages = [pkgs.via]; + }) + ]; } diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix deleted file mode 100644 index f820c48..0000000 --- a/modules/nixos-modules/keyboard.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - config = lib.mkIf config.host.hardware.viaKeyboard { - hardware.keyboard.qmk.enable = true; - - services.udev.packages = [pkgs.via]; - }; -} From 45835201f566bc9fdc757fda85f160cdbc591fa0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 13:04:57 -0500 Subject: [PATCH 0665/1043] fixed piper --- modules/nixos-modules/hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index 8f4cc01..07e6fa8 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -23,7 +23,7 @@ }; config = lib.mkMerge [ (lib.mkIf config.host.hardware.piperMouse.enable { - services.udev.packages = [pkgs.piper]; + services.ratbagd.enable = true; }) (lib.mkIf config.host.hardware.viaKeyboard.enable { hardware.keyboard.qmk.enable = true; From 8f29881b72061657b8bebfe6dd051fa56e0779a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 May 2025 17:42:12 -0500 Subject: [PATCH 0666/1043] created emergent configuration --- .../nixos/emergent/configuration.nix | 139 ++++++++++++++++++ configurations/nixos/emergent/default.nix | 8 + .../nixos/emergent/disco-configuration.nix | 57 +++++++ .../nixos/emergent/hardware-configuration.nix | 32 ++++ flake.nix | 1 + modules/nixos-modules/users.nix | 4 +- 6 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 configurations/nixos/emergent/configuration.nix create mode 100644 configurations/nixos/emergent/default.nix create mode 100644 configurations/nixos/emergent/disco-configuration.nix create mode 100644 configurations/nixos/emergent/hardware-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix new file mode 100644 index 0000000..a880ef5 --- /dev/null +++ b/configurations/nixos/emergent/configuration.nix @@ -0,0 +1,139 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + host = { + users = { + eve = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + }; + }; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + networking = { + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + hostId = "7e35eb97"; # arbitrary id number generated via this command: `head -c4 /dev/urandom | od -A none -t x4` + hostName = "emergent"; # Define your hostname. + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix new file mode 100644 index 0000000..3455825 --- /dev/null +++ b/configurations/nixos/emergent/default.nix @@ -0,0 +1,8 @@ +# evs desktop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ./disco-configuration.nix + ]; +} diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix new file mode 100644 index 0000000..29e13fe --- /dev/null +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -0,0 +1,57 @@ +{...}: { + disko.devices = { + disk = { + disk1 = { + type = "disk"; + device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + options.cachefile = "none"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + "system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix new file mode 100644 index 0000000..4e13149 --- /dev/null +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/flake.nix b/flake.nix index ba10d20..496456a 100644 --- a/flake.nix +++ b/flake.nix @@ -99,6 +99,7 @@ horizon = mkNixosSystem "horizon"; twilight = mkNixosSystem "twilight"; defiant = mkNixosSystem "defiant"; + emergent = mkNixosSystem "emergent"; }; darwinSystems = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 18cf06f..68bd78b 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -106,7 +106,9 @@ in { uid = lib.mkForce uids.eve; name = lib.mkForce host.users.eve.name; description = "Eve"; - extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; + extraGroups = + lib.optionals host.users.eve.isNormalUser ["networkmanager"] + ++ (lib.lists.optionals host.users.eve.isPrincipleUser ["wheel"]); hashedPasswordFile = config.sops.secrets."passwords/eve".path; isNormalUser = host.users.eve.isNormalUser; isSystemUser = !host.users.eve.isNormalUser; From d88c1c15885193f639f111cbb7610f9aaf95c7e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 May 2025 19:14:37 -0500 Subject: [PATCH 0667/1043] updated mode for zfs disk --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index 29e13fe..ec002b2 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -31,7 +31,7 @@ zpool = { zroot = { type = "zpool"; - mode = "mirror"; + mode = ""; options.cachefile = "none"; rootFsOptions = { compression = "zstd"; From 69b8f5ceca186be1e40ee8db07c717e7ee54d269 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 00:44:58 +0000 Subject: [PATCH 0668/1043] generate ssh keys for each system eve is on --- configurations/home-manager/eve/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0ea88ee..b353363 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,6 +1,7 @@ { pkgs, lib, + config, osConfig, ... }: let @@ -72,5 +73,14 @@ in { programs = { # Let Home Manager install and manage itself. home-manager.enable = true; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; }; } From caea10c1e25ab97959aef7e28c5e90bfe45dbb32 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 00:45:13 +0000 Subject: [PATCH 0669/1043] set git agent information --- configurations/home-manager/eve/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b353363..4e1d6fd 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -74,6 +74,13 @@ in { # Let Home Manager install and manage itself. home-manager.enable = true; + git = { + enable = true; + userName = "Eve Halfmann"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + openssh = { hostKeys = [ { From 5d055c6a88ac087661cb805fb487a1c9219b3063 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 16:20:33 +0000 Subject: [PATCH 0670/1043] updated git username --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 4e1d6fd..d3dda26 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -76,7 +76,7 @@ in { git = { enable = true; - userName = "Eve Halfmann"; + userName = "Eve"; userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; From 327a5ce55fa9af2442845cad14662db95ee7aa6f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 16:31:08 +0000 Subject: [PATCH 0671/1043] added vscodium --- configurations/home-manager/eve/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index d3dda26..7dedb68 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,6 +80,11 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; openssh = { hostKeys = [ From c54210411d5f6c5097adb0c96f1f31d9db00649f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 11:59:56 -0500 Subject: [PATCH 0672/1043] added steam + dependencies --- configurations/nixos/emergent/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index a880ef5..4325eb3 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -80,6 +80,8 @@ # programs.firefox.enable = true; + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. # You can use https://search.nixos.org/ to find more packages (and options). # environment.systemPackages = with pkgs; [ @@ -87,6 +89,13 @@ # wget # ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; From 7acf6a1c13935a5a5b4fb8b4a078697bf322dca3 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 12:22:42 -0500 Subject: [PATCH 0673/1043] added nvidia-drivers as a seperate file and imported to config file --- .../nixos/emergent/configuration.nix | 1 + .../nixos/emergent/nvidia-drivers.nix | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 configurations/nixos/emergent/nvidia-drivers.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 4325eb3..389dfe5 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -8,6 +8,7 @@ ... }: { imports = [ + ./nvidia-drivers.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix new file mode 100644 index 0000000..4df1b67 --- /dev/null +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: +{ + + # Enable OpenGL + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + } \ No newline at end of file From 2820252c54f9b5bac43d09e280c48baaaf45657d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:00:34 -0500 Subject: [PATCH 0674/1043] made leyla configs optional --- configurations/home-manager/eve/default.nix | 2 +- configurations/home-manager/leyla/default.nix | 45 +- configurations/home-manager/leyla/firefox.nix | 623 +++++++++--------- .../home-manager/leyla/packages.nix | 72 +- .../home-manager/leyla/vscode/default.nix | 185 +++--- .../nixos/emergent/nvidia-drivers.nix | 20 +- 6 files changed, 477 insertions(+), 470 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 7dedb68..b2ae492 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,7 +80,7 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; - + vscode = { enable = true; package = pkgs.vscodium; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 0c90ab1..90251a3 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,8 +1,4 @@ -{ - osConfig, - config, - ... -}: { +{osConfig, ...}: { imports = [ ./i18n.nix ./packages.nix @@ -108,44 +104,5 @@ }; }; }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; }; } diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 4f8c624..0adea28 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -2,340 +2,345 @@ lib, pkgs, inputs, + osConfig, ... -}: { - programs.firefox = { - enable = true; - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; +}: let + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; +in { + config = lib.mkIf is-desktop-user { + programs.firefox = { + enable = true; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; }; }; - }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - privacy-badger - decentraleyes - clearurls - localcdn + privacy-badger + decentraleyes + clearurls + localcdn - snowflake + snowflake - deutsch-de-language-pack - dictionary-german + deutsch-de-language-pack + dictionary-german - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" "privacy_privacy_com-browser-action" - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" + "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" "jid1-bofifl9vbdl2zq_jetpack-browser-action" "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } ]; }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; }; }; }; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 13263ea..e9ab230 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, pkgs, ... @@ -12,22 +13,22 @@ in { ./firefox.nix ]; - nixpkgs.config = { - allowUnfree = true; - }; + config = lib.mkMerge [ + (lib.mkIf userConfig.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf userConfig.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; - home = { - packages = - lib.lists.optionals userConfig.isTerminalUser ( - with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ] - ) - ++ ( + home.packages = ( lib.lists.optionals userConfig.isDesktopUser ( (with pkgs; [ # helvetica font @@ -91,5 +92,44 @@ in { ) ) ); - }; + programs = lib.mkIf userConfig.isDesktopUser { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; + }; + }; + bash.enable = true; + + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }) + ]; } diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 2f3c455..c2ee066 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -8,110 +8,113 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; + config = lib.mkIf is-desktop-user { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; + programs = { + bash.shellAliases = { + code = "codium"; + }; - package = pkgs.vscodium; + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; - mutableExtensionsDir = false; + package = pkgs.vscodium; - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf ai-tooling-enabled { + "continue.telemetryEnabled" = false; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # go extensions - golang.go + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # go extensions + golang.go - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); + }; }; }; }; diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index 4df1b67..b264ca5 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, ... }: { - + config, + lib, + pkgs, + ... +}: { # Enable OpenGL hardware.graphics = { enable = true; @@ -10,13 +13,12 @@ services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { - # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -26,17 +28,17 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; - } \ No newline at end of file +} From 21eff1d08302abacb7010b5dd065d49e69f57e69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:07:56 -0500 Subject: [PATCH 0675/1043] moved Eve configurations into their own package --- configurations/home-manager/eve/default.nix | 45 +--------------- configurations/home-manager/eve/packages.nix | 52 +++++++++++++++++++ .../nixos/emergent/configuration.nix | 13 ++--- 3 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 configurations/home-manager/eve/packages.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b2ae492..0ab0c59 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,10 +1,4 @@ -{ - pkgs, - lib, - config, - osConfig, - ... -}: let +{osConfig, ...}: let userConfig = osConfig.host.users.eve; in { nixpkgs.config = { @@ -57,42 +51,5 @@ in { sessionVariables = { # EDITOR = "emacs"; }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin - ungoogled-chromium - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; - - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; }; } diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix new file mode 100644 index 0000000..6cc4630 --- /dev/null +++ b/configurations/home-manager/eve/packages.nix @@ -0,0 +1,52 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.eve; +in { + config = { + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + home.packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop-bin + ungoogled-chromium + ] + ); + + # Packages that need to be installed with some extra configuration + # See https://home-manager-options.extranix.com/ for all options + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 389dfe5..2d7df4c 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -83,13 +83,14 @@ nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + environment.systemPackages = with pkgs; [ + wget + ]; + # Packages that need to be installed with some extra configuration + # See https://search.nixos.org/options for all options programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 93793f2f1c71786215025d06f1c8072bbe4ea026 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:44 -0500 Subject: [PATCH 0676/1043] set nvidia drivers to open --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b264ca5..fd569b3 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -32,7 +32,7 @@ # supported GPUs is at: # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ - open = false; + open = true; # Enable the Nvidia settings menu, # accessible via `nvidia-settings`. From 54d03b280c5de2cd11c26fbed6f3a3e5f4497c4d Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:50 -0500 Subject: [PATCH 0677/1043] increase size of boot partiton for emergent --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index ec002b2..ac2067f 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -8,7 +8,7 @@ type = "gpt"; partitions = { ESP = { - size = "64M"; + size = "512M"; type = "EF00"; content = { type = "filesystem"; From 36382ebfe0001273823e2fe417e3242495b75da6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:19:31 -0500 Subject: [PATCH 0678/1043] switched to using nixos-anywhere flake in dev shell --- flake.lock | 153 +++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 12 +++- util/default.nix | 2 +- 3 files changed, 163 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83..fe1ba7d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,28 @@ "type": "github" } }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -57,6 +79,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -151,6 +194,27 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748765518, + "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", + "owner": "Mic92", + "repo": "nix-vm-test", + "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-vm-test", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -172,6 +236,32 @@ "type": "github" } }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1748794949, + "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "b7686308b281917d63137373a2eb5c566a973d03", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -188,6 +278,47 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748481078, + "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1748437600, + "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -214,6 +345,7 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", + "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -270,6 +402,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 496456a..c0a72cf 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # disk configurations disko = { url = "github:nix-community/disko"; @@ -79,6 +84,7 @@ sops-nix, nix-syncthing, home-manager, + nixos-anywhere, impermanence, ... } @ inputs: let @@ -131,11 +137,11 @@ systemsHomes // homeSystems; in { - formatter = forEachPkgs (pkgs: pkgs.alejandra); + formatter = forEachPkgs (system: pkgs: pkgs.alejandra); # templates = import ./templates; - devShells = forEachPkgs (pkgs: { + devShells = forEachPkgs (system: pkgs: { default = pkgs.mkShell { packages = with pkgs; [ # for version controlling this repo @@ -147,7 +153,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere + nixos-anywhere.packages.${system}.nixos-anywhere # for updating disko configurations disko ]; diff --git a/util/default.nix b/util/default.nix index 4b713da..5b61779 100644 --- a/util/default.nix +++ b/util/default.nix @@ -53,7 +53,7 @@ ../modules/system-modules ]; in { - forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: From b1e7be48b37adc932bac365d0ae10bdb6b0d9f9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:27:50 -0500 Subject: [PATCH 0679/1043] moved packages to common-modules --- modules/common-modules/pkgs/default.nix | 19 ++++++++++++++++--- .../pkgs}/prostudiomasters.nix | 0 .../pkgs}/webtoon-dl.nix | 0 modules/nixos-modules/default.nix | 1 - modules/nixos-modules/packages/default.nix | 17 ----------------- 5 files changed, 16 insertions(+), 21 deletions(-) rename modules/{nixos-modules/packages => common-modules/pkgs}/prostudiomasters.nix (100%) rename modules/{nixos-modules/packages => common-modules/pkgs}/webtoon-dl.nix (100%) delete mode 100644 modules/nixos-modules/packages/default.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 3e4456b..208ee24 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,17 @@ -# this folder is for custom derivations -{...}: { - # package = pkgs.callPackage ./package.nix {}; +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; } diff --git a/modules/nixos-modules/packages/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix similarity index 100% rename from modules/nixos-modules/packages/prostudiomasters.nix rename to modules/common-modules/pkgs/prostudiomasters.nix diff --git a/modules/nixos-modules/packages/webtoon-dl.nix b/modules/common-modules/pkgs/webtoon-dl.nix similarity index 100% rename from modules/nixos-modules/packages/webtoon-dl.nix rename to modules/common-modules/pkgs/webtoon-dl.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index d668a74..8cdeae9 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,7 +15,6 @@ ./ai.nix ./tailscale.nix ./server - ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix deleted file mode 100644 index 208ee24..0000000 --- a/modules/nixos-modules/packages/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, ...}: { - nixpkgs.overlays = [ - (final: prev: { - webtoon-dl = - pkgs.callPackage - ./webtoon-dl.nix - {}; - }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (final: prev: { - prostudiomasters = - pkgs.callPackage - ./prostudiomasters.nix - {}; - }) - ]; -} From 7979b4ed17663d504f95036af80de4a07ab2f697 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:29:39 -0500 Subject: [PATCH 0680/1043] installed prostudiomasters for leyla only --- configurations/home-manager/leyla/packages.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index e9ab230..020060d 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -72,6 +72,7 @@ in { # proprietary platforms discord obsidian + prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 7e2ab8a..770eeef 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -50,7 +50,6 @@ environment.systemPackages = with pkgs; [ webtoon-dl - prostudiomasters ]; programs = { From a68f81cf3bc41a131ceb7ec644629037e1102ccd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:41:55 -0500 Subject: [PATCH 0681/1043] moved disko needed configuration to disko.nix --- modules/nixos-modules/disko.nix | 41 ++++++++++++++++++++++++-- modules/nixos-modules/impermanence.nix | 27 ----------------- 2 files changed, 39 insertions(+), 29 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 13ddb8f..af83023 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -20,6 +20,8 @@ disk: lib.attrsets.nameValuePair (hashDisk disk) disk ) config.host.storage.pool.cache; + + datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; @@ -63,6 +65,39 @@ in { description = "list of drives that are going to be used as cache"; default = []; }; + # Default datasets that are needed to make a functioning system + datasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + default = { + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + }; + }; extraDatasets = lib.mkOption { type = lib.types.attrsOf (inputs.disko.lib.subType { types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; @@ -222,13 +257,15 @@ in { ); datasets = lib.mkMerge [ - (lib.attrsets.mapAttrs (name: value: { + ( + lib.attrsets.mapAttrs (name: value: { type = value.type; options = value.options; mountpoint = value.mountpoint; postCreateHook = value.postCreateHook; }) - config.host.storage.pool.extraDatasets) + datasets + ) ]; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e969e20..2f38cd3 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -38,33 +38,6 @@ }; host.storage.pool.extraDatasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - # persist datasets are datasets that contain information that we would like to keep around "persist" = { type = "zfs_fs"; From 99ea35547290d71e04fb600f9cb8cec2979bfbef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:59:24 -0500 Subject: [PATCH 0682/1043] made boot disko partition configurable --- .../nixos/defiant/configuration.nix | 2 + modules/nixos-modules/disko.nix | 99 ++++++++----------- 2 files changed, 45 insertions(+), 56 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fef7a56..a48bddb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,6 +40,8 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; vdevs = [ [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index af83023..2cfeacc 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,16 +50,25 @@ in { }; }; pool = { - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; + # list of drives in pool that will have a boot partition put onto them + bootDrives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of disks that are going to have a boot partition installed on them"; + default = lib.lists.flatten config.host.storage.pool.vdevs; }; + # shorthand for vdevs if you only have 1 vdev drives = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be in the vdev"; default = []; }; + # list of all drives in each vdev + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + # list of cache drives for pool cache = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be used as cache"; @@ -156,59 +165,37 @@ in { disko.devices = { disk = ( builtins.listToAttrs ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { + # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - (lib.lists.flatten vdevs) - ) - ++ ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - # 2G here because its not much relative to how much storage we have for caching - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - cache + (lib.lists.flatten vdevs) ++ cache ) ) ); From 795b9b010f2890b2414ea549e3f5a133186234a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:04:37 -0500 Subject: [PATCH 0683/1043] made zfs mode settable --- modules/nixos-modules/disko.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 2cfeacc..3d15498 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; }; pool = { + mode = lib.mkOption { + type = lib.types.str; + default = "raidz2"; + description = "what level of redundancy should this pool have"; + }; # list of drives in pool that will have a boot partition put onto them bootDrives = lib.mkOption { type = lib.types.listOf lib.types.str; @@ -207,7 +212,7 @@ in { type = "topology"; vdev = ( builtins.map (disks: { - mode = "raidz2"; + mode = config.host.storage.pool.mode; members = builtins.map (disk: disk.name) disks; }) From 6ce718ab095036ae60e2979e825a1ffee9777f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:07:13 -0500 Subject: [PATCH 0684/1043] moved emergent to common disko configuration --- .../nixos/emergent/configuration.nix | 8 +++ configurations/nixos/emergent/default.nix | 1 - .../nixos/emergent/disco-configuration.nix | 57 ------------------- 3 files changed, 8 insertions(+), 58 deletions(-) delete mode 100644 configurations/nixos/emergent/disco-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 2d7df4c..8176f97 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -50,6 +50,14 @@ isPrincipleUser = true; }; }; + + storage = { + enable = true; + pool = { + mode = ""; + drives = ["wwn-0x5000039fd0cf05eb"]; + }; + }; }; # Configure keymap in X11 diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 3455825..452334a 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,6 +3,5 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./disco-configuration.nix ]; } diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix deleted file mode 100644 index ac2067f..0000000 --- a/configurations/nixos/emergent/disco-configuration.nix +++ /dev/null @@ -1,57 +0,0 @@ -{...}: { - disko.devices = { - disk = { - disk1 = { - type = "disk"; - device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = ""; - options.cachefile = "none"; - rootFsOptions = { - compression = "zstd"; - "com.sun:auto-snapshot" = "true"; - }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - - datasets = { - "system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - }; - }; - }; -} From ba2a31a80ebea98dff88657c968f6cb239343086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:16:27 -0500 Subject: [PATCH 0685/1043] removed unused variable --- configurations/nixos/emergent/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 8176f97..eaac657 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -2,7 +2,6 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - config, lib, pkgs, ... From 2475170d0aecd74581b9d9f37dd6ce907d3ca48e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:28:06 -0500 Subject: [PATCH 0686/1043] moved user set configurations out of hardware-configuration.nix --- .../nixos/horizon/configuration.nix | 28 ++++- .../nixos/horizon/hardware-configuration.nix | 115 ++---------------- 2 files changed, 39 insertions(+), 104 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 770eeef..4a73d8c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,7 +1,8 @@ { + lib, + pkgs, config, inputs, - pkgs, ... }: { imports = [ @@ -10,6 +11,19 @@ nixpkgs.config.allowUnfree = true; + boot = { + initrd = { + availableKernelModules = ["usb_storage" "sd_mod"]; + }; + kernelModules = ["sg"]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + host = { users = { leyla = { @@ -49,8 +63,10 @@ }; environment.systemPackages = with pkgs; [ + cachefilesd webtoon-dl ]; + services.cachefilesd.enable = true; programs = { adb.enable = true; @@ -61,6 +77,16 @@ }; }; + networking = { + networkmanager.enable = true; + hostName = "horizon"; # Define your hostname. + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware = { + graphics.enable = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index e88d8dc..cec4914 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,22 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-intel" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - supportedFilesystems = ["nfs"]; - }; + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -39,98 +26,20 @@ device = "/dev/disk/by-uuid/E138-65B5"; fsType = "vfat"; }; - - "/mnt/leyla_documents" = { - device = "defiant:/export/leyla_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/eve_documents" = { - device = "defiant:/export/eve_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/export/users_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/media" = { - device = "defiant:/export/media"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - - services.cachefilesd.enable = true; - swapDevices = [ {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} ]; - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - hostName = "horizon"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware = { - graphics.enable = true; - cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From 35d6c1a63476a007ee81ce30bb517e8ceda5930a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:04:13 -0500 Subject: [PATCH 0687/1043] enabled fwupd on horizon --- configurations/nixos/horizon/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 4a73d8c..5817e2b 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -98,6 +98,10 @@ fprintd = { enable = true; }; + # firmware update tool + fwupd = { + enable = true; + }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; From 2e41153c43a8c3c1729b8deccc841d3bad38fcd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:37:12 -0500 Subject: [PATCH 0688/1043] reverted nixos-anywhere devshell --- flake.lock | 153 ----------------------- flake.nix | 8 +- modules/home-manager-modules/openssh.nix | 16 +-- 3 files changed, 9 insertions(+), 168 deletions(-) diff --git a/flake.lock b/flake.lock index fe1ba7d..fa3ad83 100644 --- a/flake.lock +++ b/flake.lock @@ -20,28 +20,6 @@ "type": "github" } }, - "disko_2": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", - "owner": "nix-community", - "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "disko", - "type": "github" - } - }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -79,27 +57,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -194,27 +151,6 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, - "nix-vm-test": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748765518, - "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", - "owner": "Mic92", - "repo": "nix-vm-test", - "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "nix-vm-test", - "type": "github" - } - }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -236,32 +172,6 @@ "type": "github" } }, - "nixos-anywhere": { - "inputs": { - "disko": "disko_2", - "flake-parts": "flake-parts", - "nix-vm-test": "nix-vm-test", - "nixos-images": "nixos-images", - "nixos-stable": "nixos-stable", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1748794949, - "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", - "owner": "nix-community", - "repo": "nixos-anywhere", - "rev": "b7686308b281917d63137373a2eb5c566a973d03", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-anywhere", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -278,47 +188,6 @@ "type": "github" } }, - "nixos-images": { - "inputs": { - "nixos-stable": [ - "nixos-anywhere", - "nixos-stable" - ], - "nixos-unstable": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748481078, - "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", - "owner": "nix-community", - "repo": "nixos-images", - "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-images", - "type": "github" - } - }, - "nixos-stable": { - "locked": { - "lastModified": 1748437600, - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -345,7 +214,6 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", - "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -402,27 +270,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c0a72cf..ac651f7 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-anywhere = { - url = "github:nix-community/nixos-anywhere"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # disk configurations disko = { url = "github:nix-community/disko"; @@ -84,7 +79,6 @@ sops-nix, nix-syncthing, home-manager, - nixos-anywhere, impermanence, ... } @ inputs: let @@ -153,7 +147,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere.packages.${system}.nixos-anywhere + nixos-anywhere # for updating disko configurations disko ]; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b8..d7a0873 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); - }; + # programs.ssh = { + # enable = true; + # compression = true; + # addKeysToAgent = "confirm"; + # extraConfig = lib.strings.concatLines ( + # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + # ); + # }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From 5e0bf9f068b879f8b00bcec30cf4cdda47d0862e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 17:37:56 -0500 Subject: [PATCH 0689/1043] re enabled ssh agent IdentityFile --- modules/home-manager-modules/openssh.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index d7a0873..7b646b8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - # programs.ssh = { - # enable = true; - # compression = true; - # addKeysToAgent = "confirm"; - # extraConfig = lib.strings.concatLines ( - # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - # ); - # }; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From ac7c2e6de6eb957c8408c66f50d51397624be090 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:11:27 -0500 Subject: [PATCH 0690/1043] switched to lix --- flake.lock | 86 +++++++++++++++++++++++++++++++- flake.nix | 8 +-- modules/nixos-modules/system.nix | 1 - util/default.nix | 4 +- 4 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83..3dbabc8 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +143,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +221,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -270,6 +339,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ac651f7..7896d60 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 51a92ed..b839067 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,6 +1,5 @@ {...}: { nix = { - settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; diff --git a/util/default.nix b/util/default.nix index 5b61779..fb2f83d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9664eeb38dd162ea6d76102bfe7215a8c09bec44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:19:03 -0500 Subject: [PATCH 0691/1043] updated flakes --- .../nixos/emergent/configuration.nix | 4 +-- flake.lock | 34 +++++++++---------- modules/nixos-modules/desktop.nix | 10 +++--- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index eaac657..aacc820 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -38,8 +38,8 @@ services.xserver.enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; host = { users = { diff --git a/flake.lock b/flake.lock index 3dbabc8..bbaffa4 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748405006, - "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", + "lastModified": 1748730131, + "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9801a86d6603260940890c36650275090d1dceb", + "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748455938, - "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", + "lastModified": 1748811839, + "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", "owner": "nix-community", "repo": "home-manager", - "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", + "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", "type": "github" }, "original": { @@ -150,7 +150,7 @@ "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", @@ -171,7 +171,7 @@ "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748397853, - "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", + "lastModified": 1748744745, + "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", + "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1748634340, + "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748370509, - "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index cf59cd9..323b7cc 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -19,12 +19,6 @@ # Enable the X11 windowing system. enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - }; - # Get rid of xTerm desktopManager.xterm.enable = false; excludePackages = with pkgs; [ @@ -47,6 +41,10 @@ ]; }; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + pipewire = { enable = true; alsa.enable = true; From 42e2ce9258660796c4607ce8b088978406e7d57e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 20:58:30 -0500 Subject: [PATCH 0692/1043] fixed warnings on defiant --- configurations/nixos/defiant/configuration.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a48bddb..0b9d1b7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,16 +201,14 @@ # temp enable desktop enviroment for setup # Enable the X11 windowing system. - xserver = { - enable = true; + xserver.enable = true; - # Enable the GNOME Desktop Environment. - displayManager = { - gdm.enable = true; - }; - desktopManager = { - gnome.enable = true; - }; + # Enable the GNOME Desktop Environment. + displayManager = { + gdm.enable = true; + }; + desktopManager = { + gnome.enable = true; }; ollama = { @@ -300,7 +298,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; - services.xserver.displayManager.gdm.autoSuspend = false; + services.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 1a4c2b2f950359eb905a2a7975e6e9af56e1aceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 21:06:54 -0500 Subject: [PATCH 0693/1043] stripped down twilight configuration.nix --- .../nixos/twilight/configuration.nix | 63 ++++++++++ configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/hardware-configuration.nix | 116 +----------------- .../nixos/twilight/nvidia-drivers.nix | 52 ++++++++ 4 files changed, 121 insertions(+), 111 deletions(-) create mode 100644 configurations/nixos/twilight/nvidia-drivers.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index e9032d8..0306f19 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,6 +1,7 @@ { inputs, config, + pkgs, ... }: { imports = [ @@ -121,6 +122,63 @@ syncthing.enable = true; }; + + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + cachefilesd + ]; programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play @@ -128,6 +186,11 @@ }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index + networking = { + networkmanager.enable = true; + hostName = "twilight"; # Define your hostname. + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index edfb3f6..43a9164 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./nvidia-drivers.nix ]; } diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1cba7de..9a4c2d2 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,16 +25,6 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - - supportedFilesystems = ["nfs"]; - }; - - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; }; fileSystems = { @@ -48,111 +38,15 @@ fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; - - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" - "fsc" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - swapDevices = []; - networking = { - networkmanager.enable = true; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - hostName = "twilight"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix new file mode 100644 index 0000000..883b5cb --- /dev/null +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -0,0 +1,52 @@ +{ + lib, + config, + ... +}: { + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = true; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} From a7b738eae366d806f145b291c6de1ba8e1580dc2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 22:10:29 -0500 Subject: [PATCH 0694/1043] made twilight hardware-configuration.nix match what is automatically generated --- .../nixos/twilight/configuration.nix | 8 ++++++++ .../nixos/twilight/hardware-configuration.nix | 20 +++++-------------- .../nixos/twilight/nvidia-drivers.nix | 8 +------- 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0306f19..6cef2fb 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,6 +10,14 @@ nixpkgs.config.allowUnfree = true; + boot.initrd.availableKernelModules = ["usb_storage"]; + boot.kernelModules = ["sg"]; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/twilight" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 9a4c2d2..1389caf 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,20 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-amd" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -49,4 +38,5 @@ networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 883b5cb..d373bf2 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{config, ...}: { services.xserver = { # Load nvidia driver for Xorg and Wayland videoDrivers = ["nvidia"]; @@ -46,7 +42,5 @@ # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.production; }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } From e6a640abfc772e034b9dcdffc14a5101d8973fac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 23:52:13 -0500 Subject: [PATCH 0695/1043] fixed warning in nvida-drivers --- configurations/nixos/twilight/nvidia-drivers.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index d373bf2..47763f8 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,9 @@ {config, ...}: { - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; # Use X instead of wayland for gaming reasons displayManager.gdm.wayland = false; }; From dd537353547ae61bf29174997014180cca9cc644 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 21:07:09 -0500 Subject: [PATCH 0696/1043] refactored leyla packages into several folders --- configurations/home-manager/leyla/default.nix | 2 +- .../home-manager/leyla/packages.nix | 136 ------------------ .../home-manager/leyla/packages/default.nix | 104 ++++++++++++++ .../home-manager/leyla/packages/direnv.nix | 12 ++ .../leyla/{ => packages}/firefox.nix | 10 +- .../home-manager/leyla/packages/git.nix | 22 +++ .../home-manager/leyla/packages/openssh.nix | 24 ++++ .../leyla/{ => packages}/vscode/default.nix | 3 +- .../{ => packages}/vscode/user-words.nix | 0 modules/home-manager-modules/continue.nix | 60 ++++---- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/openssh.nix | 117 +++++++-------- modules/home-manager-modules/user.nix | 17 +++ 13 files changed, 275 insertions(+), 233 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages.nix create mode 100644 configurations/home-manager/leyla/packages/default.nix create mode 100644 configurations/home-manager/leyla/packages/direnv.nix rename configurations/home-manager/leyla/{ => packages}/firefox.nix (98%) create mode 100644 configurations/home-manager/leyla/packages/git.nix create mode 100644 configurations/home-manager/leyla/packages/openssh.nix rename configurations/home-manager/leyla/{ => packages}/vscode/default.nix (97%) rename configurations/home-manager/leyla/{ => packages}/vscode/user-words.nix (100%) create mode 100644 modules/home-manager-modules/user.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 90251a3..d7cecc4 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,7 +1,7 @@ {osConfig, ...}: { imports = [ + ./packages ./i18n.nix - ./packages.nix ./impermanence.nix ./dconf.nix ]; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix deleted file mode 100644 index 020060d..0000000 --- a/configurations/home-manager/leyla/packages.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ - lib, - config, - osConfig, - pkgs, - ... -}: let - userConfig = osConfig.host.users.leyla; - hardware = osConfig.host.hardware; -in { - imports = [ - ./vscode/default.nix - ./firefox.nix - ]; - - config = lib.mkMerge [ - (lib.mkIf userConfig.isTerminalUser { - home.packages = with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ]; - }) - (lib.mkIf userConfig.isDesktopUser { - nixpkgs.config = { - allowUnfree = true; - }; - - home.packages = ( - lib.lists.optionals userConfig.isDesktopUser ( - (with pkgs; [ - # helvetica font - aileron - - gnomeExtensions.dash-to-dock - - # development tools - dbeaver-bin - bruno - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - signal-desktop-bin - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - onionshare - # rhythmbox - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - anki - pdfarranger - calibre - qbittorrent - picard - - # proprietary platforms - discord - obsidian - prostudiomasters - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - jetbrains.idea-community - qFlipper - - # system tools - protonvpn-gui - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ]) - ) - ) - ); - programs = lib.mkIf userConfig.isDesktopUser { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; - }) - ]; -} diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix new file mode 100644 index 0000000..fd2347c --- /dev/null +++ b/configurations/home-manager/leyla/packages/default.nix @@ -0,0 +1,104 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + hardware = osConfig.host.hardware; +in { + imports = [ + ./vscode + ./firefox.nix + ./direnv.nix + ./openssh.nix + ./git.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf config.user.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf config.user.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; + + home.packages = ( + (with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + + # development tools + dbeaver-bin + bruno + proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent + picard + + # proprietary platforms + discord + obsidian + prostudiomasters + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) + ); + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + bash.enable = true; + }; + }) + ]; +} diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix new file mode 100644 index 0000000..630d0cc --- /dev/null +++ b/configurations/home-manager/leyla/packages/direnv.nix @@ -0,0 +1,12 @@ +{config, ...}: { + config = { + programs = { + git = { + enable = config.user.isDesktopUser || config.user.isTerminalUser; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix similarity index 98% rename from configurations/home-manager/leyla/firefox.nix rename to configurations/home-manager/leyla/packages/firefox.nix index 0adea28..fcac972 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -2,14 +2,12 @@ lib, pkgs, inputs, - osConfig, + config, ... -}: let - is-desktop-user = osConfig.host.users.leyla.isDesktopUser; -in { - config = lib.mkIf is-desktop-user { +}: { + config = { programs.firefox = { - enable = true; + enable = config.user.isDesktopUser; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix new file mode 100644 index 0000000..038c149 --- /dev/null +++ b/configurations/home-manager/leyla/packages/git.nix @@ -0,0 +1,22 @@ +{ + lib, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.leyla; +in { + config = lib.mkIf userConfig.isDesktopUser { + programs = { + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; + }; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix new file mode 100644 index 0000000..07b4488 --- /dev/null +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -0,0 +1,24 @@ +{ + config, + osConfig, + ... +}: { + config = { + programs = { + openssh = { + enable = config.user.isDesktopUser; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix similarity index 97% rename from configurations/home-manager/leyla/vscode/default.nix rename to configurations/home-manager/leyla/packages/vscode/default.nix index c2ee066..4ad8c81 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -8,9 +8,8 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; - is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - config = lib.mkIf is-desktop-user { + config = lib.mkIf config.user.isDesktopUser { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix similarity index 100% rename from configurations/home-manager/leyla/vscode/user-words.nix rename to configurations/home-manager/leyla/packages/vscode/user-words.nix diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index 327ee44..20ec52b 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -7,40 +7,38 @@ }: let ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { - options = { - user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; + options.user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; + startUrl = lib.mkOption { + type = lib.types.str; }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; }; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; }; }; }; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ee47fb5..b4d9c16 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,6 +1,7 @@ # this folder container modules that are for home manager only {...}: { imports = [ + ./user.nix ./flipperzero.nix ./i18n.nix ./openssh.nix diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b8..c8ba22d 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -6,6 +6,7 @@ ... }: { options.programs.openssh = { + enable = lib.mkEnableOption "should we enable openssh"; authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; @@ -37,63 +38,65 @@ }; }; - config = lib.mkMerge [ - ( - lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { - services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + config = lib.mkIf config.programs.openssh.enable ( + lib.mkMerge [ + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; + + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* + fi + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); }; - - systemd.user.services = builtins.listToAttrs ( - builtins.map (hostKey: - lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { - Install = { - WantedBy = ["default.target"]; - }; - Service = let - path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; - in { - Restart = "always"; - Type = "simple"; - ExecStart = "${ - pkgs.writeShellScript "ssh-gen-keys" '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" - fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ${pkgs.openssh}/bin/ssh-keygen \ - -t "${hostKey.type}" \ - ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ - ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ - ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ - ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - chown ${config.home.username} ${path}* - chgrp ${config.home.username} ${path}* - fi - '' - }"; - }; - }) - config.programs.openssh.hostKeys - ); - } - ) - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys - ); - }; - }) - ]; + }) + ] + ); } diff --git a/modules/home-manager-modules/user.nix b/modules/home-manager-modules/user.nix new file mode 100644 index 0000000..efce22d --- /dev/null +++ b/modules/home-manager-modules/user.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + osConfig, + ... +}: { + options.user = { + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = osConfig.host.users.${config.home.username}.isDesktopUser; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = osConfig.host.users.${config.home.username}.isTerminalUser; + }; + }; +} From 666504a63aca6f31213bb28a299fc51103c3c432 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 21:13:45 -0500 Subject: [PATCH 0697/1043] added notes for leyla packages --- .../home-manager/leyla/packages/default.nix | 10 ++++++++ .../home-manager/leyla/packages/direnv.nix | 24 +++++++++++++------ .../home-manager/leyla/packages/firefox.nix | 1 + .../home-manager/leyla/packages/git.nix | 24 ++++++------------- .../home-manager/leyla/packages/openssh.nix | 1 + 5 files changed, 36 insertions(+), 24 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index fd2347c..d8b200d 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -45,7 +45,9 @@ in { ++ ( lib.lists.optionals hardware.directAccess.enable (with pkgs; [ #foss platforms + # TODO: move signal to package with impermanence signal-desktop-bin + # TODO: move bitwarden to package with impermanence bitwarden ungoogled-chromium libreoffice @@ -55,9 +57,12 @@ in { freecad # cura # kicad-small + # TODO: move makemkv to package with configs set and impermanence makemkv onionshare # rhythmbox + + # TODO: move obs to package with impermanence (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark # rpi-imager @@ -71,17 +76,22 @@ in { picard # proprietary platforms + # TODO: move discord to package with impermanence discord + # TODO: move obsidian to package with impermanence obsidian + # TODO: move prostudiomasters to package with impermanence prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools # androidStudioPackages.canary + # TODO: move idea to package with impermanence and installed extensions jetbrains.idea-community qFlipper # system tools + # TODO: move protonvpn to package with impermanence and installed extensions protonvpn-gui openvpn noisetorch diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix index 630d0cc..038c149 100644 --- a/configurations/home-manager/leyla/packages/direnv.nix +++ b/configurations/home-manager/leyla/packages/direnv.nix @@ -1,11 +1,21 @@ -{config, ...}: { - config = { +{ + lib, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.leyla; +in { + config = lib.mkIf userConfig.isDesktopUser { programs = { - git = { - enable = config.user.isDesktopUser || config.user.isTerminalUser; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; + }; }; }; }; diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index fcac972..a343b0a 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -341,5 +341,6 @@ }; }; }; + # TODO: impermanence module, prob in home-manager-modules? }; } diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 038c149..630d0cc 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -1,21 +1,11 @@ -{ - lib, - config, - osConfig, - ... -}: let - userConfig = osConfig.host.users.leyla; -in { - config = lib.mkIf userConfig.isDesktopUser { +{config, ...}: { + config = { programs = { - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; - }; + git = { + enable = config.user.isDesktopUser || config.user.isTerminalUser; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; }; diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix index 07b4488..e7131c9 100644 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -20,5 +20,6 @@ ]; }; }; + # TODO: impermanence module, prob in home-manager-modules? }; } From 9fe35e74ad5feb6711ec3335d6ee12db15231c2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 22:47:01 -0500 Subject: [PATCH 0698/1043] created program option entries for all packages that needs continual state --- configurations/home-manager/eve/packages.nix | 62 ++++++++++--------- .../home-manager/leyla/packages/default.nix | 56 +++++++++-------- .../home-manager/leyla/packages/firefox.nix | 2 - .../home-manager/leyla/packages/git.nix | 3 +- .../home-manager/leyla/packages/openssh.nix | 2 - .../leyla/packages/vscode/default.nix | 2 - modules/home-manager-modules/default.nix | 1 + .../home-manager-modules/programs/anki.nix | 24 +++++++ .../programs/bitwarden.nix | 24 +++++++ .../home-manager-modules/programs/calibre.nix | 24 +++++++ .../home-manager-modules/programs/default.nix | 17 +++++ .../home-manager-modules/programs/discord.nix | 24 +++++++ .../home-manager-modules/programs/firefox.nix | 3 + .../home-manager-modules/programs/idea.nix | 24 +++++++ .../home-manager-modules/programs/makemkv.nix | 25 ++++++++ modules/home-manager-modules/programs/obs.nix | 24 +++++++ .../programs/obsidian.nix | 24 +++++++ .../programs/prostudiomasters.nix | 24 +++++++ .../programs/protonvpn.nix | 24 +++++++ .../programs/qbittorrent.nix | 24 +++++++ .../home-manager-modules/programs/signal.nix | 24 +++++++ 21 files changed, 374 insertions(+), 63 deletions(-) create mode 100644 modules/home-manager-modules/programs/anki.nix create mode 100644 modules/home-manager-modules/programs/bitwarden.nix create mode 100644 modules/home-manager-modules/programs/calibre.nix create mode 100644 modules/home-manager-modules/programs/default.nix create mode 100644 modules/home-manager-modules/programs/discord.nix create mode 100644 modules/home-manager-modules/programs/firefox.nix create mode 100644 modules/home-manager-modules/programs/idea.nix create mode 100644 modules/home-manager-modules/programs/makemkv.nix create mode 100644 modules/home-manager-modules/programs/obs.nix create mode 100644 modules/home-manager-modules/programs/obsidian.nix create mode 100644 modules/home-manager-modules/programs/prostudiomasters.nix create mode 100644 modules/home-manager-modules/programs/protonvpn.nix create mode 100644 modules/home-manager-modules/programs/qbittorrent.nix create mode 100644 modules/home-manager-modules/programs/signal.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6cc4630..1abf501 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -12,41 +12,47 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin ungoogled-chromium ] ); # Packages that need to be installed with some extra configuration # See https://home-manager-options.extranix.com/ for all options - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; + openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }) + (lib.mkIf userConfig.isDesktopUser { + vscode = { + enable = true; + package = pkgs.vscodium; + }; - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; + firefox.enable = true; + bitwarden.enable = true; + discord.enable = true; + makemkv.enable = true; + signal-desktop-bin.enable = true; + }) + ]; }; } diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index d8b200d..cfe70cc 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -45,10 +45,6 @@ in { ++ ( lib.lists.optionals hardware.directAccess.enable (with pkgs; [ #foss platforms - # TODO: move signal to package with impermanence - signal-desktop-bin - # TODO: move bitwarden to package with impermanence - bitwarden ungoogled-chromium libreoffice inkscape @@ -57,42 +53,25 @@ in { freecad # cura # kicad-small - # TODO: move makemkv to package with configs set and impermanence - makemkv onionshare # rhythmbox - # TODO: move obs to package with impermanence - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark # rpi-imager # fritzing mfoc tor-browser - anki pdfarranger - calibre - qbittorrent picard # proprietary platforms - # TODO: move discord to package with impermanence - discord - # TODO: move obsidian to package with impermanence - obsidian - # TODO: move prostudiomasters to package with impermanence - prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools # androidStudioPackages.canary - # TODO: move idea to package with impermanence and installed extensions - jetbrains.idea-community qFlipper # system tools - # TODO: move protonvpn to package with impermanence and installed extensions - protonvpn-gui openvpn noisetorch @@ -103,12 +82,35 @@ in { ]) ) ); - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - bash.enable = true; - }; + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + bash.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + git.enable = true; + openssh.enable = true; + }) + (lib.mkIf hardware.directAccess.enable { + anki.enable = true; + bitwarden.enable = true; + signal-desktop-bin.enable = true; + makemkv.enable = true; + obs-studio.enable = hardware.graphicsAcceleration.enable; + calibre.enable = true; + qbittorrent.enable = true; + discord.enable = true; + obsidian.enable = true; + prostudiomasters.enable = true; + jetbrains.idea-community.enable = true; + protonvpn-gui.enable = true; + }) + (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + vscode.enable = true; + firefox.enable = true; + }) + ]; }) ]; } diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index a343b0a..f9787b9 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -2,12 +2,10 @@ lib, pkgs, inputs, - config, ... }: { config = { programs.firefox = { - enable = config.user.isDesktopUser; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 630d0cc..568cd7a 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -1,8 +1,7 @@ -{config, ...}: { +{...}: { config = { programs = { git = { - enable = config.user.isDesktopUser || config.user.isTerminalUser; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix index e7131c9..91aec11 100644 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -6,7 +6,6 @@ config = { programs = { openssh = { - enable = config.user.isDesktopUser; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" @@ -20,6 +19,5 @@ ]; }; }; - # TODO: impermanence module, prob in home-manager-modules? }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 4ad8c81..c21e01d 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -26,8 +26,6 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = true; - package = pkgs.vscodium; mutableExtensionsDir = false; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index b4d9c16..faf6f58 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,5 +6,6 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./programs ]; } diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix new file mode 100644 index 0000000..d513657 --- /dev/null +++ b/modules/home-manager-modules/programs/anki.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.anki = { + enable = lib.mkEnableOption "enable anki"; + }; + + config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + anki + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for anki + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix new file mode 100644 index 0000000..b68ee30 --- /dev/null +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.bitwarden = { + enable = lib.mkEnableOption "enable bitwarden"; + }; + + config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + bitwarden + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for bitwarden + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix new file mode 100644 index 0000000..f22fbbf --- /dev/null +++ b/modules/home-manager-modules/programs/calibre.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.calibre = { + enable = lib.mkEnableOption "enable calibre"; + }; + + config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + calibre + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for calibre + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix new file mode 100644 index 0000000..a9139bc --- /dev/null +++ b/modules/home-manager-modules/programs/default.nix @@ -0,0 +1,17 @@ +{...}: { + imports = [ + ./firefox.nix + ./signal.nix + ./bitwarden.nix + ./makemkv.nix + ./obs.nix + ./anki.nix + ./qbittorrent.nix + ./discord.nix + ./obsidian.nix + ./prostudiomasters.nix + ./idea.nix + ./protonvpn.nix + ./calibre.nix + ]; +} diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix new file mode 100644 index 0000000..a81bb03 --- /dev/null +++ b/modules/home-manager-modules/programs/discord.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.discord = { + enable = lib.mkEnableOption "enable discord"; + }; + + config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + discord + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for discord + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix new file mode 100644 index 0000000..654a480 --- /dev/null +++ b/modules/home-manager-modules/programs/firefox.nix @@ -0,0 +1,3 @@ +{...}: { + # TODO: map firefox impermanence +} diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix new file mode 100644 index 0000000..a7a6d7f --- /dev/null +++ b/modules/home-manager-modules/programs/idea.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.jetbrains.idea-community = { + enable = lib.mkEnableOption "enable idea-community"; + }; + + config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + jetbrains.idea-community + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for idea-community + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix new file mode 100644 index 0000000..c1040bb --- /dev/null +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.makemkv = { + enable = lib.mkEnableOption "enable makemkv"; + }; + + config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + makemkv + ]; + # TODO: write config file for makemkv + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for makemkv + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix new file mode 100644 index 0000000..b29521a --- /dev/null +++ b/modules/home-manager-modules/programs/obs.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.obs-studio = { + # enable = lib.mkEnableOption "enable obs"; + }; + + config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + obs-studio + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for obs + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix new file mode 100644 index 0000000..57f119b --- /dev/null +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.obsidian = { + # enable = lib.mkEnableOption "enable obsidian"; + }; + + config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + obsidian + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for obsidian + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix new file mode 100644 index 0000000..4481f5b --- /dev/null +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.prostudiomasters = { + enable = lib.mkEnableOption "enable prostudiomasters"; + }; + + config = lib.mkIf config.programs.prostudiomasters.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + prostudiomasters + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for prostudiomasters + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix new file mode 100644 index 0000000..1ddedc7 --- /dev/null +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.protonvpn-gui = { + enable = lib.mkEnableOption "enable protonvpn"; + }; + + config = lib.mkIf config.programs.protonvpn-gui.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + protonvpn-gui + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for protonvpn + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix new file mode 100644 index 0000000..1e98c3e --- /dev/null +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.qbittorrent = { + enable = lib.mkEnableOption "enable qbittorrent"; + }; + + config = lib.mkIf config.programs.qbittorrent.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + qbittorrent + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for qbittorrent + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix new file mode 100644 index 0000000..4eb0f37 --- /dev/null +++ b/modules/home-manager-modules/programs/signal.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.signal-desktop-bin = { + enable = lib.mkEnableOption "enable signal"; + }; + + config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + signal-desktop-bin + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for signal + } + ) + ]); +} From d741c252914683a6e5f38eb50f2fdcf262badef7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 22:50:35 -0500 Subject: [PATCH 0699/1043] moved some packages under desktop + direct access --- .../home-manager/leyla/packages/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index cfe70cc..ff32361 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -92,21 +92,21 @@ in { git.enable = true; openssh.enable = true; }) - (lib.mkIf hardware.directAccess.enable { - anki.enable = true; + (lib.mkIf config.user.isDesktopUser { bitwarden.enable = true; - signal-desktop-bin.enable = true; - makemkv.enable = true; obs-studio.enable = hardware.graphicsAcceleration.enable; - calibre.enable = true; qbittorrent.enable = true; - discord.enable = true; - obsidian.enable = true; prostudiomasters.enable = true; - jetbrains.idea-community.enable = true; protonvpn-gui.enable = true; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + anki.enable = true; + makemkv.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + calibre.enable = true; + obsidian.enable = true; + jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; }) From eca8dfcf69ed8a312ea1326f7493535513a0d0b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 23:15:17 -0500 Subject: [PATCH 0700/1043] removed extra packages --- flake.lock | 24 +++++++++---------- modules/home-manager-modules/programs/obs.nix | 10 -------- .../programs/obsidian.nix | 10 -------- 3 files changed, 12 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index bbaffa4..f77dacd 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "lastModified": 1748832438, + "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", "owner": "nix-community", "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748730131, - "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", + "lastModified": 1748923398, + "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", + "rev": "9eb346d6488b06f04809da4de2073666e25ede9d", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748811839, - "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", + "lastModified": 1748923085, + "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=", "owner": "nix-community", "repo": "home-manager", - "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", + "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748744745, - "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", + "lastModified": 1748916419, + "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", + "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index b29521a..98c4fea 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -1,20 +1,10 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.obs-studio = { - # enable = lib.mkEnableOption "enable obs"; - }; - config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - obs-studio - ]; - } ( lib.mkIf osConfig.host.impermanence.enable { # TODO: map impermanence for obs diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 57f119b..9dd9299 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -1,20 +1,10 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.obsidian = { - # enable = lib.mkEnableOption "enable obsidian"; - }; - config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - obsidian - ]; - } ( lib.mkIf osConfig.host.impermanence.enable { # TODO: map impermanence for obsidian From 7473ad541586ed857039bc651567c3b1d7278ce0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 11:19:34 -0500 Subject: [PATCH 0701/1043] moved more packages to module --- .../home-manager/leyla/packages/default.nix | 66 +++++++++---------- .../home-manager-modules/programs/bruno.nix | 24 +++++++ .../home-manager-modules/programs/dbeaver.nix | 24 +++++++ .../home-manager-modules/programs/default.nix | 2 + 4 files changed, 83 insertions(+), 33 deletions(-) create mode 100644 modules/home-manager-modules/programs/bruno.nix create mode 100644 modules/home-manager-modules/programs/dbeaver.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index ff32361..8f06441 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -16,6 +16,39 @@ in { ]; config = lib.mkMerge [ + { + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) { + bash.enable = true; + git.enable = true; + openssh.enable = true; + }) + (lib.mkIf config.user.isDesktopUser { + bitwarden.enable = true; + obs-studio.enable = hardware.graphicsAcceleration.enable; + qbittorrent.enable = true; + prostudiomasters.enable = true; + protonvpn-gui.enable = true; + dbeaver-bin.enable = true; + bruno.enable = true; + }) + (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + anki.enable = true; + makemkv.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + calibre.enable = true; + obsidian.enable = true; + jetbrains.idea-community.enable = true; + vscode.enable = true; + firefox.enable = true; + }) + ]; + } (lib.mkIf config.user.isTerminalUser { home.packages = with pkgs; [ # command line tools @@ -32,14 +65,10 @@ in { home.packages = ( (with pkgs; [ - # helvetica font aileron gnomeExtensions.dash-to-dock - # development tools - dbeaver-bin - bruno proxmark3 ]) ++ ( @@ -82,35 +111,6 @@ in { ]) ) ); - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - bash.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - git.enable = true; - openssh.enable = true; - }) - (lib.mkIf config.user.isDesktopUser { - bitwarden.enable = true; - obs-studio.enable = hardware.graphicsAcceleration.enable; - qbittorrent.enable = true; - prostudiomasters.enable = true; - protonvpn-gui.enable = true; - }) - (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { - anki.enable = true; - makemkv.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - calibre.enable = true; - obsidian.enable = true; - jetbrains.idea-community.enable = true; - vscode.enable = true; - firefox.enable = true; - }) - ]; }) ]; } diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix new file mode 100644 index 0000000..b7e6ae3 --- /dev/null +++ b/modules/home-manager-modules/programs/bruno.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.bruno = { + enable = lib.mkEnableOption "enable bruno"; + }; + + config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + bruno + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for bruno + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix new file mode 100644 index 0000000..fed1d6d --- /dev/null +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.dbeaver-bin = { + enable = lib.mkEnableOption "enable dbeaver"; + }; + + config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + dbeaver-bin + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for dbeaver + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index a9139bc..aa15701 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -13,5 +13,7 @@ ./idea.nix ./protonvpn.nix ./calibre.nix + ./bruno.nix + ./dbeaver.nix ]; } From 9c7cc3e3a759f38c515e7b2e73dd2cbe5f1aaebf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 16:23:20 -0500 Subject: [PATCH 0702/1043] drafted out home manager steam configuration --- .../home-manager/leyla/packages/default.nix | 1 + configurations/nixos/horizon/configuration.nix | 2 +- .../nixos/twilight/configuration.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/steam.nix | 17 +++++++++++++++++ modules/nixos-modules/home-manager/default.nix | 1 + modules/nixos-modules/home-manager/steam.nix | 18 ++++++++++++++++++ 7 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/steam.nix create mode 100644 modules/nixos-modules/home-manager/steam.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 8f06441..5af20ef 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -46,6 +46,7 @@ in { jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; + steam.enable = true; }) ]; } diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5817e2b..8398a38 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -71,7 +71,7 @@ programs = { adb.enable = true; steam = { - enable = true; + # enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 6cef2fb..cb3813e 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -188,7 +188,7 @@ cachefilesd ]; programs.steam = { - enable = true; + # enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index aa15701..ee52da2 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -15,5 +15,6 @@ ./calibre.nix ./bruno.nix ./dbeaver.nix + ./steam.nix ]; } diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix new file mode 100644 index 0000000..a754575 --- /dev/null +++ b/modules/home-manager-modules/programs/steam.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.steam = { + enable = lib.mkEnableOption "enable steam"; + }; + + config = lib.mkIf config.programs.steam.enable { + home.packages = with pkgs; [ + steam + steam.run + ]; + }; +} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index cab004b..10f86c7 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./steam.nix ]; } diff --git a/modules/nixos-modules/home-manager/steam.nix b/modules/nixos-modules/home-manager/steam.nix new file mode 100644 index 0000000..d151bca --- /dev/null +++ b/modules/nixos-modules/home-manager/steam.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: let + setupSteam = + lib.lists.any + (value: value) + (lib.attrsets.mapAttrsToList (name: value: value.programs.steam.enable) config.home-manager.users); +in { + config = lib.mkIf setupSteam { + programs.steam = { + enable = true; + # TODO: figure out how to not install steam here + # package = lib.mkDefault pkgs.emptyFile; + }; + }; +} From 2c011fda87b99f9a8d8811f18821940114644089 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 16:32:44 -0500 Subject: [PATCH 0703/1043] moved steam config out of nix configurations --- configurations/home-manager/eve/packages.nix | 1 + configurations/nixos/emergent/configuration.nix | 7 +------ configurations/nixos/horizon/configuration.nix | 5 ----- configurations/nixos/twilight/configuration.nix | 5 ----- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/steam.nix | 9 +++++++++ 6 files changed, 12 insertions(+), 16 deletions(-) create mode 100644 modules/nixos-modules/steam.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 1abf501..3c2a281 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -52,6 +52,7 @@ in { discord.enable = true; makemkv.enable = true; signal-desktop-bin.enable = true; + steam.enable = true; }) ]; }; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index aacc820..c75c162 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -98,12 +98,7 @@ # Packages that need to be installed with some extra configuration # See https://search.nixos.org/options for all options - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; + programs = {}; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8398a38..1c88cc3 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -70,11 +70,6 @@ programs = { adb.enable = true; - steam = { - # enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; }; networking = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index cb3813e..111c002 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -187,11 +187,6 @@ environment.systemPackages = with pkgs; [ cachefilesd ]; - programs.steam = { - # enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index networking = { diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 8cdeae9..2ba1a58 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -14,6 +14,7 @@ ./ollama.nix ./ai.nix ./tailscale.nix + ./steam.nix ./server ]; diff --git a/modules/nixos-modules/steam.nix b/modules/nixos-modules/steam.nix new file mode 100644 index 0000000..20c0978 --- /dev/null +++ b/modules/nixos-modules/steam.nix @@ -0,0 +1,9 @@ +{...}: { + programs = { + steam = { + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + }; +} From ef03167d23b28506cf3c086d8ca4b5688ded866f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 20:22:35 -0500 Subject: [PATCH 0704/1043] added TODO note --- modules/home-manager-modules/programs/steam.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index a754575..551cb5d 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -14,4 +14,6 @@ steam.run ]; }; + + # TODO: bind impermanence config } From 54722eff619a303b6ce59aa206bba12958622a52 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:12:51 -0500 Subject: [PATCH 0705/1043] set up impermanence configurations for applications --- modules/home-manager-modules/programs/anki.nix | 7 ++++++- modules/home-manager-modules/programs/bitwarden.nix | 7 ++++++- modules/home-manager-modules/programs/bruno.nix | 7 ++++++- modules/home-manager-modules/programs/calibre.nix | 7 ++++++- modules/home-manager-modules/programs/dbeaver.nix | 7 ++++++- modules/home-manager-modules/programs/discord.nix | 7 ++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index d513657..13e28c9 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for anki + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.local/share/Anki2" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index b68ee30..0265488 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for bitwarden + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/Bitwarden" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index b7e6ae3..3323e5b 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for bruno + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/bruno/" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index f22fbbf..c26cd5e 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for calibre + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/calibre" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index fed1d6d..26dcc52 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for dbeaver + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.local/share/DBeaverData/" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index a81bb03..a7cbb5f 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for discord + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/discord/" + ]; + allowOther = true; + }; } ) ]); From 17cb9bbaf560066d3605db3ddf0fe39c7a810c44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:15:26 -0500 Subject: [PATCH 0706/1043] set up more continue agents for horizon --- .../nixos/horizon/configuration.nix | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 1c88cc3..f72b264 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -46,6 +46,28 @@ roles = ["chat" "edit" "apply"]; apiBase = "http://twilight:11434"; }; + "Deepseek Coder:6.7B" = { + model = "deepseek-coder:6.7b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + "Deepseek Coder:33B" = { + model = "deepseek-coder:33b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + + "Deepseek r1:8B" = { + model = "deepseek-r1:8b"; + roles = ["chat"]; + apiBase = "http://twilight:11434"; + }; + + "Deepseek r1:32B" = { + model = "deepseek-r1:32b"; + roles = ["chat"]; + apiBase = "http://twilight:11434"; + }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; From 8d86de4a2d7f9d9586219ba2202283b086c0e5b7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:17:08 -0500 Subject: [PATCH 0707/1043] drafted out firefox impermanence --- .../home-manager-modules/programs/firefox.nix | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 654a480..5e78114 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -1,3 +1,33 @@ -{...}: { +{ + lib, + config, + osConfig, + ... +}: { # TODO: map firefox impermanence + config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { + # firefox profiles are defined by: programs.firefox.profile + # TODO: only set these if we arn't using custom firefox profiles. If we are using custom profiles then we should set this for each firefox profile + # home.persistence."/persist${config.home.homeDirectory}" = { + # directories = [ + # ".mozilla/firefox/default/extensions" + # ]; + # files = [ + # ".mozilla/firefox/default/cookies.sqlite" + # ".mozilla/firefox/default/favicons.sqlite" + # # Permissions and zoom levels for each site + # ".mozilla/firefox/default/permissions.sqlite" + # ".mozilla/firefox/default/content-prefs.sqlite" + # # Browser history and bookmarks + # ".mozilla/firefox/default/places.sqlite" + # # I guess this is useful? + # # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 + # # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria + # ".mozilla/firefox/default/storage.sqlite" + # # Extension configuration + # ".mozilla/firefox/default/extension-settings.json" + # ]; + # allowOther = true; + # }; + }; } From 89373ac24366250e791a2a156018ebcb57016550 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 12:16:21 -0500 Subject: [PATCH 0708/1043] set up firefox impermanence --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager-modules/programs/firefox.nix | 60 +++++++++++-------- 2 files changed, 36 insertions(+), 26 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 3c2a281..30fc361 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -41,7 +41,7 @@ in { ]; }; }) - (lib.mkIf userConfig.isDesktopUser { + (lib.mkIf config.user.isDesktopUser { vscode = { enable = true; package = pkgs.vscodium; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 5e78114..907b619 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -3,31 +3,41 @@ config, osConfig, ... -}: { - # TODO: map firefox impermanence +}: let + buildProfilePersistence = profile: { + directories = [ + ".mozilla/firefox/${profile}/extensions" + ]; + files = [ + ".mozilla/firefox/${profile}/cookies.sqlite" + ".mozilla/firefox/${profile}/favicons.sqlite" + # Permissions and ${profileName} levels for each site + ".mozilla/firefox/${profile}/permissions.sqlite" + ".mozilla/firefox/${profile}/content-prefs.sqlite" + # Browser history and bookmarks + ".mozilla/firefox/${profile}/places.sqlite" + # I guess this is useful? + # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 + # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria + ".mozilla/firefox/${profile}/storage.sqlite" + # Extension configuration + ".mozilla/firefox/${profile}/extension-settings.json" + ]; + allowOther = true; + }; +in { config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { - # firefox profiles are defined by: programs.firefox.profile - # TODO: only set these if we arn't using custom firefox profiles. If we are using custom profiles then we should set this for each firefox profile - # home.persistence."/persist${config.home.homeDirectory}" = { - # directories = [ - # ".mozilla/firefox/default/extensions" - # ]; - # files = [ - # ".mozilla/firefox/default/cookies.sqlite" - # ".mozilla/firefox/default/favicons.sqlite" - # # Permissions and zoom levels for each site - # ".mozilla/firefox/default/permissions.sqlite" - # ".mozilla/firefox/default/content-prefs.sqlite" - # # Browser history and bookmarks - # ".mozilla/firefox/default/places.sqlite" - # # I guess this is useful? - # # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 - # # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria - # ".mozilla/firefox/default/storage.sqlite" - # # Extension configuration - # ".mozilla/firefox/default/extension-settings.json" - # ]; - # allowOther = true; - # }; + home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( + ( + lib.attrsets.mapAttrsToList + (profile: _: buildProfilePersistence profile) + config.programs.firefox.profiles + ) + ++ ( + lib.lists.optional + ((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0) + (buildProfilePersistence "default") + ) + ); }; } From 4e94731d9c33c95e6776116e3e8a6ea6f1bf60e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 12:30:40 -0500 Subject: [PATCH 0709/1043] added impermanence for jetbrains idea-community --- modules/home-manager-modules/programs/idea.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index a7a6d7f..f4edf12 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -17,7 +17,16 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for idea-community + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + # configuration + "~/.config/JetBrains/" + # plugins + "~/.local/share/JetBrains/" + # System and Logs + "~/.cache/JetBrains/" + ]; + }; } ) ]); From 50aca7b17014f102f413bc796bd236363f1a09d2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 13:14:11 -0500 Subject: [PATCH 0710/1043] added applications key file --- .sops.yaml | 4 ++++ flake.lock | 44 ++++++++++++++++++++++---------------------- nix-config-secrets | 2 +- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index b8b0adf..a6e6f4f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,3 +13,7 @@ creation_rules: key_groups: - age: - *leyla + - path_regex: secrets/application-keys.yaml$ + key_groups: + - age: + - *leyla \ No newline at end of file diff --git a/flake.lock b/flake.lock index f77dacd..eeebec5 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748923398, - "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=", + "lastModified": 1749009805, + "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9eb346d6488b06f04809da4de2073666e25ede9d", + "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748923085, - "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=", + "lastModified": 1749049052, + "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d", + "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1748352827, - "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", + "lastModified": 1749012745, + "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", + "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748916419, - "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=", + "lastModified": 1749002682, + "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb", + "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1748634340, - "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", + "lastModified": 1749056381, + "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", + "rev": "029bd66faa180e11262dd1bc2732254c33415f52", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -292,11 +292,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1743538790, - "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", + "lastModified": 1749060788, + "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=", "ref": "refs/heads/main", - "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", - "revCount": 17, + "rev": "96e0ee4409830716a1658b37737f9e05d366408e", + "revCount": 18, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index 3d63dff..96e0ee4 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 +Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e From 7363fc97bc0c6248bc12891940175052777d5b62 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 13:19:44 -0500 Subject: [PATCH 0711/1043] updated application key file structure --- flake.lock | 8 ++++---- nix-config-secrets | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index eeebec5..636f746 100644 --- a/flake.lock +++ b/flake.lock @@ -292,11 +292,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749060788, - "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=", + "lastModified": 1749061163, + "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", "ref": "refs/heads/main", - "rev": "96e0ee4409830716a1658b37737f9e05d366408e", - "revCount": 18, + "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", + "revCount": 19, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index 96e0ee4..1c5c059 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e +Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba From 0f26b73f6a3e96aed1978432f80689b892083760 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 18:37:53 -0500 Subject: [PATCH 0712/1043] set up makemkv persistence --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager/leyla/packages/makemkv.nix | 17 +++++++++++++++ modules/home-manager-modules/default.nix | 1 + .../home-manager-modules/programs/makemkv.nix | 21 +++++++++++++++++-- modules/home-manager-modules/sops.nix | 7 +++++++ 5 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 configurations/home-manager/leyla/packages/makemkv.nix create mode 100644 modules/home-manager-modules/sops.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5af20ef..4acfaf1 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -13,6 +13,7 @@ in { ./direnv.nix ./openssh.nix ./git.nix + ./makemkv.nix ]; config = lib.mkMerge [ diff --git a/configurations/home-manager/leyla/packages/makemkv.nix b/configurations/home-manager/leyla/packages/makemkv.nix new file mode 100644 index 0000000..ee71955 --- /dev/null +++ b/configurations/home-manager/leyla/packages/makemkv.nix @@ -0,0 +1,17 @@ +{ + config, + inputs, + ... +}: { + config = { + sops.secrets = { + "application-keys/makemkv" = { + sopsFile = "${inputs.secrets}/application-keys.yaml"; + }; + }; + programs.makemkv = { + appKeyFile = config.sops.placeholder."application-keys/makemkv"; + destinationDir = "/home/leyla/downloads/makemkv"; + }; + }; +} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index faf6f58..73876f4 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,6 +1,7 @@ # this folder container modules that are for home manager only {...}: { imports = [ + ./sops.nix ./user.nix ./flipperzero.nix ./i18n.nix diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index c1040bb..eca059d 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -7,6 +7,12 @@ }: { options.programs.makemkv = { enable = lib.mkEnableOption "enable makemkv"; + appKeyFile = lib.mkOption { + type = lib.types.str; + }; + destinationDir = lib.mkOption { + type = lib.types.str; + }; }; config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ @@ -14,11 +20,22 @@ home.packages = with pkgs; [ makemkv ]; - # TODO: write config file for makemkv + + sops.templates."MakeMKV.settings.conf".content = '' + app_DestinationDir = "${config.programs.makemkv.destinationDir}" + app_DestinationType = "2" + app_Key = "${config.programs.makemkv.appKeyFile}" + ''; + + home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for makemkv + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".MakeMKV" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/sops.nix b/modules/home-manager-modules/sops.nix new file mode 100644 index 0000000..910fbb6 --- /dev/null +++ b/modules/home-manager-modules/sops.nix @@ -0,0 +1,7 @@ +{...}: { + config = { + sops = { + age.keyFile = "/var/lib/sops-nix/key.txt"; + }; + }; +} From 033cc6bc2202749421defbda249c0568f4816899 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 18:43:22 -0500 Subject: [PATCH 0713/1043] removed outdated note --- configurations/home-manager/leyla/packages/firefox.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index f9787b9..1613cb3 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -339,6 +339,5 @@ }; }; }; - # TODO: impermanence module, prob in home-manager-modules? }; } From ca01e667a197e5175c903689d67aa79201539608 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 20:50:15 -0500 Subject: [PATCH 0714/1043] added more application persistence configurations --- modules/home-manager-modules/programs/obsidian.nix | 6 +++++- modules/home-manager-modules/programs/prostudiomasters.nix | 6 +++++- modules/home-manager-modules/programs/protonvpn.nix | 7 ++++++- modules/home-manager-modules/programs/qbittorrent.nix | 6 +++++- modules/home-manager-modules/programs/signal.nix | 6 +++++- 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 9dd9299..d2d9c77 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -7,7 +7,11 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for obsidian + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/obsidian" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 4481f5b..372cfc6 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for prostudiomasters + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/ProStudioMasters" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 1ddedc7..9a0ee65 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for protonvpn + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/protonvpn" + ".config/Proton" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 1e98c3e..5d22c89 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for qbittorrent + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/qBittorrent" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 4eb0f37..d75b8a6 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for signal + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/Signal" + ]; + }; } ) ]); From 28ac8a4fa46b5a50f3cfb115fd0af84ff8a636ba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 20:54:47 -0500 Subject: [PATCH 0715/1043] fixed home directory starts --- modules/home-manager-modules/programs/anki.nix | 2 +- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 13e28c9..0e3ebdf 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.local/share/Anki2" + ".local/share/Anki2" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 0265488..117e302 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/Bitwarden" + ".config/Bitwarden" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 3323e5b..20b0ce6 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/bruno/" + ".config/bruno/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index c26cd5e..3d6e9db 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/calibre" + ".config/calibre" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index f4edf12..8f2768e 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -20,11 +20,11 @@ home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration - "~/.config/JetBrains/" + ".config/JetBrains/" # plugins - "~/.local/share/JetBrains/" + ".local/share/JetBrains/" # System and Logs - "~/.cache/JetBrains/" + ".cache/JetBrains/" ]; }; } From 8c4bd4291ddd893ad2cd07a84d551ffd3d67c0f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 21:00:04 -0500 Subject: [PATCH 0716/1043] updated paths to be based on xdg configurations --- configurations/home-manager/leyla/default.nix | 8 ++++++-- configurations/home-manager/leyla/impermanence.nix | 5 +++-- modules/home-manager-modules/programs/anki.nix | 2 +- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 6 +++--- modules/home-manager-modules/programs/obsidian.nix | 2 +- .../home-manager-modules/programs/prostudiomasters.nix | 2 +- modules/home-manager-modules/programs/protonvpn.nix | 4 ++-- modules/home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- 14 files changed, 24 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index d7cecc4..49abfe1 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,4 +1,8 @@ -{osConfig, ...}: { +{ + config, + osConfig, + ... +}: { imports = [ ./packages ./i18n.nix @@ -35,7 +39,7 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; - ".config/user-dirs.dirs" = { + "${config.xdg.configHome}/user-dirs.dirs" = { force = true; text = '' # This file is written by xdg-user-dirs-update diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 29936b5..ceab775 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, ... }: { @@ -10,13 +11,13 @@ "downloads" "documents" { - directory = ".local/share/Steam"; + directory = "${config.xdg.dataHome}/Steam"; method = "symlink"; } ]; files = [ ".bash_history" # keep shell history around - ".local/share/recently-used.xbel" # gnome recently viewed files + "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 0e3ebdf..083d205 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".local/share/Anki2" + "${config.xdg.dataHome}/Anki2/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 117e302..b9b91c4 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/Bitwarden" + "${config.xdg.configHome}/Bitwarden" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 20b0ce6..00b248f 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/bruno/" + "${config.xdg.configHome}/bruno/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 3d6e9db..9e5f34e 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/calibre" + "${config.xdg.configHome}/calibre" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 26dcc52..a962459 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.local/share/DBeaverData/" + "${config.xdg.dataHome}/DBeaverData/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index a7cbb5f..e8605a5 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/discord/" + "${config.xdg.configHome}/discord/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 8f2768e..f0a928c 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -20,11 +20,11 @@ home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration - ".config/JetBrains/" + "${config.xdg.configHome}/JetBrains/" # plugins - ".local/share/JetBrains/" + "${config.xdg.dataHome}/JetBrains/" # System and Logs - ".cache/JetBrains/" + "${config.xdg.cacheHome}/JetBrains/" ]; }; } diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index d2d9c77..4d28b3e 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -9,7 +9,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/obsidian" + "${config.xdg.configHome}/obsidian" ]; }; } diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 372cfc6..9e6088f 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/ProStudioMasters" + "${config.xdg.configHome}/ProStudioMasters" ]; }; } diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 9a0ee65..dd11aae 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -19,8 +19,8 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/protonvpn" - ".config/Proton" + "${config.xdg.configHome}/protonvpn" + "${config.xdg.configHome}/Proton" ]; }; } diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 5d22c89..02e23df 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/qBittorrent" + "${config.xdg.configHome}/qBittorrent" ]; }; } diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index d75b8a6..fdf0af9 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/Signal" + "${config.xdg.configHome}/Signal" ]; }; } From fc294686bac331f7311fbb7987e58c5550eccad6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 22:57:14 -0500 Subject: [PATCH 0717/1043] added steam impermanence config --- .../home-manager/leyla/impermanence.nix | 4 --- .../home-manager-modules/programs/steam.nix | 30 +++++++++++++++---- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ceab775..041bff8 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -10,10 +10,6 @@ "desktop" "downloads" "documents" - { - directory = "${config.xdg.dataHome}/Steam"; - method = "symlink"; - } ]; files = [ ".bash_history" # keep shell history around diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 551cb5d..4661151 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -2,18 +2,36 @@ lib, pkgs, config, + osConfig, ... }: { options.programs.steam = { enable = lib.mkEnableOption "enable steam"; }; - config = lib.mkIf config.programs.steam.enable { - home.packages = with pkgs; [ - steam - steam.run - ]; - }; + config = lib.mkIf config.programs.steam.enable ( + lib.mkMerge [ + { + home.packages = with pkgs; [ + steam + steam.run + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + { + directory = "${config.xdg.dataHome}/Steam"; + method = "symlink"; + } + ]; + allowOther = true; + }; + } + ) + ] + ); # TODO: bind impermanence config } From 6c7b40e10e0c2181018b05e089b7d18fb6216a1d Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 5 Jun 2025 04:40:13 +0000 Subject: [PATCH 0718/1043] fixed eve not importing packages.nix --- configurations/home-manager/eve/default.nix | 6 +++--- configurations/home-manager/eve/packages.nix | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0ab0c59..52a70a6 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,9 +1,9 @@ {osConfig, ...}: let userConfig = osConfig.host.users.eve; in { - nixpkgs.config = { - allowUnfree = true; - }; + imports = [ + ./packages.nix + ]; home = { username = userConfig.name; diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 30fc361..6edfa37 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -8,6 +8,10 @@ userConfig = osConfig.host.users.eve; in { config = { + nixpkgs.config = { + allowUnfree = true; + }; + # Packages that can be installed without any extra configuration # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( From 98a1d1da6098a5517b2361fb9e4899f59f1c0534 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 5 Jun 2025 04:53:30 +0000 Subject: [PATCH 0719/1043] added piper for user eve --- configurations/home-manager/eve/packages.nix | 2 ++ configurations/nixos/emergent/configuration.nix | 3 +++ 2 files changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6edfa37..c6e38f9 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -6,6 +6,7 @@ ... }: let userConfig = osConfig.host.users.eve; + hardware = osConfig.host.hardware; in { config = { nixpkgs.config = { @@ -17,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium + (lib.mkIf hardware.piperMouse.enable piper) ] ); diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c75c162..c42c97e 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -49,6 +49,9 @@ isPrincipleUser = true; }; }; + hardware = { + piperMouse.enable = true; + }; storage = { enable = true; From b3918c8105074b741c995cab63e0cf84c487405d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 5 Jun 2025 14:04:52 -0500 Subject: [PATCH 0720/1043] added dconf-editor to devShell --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index 7896d60..71acc37 100644 --- a/flake.nix +++ b/flake.nix @@ -150,6 +150,8 @@ nixos-anywhere # for updating disko configurations disko + # for viewing dconf entries + dconf-editor ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; From 616baf3baf19dccbf2d484ff17e3f0fdbc325f3a Mon Sep 17 00:00:00 2001 From: Eve Date: Fri, 6 Jun 2025 03:46:45 +0000 Subject: [PATCH 0721/1043] disabled wayland in theory --- configurations/nixos/emergent/nvidia-drivers.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index fd569b3..fb66cf6 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -10,7 +10,14 @@ }; # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; + # Use X instead of wayland + displayManager.gdm.wayland = false; + }; hardware.nvidia = { # Modesetting is required. From 95e500593e898aa8e581243dec4ca79449f916ff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Jun 2025 11:48:18 -0500 Subject: [PATCH 0722/1043] enabled wacom on emergent --- configurations/home-manager/eve/packages.nix | 1 + configurations/nixos/emergent/configuration.nix | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index c6e38f9..0e82959 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium + krita (lib.mkIf hardware.piperMouse.enable piper) ] ); diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c42c97e..90aecab 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -36,6 +36,11 @@ # Enable the X11 windowing system. services.xserver.enable = true; + # Enable wacom touchscreen device + services.xserver.wacom.enable = true; + + # installed opentabletdriver + hardware.opentabletdriver.enable = true; # Enable the GNOME Desktop Environment. services.displayManager.gdm.enable = true; From 1e0eda06b60e57de81ed566630ee3b7a881fa79b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 19:52:25 -0500 Subject: [PATCH 0723/1043] switched ollama persistence directory --- modules/nixos-modules/ollama.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 8f194cf..2de3ea1 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -38,7 +38,7 @@ group = config.services.ollama.group; } { - directory = "/var/lib/private/ollama"; + directory = "/var/lib/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; From 0476afb47195c0aa83a43ad3df8358d438e37e98 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 20:07:39 -0500 Subject: [PATCH 0724/1043] switched ollama persistence directory --- modules/nixos-modules/ollama.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 2de3ea1..9507190 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -36,9 +36,11 @@ directory = config.services.ollama.models; user = config.services.ollama.user; group = config.services.ollama.group; + mode = "0700"; + defaultPerms.mode = "0700"; } { - directory = "/var/lib/ollama"; + directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; From 52a1d97fd484e19a7971289505dd2b44d78b7ee6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 23:36:29 -0500 Subject: [PATCH 0725/1043] drafted out entangled worlds mod --- flake.lock | 23 +++++++++- flake.nix | 5 ++ modules/common-modules/overlays/default.nix | 5 +- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/noita-entangled-worlds.nix | 46 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/flake.lock b/flake.lock index 636f746..f5f5ca0 100644 --- a/flake.lock +++ b/flake.lock @@ -286,7 +286,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "steam-fetcher": "steam-fetcher" } }, "secrets": { @@ -325,6 +326,26 @@ "type": "github" } }, + "steam-fetcher": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714795926, + "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", + "owner": "nix-community", + "repo": "steam-fetcher", + "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "steam-fetcher", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71acc37..651a210 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,11 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; + + steam-fetcher = { + url = "github:nix-community/steam-fetcher"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 08085f5..1fab060 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,3 +1,6 @@ # this folder is for derivation overlays -{...}: { +{inputs, ...}: { + nixpkgs.overlays = [ + inputs.steam-fetcher.overlays.default + ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee24..71431d9 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -13,5 +13,8 @@ ./prostudiomasters.nix {}; }) + (final: prev: { + noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix new file mode 100644 index 0000000..322ce41 --- /dev/null +++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix @@ -0,0 +1,46 @@ +# not working yet +{ + pkgs, + rustPlatform, + fetchFromGitHub, + ... +}: let + version = "1.5.3"; + repo = fetchFromGitHub { + owner = "IntQuant"; + repo = "noita_entangled_worlds"; + rev = "v${version}"; + hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; + }; +in + rustPlatform.buildRustPackage { + name = "noita-proxy-${version}"; + src = repo + "/noita-proxy"; + prePatch = '' + substituteInPlace Cargo.toml \ + --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" + ''; + nativeBuildInputs = with pkgs; [ + pkg-config + python3 + cmake + ]; + buildInputs = with pkgs; [ + openssl + openssl.dev + libpulseaudio + libjack2 + alsa-lib + xorg.libxcb + xorg.libxcb.dev + libopus + ]; + propagatedBuildInputs = with pkgs; [ + steamworks-sdk-redist + ]; + runtimeDependencies = with pkgs; [ + steamworks-sdk-redist + ]; + doCheck = false; + cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; + } From dbad92ac7522e8cecbc02f5b928f550364af118c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 23:39:07 -0500 Subject: [PATCH 0726/1043] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f5f5ca0..074fef7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1749701004, + "narHash": "sha256-KeZvDN/OgLsxf6y8jnyNuj3XvnPuBI3i58a4lcElddc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "f70d23962d858c8996558ff30e3f0af205fe0f3a", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1749657191, + "narHash": "sha256-QLilaHuhGxiwhgceDWESj9gFcKIdEp7+9lRqNGpN8S4=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "faeab32528a9360e9577ff4082de2d35c6bbe1ce", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1749194393, + "narHash": "sha256-vt6hM9DNywnXXuW1qPDLzECmbDcmxhh58wpb0EEQjAo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "19346808c445f23b08652971be198b9df6c33edc", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1749693852, + "narHash": "sha256-ERtalZOvXvhb/ZWrjOGgUVkULUZ197n//cnJz436G6M=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "8219bf5f17f590d277ec7054b657b1370c7b7fc0", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { From a482a3bfce98eb3eac7c6ca7d00c64f79d16a71a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Jun 2025 10:08:42 -0500 Subject: [PATCH 0727/1043] updated flake.lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 48 +++++++++---------- rebuild.sh | 2 +- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b7..4f900c6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -212,7 +212,7 @@ }; ollama = { - enable = true; + enable = false; exposePort = true; loadModels = [ diff --git a/flake.lock b/flake.lock index 636f746..0e2a189 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1750040002, + "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1750305825, + "narHash": "sha256-FHe0sLdEbxUhCZcs/3mJVayBhCAtubm6RvcxkAk19S0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "1776156a42e27bf5d57f097b14c96246fc81b487", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1750304462, + "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1750325256, + "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1750298804, + "narHash": "sha256-GEp1QwoQ7qQPYuOm5cGb3f5FZSlVwbw86KUrHlLbI2E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "7b962ab252cecf0b88ae621e1986899e20a4ead3", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1750083401, + "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { @@ -312,11 +312,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 45dae64..32fd303 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" +command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 4aa9778a72791b67d215d69f7d67208014230655 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Jun 2025 10:13:21 -0500 Subject: [PATCH 0728/1043] merged with main --- flake.lock | 23 +++++++++- flake.nix | 5 ++ modules/common-modules/overlays/default.nix | 5 +- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/noita-entangled-worlds.nix | 46 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/flake.lock b/flake.lock index 0e2a189..8b181d0 100644 --- a/flake.lock +++ b/flake.lock @@ -286,7 +286,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "steam-fetcher": "steam-fetcher" } }, "secrets": { @@ -325,6 +326,26 @@ "type": "github" } }, + "steam-fetcher": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714795926, + "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", + "owner": "nix-community", + "repo": "steam-fetcher", + "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "steam-fetcher", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71acc37..651a210 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,11 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; + + steam-fetcher = { + url = "github:nix-community/steam-fetcher"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 08085f5..1fab060 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,3 +1,6 @@ # this folder is for derivation overlays -{...}: { +{inputs, ...}: { + nixpkgs.overlays = [ + inputs.steam-fetcher.overlays.default + ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee24..71431d9 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -13,5 +13,8 @@ ./prostudiomasters.nix {}; }) + (final: prev: { + noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix new file mode 100644 index 0000000..322ce41 --- /dev/null +++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix @@ -0,0 +1,46 @@ +# not working yet +{ + pkgs, + rustPlatform, + fetchFromGitHub, + ... +}: let + version = "1.5.3"; + repo = fetchFromGitHub { + owner = "IntQuant"; + repo = "noita_entangled_worlds"; + rev = "v${version}"; + hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; + }; +in + rustPlatform.buildRustPackage { + name = "noita-proxy-${version}"; + src = repo + "/noita-proxy"; + prePatch = '' + substituteInPlace Cargo.toml \ + --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" + ''; + nativeBuildInputs = with pkgs; [ + pkg-config + python3 + cmake + ]; + buildInputs = with pkgs; [ + openssl + openssl.dev + libpulseaudio + libjack2 + alsa-lib + xorg.libxcb + xorg.libxcb.dev + libopus + ]; + propagatedBuildInputs = with pkgs; [ + steamworks-sdk-redist + ]; + runtimeDependencies = with pkgs; [ + steamworks-sdk-redist + ]; + doCheck = false; + cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; + } From 317ca751190fa033e08d5bb11c5981fd84bd21ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 05:59:34 -0500 Subject: [PATCH 0729/1043] fixed environment.gnome.excludePackages --- modules/nixos-modules/desktop.nix | 39 +++++++++++++++---------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 323b7cc..371e262 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -11,6 +11,25 @@ host.desktop.enable = lib.mkDefault true; } (lib.mkIf config.host.desktop.enable { + environment.gnome.excludePackages = with pkgs; [ + xterm # default terminal + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + geary # email reader + gedit # text editor + gnome-characters + gnome-music + gnome-photos + gnome-tour + gnome-logs + gnome-maps + hitori # sudoku game + iagno # go game + tali # poker game + yelp # help viewer + gnome-tour # welcome tour + ]; services = { # Enable CUPS to print documents. printing.enable = true; @@ -21,24 +40,6 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = with pkgs; [ - xterm - atomix # puzzle game - cheese # webcam tool - epiphany # web browser - geary # email reader - gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps - hitori # sudoku game - iagno # go game - tali # poker game - yelp # help viewer - ]; }; # Enable the GNOME Desktop Environment. @@ -68,8 +69,6 @@ # enable RealtimeKit for pulse audio security.rtkit.enable = true; - # disable welcome tour - environment.gnome.excludePackages = [pkgs.gnome-tour]; }) ]; } From 173b1e3050e8ae82703843efef918ad2584acec5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 06:01:53 -0500 Subject: [PATCH 0730/1043] added comments to excluded packages --- modules/nixos-modules/desktop.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 371e262..d128f9b 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -18,17 +18,16 @@ epiphany # web browser geary # email reader gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps + gnome-characters # character set viewer + gnome-music # music player + gnome-photos # photo viewer + gnome-logs # log viwer + gnome-maps # map viewer + gnome-tour # welcome tour hitori # sudoku game iagno # go game tali # poker game yelp # help viewer - gnome-tour # welcome tour ]; services = { # Enable CUPS to print documents. From 9daa44c873eb833f655fd0cb1367659958ef9c5e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 06:09:58 -0500 Subject: [PATCH 0731/1043] added baobab to excluded packages --- modules/nixos-modules/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index d128f9b..900aacf 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -18,6 +18,7 @@ epiphany # web browser geary # email reader gedit # text editor + decibels # audio player gnome-characters # character set viewer gnome-music # music player gnome-photos # photo viewer From 025eaa935a3fe46ad594bed1c24d00c2c22fce23 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 18:48:59 -0500 Subject: [PATCH 0732/1043] enabled ollama on defiant --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/ollama.nix | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 4f900c6..0b9d1b7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -212,7 +212,7 @@ }; ollama = { - enable = false; + enable = true; exposePort = true; loadModels = [ diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 9507190..a29a9aa 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,23 +28,19 @@ }; })) (lib.mkIf config.host.impermanence.enable { + # TODO: move this somewhere common + systemd.tmpfiles.rules = [ + "d /var/lib/private 0700 root root" + ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - defaultPerms.mode = "0700"; - } { directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; - defaultPerms.mode = "0700"; } ]; }; From b7cfcfef7db3553009d355ea74eccf18f3b7a784 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 20:10:25 -0500 Subject: [PATCH 0733/1043] limit zfs arc to 50gb --- configurations/nixos/defiant/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b7..7d9c6d8 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -192,6 +192,9 @@ }; }; + # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory + boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; + services = { # TODO: move zfs scrubbing into module zfs = { @@ -215,6 +218,8 @@ enable = true; exposePort = true; + acceleration = false; + loadModels = [ # conversation models "llama3.1:8b" From b5d292f20e92fa5fd0793b5771066c553049cd9b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 21:03:23 -0500 Subject: [PATCH 0734/1043] made horizon use models from defiant --- configurations/nixos/horizon/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f72b264..42dcbb9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -42,43 +42,43 @@ enable = true; models = { "Llama 3.1 8B" = { - model = "lamma3.1:8b"; + model = "llama3.1:8b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek Coder:6.7B" = { model = "deepseek-coder:6.7b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek Coder:33B" = { model = "deepseek-coder:33b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek r1:8B" = { model = "deepseek-r1:8b"; roles = ["chat"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek r1:32B" = { model = "deepseek-r1:32b"; roles = ["chat"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; roles = ["autocomplete"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "nomic-embed-text:latest" = { model = "nomic-embed-text:latest"; roles = ["embed"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; }; }; From 5c4e677fe880ab2325e223a783498bc5c1b5a5ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 15:40:03 -0500 Subject: [PATCH 0735/1043] added gdx-liftoff package --- .../home-manager/leyla/packages/default.nix | 2 + modules/common-modules/pkgs/default.nix | 3 ++ modules/common-modules/pkgs/gdx-liftoff.nix | 45 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/common-modules/pkgs/gdx-liftoff.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 4acfaf1..bbd8152 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -95,6 +95,8 @@ in { pdfarranger picard + gdx-liftoff + # proprietary platforms (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 71431d9..e955354 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -16,5 +16,8 @@ (final: prev: { noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; }) + (final: prev: { + gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix new file mode 100644 index 0000000..c292544 --- /dev/null +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -0,0 +1,45 @@ +{ + udev, + stdenv, + fetchurl, + makeWrapper, + jre_headless, + lib, + xorg, + libGL, + ... +}: +stdenv.mkDerivation rec { + pname = "gdx-liftoff"; + version = "1.13.5.1"; + + src = fetchurl { + url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar"; + hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA="; + }; + + dontUnpack = true; + + nativeBuildInputs = [makeWrapper]; + + runtimeDependencies = lib.makeLibraryPath [ + # glfw + libGL + xorg.libX11 + xorg.libXcursor + xorg.libXext + xorg.libXrandr + xorg.libXxf86vm + ]; + + installPhase = '' + runHook preInstall + + install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar + + makeWrapper ${lib.getExe jre_headless} $out/bin/gdx-liftoff-${version} \ + --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ + ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} + runHook postInstall + ''; +} From b4755365bad4276bbf5236ab843496037e7dbc08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 15:42:07 -0500 Subject: [PATCH 0736/1043] removed unused param --- modules/common-modules/pkgs/gdx-liftoff.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index c292544..3df7be8 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -1,5 +1,4 @@ { - udev, stdenv, fetchurl, makeWrapper, From fb757e9d1c83f254bd072a71ecd35f18b0acc882 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 17:01:25 -0500 Subject: [PATCH 0737/1043] switched to JDK for gdx --- modules/common-modules/pkgs/gdx-liftoff.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index 3df7be8..d2e9424 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -2,7 +2,7 @@ stdenv, fetchurl, makeWrapper, - jre_headless, + jdk, lib, xorg, libGL, @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar - makeWrapper ${lib.getExe jre_headless} $out/bin/gdx-liftoff-${version} \ + makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \ --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} runHook postInstall From 5ac103230a79d63616781280e4ca9524f44cb9c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Jun 2025 10:53:51 -0500 Subject: [PATCH 0738/1043] updated flake lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 8b181d0..2d00dff 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1750680230, + "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750305825, - "narHash": "sha256-FHe0sLdEbxUhCZcs/3mJVayBhCAtubm6RvcxkAk19S0=", + "lastModified": 1750737804, + "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1776156a42e27bf5d57f097b14c96246fc81b487", + "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750304462, - "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", + "lastModified": 1750730235, + "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", "owner": "nix-community", "repo": "home-manager", - "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", + "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750325256, - "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", + "lastModified": 1750618568, + "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", + "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750298804, - "narHash": "sha256-GEp1QwoQ7qQPYuOm5cGb3f5FZSlVwbw86KUrHlLbI2E=", + "lastModified": 1750730765, + "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7b962ab252cecf0b88ae621e1986899e20a4ead3", + "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { From 117b30f8557a62b3eea15a8ea51990ff3ca87bcc Mon Sep 17 00:00:00 2001 From: Eve Date: Tue, 24 Jun 2025 21:43:43 -0500 Subject: [PATCH 0739/1043] created module to add dconf changes. tried to add dash-to-panel in this module, unsure if it worked --- configurations/home-manager/eve/default.nix | 1 + configurations/home-manager/eve/gnomeconf.nix | 12 ++++++++++++ configurations/home-manager/eve/packages.nix | 1 + 3 files changed, 14 insertions(+) create mode 100644 configurations/home-manager/eve/gnomeconf.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 52a70a6..192c980 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -3,6 +3,7 @@ in { imports = [ ./packages.nix + ./gnomeconf.nix ]; home = { diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix new file mode 100644 index 0000000..fbad391 --- /dev/null +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + config = { + dconf = { + enable = true; + settings = { + "org/gnome/shell".enabled-extensions = [ + pkgs.gnomeExtensions.dash-to-panel.extensionUuid + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 0e82959..295597a 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ ungoogled-chromium krita + gnomeExtensions.dash-to-panel (lib.mkIf hardware.piperMouse.enable piper) ] ); From 4825c5ec5ed5287f208dab10e109037a30d66b81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 13:32:07 -0500 Subject: [PATCH 0740/1043] made common configuration place for gnome extensions --- configurations/home-manager/leyla/dconf.nix | 20 +++++---------- .../home-manager/leyla/packages/default.nix | 2 -- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/gnome.nix | 25 +++++++++++++++++++ 4 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/gnome.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 5818641..08fd36f 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,5 +1,11 @@ {pkgs, ...}: { config = { + gnome = { + extensions = [ + pkgs.gnomeExtensions.dash-to-dock + ]; + }; + dconf = { enable = true; settings = { @@ -7,20 +13,6 @@ "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index bbd8152..63f9661 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -69,8 +69,6 @@ in { (with pkgs; [ aileron - gnomeExtensions.dash-to-dock - proxmark3 ]) ++ ( diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 73876f4..f83f143 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -7,6 +7,7 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./gnome.nix ./programs ]; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix new file mode 100644 index 0000000..a8503e8 --- /dev/null +++ b/modules/home-manager-modules/gnome.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: { + options.gnome = { + extensions = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = "The set of extensions to install and enable in the user environment."; + }; + }; + + config = { + home.packages = config.gnome.extensions; + dconf = { + settings = { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + }; + }; + }; +} From 7c61f8617b19cd6f730b2200819815ca214ec34d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 14:30:12 -0500 Subject: [PATCH 0741/1043] created hotkey generator --- configurations/home-manager/leyla/dconf.nix | 12 +++---- modules/home-manager-modules/gnome.nix | 40 +++++++++++++++++---- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 08fd36f..847977d 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,12 @@ extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; + hotkeys = { + "Open Terminal" = { + binding = "t"; + command = "kgx"; + }; + }; }; dconf = { @@ -27,12 +33,6 @@ ]; }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index a8503e8..531ad86 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -9,17 +9,45 @@ default = []; description = "The set of extensions to install and enable in the user environment."; }; + hotkeys = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + binding = lib.mkOption { + type = lib.types.str; + }; + command = lib.mkOption { + type = lib.types.str; + }; + }; + })); + default = {}; + }; }; config = { home.packages = config.gnome.extensions; dconf = { - settings = { - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; - }; - }; + settings = lib.mkMerge [ + { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + } + ( + builtins.listToAttrs ( + lib.lists.imap0 ( + i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + ) + (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + ) + ) + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + ]; }; }; } From f8aa299e16fc02bea2f7a4b1f0584ce2b67540ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:27:18 -0500 Subject: [PATCH 0742/1043] fixed hotkey config --- configurations/home-manager/leyla/dconf.nix | 6 ----- modules/home-manager-modules/gnome.nix | 30 ++++++++++++++++++--- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 847977d..0e4a6a7 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -27,12 +27,6 @@ "show-mounts" = false; }; - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 531ad86..ace1da7 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -12,6 +12,10 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + name = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9_-]+"; + default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + }; binding = lib.mkOption { type = lib.types.str; }; @@ -35,13 +39,31 @@ }; } ( - builtins.listToAttrs ( - lib.lists.imap0 ( - i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + lib.mkMerge ( + builtins.map (value: let + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + in { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "${entry}/" + ]; + }; + + ${entry} = value; + }) + ( + lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) - (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) ) ) + # ( + # builtins.listToAttrs ( + # lib.lists.imap0 ( + # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + # ) + # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + # ) + # ) # "org/gnome/settings-daemon/plugins/media-keys" = { # custom-keybindings = [ # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" From b3f992f0010578fd53477416ce619ec788c382b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:42:37 -0500 Subject: [PATCH 0743/1043] added more options to gnome.nix --- configurations/home-manager/leyla/dconf.nix | 7 ++-- modules/home-manager-modules/gnome.nix | 36 +++++++++++++++++++++ rebuild.sh | 2 +- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 0e4a6a7..ef75db6 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,6 +1,9 @@ {pkgs, ...}: { config = { gnome = { + extraWindowControls = true; + colorScheme = "prefer-dark"; + clockFormat = "24h"; extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; @@ -15,10 +18,6 @@ dconf = { enable = true; settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ace1da7..6a01b2b 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -4,6 +4,36 @@ ... }: { options.gnome = { + extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; + clockFormat = lib.mkOption { + type = lib.types.enum [ + "12h" + "24h" + ]; + default = "24h"; + }; + colorScheme = lib.mkOption { + type = lib.types.enum [ + "default" + "prefer-dark" + "prefer-light" + ]; + default = "default"; + }; + accentColor = lib.mkOption { + type = lib.types.enum [ + "blue" + "teal" + "green" + "yellow" + "orange" + "red" + "pink" + "purple" + "slate" + ]; + default = "blue"; + }; extensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; @@ -37,6 +67,12 @@ disable-user-extensions = false; # enables user extensions enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; }; + + "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; + + "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; + "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; + "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; } ( lib.mkMerge ( diff --git a/rebuild.sh b/rebuild.sh index 32fd303..37b6e10 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" +command="nixos-rebuild $mode --sudo --flake .#$flake" if [[ $host ]]; then From 4c0c443048dd178eebe0331c3c07d5a1344a5024 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 18:35:51 -0500 Subject: [PATCH 0744/1043] fixed hotkeys --- modules/home-manager-modules/gnome.nix | 37 +++++++++++--------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 6a01b2b..8c70cf6 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -42,9 +42,13 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + key = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9-]+"; + default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name; + }; name = lib.mkOption { - type = lib.types.strMatching "[a-zA-Z0-9_-]+"; - default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + type = lib.types.str; + default = name; }; binding = lib.mkOption { type = lib.types.str; @@ -77,34 +81,25 @@ ( lib.mkMerge ( builtins.map (value: let - entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}"; in { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "${entry}/" - ]; + ${entry} = { + binding = value.binding; + command = value.command; + name = value.name; }; - ${entry} = value; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/${entry}/" + ]; + }; }) ( lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) ) ) - # ( - # builtins.listToAttrs ( - # lib.lists.imap0 ( - # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value - # ) - # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) - # ) - # ) - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; ]; }; }; From b6ce78b35ceaf833278e2c44e4ada85e356e33d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 28 Jun 2025 10:33:59 -0500 Subject: [PATCH 0745/1043] updated nix flake --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2d00dff..0bea92a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750680230, - "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", + "lastModified": 1750903843, + "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", "owner": "nix-community", "repo": "disko", - "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", + "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750737804, - "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", + "lastModified": 1751083400, + "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", + "rev": "e805fa9d7c2968712896f71684540dac21449744", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750730235, - "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", + "lastModified": 1750973805, + "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", + "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750730765, - "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", + "lastModified": 1751076164, + "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", + "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { From 4db136d5271d93d680995a5e44406fcc3b47223e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Jun 2025 22:37:38 -0500 Subject: [PATCH 0746/1043] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- rebuild.sh | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 0bea92a..7bb221c 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751083400, - "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", + "lastModified": 1751256218, + "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e805fa9d7c2968712896f71684540dac21449744", + "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750973805, - "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", + "lastModified": 1751336185, + "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", "owner": "nix-community", "repo": "home-manager", - "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", + "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750618568, - "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751076164, - "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", + "lastModified": 1751336244, + "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", + "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 37b6e10..36a1201 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --sudo --flake .#$flake" +command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 43ce00703399eea337bceae14fcb2b9586868cb2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:01:28 -0500 Subject: [PATCH 0747/1043] moved impermanence config for var lib private into impermanence module --- modules/nixos-modules/impermanence.nix | 12 ++++++++++++ modules/nixos-modules/ollama.nix | 4 ---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 2f38cd3..7735e97 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,18 @@ } ]; + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + programs.fuse.userAllowOther = true; boot.initrd.postResumeCommands = lib.mkAfter '' diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index a29a9aa..99819bf 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,10 +28,6 @@ }; })) (lib.mkIf config.host.impermanence.enable { - # TODO: move this somewhere common - systemd.tmpfiles.rules = [ - "d /var/lib/private 0700 root root" - ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 84dfcfddbd8ec7f8e81643675f0b6c56dfff40f6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:18:00 -0500 Subject: [PATCH 0748/1043] updated flake lock --- flake.lock | 36 +++++++++---------- .../home-manager-modules/programs/anki.nix | 28 ++++----------- 2 files changed, 25 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 7bb221c..ee4ebda 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750903843, - "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", + "lastModified": 1751607816, + "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", "owner": "nix-community", "repo": "disko", - "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", + "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751256218, - "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", + "lastModified": 1751688200, + "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", + "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751336185, - "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", + "lastModified": 1751690735, + "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", "owner": "nix-community", "repo": "home-manager", - "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", + "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751336244, - "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", + "lastModified": 1751681058, + "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", + "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750837715, - "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 083d205..c2f93ea 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,29 +1,15 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.anki = { - enable = lib.mkEnableOption "enable anki"; - }; - - config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - anki + config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/Anki2/" ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/Anki2/" - ]; - allowOther = true; - }; - } - ) - ]); + allowOther = true; + }; + }; } From 56ef83b4ba8acdfd6f456089b1dc4007123eece7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 17:01:37 -0500 Subject: [PATCH 0749/1043] updated flake lock and fixed vscode extensions --- .../leyla/packages/vscode/default.nix | 25 +++++-------- flake.lock | 36 +++++++++---------- modules/common-modules/overlays/default.nix | 1 + 3 files changed, 27 insertions(+), 35 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c21e01d..74673a0 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -1,7 +1,6 @@ { lib, pkgs, - inputs, config, osConfig, ... @@ -10,22 +9,12 @@ ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - programs = { bash.shellAliases = { code = "codium"; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { + vscode = { package = pkgs.vscodium; mutableExtensionsDir = false; @@ -57,12 +46,12 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; + # "continue.telemetryEnabled" = false; }) ]; extensions = ( - with open-vsx; + with pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -80,7 +69,7 @@ in { dsznajder.es7-react-js-snippets dbaeumer.vscode-eslint standard.vscode-standard - firsttris.vscode-jest-runner + orta.vscode-jest stylelint.vscode-stylelint tauri-apps.tauri-vscode @@ -101,13 +90,15 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; + with pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue + # continue.continue + github.copilot + github.copilot-chat ]) ) ); diff --git a/flake.lock b/flake.lock index ee4ebda..a60584d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1751607816, - "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", "owner": "nix-community", "repo": "disko", - "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751688200, - "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", + "lastModified": 1752269946, + "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", + "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751690735, - "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", + "lastModified": 1752265577, + "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", + "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751681058, - "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", + "lastModified": 1752200230, + "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", + "rev": "3c866dfb70d282247452742098d315b97df713d2", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1751432711, - "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 1fab060..465e83f 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,6 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.steam-fetcher.overlays.default + inputs.nix-vscode-extensions.overlays.default ]; } From 9650c7335a268ab29dd530c870197615a45215d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:02:05 -0500 Subject: [PATCH 0750/1043] installed copilot for vscode --- .../home-manager/leyla/packages/vscode/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 74673a0..8a5e15e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,8 +50,10 @@ in { }) ]; - extensions = ( - with pkgs.open-vsx; + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -90,7 +92,7 @@ in { kamadorueda.alejandra ]) ++ ( - with pkgs.vscode-marketplace; + with extension-pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley @@ -98,7 +100,7 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ # continue.continue github.copilot - github.copilot-chat + # github.copilot-chat ]) ) ); From c863b8c4b5a7180d743937710063d8457c4114a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:08:06 -0500 Subject: [PATCH 0751/1043] removed copilot --- .../home-manager/leyla/packages/vscode/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8a5e15e..696f770 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - # "continue.telemetryEnabled" = false; + "continue.telemetryEnabled" = false; }) ]; @@ -98,9 +98,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - # continue.continue - github.copilot - # github.copilot-chat + continue.continue ]) ) ); From 1d7e0d11f04524827ada4515f49f8447c22c0f16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 11:53:53 -0500 Subject: [PATCH 0752/1043] removed continue vscode plugin --- configurations/home-manager/leyla/default.nix | 26 ------- .../leyla/packages/vscode/default.nix | 8 +- modules/home-manager-modules/continue.nix | 73 ------------------- modules/home-manager-modules/default.nix | 1 - 4 files changed, 3 insertions(+), 105 deletions(-) delete mode 100644 modules/home-manager-modules/continue.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 49abfe1..538eab8 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -82,31 +82,5 @@ # EDITOR = "emacs"; }; }; - - user = { - continue = { - enable = true; - docs = { - "Continue Docs" = { - startUrl = "https://docs.continue.dev"; - }; - "Nixpkgs" = { - startUrl = "https://ryantm.github.io/nixpkgs/#preface"; - }; - "Nix Manual" = { - startUrl = "https://nixos.org/manual/nixos/stable/"; - }; - "Home manager Manual" = { - startUrl = "https://nix-community.github.io/home-manager/"; - }; - "Nix Docs" = { - startUrl = "https://nix.dev/index.html"; - }; - "Linux Man Page" = { - startUrl = "https://linux.die.net/man/"; - }; - }; - }; - }; }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 696f770..89ee876 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -6,7 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + ai-tooling-enabled = osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { programs = { @@ -46,8 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) + }) ]; extensions = let @@ -98,8 +97,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) + ]) ) ); }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix deleted file mode 100644 index 20ec52b..0000000 --- a/modules/home-manager-modules/continue.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; -in { - options.user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; - }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; - }; - }; - }; - - config = - lib.mkIf ai-tooling-enabled - (lib.mkMerge [ - { - home = { - file = { - ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { - name = "Assistant"; - version = "1.0.0"; - schema = "v1"; - models = lib.attrsets.attrValues osConfig.host.ai.models; - context = lib.attrsets.attrValues config.user.continue.context; - docs = lib.attrsets.attrValues config.user.continue.docs; - }; - }; - }; - } - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - ".continue/index" - ".continue/sessions" - ]; - allowOther = true; - }; - }) - ]); -} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index f83f143..4c085a5 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,7 +6,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./continue.nix ./gnome.nix ./programs ]; From 3ce9b625d1630bccef9cf89fe70a0f0c29e21063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:00:59 -0500 Subject: [PATCH 0753/1043] fixed home assistant --- .../nixos/defiant/configuration.nix | 9 +- modules/nixos-modules/server/adguardhome.nix | 2 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 220 +++++++++--------- modules/nixos-modules/server/podman.nix | 2 +- .../server/virt-home-assistant.nix | 155 ------------ 6 files changed, 122 insertions(+), 268 deletions(-) delete mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7d9c6d8..9824e56 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -282,10 +282,11 @@ subdomain = "search"; }; - virt-home-assistant = { - enable = false; - networkBridge = "bond0"; - hostDevice = "0x10c4:0xea60"; + home-assistant = { + enable = true; + subdomain = "home"; + openFirewall = true; + database = "postgres"; }; qbittorrent = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix index 866ad8a..abd1254 100644 --- a/modules/nixos-modules/server/adguardhome.nix +++ b/modules/nixos-modules/server/adguardhome.nix @@ -6,7 +6,7 @@ dnsPort = 53; in { options.host.adguardhome = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; directory = lib.mkOption { type = lib.types.str; default = "/var/lib/AdGuardHome/"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7beee8b..83a0830 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./virt-home-assistant.nix + ./home-assistant.nix ./adguardhome.nix ./immich.nix ./qbittorent.nix diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index a90bd6d..7497995 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,130 +1,138 @@ { lib, config, - inputs, ... }: let configDir = "/var/lib/hass"; + dbUser = "hass"; in { - options.host.home-assistant = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + options.services.home-assistant = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that home-assistant will be hosted at"; default = "home-assistant"; }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; }; - config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - virtualisation.libvirt = { - swtpm.enable = true; - connections."qemu:///session" = { - networks = [ - { - definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge - { - uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; - subnet_byte = 71; - }); - active = true; - } - ]; - domains = [ - { - definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux - { - name = "Home Assistant"; - uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; - memory = { - count = 4; - unit = "GiB"; - }; - # storage_vol = { - # pool = "MyPool"; - # volume = "Penguin.qcow2"; - # }; - }); - } - ]; + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; }; }; - # systemd.tmpfiles.rules = [ - # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - # ]; - # services.home-assistant = { - # enable = true; - # configDir = configDir; - # extraComponents = [ - # "met" - # "radio_browser" - # "isal" - # "zha" - # "jellyfin" - # "webostv" - # "tailscale" - # "syncthing" - # "sonos" - # "analytics_insights" - # "unifi" - # "openweathermap" - # ]; - # config = { - # http = { - # server_port = 8082; - # use_x_forwarded_for = true; - # trusted_proxies = ["127.0.0.1" "::1"]; - # ip_ban_enabled = true; - # login_attempts_threshold = 10; - # }; - # # recorder.db_url = "postgresql://@/${db_user}"; - # "automation manual" = []; - # "automation ui" = "!include automations.yaml"; - # }; - # extraPackages = python3Packages: - # with python3Packages; [ - # hassil - # numpy - # gtts - # ]; - # }; - # host = { - # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + services.home-assistant = { + configDir = configDir; + extraComponents = [ + "met" + "radio_browser" + "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + recorder.db_url = "postgresql://@/${dbUser}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; } + (lib.mkIf (config.services.home-assistant.database == "postgres") { + host = { + postgres = { + enable = true; + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.home-assistant.configDir == configDir; - # message = "home assistant config directory does not match persistence"; - # } - # ]; - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # { - # directory = configDir; - # user = "hass"; - # group = "hass"; - # } - # ]; - # }; + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; }) ]); } diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index e806e65..9301140 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -4,7 +4,7 @@ ... }: { options.host.podman = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should podman be enabled on this computer"; macvlan = { subnet = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix deleted file mode 100644 index 4212668..0000000 --- a/modules/nixos-modules/server/virt-home-assistant.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - options.services.virt-home-assistant = { - enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; - networkBridge = lib.mkOption { - type = lib.types.str; - description = "what network bridge should we attach to the image"; - }; - hostDevice = lib.mkOption { - type = lib.types.str; - description = "what host devices should be attached to the image"; - }; - initialVersion = lib.mkOption { - type = lib.types.str; - description = "what home assistant image version should we pull for initial instal"; - default = "15.0"; - }; - imageName = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "home-assistant.qcow2"; - }; - installLocation = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "/etc/hass"; - }; - virtualMachineName = lib.mkOption { - type = lib.types.str; - description = "what name should we give the virtual machine"; - default = "home-assistant"; - }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - }; - config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ - { - # environment.systemPackages = with pkgs; [ - # virt-manager - # ]; - - # TODO: move this to external module and just have an assertion here that its enabled - # enable virtualization on the system - virtualisation = { - libvirtd = { - enable = true; - qemu.ovmf.enable = true; - }; - }; - - # TODO: deactivation script? - # create service to install and start the container - systemd.services.virt-install-home-assistant = let - # TODO: all of these need to be escaped to be used in commands reliably - bridgedNetwork = config.services.virt-home-assistant.networkBridge; - hostDevice = config.services.virt-home-assistant.hostDevice; - virtualMachineName = config.services.virt-home-assistant.virtualMachineName; - imageName = config.services.virt-home-assistant.imageName; - installLocation = config.services.virt-home-assistant.installLocation; - installImage = "${installLocation}/${imageName}"; - initialVersion = config.services.virt-home-assistant.initialVersion; - - home-assistant-qcow2 = pkgs.fetchurl { - name = "home-assistant.qcow2"; - url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; - hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; - postFetch = '' - cp $out src.xz - rm -r $out - ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} - ''; - }; - - # Write a script to install the Home Assistant OS qcow2 image - virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' - # Copy the initial image out of the package store to the install location if we don't have one yet - if [ ! -f ${installImage} ]; then - cp ${home-assistant-qcow2} ${installLocation} - fi - - # Check if VM already exists, and other pre-conditions - if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then - ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ - --description "Home Assistant OS" \ - --os-variant=generic \ - --boot uefi \ - --ram=2048 \ - --vcpus=2 \ - --import \ - --disk ${installImage},bus=sata \ - --network bridge=${bridgedNetwork} \ - --host-device ${hostDevice} \ - --graphics none - ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} - fi - ''; - in { - description = "Install and start Home Assistant"; - wantedBy = ["multi-user.target"]; - after = ["local-fs.target"]; - requires = ["libvirtd.service"]; - serviceConfig.Type = "oneshot"; - serviceConfig = { - ExecStart = "${virtInstallScript}/bin/virt-install-hass"; - }; - }; - - # TODO: figure out what we need to proxy to the virtual image - # host = { - # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; - } - (lib.mkIf config.services.fail2ban.enable { - # TODO: figure out how to write a config for this, prob based on nginx proxy logs? - }) - (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.virt-home-assistant.installLocation == configDir; - # message = "home assistant install location does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.virt-home-assistant.installLocation; - } - ]; - }; - }) - ]); -} From 644f9371ebfe91fdc535d5b8fad2c8a22e14a994 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:04:44 -0500 Subject: [PATCH 0754/1043] added home assistant to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index be83e6f..1851e33 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -61,16 +61,16 @@ in { bantime = 600; maxretry = 5; }; - # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - # enabled = true; - # filter = "hass"; - # action = ''iptables-multiport[name=HTTP, port="http,https"]''; - # logpath = "${config.services.home-assistant.configDir}/*.log"; - # backend = "auto"; - # findtime = 600; - # bantime = 600; - # maxretry = 5; - # }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 3631ba11a8ee10f53e222f180f252943ca8e7df4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:06:32 -0500 Subject: [PATCH 0755/1043] removed unused parts of configuration --- .../nixos/defiant/configuration.nix | 7 -- modules/nixos-modules/server/adguardhome.nix | 72 ------------------- modules/nixos-modules/server/default.nix | 1 - 3 files changed, 80 deletions(-) delete mode 100644 modules/nixos-modules/server/adguardhome.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9824e56..2b221ab 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -109,13 +109,6 @@ }; }; }; - # home-assistant = { - # enable = false; - # subdomain = "home"; - # }; - adguardhome = { - enable = false; - }; }; systemd.network = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix deleted file mode 100644 index abd1254..0000000 --- a/modules/nixos-modules/server/adguardhome.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - lib, - config, - ... -}: let - dnsPort = 53; -in { - options.host.adguardhome = { - enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/AdGuardHome/"; - }; - }; - config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ - { - services.adguardhome = { - enable = true; - mutableSettings = false; - settings = { - dns = { - bootstrap_dns = [ - "1.1.1.1" - "9.9.9.9" - ]; - upstream_dns = [ - "dns.quad9.net" - ]; - }; - filtering = { - protection_enabled = true; - filtering_enabled = true; - - parental_enabled = false; # Parental control-based DNS requests filtering. - safe_search = { - enabled = false; # Enforcing "Safe search" option for search engines, when possible. - }; - }; - # The following notation uses map - # to not have to manually create {enabled = true; url = "";} for every filter - # This is, however, fully optional - filters = - map (url: { - enabled = true; - url = url; - }) [ - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.adguardhome.directory; - user = "adguardhome"; - group = "adguardhome"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 83a0830..5f63925 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,6 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./adguardhome.nix ./immich.nix ./qbittorent.nix ]; From 9699472b1ecefbfae9033590cc680ef6e2f48d15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:36:02 -0500 Subject: [PATCH 0756/1043] update readme --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bc31eca..75ff24c 100644 --- a/README.md +++ b/README.md @@ -66,5 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - migrate away from flakes and move to npins - fix nfs -- fix home assistant -- create adguard server \ No newline at end of file +- crab-hole +- nix mcp +- figure out ai vs code plugin +- whisper \ No newline at end of file From 776bf8f7442d212aba194d279a9dbb01e65c156c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 18:25:53 -0500 Subject: [PATCH 0757/1043] updated readme --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 75ff24c..d41b7a3 100644 --- a/README.md +++ b/README.md @@ -41,14 +41,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ # Tasks: ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folder passwords - nfs export should be backed by the same values for server and client ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -69,4 +68,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - crab-hole - nix mcp - figure out ai vs code plugin -- whisper \ No newline at end of file +- whisper +- figure out why syncthing and jellyfins permissions don't propagate downwards +- auto turn off on power loss \ No newline at end of file From 035089be385da1ad5e553876992034607b43b88b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 19:14:32 -0500 Subject: [PATCH 0758/1043] updated README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d41b7a3..e9a0629 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: From b8e21e6c61d5b969ceac78cacbb53d792bf6017c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 22:44:49 -0500 Subject: [PATCH 0759/1043] organized README.md --- README.md | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index e9a0629..141c2fd 100644 --- a/README.md +++ b/README.md @@ -51,24 +51,23 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - nfs export should be backed by the same values for server and client ## New Features -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- samba mounts +- crab-hole +- figure out why syncthing and jellyfins permissions don't propagate downwards - figure out steam vr things? -- Open GL? -- rotate sops encryption keys periodically (and somehow sync between devices?) +- auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this -- wake on LAN for updates -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- SMART test with email results +- fix nfs +- samba mounts +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- Create Tor guard/relay server +- migrate away from flakes and move to npins +- whisper +- figure out ai vs code plugin +- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results -- Create Tor guard/relay server +- rotate sops encryption keys periodically (and somehow sync between devices?) +- wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- fix nfs -- crab-hole -- nix mcp -- figure out ai vs code plugin -- whisper -- figure out why syncthing and jellyfins permissions don't propagate downwards -- auto turn off on power loss \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file From 0e8a148517cc90cdd3f6c2ac963b010ce7ca958a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 16:10:30 -0500 Subject: [PATCH 0760/1043] started to break up home-assistant config --- .../nixos/defiant/configuration.nix | 5 ++++ .../nixos-modules/server/home-assistant.nix | 28 +++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2b221ab..6655572 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -280,6 +280,11 @@ subdomain = "home"; openFirewall = true; database = "postgres"; + + extensions = { + sonos.enable = true; + jellyfin.enable = true; + }; }; qbittorrent = { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 7497995..231c2e1 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -21,6 +21,20 @@ in { description = "what database do we want to use"; default = "builtin"; }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + }; }; config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ @@ -50,11 +64,9 @@ in { "radio_browser" "isal" "zha" - "jellyfin" "webostv" "tailscale" "syncthing" - "sonos" "analytics_insights" "unifi" "openweathermap" @@ -80,10 +92,22 @@ in { ]; }; + # TODO: configure /var/lib/hass/secrets.yaml via sops + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; } + (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; + }) + (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { From 2e8eba77099804b300597e760389760a446f02a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:22:46 -0500 Subject: [PATCH 0761/1043] installed wyoming --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 7 +++ modules/nixos-modules/server/wyoming.nix | 50 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/wyoming.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 5f63925..00e506d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,6 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix + ./wyoming.nix ./immich.nix ./qbittorent.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 231c2e1..6eb5682 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -34,6 +34,9 @@ in { jellyfin = { enable = lib.mkEnableOption "enable the jellyfin plugin"; }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; }; }; @@ -108,6 +111,10 @@ in { services.home-assistant.extraComponents = ["jellyfin"]; # TODO: configure port, address, and login information here }) + (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix new file mode 100644 index 0000000..d41a962 --- /dev/null +++ b/modules/nixos-modules/server/wyoming.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; + config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ + { + services.wyoming.piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; + }; + }; + + services.wyoming.faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; + }; + }; + + # needs access to /proc/cpuinfo + systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = "/var/lib/private/wyoming"; + mode = "0700"; + } + ]; + }; + }) + ]); +} From 2188954b79aabbf3835ec9af5f1811d672283ece Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:39:25 -0500 Subject: [PATCH 0762/1043] installed open wake word --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/wyoming.nix | 49 ++++++++++++------- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6655572..3ab557d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; + wyoming.enable = true; }; }; diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index d41a962..4894dd4 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -6,29 +6,42 @@ options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ { - services.wyoming.piper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py - voice = "en-us-amy-low"; - uri = "tcp://0.0.0.0:10200"; - speaker = 0; + services.wyoming = { + # Text to speech + piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; }; }; - }; - services.wyoming.faster-whisper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py - model = "tiny-int8"; - language = "en"; - uri = "tcp://0.0.0.0:10300"; - device = "cpu"; + # Speech to text + faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; }; }; + + openwakeword = { + enable = true; + uri = "tcp://0.0.0.0:10400"; + preloadModels = [ + "ok_nabu" + ]; + # TODO: custom models + }; }; # needs access to /proc/cpuinfo From 92839b4603b4a820bac53062226f9abd854d1d2b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 18:30:45 -0500 Subject: [PATCH 0763/1043] got hass app config closer to working --- modules/nixos-modules/server/home-assistant.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 6eb5682..07dcc03 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -74,6 +74,7 @@ in { "unifi" "openweathermap" "ollama" + "mobile_app" ]; config = { http = { @@ -83,6 +84,10 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + homeassistant = { + external_url = "https://home.jan-leila.com"; + internal_url = "http://192.168.1.2:8123"; + }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; @@ -97,6 +102,10 @@ in { # TODO: configure /var/lib/hass/secrets.yaml via sops + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; From 2fb56dc2967f97512cb09ff198b35c884984e664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 19:00:16 -0500 Subject: [PATCH 0764/1043] moved home-assistant fail2ban config to its own module --- modules/nixos-modules/server/fail2ban.nix | 24 ------------- .../nixos-modules/server/home-assistant.nix | 34 +++++++++++++++++++ 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 1851e33..d19aeeb 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -16,20 +16,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - # [INCLUDES] - # before = common.conf - - # [Definition] - # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - # ignoreregex = - - # [Init] - # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - # '') - # ); }; services.fail2ban = { @@ -61,16 +47,6 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 07dcc03..3e225ff 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -155,6 +156,39 @@ in { ]; }; }) + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { From 1e5eed80c16c5f9049773bae0df4d495544585ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 10:49:04 -0500 Subject: [PATCH 0765/1043] installed more home assistant components --- modules/nixos-modules/server/home-assistant.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 3e225ff..f91e02e 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -64,6 +64,8 @@ in { services.home-assistant = { configDir = configDir; extraComponents = [ + "default_config" + "esphome" "met" "radio_browser" "isal" @@ -76,6 +78,20 @@ in { "openweathermap" "ollama" "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" ]; config = { http = { @@ -92,6 +108,7 @@ in { recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; + mobile_app = {}; }; extraPackages = python3Packages: with python3Packages; [ From 3a875e0c1f6587530aa4844c84b7939a2c194cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 11:43:45 -0500 Subject: [PATCH 0766/1043] drafted out paperless config --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 4 +- modules/nixos-modules/server/paperless.nix | 80 +++++++++++++++++++ modules/nixos-modules/users.nix | 15 ++++ 5 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/paperless.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ab557d..0d6173c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -288,6 +288,11 @@ }; }; + paperless = { + enable = false; + subdomain = "documents"; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 00e506d..95c7096 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,5 +12,6 @@ ./wyoming.nix ./immich.nix ./qbittorent.nix + ./paperless.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index f91e02e..57bedc1 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -102,8 +102,8 @@ in { login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://home.jan-leila.com"; - internal_url = "http://192.168.1.2:8123"; + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix new file mode 100644 index 0000000..e49249d --- /dev/null +++ b/modules/nixos-modules/server/paperless.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + }; + }; + }; + }; + services.paperless = { + # TODO: configure passwordFile with sops + configureTika = true; + settings = { + PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: fail2ban config + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 68bd78b..a774e44 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; gids = { @@ -40,6 +41,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isNormalUser = true; group = config.users.users.qbittorrent.name; }; + + paperless = { + uid = lib.mkForce uids.paperless; + isSystemUser = true; + group = config.users.users.paperless.name; + }; }; groups = { @@ -273,6 +281,13 @@ in { leyla ]; }; + + paperless = { + gid = lib.mkForce gids.paperless; + members = [ + users.paperless.name + ]; + }; }; }; } From c8f163ed0c1950ea5f0cd25bef96d3a912f13526 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 19:38:24 -0500 Subject: [PATCH 0767/1043] fixed paperless --- .../nixos/defiant/configuration.nix | 9 ++++- flake.lock | 26 ++++++------- modules/nixos-modules/server/forgejo.nix | 6 +++ modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/paperless.nix | 38 +++++++++++++++++-- nix-config-secrets | 2 +- 6 files changed, 64 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0d6173c..960e90b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -17,6 +17,12 @@ "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/paperless_password" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + mode = "0700"; + owner = "paperless"; + group = "paperless"; + }; }; host = { @@ -289,8 +295,9 @@ }; paperless = { - enable = false; + enable = true; subdomain = "documents"; + passwordFile = config.sops.secrets."services/paperless_password".path; }; qbittorrent = { diff --git a/flake.lock b/flake.lock index a60584d..a32ae84 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752269946, - "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", + "lastModified": 1752379414, + "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", + "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752265577, - "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752200230, - "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", + "lastModified": 1752459325, + "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3c866dfb70d282247452742098d315b97df713d2", + "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749061163, - "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", + "lastModified": 1752531440, + "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", "ref": "refs/heads/main", - "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", - "revCount": 19, + "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", + "revCount": 20, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 40a5303..7898daa 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -28,6 +28,12 @@ in { extraUsers = { ${db_user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; }; }; }; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a8bbe71..bad04c9 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -55,7 +55,7 @@ in { } (lib.mkIf config.services.fail2ban.enable { environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + "fail2ban/filter.d/jellyfin.local".text = ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." @@ -65,7 +65,7 @@ in { services.fail2ban = { jails = { - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + jellyfin-iptables.settings = { enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index e49249d..0243d53 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let dataDir = "/var/lib/paperless"; @@ -24,7 +25,7 @@ in { { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; websockets.enable = true; forwardHeaders.enable = true; @@ -39,15 +40,20 @@ in { extraUsers = { ${config.services.paperless.database.user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; }; }; }; }; services.paperless = { - # TODO: configure passwordFile with sops configureTika = true; settings = { - PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; @@ -57,7 +63,31 @@ in { }; } (lib.mkIf config.services.fail2ban.enable { - # TODO: fail2ban config + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; }) (lib.mkIf config.host.impermanence.enable { assertions = [ diff --git a/nix-config-secrets b/nix-config-secrets index 1c5c059..f016767 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba +Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 From 3f3ae74fac8f7437d4510fa4ca79c9f96743a594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 18 Jul 2025 21:19:18 -0500 Subject: [PATCH 0768/1043] enabled ollama on horizon --- configurations/nixos/horizon/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 42dcbb9..99b6ee9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -126,6 +126,13 @@ }; syncthing.enable = true; + + ollama = { + enable = true; + loadModels = [ + "llama3.1:8b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From 358f0394607843d23f659d6aae633c1c29b1a9ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 21 Jul 2025 19:35:11 -0500 Subject: [PATCH 0769/1043] created custom vscode extension --- .../leyla/packages/vscode/default.nix | 5 +++ .../pkgs/codium-extensions/ai-code.nix | 42 +++++++++++++++++++ .../pkgs/codium-extensions/default.nix | 3 ++ modules/common-modules/pkgs/default.nix | 3 ++ 4 files changed, 53 insertions(+) create mode 100644 modules/common-modules/pkgs/codium-extensions/ai-code.nix create mode 100644 modules/common-modules/pkgs/codium-extensions/default.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 89ee876..f911104 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -99,6 +99,11 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ ]) ) + ++ ( + with pkgs.codium-extensions; [ + ai-code + ] + ) ); }; }; diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix new file mode 100644 index 0000000..ccd4cb8 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -0,0 +1,42 @@ +{ + buildNpmPackage, + vscode-utils, + pkgs, + ... +}: let + version = "0.0.1"; + pname = "ai-code"; + publisher = "jan-leila"; + vsix = buildNpmPackage { + inherit version pname; + + src = builtins.fetchGit { + url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; + rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + }; + + npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + + nativeBuildInputs = with pkgs; [ + vsce + ]; + + buildPhase = '' + ${pkgs.vsce}/bin/vsce package -o ${pname}.zip + ''; + + installPhase = '' + mkdir -p $out + mv ${pname}.zip $out/${pname}.zip + ''; + }; +in + vscode-utils.buildVscodeExtension { + inherit pname version; + + src = "${vsix}/${pname}.zip"; + + vscodeExtUniqueId = "${publisher}.${pname}"; + vscodeExtPublisher = publisher; + vscodeExtName = pname; + } diff --git a/modules/common-modules/pkgs/codium-extensions/default.nix b/modules/common-modules/pkgs/codium-extensions/default.nix new file mode 100644 index 0000000..a60e8a0 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/default.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + ai-code = pkgs.callPackage ./ai-code.nix {}; +} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e955354..16f3a3c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -19,5 +19,8 @@ (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) + (final: prev: { + codium-extensions = pkgs.callPackage ./codium-extensions {}; + }) ]; } From e14d1387dc2936c1186fd7186c9f0dcc19f9cce5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Jul 2025 18:15:58 -0500 Subject: [PATCH 0770/1043] updated user-words in vscode config --- .../leyla/packages/vscode/default.nix | 104 ++++++++++-------- .../leyla/packages/vscode/user-words.nix | 79 ++++++++++++- .../nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/desktop.nix | 2 +- modules/nixos-modules/users.nix | 16 --- 5 files changed, 133 insertions(+), 70 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index f911104..2e20db7 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -8,6 +8,10 @@ nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = osConfig.host.ai.enable; in { + imports = [ + ./user-words.nix + ]; + config = lib.mkIf config.user.isDesktopUser { programs = { bash.shellAliases = { @@ -26,7 +30,6 @@ in { userSettings = lib.mkMerge [ { "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; @@ -52,58 +55,67 @@ in { extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( - with extension-pkgs.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + ( + with extension-pkgs.open-vsx; ( + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + orta.vscode-jest + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # go extensions - golang.go + # go extensions + golang.go - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with extension-pkgs.vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - ]) - ) - ++ ( - with pkgs.codium-extensions; [ - ai-code + # misc extensions + tamasfe.even-better-toml ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) ) + ) + ++ ( + with extension-pkgs.vscode-marketplace; ( + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + ]) + ) + ) + ++ ( + with pkgs.codium-extensions; ( + [] + ++ ( + lib.lists.optionals ai-tooling-enabled [ + ai-code + ] + ) + ) + ) ); }; }; diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index b581118..145604a 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -1,6 +1,73 @@ -[ - "leyla" - "webdav" - "ollama" - "optimise" -] +{...}: { + config.programs.vscode.profiles.default.userSettings = { + "cSpell.userWords" = [ + "leyla" + "ollama" + ]; + "[javascript][typescript]"."cSpell.userWords" = [ + "webdav" + ]; + "[nix]"."cSpell.userWords" = [ + "pname" + "direnv" + "deepseek" + "qwen" + "syncthing" + "immich" + "sonos" + "makemkv" + "hass" + "qbittorent" + "prostudiomasters" + "tmpfiles" + "networkmanager" + "Networkd" + "networkmanager" + "dialout" + "adbusers" + "protonmail" + "authkey" + "netdevs" + "atomix" + "geary" + "gedit" + "hitori" + "iagno" + "alsa" + "timezoned" + "pipewire" + "pulseaudio" + "rtkit" + "disko" + "ashift" + "autotrim" + "canmount" + "mountpoint" + "xattr" + "acltype" + "relatime" + "keyformat" + "keylocation" + "vdevs" + + # codium extensions + "akamud" + "onedark" + "jeanp" + "dsznajder" + "dbaeumer" + "orta" + "tauri" + "unifiedjs" + "tamasfe" + "pinage" + "jnoortheen" + "kamadorueda" + "karyfoundation" + "nearley" + + # nix.optimise is spelled wrong + "optimise" + ]; + }; +} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 960e90b..094becb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,7 +201,7 @@ autoSnapshot.enable = true; }; - # temp enable desktop enviroment for setup + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 900aacf..e1882b3 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -22,7 +22,7 @@ gnome-characters # character set viewer gnome-music # music player gnome-photos # photo viewer - gnome-logs # log viwer + gnome-logs # log viewer gnome-maps # map viewer gnome-tour # welcome tour hitori # sudoku game diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index a774e44..b135367 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -17,7 +17,6 @@ eve = 1002; jellyfin = 2000; forgejo = 2002; - adguardhome = 2003; hass = 2004; syncthing = 2007; ollama = 2008; @@ -34,7 +33,6 @@ jellyfin_media = 2001; jellyfin = 2000; forgejo = 2002; - adguardhome = 2003; hass = 2004; syncthing = 2007; ollama = 2008; @@ -129,12 +127,6 @@ in { group = config.users.users.forgejo.name; }; - adguardhome = { - uid = lib.mkForce uids.adguardhome; - isSystemUser = true; - group = config.users.users.adguardhome.name; - }; - hass = { uid = lib.mkForce uids.hass; isSystemUser = true; @@ -227,14 +219,6 @@ in { ]; }; - adguardhome = { - gid = lib.mkForce gids.adguardhome; - members = [ - users.adguardhome.name - # leyla - ]; - }; - hass = { gid = lib.mkForce gids.hass; members = [ From 1ac0b89935dc11609bbc26b18e016db1bfc7295a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Jul 2025 18:47:46 -0500 Subject: [PATCH 0771/1043] fixed cname words --- configurations/home-manager/leyla/packages/vscode/default.nix | 3 --- .../home-manager/leyla/packages/vscode/user-words.nix | 4 ---- 2 files changed, 7 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 2e20db7..228f634 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -44,9 +44,6 @@ in { "editor.formatOnType" = true; }; "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; }) (lib.mkIf ai-tooling-enabled { }) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index 145604a..ca4b1d1 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -3,11 +3,7 @@ "cSpell.userWords" = [ "leyla" "ollama" - ]; - "[javascript][typescript]"."cSpell.userWords" = [ "webdav" - ]; - "[nix]"."cSpell.userWords" = [ "pname" "direnv" "deepseek" From 9b5ccf6cc95ba0bffa542ea0df313846689a9072 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 24 Jul 2025 01:06:50 -0500 Subject: [PATCH 0772/1043] updated aiCode extension --- configurations/home-manager/leyla/packages/vscode/default.nix | 3 ++- modules/common-modules/pkgs/codium-extensions/ai-code.nix | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 228f634..c28861f 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,8 @@ in { "alejandra.program" = "alejandra"; }) (lib.mkIf ai-tooling-enabled { - }) + "aiCode.ollamaHost" = "http://defiant:11434"; + }) ]; extensions = let diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix index ccd4cb8..38e9dd9 100644 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -12,10 +12,10 @@ src = builtins.fetchGit { url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + rev = "bdb615876df41717180c31640a8542b86326a9b3"; }; - npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; nativeBuildInputs = with pkgs; [ vsce From 3131d264d350f487fc18183ef968d97e96cfa7c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 25 Jul 2025 20:50:53 -0500 Subject: [PATCH 0773/1043] updated flake lock --- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 62 +++++------ flake.nix | 2 +- modules/nixos-modules/server/qbittorent.nix | 101 +----------------- modules/nixos-modules/users.nix | 2 +- 6 files changed, 38 insertions(+), 133 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 63f9661..eaaaf2d 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -44,7 +44,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = true; + jetbrains.idea-community.enable = false; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 094becb..9e8f25a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -304,7 +304,7 @@ enable = true; mediaDir = "/srv/qbittorent"; openFirewall = true; - webPort = 8084; + webuiPort = 8084; }; }; diff --git a/flake.lock b/flake.lock index a32ae84..5a853aa 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1752113600, - "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "owner": "nix-community", "repo": "disko", - "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752379414, - "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", + "lastModified": 1753416229, + "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", + "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -146,15 +146,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "lastModified": 1753306924, + "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", + "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" } }, "lix-module": { @@ -167,15 +167,15 @@ ] }, "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "lastModified": 1753282722, + "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", + "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" } }, "nix-darwin": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752459325, - "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", + "lastModified": 1753409666, + "narHash": "sha256-bFjln7BkIGOlLHeUzUxfEho2GnrIrQE6O59plpvPiYY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", + "rev": "38a251b6e95659b12dfb3b9fdc237d1ba2ac3786", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1751606940, - "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 651a210..67ff0c4 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix index 9b7b7e8..2d54587 100644 --- a/modules/nixos-modules/server/qbittorent.nix +++ b/modules/nixos-modules/server/qbittorent.nix @@ -1,115 +1,20 @@ { lib, - pkgs, config, ... }: let - qbittorent_data_directory = "/var/lib/qbittorrent"; + qbittorent_profile_directory = "/var/lib/qBittorrent/"; in { options.services.qbittorrent = { - enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; - - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/qbittorrent"; - description = lib.mdDoc '' - The directory where qBittorrent stores its data files. - ''; - }; - mediaDir = lib.mkOption { type = lib.types.path; description = lib.mdDoc '' The directory to create to store qbittorrent media. ''; }; - - user = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - User account under which qBittorrent runs. - ''; - }; - - group = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - Group under which qBittorrent runs. - ''; - }; - - webPort = lib.mkOption { - type = lib.types.port; - default = 8080; - description = lib.mdDoc '' - qBittorrent web UI port. - ''; - }; - - openFirewall = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Open services.qBittorrent.webPort to the outside network."; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.qbittorrent-nox; - defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; - description = "The qbittorrent package to use."; - }; }; config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - { - networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { - allowedTCPPorts = [config.services.qbittorrent.webPort]; - }; - - systemd.services.qbittorrent = { - # based on the plex.nix service module and - # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in - description = "qBittorrent-nox service"; - documentation = ["man:qbittorrent-nox(1)"]; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - - serviceConfig = { - Type = "simple"; - User = config.services.qbittorrent.user; - Group = config.services.qbittorrent.group; - - # Run the pre-start script with full permissions (the "!" prefix) so it - # can create the data directory if necessary. - ExecStartPre = let - preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' - #!${pkgs.bash}/bin/bash - - # Create data directory if it doesn't exist - if ! test -d "$QBT_PROFILE"; then - echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" - install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" - fi - ''; - in "!${preStartScript}"; - - #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; - ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; - # To prevent "Quit & shutdown daemon" from working; we want systemd to - # manage it! - #Restart = "on-success"; - #UMask = "0002"; - #LimitNOFILE = cfg.openFilesLimit; - }; - - environment = { - QBT_PROFILE = config.services.qbittorrent.dataDir; - QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; - }; - }; - } (lib.mkIf config.host.impermanence.enable { fileSystems."/persist/system/qbittorrent".neededForBoot = true; @@ -126,7 +31,7 @@ in { assertions = [ { - assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; message = "qbittorrent data directory does not match persistence"; } ]; @@ -135,7 +40,7 @@ in { "/persist/system/root" = { directories = [ { - directory = qbittorent_data_directory; + directory = qbittorent_profile_directory; user = "qbittorrent"; group = "qbittorrent"; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index b135367..eeddafd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -160,7 +160,7 @@ in { qbittorrent = { uid = lib.mkForce uids.qbittorrent; - isNormalUser = true; + isSystemUser = true; group = config.users.users.qbittorrent.name; }; From dfcd16fdd226f6d7b21046302fe7e8f453eb5b5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 25 Jul 2025 21:33:18 -0500 Subject: [PATCH 0774/1043] updated user words --- .../leyla/packages/vscode/user-words.nix | 183 ++++++++++++------ 1 file changed, 120 insertions(+), 63 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index ca4b1d1..bb99bbc 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -1,69 +1,126 @@ -{...}: { +{ + pkgs, + lib, + ... +}: { config.programs.vscode.profiles.default.userSettings = { "cSpell.userWords" = [ "leyla" - "ollama" - "webdav" - "pname" - "direnv" - "deepseek" - "qwen" - "syncthing" - "immich" - "sonos" - "makemkv" - "hass" - "qbittorent" - "prostudiomasters" - "tmpfiles" - "networkmanager" - "Networkd" - "networkmanager" - "dialout" - "adbusers" - "protonmail" - "authkey" - "netdevs" - "atomix" - "geary" - "gedit" - "hitori" - "iagno" - "alsa" - "timezoned" - "pipewire" - "pulseaudio" - "rtkit" - "disko" - "ashift" - "autotrim" - "canmount" - "mountpoint" - "xattr" - "acltype" - "relatime" - "keyformat" - "keylocation" - "vdevs" - - # codium extensions - "akamud" - "onedark" - "jeanp" - "dsznajder" - "dbaeumer" - "orta" - "tauri" - "unifiedjs" - "tamasfe" - "pinage" - "jnoortheen" - "kamadorueda" - "karyfoundation" - "nearley" - - # nix.optimise is spelled wrong - "optimise" ]; + + "cSpell.languageSettings" = [ + { + "languageId" = "nix"; + "locale" = "*"; + "dictionaries" = [ + "applications" + "ai-words" + "nix-words" + + # We need to include all other dictionaries in the nix language settings because they exist in this file + # TODO: see if there is a way to make this only apply for this file + "js-words" + ]; + } + { + "languageId" = "javascript,typescript,js,ts"; + "locale" = "*"; + "dictionaries" = [ + "js-words" + ]; + } + ]; + + "cSpell.customDictionaries" = { + applications = { + name = "applications"; + description = "application names"; + path = pkgs.writeText "applications.txt" (lib.strings.concatLines [ + "ollama" + "syncthing" + "immich" + "sonos" + "makemkv" + "hass" + "qbittorent" + "prostudiomasters" + "protonmail" + "pulseaudio" + ]); + }; + + ai-words = { + name = "ai-words"; + description = "common words used for ai development"; + path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [ + "ollama" + "deepseek" + "qwen" + ]); + }; + + nix-words = { + name = "nix-words"; + description = "words used in nix configurations"; + path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [ + "pname" + "direnv" + "tmpfiles" + "Networkd" + "networkmanager" + "dialout" + "adbusers" + "authkey" + "netdevs" + "atomix" + "geary" + "gedit" + "hitori" + "iagno" + "alsa" + "timezoned" + "pipewire" + "rtkit" + "disko" + "ashift" + "autotrim" + "canmount" + "mountpoint" + "xattr" + "acltype" + "relatime" + "keyformat" + "keylocation" + "vdevs" + + # codium extensions + "akamud" + "onedark" + "jeanp" + "dsznajder" + "dbaeumer" + "orta" + "tauri" + "unifiedjs" + "tamasfe" + "pinage" + "jnoortheen" + "kamadorueda" + "karyfoundation" + "nearley" + + # nix.optimise is spelled wrong + "optimise" + ]); + }; + + js-words = { + name = "js-words"; + description = "words used in js development"; + path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [ + "webdav" + ]); + }; + }; }; } From 99fb7b8a6273fbfc5007113a35aec858c995dd91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 12:50:21 -0500 Subject: [PATCH 0775/1043] started to move extensions into configurable options --- .../leyla/packages/vscode/default.nix | 26 ++++++---------- .../home-manager-modules/programs/default.nix | 1 + .../programs/vscode/aiCode.nix | 31 +++++++++++++++++++ .../programs/vscode/atomKeybindings.nix | 27 ++++++++++++++++ .../programs/vscode/default.nix | 7 +++++ .../programs/vscode/oneDark.nix | 30 ++++++++++++++++++ 6 files changed, 106 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/aiCode.nix create mode 100644 modules/home-manager-modules/programs/vscode/atomKeybindings.nix create mode 100644 modules/home-manager-modules/programs/vscode/default.nix create mode 100644 modules/home-manager-modules/programs/vscode/oneDark.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c28861f..5294ed2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -29,7 +29,6 @@ in { userSettings = lib.mkMerge [ { - "workbench.colorTheme" = "Atom One Dark"; "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; @@ -45,11 +44,18 @@ in { }; "alejandra.program" = "alejandra"; }) - (lib.mkIf ai-tooling-enabled { - "aiCode.ollamaHost" = "http://defiant:11434"; - }) ]; + # TODO: move the rest of the extensions into enable options like this + extraExtensions = { + oneDark.enable = true; + atomKeybindings.enable = true; + aiCode = { + enable = ai-tooling-enabled; + ollamaHost = "http://defiant:11434"; + }; + }; + extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( @@ -57,8 +63,6 @@ in { with extension-pkgs.open-vsx; ( [ # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian @@ -104,16 +108,6 @@ in { ]) ) ) - ++ ( - with pkgs.codium-extensions; ( - [] - ++ ( - lib.lists.optionals ai-tooling-enabled [ - ai-code - ] - ) - ) - ) ); }; }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index ee52da2..675e77d 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -16,5 +16,6 @@ ./bruno.nix ./dbeaver.nix ./steam.nix + ./vscode ]; } diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix new file mode 100644 index 0000000..cd23f92 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/aiCode.nix @@ -0,0 +1,31 @@ +{ + lib, + pkgs, + ... +}: let + pkgsRepository = pkgs.codium-extensions; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.aiCode = { + enable = lib.mkEnableOption "should the ai code extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "ai-code" {}; + ollamaHost = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "what host should be used for ollama"; + default = null; + }; + }; + }; + config = lib.mkIf config.extraExtensions.aiCode.enable { + extensions = [ + config.extraExtensions.aiCode.extension + ]; + userSettings = { + "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; + }; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/atomKeybindings.nix b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix new file mode 100644 index 0000000..95cd928 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.atomKeybindings = { + enable = lib.mkEnableOption "should the atom keybindings extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "atom-keybindings" { + default = ["ms-vscode" "atom-keybindings"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.atomKeybindings.enable { + extensions = [ + config.extraExtensions.atomKeybindings.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix new file mode 100644 index 0000000..a5fe474 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -0,0 +1,7 @@ +{...}: { + imports = [ + ./oneDark.nix + ./atomKeybindings.nix + ./aiCode.nix + ]; +} diff --git a/modules/home-manager-modules/programs/vscode/oneDark.nix b/modules/home-manager-modules/programs/vscode/oneDark.nix new file mode 100644 index 0000000..5ed43f4 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/oneDark.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.oneDark = { + enable = lib.mkEnableOption "should the one dark theme for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "onedark" { + default = ["akamud" "vscode-theme-onedark"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.oneDark.enable { + extensions = [ + config.extraExtensions.oneDark.extension + ]; + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + }; + }; + })); + }; +} From e58f08b72330189f2fdc78615e5a50c39c448d53 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 16:19:41 -0500 Subject: [PATCH 0776/1043] move nix extensions into vscode extensions folders --- .../leyla/packages/vscode/default.nix | 70 +++++++------------ .../programs/vscode/alejandra.nix | 34 +++++++++ .../programs/vscode/default.nix | 2 + .../programs/vscode/nixIde.nix | 29 ++++++++ 4 files changed, 91 insertions(+), 44 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/alejandra.nix create mode 100644 modules/home-manager-modules/programs/vscode/nixIde.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 5294ed2..0f06f57 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -33,20 +33,8 @@ in { "editor.tabSize" = 2; "editor.insertSpaces" = false; } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - }) ]; - # TODO: move the rest of the extensions into enable options like this extraExtensions = { oneDark.enable = true; atomKeybindings.enable = true; @@ -54,49 +42,43 @@ in { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; }; + alejandra.enable = nix-development-enabled; + nixIde.enable = nix-development-enabled; }; extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( ( - with extension-pkgs.open-vsx; ( - [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + with extension-pkgs.open-vsx; [ + # vs code feel extensions + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + orta.vscode-jest + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # go extensions - golang.go + # go extensions + golang.go - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ) + # misc extensions + tamasfe.even-better-toml + ] ) ++ ( with extension-pkgs.vscode-marketplace; ( diff --git a/modules/home-manager-modules/programs/vscode/alejandra.nix b/modules/home-manager-modules/programs/vscode/alejandra.nix new file mode 100644 index 0000000..ffeaf96 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/alejandra.nix @@ -0,0 +1,34 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.alejandra = { + enable = lib.mkEnableOption "Enable Alejandra extension for Nix formatting"; + extension = lib.mkPackageOption pkgsRepository "alejandra" { + default = ["kamadorueda" "alejandra"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.alejandra.enable { + extensions = [config.extraExtensions.alejandra.extension]; + userSettings = { + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + }; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a5fe474..1f2d86f 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -3,5 +3,7 @@ ./oneDark.nix ./atomKeybindings.nix ./aiCode.nix + ./alejandra.nix + ./nixIde.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/nixIde.nix b/modules/home-manager-modules/programs/vscode/nixIde.nix new file mode 100644 index 0000000..bc79b69 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/nixIde.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.nixIde = { + enable = lib.mkEnableOption "Enable Nix IDE extension"; + extension = lib.mkPackageOption pkgsRepository "nix-ide" { + default = ["jnoortheen" "nix-ide"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.nixIde.enable { + extensions = [config.extraExtensions.nixIde.extension]; + userSettings = { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + }; + }; + })); + }; +} From 1f0a147a426ddbf849213c31d567e5f8b3c53faa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 17:40:01 -0500 Subject: [PATCH 0777/1043] moved more extensions into extension modules --- .../leyla/packages/vscode/default.nix | 33 +++++++++++-------- .../programs/vscode/autoRenameTag.nix | 27 +++++++++++++++ .../programs/vscode/default.nix | 8 +++++ .../programs/vscode/es7ReactJsSnippets.nix | 27 +++++++++++++++ .../programs/vscode/liveServer.nix | 27 +++++++++++++++ .../programs/vscode/tauriVscode.nix | 27 +++++++++++++++ .../programs/vscode/vscodeEslint.nix | 27 +++++++++++++++ .../programs/vscode/vscodeJest.nix | 27 +++++++++++++++ .../programs/vscode/vscodeStandard.nix | 27 +++++++++++++++ .../programs/vscode/vscodeStylelint.nix | 27 +++++++++++++++ 10 files changed, 243 insertions(+), 14 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/autoRenameTag.nix create mode 100644 modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix create mode 100644 modules/home-manager-modules/programs/vscode/liveServer.nix create mode 100644 modules/home-manager-modules/programs/vscode/tauriVscode.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeEslint.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeJest.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeStandard.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeStylelint.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 0f06f57..009d7f0 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -36,14 +36,31 @@ in { ]; extraExtensions = { + # vs code feel oneDark.enable = true; atomKeybindings.enable = true; + + # html development + autoRenameTag.enable = true; + liveServer.enable = true; + + # js development + es7ReactJsSnippets.enable = true; + tauriVscode.enable = true; + vscodeEslint.enable = true; + vscodeJest.enable = true; + vscodeStandard.enable = true; + vscodeStylelint.enable = true; + + # nix development + alejandra.enable = nix-development-enabled; + nixIde.enable = nix-development-enabled; + + # ai tooling aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; }; - alejandra.enable = nix-development-enabled; - nixIde.enable = nix-development-enabled; }; extensions = let @@ -57,18 +74,6 @@ in { streetsidesoftware.code-spell-checker-italian jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - # go extensions golang.go diff --git a/modules/home-manager-modules/programs/vscode/autoRenameTag.nix b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix new file mode 100644 index 0000000..5f24a32 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.autoRenameTag = { + enable = lib.mkEnableOption "should the auto-rename-tag extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "auto-rename-tag" { + default = ["formulahendry" "auto-rename-tag"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.autoRenameTag.enable { + extensions = [ + config.extraExtensions.autoRenameTag.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 1f2d86f..a11d3e5 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -5,5 +5,13 @@ ./aiCode.nix ./alejandra.nix ./nixIde.nix + ./autoRenameTag.nix + ./es7ReactJsSnippets.nix + ./liveServer.nix + ./tauriVscode.nix + ./vscodeEslint.nix + ./vscodeJest.nix + ./vscodeStandard.nix + ./vscodeStylelint.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix new file mode 100644 index 0000000..09e6da3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.es7ReactJsSnippets = { + enable = lib.mkEnableOption "should the es7-react-js-snippets extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "es7-react-js-snippets" { + default = ["dsznajder" "es7-react-js-snippets"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.es7ReactJsSnippets.enable { + extensions = [ + config.extraExtensions.es7ReactJsSnippets.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/liveServer.nix b/modules/home-manager-modules/programs/vscode/liveServer.nix new file mode 100644 index 0000000..3f53ca3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/liveServer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.liveServer = { + enable = lib.mkEnableOption "should the live-server extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "live-server" { + default = ["ms-vscode" "live-server"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.liveServer.enable { + extensions = [ + config.extraExtensions.liveServer.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/tauriVscode.nix b/modules/home-manager-modules/programs/vscode/tauriVscode.nix new file mode 100644 index 0000000..9185fb3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/tauriVscode.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.tauriVscode = { + enable = lib.mkEnableOption "should the tauri-vscode extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "tauri-vscode" { + default = ["tauri-apps" "tauri-vscode"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.tauriVscode.enable { + extensions = [ + config.extraExtensions.tauriVscode.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeEslint.nix b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix new file mode 100644 index 0000000..64d979f --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeEslint = { + enable = lib.mkEnableOption "should the vscode-eslint extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-eslint" { + default = ["dbaeumer" "vscode-eslint"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeEslint.enable { + extensions = [ + config.extraExtensions.vscodeEslint.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeJest.nix b/modules/home-manager-modules/programs/vscode/vscodeJest.nix new file mode 100644 index 0000000..7c24f2a --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeJest.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeJest = { + enable = lib.mkEnableOption "should the vscode-jest extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-jest" { + default = ["orta" "vscode-jest"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeJest.enable { + extensions = [ + config.extraExtensions.vscodeJest.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStandard.nix b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix new file mode 100644 index 0000000..31c8ad0 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeStandard = { + enable = lib.mkEnableOption "should the vscode-standard extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-standard" { + default = ["standard" "vscode-standard"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeStandard.enable { + extensions = [ + config.extraExtensions.vscodeStandard.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix new file mode 100644 index 0000000..0d43b29 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeStylelint = { + enable = lib.mkEnableOption "should the vscode-stylelint extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-stylelint" { + default = ["stylelint" "vscode-stylelint"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeStylelint.enable { + extensions = [ + config.extraExtensions.vscodeStylelint.extension + ]; + }; + })); + }; +} From 0fd54a5494788a54df3f18f1d6c52839f3d8328c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 17:53:37 -0500 Subject: [PATCH 0778/1043] added more options to aiCode --- .../home-manager/leyla/packages/vscode/default.nix | 1 + .../programs/vscode/aiCode.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 009d7f0..9ad87bf 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -60,6 +60,7 @@ in { aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; + inlineCompletion.model = "qwen3:4b"; }; }; diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix index cd23f92..838a439 100644 --- a/modules/home-manager-modules/programs/vscode/aiCode.nix +++ b/modules/home-manager-modules/programs/vscode/aiCode.nix @@ -16,6 +16,18 @@ in { description = "what host should be used for ollama"; default = null; }; + inlineCompletion = { + enable = lib.mkOption { + type = lib.types.bool; + description = "should inline completion be enabled"; + default = true; + }; + model = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "what model should be used for ollama"; + default = null; + }; + }; }; }; config = lib.mkIf config.extraExtensions.aiCode.enable { @@ -24,6 +36,8 @@ in { ]; userSettings = { "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; + "aiCode.inlineCompletion.enable" = config.extraExtensions.aiCode.inlineCompletion.enable; + "aiCode.inlineCompletion.model" = lib.mkIf (config.extraExtensions.aiCode.inlineCompletion.model != null) config.extraExtensions.aiCode.inlineCompletion.model; }; }; })); From b5cfb5ec77826f118e94d274dd6edc9fcfc2ca5f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 27 Jul 2025 18:22:08 -0500 Subject: [PATCH 0779/1043] moved all extensions other then spell check into their own modules --- .../leyla/packages/vscode/default.nix | 48 ++++++++----------- .../programs/vscode/astroVscode.nix | 27 +++++++++++ .../programs/vscode/default.nix | 6 +++ .../programs/vscode/evenBetterToml.nix | 27 +++++++++++ .../programs/vscode/go.nix | 27 +++++++++++ .../programs/vscode/nearley.nix | 27 +++++++++++ .../programs/vscode/openRemoteSsh.nix | 27 +++++++++++ .../programs/vscode/vscodeMdx.nix | 27 +++++++++++ 8 files changed, 187 insertions(+), 29 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/astroVscode.nix create mode 100644 modules/home-manager-modules/programs/vscode/evenBetterToml.nix create mode 100644 modules/home-manager-modules/programs/vscode/go.nix create mode 100644 modules/home-manager-modules/programs/vscode/nearley.nix create mode 100644 modules/home-manager-modules/programs/vscode/openRemoteSsh.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeMdx.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9ad87bf..6e7887a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -39,6 +39,7 @@ in { # vs code feel oneDark.enable = true; atomKeybindings.enable = true; + openRemoteSsh.enable = true; # html development autoRenameTag.enable = true; @@ -52,50 +53,39 @@ in { vscodeStandard.enable = true; vscodeStylelint.enable = true; + nearley.enable = true; + + # astro development + vscodeMdx.enable = true; + astroVscode.enable = true; + # nix development alejandra.enable = nix-development-enabled; nixIde.enable = nix-development-enabled; + # go development + go.enable = true; + # ai tooling aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; inlineCompletion.model = "qwen3:4b"; }; + + # misc extensions + evenBetterToml.enable = true; }; extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( - ( - with extension-pkgs.open-vsx; [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ) - ++ ( - with extension-pkgs.vscode-marketplace; ( - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - ]) - ) - ) + with extension-pkgs.open-vsx; [ + # vs code feel extensions + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + ] ); }; }; diff --git a/modules/home-manager-modules/programs/vscode/astroVscode.nix b/modules/home-manager-modules/programs/vscode/astroVscode.nix new file mode 100644 index 0000000..4bae34a --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/astroVscode.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.astroVscode = { + enable = lib.mkEnableOption "should the astro-vscode extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "astro-vscode" { + default = ["astro-build" "astro-vscode"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.astroVscode.enable { + extensions = [ + config.extraExtensions.astroVscode.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a11d3e5..ea54d4f 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -13,5 +13,11 @@ ./vscodeJest.nix ./vscodeStandard.nix ./vscodeStylelint.nix + ./go.nix + ./evenBetterToml.nix + ./openRemoteSsh.nix + ./astroVscode.nix + ./vscodeMdx.nix + ./nearley.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/evenBetterToml.nix b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix new file mode 100644 index 0000000..9813ee1 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.evenBetterToml = { + enable = lib.mkEnableOption "should the even-better-toml extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "even-better-toml" { + default = ["tamasfe" "even-better-toml"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.evenBetterToml.enable { + extensions = [ + config.extraExtensions.evenBetterToml.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/go.nix b/modules/home-manager-modules/programs/vscode/go.nix new file mode 100644 index 0000000..02ffe5d --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/go.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.go = { + enable = lib.mkEnableOption "should the go extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "go" { + default = ["golang" "go"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.go.enable { + extensions = [ + config.extraExtensions.go.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/nearley.nix b/modules/home-manager-modules/programs/vscode/nearley.nix new file mode 100644 index 0000000..3020a9e --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/nearley.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.nearley = { + enable = lib.mkEnableOption "should the nearley extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "nearley" { + default = ["karyfoundation" "nearley"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.nearley.enable { + extensions = [ + config.extraExtensions.nearley.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix new file mode 100644 index 0000000..c1b6daa --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.openRemoteSsh = { + enable = lib.mkEnableOption "should the open-remote-ssh extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "open-remote-ssh" { + default = ["jeanp413" "open-remote-ssh"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.openRemoteSsh.enable { + extensions = [ + config.extraExtensions.openRemoteSsh.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeMdx.nix b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix new file mode 100644 index 0000000..c49fe51 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeMdx = { + enable = lib.mkEnableOption "should the vscode-mdx extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-mdx" { + default = ["unifiedjs" "vscode-mdx"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeMdx.enable { + extensions = [ + config.extraExtensions.vscodeMdx.extension + ]; + }; + })); + }; +} From 53c0526c4dbcec32ab0860c6bdfed6b8605185fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 27 Jul 2025 18:27:46 -0500 Subject: [PATCH 0780/1043] removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 141c2fd..039391f 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Create Tor guard/relay server - migrate away from flakes and move to npins - whisper -- figure out ai vs code plugin - nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote From 22f2052ccffe09e660b85823647c099067169e35 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 17:53:31 -0500 Subject: [PATCH 0781/1043] updated flake lock --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 5a853aa..28d5df8 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753416229, - "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=", + "lastModified": 1753761817, + "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", "owner": "rycee", "repo": "nur-expressions", - "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9", + "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1753470191, - "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", + "lastModified": 1753983724, + "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", + "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", "type": "github" }, "original": { @@ -146,11 +146,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1753306924, - "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", - "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", + "lastModified": 1753223229, + "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", + "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1753409666, - "narHash": "sha256-bFjln7BkIGOlLHeUzUxfEho2GnrIrQE6O59plpvPiYY=", + "lastModified": 1753928221, + "narHash": "sha256-Na6JjalzCBQx5aiZMa0QYuFU9T0FOuWSKbHnslXWln4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "38a251b6e95659b12dfb3b9fdc237d1ba2ac3786", + "rev": "1d907938c3f488949c3365afcbbd325e2ce85ee9", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", "type": "github" }, "original": { From 7b3d4bc0213735c56a362c841ec8a08302291a9f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 18:24:45 -0500 Subject: [PATCH 0782/1043] added acl rules to defiant media_directory --- modules/nixos-modules/server/jellyfin.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index bad04c9..294c8e1 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -52,6 +52,11 @@ in { ]; networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From 5658a392491f1dfee521bca654708c9efc1049cf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 18:30:28 -0500 Subject: [PATCH 0783/1043] added ACL to syncthing mnt folder --- modules/nixos-modules/sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 8915dc8..bf43041 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -11,6 +11,7 @@ in { { systemd = lib.mkIf config.services.syncthing.enable { tmpfiles.rules = [ + "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" "d ${mountDir} 2755 syncthing syncthing -" "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" From 7b9d1ee390b1f2fef5009791eea36d14416d9279 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 21:20:52 -0500 Subject: [PATCH 0784/1043] added qwen3:235b-a22b --- configurations/nixos/defiant/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9e8f25a..75a4b3e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -235,6 +235,10 @@ # agent models "qwen3:8b" "qwen3:32b" + "qwen3:235b-a22b" + + "qwen3-coder:30b" + "qwen3-coder:30b-a3b-fp16" # embedding models "nomic-embed-text:latest" From b7a4f63ddd37ec0ff780670e3e543d7cee2dbc30 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Aug 2025 17:46:56 -0500 Subject: [PATCH 0785/1043] further refined and documents issues with wire guard config --- .../nixos/defiant/configuration.nix | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 75a4b3e..1a3de77 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -120,12 +120,6 @@ systemd.network = { enable = true; - # config = { - # routeTables = { - # p2p = 1; - # }; - # }; - netdevs = { "10-bond0" = { netdevConfig = { @@ -138,23 +132,20 @@ }; }; - # "15-p2p0" = { + # "20-wg0" = { # netdevConfig = { # Kind = "wireguard"; - # Name = "p2p0"; - # MTUBytes = "1280"; + # Name = "wg0"; # }; # wireguardConfig = { # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; # ListenPort = 51820; - # # RouteTable = "p2p"; # }; # wireguardPeers = [ # { # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; # Endpoint = "185.230.126.146:51820"; # AllowedIPs = ["0.0.0.0/0"]; - # RouteTable = "off"; # } # ]; # }; @@ -176,17 +167,25 @@ dns = ["192.168.1.1"]; }; - # "45-p2p0" = { - # matchConfig.Name = "p2p0"; + # For some reason this isn't working. It looks like traffic goes out and comes back but doesn't get correctly routed back to the wg interface on the return trip + # debugging steps: + # try sending data on the interface `ping -I wg0 8.8.8.8` + # view all traffic on the interface `sudo tshark -i wg0` + # see what applications are listening to port 14666 (thats what we currently have qbittorent set up to use) `ss -tuln | grep 14666` + # "50-wg0" = { + # matchConfig.Name = "wg0"; + # networkConfig = { + # DHCP = "no"; + # }; # address = [ # "10.2.0.2/32" # ]; - # routes = [ - # { - # Destination = "0.0.0.0/0"; - # } - # ]; - # linkConfig.RequiredForOnline = false; + # # routes = [ + # # { + # # Destination = "10.2.0.2/32"; + # # Gateway = "10.2.0.1"; + # # } + # # ]; # }; }; }; From 3f897fae25d419ad659b2b006324b6d90eca3785 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Aug 2025 20:08:45 -0500 Subject: [PATCH 0786/1043] updated ai code plugin --- modules/common-modules/pkgs/codium-extensions/ai-code.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix index 38e9dd9..9c9efe3 100644 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -12,7 +12,7 @@ src = builtins.fetchGit { url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "bdb615876df41717180c31640a8542b86326a9b3"; + rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6"; }; npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; From 7e1e1f357f0fc467566a6d777639f2c8fa0858a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 5 Aug 2025 00:15:58 -0500 Subject: [PATCH 0787/1043] updated scrub email settings --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/disko.nix | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1a3de77..8b49e4b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -42,7 +42,7 @@ host = "smtp.protonmail.ch"; port = 587; to = "leyla@jan-leila.com"; - user = "leyla@jan-leila.com"; + user = "noreply@jan-leila.com"; tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 3d15498..9e56d87 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -149,14 +149,13 @@ in { autoSnapshot.enable = true; zed = lib.mkIf config.host.storage.notifications.enable { - # this option is broken we are just going to disable it - enableMail = false; + enableMail = true; settings = { ZED_DEBUG_LOG = "/tmp/zed.debug.log"; ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; - ZED_EMAIL_OPTS = "@ADDRESS@"; + ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 3600; ZED_NOTIFY_VERBOSE = true; From 93b8582734cd601320ee8f737921948306d9e859 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 6 Aug 2025 22:12:42 -0500 Subject: [PATCH 0788/1043] installed tab session manager --- configurations/home-manager/leyla/packages/firefox.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index 1613cb3..d166eb4 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -72,6 +72,8 @@ deutsch-de-language-pack dictionary-german + tab-session-manager + # ( # buildFirefoxXpiAddon rec { # pname = "italiano-it-language-pack"; @@ -140,7 +142,6 @@ "placements" = { "widget-overflow-fixed-list" = []; "unified-extensions-area" = [ - "privacy_privacy_com-browser-action" # bitwarden "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "ublock0_raymondhill_net-browser-action" From ee6ab1c0eb991e64fc7adf404d12867f79e39cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Aug 2025 23:32:32 -0500 Subject: [PATCH 0789/1043] installed printer drivers --- modules/nixos-modules/desktop.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index e1882b3..6686ee3 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -32,7 +32,14 @@ ]; services = { # Enable CUPS to print documents. - printing.enable = true; + printing = { + enable = true; + drivers = [ + pkgs.hplip + pkgs.gutenprint + pkgs.gutenprintBin + ]; + }; xserver = { # Enable the X11 windowing system. From c1926f625624b16fe8f3ffe8c9e48de3582fd24d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 13 Aug 2025 18:34:13 -0500 Subject: [PATCH 0790/1043] updated flake lock --- flake.lock | 128 ++++++++--------------------------------------- flake.nix | 8 +-- util/default.nix | 4 +- 3 files changed, 28 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 28d5df8..721255f 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "lastModified": 1754971456, + "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=", "owner": "nix-community", "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753761817, - "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", + "lastModified": 1755002386, + "narHash": "sha256-5Q7o8nv1EQi7oYD1k1F8/d+3WUiNDg9JOH8KWgP/6WQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", + "rev": "170f218715e93fc36a9077a926eb8516d789138b", "type": "gitlab" }, "original": { @@ -75,39 +75,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -115,11 +82,11 @@ ] }, "locked": { - "lastModified": 1753983724, - "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", + "lastModified": 1755121891, + "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", + "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", "type": "github" }, "original": { @@ -143,41 +110,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1753223229, - "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", - "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753282722, - "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", - "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -221,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1753928221, - "narHash": "sha256-Na6JjalzCBQx5aiZMa0QYuFU9T0FOuWSKbHnslXWln4=", + "lastModified": 1754964325, + "narHash": "sha256-WrG74DTCE0phrOtusqkYOrQKK4DXurgW0vPnisZpw/Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1d907938c3f488949c3365afcbbd325e2ce85ee9", + "rev": "84da801eb3f23ea34ec96ee38df74504444e9b1d", "type": "github" }, "original": { @@ -242,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754564048, + "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -279,7 +211,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -313,11 +244,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -360,21 +291,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 67ff0c4..23a8aab 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index fb2f83d..5b61779 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 102a61b38eb0065a0c5ab1cdd263e40da884c797 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 16 Aug 2025 11:32:03 -0500 Subject: [PATCH 0791/1043] updated flake lock --- .../home-manager/leyla/packages/default.nix | 2 +- flake.lock | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index eaaaf2d..63f9661 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -44,7 +44,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = false; + jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/flake.lock b/flake.lock index 721255f..6d8fa45 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755002386, - "narHash": "sha256-5Q7o8nv1EQi7oYD1k1F8/d+3WUiNDg9JOH8KWgP/6WQ=", + "lastModified": 1755246238, + "narHash": "sha256-KVPjWo/RVQBQe6N03cNbSVM/xNCv2506wE4A8wL73sk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "170f218715e93fc36a9077a926eb8516d789138b", + "rev": "e6c2e889b34f5f623a7749a46e2aa5ea6e7256a0", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1755121891, - "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", + "lastModified": 1755313937, + "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=", "owner": "nix-community", "repo": "home-manager", - "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", + "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "lastModified": 1755275010, + "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754964325, - "narHash": "sha256-WrG74DTCE0phrOtusqkYOrQKK4DXurgW0vPnisZpw/Q=", + "lastModified": 1755309796, + "narHash": "sha256-0mvqD8Cul8Bq+NqeeNy5cbi59R5w8EzaaimJBFpKJ4A=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "84da801eb3f23ea34ec96ee38df74504444e9b1d", + "rev": "73db918d57f44c8a0d8a809596863188675f9cab", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754564048, - "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From d12f4b5327fcb50f82f1ddce5db89941bfd78a8e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Aug 2025 22:02:10 -0500 Subject: [PATCH 0792/1043] installed actual on defiant --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/actual.nix | 54 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++++++ 4 files changed, 75 insertions(+) create mode 100644 modules/nixos-modules/server/actual.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8b49e4b..9ef4c82 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,11 @@ subdomain = "search"; }; + actual = { + enable = true; + subdomain = "budget"; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix new file mode 100644 index 0000000..7fc0b93 --- /dev/null +++ b/modules/nixos-modules/server/actual.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + dataDirectory = "/var/lib/actual/"; +in { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable (lib.mkMerge [ + { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: configuration for fail2ban for actual + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 95c7096..4ca50e2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -13,5 +13,6 @@ ./immich.nix ./qbittorent.nix ./paperless.nix + ./actual.nix ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index eeddafd..7fd43da 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; gids = { @@ -40,6 +41,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isSystemUser = true; group = config.users.users.paperless.name; }; + + actual = { + uid = lib.mkForce uids.actual; + isSystemUser = true; + group = config.users.users.actual.name; + }; }; groups = { @@ -272,6 +280,13 @@ in { users.paperless.name ]; }; + + actual = { + gid = lib.mkForce gids.actual; + members = [ + users.actual.name + ]; + }; }; }; } From bf07bbdb1b69977ff639de4e8b089ee713e70db4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Aug 2025 13:26:04 -0500 Subject: [PATCH 0793/1043] updated flake lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9ef4c82..b7da763 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -285,7 +285,7 @@ }; actual = { - enable = true; + enable = false; subdomain = "budget"; }; diff --git a/flake.lock b/flake.lock index 6d8fa45..f885584 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1754971456, - "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755246238, - "narHash": "sha256-KVPjWo/RVQBQe6N03cNbSVM/xNCv2506wE4A8wL73sk=", + "lastModified": 1755921820, + "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e6c2e889b34f5f623a7749a46e2aa5ea6e7256a0", + "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1755313937, - "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=", + "lastModified": 1755914636, + "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10", + "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755275010, - "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755309796, - "narHash": "sha256-0mvqD8Cul8Bq+NqeeNy5cbi59R5w8EzaaimJBFpKJ4A=", + "lastModified": 1755914146, + "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "73db918d57f44c8a0d8a809596863188675f9cab", + "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { From 19bd67afe58c186feacc659789288a8e7cfc7171 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Aug 2025 15:55:07 -0500 Subject: [PATCH 0794/1043] installed claudeDev --- .../leyla/packages/vscode/default.nix | 8 ++---- .../nixos/defiant/configuration.nix | 4 +++ .../programs/vscode/claudeDev.nix | 27 +++++++++++++++++++ .../programs/vscode/default.nix | 1 + 4 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/claudeDev.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 6e7887a..3878d94 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -66,12 +66,8 @@ in { # go development go.enable = true; - # ai tooling - aiCode = { - enable = ai-tooling-enabled; - ollamaHost = "http://defiant:11434"; - inlineCompletion.model = "qwen3:4b"; - }; + # claude development + claudeDev.enable = ai-tooling-enabled; # misc extensions evenBetterToml.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index b7da763..8151111 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -218,6 +218,10 @@ acceleration = false; + environmentVariables = { + OLLAMA_KEEP_ALIVE = "24h"; + }; + loadModels = [ # conversation models "llama3.1:8b" diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix new file mode 100644 index 0000000..8d5dd75 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.claudeDev = { + enable = lib.mkEnableOption "should the claude-dev extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "claude-dev" { + default = ["saoudrizwan" "claude-dev"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.claudeDev.enable { + extensions = [ + config.extraExtensions.claudeDev.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index ea54d4f..a86d0c3 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -18,6 +18,7 @@ ./openRemoteSsh.nix ./astroVscode.nix ./vscodeMdx.nix + ./claudeDev.nix ./nearley.nix ]; } From d128b54a0583628017acf18d12890301dce80fa3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Aug 2025 23:01:04 -0500 Subject: [PATCH 0795/1043] removed redundant part of config --- configurations/nixos/defiant/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8151111..14410f4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -194,12 +194,6 @@ boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; services = { - # TODO: move zfs scrubbing into module - zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - }; - # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; From 060e6ef037361c3fca9a2411f3c8cf8d25ab230c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 26 Aug 2025 15:53:45 -0500 Subject: [PATCH 0796/1043] installed fonts --- configurations/home-manager/leyla/default.nix | 8 ++++++++ configurations/home-manager/leyla/packages/default.nix | 2 -- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 538eab8..6d759c5 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,4 +1,5 @@ { + pkgs, config, osConfig, ... @@ -82,5 +83,12 @@ # EDITOR = "emacs"; }; }; + + # TODO: move this into a fonts module + home.packages = with pkgs; [ + aileron + nerd-fonts.open-dyslexic + ]; + fonts.fontconfig.enable = true; }; } diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 63f9661..6a24e31 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -67,8 +67,6 @@ in { home.packages = ( (with pkgs; [ - aileron - proxmark3 ]) ++ ( From dbe4b674d7c409049fa2abe694755ab022cb61fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 26 Aug 2025 18:00:12 -0500 Subject: [PATCH 0797/1043] set zfs auth and tls to true --- configurations/home-manager/leyla/packages/default.nix | 2 ++ modules/nixos-modules/disko.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 6a24e31..702edda 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -108,6 +108,8 @@ in { (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) + + (lib.mkIf osConfig.host.ai.enable claude-code) ]) ) ); diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 9e56d87..a962689 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -136,6 +136,8 @@ in { }; accounts = { zfs_notifications = { + auth = true; + tls = true; host = config.host.storage.notifications.host; passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; user = config.host.storage.notifications.user; From 9c8de12ad37978ed5d40b87ecd0775dd38569767 Mon Sep 17 00:00:00 2001 From: Eve Date: Wed, 27 Aug 2025 10:52:24 -0500 Subject: [PATCH 0798/1043] installed tailscale --- configurations/nixos/emergent/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 90aecab..bb671f7 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -67,6 +67,8 @@ }; }; + services.tailscale.enable = true; + # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; From 1c079fa47906cb8c305718471ae2fc35f670aa85 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 13:37:31 -0500 Subject: [PATCH 0799/1043] installed vitest --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/default.nix | 1 + .../programs/vscode/vitest.nix | 27 +++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/vitest.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 3878d94..651d941 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,6 +50,7 @@ in { tauriVscode.enable = true; vscodeEslint.enable = true; vscodeJest.enable = true; + vitest.enable = true; vscodeStandard.enable = true; vscodeStylelint.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a86d0c3..50b323d 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -20,5 +20,6 @@ ./vscodeMdx.nix ./claudeDev.nix ./nearley.nix + ./vitest.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/vitest.nix b/modules/home-manager-modules/programs/vscode/vitest.nix new file mode 100644 index 0000000..446d25b --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vitest.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vitest = { + enable = lib.mkEnableOption "should the vitest extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vitest" { + default = ["vitest" "explorer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vitest.enable { + extensions = [ + config.extraExtensions.vitest.extension + ]; + }; + })); + }; +} From ca2b188560ba131ac0e10539d6921ef1318538e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 17:51:11 -0500 Subject: [PATCH 0800/1043] fixed nfs mounts --- README.md | 1 - .../nixos/horizon/configuration.nix | 79 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 43 +++++++--- .../server/network_storage/default.nix | 2 +- .../server/network_storage/nfs.nix | 10 ++- 5 files changed, 120 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 039391f..e379f91 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this - SMART test with email results -- fix nfs - samba mounts - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Create Tor guard/relay server diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 99b6ee9..adaab1c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -135,6 +135,85 @@ }; }; + # NFS support for mobile device - optimized for frequent disconnections + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=30" # 3 second timeout (30 deciseconds) + "retrans=2" # Only 2 retries before giving up + "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile + "x-systemd.device-timeout=15" # 15 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=30" # 30 second mount timeout + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + # Mobile-optimized read settings + "rsize=8192" # Smaller read size for mobile + "wsize=8192" # Smaller write size for mobile + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + }; + + # Enable network-online.target for better network dependency handling + systemd.services.NetworkManager-wait-online.enable = true; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 111c002..7d88430 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -140,12 +140,20 @@ options = [ "x-systemd.automount" "noauto" - "user" "noatime" "nofail" "soft" - "x-systemd.idle-timeout=600" - "fsc" + "intr" # Allow interruption of NFS calls + "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile + "retrans=3" # 3 retries for desktop + "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop + "x-systemd.device-timeout=30" # 30 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=60" # 60 second mount timeout for desktop ]; }; @@ -155,11 +163,17 @@ options = [ "x-systemd.automount" "noauto" - "user" "nofail" "soft" + "intr" + "timeo=50" + "retrans=3" "x-systemd.idle-timeout=600" + "bg" "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" ]; }; @@ -169,21 +183,30 @@ options = [ "x-systemd.automount" "noauto" - "user" "noatime" "nofail" "soft" + "intr" + "timeo=50" + "retrans=3" "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" + "x-systemd.device-timeout=30" + "bg" + # Desktop-optimized read settings + "rsize=32768" # Larger read size for desktop + "wsize=32768" # Larger write size for desktop "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=60" ]; }; }; + # Enable network-online.target for better network dependency handling + systemd.services.NetworkManager-wait-online.enable = true; + environment.systemPackages = with pkgs; [ cachefilesd ]; diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 00ea7ac..eaac7fe 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/export"; + default = "/exports"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index bad0452..297dc1a 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -61,8 +61,6 @@ # loopback "127.0.0.1" "::1" - # local network - # "192.168.0.0/24" # tailscale "100.64.0.0/10" "fd7a:115c:a1e0::/48" @@ -84,7 +82,7 @@ ); }; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + networking.firewall = let ports = [ 111 config.host.network_storage.nfs.port @@ -94,6 +92,12 @@ 20048 ]; in { + # Allow NFS on Tailscale interface + interfaces.${config.services.tailscale.interfaceName} = { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; + # Allow NFS on local network (assuming default interface) allowedTCPPorts = ports; allowedUDPPorts = ports; }; From 4a7b57df99579df26939ee967c100c4594e3a2a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 21:19:04 -0500 Subject: [PATCH 0801/1043] removed invalid config option --- configurations/nixos/twilight/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 7d88430..245b4f7 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -153,7 +153,6 @@ "_netdev" # Network device - wait for network "x-systemd.requires=network-online.target" # Require network to be online "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=60" # 60 second mount timeout for desktop ]; }; @@ -199,7 +198,6 @@ "_netdev" "x-systemd.requires=network-online.target" "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=60" ]; }; }; From 0d2a3e26a8a9593cd70e14ade62c46ad3f69c338 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 21:21:39 -0500 Subject: [PATCH 0802/1043] moved network mounts out of main config and into their own file --- .../nixos/horizon/configuration.nix | 76 ------------------- configurations/nixos/horizon/default.nix | 1 + .../nixos/horizon/network-mount.nix | 76 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 71 ----------------- configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/network-mount.nix | 72 ++++++++++++++++++ 6 files changed, 150 insertions(+), 147 deletions(-) create mode 100644 configurations/nixos/horizon/network-mount.nix create mode 100644 configurations/nixos/twilight/network-mount.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index adaab1c..731c6b0 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -135,82 +135,6 @@ }; }; - # NFS support for mobile device - optimized for frequent disconnections - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=30" # 3 second timeout (30 deciseconds) - "retrans=2" # Only 2 retries before giving up - "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile - "x-systemd.device-timeout=15" # 15 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=30" # 30 second mount timeout - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - # Mobile-optimized read settings - "rsize=8192" # Smaller read size for mobile - "wsize=8192" # Smaller write size for mobile - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - }; - # Enable network-online.target for better network dependency handling systemd.services.NetworkManager-wait-online.enable = true; diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix index 1263215..0f307d2 100644 --- a/configurations/nixos/horizon/default.nix +++ b/configurations/nixos/horizon/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./network-mount.nix ]; } diff --git a/configurations/nixos/horizon/network-mount.nix b/configurations/nixos/horizon/network-mount.nix new file mode 100644 index 0000000..fde16f5 --- /dev/null +++ b/configurations/nixos/horizon/network-mount.nix @@ -0,0 +1,76 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=30" # 3 second timeout (30 deciseconds) + "retrans=2" # Only 2 retries before giving up + "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile + "x-systemd.device-timeout=15" # 15 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=30" # 30 second mount timeout + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + # Mobile-optimized read settings + "rsize=8192" # Smaller read size for mobile + "wsize=8192" # Smaller write size for mobile + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + }; +} diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 245b4f7..477c517 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -131,77 +131,6 @@ syncthing.enable = true; }; - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile - "retrans=3" # 3 retries for desktop - "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop - "x-systemd.device-timeout=30" # 30 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "x-systemd.device-timeout=30" - "bg" - # Desktop-optimized read settings - "rsize=32768" # Larger read size for desktop - "wsize=32768" # Larger write size for desktop - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - }; - # Enable network-online.target for better network dependency handling systemd.services.NetworkManager-wait-online.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index 43a9164..f61e0ad 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -4,5 +4,6 @@ ./configuration.nix ./hardware-configuration.nix ./nvidia-drivers.nix + ./network-mount.nix ]; } diff --git a/configurations/nixos/twilight/network-mount.nix b/configurations/nixos/twilight/network-mount.nix new file mode 100644 index 0000000..9f84b04 --- /dev/null +++ b/configurations/nixos/twilight/network-mount.nix @@ -0,0 +1,72 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile + "retrans=3" # 3 retries for desktop + "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop + "x-systemd.device-timeout=30" # 30 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=50" + "retrans=3" + "x-systemd.idle-timeout=600" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=50" + "retrans=3" + "x-systemd.idle-timeout=600" + "x-systemd.device-timeout=30" + "bg" + # Desktop-optimized read settings + "rsize=32768" # Larger read size for desktop + "wsize=32768" # Larger write size for desktop + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + ]; + }; + }; +} From 0d57fb08b162a3f35e77cc580b938b2307695deb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 11:48:00 -0500 Subject: [PATCH 0803/1043] set up nix mcp server --- README.md | 1 - .../leyla/packages/vscode/default.nix | 5 +- flake.lock | 94 ++++++++++++++++++- flake.nix | 8 ++ .../programs/vscode/claudeDev.nix | 36 +++++++ 5 files changed, 140 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e379f91..339a8e8 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Create Tor guard/relay server - migrate away from flakes and move to npins - whisper -- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote - rotate sops encryption keys periodically (and somehow sync between devices?) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 651d941..c605f9b 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -68,7 +68,10 @@ in { go.enable = true; # claude development - claudeDev.enable = ai-tooling-enabled; + claudeDev = lib.mkIf ai-tooling-enabled { + enable = true; + mcp.nixos.enable = true; + }; # misc extensions evenBetterToml.enable = true; diff --git a/flake.lock b/flake.lock index f885584..03a9467 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "devshell": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -75,6 +93,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +146,28 @@ "type": "github" } }, + "mcp-nixos": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755372538, + "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=", + "owner": "utensils", + "repo": "mcp-nixos", + "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda", + "type": "github" + }, + "original": { + "owner": "utensils", + "repo": "mcp-nixos", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +211,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -189,6 +247,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1722073938, + "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -211,11 +285,12 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "mcp-nixos": "mcp-nixos", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "secrets": "secrets", "sops-nix": "sops-nix", "steam-fetcher": "steam-fetcher" @@ -291,6 +366,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 23a8aab..7980012 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,12 @@ url = "github:nix-community/steam-fetcher"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # MCP NixOS server for Claude Dev + mcp-nixos = { + url = "github:utensils/mcp-nixos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -157,6 +163,8 @@ disko # for viewing dconf entries dconf-editor + # for MCP NixOS server support in development + inputs.mcp-nixos.packages.${system}.default ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 8d5dd75..5e08b41 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -2,10 +2,27 @@ lib, pkgs, config, + inputs, ... }: let pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; pkgsRepository = pkgsRepositories.open-vsx; + + mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + + anyProfileHasMcpNixos = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.nixos.enable + ) (lib.attrValues config.programs.vscode.profiles); + + mcpServersConfig = lib.mkMerge [ + (lib.mkIf anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + ]; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -15,6 +32,12 @@ in { extension = lib.mkPackageOption pkgsRepository "claude-dev" { default = ["saoudrizwan" "claude-dev"]; }; + + mcp = { + nixos = { + enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; + }; + }; }; }; config = lib.mkIf config.extraExtensions.claudeDev.enable { @@ -24,4 +47,17 @@ in { }; })); }; + + config = lib.mkIf anyProfileHasMcpNixos { + home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { + text = builtins.toJSON { + mcpServers = mcpServersConfig; + }; + force = true; + }; + + home.packages = [ + mcp-nixos + ]; + }; } From 9f94a218cc2e01ad756c8a4313c54416fabe10ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 14:11:29 -0500 Subject: [PATCH 0804/1043] disabled nfs mounts --- configurations/nixos/horizon/default.nix | 2 +- configurations/nixos/twilight/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix index 0f307d2..b916d82 100644 --- a/configurations/nixos/horizon/default.nix +++ b/configurations/nixos/horizon/default.nix @@ -3,6 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./network-mount.nix + # ./network-mount.nix ]; } diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index f61e0ad..aa841f8 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -4,6 +4,6 @@ ./configuration.nix ./hardware-configuration.nix ./nvidia-drivers.nix - ./network-mount.nix + # ./network-mount.nix ]; } From 5a53a7bac44e25d21c0547cc7dd4194b4b0a6deb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 14:14:05 -0500 Subject: [PATCH 0805/1043] installed nix mcp server --- .../programs/vscode/claudeDev.nix | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 5e08b41..a2b4b9e 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -15,14 +15,6 @@ profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); - - mcpServersConfig = lib.mkMerge [ - (lib.mkIf anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - ]; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -51,7 +43,11 @@ in { config = lib.mkIf anyProfileHasMcpNixos { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = mcpServersConfig; + mcpServers = { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }; }; force = true; }; From 6e0650f73b6ac42edb549ca1eef2579e8b935bd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 31 Aug 2025 13:56:20 -0500 Subject: [PATCH 0806/1043] installed the eslint mcp server --- .../leyla/packages/vscode/default.nix | 5 +- .../programs/vscode/claudeDev.nix | 60 ++++++++++++++----- 2 files changed, 49 insertions(+), 16 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c605f9b..778439a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -70,7 +70,10 @@ in { # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; - mcp.nixos.enable = true; + mcp = { + nixos.enable = true; + eslint.enable = true; + }; }; # misc extensions diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index a2b4b9e..11eb155 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,11 +10,21 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" '' + ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@" + ''; + anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpEslint = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.eslint.enable + ) (lib.attrValues config.programs.vscode.profiles); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -29,6 +39,9 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; + eslint = { + enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + }; }; }; }; @@ -40,20 +53,37 @@ in { })); }; - config = lib.mkIf anyProfileHasMcpNixos { - home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { - text = builtins.toJSON { - mcpServers = { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }; - }; - force = true; - }; + config = lib.mkMerge [ + (lib.mkIf anyProfileHasMcpNixos { + home.packages = [ + mcp-nixos + ]; + }) - home.packages = [ - mcp-nixos - ]; - }; + (lib.mkIf anyProfileHasMcpEslint { + home.packages = [ + mcp-eslint + pkgs.eslint + ]; + }) + + (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) { + home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { + text = builtins.toJSON { + mcpServers = + (lib.optionalAttrs anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpEslint { + eslint = { + command = "${mcp-eslint}/bin/mcp-eslint"; + }; + }); + }; + force = true; + }; + }) + ]; } From d89d085409d97668230204eb2fbc218ce6ecf4b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:05:27 -0500 Subject: [PATCH 0807/1043] updated flake lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 36 +++++++++---------- modules/home-manager-modules/openssh.nix | 9 +++-- modules/nixos-modules/server/forgejo.nix | 8 ++++- 4 files changed, 33 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 14410f4..e109d45 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -296,7 +296,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; - wyoming.enable = true; + wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper }; }; diff --git a/flake.lock b/flake.lock index 03a9467..5b4d6a3 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1755519972, - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", + "lastModified": 1756733629, + "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", "owner": "nix-community", "repo": "disko", - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", + "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755921820, - "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=", + "lastModified": 1756699417, + "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2", + "rev": "007b803d1eff595d25e7886e83054dbd038bf029", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1755914636, - "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=", + "lastModified": 1756734952, + "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=", "owner": "nix-community", "repo": "home-manager", - "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0", + "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1755914146, - "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=", + "lastModified": 1756692643, + "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838", + "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1756245047, + "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index c8ba22d..9d77d10 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -45,8 +45,13 @@ services.ssh-agent.enable = true; programs.ssh = { enable = true; - compression = true; - addKeysToAgent = "confirm"; + enableDefaultConfig = false; + matchBlocks = { + "*" = { + compression = true; + addKeysToAgent = "confirm"; + }; + }; extraConfig = lib.strings.concatLines ( builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys ); diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 7898daa..de06f94 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -19,6 +19,12 @@ in { config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; host = { reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString forgejoPort}"; @@ -52,7 +58,7 @@ in { START_SSH_SERVER = true; SSH_LISTEN_PORT = sshPort; SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + BUILTIN_SSH_SERVER_USER = "git"; ROOT_URL = "https://git.jan-leila.com"; }; service = { From afcf4156212747cac2751061ed3307646ce64530 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:11:29 -0500 Subject: [PATCH 0808/1043] enabled power management from twilight and emergent --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- configurations/nixos/twilight/nvidia-drivers.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index fb66cf6..b532446 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -27,7 +27,7 @@ # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. - powerManagement.enable = false; + powerManagement.enable = true; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 47763f8..d875e37 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -21,7 +21,7 @@ # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. - powerManagement.enable = false; + powerManagement.enable = true; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). From b7dd5328d0c3a653e8e68c5df8e1f686fba57720 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:20:24 -0500 Subject: [PATCH 0809/1043] moved piper to module with enable option --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + modules/home-manager-modules/programs/piper.nix | 17 +++++++++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/piper.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 295597a..754ced2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -20,7 +20,6 @@ in { ungoogled-chromium krita gnomeExtensions.dash-to-panel - (lib.mkIf hardware.piperMouse.enable piper) ] ); @@ -61,6 +60,7 @@ in { makemkv.enable = true; signal-desktop-bin.enable = true; steam.enable = true; + piper.enable = hardware.piperMouse.enable; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 702edda..33c6103 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -36,6 +36,7 @@ in { protonvpn-gui.enable = true; dbeaver-bin.enable = true; bruno.enable = true; + piper.enable = hardware.piperMouse.enable; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; @@ -105,7 +106,6 @@ in { noisetorch # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 675e77d..be4b072 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -6,6 +6,7 @@ ./makemkv.nix ./obs.nix ./anki.nix + ./piper.nix ./qbittorrent.nix ./discord.nix ./obsidian.nix diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix new file mode 100644 index 0000000..ec0d887 --- /dev/null +++ b/modules/home-manager-modules/programs/piper.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.piper = { + enable = lib.mkEnableOption "enable piper"; + }; + + config = lib.mkIf config.programs.piper.enable { + home.packages = with pkgs; [ + piper + ]; + }; +} From 2d396228c728a19f46e69c09fc22bfb8e9eb9ab1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:27:26 -0500 Subject: [PATCH 0810/1043] moved krita to programs folder --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/krita.nix | 30 +++++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/krita.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 754ced2..f7f0c78 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,7 +18,6 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium - krita gnomeExtensions.dash-to-panel ] ); @@ -61,6 +60,7 @@ in { signal-desktop-bin.enable = true; steam.enable = true; piper.enable = hardware.piperMouse.enable; + krita.enable = true; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 33c6103..717b153 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -49,6 +49,7 @@ in { vscode.enable = true; firefox.enable = true; steam.enable = true; + krita.enable = true; }) ]; } @@ -77,7 +78,6 @@ in { libreoffice inkscape gimp - krita freecad # cura # kicad-small diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index be4b072..f2a22ee 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -12,6 +12,7 @@ ./obsidian.nix ./prostudiomasters.nix ./idea.nix + ./krita.nix ./protonvpn.nix ./calibre.nix ./bruno.nix diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix new file mode 100644 index 0000000..d662251 --- /dev/null +++ b/modules/home-manager-modules/programs/krita.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.krita = { + enable = lib.mkEnableOption "enable krita"; + }; + + config = lib.mkIf config.programs.krita.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + krita + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/kritarc" + "${config.xdg.dataHome}/krita" + ]; + allowOther = true; + }; + } + ) + ]); +} From fab03391fced092fa46b50fb14815f566036703d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 00:33:53 -0500 Subject: [PATCH 0811/1043] updated flake.lock --- flake.lock | 30 +++++++++++----------- modules/nixos-modules/server/paperless.nix | 3 +-- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 5b4d6a3..19959d9 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1756699417, - "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", + "lastModified": 1756958609, + "narHash": "sha256-1nRGsnPZjOubRTsXEsnJqWlLsgo/Xq7tN7PWK57dFDQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "007b803d1eff595d25e7886e83054dbd038bf029", + "rev": "b2a4e1bc62946403f82594ab9550ac13a1afa4df", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756734952, - "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1756692643, - "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=", + "lastModified": 1756950692, + "narHash": "sha256-3MnwSjiqIK8XtKZ1pkhuiv2wnCzQfulc5Wu0pWFluew=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988", + "rev": "5ae2ac105a0d3ed2230a225ef6441928286897da", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756245047, - "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", + "lastModified": 1756925795, + "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", + "rev": "ba6fab29768007e9f2657014a6e134637100c57d", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756542300, - "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index 0243d53..b97c48d 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -51,10 +51,9 @@ in { }; }; services.paperless = { + domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; configureTika = true; settings = { - PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBNAME = config.services.paperless.database.user; From c31eb38229e0be1414ecad42a0085debba16c5fd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 14:33:17 -0500 Subject: [PATCH 0812/1043] installed direnv extension --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/default.nix | 1 + .../programs/vscode/direnv.nix | 25 +++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/direnv.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 778439a..f213d3c 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -78,6 +78,7 @@ in { # misc extensions evenBetterToml.enable = true; + direnv.enable = config.programs.direnv.enable; }; extensions = let diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 50b323d..48eb1ce 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -21,5 +21,6 @@ ./claudeDev.nix ./nearley.nix ./vitest.nix + ./direnv.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/direnv.nix b/modules/home-manager-modules/programs/vscode/direnv.nix new file mode 100644 index 0000000..231ea17 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/direnv.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.direnv = { + enable = lib.mkEnableOption "Enable direnv extension"; + extension = lib.mkPackageOption pkgsRepository "direnv" { + default = ["mkhl" "direnv"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.direnv.enable { + extensions = [config.extraExtensions.direnv.extension]; + }; + })); + }; +} From 2aad75a334050e30f9fba9567d231ff6d338bda7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 15:23:59 -0500 Subject: [PATCH 0813/1043] moved more packages to modules --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 66 ++++++------------- .../programs/davinci-resolve.nix | 30 +++++++++ .../home-manager-modules/programs/default.nix | 18 +++++ .../home-manager-modules/programs/freecad.nix | 29 ++++++++ .../programs/gdx-liftoff.nix | 17 +++++ .../home-manager-modules/programs/gimp.nix | 29 ++++++++ .../programs/inkscape.nix | 29 ++++++++ .../programs/libreoffice.nix | 29 ++++++++ .../home-manager-modules/programs/mfoc.nix | 17 +++++ .../programs/noisetorch.nix | 17 +++++ .../programs/onionshare.nix | 17 +++++ .../home-manager-modules/programs/openrgb.nix | 17 +++++ .../home-manager-modules/programs/openvpn.nix | 17 +++++ .../programs/pdfarranger.nix | 17 +++++ .../home-manager-modules/programs/picard.nix | 29 ++++++++ .../programs/proxmark3.nix | 17 +++++ .../programs/qflipper.nix | 29 ++++++++ .../programs/tor-browser.nix | 29 ++++++++ .../programs/ungoogled-chromium.nix | 29 ++++++++ modules/home-manager-modules/programs/via.nix | 17 +++++ 21 files changed, 453 insertions(+), 48 deletions(-) create mode 100644 modules/home-manager-modules/programs/davinci-resolve.nix create mode 100644 modules/home-manager-modules/programs/freecad.nix create mode 100644 modules/home-manager-modules/programs/gdx-liftoff.nix create mode 100644 modules/home-manager-modules/programs/gimp.nix create mode 100644 modules/home-manager-modules/programs/inkscape.nix create mode 100644 modules/home-manager-modules/programs/libreoffice.nix create mode 100644 modules/home-manager-modules/programs/mfoc.nix create mode 100644 modules/home-manager-modules/programs/noisetorch.nix create mode 100644 modules/home-manager-modules/programs/onionshare.nix create mode 100644 modules/home-manager-modules/programs/openrgb.nix create mode 100644 modules/home-manager-modules/programs/openvpn.nix create mode 100644 modules/home-manager-modules/programs/pdfarranger.nix create mode 100644 modules/home-manager-modules/programs/picard.nix create mode 100644 modules/home-manager-modules/programs/proxmark3.nix create mode 100644 modules/home-manager-modules/programs/qflipper.nix create mode 100644 modules/home-manager-modules/programs/tor-browser.nix create mode 100644 modules/home-manager-modules/programs/ungoogled-chromium.nix create mode 100644 modules/home-manager-modules/programs/via.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f7f0c78..f738fe2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -17,7 +17,6 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ - ungoogled-chromium gnomeExtensions.dash-to-panel ] ); @@ -61,6 +60,7 @@ in { steam.enable = true; piper.enable = hardware.piperMouse.enable; krita.enable = true; + ungoogled-chromium.enable = true; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 717b153..86bbd96 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -37,6 +37,12 @@ in { dbeaver-bin.enable = true; bruno.enable = true; piper.enable = hardware.piperMouse.enable; + proxmark3.enable = true; + openrgb.enable = hardware.openRGB.enable; + via.enable = hardware.viaKeyboard.enable; + claude-code.enable = osConfig.host.ai.enable; + davinci-resolve.enable = hardware.graphicsAcceleration.enable; + mfoc.enable = true; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; @@ -50,6 +56,19 @@ in { firefox.enable = true; steam.enable = true; krita.enable = true; + ungoogled-chromium.enable = true; + libreoffice.enable = true; + inkscape.enable = true; + gimp.enable = true; + freecad.enable = true; + onionshare.enable = true; + pdfarranger.enable = true; + picard.enable = true; + qflipper.enable = true; + openvpn.enable = true; + noisetorch.enable = true; + tor-browser.enable = true; + gdx-liftoff.enable = true; }) ]; } @@ -66,53 +85,6 @@ in { nixpkgs.config = { allowUnfree = true; }; - - home.packages = ( - (with pkgs; [ - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - ungoogled-chromium - libreoffice - inkscape - gimp - freecad - # cura - # kicad-small - onionshare - # rhythmbox - - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - pdfarranger - picard - - gdx-liftoff - - # proprietary platforms - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - qFlipper - - # system tools - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - - (lib.mkIf osConfig.host.ai.enable claude-code) - ]) - ) - ); }) ]; } diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix new file mode 100644 index 0000000..00ba525 --- /dev/null +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.davinci-resolve = { + enable = lib.mkEnableOption "enable davinci-resolve"; + }; + + config = lib.mkIf config.programs.davinci-resolve.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + davinci-resolve + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/DaVinciResolve" + "${config.xdg.configHome}/blackmagic" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index f2a22ee..d1c13db 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -19,5 +19,23 @@ ./dbeaver.nix ./steam.nix ./vscode + ./ungoogled-chromium.nix + ./libreoffice.nix + ./inkscape.nix + ./gimp.nix + ./proxmark3.nix + ./freecad.nix + ./onionshare.nix + ./mfoc.nix + ./pdfarranger.nix + ./picard.nix + ./qflipper.nix + ./openvpn.nix + ./noisetorch.nix + ./openrgb.nix + ./via.nix + ./davinci-resolve.nix + ./gdx-liftoff.nix + ./tor-browser.nix ]; } diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix new file mode 100644 index 0000000..ec17205 --- /dev/null +++ b/modules/home-manager-modules/programs/freecad.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.freecad = { + enable = lib.mkEnableOption "enable freecad"; + }; + + config = lib.mkIf config.programs.freecad.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + freecad + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/FreeCAD" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix new file mode 100644 index 0000000..b29230d --- /dev/null +++ b/modules/home-manager-modules/programs/gdx-liftoff.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.gdx-liftoff = { + enable = lib.mkEnableOption "enable gdx-liftoff"; + }; + + config = lib.mkIf config.programs.gdx-liftoff.enable { + home.packages = with pkgs; [ + gdx-liftoff + ]; + }; +} diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix new file mode 100644 index 0000000..428068e --- /dev/null +++ b/modules/home-manager-modules/programs/gimp.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.gimp = { + enable = lib.mkEnableOption "enable gimp"; + }; + + config = lib.mkIf config.programs.gimp.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + gimp + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/GIMP" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix new file mode 100644 index 0000000..facb08f --- /dev/null +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.inkscape = { + enable = lib.mkEnableOption "enable inkscape"; + }; + + config = lib.mkIf config.programs.inkscape.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + inkscape + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/inkscape" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix new file mode 100644 index 0000000..b61ea58 --- /dev/null +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.libreoffice = { + enable = lib.mkEnableOption "enable libreoffice"; + }; + + config = lib.mkIf config.programs.libreoffice.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + libreoffice + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/libreoffice" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix new file mode 100644 index 0000000..7b92007 --- /dev/null +++ b/modules/home-manager-modules/programs/mfoc.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.mfoc = { + enable = lib.mkEnableOption "enable mfoc"; + }; + + config = lib.mkIf config.programs.mfoc.enable { + home.packages = with pkgs; [ + mfoc + ]; + }; +} diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix new file mode 100644 index 0000000..c53e3a9 --- /dev/null +++ b/modules/home-manager-modules/programs/noisetorch.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.noisetorch = { + enable = lib.mkEnableOption "enable noisetorch"; + }; + + config = lib.mkIf config.programs.noisetorch.enable { + home.packages = with pkgs; [ + noisetorch + ]; + }; +} diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix new file mode 100644 index 0000000..ed1903d --- /dev/null +++ b/modules/home-manager-modules/programs/onionshare.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.onionshare = { + enable = lib.mkEnableOption "enable onionshare"; + }; + + config = lib.mkIf config.programs.onionshare.enable { + home.packages = with pkgs; [ + onionshare + ]; + }; +} diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix new file mode 100644 index 0000000..0260c91 --- /dev/null +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.openrgb = { + enable = lib.mkEnableOption "enable openrgb"; + }; + + config = lib.mkIf config.programs.openrgb.enable { + home.packages = with pkgs; [ + openrgb + ]; + }; +} diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix new file mode 100644 index 0000000..814c16d --- /dev/null +++ b/modules/home-manager-modules/programs/openvpn.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.openvpn = { + enable = lib.mkEnableOption "enable openvpn"; + }; + + config = lib.mkIf config.programs.openvpn.enable { + home.packages = with pkgs; [ + openvpn + ]; + }; +} diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix new file mode 100644 index 0000000..d4e33b5 --- /dev/null +++ b/modules/home-manager-modules/programs/pdfarranger.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.pdfarranger = { + enable = lib.mkEnableOption "enable pdfarranger"; + }; + + config = lib.mkIf config.programs.pdfarranger.enable { + home.packages = with pkgs; [ + pdfarranger + ]; + }; +} diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix new file mode 100644 index 0000000..d2c1fe2 --- /dev/null +++ b/modules/home-manager-modules/programs/picard.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.picard = { + enable = lib.mkEnableOption "enable picard"; + }; + + config = lib.mkIf config.programs.picard.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + picard + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/MusicBrainz" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix new file mode 100644 index 0000000..ad1e298 --- /dev/null +++ b/modules/home-manager-modules/programs/proxmark3.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.proxmark3 = { + enable = lib.mkEnableOption "enable proxmark3"; + }; + + config = lib.mkIf config.programs.proxmark3.enable { + home.packages = with pkgs; [ + proxmark3 + ]; + }; +} diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix new file mode 100644 index 0000000..abc2442 --- /dev/null +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.qflipper = { + enable = lib.mkEnableOption "enable qflipper"; + }; + + config = lib.mkIf config.programs.qflipper.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + qFlipper + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/qFlipper" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix new file mode 100644 index 0000000..2c58578 --- /dev/null +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.tor-browser = { + enable = lib.mkEnableOption "enable tor-browser"; + }; + + config = lib.mkIf config.programs.tor-browser.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + tor-browser + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/torbrowser" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix new file mode 100644 index 0000000..5b52cd6 --- /dev/null +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.ungoogled-chromium = { + enable = lib.mkEnableOption "enable ungoogled-chromium"; + }; + + config = lib.mkIf config.programs.ungoogled-chromium.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + ungoogled-chromium + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix new file mode 100644 index 0000000..0b79452 --- /dev/null +++ b/modules/home-manager-modules/programs/via.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.via = { + enable = lib.mkEnableOption "enable via"; + }; + + config = lib.mkIf config.programs.via.enable { + home.packages = with pkgs; [ + via + ]; + }; +} From 1831fea96a57f9c538b3f72f13b09adb51a35ea1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 15:40:22 -0500 Subject: [PATCH 0814/1043] updated flake lock --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 19959d9..03054c1 100644 --- a/flake.lock +++ b/flake.lock @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1756991914, + "narHash": "sha256-4ve/3ah5H/SpL2m3qmZ9GU+VinQYp2MN1G7GamimTds=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b08f8737776f10920c330657bee8b95834b7a70f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1755825449, - "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "lastModified": 1757015938, + "narHash": "sha256-1qBXNK/QxEjCqIoA2DxWn5gqM8rVxt+OxKodXu1GLTY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "rev": "eaacfa1101b84225491d2ceae9549366d74dc214", "type": "github" }, "original": { From 68b791f7c10340d2e97992f9bfe3e12311945ac8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 6 Sep 2025 23:11:22 -0500 Subject: [PATCH 0815/1043] feat: installed conventional commits plugin --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/conventionalCommits.nix | 25 +++++++++++++++++++ .../programs/vscode/default.nix | 1 + 3 files changed, 27 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/conventionalCommits.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index f213d3c..8ac026e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -79,6 +79,7 @@ in { # misc extensions evenBetterToml.enable = true; direnv.enable = config.programs.direnv.enable; + conventionalCommits.enable = true; }; extensions = let diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix new file mode 100644 index 0000000..00ca6fa --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.conventionalCommits = { + enable = lib.mkEnableOption "Enable VSCode Conventional Commits extension"; + extension = lib.mkPackageOption pkgsRepository "conventional-commits" { + default = ["vivaxy" "vscode-conventional-commits"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.conventionalCommits.enable { + extensions = [config.extraExtensions.conventionalCommits.extension]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 48eb1ce..85f4a62 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -22,5 +22,6 @@ ./nearley.nix ./vitest.nix ./direnv.nix + ./conventionalCommits.nix ]; } From 09d258840662c034f187e66bea1536eefb1f644a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 6 Sep 2025 23:42:13 -0500 Subject: [PATCH 0816/1043] feat: added config options to hte conventional commit extension to disable emoji and scopes propts --- .../programs/vscode/conventionalCommits.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 00ca6fa..1e3954c 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -15,10 +15,27 @@ in { extension = lib.mkPackageOption pkgsRepository "conventional-commits" { default = ["vivaxy" "vscode-conventional-commits"]; }; + + emojiFormat = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable emoji format for conventional commits"; + }; + + promptScopes = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable prompting for scopes in conventional commits"; + }; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { extensions = [config.extraExtensions.conventionalCommits.extension]; + + userSettings = { + "conventionalCommits.emojiFormat" = config.extraExtensions.conventionalCommits.emojiFormat; + "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + }; }; })); }; From 58fec3f132f0fdfd4ade138ffc1edf9905753ad4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 7 Sep 2025 15:58:54 -0500 Subject: [PATCH 0817/1043] refactor: switched to using mkEnableOption --- .../programs/vscode/conventionalCommits.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 1e3954c..5bc8124 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -16,24 +16,16 @@ in { default = ["vivaxy" "vscode-conventional-commits"]; }; - emojiFormat = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable emoji format for conventional commits"; - }; + gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; - promptScopes = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable prompting for scopes in conventional commits"; - }; + promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { extensions = [config.extraExtensions.conventionalCommits.extension]; userSettings = { - "conventionalCommits.emojiFormat" = config.extraExtensions.conventionalCommits.emojiFormat; + "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; }; }; From 487dc215503aab6d309ade68480ac48a47604376 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 7 Sep 2025 20:12:46 -0500 Subject: [PATCH 0818/1043] refactor: removed eslint mcp server --- .../leyla/packages/vscode/default.nix | 1 - .../programs/vscode/claudeDev.nix | 38 +++---------------- 2 files changed, 6 insertions(+), 33 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8ac026e..6e36908 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,7 +72,6 @@ in { enable = true; mcp = { nixos.enable = true; - eslint.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 11eb155..21ff6b5 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,21 +10,11 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; - mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" '' - ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@" - ''; - anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcpEslint = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.eslint.enable - ) (lib.attrValues config.programs.vscode.profiles); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -39,9 +29,6 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; - eslint = { - enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; - }; }; }; }; @@ -60,27 +47,14 @@ in { ]; }) - (lib.mkIf anyProfileHasMcpEslint { - home.packages = [ - mcp-eslint - pkgs.eslint - ]; - }) - - (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) { + (lib.mkIf anyProfileHasMcpNixos { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = - (lib.optionalAttrs anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = { - command = "${mcp-eslint}/bin/mcp-eslint"; - }; - }); + mcpServers = { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }; }; force = true; }; From 2745af9443d5a814866e791e513648d887dc7dbe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 8 Sep 2025 16:47:05 -0500 Subject: [PATCH 0819/1043] feat: updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 03054c1..6ea6f9b 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1756733629, - "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", + "lastModified": 1757255839, + "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", "owner": "nix-community", "repo": "disko", - "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", + "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1756958609, - "narHash": "sha256-1nRGsnPZjOubRTsXEsnJqWlLsgo/Xq7tN7PWK57dFDQ=", + "lastModified": 1757304222, + "narHash": "sha256-s070stByAXxeCLgftTXxFxZ2ynJhghne4Y6cTuqGAaw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b2a4e1bc62946403f82594ab9550ac13a1afa4df", + "rev": "fa312c0175ffb82bc67da095439b9cb683ac52bd", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756991914, - "narHash": "sha256-4ve/3ah5H/SpL2m3qmZ9GU+VinQYp2MN1G7GamimTds=", + "lastModified": 1757256385, + "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", "owner": "nix-community", "repo": "home-manager", - "rev": "b08f8737776f10920c330657bee8b95834b7a70f", + "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757015938, - "narHash": "sha256-1qBXNK/QxEjCqIoA2DxWn5gqM8rVxt+OxKodXu1GLTY=", + "lastModified": 1757130842, + "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "eaacfa1101b84225491d2ceae9549366d74dc214", + "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1756950692, - "narHash": "sha256-3MnwSjiqIK8XtKZ1pkhuiv2wnCzQfulc5Wu0pWFluew=", + "lastModified": 1757296711, + "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5ae2ac105a0d3ed2230a225ef6441928286897da", + "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756925795, - "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ba6fab29768007e9f2657014a6e134637100c57d", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756787288, - "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", + "lastModified": 1757068644, + "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", + "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "type": "github" }, "original": { From ca9f54d795a84177cf4d98e818891e87c5c44f28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 00:41:17 -0500 Subject: [PATCH 0820/1043] feat: installed mcp servers for vitest and eslint --- .../leyla/packages/vscode/default.nix | 2 + .../programs/vscode/claudeDev.nix | 45 ++++++++++++++++--- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 6e36908..41ecdcb 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,6 +72,8 @@ in { enable = true; mcp = { nixos.enable = true; + eslint.enable = true; + vitest.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 21ff6b5..47da0af 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -15,6 +15,20 @@ profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpEslint = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.eslint.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpVitest = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.vitest.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -29,6 +43,12 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; + eslint = { + enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + }; + vitest = { + enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; + }; }; }; }; @@ -47,14 +67,27 @@ in { ]; }) - (lib.mkIf anyProfileHasMcpNixos { + (lib.mkIf anyProfileHasMcp { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }; + mcpServers = + (lib.optionalAttrs anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpEslint { + eslint = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "@eslint/mcp@latest"]; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpVitest { + vitest = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "@djankies/vitest-mcp"]; + }; + }); }; force = true; }; From cf330b1cbb44a07a28bca5d86eebd40176f5ac5a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 10:18:06 -0500 Subject: [PATCH 0821/1043] feat: installed sleep-mcp server --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/claudeDev.nix | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 41ecdcb..a651265 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -74,6 +74,7 @@ in { nixos.enable = true; eslint.enable = true; vitest.enable = true; + sleep.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 47da0af..9c067e8 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -28,7 +28,13 @@ && profile.extraExtensions.claudeDev.mcp.vitest.enable ) (lib.attrValues config.programs.vscode.profiles); - anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest; + anyProfileHasMcpSleep = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.sleep.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -49,6 +55,9 @@ in { vitest = { enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; }; + sleep = { + enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; + }; }; }; }; @@ -87,6 +96,12 @@ in { command = "${pkgs.nodejs}/bin/npx"; args = ["-y" "@djankies/vitest-mcp"]; }; + }) + // (lib.optionalAttrs anyProfileHasMcpSleep { + sleep-mcp = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "sleep-mcp"]; + }; }); }; force = true; From 0f8faadd80cb86c34d23b7e17f327de5f3f7acde Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 10:47:31 -0500 Subject: [PATCH 0822/1043] feat: added more config options for mcp servers --- .../leyla/packages/vscode/default.nix | 24 +++- .../programs/vscode/claudeDev.nix | 110 ++++++++++++++++-- 2 files changed, 119 insertions(+), 15 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index a651265..583f440 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,9 +72,27 @@ in { enable = true; mcp = { nixos.enable = true; - eslint.enable = true; - vitest.enable = true; - sleep.enable = true; + eslint = { + enable = true; + autoApprove = { + lint-files = true; + }; + }; + vitest = { + enable = true; + autoApprove = { + list_tests = true; + run_tests = true; + analyze_coverage = true; + }; + }; + sleep = { + enable = true; + timeout = 18000; # 5 hours to match claude codes timeout + autoApprove = { + sleep = true; + }; + }; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 9c067e8..0e34f97 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -35,6 +35,30 @@ ) (lib.attrValues config.programs.vscode.profiles); anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; + + getMcpTimeout = serverName: + lib.findFirst (timeout: timeout != null) null (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then profile.extraExtensions.claudeDev.mcp.${serverName}.timeout + else null + ) (lib.attrValues config.programs.vscode.profiles)); + + getMcpAutoApprove = serverName: + lib.foldl' ( + acc: profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then acc // profile.extraExtensions.claudeDev.mcp.${serverName}.autoApprove + else acc + ) {} (lib.attrValues config.programs.vscode.profiles); + + getMcpPackage = serverName: + lib.findFirst (package: package != null) null (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then profile.extraExtensions.claudeDev.mcp.${serverName}.package + else null + ) (lib.attrValues config.programs.vscode.profiles)); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -51,12 +75,53 @@ in { }; eslint = { enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "@eslint/mcp@latest"; + description = "NPM package to use for ESLint MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for ESLint MCP server operations"; + }; + autoApprove = { + lint-files = lib.mkEnableOption "Should the lint-files tool be auto approved for ESLint MCP server"; + }; }; vitest = { enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "@djankies/vitest-mcp"; + description = "NPM package to use for Vitest MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for Vitest MCP server operations"; + }; + autoApprove = { + list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; + run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; + analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; + }; }; sleep = { enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "sleep-mcp"; + description = "NPM package to use for Sleep MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for Sleep MCP server operations"; + }; + autoApprove = { + sleep = lib.mkEnableOption "Should the sleep tool be auto approved for Sleep MCP server"; + }; }; }; }; @@ -86,22 +151,43 @@ in { }; }) // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "@eslint/mcp@latest"]; - }; + eslint = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "eslint")]; + } + // (lib.optionalAttrs ((getMcpTimeout "eslint") != null) { + timeout = getMcpTimeout "eslint"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "eslint") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "eslint")); + }); }) // (lib.optionalAttrs anyProfileHasMcpVitest { - vitest = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "@djankies/vitest-mcp"]; - }; + vitest = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "vitest")]; + } + // (lib.optionalAttrs ((getMcpTimeout "vitest") != null) { + timeout = getMcpTimeout "vitest"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "vitest") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "vitest")); + }); }) // (lib.optionalAttrs anyProfileHasMcpSleep { - sleep-mcp = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "sleep-mcp"]; - }; + sleep-mcp = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "sleep")]; + } + // (lib.optionalAttrs ((getMcpTimeout "sleep") != null) { + timeout = getMcpTimeout "sleep"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "sleep") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "sleep")); + }); }); }; force = true; From ffcba0d714f2fed4a72aadf68ccd184d5872dcee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Sep 2025 18:03:04 -0500 Subject: [PATCH 0823/1043] feat: created mapillary desktop uploader dirivation --- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/mapillary-uploader.nix | 42 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 modules/common-modules/pkgs/mapillary-uploader.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 16f3a3c..669533b 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -22,5 +22,8 @@ (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix new file mode 100644 index 0000000..3ab38f8 --- /dev/null +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -0,0 +1,42 @@ +{ + lib, + fetchurl, + appimageTools, +}: let + pname = "mapillary-uploader"; + version = "4.7.2"; # Based on the application output + + src = fetchurl { + url = "https://tools.mapillary.com/uploader/download/linux"; + name = "mapillary-uploader.AppImage"; + sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; + }; + + appimageContents = appimageTools.extractType2 { + inherit pname version src; + }; +in + appimageTools.wrapType2 { + inherit pname version src; + + extraInstallCommands = '' + # Install desktop file + install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop + + # Install icon + install -Dm644 ${appimageContents}/usr/share/icons/hicolor/0x0/apps/mapillary-desktop-uploader.png $out/share/pixmaps/mapillary-uploader.png + + # Fix desktop file paths + substituteInPlace $out/share/applications/mapillary-uploader.desktop \ + --replace 'Exec=AppRun' 'Exec=${pname}' + ''; + + meta = with lib; { + description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary"; + homepage = "https://www.mapillary.com/"; + license = licenses.unfree; # Mapillary's license terms + maintainers = []; + platforms = ["x86_64-linux"]; + sourceProvenance = with sourceTypes; [binaryNativeCode]; + }; + } From 3bf3391eb90e7b2cead773c262ecf0d8c8c8a4c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Sep 2025 18:15:43 -0500 Subject: [PATCH 0824/1043] feat: created mapillary desktop uploader program config and installed for leyla --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../programs/mapillary-uploader.nix | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 modules/home-manager-modules/programs/mapillary-uploader.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 86bbd96..6377ed2 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -58,6 +58,7 @@ in { krita.enable = true; ungoogled-chromium.enable = true; libreoffice.enable = true; + mapillary-uploader.enable = true; inkscape.enable = true; gimp.enable = true; freecad.enable = true; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index d1c13db..79f3351 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -21,6 +21,7 @@ ./vscode ./ungoogled-chromium.nix ./libreoffice.nix + ./mapillary-uploader.nix ./inkscape.nix ./gimp.nix ./proxmark3.nix diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix new file mode 100644 index 0000000..38c1144 --- /dev/null +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.programs.mapillary-uploader; +in { + options.programs.mapillary-uploader = { + enable = mkEnableOption "Mapillary Desktop Uploader"; + }; + + config = mkIf cfg.enable { + home.packages = [pkgs.mapillary-uploader]; + }; +} From 22b9c5b3f96094ddd6e210070650da4c1d9a497c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 17:34:19 -0500 Subject: [PATCH 0825/1043] chore: added items to task list --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 339a8e8..13d1206 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - rotate sops encryption keys periodically (and somehow sync between devices?) - wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- panoramax instance +- mastodon instance +- move searx, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file From 88dcba346f6413963277fdb0f216a4f64811ac08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 21:42:34 -0500 Subject: [PATCH 0826/1043] feat: started to create panoramax config --- modules/common-modules/pkgs/default.nix | 3 + modules/common-modules/pkgs/panoramax.nix | 65 ++++++++++++++++++++++ modules/nixos-modules/server/panoramax.nix | 43 ++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 modules/common-modules/pkgs/panoramax.nix create mode 100644 modules/nixos-modules/server/panoramax.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 669533b..f1235cc 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -25,5 +25,8 @@ (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) + (final: prev: { + panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix new file mode 100644 index 0000000..e2dad14 --- /dev/null +++ b/modules/common-modules/pkgs/panoramax.nix @@ -0,0 +1,65 @@ +{ + lib, + fetchFromGitLab, + buildPythonPackage, + flit-core, + flask, + pillow, + requests, + python-dotenv, + authlib, + sentry-sdk, + python-dateutil, + croniter, + pydantic, + ... +}: let + pname = "geovisio"; + version = "2.10.0"; + repo = fetchFromGitLab { + owner = "panoramax"; + repo = "server/api"; + rev = version; + hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E="; + }; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = repo; + + build-system = [ + flit-core + ]; + + dependencies = [ + flask + pillow + requests + python-dotenv + authlib + sentry-sdk + python-dateutil + croniter + pydantic + ]; + + # Skip tests as they may require network access or specific setup + doCheck = false; + + # Disable runtime dependencies check as many dependencies are not available in nixpkgs + dontCheckRuntimeDeps = true; + + # Disable imports check as many dependencies are not available in nixpkgs + pythonImportsCheck = []; + + meta = with lib; { + description = "Panoramax API client and tools for street-level imagery platform"; + homepage = "https://gitlab.com/panoramax/server/api"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix new file mode 100644 index 0000000..a16588a --- /dev/null +++ b/modules/nixos-modules/server/panoramax.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + osConfig, + ... +}: let + cfg = config.services.panoramax; +in { + options.services.panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + # TODO: create configs + # TODO: auto config db + # config = { + # DB_PORT = lib.mkOption {}; + # DB_HOST = lib.mkOption {}; + # DB_USERNAME = lib.mkOption {}; + # DB_PASSWORD = lib.mkOption {}; + # DB_NAME = lib.mkOption {}; + # FS_URL = lib.mkOption {}; + # }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + # TODO: configure options for the package + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: configure impermanence for panoramax data + } + ) + ] + ); +} From 663bdcc012cbf6410bf6acebaf4566313c4081fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 21:48:10 -0500 Subject: [PATCH 0827/1043] chore: stubed out section for fail2ban for panoramax --- modules/nixos-modules/server/panoramax.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index a16588a..f7d305f 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -33,6 +33,11 @@ in { { # TODO: configure options for the package } + ( + lib.mkIf config.services.fail2ban { + # TODO: configure options for fail2ban + } + ) ( lib.mkIf osConfig.host.impermanence.enable { # TODO: configure impermanence for panoramax data From 52801b4bb7a71f02115c6f3b05899ed3daf150ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 22:10:57 -0500 Subject: [PATCH 0828/1043] refactor: moved reverse proxy into own section in server modules --- modules/nixos-modules/server/actual.nix | 12 +- modules/nixos-modules/server/forgejo.nix | 10 +- .../nixos-modules/server/home-assistant.nix | 37 +++--- modules/nixos-modules/server/immich.nix | 38 +++--- modules/nixos-modules/server/jellyfin.nix | 28 ++--- modules/nixos-modules/server/paperless.nix | 26 +++-- modules/nixos-modules/server/searx.nix | 110 +++++++++--------- 7 files changed, 142 insertions(+), 119 deletions(-) diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix index 7fc0b93..80f4fab 100644 --- a/modules/nixos-modules/server/actual.nix +++ b/modules/nixos-modules/server/actual.nix @@ -18,11 +18,6 @@ in { systemd.tmpfiles.rules = [ "d ${dataDirectory} 2770 actual actual" ]; - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - }; - }; services.actual = { settings = { @@ -30,6 +25,13 @@ in { }; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { # TODO: configuration for fail2ban for actual }) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index de06f94..3b19695 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -26,9 +26,6 @@ in { } ]; host = { - reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; - }; postgres = { enable = true; extraUsers = { @@ -76,6 +73,13 @@ in { config.services.forgejo.settings.server.SSH_LISTEN_PORT ]; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 57bedc1..baf6683 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -43,24 +43,6 @@ in { config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; - }; - }; - services.home-assistant = { configDir = configDir; extraComponents = [ @@ -173,6 +155,25 @@ in { ]; }; }) + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index e7088a9..fa376e4 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -17,23 +17,6 @@ in { config = lib.mkIf config.services.immich.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; - }; postgres = { enable = true; extraUsers = { @@ -53,6 +36,27 @@ in { ]; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_redirect off; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 294c8e1..85c870f 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -30,6 +30,20 @@ in { config = lib.mkIf config.services.jellyfin.enable ( lib.mkMerge [ { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + } + (lib.mkIf config.host.reverse_proxy.enable { host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; @@ -45,19 +59,7 @@ in { proxy_buffering off; ''; }; - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - } + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/jellyfin.local".text = ( diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index b97c48d..303d742 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -24,17 +24,6 @@ in { config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; - }; postgres = { enable = true; extraUsers = { @@ -61,6 +50,21 @@ in { }; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/paperless.local".text = ( diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index d357308..0e547af 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -12,61 +12,67 @@ }; }; - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; + config = lib.mkIf config.services.searx.enable ( + lib.mkMerge [ + { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; - }; + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; + } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.searx = { + subdomain = config.services.searx.subdomain; + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; + }) + ] + ); } From 84b204f8b1553aa25a0831ec25f03de62df3d7b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 10:40:34 -0500 Subject: [PATCH 0829/1043] feat: created env config for panoramax --- modules/nixos-modules/server/panoramax.nix | 191 +++++++++++++++++++-- 1 file changed, 177 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index f7d305f..5196a2d 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -4,8 +4,28 @@ pkgs, osConfig, ... -}: let - cfg = config.services.panoramax; +}: +with lib; let + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${optionalString (config.services.panoramax.database.url != null) "DB_URL=${config.services.panoramax.database.url}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.port != null) "DB_PORT=${toString config.services.panoramax.database.port}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.host != null) "DB_HOST=${config.services.panoramax.database.host}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.username != null) "DB_USERNAME=${config.services.panoramax.database.username}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.password != null) "DB_PASSWORD=${config.services.panoramax.database.password}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.name != null) "DB_NAME=${config.services.panoramax.database.name}"} + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; in { options.services.panoramax = { enable = lib.mkEnableOption "panoramax"; @@ -16,23 +36,166 @@ in { description = "The panoramax package to use"; }; - # TODO: create configs - # TODO: auto config db - # config = { - # DB_PORT = lib.mkOption {}; - # DB_HOST = lib.mkOption {}; - # DB_USERNAME = lib.mkOption {}; - # DB_PASSWORD = lib.mkOption {}; - # DB_NAME = lib.mkOption {}; - # FS_URL = lib.mkOption {}; - # }; + # TODO: sgblur config + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + database = { + url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). + If provided, individual database options (host, port, username, password, name) are ignored. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5432; + description = "Database port (ignored if database.url is set)"; + }; + + host = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host (ignored if database.url is set)"; + }; + + username = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database username (ignored if database.url is set)"; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Database password (ignored if database.url is set)"; + }; + + name = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database name (ignored if database.url is set)"; + }; + }; + + storage = { + fsUrl = mkOption { + type = types.nullOr types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = mkOption { + type = types.nullOr types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = mkOption { + type = types.nullOr types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = mkOption { + type = types.attrsOf types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; }; - config = lib.mkIf cfg.enable ( + config = lib.mkIf config.services.panoramax.enable ( lib.mkMerge [ { - # TODO: configure options for the package + environment.systemPackages = with pkgs; [ + config.services.panoramax.package + python3Packages.waitress + ]; + + systemd.services.panoramax = { + description = "Panoramax Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; + Restart = "always"; + User = "panoramax"; + Group = "panoramax"; + WorkingDirectory = "/var/lib/panoramax"; + Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.panoramax = { + isSystemUser = true; + group = "panoramax"; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.panoramax = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/panoramax 0755 panoramax panoramax -" + "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" + ]; + + # TODO: auto config db } + ( + lib.mkIf config.host.reverse_proxy.enable { + # TODO: configure reverse proxy here + } + ) ( lib.mkIf config.services.fail2ban { # TODO: configure options for fail2ban From 376cb934c322be84390c57f30ddb234f6a45a50f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 11:29:43 -0500 Subject: [PATCH 0830/1043] refactor: added asseration for db config --- modules/nixos-modules/server/panoramax.nix | 68 +++++++++++++++++----- 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index 5196a2d..0ebd82f 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -6,23 +6,40 @@ ... }: with lib; let + cfg = config.services.panoramax; + + # Database configuration assertions + dbUrlConfigured = cfg.database.url != null; + individualDbConfigured = all (x: x != null) [ + cfg.database.host + cfg.database.port + cfg.database.username + cfg.database.password + cfg.database.name + ]; + envContent = '' # Panoramax Configuration FLASK_APP=geovisio - ${optionalString (config.services.panoramax.database.url != null) "DB_URL=${config.services.panoramax.database.url}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.port != null) "DB_PORT=${toString config.services.panoramax.database.port}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.host != null) "DB_HOST=${config.services.panoramax.database.host}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.username != null) "DB_USERNAME=${config.services.panoramax.database.username}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.password != null) "DB_PASSWORD=${config.services.panoramax.database.password}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.name != null) "DB_NAME=${config.services.panoramax.database.name}"} - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ${ + if dbUrlConfigured + then "DB_URL=${cfg.database.url}" + else '' + DB_HOST=${cfg.database.host} + DB_PORT=${toString cfg.database.port} + DB_USERNAME=${cfg.database.username} + DB_PASSWORD=${cfg.database.password} + DB_NAME=${cfg.database.name} + '' + } + ${optionalString (cfg.storage.fsUrl != null) "FS_URL=${cfg.storage.fsUrl}"} + ${optionalString (cfg.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString cfg.infrastructure.nbProxies}"} + ${optionalString (cfg.flask.secretKey != null) "FLASK_SECRET_KEY=${cfg.flask.secretKey}"} + ${optionalString (cfg.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${cfg.flask.sessionCookieDomain}"} + ${optionalString (cfg.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${cfg.api.pictures.licenseSpdxId}"} + ${optionalString (cfg.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${cfg.api.pictures.licenseUrl}"} + ${optionalString (cfg.port != null) "PORT=${toString cfg.port}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") cfg.extraEnvironment)} ''; envFile = pkgs.writeText "panoramax.env" envContent; @@ -189,6 +206,29 @@ in { "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" ]; + assertions = [ + { + assertion = dbUrlConfigured || individualDbConfigured; + message = '' + Panoramax database configuration requires either: + - A complete database URL (services.panoramax.database.url), OR + - All individual database options (host, port, username, password, name) + + Currently configured: + - database.url: ${ + if dbUrlConfigured + then "✓ configured" + else "✗ not configured" + } + - individual options: ${ + if individualDbConfigured + then "✓ all configured" + else "✗ some missing" + } + ''; + } + ]; + # TODO: auto config db } ( From 1d0f51c70ad69b103c630281a75dc65b2776df26 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 11:36:12 -0500 Subject: [PATCH 0831/1043] chore: addede panoramax.nix to server modules --- modules/nixos-modules/server/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 4ca50e2..87f3dae 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -14,5 +14,6 @@ ./qbittorent.nix ./paperless.nix ./actual.nix + ./panoramax.nix ]; } From c0579f55dc56e90af409dfbab22bafba4b3338c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 13:36:07 -0500 Subject: [PATCH 0832/1043] feat: created sgblur package --- modules/common-modules/pkgs/default.nix | 3 ++ modules/common-modules/pkgs/sgblur.nix | 65 +++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 modules/common-modules/pkgs/sgblur.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index f1235cc..28141c8 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -28,5 +28,8 @@ (final: prev: { panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; }) + (final: prev: { + sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/sgblur.nix b/modules/common-modules/pkgs/sgblur.nix new file mode 100644 index 0000000..d007b4e --- /dev/null +++ b/modules/common-modules/pkgs/sgblur.nix @@ -0,0 +1,65 @@ +{ + lib, + python3Packages, + fetchFromGitHub, + pkg-config, + libjpeg_turbo, + exiftran ? libjpeg_turbo, +}: +python3Packages.buildPythonPackage { + pname = "sgblur"; + version = "1.0.0"; + + pyproject = true; + + src = fetchFromGitHub { + owner = "cquest"; + repo = "sgblur"; + rev = "master"; + hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y="; + }; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libjpeg_turbo + exiftran + ]; + + build-system = with python3Packages; [ + setuptools + wheel + ]; + + dependencies = with python3Packages; [ + # Core dependencies from pyproject.toml + ultralytics + # pyturbojpeg # May need special handling + pillow + # uuid # Built into Python + # exifread + python-multipart + fastapi + uvicorn + requests + # piexif + pydantic-settings + pydantic + ]; + + # Skip tests as they may require GPU or specific setup + doCheck = false; + + # The package may have import issues due to system dependencies + pythonImportsCheck = []; + + meta = with lib; { + description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API"; + homepage = "https://github.com/cquest/sgblur"; + license = licenses.mit; + maintainers = []; + platforms = platforms.unix; + }; +} From 0f87d78271bd2ca520f70bc20cdda6b27a86537b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 14:02:16 -0500 Subject: [PATCH 0833/1043] feat: updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6ea6f9b..ca41b02 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1757255839, - "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757304222, - "narHash": "sha256-s070stByAXxeCLgftTXxFxZ2ynJhghne4Y6cTuqGAaw=", + "lastModified": 1757822625, + "narHash": "sha256-w+V97GrUZK5Lt50DOzhmFGPf3coxfj4TTNHa0rHswuE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa312c0175ffb82bc67da095439b9cb683ac52bd", + "rev": "5a1d5f5453eef0ea2510d9860d2f803911df6776", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757256385, - "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", + "lastModified": 1757920978, + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", "owner": "nix-community", "repo": "home-manager", - "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757130842, - "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757296711, - "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", + "lastModified": 1757901553, + "narHash": "sha256-gW45THWkxnzWpPtjuaDeTnpKFB6i5cZmxk4WuGKhCNc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", + "rev": "846f1334090a2c44d77850c00d0c17a27ad66618", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1757943327, + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1757847158, + "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", "type": "github" }, "original": { From dbd5d36913bd38c4485e46d8992f3bd861afa558 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 14:54:31 -0500 Subject: [PATCH 0834/1043] feat: drafted out reverse proxy config for panoramax --- modules/nixos-modules/server/panoramax.nix | 26 +++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index 0ebd82f..ad21738 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -53,6 +53,12 @@ in { description = "The panoramax package to use"; }; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + # TODO: sgblur config port = mkOption { type = types.nullOr types.port; @@ -233,7 +239,25 @@ in { } ( lib.mkIf config.host.reverse_proxy.enable { - # TODO: configure reverse proxy here + host = { + reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { + target = "http://localhost:${toString config.services.panoramax.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads for panoramic images + client_max_body_size 100M; + + # set timeout for image processing + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + proxy_redirect off; + ''; + }; + }; } ) ( From 01325c306867c786f2828594ec0eef1fe98c64ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 15:25:05 -0500 Subject: [PATCH 0835/1043] feat: drafted out database configuration and sgblur config --- modules/nixos-modules/server/panoramax.nix | 229 ++++++++++++++++----- 1 file changed, 181 insertions(+), 48 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index ad21738..dd026cd 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -6,16 +6,14 @@ ... }: with lib; let - cfg = config.services.panoramax; - # Database configuration assertions - dbUrlConfigured = cfg.database.url != null; + dbUrlConfigured = config.services.panoramax.database.url != null; individualDbConfigured = all (x: x != null) [ - cfg.database.host - cfg.database.port - cfg.database.username - cfg.database.password - cfg.database.name + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name ]; envContent = '' @@ -23,23 +21,24 @@ with lib; let FLASK_APP=geovisio ${ if dbUrlConfigured - then "DB_URL=${cfg.database.url}" + then "DB_URL=${config.services.panoramax.database.url}" else '' - DB_HOST=${cfg.database.host} - DB_PORT=${toString cfg.database.port} - DB_USERNAME=${cfg.database.username} - DB_PASSWORD=${cfg.database.password} - DB_NAME=${cfg.database.name} + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} '' } - ${optionalString (cfg.storage.fsUrl != null) "FS_URL=${cfg.storage.fsUrl}"} - ${optionalString (cfg.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString cfg.infrastructure.nbProxies}"} - ${optionalString (cfg.flask.secretKey != null) "FLASK_SECRET_KEY=${cfg.flask.secretKey}"} - ${optionalString (cfg.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${cfg.flask.sessionCookieDomain}"} - ${optionalString (cfg.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${cfg.api.pictures.licenseSpdxId}"} - ${optionalString (cfg.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${cfg.api.pictures.licenseUrl}"} - ${optionalString (cfg.port != null) "PORT=${toString cfg.port}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") cfg.extraEnvironment)} + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} ''; envFile = pkgs.writeText "panoramax.env" envContent; @@ -59,26 +58,13 @@ in { default = "panoramax"; }; - # TODO: sgblur config - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - database = { + createDB = mkOption { + type = types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + url = mkOption { type = types.nullOr types.str; default = null; @@ -113,12 +99,62 @@ in { }; name = mkOption { - type = types.nullOr types.str; + type = types.str; default = "panoramax"; description = "Database name (ignored if database.url is set)"; }; }; + sgblur = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = mkOption { + type = types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + storage = { fsUrl = mkOption { type = types.nullOr types.str; @@ -179,10 +215,14 @@ in { config = lib.mkIf config.services.panoramax.enable ( lib.mkMerge [ { - environment.systemPackages = with pkgs; [ - config.services.panoramax.package - python3Packages.waitress - ]; + environment.systemPackages = with pkgs; + [ + config.services.panoramax.package + python3Packages.waitress + ] + ++ optionals config.services.panoramax.sgblur.enable [ + config.services.panoramax.sgblur.package + ]; systemd.services.panoramax = { description = "Panoramax Service"; @@ -233,10 +273,103 @@ in { } ''; } - ]; + { + assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); + message = '' + Panoramax createDB option can only be used with socket connections when a database URL is provided. + Socket connections are identified by: + - URLs starting with "unix:" + - URLs starting with "/run/" + - Host paths starting with "/" - # TODO: auto config db + Current configuration: + - createDB: ${lib.boolToString config.services.panoramax.database.createDB} + - database.url: ${ + if config.services.panoramax.database.url != null + then config.services.panoramax.database.url + else "not set" + } + - database.host: ${config.services.panoramax.database.host} + ''; + } + ]; } + ( + lib.mkIf config.services.panoramax.sgblur.enable { + systemd.services.sgblur = { + description = "SGBlur AI-powered face and license plate blurring service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${config.services.panoramax.sgblur.package}/bin/uvicorn sgblur.main:app --host ${config.services.panoramax.sgblur.host} --port ${toString config.services.panoramax.sgblur.port}"; + Restart = "always"; + User = "sgblur"; + Group = "sgblur"; + WorkingDirectory = "/var/lib/sgblur"; + Environment = "PYTHONPATH=${config.services.panoramax.sgblur.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.sgblur = { + isSystemUser = true; + group = "sgblur"; + home = "/var/lib/sgblur"; + createHome = true; + }; + + users.groups.sgblur = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/sgblur 0755 sgblur sgblur -" + ]; + + # Update panoramax service dependencies when sgblur is enabled + systemd.services.panoramax = { + after = ["sgblur.service"]; + wants = ["sgblur.service"]; + }; + } + ) + ( + lib.mkIf config.services.panoramax.database.createDB { + services.postgresql = { + enable = true; + ensureDatabases = [config.services.panoramax.database.name]; + ensureUsers = [ + { + name = config.services.panoramax.database.username; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + settings = { + shared_preload_libraries = ["postgis"]; + }; + }; + + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + CREATE EXTENSION IF NOT EXISTS postgis_topology; + CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; + CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; + + ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; + GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" + '' + ]; + + systemd.services.panoramax = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + } + ) ( lib.mkIf config.host.reverse_proxy.enable { host = { From b2e5ae1f98be4cece2bbab8ae1a9c7ba5d7df9aa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 09:58:35 -0500 Subject: [PATCH 0836/1043] build: updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index ca41b02..b6e48bb 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757822625, - "narHash": "sha256-w+V97GrUZK5Lt50DOzhmFGPf3coxfj4TTNHa0rHswuE=", + "lastModified": 1757995413, + "narHash": "sha256-vaU/7/PXoym6vnspGxhR29V9klGe9iy9zmp6x7w38f8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5a1d5f5453eef0ea2510d9860d2f803911df6776", + "rev": "4ae8996b3e139926c784acd22824cde46cd28833", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757920978, - "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", + "lastModified": 1757997814, + "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=", "owner": "nix-community", "repo": "home-manager", - "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", + "rev": "5820376beb804de9acf07debaaff1ac84728b708", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757901553, - "narHash": "sha256-gW45THWkxnzWpPtjuaDeTnpKFB6i5cZmxk4WuGKhCNc=", + "lastModified": 1757987448, + "narHash": "sha256-ltDT7EIfLHV42p99HnDfDviC8jN7tcOed1qsLEFypl8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "846f1334090a2c44d77850c00d0c17a27ad66618", + "rev": "e496568b0e69d9d54c8cfef96ed1370952ad9786", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1757847158, - "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", + "lastModified": 1758007585, + "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", + "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "type": "github" }, "original": { From cdeb4e108b4604acf9ec15bd2e9bcfb906a2f0a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:14:33 -0500 Subject: [PATCH 0837/1043] refactor: split server modules into smaller more manageable files --- modules/nixos-modules/server/actual.nix | 56 --- modules/nixos-modules/server/actual/const.nix | 3 + .../nixos-modules/server/actual/default.nix | 34 ++ .../nixos-modules/server/actual/fail2ban.nix | 9 + .../server/actual/impermanence.nix | 26 ++ modules/nixos-modules/server/actual/proxy.nix | 13 + modules/nixos-modules/server/default.nix | 23 +- modules/nixos-modules/server/forgejo.nix | 128 ------ .../nixos-modules/server/forgejo/const.nix | 4 + .../nixos-modules/server/forgejo/database.nix | 41 ++ .../nixos-modules/server/forgejo/default.nix | 61 +++ .../nixos-modules/server/forgejo/fail2ban.nix | 32 ++ .../server/forgejo/impermanence.nix | 28 ++ .../nixos-modules/server/forgejo/proxy.nix | 18 + .../nixos-modules/server/home-assistant.nix | 230 ---------- .../server/home-assistant/database.nix | 56 +++ .../server/home-assistant/default.nix | 118 +++++ .../home-assistant/extensions/default.nix | 12 + .../home-assistant/extensions/jellyfin.nix | 9 + .../home-assistant/extensions/sonos.nix | 11 + .../home-assistant/extensions/wyoming.nix | 9 + .../server/home-assistant/fail2ban.nix | 39 ++ .../server/home-assistant/impermanence.nix | 26 ++ .../server/home-assistant/proxy.nix | 24 ++ modules/nixos-modules/server/immich.nix | 99 ----- .../nixos-modules/server/immich/database.nix | 26 ++ .../nixos-modules/server/immich/default.nix | 28 ++ .../nixos-modules/server/immich/fail2ban.nix | 26 ++ .../server/immich/impermanence.nix | 25 ++ modules/nixos-modules/server/immich/proxy.nix | 27 ++ modules/nixos-modules/server/jellyfin.nix | 147 ------- .../nixos-modules/server/jellyfin/default.nix | 48 +++ .../server/jellyfin/fail2ban.nix | 32 ++ .../server/jellyfin/impermanence.nix | 66 +++ .../nixos-modules/server/jellyfin/proxy.nix | 25 ++ modules/nixos-modules/server/panoramax.nix | 408 ------------------ .../server/panoramax/default.nix | 340 +++++++++++++++ .../server/panoramax/fail2ban.nix | 11 + .../server/panoramax/impermanence.nix | 14 + .../nixos-modules/server/panoramax/proxy.nix | 27 ++ modules/nixos-modules/server/paperless.nix | 113 ----- .../server/paperless/database.nix | 34 ++ .../server/paperless/default.nix | 40 ++ .../server/paperless/fail2ban.nix | 34 ++ .../server/paperless/impermanence.nix | 25 ++ .../nixos-modules/server/paperless/proxy.nix | 21 + modules/nixos-modules/server/searx.nix | 78 ---- .../nixos-modules/server/searx/default.nix | 71 +++ modules/nixos-modules/server/searx/proxy.nix | 14 + 49 files changed, 1519 insertions(+), 1270 deletions(-) delete mode 100644 modules/nixos-modules/server/actual.nix create mode 100644 modules/nixos-modules/server/actual/const.nix create mode 100644 modules/nixos-modules/server/actual/default.nix create mode 100644 modules/nixos-modules/server/actual/fail2ban.nix create mode 100644 modules/nixos-modules/server/actual/impermanence.nix create mode 100644 modules/nixos-modules/server/actual/proxy.nix delete mode 100644 modules/nixos-modules/server/forgejo.nix create mode 100644 modules/nixos-modules/server/forgejo/const.nix create mode 100644 modules/nixos-modules/server/forgejo/database.nix create mode 100644 modules/nixos-modules/server/forgejo/default.nix create mode 100644 modules/nixos-modules/server/forgejo/fail2ban.nix create mode 100644 modules/nixos-modules/server/forgejo/impermanence.nix create mode 100644 modules/nixos-modules/server/forgejo/proxy.nix delete mode 100644 modules/nixos-modules/server/home-assistant.nix create mode 100644 modules/nixos-modules/server/home-assistant/database.nix create mode 100644 modules/nixos-modules/server/home-assistant/default.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/default.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/sonos.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/wyoming.nix create mode 100644 modules/nixos-modules/server/home-assistant/fail2ban.nix create mode 100644 modules/nixos-modules/server/home-assistant/impermanence.nix create mode 100644 modules/nixos-modules/server/home-assistant/proxy.nix delete mode 100644 modules/nixos-modules/server/immich.nix create mode 100644 modules/nixos-modules/server/immich/database.nix create mode 100644 modules/nixos-modules/server/immich/default.nix create mode 100644 modules/nixos-modules/server/immich/fail2ban.nix create mode 100644 modules/nixos-modules/server/immich/impermanence.nix create mode 100644 modules/nixos-modules/server/immich/proxy.nix delete mode 100644 modules/nixos-modules/server/jellyfin.nix create mode 100644 modules/nixos-modules/server/jellyfin/default.nix create mode 100644 modules/nixos-modules/server/jellyfin/fail2ban.nix create mode 100644 modules/nixos-modules/server/jellyfin/impermanence.nix create mode 100644 modules/nixos-modules/server/jellyfin/proxy.nix delete mode 100644 modules/nixos-modules/server/panoramax.nix create mode 100644 modules/nixos-modules/server/panoramax/default.nix create mode 100644 modules/nixos-modules/server/panoramax/fail2ban.nix create mode 100644 modules/nixos-modules/server/panoramax/impermanence.nix create mode 100644 modules/nixos-modules/server/panoramax/proxy.nix delete mode 100644 modules/nixos-modules/server/paperless.nix create mode 100644 modules/nixos-modules/server/paperless/database.nix create mode 100644 modules/nixos-modules/server/paperless/default.nix create mode 100644 modules/nixos-modules/server/paperless/fail2ban.nix create mode 100644 modules/nixos-modules/server/paperless/impermanence.nix create mode 100644 modules/nixos-modules/server/paperless/proxy.nix delete mode 100644 modules/nixos-modules/server/searx.nix create mode 100644 modules/nixos-modules/server/searx/default.nix create mode 100644 modules/nixos-modules/server/searx/proxy.nix diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix deleted file mode 100644 index 80f4fab..0000000 --- a/modules/nixos-modules/server/actual.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDirectory = "/var/lib/actual/"; -in { - options.services.actual = { - subdomain = lib.mkOption { - type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; - }; - }; - - config = lib.mkIf config.services.actual.enable (lib.mkMerge [ - { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - # TODO: configuration for fail2ban for actual - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDirectory; - user = "actual"; - group = "actual"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix new file mode 100644 index 0000000..13b068e --- /dev/null +++ b/modules/nixos-modules/server/actual/const.nix @@ -0,0 +1,3 @@ +{ + dataDirectory = "/var/lib/actual/"; +} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix new file mode 100644 index 0000000..bef7a05 --- /dev/null +++ b/modules/nixos-modules/server/actual/default.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/fail2ban.nix b/modules/nixos-modules/server/actual/fail2ban.nix new file mode 100644 index 0000000..3ad754e --- /dev/null +++ b/modules/nixos-modules/server/actual/fail2ban.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.actual.enable && config.services.fail2ban.enable) { + # TODO: configuration for fail2ban for actual + }; +} diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix new file mode 100644 index 0000000..5eee95a --- /dev/null +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix new file mode 100644 index 0000000..e20a6cd --- /dev/null +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -0,0 +1,13 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 87f3dae..15f833b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,19 +1,20 @@ {...}: { imports = [ - ./fail2ban.nix - ./network_storage ./reverse_proxy.nix + ./fail2ban.nix ./postgres.nix + ./network_storage ./podman.nix - ./jellyfin.nix - ./forgejo.nix - ./searx.nix - ./home-assistant.nix - ./wyoming.nix - ./immich.nix + + ./actual + ./immich + ./panoramax + ./forgejo + ./home-assistant + ./jellyfin + ./paperless + ./searx ./qbittorent.nix - ./paperless.nix - ./actual.nix - ./panoramax.nix + ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix deleted file mode 100644 index 3b19695..0000000 --- a/modules/nixos-modules/server/forgejo.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - forgejoPort = 8081; - stateDir = "/var/lib/forgejo"; - db_user = "forgejo"; - sshPort = 22222; -in { - options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - }; - - config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - host = { - postgres = { - enable = true; - extraUsers = { - ${db_user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${db_user} = { - name = db_user; - }; - }; - }; - }; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - config.services.forgejo.settings.server.SSH_LISTEN_PORT - ]; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); - }; - - services.fail2ban = { - jails = { - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = stateDir; - user = "forgejo"; - group = "forgejo"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/forgejo/const.nix b/modules/nixos-modules/server/forgejo/const.nix new file mode 100644 index 0000000..10e3974 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/const.nix @@ -0,0 +1,4 @@ +{ + httpPort = 8081; + sshPort = 22222; +} diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix new file mode 100644 index 0000000..0417aab --- /dev/null +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.forgejo.enable ( + lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + + assertions = [ + { + assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; + message = "Forgejo database type must be postgres"; + } + ]; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + forgejo = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + forgejo = { + name = "forgejo"; + }; + }; + }; + }; + }) + ] + ); +} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix new file mode 100644 index 0000000..cec2630 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix new file mode 100644 index 0000000..213c804 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + }; + + services.fail2ban = { + jails = { + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix new file mode 100644 index 0000000..04f21a5 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: let + stateDir = "/var/lib/forgejo"; +in { + config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = stateDir; + user = "forgejo"; + group = "forgejo"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix new file mode 100644 index 0000000..9e85f78 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; +in { + config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { + host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + target = "http://localhost:${toString httpPort}"; + }; + + networking.firewall.allowedTCPPorts = [ + config.services.forgejo.settings.server.SSH_LISTEN_PORT + ]; + }; +} diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix deleted file mode 100644 index baf6683..0000000 --- a/modules/nixos-modules/server/home-assistant.nix +++ /dev/null @@ -1,230 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - configDir = "/var/lib/hass"; - dbUser = "hass"; -in { - options.services.home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = configDir; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${dbUser}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { - services.home-assistant.extraComponents = ["sonos"]; - networking.firewall.allowedTCPPorts = [ - config.services.home-assistant.extensions.sonos.port - ]; - }) - (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { - services.home-assistant.extraComponents = ["jellyfin"]; - # TODO: configure port, address, and login information here - }) - (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { - services.home-assistant.extraComponents = ["wyoming"]; - services.wyoming.enable = true; - }) - (lib.mkIf (config.services.home-assistant.database == "postgres") { - host = { - postgres = { - enable = true; - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; - - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; - - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); - }; - - services.fail2ban = { - jails = { - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix new file mode 100644 index 0000000..0ac8002 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -0,0 +1,56 @@ +{ + lib, + config, + ... +}: let + dbUser = "hass"; +in { + config = lib.mkIf config.services.home-assistant.enable ( + lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + + assertions = [ + { + assertion = config.services.home-assistant.database == "postgres"; + message = "Home Assistant database type must be postgres"; + } + ]; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) + ] + ); +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix new file mode 100644 index 0000000..6edf0c0 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -0,0 +1,118 @@ +{ + lib, + config, + ... +}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ./extensions + ]; + + options.services.home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/default.nix b/modules/nixos-modules/server/home-assistant/extensions/default.nix new file mode 100644 index 0000000..9ef84a3 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/default.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ./sonos.nix + ./jellyfin.nix + ./wyoming.nix + ]; +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix new file mode 100644 index 0000000..29af274 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/sonos.nix b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix new file mode 100644 index 0000000..c70649f --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix new file mode 100644 index 0000000..840d360 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; +} diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix new file mode 100644 index 0000000..6ac5900 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -0,0 +1,39 @@ +{ + lib, + pkgs, + config, + ... +}: +lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/home-assistant/impermanence.nix b/modules/nixos-modules/server/home-assistant/impermanence.nix new file mode 100644 index 0000000..8c056a1 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in + lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; + } diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix new file mode 100644 index 0000000..63396b5 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; + }; +} diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix deleted file mode 100644 index fa376e4..0000000 --- a/modules/nixos-modules/server/immich.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.services.immich = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedUDPPorts = [ - config.services.immich.port - ]; - allowedTCPPorts = [ - config.services.immich.port - ]; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - '') - ); - }; - - services.fail2ban = { - jails = { - immich-iptables.settings = lib.mkIf config.services.immich.enable { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix new file mode 100644 index 0000000..74b1aaa --- /dev/null +++ b/modules/nixos-modules/server/immich/database.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix new file mode 100644 index 0000000..9d782f0 --- /dev/null +++ b/modules/nixos-modules/server/immich/default.nix @@ -0,0 +1,28 @@ +{lib, ...}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.immich = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + # NOTE: This shouldn't be needed now that we are out of testing + # config = lib.mkIf config.services.immich.enable { + # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + # allowedUDPPorts = [ + # config.services.immich.port + # ]; + # allowedTCPPorts = [ + # config.services.immich.port + # ]; + # }; + # }; +} diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix new file mode 100644 index 0000000..c9ec87b --- /dev/null +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + environment.etc = { + "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + ''); + }; + + services.fail2ban = { + jails = { + immich-iptables.settings = { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix new file mode 100644 index 0000000..f63d178 --- /dev/null +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix new file mode 100644 index 0000000..9d8790a --- /dev/null +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_redirect off; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix deleted file mode 100644 index 85c870f..0000000 --- a/modules/nixos-modules/server/jellyfin.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; - jellyfin_data_directory = "/var/lib/jellyfin"; - jellyfin_cache_directory = "/var/cache/jellyfin"; -in { - options.services.jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; - default = []; - }; - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable ( - lib.mkMerge [ - { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - } - (lib.mkIf config.host.reverse_proxy.enable { - host.reverse_proxy.subdomains.jellyfin = { - target = "http://localhost:${toString jellyfinPort}"; - - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." - '') - ); - }; - - services.fail2ban = { - jails = { - jellyfin-iptables.settings = { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/jellyfin".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix new file mode 100644 index 0000000..238ce3a --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -0,0 +1,48 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.jellyfin = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/fail2ban.nix b/modules/nixos-modules/server/jellyfin/fail2ban.nix new file mode 100644 index 0000000..ba8d8ba --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/fail2ban.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf (config.services.jellyfin.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/jellyfin.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\\\\(IP: \\\"\\\"\\\\\\)\\\\\\." + '') + ); + }; + + services.fail2ban = { + jails = { + jellyfin-iptables.settings = { + enabled = true; + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix new file mode 100644 index 0000000..e0b3b5d --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -0,0 +1,66 @@ +{ + lib, + config, + ... +}: let + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; +in { + config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + fileSystems."/persist/system/jellyfin".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + + "/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix new file mode 100644 index 0000000..5edb865 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + jellyfinPort = 8096; +in { + config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { + host.reverse_proxy.subdomains.jellyfin = { + target = "http://localhost:${toString jellyfinPort}"; + + subdomain = config.services.jellyfin.subdomain; + extraSubdomains = config.services.jellyfin.extraSubdomains; + + forwardHeaders.enable = true; + + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + + proxy_buffering off; + ''; + }; + }; +} diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix deleted file mode 100644 index dd026cd..0000000 --- a/modules/nixos-modules/server/panoramax.nix +++ /dev/null @@ -1,408 +0,0 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: -with lib; let - # Database configuration assertions - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { - options.services.panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; - }; - - database = { - createDB = mkOption { - type = types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - url = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). - If provided, individual database options (host, port, username, password, name) are ignored. - ''; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5432; - description = "Database port (ignored if database.url is set)"; - }; - - host = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = "Database host (ignored if database.url is set)"; - }; - - username = mkOption { - type = types.nullOr types.str; - default = "panoramax"; - description = "Database username (ignored if database.url is set)"; - }; - - password = mkOption { - type = types.nullOr types.str; - default = null; - description = "Database password (ignored if database.url is set)"; - }; - - name = mkOption { - type = types.str; - default = "panoramax"; - description = "Database name (ignored if database.url is set)"; - }; - }; - - sgblur = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = mkOption { - type = types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = mkOption { - type = types.nullOr types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = mkOption { - type = types.nullOr types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = mkOption { - type = types.nullOr types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = mkOption { - type = types.nullOr types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable ( - lib.mkMerge [ - { - environment.systemPackages = with pkgs; - [ - config.services.panoramax.package - python3Packages.waitress - ] - ++ optionals config.services.panoramax.sgblur.enable [ - config.services.panoramax.sgblur.package - ]; - - systemd.services.panoramax = { - description = "Panoramax Service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; - Restart = "always"; - User = "panoramax"; - Group = "panoramax"; - WorkingDirectory = "/var/lib/panoramax"; - Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.panoramax = { - isSystemUser = true; - group = "panoramax"; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.panoramax = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/panoramax 0755 panoramax panoramax -" - "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" - ]; - - assertions = [ - { - assertion = dbUrlConfigured || individualDbConfigured; - message = '' - Panoramax database configuration requires either: - - A complete database URL (services.panoramax.database.url), OR - - All individual database options (host, port, username, password, name) - - Currently configured: - - database.url: ${ - if dbUrlConfigured - then "✓ configured" - else "✗ not configured" - } - - individual options: ${ - if individualDbConfigured - then "✓ all configured" - else "✗ some missing" - } - ''; - } - { - assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); - message = '' - Panoramax createDB option can only be used with socket connections when a database URL is provided. - Socket connections are identified by: - - URLs starting with "unix:" - - URLs starting with "/run/" - - Host paths starting with "/" - - Current configuration: - - createDB: ${lib.boolToString config.services.panoramax.database.createDB} - - database.url: ${ - if config.services.panoramax.database.url != null - then config.services.panoramax.database.url - else "not set" - } - - database.host: ${config.services.panoramax.database.host} - ''; - } - ]; - } - ( - lib.mkIf config.services.panoramax.sgblur.enable { - systemd.services.sgblur = { - description = "SGBlur AI-powered face and license plate blurring service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${config.services.panoramax.sgblur.package}/bin/uvicorn sgblur.main:app --host ${config.services.panoramax.sgblur.host} --port ${toString config.services.panoramax.sgblur.port}"; - Restart = "always"; - User = "sgblur"; - Group = "sgblur"; - WorkingDirectory = "/var/lib/sgblur"; - Environment = "PYTHONPATH=${config.services.panoramax.sgblur.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.sgblur = { - isSystemUser = true; - group = "sgblur"; - home = "/var/lib/sgblur"; - createHome = true; - }; - - users.groups.sgblur = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/sgblur 0755 sgblur sgblur -" - ]; - - # Update panoramax service dependencies when sgblur is enabled - systemd.services.panoramax = { - after = ["sgblur.service"]; - wants = ["sgblur.service"]; - }; - } - ) - ( - lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = { - enable = true; - ensureDatabases = [config.services.panoramax.database.name]; - ensureUsers = [ - { - name = config.services.panoramax.database.username; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - settings = { - shared_preload_libraries = ["postgis"]; - }; - }; - - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - CREATE EXTENSION IF NOT EXISTS postgis_topology; - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; - - ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; - GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" - '' - ]; - - systemd.services.panoramax = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - } - ) - ( - lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; - }; - }; - } - ) - ( - lib.mkIf config.services.fail2ban { - # TODO: configure options for fail2ban - } - ) - ( - lib.mkIf osConfig.host.impermanence.enable { - # TODO: configure impermanence for panoramax data - } - ) - ] - ); -} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix new file mode 100644 index 0000000..e506b80 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -0,0 +1,340 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + # Database configuration assertions + dbUrlConfigured = config.services.panoramax.database.url != null; + individualDbConfigured = all (x: x != null) [ + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name + ]; + + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${ + if dbUrlConfigured + then "DB_URL=${config.services.panoramax.database.url}" + else '' + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} + '' + } + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + + database = { + createDB = mkOption { + type = types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + + url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). + If provided, individual database options (host, port, username, password, name) are ignored. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5432; + description = "Database port (ignored if database.url is set)"; + }; + + host = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host (ignored if database.url is set)"; + }; + + username = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database username (ignored if database.url is set)"; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Database password (ignored if database.url is set)"; + }; + + name = mkOption { + type = types.str; + default = "panoramax"; + description = "Database name (ignored if database.url is set)"; + }; + }; + + sgblur = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = mkOption { + type = types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + storage = { + fsUrl = mkOption { + type = types.nullOr types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = mkOption { + type = types.nullOr types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = mkOption { + type = types.nullOr types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = mkOption { + type = types.attrsOf types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + environment.systemPackages = with pkgs; + [ + config.services.panoramax.package + python3Packages.waitress + ] + ++ optionals config.services.panoramax.sgblur.enable [ + config.services.panoramax.sgblur.package + ]; + + systemd.services.panoramax = { + description = "Panoramax Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; + Restart = "always"; + User = "panoramax"; + Group = "panoramax"; + WorkingDirectory = "/var/lib/panoramax"; + Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.panoramax = { + isSystemUser = true; + group = "panoramax"; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.panoramax = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/panoramax 0755 panoramax panoramax -" + "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" + ]; + + assertions = [ + { + assertion = dbUrlConfigured || individualDbConfigured; + message = '' + Panoramax database configuration requires either: + - A complete database URL (services.panoramax.database.url), OR + - All individual database options (host, port, username, password, name) + + Currently configured: + - database.url: ${ + if dbUrlConfigured + then "✓ configured" + else "✗ not configured" + } + - individual options: ${ + if individualDbConfigured + then "✓ all configured" + else "✗ some missing" + } + ''; + } + { + assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); + message = '' + Panoramax createDB option can only be used with socket connections when a database URL is provided. + Socket connections are identified by: + - URLs starting with "unix:" + - URLs starting with "/run/" + - Host paths starting with "/" + + Current configuration: + - createDB: ${lib.boolToString config.services.panoramax.database.createDB} + - database.url: ${ + if config.services.panoramax.database.url != null + then config.services.panoramax.database.url + else "not set" + } + - database.host: ${config.services.panoramax.database.host} + ''; + } + ]; + } + (lib.mkIf config.services.panoramax.database.createDB { + systemd.services.panoramax = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [config.services.panoramax.database.name]; + ensureUsers = [ + { + name = config.services.panoramax.database.username; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + settings = { + shared_preload_libraries = ["postgis"]; + }; + }; + + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + CREATE EXTENSION IF NOT EXISTS postgis_topology; + CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; + CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; + + ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; + GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" + '' + ]; + }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/fail2ban.nix b/modules/nixos-modules/server/panoramax/fail2ban.nix new file mode 100644 index 0000000..649b53a --- /dev/null +++ b/modules/nixos-modules/server/panoramax/fail2ban.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && config.services.fail2ban.enable) { + # TODO: configure options for fail2ban + # This is a placeholder - panoramax fail2ban configuration would need to be defined + # based on the specific log patterns and security requirements + }; +} diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix new file mode 100644 index 0000000..011c322 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -0,0 +1,14 @@ +{ + lib, + config, + osConfig, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && osConfig.host.impermanence.enable) { + # TODO: configure impermanence for panoramax data + # This would typically include directories like: + # - /var/lib/panoramax + # - panoramax storage directories + # - any cache or temporary directories that need to persist + }; +} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix new file mode 100644 index 0000000..70e3f5b --- /dev/null +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { + target = "http://localhost:${toString config.services.panoramax.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads for panoramic images + client_max_body_size 100M; + + # set timeout for image processing + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + proxy_redirect off; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix deleted file mode 100644 index 303d742..0000000 --- a/modules/nixos-modules/server/paperless.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/paperless"; -in { - options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; - }; - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; - services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/paperless.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ - ignoreregex = - - '') - ); - }; - - services.fail2ban = { - jails = { - paperless.settings = { - enabled = true; - filter = "paperless"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.paperless.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDir; - user = "paperless"; - group = "paperless"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix new file mode 100644 index 0000000..6f4ce51 --- /dev/null +++ b/modules/nixos-modules/server/paperless/database.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + ( + lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; + }; + }; + }; + }; + } + ) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix new file mode 100644 index 0000000..ec01fef --- /dev/null +++ b/modules/nixos-modules/server/paperless/default.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + ... +}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/fail2ban.nix b/modules/nixos-modules/server/paperless/fail2ban.nix new file mode 100644 index 0000000..e1a70f9 --- /dev/null +++ b/modules/nixos-modules/server/paperless/fail2ban.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: { + config = lib.mkIf (config.services.paperless.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix new file mode 100644 index 0000000..d9e17bd --- /dev/null +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix new file mode 100644 index 0000000..cb0f157 --- /dev/null +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix deleted file mode 100644 index 0e547af..0000000 --- a/modules/nixos-modules/server/searx.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: { - options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; - }; - }; - - config = lib.mkIf config.services.searx.enable ( - lib.mkMerge [ - { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix new file mode 100644 index 0000000..73ec489 --- /dev/null +++ b/modules/nixos-modules/server/searx/default.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + inputs, + ... +}: { + imports = [ + ./proxy.nix + ]; + + options.services.searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix new file mode 100644 index 0000000..d925918 --- /dev/null +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.searx = { + subdomain = config.services.searx.subdomain; + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; + }; + }; +} From dfdd6bcc82c088eb2aac31737df2e388a13398c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:20:00 -0500 Subject: [PATCH 0838/1043] chore: removed resolved item from research topics --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 13d1206..62040e3 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ -- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: @@ -70,4 +69,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- move searx, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file +- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file From 9b02e300801a0db6e2e7c3911af2843776099e56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:44:00 -0500 Subject: [PATCH 0839/1043] refactor: moved subdomain options into proxy file --- .../nixos-modules/server/actual/default.nix | 8 ----- modules/nixos-modules/server/actual/proxy.nix | 8 +++++ .../nixos-modules/server/forgejo/default.nix | 8 ----- .../nixos-modules/server/forgejo/proxy.nix | 8 +++++ .../server/home-assistant/default.nix | 6 ---- .../server/home-assistant/proxy.nix | 35 ++++++++++++------- .../nixos-modules/server/immich/default.nix | 10 +----- modules/nixos-modules/server/immich/proxy.nix | 8 +++++ .../nixos-modules/server/jellyfin/default.nix | 10 ------ .../nixos-modules/server/jellyfin/proxy.nix | 13 +++++++ .../server/panoramax/default.nix | 6 ---- .../nixos-modules/server/panoramax/proxy.nix | 8 +++++ .../server/paperless/default.nix | 5 --- .../nixos-modules/server/paperless/proxy.nix | 8 +++++ .../nixos-modules/server/searx/default.nix | 8 ----- modules/nixos-modules/server/searx/proxy.nix | 8 +++++ 16 files changed, 84 insertions(+), 73 deletions(-) diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index bef7a05..546240e 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -12,14 +12,6 @@ in { ./impermanence.nix ]; - options.services.actual = { - subdomain = lib.mkOption { - type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; - }; - }; - config = lib.mkIf config.services.actual.enable { systemd.tmpfiles.rules = [ "d ${dataDirectory} 2770 actual actual" diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index e20a6cd..6ca51e4 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.actual.subdomain} = { diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index cec2630..1fdc8d9 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -15,14 +15,6 @@ in { ./impermanence.nix ]; - options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - }; - config = lib.mkIf config.services.forgejo.enable { assertions = [ { diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 9e85f78..51f769d 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -6,6 +6,14 @@ const = import ./const.nix; httpPort = const.httpPort; in { + options.services.forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString httpPort}"; diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 6edf0c0..83d8ba7 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -12,12 +12,6 @@ ]; options.services.home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - database = lib.mkOption { type = lib.types.enum [ "builtin" diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index 63396b5..ba8f20d 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -2,23 +2,32 @@ lib, config, ... -}: -lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; +}: { + options.services.home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; - websockets.enable = true; - forwardHeaders.enable = true; + config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; + websockets.enable = true; + forwardHeaders.enable = true; - proxy_buffering off; + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; - proxy_read_timeout 90; - ''; + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; }; }; } diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix index 9d782f0..4d93c0b 100644 --- a/modules/nixos-modules/server/immich/default.nix +++ b/modules/nixos-modules/server/immich/default.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +{...}: { imports = [ ./proxy.nix ./database.nix @@ -6,14 +6,6 @@ ./impermanence.nix ]; - options.services.immich = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - # NOTE: This shouldn't be needed now that we are out of testing # config = lib.mkIf config.services.immich.enable { # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index 9d8790a..dae2420 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.immich = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.immich.subdomain} = { diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 238ce3a..0d88481 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -14,16 +14,6 @@ in { ]; options.services.jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; - default = []; - }; media_directory = lib.mkOption { type = lib.types.str; description = "directory jellyfin media will be hosted at"; diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 5edb865..1020a19 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -5,6 +5,19 @@ }: let jellyfinPort = 8096; in { + options.services.jellyfin = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; + }; + config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index e506b80..779f284 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -57,12 +57,6 @@ in { description = "The panoramax package to use"; }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; - }; - database = { createDB = mkOption { type = types.bool; diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 70e3f5b..79f9326 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.panoramax = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + }; + config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index ec01fef..a6878eb 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -11,11 +11,6 @@ ]; options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; - }; database = { user = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index cb0f157..2910f07 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -3,6 +3,14 @@ lib, ... }: { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + }; + config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index 73ec489..ac84c1d 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -8,14 +8,6 @@ ./proxy.nix ]; - options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; - }; - }; - config = lib.mkIf config.services.searx.enable { sops.secrets = { "services/searx" = { diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index d925918..0c1eae1 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -3,6 +3,14 @@ lib, ... }: { + options.services.searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.searx = { From e2e07c9a70c4f3ff591b72f8b90292fe62b7ca1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 12:09:41 -0500 Subject: [PATCH 0840/1043] feat: reworked databse config for panoramax --- .../server/panoramax/default.nix | 330 +----------------- .../server/panoramax/panoramax.nix | 253 ++++++++++++++ 2 files changed, 255 insertions(+), 328 deletions(-) create mode 100644 modules/nixos-modules/server/panoramax/panoramax.nix diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index 779f284..f029ee3 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -1,334 +1,8 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - # Database configuration assertions - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { +{...}: { imports = [ ./proxy.nix ./fail2ban.nix ./impermanence.nix + ./panoramax.nix ]; - - options.services.panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - database = { - createDB = mkOption { - type = types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - url = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). - If provided, individual database options (host, port, username, password, name) are ignored. - ''; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5432; - description = "Database port (ignored if database.url is set)"; - }; - - host = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = "Database host (ignored if database.url is set)"; - }; - - username = mkOption { - type = types.nullOr types.str; - default = "panoramax"; - description = "Database username (ignored if database.url is set)"; - }; - - password = mkOption { - type = types.nullOr types.str; - default = null; - description = "Database password (ignored if database.url is set)"; - }; - - name = mkOption { - type = types.str; - default = "panoramax"; - description = "Database name (ignored if database.url is set)"; - }; - }; - - sgblur = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = mkOption { - type = types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = mkOption { - type = types.nullOr types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = mkOption { - type = types.nullOr types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = mkOption { - type = types.nullOr types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = mkOption { - type = types.nullOr types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - environment.systemPackages = with pkgs; - [ - config.services.panoramax.package - python3Packages.waitress - ] - ++ optionals config.services.panoramax.sgblur.enable [ - config.services.panoramax.sgblur.package - ]; - - systemd.services.panoramax = { - description = "Panoramax Service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; - Restart = "always"; - User = "panoramax"; - Group = "panoramax"; - WorkingDirectory = "/var/lib/panoramax"; - Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.panoramax = { - isSystemUser = true; - group = "panoramax"; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.panoramax = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/panoramax 0755 panoramax panoramax -" - "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" - ]; - - assertions = [ - { - assertion = dbUrlConfigured || individualDbConfigured; - message = '' - Panoramax database configuration requires either: - - A complete database URL (services.panoramax.database.url), OR - - All individual database options (host, port, username, password, name) - - Currently configured: - - database.url: ${ - if dbUrlConfigured - then "✓ configured" - else "✗ not configured" - } - - individual options: ${ - if individualDbConfigured - then "✓ all configured" - else "✗ some missing" - } - ''; - } - { - assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); - message = '' - Panoramax createDB option can only be used with socket connections when a database URL is provided. - Socket connections are identified by: - - URLs starting with "unix:" - - URLs starting with "/run/" - - Host paths starting with "/" - - Current configuration: - - createDB: ${lib.boolToString config.services.panoramax.database.createDB} - - database.url: ${ - if config.services.panoramax.database.url != null - then config.services.panoramax.database.url - else "not set" - } - - database.host: ${config.services.panoramax.database.host} - ''; - } - ]; - } - (lib.mkIf config.services.panoramax.database.createDB { - systemd.services.panoramax = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [config.services.panoramax.database.name]; - ensureUsers = [ - { - name = config.services.panoramax.database.username; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - settings = { - shared_preload_libraries = ["postgis"]; - }; - }; - - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - CREATE EXTENSION IF NOT EXISTS postgis_topology; - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; - - ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; - GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" - '' - ]; - }) - ]); } diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix new file mode 100644 index 0000000..cdbc632 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -0,0 +1,253 @@ +{ + config, + lib, + pkgs, + ... +}: let + dbUrlConfigured = config.services.panoramax.database.url != null; + individualDbConfigured = lib.all (x: x != null) [ + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name + ]; + + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${ + if dbUrlConfigured + then "DB_URL=${config.services.panoramax.database.url}" + else '' + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} + '' + } + ${lib.optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${lib.optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${lib.optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${lib.optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${lib.optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${lib.optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${lib.optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${lib.optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; +in { + options.services = { + panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The user panoramax should run as."; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The group panoramax should run as."; + }; + + host = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Host to bind the panoramax service to"; + }; + + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 5000; + description = "Port for the panoramax service"; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open the panoramax port in the firewall"; + }; + + settings = { + urlScheme = lib.mkOption { + type = lib.types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + storage = { + fsUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; + }; + + database = { + createDB = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + + name = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The name of the panoramax database"; + }; + + host = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "/run/postgresql"; + description = "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path."; + }; + + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 5432; + description = "Port of the postgresql server."; + }; + + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "panoramax"; + description = "The database user for panoramax."; + }; + + # TODO: password file for external database + }; + + sgblur = { + # TODO: configs to bind to sgblur + }; + }; + sgblur = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = lib.mkOption { + type = lib.types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + # TODO: start panoramax service + } + (lib.mkIf config.services.sgblur.enable { + # TODO: start sg blur config + }) + (lib.mkIf config.services.panoramax.database.createDB { + services.postgresql = lib.mkIf config.services.panoramax.database.enable { + enable = true; + ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; + ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ + { + name = config.services.panoramax.database.user; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + }; + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + + ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; + + GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.user}" -f "${sqlFile}" + '' + ]; + }) + ]); +} From 1b1a3f7219790da0fca2b1012d7edd30642b4cfd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 12:40:19 -0500 Subject: [PATCH 0841/1043] fix: fixed database timezone alter not working --- modules/nixos-modules/server/panoramax/panoramax.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index cdbc632..aae7052 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -223,7 +223,7 @@ in { # TODO: start sg blur config }) (lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = lib.mkIf config.services.panoramax.database.enable { + services.postgresql = { enable = true; ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ @@ -239,7 +239,8 @@ in { sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' CREATE EXTENSION IF NOT EXISTS postgis; - ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; + -- TODO: how can we ensure that this runs after the databases have been created + -- ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; ''; From 3bee0c74028118e2fd93b172178e49a54d31efcf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 15:15:07 -0500 Subject: [PATCH 0842/1043] fix: fixed pkg dependencies for panoramax --- .../nixos/defiant/configuration.nix | 4 + modules/common-modules/pkgs/default.nix | 8 + modules/common-modules/pkgs/h3-c-lib.nix | 36 ++++ modules/common-modules/pkgs/panoramax.nix | 40 ++++ .../common-modules/pkgs/python/default.nix | 18 ++ .../pkgs/python/geojson-pydantic.nix | 48 +++++ .../pkgs/python/geopic-tag-reader.nix | 70 +++++++ modules/common-modules/pkgs/python/h3.nix | 81 ++++++++ .../common-modules/pkgs/python/pyexiv2.nix | 49 +++++ .../pkgs/python/pygeofilter.nix | 52 +++++ .../common-modules/pkgs/python/pygeoif.nix | 48 +++++ modules/common-modules/pkgs/python/rfeed.nix | 40 ++++ .../server/panoramax/panoramax.nix | 177 ++++++++++++++---- 13 files changed, 632 insertions(+), 39 deletions(-) create mode 100644 modules/common-modules/pkgs/h3-c-lib.nix create mode 100644 modules/common-modules/pkgs/python/default.nix create mode 100644 modules/common-modules/pkgs/python/geojson-pydantic.nix create mode 100644 modules/common-modules/pkgs/python/geopic-tag-reader.nix create mode 100644 modules/common-modules/pkgs/python/h3.nix create mode 100644 modules/common-modules/pkgs/python/pyexiv2.nix create mode 100644 modules/common-modules/pkgs/python/pygeofilter.nix create mode 100644 modules/common-modules/pkgs/python/pygeoif.nix create mode 100644 modules/common-modules/pkgs/python/rfeed.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e109d45..9be3065 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -306,6 +306,10 @@ passwordFile = config.sops.secrets."services/paperless_password".path; }; + panoramax = { + enable = true; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 28141c8..e608350 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ {pkgs, ...}: { + imports = [ + ./python + ]; + nixpkgs.overlays = [ (final: prev: { webtoon-dl = @@ -31,5 +35,9 @@ (final: prev: { sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; }) + (final: prev: { + # Override h3 C library to version 4.3.0 + h3 = pkgs.callPackage ./h3-c-lib.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/h3-c-lib.nix b/modules/common-modules/pkgs/h3-c-lib.nix new file mode 100644 index 0000000..2615d3c --- /dev/null +++ b/modules/common-modules/pkgs/h3-c-lib.nix @@ -0,0 +1,36 @@ +{ + lib, + stdenv, + fetchFromGitHub, + cmake, + doxygen, +}: +stdenv.mkDerivation rec { + pname = "h3"; + version = "4.3.0"; + + src = fetchFromGitHub { + owner = "uber"; + repo = "h3"; + rev = "v${version}"; + hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg="; + }; + + nativeBuildInputs = [ + cmake + doxygen + ]; + + cmakeFlags = [ + "-DBUILD_SHARED_LIBS=ON" + "-DBUILD_TESTING=OFF" + ]; + + meta = with lib; { + homepage = "https://github.com/uber/h3"; + description = "Hexagonal hierarchical geospatial indexing system"; + license = licenses.asl20; + maintainers = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix index e2dad14..75b5e0e 100644 --- a/modules/common-modules/pkgs/panoramax.nix +++ b/modules/common-modules/pkgs/panoramax.nix @@ -10,8 +10,27 @@ authlib, sentry-sdk, python-dateutil, + dateparser, croniter, pydantic, + flask-cors, + flask-compress, + flask-babel, + flasgger, + yoyo-migrations, + psycopg, + psycopg-pool, + tzdata, + email-validator, + pydantic-extra-types, + python-multipart, + fs, + fs-s3fs, + geopic-tag-reader, + pygeofilter, + pygeoif, + rfeed, + geojson-pydantic, ... }: let pname = "geovisio"; @@ -42,8 +61,29 @@ in authlib sentry-sdk python-dateutil + dateparser croniter pydantic + flask-cors + flask-compress + flask-babel + flasgger + yoyo-migrations + psycopg + psycopg-pool + tzdata + email-validator + pydantic-extra-types + python-multipart + fs + fs-s3fs + geopic-tag-reader + pygeofilter + pygeoif + rfeed + geojson-pydantic + # Missing from nixpkgs - may need custom packages: + # flask-executor ]; # Skip tests as they may require network access or specific setup diff --git a/modules/common-modules/pkgs/python/default.nix b/modules/common-modules/pkgs/python/default.nix new file mode 100644 index 0000000..f69c512 --- /dev/null +++ b/modules/common-modules/pkgs/python/default.nix @@ -0,0 +1,18 @@ +{...}: { + nixpkgs.overlays = [ + (final: prev: { + python3 = prev.python3.override { + packageOverrides = pythonPrev: pythonFinal: { + h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;}; + pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {}; + pygeoif = pythonPrev.callPackage ./pygeoif.nix {}; + rfeed = pythonPrev.callPackage ./rfeed.nix {}; + pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {}; + geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {}; + geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {}; + }; + }; + python3Packages = final.python3.pkgs; + }) + ]; +} diff --git a/modules/common-modules/pkgs/python/geojson-pydantic.nix b/modules/common-modules/pkgs/python/geojson-pydantic.nix new file mode 100644 index 0000000..96ec6b5 --- /dev/null +++ b/modules/common-modules/pkgs/python/geojson-pydantic.nix @@ -0,0 +1,48 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + flit-core, + pydantic, + geojson, + ... +}: let + pname = "geojson_pydantic"; + version = "2.0.0"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4="; + }; + + build-system = [ + flit-core + ]; + + dependencies = [ + pydantic + geojson + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["geojson_pydantic"]; + + meta = with lib; { + description = "Pydantic models for GeoJSON objects"; + homepage = "https://github.com/developmentseed/geojson-pydantic"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/geopic-tag-reader.nix b/modules/common-modules/pkgs/python/geopic-tag-reader.nix new file mode 100644 index 0000000..bd8451f --- /dev/null +++ b/modules/common-modules/pkgs/python/geopic-tag-reader.nix @@ -0,0 +1,70 @@ +{ + lib, + fetchFromGitLab, + buildPythonPackage, + flit-core, + typer, + xmltodict, + timezonefinder, + pytz, + types-pytz, + types-python-dateutil, + rtree, + python-dateutil, + pyexiv2, + ... +}: let + pname = "geopic-tag-reader"; + version = "1.8.0"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchFromGitLab { + owner = "panoramax"; + repo = "server/geo-picture-tag-reader"; + rev = version; + sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j"; + }; + + build-system = [ + flit-core + ]; + + dependencies = [ + typer + xmltodict + pyexiv2 + timezonefinder + pytz + types-pytz + types-python-dateutil + rtree + ]; + + optional-dependencies = { + write-exif = [ + python-dateutil + types-python-dateutil + ]; + }; + + # Skip tests as they may require network access or specific setup + doCheck = false; + + # Disable runtime dependencies check as some dependencies might have issues + dontCheckRuntimeDeps = true; + + # Disable imports check initially to avoid dependency issues + pythonImportsCheck = []; + + meta = with lib; { + description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata"; + homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/h3.nix b/modules/common-modules/pkgs/python/h3.nix new file mode 100644 index 0000000..2dc3d26 --- /dev/null +++ b/modules/common-modules/pkgs/python/h3.nix @@ -0,0 +1,81 @@ +{ + autoPatchelfHook, + buildPythonPackage, + cmake, + cython, + fetchFromGitHub, + h3, + lib, + ninja, + numpy, + pytestCheckHook, + pytest-cov-stub, + scikit-build-core, + stdenv, +}: +buildPythonPackage rec { + pname = "h3"; + version = "4.3.1"; + pyproject = true; + + # pypi version does not include tests + src = fetchFromGitHub { + owner = "uber"; + repo = "h3-py"; + tag = "v${version}"; + hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4="; + }; + + dontConfigure = true; + + nativeCheckInputs = [ + pytestCheckHook + pytest-cov-stub + ]; + + build-system = + [ + scikit-build-core + cmake + cython + ninja + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + # On Linux the .so files ends up referring to libh3.so instead of the full + # Nix store path. I'm not sure why this is happening! On Darwin it works + # fine. + autoPatchelfHook + ]; + + # This is not needed per-se, it's only added for autoPatchelfHook to work + # correctly. See the note above ^^ + buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3]; + + dependencies = [numpy]; + + # The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs. + # + # - Remove the h3lib submodule. + # - Patch CMakeLists to avoid building h3lib, and use h3 instead. + prePatch = let + cmakeCommands = '' + include_directories(${lib.getDev h3}/include/h3) + link_directories(${h3}/lib) + ''; + in '' + rm -r src/h3lib + substituteInPlace CMakeLists.txt \ + --replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \ + --replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h" + ''; + + # Extra check to make sure we can import it from Python + pythonImportsCheck = ["h3"]; + + meta = { + homepage = "https://github.com/uber/h3-py"; + description = "Hierarchical hexagonal geospatial indexing system"; + license = lib.licenses.asl20; + maintainers = [lib.maintainers.kalbasit]; + }; +} diff --git a/modules/common-modules/pkgs/python/pyexiv2.nix b/modules/common-modules/pkgs/python/pyexiv2.nix new file mode 100644 index 0000000..69fa537 --- /dev/null +++ b/modules/common-modules/pkgs/python/pyexiv2.nix @@ -0,0 +1,49 @@ +{ + lib, + fetchFromGitHub, + buildPythonPackage, + exiv2, + boost, + pybind11, + setuptools, + ... +}: let + pname = "pyexiv2"; + version = "2.15.3"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + build-system = [setuptools]; + + src = fetchFromGitHub { + owner = "LeoHsiao1"; + repo = "pyexiv2"; + rev = "v${version}"; + sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo="; + }; + + buildInputs = [ + exiv2 + boost + ]; + + nativeBuildInputs = [ + pybind11 + ]; + + # Skip tests as they may require specific test images + doCheck = false; + + # Disable runtime dependencies check initially + dontCheckRuntimeDeps = true; + + meta = with lib; { + description = "Python binding to the library exiv2"; + homepage = "https://github.com/LeoHsiao1/pyexiv2"; + license = licenses.gpl3Plus; + maintainers = []; + platforms = platforms.linux; + }; + } diff --git a/modules/common-modules/pkgs/python/pygeofilter.nix b/modules/common-modules/pkgs/python/pygeofilter.nix new file mode 100644 index 0000000..aa310f9 --- /dev/null +++ b/modules/common-modules/pkgs/python/pygeofilter.nix @@ -0,0 +1,52 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + wheel, + lark, + python-dateutil, + shapely, + ... +}: let + pname = "pygeofilter"; + version = "0.3.1"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + lark + python-dateutil + shapely + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["pygeofilter"]; + + meta = with lib; { + description = "A pure Python parser implementation of OGC filtering standards"; + homepage = "https://github.com/geopython/pygeofilter"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/pygeoif.nix b/modules/common-modules/pkgs/python/pygeoif.nix new file mode 100644 index 0000000..12b8b12 --- /dev/null +++ b/modules/common-modules/pkgs/python/pygeoif.nix @@ -0,0 +1,48 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + wheel, + typing-extensions, + ... +}: let + pname = "pygeoif"; + version = "1.5.1"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + typing-extensions + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["pygeoif"]; + + meta = with lib; { + description = "A basic implementation of the __geo_interface__"; + homepage = "https://github.com/cleder/pygeoif"; + license = licenses.lgpl21Plus; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/rfeed.nix b/modules/common-modules/pkgs/python/rfeed.nix new file mode 100644 index 0000000..0be8ab9 --- /dev/null +++ b/modules/common-modules/pkgs/python/rfeed.nix @@ -0,0 +1,40 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + python-dateutil, +}: +buildPythonPackage rec { + pname = "rfeed"; + version = "1.1.1"; + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk="; + }; + + build-system = [ + setuptools + ]; + + dependencies = [ + python-dateutil + ]; + + # No tests available in the package + doCheck = false; + + pythonImportsCheck = [ + "rfeed" + ]; + + meta = with lib; { + description = "RSS feed generation library for Python"; + homepage = "https://pypi.org/project/rfeed/"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; +} diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index aae7052..2af9982 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -3,43 +3,7 @@ lib, pkgs, ... -}: let - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = lib.all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${lib.optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${lib.optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${lib.optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${lib.optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${lib.optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${lib.optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${lib.optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${lib.optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { +}: { options.services = { panoramax = { enable = lib.mkEnableOption "panoramax"; @@ -217,10 +181,145 @@ in { config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ { - # TODO: start panoramax service + # Create panoramax user and group + users.users.${config.services.panoramax.user} = { + isSystemUser = true; + group = config.services.panoramax.group; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.${config.services.panoramax.group} = {}; + + # Ensure storage directory exists with correct permissions + systemd.tmpfiles.rules = [ + "d '${config.services.panoramax.settings.storage.fsUrl}' 0755 ${config.services.panoramax.user} ${config.services.panoramax.group} - -" + ]; + + systemd.services.panoramax-api = { + description = "Panoramax API server (self hosted map street view)"; + after = ["network.target" "postgresql.service"]; + wantedBy = ["multi-user.target"]; + + environment = + { + # Core Flask configuration + FLASK_APP = "geovisio"; + + # Database configuration + DB_HOST = config.services.panoramax.database.host; + DB_PORT = toString config.services.panoramax.database.port; + DB_USERNAME = config.services.panoramax.database.user; + DB_NAME = config.services.panoramax.database.name; + + # Storage configuration + FS_URL = config.services.panoramax.settings.storage.fsUrl; + + # Infrastructure configuration + INFRA_NB_PROXIES = toString config.services.panoramax.settings.infrastructure.nbProxies; + + # Application configuration + PORT = toString config.services.panoramax.port; + + # Python path to include the panoramax package + PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; + } + // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { + FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.flask.sessionCookieDomain != null) { + FLASK_SESSION_COOKIE_DOMAIN = config.services.panoramax.settings.flask.sessionCookieDomain; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseSpdxId != null) { + API_PICTURES_LICENSE_SPDX_ID = config.services.panoramax.settings.api.pictures.licenseSpdxId; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseUrl != null) { + API_PICTURES_LICENSE_URL = config.services.panoramax.settings.api.pictures.licenseUrl; + }) + // (lib.optionalAttrs config.services.sgblur.enable { + SGBLUR_API_URL = config.services.sgblur.url; + }) + // config.services.panoramax.settings.extraEnvironment; + + path = with pkgs; [ + (python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])) + ]; + + serviceConfig = { + ExecStart = "${pkgs.python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])}/bin/waitress-serve --port ${toString config.services.panoramax.port} --call geovisio:create_app"; + User = config.services.panoramax.user; + Group = config.services.panoramax.group; + WorkingDirectory = "/var/lib/panoramax"; + Restart = "always"; + RestartSec = 5; + + # Security hardening + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + "/var/lib/panoramax" + config.services.panoramax.settings.storage.fsUrl + ]; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + }; + }; + + # Open firewall if requested + networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ + config.services.panoramax.port + ]; } (lib.mkIf config.services.sgblur.enable { - # TODO: start sg blur config + # SGBlur service configuration + systemd.services.sgblur = { + description = "SGBlur face and license plate blurring service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + path = with pkgs; [ + config.services.sgblur.package + python3 + python3Packages.waitress + ]; + + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --host ${config.services.sgblur.host} --port ${toString config.services.sgblur.port} src.detect.detect_api:app"; + WorkingDirectory = "${config.services.sgblur.package}"; + Restart = "always"; + RestartSec = 5; + + # Basic security hardening + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ + config.services.sgblur.port + ]; }) (lib.mkIf config.services.panoramax.database.createDB { services.postgresql = { From 7e6fa744af1710f58828f9cee05bce32075b03e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 19:42:15 -0500 Subject: [PATCH 0843/1043] fix: wrapped prostudiomasters in --in-process-gpu flag --- modules/common-modules/pkgs/default.nix | 1 - .../common-modules/pkgs/prostudiomasters.nix | 25 ++++++++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e608350..c97f97c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -10,7 +10,6 @@ ./webtoon-dl.nix {}; }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? (final: prev: { prostudiomasters = pkgs.callPackage diff --git a/modules/common-modules/pkgs/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix index c1c03fe..1a3ad01 100644 --- a/modules/common-modules/pkgs/prostudiomasters.nix +++ b/modules/common-modules/pkgs/prostudiomasters.nix @@ -1,6 +1,7 @@ { fetchurl, appimageTools, + writeShellScript, }: let pname = "prostudiomasters"; version = "2.5.6"; @@ -8,7 +9,25 @@ url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; }; -in - appimageTools.wrapType2 { + + # Create the base AppImage wrapper + baseApp = appimageTools.wrapType2 { inherit pname version src; - } + }; + + # Create a wrapper script that automatically adds the --in-process-gpu flag + wrapper = writeShellScript "prostudiomasters-wrapper" '' + exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@" + ''; +in + # Override the base app to use our wrapper script + baseApp.overrideAttrs (oldAttrs: { + buildCommand = + oldAttrs.buildCommand + + '' + # Replace the original binary with our wrapper + rm $out/bin/prostudiomasters + cp ${wrapper} $out/bin/prostudiomasters + chmod +x $out/bin/prostudiomasters + ''; + }) From 333c68a8cd047098c111aa409b0ea89d30d50561 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 22:18:15 -0500 Subject: [PATCH 0844/1043] feat: created db config for panoramax --- .../nixos/defiant/configuration.nix | 1 + .../server/panoramax/database.nix | 29 +++++++++++++++++++ .../server/panoramax/default.nix | 1 + 3 files changed, 31 insertions(+) create mode 100644 modules/nixos-modules/server/panoramax/database.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9be3065..a309704 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -308,6 +308,7 @@ panoramax = { enable = true; + openFirewall = true; }; qbittorrent = { diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix new file mode 100644 index 0000000..3cf3455 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.panoramax.database.user} = { + isClient = true; + }; + }; + extraDatabases = { + ${config.services.panoramax.database.name} = {}; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index f029ee3..4c6b9ea 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -4,5 +4,6 @@ ./fail2ban.nix ./impermanence.nix ./panoramax.nix + ./database.nix ]; } From 2cdc39f3dcc29090d48d54bc8f24a67303e99ff2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 18 Sep 2025 14:19:57 -0500 Subject: [PATCH 0845/1043] fix: disabled broken panoramax config --- .../nixos/defiant/configuration.nix | 2 +- .../server/panoramax/database.nix | 27 +++++++++++-------- .../server/panoramax/panoramax.nix | 18 ++++++++----- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a309704..d10bea0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -307,7 +307,7 @@ }; panoramax = { - enable = true; + enable = false; openFirewall = true; }; diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 3cf3455..8679f9a 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -11,19 +11,24 @@ }; }; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; + ( + lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.panoramax.database.user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.panoramax.database.name} = { + name = config.services.panoramax.database.user; + }; }; }; - extraDatabases = { - ${config.services.panoramax.database.name} = {}; - }; }; - }; - }) + } + ) ]); } diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index 2af9982..fd77db7 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -206,12 +206,6 @@ # Core Flask configuration FLASK_APP = "geovisio"; - # Database configuration - DB_HOST = config.services.panoramax.database.host; - DB_PORT = toString config.services.panoramax.database.port; - DB_USERNAME = config.services.panoramax.database.user; - DB_NAME = config.services.panoramax.database.name; - # Storage configuration FS_URL = config.services.panoramax.settings.storage.fsUrl; @@ -224,6 +218,18 @@ # Python path to include the panoramax package PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; } + // ( + if config.services.panoramax.database.host == "/run/postgresql" + then { + DB_URL = "postgresql://${config.services.panoramax.database.user}@/${config.services.panoramax.database.name}?host=/run/postgresql"; + } + else { + DB_HOST = config.services.panoramax.database.host; + DB_PORT = toString config.services.panoramax.database.port; + DB_USERNAME = config.services.panoramax.database.user; + DB_NAME = config.services.panoramax.database.name; + } + ) // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; }) From ca6de5c0cda53b0b47686bfcd58050cc789bd9b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 18 Sep 2025 23:40:13 -0500 Subject: [PATCH 0846/1043] chore: added talk to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 62040e3..f1521ce 100644 --- a/README.md +++ b/README.md @@ -69,4 +69,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file +- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- graphana accessible though tailscale \ No newline at end of file From d35e2c93c1e38f8d67847e2b7be17034665615a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Sep 2025 21:04:47 -0500 Subject: [PATCH 0847/1043] feat: added option for auto aprove set root for vitest mcp server --- configurations/home-manager/leyla/packages/vscode/default.nix | 1 + modules/home-manager-modules/programs/vscode/claudeDev.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 583f440..981156b 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -84,6 +84,7 @@ in { list_tests = true; run_tests = true; analyze_coverage = true; + set_project_root = true; }; }; sleep = { diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 0e34f97..cebf614 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -105,6 +105,7 @@ in { list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; + set_project_root = lib.mkEnableOption "Should the set_project_root tool be auto approved for Vitest MCP server"; }; }; sleep = { From ee80636b2b4c958d3d003450371024ac71570114 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 24 Sep 2025 09:51:27 -0500 Subject: [PATCH 0848/1043] build: updated flake lock --- flake.lock | 71 ++++++++------------- flake.nix | 5 -- modules/common-modules/overlays/default.nix | 1 - 3 files changed, 25 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index b6e48bb..6123425 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757995413, - "narHash": "sha256-vaU/7/PXoym6vnspGxhR29V9klGe9iy9zmp6x7w38f8=", + "lastModified": 1758600213, + "narHash": "sha256-YP7+UxybMCzHPd5k93pulILnFvSisjgUAGUB/cxWbqU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4ae8996b3e139926c784acd22824cde46cd28833", + "rev": "8a0333bf11a0fab386c80fa018617bb050156ec5", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757997814, - "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=", + "lastModified": 1758719930, + "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", "owner": "nix-community", "repo": "home-manager", - "rev": "5820376beb804de9acf07debaaff1ac84728b708", + "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757430124, - "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", + "lastModified": 1758447883, + "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", + "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757987448, - "narHash": "sha256-ltDT7EIfLHV42p99HnDfDviC8jN7tcOed1qsLEFypl8=", + "lastModified": 1758678836, + "narHash": "sha256-ewDKEXcKYF7L+EGVa+8E1nxK1pdwVrCHcj5UhuGA8V0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e496568b0e69d9d54c8cfef96ed1370952ad9786", + "rev": "5007786714b3573b37cf3b8c4a33e2ddce86960d", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757943327, - "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", + "lastModified": 1758663926, + "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", + "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -292,8 +292,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "secrets": "secrets", - "sops-nix": "sops-nix", - "steam-fetcher": "steam-fetcher" + "sops-nix": "sops-nix" } }, "secrets": { @@ -319,11 +318,11 @@ ] }, "locked": { - "lastModified": 1758007585, - "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { @@ -332,26 +331,6 @@ "type": "github" } }, - "steam-fetcher": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1714795926, - "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", - "owner": "nix-community", - "repo": "steam-fetcher", - "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "steam-fetcher", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 7980012..151a54b 100644 --- a/flake.nix +++ b/flake.nix @@ -72,11 +72,6 @@ url = "github:edolstra/flake-compat"; }; - steam-fetcher = { - url = "github:nix-community/steam-fetcher"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # MCP NixOS server for Claude Dev mcp-nixos = { url = "github:utensils/mcp-nixos"; diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 465e83f..2c0f712 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,7 +1,6 @@ # this folder is for derivation overlays {inputs, ...}: { nixpkgs.overlays = [ - inputs.steam-fetcher.overlays.default inputs.nix-vscode-extensions.overlays.default ]; } From 4d52c58f79d13c25fa1ca098f37db04ee9e9e33f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 14:58:51 -0500 Subject: [PATCH 0849/1043] feat: instealled media editing programs for defiant --- configurations/nixos/defiant/default.nix | 1 + configurations/nixos/defiant/packages.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 configurations/nixos/defiant/packages.nix diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index fe850af..3013946 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -3,5 +3,6 @@ imports = [ ./hardware-configuration.nix ./configuration.nix + ./packages.nix ]; } diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix new file mode 100644 index 0000000..45780b0 --- /dev/null +++ b/configurations/nixos/defiant/packages.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + ffsubsync + sox + yt-dlp + ffmpeg + imagemagick + ]; +} From f9fe74cc8afcd50561eb4d796942246ed31c85bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 19:36:34 -0500 Subject: [PATCH 0850/1043] feat: installed bazarr, radarr, and sonarr --- .../nixos/defiant/configuration.nix | 15 ++++++++++ .../nixos-modules/server/bazarr/default.nix | 6 ++++ .../server/bazarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/bazarr/proxy.nix | 28 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 9 ++++-- .../nixos-modules/server/radarr/default.nix | 6 ++++ .../server/radarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/radarr/proxy.nix | 28 +++++++++++++++++++ .../nixos-modules/server/sonarr/default.nix | 6 ++++ .../server/sonarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/sonarr/proxy.nix | 28 +++++++++++++++++++ 11 files changed, 201 insertions(+), 3 deletions(-) create mode 100644 modules/nixos-modules/server/bazarr/default.nix create mode 100644 modules/nixos-modules/server/bazarr/impermanence.nix create mode 100644 modules/nixos-modules/server/bazarr/proxy.nix create mode 100644 modules/nixos-modules/server/radarr/default.nix create mode 100644 modules/nixos-modules/server/radarr/impermanence.nix create mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/sonarr/default.nix create mode 100644 modules/nixos-modules/server/sonarr/impermanence.nix create mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d10bea0..830af16 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -287,6 +287,21 @@ subdomain = "budget"; }; + sonarr = { + enable = true; + openFirewall = true; + }; + + radarr = { + enable = true; + openFirewall = true; + }; + + bazarr = { + enable = true; + openFirewall = true; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix new file mode 100644 index 0000000..22fb0e6 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + bazarr_data_directory = "/var/lib/bazarr"; +in { + config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.bazarr.dataDir == bazarr_data_directory; + message = "bazarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = bazarr_data_directory; + user = "bazarr"; + group = "bazarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix new file mode 100644 index 0000000..fe310d8 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.bazarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { + host.reverse_proxy.subdomains.bazarr = { + subdomain = config.services.bazarr.subdomain; + extraSubdomains = config.services.bazarr.extraSubdomains; + target = "http://127.0.0.1:6767"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 15f833b..e550123 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -7,14 +7,17 @@ ./podman.nix ./actual - ./immich - ./panoramax + ./bazarr ./forgejo ./home-assistant + ./immich ./jellyfin + ./panoramax ./paperless - ./searx ./qbittorent.nix + ./radarr + ./searx + ./sonarr ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/radarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix new file mode 100644 index 0000000..4a3242c --- /dev/null +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + radarr_data_directory = "/var/lib/radarr/.config/Radarr"; +in { + config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.radarr.dataDir == radarr_data_directory; + message = "radarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = radarr_data_directory; + user = "radarr"; + group = "radarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix new file mode 100644 index 0000000..ec5f575 --- /dev/null +++ b/modules/nixos-modules/server/radarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.radarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { + host.reverse_proxy.subdomains.radarr = { + subdomain = config.services.radarr.subdomain; + extraSubdomains = config.services.radarr.extraSubdomains; + target = "http://127.0.0.1:7878"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix new file mode 100644 index 0000000..abc843c --- /dev/null +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; +in { + config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.sonarr.dataDir == sonarr_data_directory; + message = "sonarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = sonarr_data_directory; + user = "sonarr"; + group = "sonarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix new file mode 100644 index 0000000..22b90a6 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.sonarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { + host.reverse_proxy.subdomains.sonarr = { + subdomain = config.services.sonarr.subdomain; + extraSubdomains = config.services.sonarr.extraSubdomains; + target = "http://127.0.0.1:8989"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From a8139f4265963e091062d354ab09e413a0103cda Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 20:04:51 -0500 Subject: [PATCH 0851/1043] feat: installed filebot --- configurations/nixos/defiant/packages.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix index 45780b0..f9cce58 100644 --- a/configurations/nixos/defiant/packages.nix +++ b/configurations/nixos/defiant/packages.nix @@ -1,9 +1,19 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "filebot" + ]; + environment.systemPackages = with pkgs; [ ffsubsync sox yt-dlp ffmpeg imagemagick + filebot ]; } From d2be5c7e2459355fbed24c74918b5793dcbffae0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 20:10:49 -0500 Subject: [PATCH 0852/1043] feat: added radarr, sonarr, and bazarr to the jellyfin_media group --- modules/nixos-modules/users.nix | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7fd43da..ea8d877 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -25,6 +25,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; + radarr = 275; + sonarr = 274; + bazarr = 985; }; gids = { @@ -42,6 +45,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; + radarr = 275; + sonarr = 274; + bazarr = 981; }; users = config.users.users; @@ -177,6 +183,24 @@ in { isSystemUser = true; group = config.users.users.actual.name; }; + + radarr = { + uid = lib.mkForce uids.radarr; + isSystemUser = true; + group = config.users.users.radarr.name; + }; + + sonarr = { + uid = lib.mkForce uids.sonarr; + isSystemUser = true; + group = config.users.users.sonarr.name; + }; + + bazarr = { + uid = lib.mkForce uids.bazarr; + isSystemUser = true; + group = config.users.users.bazarr.name; + }; }; groups = { @@ -206,6 +230,9 @@ in { gid = lib.mkForce gids.jellyfin_media; members = [ users.jellyfin.name + users.radarr.name + users.sonarr.name + users.bazarr.name leyla eve ]; @@ -287,6 +314,27 @@ in { users.actual.name ]; }; + + radarr = { + gid = lib.mkForce gids.radarr; + members = [ + users.radarr.name + ]; + }; + + sonarr = { + gid = lib.mkForce gids.sonarr; + members = [ + users.sonarr.name + ]; + }; + + bazarr = { + gid = lib.mkForce gids.bazarr; + members = [ + users.bazarr.name + ]; + }; }; }; } From a8dfcb02c86052113b5d46f242601c1b5f075a4e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:20:15 -0500 Subject: [PATCH 0853/1043] feat: created filebot cleanup service to run in background --- .../nixos/defiant/configuration.nix | 5 ++ configurations/nixos/defiant/default.nix | 1 + configurations/nixos/defiant/filebot.nix | 82 +++++++++++++++++++ configurations/nixos/defiant/packages.nix | 12 +-- 4 files changed, 89 insertions(+), 11 deletions(-) create mode 100644 configurations/nixos/defiant/filebot.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 830af16..e5f63f7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -332,6 +332,11 @@ openFirewall = true; webuiPort = 8084; }; + + filebot-cleanup = { + enable = true; + licenseFile = "/srv/jellyfin/filebot_license.psm"; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 3013946..05975a1 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,5 +4,6 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./filebot.nix ]; } diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix new file mode 100644 index 0000000..77d81bd --- /dev/null +++ b/configurations/nixos/defiant/filebot.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.filebot-cleanup; +in { + options.services.filebot-cleanup = { + enable = mkEnableOption "Filebot cleanup service"; + + licenseFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Path to the Filebot license file"; + }; + + cleanupDirectory = mkOption { + type = types.str; + default = "/srv/jellyfin/filebot_cleanup"; + description = "Directory where cleaned up media files are stored"; + }; + }; + + config = mkIf cfg.enable { + users.groups.filebot_cleanup = {}; + users.users.filebot_cleanup = { + isSystemUser = true; + group = "filebot_cleanup"; + extraGroups = ["jellyfin_media"]; + home = cfg.cleanupDirectory; + createHome = true; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "filebot" + ]; + + environment.systemPackages = with pkgs; [ + filebot + ]; + + systemd.services.filebot-cleanup = { + description = "Filebot media cleanup service"; + serviceConfig = { + Type = "simple"; + User = "filebot_cleanup"; + Group = "filebot_cleanup"; + ExecStart = pkgs.writeShellScript "filebot-cleanup" '' + ${optionalString (cfg.licenseFile != null) '' + ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" + ''} + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ''; + StandardOutput = "journal"; + StandardError = "journal"; + }; + wantedBy = ["multi-user.target"]; + }; + + environment.persistence = lib.mkIf config.host.impermanence.enable { + "/persist/system/filebot_cleanup" = { + enable = true; + hideMounts = true; + files = [ + cfg.licenseFile + ]; + directories = [ + { + directory = cfg.cleanupDirectory; + user = "filebot_cleanup"; + group = "filebot_cleanup"; + mode = "1770"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix index f9cce58..45780b0 100644 --- a/configurations/nixos/defiant/packages.nix +++ b/configurations/nixos/defiant/packages.nix @@ -1,19 +1,9 @@ -{ - pkgs, - lib, - ... -}: { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "filebot" - ]; - +{pkgs, ...}: { environment.systemPackages = with pkgs; [ ffsubsync sox yt-dlp ffmpeg imagemagick - filebot ]; } From 24def1e3d3428e7fe30a06eecc1786110065a14a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:31:29 -0500 Subject: [PATCH 0854/1043] chore: added tasks to README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index f1521ce..cad757a 100644 --- a/README.md +++ b/README.md @@ -69,5 +69,9 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance +- update proxy.nix files to contain the subdomain configs +- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- make radarr, sonarr, and bazarr accessible over vpn +- create some sort of service that allows uploading files to jellyfin - graphana accessible though tailscale \ No newline at end of file From 1d940fd8d8275a4050876d981e769e5c1572fe20 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:33:14 -0500 Subject: [PATCH 0855/1043] feat: disabled sonarr, radarr, and bazarr --- configurations/nixos/defiant/configuration.nix | 15 --------------- modules/nixos-modules/users.nix | 12 ++++++------ 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e5f63f7..2cde0b1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -287,21 +287,6 @@ subdomain = "budget"; }; - sonarr = { - enable = true; - openFirewall = true; - }; - - radarr = { - enable = true; - openFirewall = true; - }; - - bazarr = { - enable = true; - openFirewall = true; - }; - home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index ea8d877..db7d4ab 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -25,9 +25,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; - radarr = 275; - sonarr = 274; - bazarr = 985; + radarr = 2014; + sonarr = 2015; + bazarr = 2016; }; gids = { @@ -45,9 +45,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; - radarr = 275; - sonarr = 274; - bazarr = 981; + radarr = 2014; + sonarr = 2015; + bazarr = 2016; }; users = config.users.users; From c8d994814fb0d040be8e16cbc3c40ffbfb5a87e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:35:28 -0500 Subject: [PATCH 0856/1043] chore: added note to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cad757a..c58d847 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn - create some sort of service that allows uploading files to jellyfin + - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale \ No newline at end of file From 178b414a0ace601d899f27ea9c33899f70a87c6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:41:10 -0500 Subject: [PATCH 0857/1043] chore: removed already completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index c58d847..e94eb58 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- update proxy.nix files to contain the subdomain configs - rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn From 0cb4c25467ea159cce3d29df5f617491d9aced4a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 26 Sep 2025 20:21:58 -0500 Subject: [PATCH 0858/1043] fat: disabled filebot-cleanup service --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2cde0b1..401173e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -319,7 +319,7 @@ }; filebot-cleanup = { - enable = true; + enable = false; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; }; From 6dfe3ac3265c6de1202ac7cd6cad2bea8697b129 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Oct 2025 15:14:36 -0500 Subject: [PATCH 0859/1043] build: updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6123425..b5607f6 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1758600213, - "narHash": "sha256-YP7+UxybMCzHPd5k93pulILnFvSisjgUAGUB/cxWbqU=", + "lastModified": 1759291409, + "narHash": "sha256-eAzmD4ijeWCFy4YqArNmVu8901nLQLHr6dCv94yRrFk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8a0333bf11a0fab386c80fa018617bb050156ec5", + "rev": "f9c2e6b2eebdbe0e87236a63ea323c86da79b6c5", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1758719930, - "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -155,11 +155,11 @@ ] }, "locked": { - "lastModified": 1755372538, - "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=", + "lastModified": 1759342933, + "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda", + "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1758447883, - "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", + "lastModified": 1758805352, + "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", + "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1758678836, - "narHash": "sha256-ewDKEXcKYF7L+EGVa+8E1nxK1pdwVrCHcj5UhuGA8V0=", + "lastModified": 1759284197, + "narHash": "sha256-NbaOzcxsUxNm+Dday5DlV6P9CzRAonY2DNcp056oWWc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5007786714b3573b37cf3b8c4a33e2ddce86960d", + "rev": "a87f796f1ed4b0a8babe9370791a66aac4864887", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1758663926, - "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", + "lastModified": 1759261527, + "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", + "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1758425756, - "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "lastModified": 1759188042, + "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "type": "github" }, "original": { From c10c61003474a2760d92710b7bdb721cb9337d49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:49:29 -0500 Subject: [PATCH 0860/1043] feat: started to create polycule package --- .../home-manager/leyla/packages/default.nix | 2 + modules/common-modules/pkgs/default.nix | 3 + .../common-modules/pkgs/polycule/default.nix | 149 + .../pkgs/polycule/polycule-pubspec.lock.json | 2459 +++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + .../programs/polycule.nix | 32 + 6 files changed, 2646 insertions(+) create mode 100644 modules/common-modules/pkgs/polycule/default.nix create mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json create mode 100644 modules/home-manager-modules/programs/polycule.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 6377ed2..a6da7f5 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,6 +70,8 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; + # polycule package is currently broken + polycule.enable = false; }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index c97f97c..a2f61b1 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -38,5 +38,8 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) + (final: prev: { + polycule = pkgs.callPackage ./polycule {}; + }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix new file mode 100644 index 0000000..d092897 --- /dev/null +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -0,0 +1,149 @@ +{ + lib, + flutter329, + fetchFromGitLab, + pkg-config, + wrapGAppsHook, + gtk3, + glib, + glib-networking, + webkitgtk_4_1, + libsecret, + libnotify, + dbus, + sqlcipher, + openssl, + mpv, + alsa-lib, + libass, + ffmpeg-full, + libplacebo, + libunwind, + shaderc, + vulkan-headers, + vulkan-loader, + lcms2, + libdovi, + libdvdnav, + libdvdread, + mujs, + libbluray, + lua, + rubberband, + libuchardet, + zimg, + openal, + pipewire, + libpulseaudio, + libcaca, + libdrm, + libdisplay-info, + libgbm, + xorg, + nv-codec-headers-11, + libva, + libvdpau, +}: +flutter329.buildFlutterApplication rec { + pname = "polycule"; + version = "0.3.0"; + + src = fetchFromGitLab { + owner = "polycule_client"; + repo = "polycule"; + rev = "v${version}"; + hash = "sha256-kY1vJiDXh0rSCJNOAkO8JGiMR8kXwDHuc3T+S4MkOWY="; + }; + + pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; + + gitHashes = { + matrix = "sha256-e1HGC2yZyqqYB5YAGKmUkkdDbuSzhiUenJMKJgQYIi8="; + media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; + media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; + }; + + nativeBuildInputs = [ + pkg-config + wrapGAppsHook + ]; + + buildInputs = [ + gtk3 + glib + glib-networking + webkitgtk_4_1 + libsecret + libnotify + dbus + sqlcipher + openssl + mpv + alsa-lib + libass + ffmpeg-full + libplacebo + libunwind + shaderc + vulkan-headers + vulkan-loader + lcms2 + libdovi + libdvdnav + libdvdread + mujs + libbluray + lua + rubberband + libuchardet + zimg + openal + pipewire + libpulseaudio + libcaca + libdrm + libdisplay-info + libgbm + xorg.libXScrnSaver + xorg.libXpresent + nv-codec-headers-11 + libva + libvdpau + ]; + + flutterBuildFlags = [ + "--release" + "--target" + "lib/main.dart" + "--dart-define=POLYCULE_VERSION=v${version}" + "--dart-define=POLYCULE_IS_STABLE=true" + "--no-tree-shake-icons" + ]; + + postInstall = '' + # Install desktop files and icons from the source + install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop + install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png + + # Update desktop file to use correct executable name + substituteInPlace $out/share/applications/polycule.desktop \ + --replace 'Exec=business.braid.polycule' 'Exec=polycule' + + # Create a symlink with the expected name + ln -sf $out/bin/polycule $out/bin/business.braid.polycule + ''; + + meta = with lib; { + description = "A geeky and efficient [matrix] client for power users"; + longDescription = '' + Polycule is a modern Matrix client built with Flutter, designed for power users + who want a fast, efficient, and feature-rich Matrix experience. + ''; + homepage = "https://polycule.im/"; + license = licenses.eupl12; + maintainers = []; + platforms = ["x86_64-linux" "aarch64-linux"]; + sourceProvenance = with sourceTypes; [fromSource]; + mainProgram = "polycule"; + }; +} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json new file mode 100644 index 0000000..e119fa2 --- /dev/null +++ b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json @@ -0,0 +1,2459 @@ +{ + "packages": { + "_fe_analyzer_shared": { + "dependency": "transitive", + "description": { + "name": "_fe_analyzer_shared", + "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "85.0.0" + }, + "analyzer": { + "dependency": "transitive", + "description": { + "name": "analyzer", + "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.7.1" + }, + "animations": { + "dependency": "direct main", + "description": { + "name": "animations", + "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.11" + }, + "app_links": { + "dependency": "direct main", + "description": { + "name": "app_links", + "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.4.0" + }, + "app_links_linux": { + "dependency": "transitive", + "description": { + "name": "app_links_linux", + "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.3" + }, + "app_links_platform_interface": { + "dependency": "transitive", + "description": { + "name": "app_links_platform_interface", + "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.2" + }, + "app_links_web": { + "dependency": "transitive", + "description": { + "name": "app_links_web", + "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.4" + }, + "archive": { + "dependency": "transitive", + "description": { + "name": "archive", + "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.7" + }, + "args": { + "dependency": "transitive", + "description": { + "name": "args", + "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.7.0" + }, + "async": { + "dependency": "direct main", + "description": { + "name": "async", + "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.13.0" + }, + "audio_session": { + "dependency": "transitive", + "description": { + "name": "audio_session", + "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.2" + }, + "barcode": { + "dependency": "transitive", + "description": { + "name": "barcode", + "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.9" + }, + "barcode_widget": { + "dependency": "direct main", + "description": { + "name": "barcode_widget", + "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.4" + }, + "base58check": { + "dependency": "transitive", + "description": { + "name": "base58check", + "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "blurhash_dart": { + "dependency": "direct main", + "description": { + "name": "blurhash_dart", + "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.1" + }, + "boolean_selector": { + "dependency": "transitive", + "description": { + "name": "boolean_selector", + "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "build_cli_annotations": { + "dependency": "transitive", + "description": { + "name": "build_cli_annotations", + "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "camera": { + "dependency": "transitive", + "description": { + "name": "camera", + "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.11.2" + }, + "camera_android_camerax": { + "dependency": "transitive", + "description": { + "name": "camera_android_camerax", + "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.19+1" + }, + "camera_avfoundation": { + "dependency": "transitive", + "description": { + "name": "camera_avfoundation", + "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.21+1" + }, + "camera_platform_interface": { + "dependency": "transitive", + "description": { + "name": "camera_platform_interface", + "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.0" + }, + "camera_web": { + "dependency": "transitive", + "description": { + "name": "camera_web", + "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.5" + }, + "canonical_json": { + "dependency": "transitive", + "description": { + "name": "canonical_json", + "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "characters": { + "dependency": "transitive", + "description": { + "name": "characters", + "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.0" + }, + "checked_yaml": { + "dependency": "transitive", + "description": { + "name": "checked_yaml", + "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.4" + }, + "cli_config": { + "dependency": "transitive", + "description": { + "name": "cli_config", + "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "cli_util": { + "dependency": "transitive", + "description": { + "name": "cli_util", + "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.2" + }, + "clock": { + "dependency": "transitive", + "description": { + "name": "clock", + "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "collection": { + "dependency": "direct main", + "description": { + "name": "collection", + "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.19.1" + }, + "convert": { + "dependency": "transitive", + "description": { + "name": "convert", + "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.2" + }, + "coverage": { + "dependency": "transitive", + "description": { + "name": "coverage", + "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.15.0" + }, + "cross_file": { + "dependency": "direct main", + "description": { + "name": "cross_file", + "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.4+2" + }, + "crypto": { + "dependency": "transitive", + "description": { + "name": "crypto", + "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.6" + }, + "csslib": { + "dependency": "direct main", + "description": { + "name": "csslib", + "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "cupertino_http": { + "dependency": "direct main", + "description": { + "name": "cupertino_http", + "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.0" + }, + "cupertino_icons": { + "dependency": "direct main", + "description": { + "name": "cupertino_icons", + "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.8" + }, + "dart_animated_emoji": { + "dependency": "direct main", + "description": { + "name": "dart_animated_emoji", + "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.2" + }, + "dbus": { + "dependency": "direct main", + "description": { + "name": "dbus", + "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.7.11" + }, + "diacritic": { + "dependency": "direct main", + "description": { + "name": "diacritic", + "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.6" + }, + "diffutil_dart": { + "dependency": "direct main", + "description": { + "name": "diffutil_dart", + "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.1" + }, + "dynamic_color": { + "dependency": "direct main", + "description": { + "name": "dynamic_color", + "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.8.1" + }, + "emoji_extension": { + "dependency": "direct main", + "description": { + "name": "emoji_extension", + "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.0" + }, + "enhanced_enum": { + "dependency": "transitive", + "description": { + "name": "enhanced_enum", + "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.4" + }, + "equatable": { + "dependency": "transitive", + "description": { + "name": "equatable", + "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.7" + }, + "fake_async": { + "dependency": "transitive", + "description": { + "name": "fake_async", + "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.3" + }, + "fetch_api": { + "dependency": "transitive", + "description": { + "name": "fetch_api", + "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.1" + }, + "fetch_client": { + "dependency": "direct main", + "description": { + "name": "fetch_client", + "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "ffi": { + "dependency": "transitive", + "description": { + "name": "ffi", + "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "file": { + "dependency": "transitive", + "description": { + "name": "file", + "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.0.1" + }, + "file_selector": { + "dependency": "direct main", + "description": { + "name": "file_selector", + "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.3" + }, + "file_selector_android": { + "dependency": "transitive", + "description": { + "name": "file_selector_android", + "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.1+15" + }, + "file_selector_ios": { + "dependency": "transitive", + "description": { + "name": "file_selector_ios", + "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.3+1" + }, + "file_selector_linux": { + "dependency": "transitive", + "description": { + "name": "file_selector_linux", + "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.3+2" + }, + "file_selector_macos": { + "dependency": "transitive", + "description": { + "name": "file_selector_macos", + "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.4+3" + }, + "file_selector_platform_interface": { + "dependency": "transitive", + "description": { + "name": "file_selector_platform_interface", + "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.6.2" + }, + "file_selector_web": { + "dependency": "transitive", + "description": { + "name": "file_selector_web", + "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.4+2" + }, + "file_selector_windows": { + "dependency": "transitive", + "description": { + "name": "file_selector_windows", + "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.3+4" + }, + "fixnum": { + "dependency": "transitive", + "description": { + "name": "fixnum", + "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "flutter": { + "dependency": "direct main", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_adaptive_scaffold": { + "dependency": "direct main", + "description": { + "name": "flutter_adaptive_scaffold", + "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.3+1" + }, + "flutter_confetti": { + "dependency": "direct main", + "description": { + "name": "flutter_confetti", + "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.1" + }, + "flutter_driver": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_highlighting": { + "dependency": "direct main", + "description": { + "name": "flutter_highlighting", + "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.0+11.8.0" + }, + "flutter_html": { + "dependency": "direct main", + "description": { + "name": "flutter_html", + "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_html_svg": { + "dependency": "direct main", + "description": { + "name": "flutter_html_svg", + "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_html_table": { + "dependency": "direct main", + "description": { + "name": "flutter_html_table", + "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_keyboard_visibility": { + "dependency": "direct main", + "description": { + "name": "flutter_keyboard_visibility", + "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_keyboard_visibility_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_linux", + "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_keyboard_visibility_macos": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_macos", + "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_keyboard_visibility_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_platform_interface", + "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_keyboard_visibility_web": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_web", + "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_keyboard_visibility_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_windows", + "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_launcher_icons": { + "dependency": "direct dev", + "description": { + "name": "flutter_launcher_icons", + "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.14.4" + }, + "flutter_layout_grid": { + "dependency": "transitive", + "description": { + "name": "flutter_layout_grid", + "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.8" + }, + "flutter_lints": { + "dependency": "direct dev", + "description": { + "name": "flutter_lints", + "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_local_notifications": { + "dependency": "direct main", + "description": { + "name": "flutter_local_notifications", + "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "19.4.0" + }, + "flutter_local_notifications_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_linux", + "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_local_notifications_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_platform_interface", + "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "9.1.0" + }, + "flutter_local_notifications_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_windows", + "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "flutter_localizations": { + "dependency": "direct main", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_openssl_crypto": { + "dependency": "direct main", + "description": { + "name": "flutter_openssl_crypto", + "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.0" + }, + "flutter_plugin_android_lifecycle": { + "dependency": "transitive", + "description": { + "name": "flutter_plugin_android_lifecycle", + "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.29" + }, + "flutter_rust_bridge": { + "dependency": "transitive", + "description": { + "name": "flutter_rust_bridge", + "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.0" + }, + "flutter_secure_storage": { + "dependency": "direct main", + "description": { + "name": "flutter_secure_storage", + "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "10.0.0-beta.4" + }, + "flutter_secure_storage_darwin": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_darwin", + "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.0" + }, + "flutter_secure_storage_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_linux", + "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "flutter_secure_storage_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_platform_interface", + "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "flutter_secure_storage_web": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_web", + "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_secure_storage_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_windows", + "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.0" + }, + "flutter_svg": { + "dependency": "direct main", + "description": { + "name": "flutter_svg", + "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "flutter_test": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_typeahead": { + "dependency": "direct main", + "description": { + "name": "flutter_typeahead", + "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.2.0" + }, + "flutter_vodozemac": { + "dependency": "direct main", + "description": { + "name": "flutter_vodozemac", + "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.2" + }, + "flutter_web_plugins": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_zxing": { + "dependency": "direct main", + "description": { + "name": "flutter_zxing", + "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.1" + }, + "frontend_server_client": { + "dependency": "transitive", + "description": { + "name": "frontend_server_client", + "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.0" + }, + "fuchsia_remote_debug_protocol": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "glob": { + "dependency": "transitive", + "description": { + "name": "glob", + "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.3" + }, + "go_router": { + "dependency": "direct main", + "description": { + "name": "go_router", + "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "16.1.0" + }, + "gtk": { + "dependency": "transitive", + "description": { + "name": "gtk", + "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "highlighting": { + "dependency": "direct main", + "description": { + "name": "highlighting", + "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.0+11.8.0" + }, + "html": { + "dependency": "direct main", + "description": { + "name": "html", + "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.15.6" + }, + "html_unescape": { + "dependency": "transitive", + "description": { + "name": "html_unescape", + "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "http": { + "dependency": "direct main", + "description": { + "name": "http", + "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.5.0" + }, + "http_parser": { + "dependency": "transitive", + "description": { + "name": "http_parser", + "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.1.2" + }, + "http_profile": { + "dependency": "transitive", + "description": { + "name": "http_profile", + "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.0" + }, + "image": { + "dependency": "direct main", + "description": { + "name": "image", + "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.5.4" + }, + "image_picker": { + "dependency": "direct main", + "description": { + "name": "image_picker", + "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "image_picker_android": { + "dependency": "transitive", + "description": { + "name": "image_picker_android", + "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.8.12+25" + }, + "image_picker_for_web": { + "dependency": "transitive", + "description": { + "name": "image_picker_for_web", + "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.6" + }, + "image_picker_ios": { + "dependency": "transitive", + "description": { + "name": "image_picker_ios", + "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.8.12+2" + }, + "image_picker_linux": { + "dependency": "transitive", + "description": { + "name": "image_picker_linux", + "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+2" + }, + "image_picker_macos": { + "dependency": "transitive", + "description": { + "name": "image_picker_macos", + "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+2" + }, + "image_picker_platform_interface": { + "dependency": "transitive", + "description": { + "name": "image_picker_platform_interface", + "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.1" + }, + "image_picker_windows": { + "dependency": "transitive", + "description": { + "name": "image_picker_windows", + "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+1" + }, + "import_sorter": { + "dependency": "direct main", + "description": { + "name": "import_sorter", + "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.6.0" + }, + "integration_test": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "intl": { + "dependency": "direct main", + "description": { + "name": "intl", + "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.20.2" + }, + "io": { + "dependency": "transitive", + "description": { + "name": "io", + "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.5" + }, + "js": { + "dependency": "transitive", + "description": { + "name": "js", + "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.7" + }, + "json_annotation": { + "dependency": "transitive", + "description": { + "name": "json_annotation", + "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.9.0" + }, + "just_audio": { + "dependency": "direct main", + "description": { + "name": "just_audio", + "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.4" + }, + "just_audio_media_kit": { + "dependency": "direct main", + "description": { + "name": "just_audio_media_kit", + "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "just_audio_platform_interface": { + "dependency": "transitive", + "description": { + "name": "just_audio_platform_interface", + "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.6.0" + }, + "just_audio_web": { + "dependency": "transitive", + "description": { + "name": "just_audio_web", + "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.16" + }, + "just_waveform": { + "dependency": "direct main", + "description": { + "name": "just_waveform", + "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.0.7" + }, + "leak_tracker": { + "dependency": "transitive", + "description": { + "name": "leak_tracker", + "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "10.0.9" + }, + "leak_tracker_flutter_testing": { + "dependency": "transitive", + "description": { + "name": "leak_tracker_flutter_testing", + "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.9" + }, + "leak_tracker_testing": { + "dependency": "transitive", + "description": { + "name": "leak_tracker_testing", + "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.1" + }, + "linkify": { + "dependency": "direct main", + "description": { + "name": "linkify", + "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.0.0" + }, + "lints": { + "dependency": "transitive", + "description": { + "name": "lints", + "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "list_counter": { + "dependency": "transitive", + "description": { + "name": "list_counter", + "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "locale_names": { + "dependency": "direct main", + "description": { + "name": "locale_names", + "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "logging": { + "dependency": "transitive", + "description": { + "name": "logging", + "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.0" + }, + "lottie": { + "dependency": "direct main", + "description": { + "name": "lottie", + "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.3.1" + }, + "markdown": { + "dependency": "transitive", + "description": { + "name": "markdown", + "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.3.0" + }, + "matcher": { + "dependency": "transitive", + "description": { + "name": "matcher", + "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.12.17" + }, + "material_color_utilities": { + "dependency": "transitive", + "description": { + "name": "material_color_utilities", + "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.11.1" + }, + "matrix": { + "dependency": "direct main", + "description": { + "path": ".", + "ref": "braid/msc3861-native-oidc", + "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", + "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" + }, + "source": "git", + "version": "1.1.0" + }, + "matrix_homeserver_recommendations": { + "dependency": "direct main", + "description": { + "name": "matrix_homeserver_recommendations", + "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.1" + }, + "media_kit": { + "dependency": "direct main", + "description": { + "path": "media_kit", + "ref": "braid/stub-template", + "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", + "url": "https://github.com/TheOneWithTheBraid/media-kit.git" + }, + "source": "git", + "version": "1.2.0" + }, + "media_kit_libs_android_video": { + "dependency": "direct overridden", + "description": { + "path": "libs/android/media_kit_libs_android_video", + "ref": "main", + "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", + "url": "https://github.com/Predidit/media-kit.git" + }, + "source": "git", + "version": "1.3.6" + }, + "media_kit_libs_ios_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_ios_video", + "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "media_kit_libs_linux": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_linux", + "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.1" + }, + "media_kit_libs_macos_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_macos_video", + "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "media_kit_libs_video": { + "dependency": "direct main", + "description": { + "name": "media_kit_libs_video", + "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.6" + }, + "media_kit_libs_windows_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_windows_video", + "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.11" + }, + "media_kit_video": { + "dependency": "direct main", + "description": { + "name": "media_kit_video", + "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.0" + }, + "media_store_plus": { + "dependency": "direct main", + "description": { + "name": "media_store_plus", + "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.3" + }, + "meta": { + "dependency": "transitive", + "description": { + "name": "meta", + "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.16.0" + }, + "mime": { + "dependency": "direct main", + "description": { + "name": "mime", + "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "objective_c": { + "dependency": "transitive", + "description": { + "name": "objective_c", + "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.1.0" + }, + "package_config": { + "dependency": "transitive", + "description": { + "name": "package_config", + "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "package_info_plus": { + "dependency": "transitive", + "description": { + "name": "package_info_plus", + "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "8.3.1" + }, + "package_info_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "package_info_plus_platform_interface", + "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.1" + }, + "path": { + "dependency": "transitive", + "description": { + "name": "path", + "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.9.1" + }, + "path_parsing": { + "dependency": "transitive", + "description": { + "name": "path_parsing", + "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "path_provider": { + "dependency": "direct main", + "description": { + "name": "path_provider", + "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.5" + }, + "path_provider_android": { + "dependency": "transitive", + "description": { + "name": "path_provider_android", + "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.17" + }, + "path_provider_foundation": { + "dependency": "transitive", + "description": { + "name": "path_provider_foundation", + "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "path_provider_linux": { + "dependency": "transitive", + "description": { + "name": "path_provider_linux", + "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.1" + }, + "path_provider_platform_interface": { + "dependency": "transitive", + "description": { + "name": "path_provider_platform_interface", + "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "path_provider_windows": { + "dependency": "transitive", + "description": { + "name": "path_provider_windows", + "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.0" + }, + "petitparser": { + "dependency": "transitive", + "description": { + "name": "petitparser", + "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.1.0" + }, + "platform": { + "dependency": "transitive", + "description": { + "name": "platform", + "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.6" + }, + "plugin_platform_interface": { + "dependency": "transitive", + "description": { + "name": "plugin_platform_interface", + "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.8" + }, + "pointer_interceptor": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor", + "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1+2" + }, + "pointer_interceptor_ios": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_ios", + "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1" + }, + "pointer_interceptor_platform_interface": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_platform_interface", + "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.0+1" + }, + "pointer_interceptor_web": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_web", + "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.3" + }, + "pool": { + "dependency": "transitive", + "description": { + "name": "pool", + "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.5.1" + }, + "posix": { + "dependency": "transitive", + "description": { + "name": "posix", + "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.3" + }, + "process": { + "dependency": "transitive", + "description": { + "name": "process", + "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.0.3" + }, + "pub_semver": { + "dependency": "transitive", + "description": { + "name": "pub_semver", + "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "qr": { + "dependency": "transitive", + "description": { + "name": "qr", + "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.2" + }, + "quiver": { + "dependency": "transitive", + "description": { + "name": "quiver", + "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.2" + }, + "random_string": { + "dependency": "transitive", + "description": { + "name": "random_string", + "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.1" + }, + "receive_sharing_intent": { + "dependency": "direct main", + "description": { + "name": "receive_sharing_intent", + "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.8.1" + }, + "rxdart": { + "dependency": "transitive", + "description": { + "name": "rxdart", + "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.28.0" + }, + "safe_local_storage": { + "dependency": "transitive", + "description": { + "name": "safe_local_storage", + "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "screen_brightness_android": { + "dependency": "transitive", + "description": { + "name": "screen_brightness_android", + "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "screen_brightness_platform_interface": { + "dependency": "transitive", + "description": { + "name": "screen_brightness_platform_interface", + "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "sdp_transform": { + "dependency": "transitive", + "description": { + "name": "sdp_transform", + "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.2" + }, + "sentry": { + "dependency": "direct main", + "description": { + "name": "sentry", + "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "9.6.0" + }, + "share_plus": { + "dependency": "direct main", + "description": { + "name": "share_plus", + "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "11.1.0" + }, + "share_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "share_plus_platform_interface", + "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.1.0" + }, + "sky_engine": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "slugify": { + "dependency": "transitive", + "description": { + "name": "slugify", + "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "source_map_stack_trace": { + "dependency": "transitive", + "description": { + "name": "source_map_stack_trace", + "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "source_maps": { + "dependency": "transitive", + "description": { + "name": "source_maps", + "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.13" + }, + "source_span": { + "dependency": "transitive", + "description": { + "name": "source_span", + "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.10.1" + }, + "sprintf": { + "dependency": "transitive", + "description": { + "name": "sprintf", + "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.0.0" + }, + "sqflite": { + "dependency": "direct main", + "description": { + "name": "sqflite", + "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.2" + }, + "sqflite_android": { + "dependency": "transitive", + "description": { + "name": "sqflite_android", + "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "sqflite_common": { + "dependency": "transitive", + "description": { + "name": "sqflite_common", + "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.5.6" + }, + "sqflite_common_ffi": { + "dependency": "direct main", + "description": { + "name": "sqflite_common_ffi", + "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.6" + }, + "sqflite_darwin": { + "dependency": "transitive", + "description": { + "name": "sqflite_darwin", + "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.2" + }, + "sqflite_platform_interface": { + "dependency": "transitive", + "description": { + "name": "sqflite_platform_interface", + "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.0" + }, + "sqlcipher_flutter_libs": { + "dependency": "direct main", + "description": { + "name": "sqlcipher_flutter_libs", + "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.8" + }, + "sqlite3": { + "dependency": "transitive", + "description": { + "name": "sqlite3", + "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.9.0" + }, + "stack_trace": { + "dependency": "transitive", + "description": { + "name": "stack_trace", + "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.12.1" + }, + "stream_channel": { + "dependency": "transitive", + "description": { + "name": "stream_channel", + "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "stream_transform": { + "dependency": "transitive", + "description": { + "name": "stream_transform", + "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.1" + }, + "string_scanner": { + "dependency": "transitive", + "description": { + "name": "string_scanner", + "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.1" + }, + "sync_http": { + "dependency": "transitive", + "description": { + "name": "sync_http", + "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.1" + }, + "synchronized": { + "dependency": "transitive", + "description": { + "name": "synchronized", + "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.4.0" + }, + "term_glyph": { + "dependency": "transitive", + "description": { + "name": "term_glyph", + "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.2" + }, + "test_api": { + "dependency": "transitive", + "description": { + "name": "test_api", + "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.7.4" + }, + "test_core": { + "dependency": "transitive", + "description": { + "name": "test_core", + "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.8" + }, + "timezone": { + "dependency": "transitive", + "description": { + "name": "timezone", + "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1" + }, + "tint": { + "dependency": "transitive", + "description": { + "name": "tint", + "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "tuple": { + "dependency": "transitive", + "description": { + "name": "tuple", + "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.2" + }, + "typed_data": { + "dependency": "transitive", + "description": { + "name": "typed_data", + "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.0" + }, + "unifiedpush": { + "dependency": "direct main", + "description": { + "name": "unifiedpush", + "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.2" + }, + "unifiedpush_android": { + "dependency": "transitive", + "description": { + "name": "unifiedpush_android", + "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.1" + }, + "unifiedpush_platform_interface": { + "dependency": "transitive", + "description": { + "name": "unifiedpush_platform_interface", + "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.1" + }, + "universal_platform": { + "dependency": "transitive", + "description": { + "name": "universal_platform", + "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "unorm_dart": { + "dependency": "direct main", + "description": { + "name": "unorm_dart", + "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "uri_parser": { + "dependency": "transitive", + "description": { + "name": "uri_parser", + "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "url_launcher": { + "dependency": "direct main", + "description": { + "name": "url_launcher", + "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.2" + }, + "url_launcher_android": { + "dependency": "transitive", + "description": { + "name": "url_launcher_android", + "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.17" + }, + "url_launcher_ios": { + "dependency": "transitive", + "description": { + "name": "url_launcher_ios", + "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.3" + }, + "url_launcher_linux": { + "dependency": "transitive", + "description": { + "name": "url_launcher_linux", + "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.1" + }, + "url_launcher_macos": { + "dependency": "transitive", + "description": { + "name": "url_launcher_macos", + "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.2" + }, + "url_launcher_platform_interface": { + "dependency": "transitive", + "description": { + "name": "url_launcher_platform_interface", + "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.2" + }, + "url_launcher_web": { + "dependency": "transitive", + "description": { + "name": "url_launcher_web", + "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "url_launcher_windows": { + "dependency": "transitive", + "description": { + "name": "url_launcher_windows", + "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.4" + }, + "uuid": { + "dependency": "transitive", + "description": { + "name": "uuid", + "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.5.1" + }, + "vector_graphics": { + "dependency": "transitive", + "description": { + "name": "vector_graphics", + "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.19" + }, + "vector_graphics_codec": { + "dependency": "transitive", + "description": { + "name": "vector_graphics_codec", + "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.13" + }, + "vector_graphics_compiler": { + "dependency": "transitive", + "description": { + "name": "vector_graphics_compiler", + "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.17" + }, + "vector_math": { + "dependency": "transitive", + "description": { + "name": "vector_math", + "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "visibility_detector": { + "dependency": "direct main", + "description": { + "name": "visibility_detector", + "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.0+2" + }, + "vm_service": { + "dependency": "transitive", + "description": { + "name": "vm_service", + "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "15.0.0" + }, + "vodozemac": { + "dependency": "direct main", + "description": { + "name": "vodozemac", + "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "volume_controller": { + "dependency": "transitive", + "description": { + "name": "volume_controller", + "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.4.0" + }, + "wakelock_plus": { + "dependency": "transitive", + "description": { + "name": "wakelock_plus", + "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.2" + }, + "wakelock_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "wakelock_plus_platform_interface", + "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.3" + }, + "watcher": { + "dependency": "transitive", + "description": { + "name": "watcher", + "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "web": { + "dependency": "direct main", + "description": { + "name": "web", + "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "web_multiple_tab_detector": { + "dependency": "direct main", + "description": { + "name": "web_multiple_tab_detector", + "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.0" + }, + "web_socket": { + "dependency": "transitive", + "description": { + "name": "web_socket", + "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.1" + }, + "webdriver": { + "dependency": "transitive", + "description": { + "name": "webdriver", + "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.0" + }, + "webrtc_interface": { + "dependency": "transitive", + "description": { + "name": "webrtc_interface", + "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.2+hotfix.2" + }, + "win32": { + "dependency": "transitive", + "description": { + "name": "win32", + "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.14.0" + }, + "xdg_directories": { + "dependency": "transitive", + "description": { + "name": "xdg_directories", + "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "xml": { + "dependency": "transitive", + "description": { + "name": "xml", + "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.5.0" + }, + "yaml": { + "dependency": "transitive", + "description": { + "name": "yaml", + "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.3" + } + }, + "sdks": { + "dart": ">=3.8.0 <4.0.0", + "flutter": ">=3.29.0" + } +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 79f3351..68e5c71 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -38,5 +38,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix + ./polycule.nix ]; } diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix new file mode 100644 index 0000000..a7004bd --- /dev/null +++ b/modules/home-manager-modules/programs/polycule.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.polycule = { + enable = lib.mkEnableOption "enable polycule matrix client"; + package = lib.mkPackageOption pkgs "polycule" {}; + }; + + config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ + { + home.packages = [ + config.programs.polycule.package + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + # TODO: check that these are actually the correct folders + # directories = [ + # "${config.xdg.configHome}/polycule" + # "${config.xdg.dataHome}/polycule" + # "${config.xdg.cacheHome}/polycule" + # ]; + }; + } + ) + ]); +} From d4615fc4354c0e9c824a10485d096123ce34b32c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:51:20 -0500 Subject: [PATCH 0861/1043] chore: updated README --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e94eb58..dc74557 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - make radarr, sonarr, and bazarr accessible over vpn - create some sort of service that allows uploading files to jellyfin - auto sort files into where they should go with some combination of filebot cli and picard cli -- graphana accessible though tailscale \ No newline at end of file +- graphana accessible though tailscale +- fix polycule package +- fix panoramax package +- actual instance +- intergrade radarr, sonarr, and bazarr \ No newline at end of file From 21edda5fe6eb75680abf3f4d478b00c006e845b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:55:49 -0500 Subject: [PATCH 0862/1043] feat: added auto aproval for nixos mcp server settings --- README.md | 3 ++- .../home-manager/leyla/packages/vscode/default.nix | 13 ++++++++++++- .../programs/vscode/claudeDev.nix | 9 +++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dc74557..d0cda10 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - fix polycule package - fix panoramax package - actual instance -- intergrade radarr, sonarr, and bazarr \ No newline at end of file +- intergrade radarr, sonarr, and bazarr +- claude code MCP servers should bundle node with them so they work in all environments diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 981156b..ba9e48a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -71,7 +71,18 @@ in { claudeDev = lib.mkIf ai-tooling-enabled { enable = true; mcp = { - nixos.enable = true; + nixos = { + enable = true; + autoApprove = { + nixos_search = true; + nixos_info = true; + home_manager_search = true; + home_manager_info = true; + darwin_search = true; + darwin_info = true; + nixos_flakes_search = true; + }; + }; eslint = { enable = true; autoApprove = { diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index cebf614..ffeaff3 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -72,6 +72,15 @@ in { mcp = { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; + autoApprove = { + nixos_search = lib.mkEnableOption "should the nixos_search tool be auto approved for the nixos MCP server"; + nixos_info = lib.mkEnableOption "should the nixos_info tool be auto approved for the nixos MCP server"; + home_manager_search = lib.mkEnableOption "should the home_manager_search tool be auto approved for the nixos MCP server"; + home_manager_info = lib.mkEnableOption "should the home_manager_info tool be auto approved for the nixos MCP server"; + darwin_search = lib.mkEnableOption "should the darwin_search tool be auto approved for the nixos MCP server"; + darwin_info = lib.mkEnableOption "should the darwin_info tool be auto approved for the nixos MCP server"; + nixos_flakes_search = lib.mkEnableOption "should the nixos_flakes_search tool be auto approved for the nixos MCP server"; + }; }; eslint = { enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; From c9bb9380b510ec0c9f50cf631e04e6170e866499 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 15:45:21 -0500 Subject: [PATCH 0863/1043] feat: fixed vpn on defiant --- .../nixos/defiant/configuration.nix | 108 ++++++++++++------ 1 file changed, 70 insertions(+), 38 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 401173e..b16036b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -132,23 +132,24 @@ }; }; - # "20-wg0" = { - # netdevConfig = { - # Kind = "wireguard"; - # Name = "wg0"; - # }; - # wireguardConfig = { - # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - # ListenPort = 51820; - # }; - # wireguardPeers = [ - # { - # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - # Endpoint = "185.230.126.146:51820"; - # AllowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; + "20-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + }; + wireguardPeers = [ + { + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + # Allow all traffic but use policy routing to prevent system-wide VPN + AllowedIPs = ["0.0.0.0/0"]; + } + ]; + }; }; networks = { "40-bond0" = { @@ -163,36 +164,67 @@ "192.168.1.10/32" ]; - gateway = ["192.168.1.1"]; + # Set lower priority for default gateway to allow WireGuard interface binding + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = "192.168.1.1"; + Metric = 100; + } + ]; dns = ["192.168.1.1"]; }; - # For some reason this isn't working. It looks like traffic goes out and comes back but doesn't get correctly routed back to the wg interface on the return trip - # debugging steps: - # try sending data on the interface `ping -I wg0 8.8.8.8` - # view all traffic on the interface `sudo tshark -i wg0` - # see what applications are listening to port 14666 (thats what we currently have qbittorent set up to use) `ss -tuln | grep 14666` - # "50-wg0" = { - # matchConfig.Name = "wg0"; - # networkConfig = { - # DHCP = "no"; - # }; - # address = [ - # "10.2.0.2/32" - # ]; - # # routes = [ - # # { - # # Destination = "10.2.0.2/32"; - # # Gateway = "10.2.0.1"; - # # } - # # ]; - # }; + "50-wg0" = { + matchConfig.Name = "wg0"; + networkConfig = { + DHCP = "no"; + }; + address = [ + "10.2.0.2/32" + ]; + # Configure routing for application binding + routingPolicyRules = [ + { + # Route traffic from VPN interface through VPN table + From = "10.2.0.2/32"; + Table = 200; + Priority = 100; + } + ]; + routes = [ + { + # Direct route to VPN gateway + Destination = "10.2.0.1/32"; + Scope = "link"; + } + { + # Route VPN subnet through VPN gateway in custom table + Destination = "10.2.0.0/16"; + Gateway = "10.2.0.1"; + Table = 200; + } + { + # Route all traffic through VPN gateway in custom table + Destination = "0.0.0.0/0"; + Gateway = "10.2.0.1"; + Table = 200; + } + ]; + }; }; }; # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; + # Enable policy routing and source routing for application-specific VPN binding + boot.kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.wg0.rp_filter" = 2; + }; + services = { # temp enable desktop environment for setup # Enable the X11 windowing system. From 03149db7ea58095fba9712d23e8e4e7179e69643 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 17:53:07 -0500 Subject: [PATCH 0864/1043] build: updated flake lock --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b5607f6..080c221 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1759291409, - "narHash": "sha256-eAzmD4ijeWCFy4YqArNmVu8901nLQLHr6dCv94yRrFk=", + "lastModified": 1759403080, + "narHash": "sha256-EteyL8KyG9R5xzqyOBzyag4n2cSemu61VFrl3opJSqE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9c2e6b2eebdbe0e87236a63ea323c86da79b6c5", + "rev": "8af6dfcbcbf1115a4f5aeed77ff0db5d3c02caf0", "type": "gitlab" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1759284197, - "narHash": "sha256-NbaOzcxsUxNm+Dday5DlV6P9CzRAonY2DNcp056oWWc=", + "lastModified": 1759369908, + "narHash": "sha256-IIhaE6jAge64z+fIyi/8Vtu0JdTtapbp4CvwiuIkZ1E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a87f796f1ed4b0a8babe9370791a66aac4864887", + "rev": "a66ad2141b1440a838ead278c6edfe8a4ce75e6c", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { From 2c918478abf29afc9e4a64bf59679fbee4c250e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 18:53:32 -0500 Subject: [PATCH 0865/1043] feat: enabled filebot-cleanup task --- configurations/nixos/defiant/configuration.nix | 15 ++++++++++++++- configurations/nixos/defiant/filebot.nix | 4 ++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index b16036b..9fbdee6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -351,9 +351,22 @@ }; filebot-cleanup = { - enable = false; + enable = true; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; + + sonarr = { + enable = false; + openFirewall = true; + }; + radarr = { + enable = false; + openFirewall = true; + }; + bazarr = { + enable = false; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix index 77d81bd..c6153f9 100644 --- a/configurations/nixos/defiant/filebot.nix +++ b/configurations/nixos/defiant/filebot.nix @@ -52,8 +52,8 @@ in { ${optionalString (cfg.licenseFile != null) '' ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" ''} - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate ''; StandardOutput = "journal"; StandardError = "journal"; From 7483c2c01c320a7c46a4add634cc90af2e8c9a9c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 13:59:12 -0500 Subject: [PATCH 0866/1043] feat: fixed polyclue package --- configurations/home-manager/leyla/packages/default.nix | 4 ++-- modules/common-modules/pkgs/polycule/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index a6da7f5..5bccad3 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,8 +70,8 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is currently broken - polycule.enable = false; + # polycule package is now working with Flutter 3.29 + polycule.enable = true; }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index d092897..28c51fc 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -1,6 +1,6 @@ { lib, - flutter329, + flutter332, fetchFromGitLab, pkg-config, wrapGAppsHook, @@ -44,7 +44,7 @@ libva, libvdpau, }: -flutter329.buildFlutterApplication rec { +flutter332.buildFlutterApplication rec { pname = "polycule"; version = "0.3.0"; From bc705098d65a4366dd2458492b55d8996f1437e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 14:23:26 -0500 Subject: [PATCH 0867/1043] chore: removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d0cda10..c952fbf 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - create some sort of service that allows uploading files to jellyfin - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale -- fix polycule package - fix panoramax package - actual instance - intergrade radarr, sonarr, and bazarr From 2935d43bcb34aca22a0221be1736e47bd2971dff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 21:10:20 -0500 Subject: [PATCH 0868/1043] feat: moved filebot cleanup to jellyfin persistence --- configurations/nixos/defiant/filebot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix index c6153f9..aaf247d 100644 --- a/configurations/nixos/defiant/filebot.nix +++ b/configurations/nixos/defiant/filebot.nix @@ -62,7 +62,7 @@ in { }; environment.persistence = lib.mkIf config.host.impermanence.enable { - "/persist/system/filebot_cleanup" = { + "/persist/system/jellyfin" = { enable = true; hideMounts = true; files = [ From 0730cc6594cdd9a3a66add42021de16c4ba9d220 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Oct 2025 11:15:53 -0500 Subject: [PATCH 0869/1043] feat: updated polycule package --- modules/common-modules/pkgs/polycule/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index 28c51fc..b463cc5 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -46,19 +46,19 @@ }: flutter332.buildFlutterApplication rec { pname = "polycule"; - version = "0.3.0"; + version = "0.3.4"; src = fetchFromGitLab { owner = "polycule_client"; repo = "polycule"; rev = "v${version}"; - hash = "sha256-kY1vJiDXh0rSCJNOAkO8JGiMR8kXwDHuc3T+S4MkOWY="; + hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; }; pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; gitHashes = { - matrix = "sha256-e1HGC2yZyqqYB5YAGKmUkkdDbuSzhiUenJMKJgQYIi8="; + matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; }; From 884d11d0a36c5b05a29deddad32a1a9e503ba201 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Oct 2025 12:12:45 -0500 Subject: [PATCH 0870/1043] chore: updated host map in README --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index c952fbf..acaa6e7 100644 --- a/README.md +++ b/README.md @@ -7,19 +7,19 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Hosts ## Host Map -| Hostname | Device Description | Primary User | Role | -| :---------: | :------------------------: | :--------------: | :-------: | -| `twilight` | Desktop Computer | Leyla | Desktop | -| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | NAS Server | Leyla | Server | -| `hesperium` | Mac | ????? | ??? | -| `emergent` | Desktop Computer | Eve | Desktop | -| `threshold` | Laptop | Eve | Laptop | -| `wolfram` | Steam Deck | House | Handheld | -| `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | -| `skate` | A6 Tablet (not using nix) | Leyla | Tablet | -| `shale` | A6 Tablet (not using nix) | Eve | Tablet | -| `coven` | Pixel 8 (not using nix) | Leyla | Android | +| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix | +| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ | +| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ | +| `hesperium` | Mac | ????? | Mac | ❌ | ❌ | +| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ | +| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ | +| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ | +| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ | +| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ | +| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ | +| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ | # Tooling ## Rebuilding From 44922dfcd589116c996bf054e7951a020b06294e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 Oct 2025 14:58:41 -0500 Subject: [PATCH 0871/1043] feat: re enabled lix --- flake.lock | 90 ++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 8 ++--- util/default.nix | 4 +-- 3 files changed, 94 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 080c221..5be844f 100644 --- a/flake.lock +++ b/flake.lock @@ -111,6 +111,39 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -146,10 +179,47 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1759624822, + "narHash": "sha256-cf40qfsfpxJU/BnQ9PEj027LdPINNSsJqm+C6Ug93BA=", + "rev": "57333a0e600c5e096a609410a2f1059b97194b1e", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/57333a0e600c5e096a609410a2f1059b97194b1e.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756511062, + "narHash": "sha256-IgD1JR7scSEwlK/YAbmrcTWpAYT30LPldCUHdzXkaMs=", + "ref": "refs/heads/main", + "rev": "3f09a5eb772e02d98bb8878ab687d5b721f00d16", + "revCount": 162, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" + } + }, "mcp-nixos": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,7 +281,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -285,6 +355,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "mcp-nixos": "mcp-nixos", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", @@ -360,6 +431,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 151a54b..ddf92ce 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 5b61779..fb2f83d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 76d3c488db0c7468e7a9c47ebcfe9b6ac9cd0984 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 8 Oct 2025 13:05:08 -0500 Subject: [PATCH 0872/1043] feat: pinned mapilary version downloader feat: created user ivy --- configurations/home-manager/default.nix | 1 + configurations/home-manager/ivy/default.nix | 55 ++++++++++++++ configurations/home-manager/ivy/packages.nix | 73 +++++++++++++++++++ .../nixos/horizon/configuration.nix | 1 + flake.lock | 8 +- .../pkgs/mapillary-uploader.nix | 4 +- modules/nixos-modules/users.nix | 30 ++++++++ modules/system-modules/users.nix | 5 ++ nix-config-secrets | 2 +- 9 files changed, 172 insertions(+), 7 deletions(-) create mode 100644 configurations/home-manager/ivy/default.nix create mode 100644 configurations/home-manager/ivy/packages.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index a7fa478..3f88481 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -8,5 +8,6 @@ in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); + ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy); git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/ivy/default.nix b/configurations/home-manager/ivy/default.nix new file mode 100644 index 0000000..48a3cae --- /dev/null +++ b/configurations/home-manager/ivy/default.nix @@ -0,0 +1,55 @@ +{osConfig, ...}: let + userConfig = osConfig.host.users.ivy; +in { + imports = [ + ./packages.nix + ]; + + home = { + username = userConfig.name; + homeDirectory = osConfig.users.users.ivy.home; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + }; +} diff --git a/configurations/home-manager/ivy/packages.nix b/configurations/home-manager/ivy/packages.nix new file mode 100644 index 0000000..3c2a3d9 --- /dev/null +++ b/configurations/home-manager/ivy/packages.nix @@ -0,0 +1,73 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + config = { + nixpkgs.config = { + allowUnfree = true; + }; + + # Programs that need to be installed with some extra configuration + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + # git = { + # enable = true; + # userName = "Ivy"; + # userEmail = "ivy@example.com"; # Update this with actual email + # extraConfig.init.defaultBranch = "main"; + # }; + + openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }) + (lib.mkIf config.user.isDesktopUser { + vscode = { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + extraExtensions = { + # Cline extension (Claude AI assistant) + claudeDev.enable = true; + # Auto Rename Tag + autoRenameTag.enable = true; + # Live Server + liveServer.enable = true; + }; + + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ + streetsidesoftware.code-spell-checker + ] + ); + }; + }; + + firefox.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + claude-code.enable = true; + }) + ]; + }; +} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 731c6b0..0e86fe7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -32,6 +32,7 @@ isPrincipleUser = true; }; eve.isDesktopUser = true; + ivy.isDesktopUser = true; }; hardware = { diff --git a/flake.lock b/flake.lock index 5be844f..9309105 100644 --- a/flake.lock +++ b/flake.lock @@ -369,11 +369,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1752531440, - "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", + "lastModified": 1759945215, + "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=", "ref": "refs/heads/main", - "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", - "revCount": 20, + "rev": "444229a105445339fb028d15a8d866063c5f8141", + "revCount": 21, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 3ab38f8..7ce24f2 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -4,10 +4,10 @@ appimageTools, }: let pname = "mapillary-uploader"; - version = "4.7.2"; # Based on the application output + version = "4.7.2"; src = fetchurl { - url = "https://tools.mapillary.com/uploader/download/linux"; + url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index db7d4ab..137ae4b 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -15,6 +15,7 @@ uids = { leyla = 1000; eve = 1002; + ivy = 1004; jellyfin = 2000; forgejo = 2002; hass = 2004; @@ -33,6 +34,7 @@ gids = { leyla = 1000; eve = 1002; + ivy = 1004; users = 100; jellyfin_media = 2001; jellyfin = 2000; @@ -53,6 +55,7 @@ users = config.users.users; leyla = users.leyla.name; eve = users.eve.name; + ivy = users.ivy.name; in { config = lib.mkMerge [ { @@ -90,6 +93,10 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; + "passwords/ivy" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; @@ -123,6 +130,19 @@ in { group = config.users.users.eve.name; }; + ivy = { + uid = lib.mkForce uids.ivy; + name = lib.mkForce host.users.ivy.name; + description = "Ivy"; + extraGroups = + lib.optionals host.users.ivy.isNormalUser ["networkmanager"] + ++ (lib.lists.optionals host.users.ivy.isPrincipleUser ["wheel"]); + hashedPasswordFile = config.sops.secrets."passwords/ivy".path; + isNormalUser = host.users.ivy.isNormalUser; + isSystemUser = !host.users.ivy.isNormalUser; + group = config.users.users.ivy.name; + }; + jellyfin = { uid = lib.mkForce uids.jellyfin; isSystemUser = true; @@ -218,11 +238,19 @@ in { ]; }; + ivy = { + gid = lib.mkForce gids.ivy; + members = [ + ivy + ]; + }; + users = { gid = lib.mkForce gids.users; members = [ leyla eve + ivy ]; }; @@ -235,6 +263,7 @@ in { users.bazarr.name leyla eve + ivy ]; }; @@ -268,6 +297,7 @@ in { users.syncthing.name leyla eve + ivy ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index cd9c900..dda9ed3 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -89,6 +89,11 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; + ivy = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; }; assertions = diff --git a/nix-config-secrets b/nix-config-secrets index f016767..444229a 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 +Subproject commit 444229a105445339fb028d15a8d866063c5f8141 From 32c7086394cdffc9237792a6bed0c977e0e040fb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:06:54 -0500 Subject: [PATCH 0873/1043] feat: added display scaling for eve --- configurations/home-manager/eve/gnomeconf.nix | 30 +++++++++++++++---- modules/home-manager-modules/gnome.nix | 19 ++++++++++++ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index fbad391..ac063d8 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -1,12 +1,30 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + lib, + ... +}: { config = { + gnome = lib.mkMerge [ + { + colorScheme = "prefer-dark"; + accentColor = "slate"; + extraWindowControls = true; + extensions = [ + pkgs.gnomeExtensions.dash-to-panel + ]; + } + + (lib.mkIf (osConfig.networking.hostName == "horizon") { + displayScaling = 125; + experimentalFeatures = { + scaleMonitorFramebuffer = true; + }; + }) + ]; + dconf = { enable = true; - settings = { - "org/gnome/shell".enabled-extensions = [ - pkgs.gnomeExtensions.dash-to-panel.extensionUuid - ]; - }; }; }; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 8c70cf6..ede189b 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -60,6 +60,20 @@ })); default = {}; }; + displayScaling = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [100 125 150 175 200]); + default = null; + description = "Display scaling percentage for GNOME"; + }; + experimentalFeatures = lib.mkOption { + type = lib.types.submodule { + options = { + scaleMonitorFramebuffer = lib.mkEnableOption "scale-monitor-framebuffer experimental feature"; + }; + }; + default = {}; + description = "GNOME experimental features to enable"; + }; }; config = { @@ -77,6 +91,11 @@ "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; + "org/gnome/desktop/interface".text-scaling-factor = lib.mkIf (config.gnome.displayScaling != null) (config.gnome.displayScaling / 100.0); + + "org/gnome/mutter".experimental-features = lib.mkIf (builtins.any (x: x) (builtins.attrValues config.gnome.experimentalFeatures)) ( + lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" + ); } ( lib.mkMerge ( From c81fa77a2959315e16e68412505e092cc550e26f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:26:24 -0500 Subject: [PATCH 0874/1043] feat: simplified gnome configurations with more options --- configurations/home-manager/eve/gnomeconf.nix | 9 ++-- configurations/home-manager/leyla/dconf.nix | 29 +++++++------ modules/home-manager-modules/gnome.nix | 43 +++++++++++++++++-- 3 files changed, 61 insertions(+), 20 deletions(-) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index ac063d8..7cfb8fd 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -1,5 +1,4 @@ { - pkgs, osConfig, lib, ... @@ -10,9 +9,11 @@ colorScheme = "prefer-dark"; accentColor = "slate"; extraWindowControls = true; - extensions = [ - pkgs.gnomeExtensions.dash-to-panel - ]; + extensions = { + dash-to-panel = { + enable = true; + }; + }; } (lib.mkIf (osConfig.networking.hostName == "horizon") { diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index ef75db6..8c8d553 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,31 +1,36 @@ -{pkgs, ...}: { +{...}: { config = { gnome = { extraWindowControls = true; colorScheme = "prefer-dark"; clockFormat = "24h"; - extensions = [ - pkgs.gnomeExtensions.dash-to-dock - ]; + extensions = { + dash-to-dock = { + enable = true; + options = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; + }; + }; hotkeys = { "Open Terminal" = { binding = "t"; command = "kgx"; }; + "Open Firefox" = { + binding = "f"; + command = "firefox"; + }; }; }; dconf = { enable = true; settings = { - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ede189b..fa80eb2 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -1,8 +1,14 @@ { lib, config, + pkgs, ... -}: { +}: let + enabledExtensions = + [] + ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock + ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; +in { options.gnome = { extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; clockFormat = lib.mkOption { @@ -34,7 +40,7 @@ ]; default = "blue"; }; - extensions = lib.mkOption { + extraExtensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; description = "The set of extensions to install and enable in the user environment."; @@ -74,16 +80,36 @@ default = {}; description = "GNOME experimental features to enable"; }; + + extensions = { + dash-to-dock = { + enable = lib.mkEnableOption "Dash to Dock extension"; + options = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = "Dash to Dock configuration options. If null, no custom configuration will be applied."; + }; + }; + + dash-to-panel = { + enable = lib.mkEnableOption "Dash to Panel extension"; + options = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = "Dash to Panel configuration options. If null, no custom configuration will be applied."; + }; + }; + }; }; config = { - home.packages = config.gnome.extensions; + home.packages = config.gnome.extraExtensions ++ enabledExtensions; dconf = { settings = lib.mkMerge [ { "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extraExtensions; }; "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; @@ -119,6 +145,15 @@ ) ) ) + + # Extension configurations + (lib.mkIf (config.gnome.extensions.dash-to-dock.enable && config.gnome.extensions.dash-to-dock.options != null) { + "org/gnome/shell/extensions/dash-to-dock" = config.gnome.extensions.dash-to-dock.options; + }) + + (lib.mkIf (config.gnome.extensions.dash-to-panel.enable && config.gnome.extensions.dash-to-panel.options != null) { + "org/gnome/shell/extensions/dash-to-panel" = config.gnome.extensions.dash-to-panel.options; + }) ]; }; }; From ee6d48fe4926ffcff13efbaefbbc932a47503938 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:34:16 -0500 Subject: [PATCH 0875/1043] feat: added night light as a dconf option --- configurations/home-manager/eve/gnomeconf.nix | 8 ++++ configurations/home-manager/leyla/dconf.nix | 7 ++++ modules/home-manager-modules/gnome.nix | 41 +++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index 7cfb8fd..7cd3863 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -8,6 +8,14 @@ { colorScheme = "prefer-dark"; accentColor = "slate"; + clockFormat = "24h"; + nightLight = { + enable = true; + automatic = false; + fromTime = 12.0; + toTime = 11.999999999999; + temperature = 2700; + }; extraWindowControls = true; extensions = { dash-to-panel = { diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 8c8d553..9aa61f7 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,13 @@ extraWindowControls = true; colorScheme = "prefer-dark"; clockFormat = "24h"; + nightLight = { + enable = true; + automatic = false; + fromTime = 12.0; + toTime = 11.999999999999; + temperature = 2700; + }; extensions = { dash-to-dock = { enable = true; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index fa80eb2..d2ee3b7 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -81,6 +81,36 @@ in { description = "GNOME experimental features to enable"; }; + nightLight = lib.mkOption { + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "night light (blue light filter)"; + automatic = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically schedule night light based on sunset/sunrise"; + }; + fromTime = lib.mkOption { + type = lib.types.float; + default = 20.0; + description = "Start time for night light in 24-hour format (e.g., 20.0 for 8:00 PM)"; + }; + toTime = lib.mkOption { + type = lib.types.float; + default = 6.0; + description = "End time for night light in 24-hour format (e.g., 6.0 for 6:00 AM)"; + }; + temperature = lib.mkOption { + type = lib.types.int; + default = 4000; + description = "Color temperature for night light (1000-10000K, lower is warmer)"; + }; + }; + }; + default = {}; + description = "Night light configuration"; + }; + extensions = { dash-to-dock = { enable = lib.mkEnableOption "Dash to Dock extension"; @@ -123,6 +153,17 @@ in { lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" ); } + + # Night light configuration + (lib.mkIf config.gnome.nightLight.enable { + "org/gnome/settings-daemon/plugins/color" = { + night-light-enabled = true; + night-light-schedule-automatic = config.gnome.nightLight.automatic; + night-light-schedule-from = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.fromTime; + night-light-schedule-to = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.toTime; + night-light-temperature = config.gnome.nightLight.temperature; + }; + }) ( lib.mkMerge ( builtins.map (value: let From a51a364ce9e2cc31052461bf7b93cc435ded73c5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 12 Oct 2025 21:10:40 -0500 Subject: [PATCH 0876/1043] fix: enabled extensions installed via config options --- modules/home-manager-modules/gnome.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index d2ee3b7..ab56189 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -8,6 +8,8 @@ [] ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; + + extensions = config.gnome.extraExtensions ++ enabledExtensions; in { options.gnome = { extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; @@ -133,13 +135,13 @@ in { }; config = { - home.packages = config.gnome.extraExtensions ++ enabledExtensions; + home.packages = extensions; dconf = { settings = lib.mkMerge [ { "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extraExtensions; + enabled-extensions = builtins.map (extension: extension.extensionUuid) extensions; }; "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; From 6d5a07e08f0e170e36edce00ad33268638eeef86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 09:36:48 -0500 Subject: [PATCH 0877/1043] feat: refactored impermanence to be enableable for users on a system --- .../home-manager/leyla/impermanence.nix | 3 +- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/impermanence.nix | 31 +++++++++++++++++++ modules/home-manager-modules/openssh.nix | 2 +- .../programs/bitwarden.nix | 3 +- .../home-manager-modules/programs/bruno.nix | 3 +- .../home-manager-modules/programs/calibre.nix | 3 +- .../programs/davinci-resolve.nix | 3 +- .../home-manager-modules/programs/dbeaver.nix | 3 +- .../home-manager-modules/programs/discord.nix | 3 +- .../home-manager-modules/programs/firefox.nix | 3 +- .../home-manager-modules/programs/freecad.nix | 3 +- .../home-manager-modules/programs/gimp.nix | 3 +- .../home-manager-modules/programs/idea.nix | 2 +- .../programs/inkscape.nix | 3 +- .../home-manager-modules/programs/krita.nix | 3 +- .../programs/libreoffice.nix | 3 +- .../home-manager-modules/programs/makemkv.nix | 3 +- modules/home-manager-modules/programs/obs.nix | 3 +- .../programs/obsidian.nix | 3 +- .../home-manager-modules/programs/picard.nix | 3 +- .../programs/polycule.nix | 3 +- .../programs/prostudiomasters.nix | 3 +- .../programs/protonvpn.nix | 3 +- .../programs/qbittorrent.nix | 3 +- .../programs/qflipper.nix | 3 +- .../home-manager-modules/programs/signal.nix | 3 +- .../home-manager-modules/programs/steam.nix | 3 +- .../programs/tor-browser.nix | 3 +- .../programs/ungoogled-chromium.nix | 3 +- .../server/panoramax/impermanence.nix | 3 +- 31 files changed, 61 insertions(+), 56 deletions(-) create mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 041bff8..ce81c81 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,10 +1,9 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf osConfig.host.impermanence.enable { + config = lib.mkIf (config.impermanence.enable) { home.persistence."/persist/home/leyla" = { directories = [ "desktop" diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 4c085a5..29d3414 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -5,6 +5,7 @@ ./user.nix ./flipperzero.nix ./i18n.nix + ./impermanence.nix ./openssh.nix ./gnome.nix ./programs diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 0000000..dc9eae9 --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + osConfig, + ... +}: let + cfg = config.impermanence; +in { + options.impermanence = { + enable = lib.mkEnableOption "impermanence for home directory"; + }; + + config = lib.mkMerge [ + (lib.mkIf config.impermanence.enable { + assertions = [ + { + assertion = osConfig.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + } + ]; + }) + (lib.mkIf osConfig.host.impermanence.enable { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + directories = ["."]; + allowOther = true; + }; + }) + ]; +} diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 9d77d10..afc98dd 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -95,7 +95,7 @@ ); } ) - (lib.mkIf osConfig.host.impermanence.enable { + (lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index b9b91c4..5c14068 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.bitwarden = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Bitwarden" diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 00b248f..8ad5e63 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.bruno = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/bruno/" diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 9e5f34e..dbe6e2b 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.calibre = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/calibre" diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 00ba525..6c4526f 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.davinci-resolve = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index a962459..8b6c41a 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.dbeaver-bin = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index e8605a5..d5d7192 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.discord = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/discord/" diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 907b619..8841887 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -1,7 +1,6 @@ { lib, config, - osConfig, ... }: let buildProfilePersistence = profile: { @@ -26,7 +25,7 @@ allowOther = true; }; in { - config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index ec17205..89668de 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.freecad = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/FreeCAD" diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 428068e..925a2d9 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.gimp = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/GIMP" diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index f0a928c..73484ae 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index facb08f..a26ddec 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.inkscape = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/inkscape" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index d662251..3ba5560 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.krita = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/kritarc" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index b61ea58..93163e7 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.libreoffice = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/libreoffice" diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index eca059d..e92c3d3 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.makemkv = { @@ -30,7 +29,7 @@ home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ ".MakeMKV" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 98c4fea..5c2d3c2 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -1,12 +1,11 @@ { lib, config, - osConfig, ... }: { config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { # TODO: map impermanence for obs } ) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 4d28b3e..824563d 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -1,12 +1,11 @@ { lib, config, - osConfig, ... }: { config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/obsidian" diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index d2c1fe2..bc37b86 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.picard = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/MusicBrainz" diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix index a7004bd..d0aea2a 100644 --- a/modules/home-manager-modules/programs/polycule.nix +++ b/modules/home-manager-modules/programs/polycule.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.polycule = { @@ -17,7 +16,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { # TODO: check that these are actually the correct folders # directories = [ diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 9e6088f..5345169 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.prostudiomasters = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index dd11aae..513a610 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.protonvpn-gui = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/protonvpn" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 02e23df..61d13c0 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.qbittorrent = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qBittorrent" diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index abc2442..8b42766 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.qflipper = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qFlipper" diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index fdf0af9..7db23a7 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.signal-desktop-bin = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Signal" diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 4661151..fd98cb6 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.steam = { @@ -18,7 +17,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ { diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index 2c58578..c3b085d 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.tor-browser = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/torbrowser" diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 5b52cd6..ef6a881 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.ungoogled-chromium = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 011c322..41b1401 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -1,10 +1,9 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf (config.services.panoramax.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax From 80ad498f9405245e7ae2277cea474ab71b2a5f7e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 09:40:02 -0500 Subject: [PATCH 0878/1043] style: removed unused vars --- modules/home-manager-modules/programs/gdx-liftoff.nix | 1 - modules/home-manager-modules/programs/idea.nix | 1 - modules/home-manager-modules/programs/mfoc.nix | 1 - modules/home-manager-modules/programs/noisetorch.nix | 1 - modules/home-manager-modules/programs/onionshare.nix | 1 - modules/home-manager-modules/programs/openrgb.nix | 1 - modules/home-manager-modules/programs/openvpn.nix | 1 - modules/home-manager-modules/programs/pdfarranger.nix | 1 - modules/home-manager-modules/programs/piper.nix | 1 - modules/home-manager-modules/programs/proxmark3.nix | 1 - modules/home-manager-modules/programs/via.nix | 1 - 11 files changed, 11 deletions(-) diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix index b29230d..4440831 100644 --- a/modules/home-manager-modules/programs/gdx-liftoff.nix +++ b/modules/home-manager-modules/programs/gdx-liftoff.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.gdx-liftoff = { diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 73484ae..e59e7b2 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.jetbrains.idea-community = { diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix index 7b92007..6006c9b 100644 --- a/modules/home-manager-modules/programs/mfoc.nix +++ b/modules/home-manager-modules/programs/mfoc.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.mfoc = { diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix index c53e3a9..4b42638 100644 --- a/modules/home-manager-modules/programs/noisetorch.nix +++ b/modules/home-manager-modules/programs/noisetorch.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.noisetorch = { diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix index ed1903d..475f993 100644 --- a/modules/home-manager-modules/programs/onionshare.nix +++ b/modules/home-manager-modules/programs/onionshare.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.onionshare = { diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 0260c91..ab156a6 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.openrgb = { diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix index 814c16d..dcd499c 100644 --- a/modules/home-manager-modules/programs/openvpn.nix +++ b/modules/home-manager-modules/programs/openvpn.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.openvpn = { diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix index d4e33b5..9246efd 100644 --- a/modules/home-manager-modules/programs/pdfarranger.nix +++ b/modules/home-manager-modules/programs/pdfarranger.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.pdfarranger = { diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix index ec0d887..3ed25fd 100644 --- a/modules/home-manager-modules/programs/piper.nix +++ b/modules/home-manager-modules/programs/piper.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.piper = { diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix index ad1e298..656be19 100644 --- a/modules/home-manager-modules/programs/proxmark3.nix +++ b/modules/home-manager-modules/programs/proxmark3.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.proxmark3 = { diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 0b79452..41918c8 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.via = { From 75dcac8d178660c905054862f1bc3d863d92890d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 16:51:26 -0500 Subject: [PATCH 0879/1043] feat: drafted out open dyslexic font for vscode --- configurations/home-manager/leyla/default.nix | 1 - .../leyla/packages/vscode/default.nix | 2 + .../programs/vscode/default.nix | 1 + .../programs/vscode/openDyslexicFont.nix | 48 +++++++++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/vscode/openDyslexicFont.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 6d759c5..eba7f7b 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -87,7 +87,6 @@ # TODO: move this into a fonts module home.packages = with pkgs; [ aileron - nerd-fonts.open-dyslexic ]; fonts.fontconfig.enable = true; }; diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index ba9e48a..9d1b6c6 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -40,6 +40,8 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; + # I don't like how the terminal feels with open dyslexic font on and lots of parts of the UI don't get set anyways + openDyslexicFont.enable = false; # html development autoRenameTag.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 85f4a62..8f366fe 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -23,5 +23,6 @@ ./vitest.nix ./direnv.nix ./conventionalCommits.nix + ./openDyslexicFont.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix new file mode 100644 index 0000000..acfb79c --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -0,0 +1,48 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.openDyslexicFont = { + enable = lib.mkEnableOption "should OpenDyslexic font be set as the default font for VSCode"; + package = lib.mkPackageOption pkgs "nerd-fonts.open-dyslexic" { + default = ["nerd-fonts" "open-dyslexic"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { + userSettings = { + "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', 'OpenDyslexic', monospace"; + "editor.fontSize" = 14; + }; + }; + })); + }; + + config = let + enabledProfiles = + lib.filter (profile: profile.extraExtensions.openDyslexicFont.enable or false) + (lib.attrValues config.programs.vscode.profiles); + + anyProfileUsesOpenDyslexicFont = enabledProfiles != []; + + fontPackages = lib.unique (map (profile: profile.extraExtensions.openDyslexicFont.package) enabledProfiles); + in { + # Ensure OpenDyslexic font packages are installed when any VSCode profile uses them + home.packages = fontPackages; + + fonts.fontconfig.enable = lib.mkIf anyProfileUsesOpenDyslexicFont true; + + # Add assertion to ensure the fonts are available + assertions = + map (fontPkg: { + assertion = lib.elem fontPkg config.home.packages; + message = "OpenDyslexic font package '${fontPkg.name or "unknown"}' must be installed when using openDyslexicFont extension for VSCode."; + }) + fontPackages; + }; +} From d87462981e7e420b011da9629a4fd4668af6513e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 17:00:30 -0500 Subject: [PATCH 0880/1043] feat: enabled open dyslexia --- configurations/home-manager/leyla/packages/vscode/default.nix | 4 ++-- .../home-manager-modules/programs/vscode/openDyslexicFont.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9d1b6c6..cf40c50 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -32,6 +32,7 @@ in { "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; + "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; } ]; @@ -40,8 +41,7 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; - # I don't like how the terminal feels with open dyslexic font on and lots of parts of the UI don't get set anyways - openDyslexicFont.enable = false; + openDyslexicFont.enable = true; # html development autoRenameTag.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix index acfb79c..3c7b609 100644 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -16,7 +16,7 @@ }; config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { userSettings = { - "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', 'OpenDyslexic', monospace"; + "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; "editor.fontSize" = 14; }; }; From c953571f2fab93e184bc24573f7d83f01e526fea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 17:11:59 -0500 Subject: [PATCH 0881/1043] feat: decrease letter spacing on open dyslexia vscode --- .../home-manager-modules/programs/vscode/openDyslexicFont.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix index 3c7b609..f1f6215 100644 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -18,6 +18,7 @@ userSettings = { "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; "editor.fontSize" = 14; + "editor.letterSpacing" = -0.3; }; }; })); From 352ca6fccf574d645ec3b71efb5c36ba5d00c9e8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 19:30:33 -0500 Subject: [PATCH 0882/1043] feat: disabled open dyslexic --- configurations/home-manager/leyla/packages/vscode/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index cf40c50..fd72006 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -32,7 +32,7 @@ in { "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; - "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; + # "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; } ]; @@ -41,7 +41,7 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; - openDyslexicFont.enable = true; + # openDyslexicFont.enable = false; # html development autoRenameTag.enable = true; From f02cb085700a75f4a7751aa173b19ee6aef97f76 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 16 Oct 2025 23:29:37 -0500 Subject: [PATCH 0883/1043] feat: disabled filebot-cleanup --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9fbdee6..5dde395 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -351,7 +351,7 @@ }; filebot-cleanup = { - enable = true; + enable = false; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; From e895fa5eddd9d5d5cceb64fed08321dd56d14cfc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 13:15:41 -0500 Subject: [PATCH 0884/1043] feat: removed filebot --- .../nixos/defiant/configuration.nix | 11 +-- configurations/nixos/defiant/default.nix | 1 - configurations/nixos/defiant/filebot.nix | 82 ------------------- 3 files changed, 3 insertions(+), 91 deletions(-) delete mode 100644 configurations/nixos/defiant/filebot.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5dde395..03dff03 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -350,21 +350,16 @@ webuiPort = 8084; }; - filebot-cleanup = { - enable = false; - licenseFile = "/srv/jellyfin/filebot_license.psm"; - }; - sonarr = { - enable = false; + enable = true; openFirewall = true; }; radarr = { - enable = false; + enable = true; openFirewall = true; }; bazarr = { - enable = false; + enable = true; openFirewall = true; }; }; diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 05975a1..3013946 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,6 +4,5 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix - ./filebot.nix ]; } diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix deleted file mode 100644 index aaf247d..0000000 --- a/configurations/nixos/defiant/filebot.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.filebot-cleanup; -in { - options.services.filebot-cleanup = { - enable = mkEnableOption "Filebot cleanup service"; - - licenseFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to the Filebot license file"; - }; - - cleanupDirectory = mkOption { - type = types.str; - default = "/srv/jellyfin/filebot_cleanup"; - description = "Directory where cleaned up media files are stored"; - }; - }; - - config = mkIf cfg.enable { - users.groups.filebot_cleanup = {}; - users.users.filebot_cleanup = { - isSystemUser = true; - group = "filebot_cleanup"; - extraGroups = ["jellyfin_media"]; - home = cfg.cleanupDirectory; - createHome = true; - }; - - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "filebot" - ]; - - environment.systemPackages = with pkgs; [ - filebot - ]; - - systemd.services.filebot-cleanup = { - description = "Filebot media cleanup service"; - serviceConfig = { - Type = "simple"; - User = "filebot_cleanup"; - Group = "filebot_cleanup"; - ExecStart = pkgs.writeShellScript "filebot-cleanup" '' - ${optionalString (cfg.licenseFile != null) '' - ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" - ''} - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate - ''; - StandardOutput = "journal"; - StandardError = "journal"; - }; - wantedBy = ["multi-user.target"]; - }; - - environment.persistence = lib.mkIf config.host.impermanence.enable { - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - files = [ - cfg.licenseFile - ]; - directories = [ - { - directory = cfg.cleanupDirectory; - user = "filebot_cleanup"; - group = "filebot_cleanup"; - mode = "1770"; - } - ]; - }; - }; - }; -} From 6afdcce9512b6718b00a6f39e2c2ca3d12cc658c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 14:58:49 -0500 Subject: [PATCH 0885/1043] feat: installed jackett --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/jackett/default.nix | 6 ++++ .../server/jackett/impermanence.nix | 26 +++++++++++++++++ .../nixos-modules/server/jackett/proxy.nix | 28 +++++++++++++++++++ 5 files changed, 65 insertions(+) create mode 100644 modules/nixos-modules/server/jackett/default.nix create mode 100644 modules/nixos-modules/server/jackett/impermanence.nix create mode 100644 modules/nixos-modules/server/jackett/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 03dff03..0c1c50c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -362,6 +362,10 @@ enable = true; openFirewall = true; }; + jackett = { + enable = true; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index e550123..0ed7c18 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -18,6 +18,7 @@ ./radarr ./searx ./sonarr + ./jackett ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/jackett/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix new file mode 100644 index 0000000..5826a54 --- /dev/null +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + jackett_data_directory = "/var/lib/jackett/.config/Jackett"; +in { + config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.jackett.dataDir == jackett_data_directory; + message = "jackett data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = jackett_data_directory; + user = "jackett"; + group = "jackett"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix new file mode 100644 index 0000000..af5fa79 --- /dev/null +++ b/modules/nixos-modules/server/jackett/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.jackett = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { + host.reverse_proxy.subdomains.jackett = { + subdomain = config.services.jackett.subdomain; + extraSubdomains = config.services.jackett.extraSubdomains; + target = "http://127.0.0.1:9117"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From 59dc4a7ee1a00e71849e35974ea86518568c1251 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 15:12:19 -0500 Subject: [PATCH 0886/1043] feat: installed flaresolverr --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 1 + .../server/flaresolverr/default.nix | 6 ++++ .../server/flaresolverr/impermanence.nix | 19 +++++++++++++ .../server/flaresolverr/proxy.nix | 28 +++++++++++++++++++ 5 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/flaresolverr/default.nix create mode 100644 modules/nixos-modules/server/flaresolverr/impermanence.nix create mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0c1c50c..20835a4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -366,6 +366,10 @@ enable = true; openFirewall = true; }; + flaresolverr = { + enable = true; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 0ed7c18..22a0223 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,6 +8,7 @@ ./actual ./bazarr + ./flaresolverr ./forgejo ./home-assistant ./immich diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix new file mode 100644 index 0000000..b568a56 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -0,0 +1,19 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + # FlareSolverr typically doesn't need persistent storage as it's a proxy service + # but we'll add basic structure in case it's needed for logs or configuration + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = "/var/lib/flaresolverr"; + user = "flaresolverr"; + group = "flaresolverr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix new file mode 100644 index 0000000..5b8dd4c --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.flaresolverr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { + host.reverse_proxy.subdomains.flaresolverr = { + subdomain = config.services.flaresolverr.subdomain; + extraSubdomains = config.services.flaresolverr.extraSubdomains; + target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From 488ef1e94a76e0328c97b732b1c6a7f268cdca7d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 15:58:17 -0500 Subject: [PATCH 0887/1043] build: updated flake.lock --- flake.lock | 98 ++++++++++++++++++------------------------------------ 1 file changed, 32 insertions(+), 66 deletions(-) diff --git a/flake.lock b/flake.lock index 9309105..bb7e3a6 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1759403080, - "narHash": "sha256-EteyL8KyG9R5xzqyOBzyag4n2cSemu61VFrl3opJSqE=", + "lastModified": 1760673822, + "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8af6dfcbcbf1115a4f5aeed77ff0db5d3c02caf0", + "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", "type": "gitlab" }, "original": { @@ -111,24 +111,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -151,11 +133,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760662441, + "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "722792af097dff5790f1a66d271a47759f477755", "type": "github" }, "original": { @@ -182,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1759624822, - "narHash": "sha256-cf40qfsfpxJU/BnQ9PEj027LdPINNSsJqm+C6Ug93BA=", - "rev": "57333a0e600c5e096a609410a2f1059b97194b1e", + "lastModified": 1755787066, + "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", + "rev": "ac9721a92e8138d29707824dbedb484c76948493", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/57333a0e600c5e096a609410a2f1059b97194b1e.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" }, "original": { "type": "tarball", @@ -203,11 +185,11 @@ ] }, "locked": { - "lastModified": 1756511062, - "narHash": "sha256-IgD1JR7scSEwlK/YAbmrcTWpAYT30LPldCUHdzXkaMs=", + "lastModified": 1759851320, + "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", "ref": "refs/heads/main", - "rev": "3f09a5eb772e02d98bb8878ab687d5b721f00d16", - "revCount": 162, + "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", + "revCount": 163, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -245,11 +227,11 @@ ] }, "locked": { - "lastModified": 1758805352, - "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", + "lastModified": 1760721282, + "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", + "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", "type": "github" }, "original": { @@ -281,17 +263,16 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1759369908, - "narHash": "sha256-IIhaE6jAge64z+fIyi/8Vtu0JdTtapbp4CvwiuIkZ1E=", + "lastModified": 1760720017, + "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a66ad2141b1440a838ead278c6edfe8a4ce75e6c", + "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", "type": "github" }, "original": { @@ -302,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1759261527, - "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", + "lastModified": 1760106635, + "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", + "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", "type": "github" }, "original": { @@ -334,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -389,11 +370,11 @@ ] }, "locked": { - "lastModified": 1759188042, - "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", "type": "github" }, "original": { @@ -431,21 +412,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", From 62bb650878e45acccd2aa2dae17193101fc6a522 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 16:09:37 -0500 Subject: [PATCH 0888/1043] fix: fixed mapillary build --- modules/common-modules/pkgs/mapillary-uploader.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 7ce24f2..9ae2ea7 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; + sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; }; appimageContents = appimageTools.extractType2 { @@ -23,9 +23,6 @@ in # Install desktop file install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop - # Install icon - install -Dm644 ${appimageContents}/usr/share/icons/hicolor/0x0/apps/mapillary-desktop-uploader.png $out/share/pixmaps/mapillary-uploader.png - # Fix desktop file paths substituteInPlace $out/share/applications/mapillary-uploader.desktop \ --replace 'Exec=AppRun' 'Exec=${pname}' From 5ccfe1a337cd3d8bcf9437a7aabd8e27df27db70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 13:30:08 -0500 Subject: [PATCH 0889/1043] feat: installed lidarr --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 3 +- .../nixos-modules/server/lidarr/default.nix | 6 ++++ .../server/lidarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/lidarr/proxy.nix | 28 +++++++++++++++++++ modules/nixos-modules/users.nix | 16 +++++++++++ 6 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 modules/nixos-modules/server/lidarr/default.nix create mode 100644 modules/nixos-modules/server/lidarr/impermanence.nix create mode 100644 modules/nixos-modules/server/lidarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 20835a4..5c33ce6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -362,6 +362,10 @@ enable = true; openFirewall = true; }; + lidarr = { + enable = true; + openFirewall = true; + }; jackett = { enable = true; openFirewall = true; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 22a0223..d35bdc1 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,14 +12,15 @@ ./forgejo ./home-assistant ./immich + ./jackett ./jellyfin + ./lidarr ./panoramax ./paperless ./qbittorent.nix ./radarr ./searx ./sonarr - ./jackett ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix new file mode 100644 index 0000000..f39d940 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix new file mode 100644 index 0000000..689b924 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; +in { + config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.lidarr.dataDir == lidarr_data_directory; + message = "lidarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = lidarr_data_directory; + user = "lidarr"; + group = "lidarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix new file mode 100644 index 0000000..0146ccf --- /dev/null +++ b/modules/nixos-modules/server/lidarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.lidarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { + host.reverse_proxy.subdomains.lidarr = { + subdomain = config.services.lidarr.subdomain; + extraSubdomains = config.services.lidarr.extraSubdomains; + target = "http://127.0.0.1:8686"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 137ae4b..45d688a 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -29,6 +29,7 @@ radarr = 2014; sonarr = 2015; bazarr = 2016; + lidarr = 2017; }; gids = { @@ -50,6 +51,7 @@ radarr = 2014; sonarr = 2015; bazarr = 2016; + lidarr = 2017; }; users = config.users.users; @@ -221,6 +223,12 @@ in { isSystemUser = true; group = config.users.users.bazarr.name; }; + + lidarr = { + uid = lib.mkForce uids.lidarr; + isSystemUser = true; + group = config.users.users.lidarr.name; + }; }; groups = { @@ -261,6 +269,7 @@ in { users.radarr.name users.sonarr.name users.bazarr.name + users.lidarr.name leyla eve ivy @@ -365,6 +374,13 @@ in { users.bazarr.name ]; }; + + lidarr = { + gid = lib.mkForce gids.lidarr; + members = [ + users.lidarr.name + ]; + }; }; }; } From 69ec14ef79e3aa5d838fac8a5e82ed94126ce336 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 16:26:14 -0500 Subject: [PATCH 0890/1043] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index acaa6e7..05e3b30 100644 --- a/README.md +++ b/README.md @@ -79,3 +79,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - actual instance - intergrade radarr, sonarr, and bazarr - claude code MCP servers should bundle node with them so they work in all environments +- Vikunja service \ No newline at end of file From 85a6f4a006bd519a80702cca059f6d5d0fac03dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 16:29:16 -0500 Subject: [PATCH 0891/1043] chore: removed completed tasks from README.md --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 05e3b30..e3efb63 100644 --- a/README.md +++ b/README.md @@ -67,16 +67,12 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- panoramax instance - mastodon instance - rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn -- create some sort of service that allows uploading files to jellyfin - - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale - fix panoramax package - actual instance -- intergrade radarr, sonarr, and bazarr - claude code MCP servers should bundle node with them so they work in all environments - Vikunja service \ No newline at end of file From b05bfc31fef4c4e61afc3dcfc7d34841265dac1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 17:33:50 -0500 Subject: [PATCH 0892/1043] feat: removed TODO for provisioning drives --- configurations/nixos/defiant/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5c33ce6..e7646b0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -57,7 +57,6 @@ "ata-ST18000NT001-3NF101_ZVTEF27J" "ata-ST18000NE000-3G6101_ZVTJ7359" ] - # TODO: this needs to be configured manually [ "ata-ST4000NE001-2MA101_WS2275P3" "ata-ST4000NE001-2MA101_WS227B9F" From 290db94f42c5823df36e4409dbd17a7a8fb2ba00 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 11:31:15 -0500 Subject: [PATCH 0893/1043] chore: organized tasks in README.md --- README.md | 79 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index e3efb63..ab32ac8 100644 --- a/README.md +++ b/README.md @@ -47,32 +47,53 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: ## Tech Debt -- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- nfs export should be backed by the same values for server and client -## New Features -- crab-hole -- figure out why syncthing and jellyfins permissions don't propagate downwards -- figure out steam vr things? -- auto turn off on power loss - nut -- zfs email after scrubbing # TODO: test this -- SMART test with email results -- samba mounts -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Create Tor guard/relay server -- migrate away from flakes and move to npins -- whisper -- zfs encryption FIDO2 2fa (look into shavee) -- Secure Boot - https://github.com/nix-community/lanzaboote -- rotate sops encryption keys periodically (and somehow sync between devices?) -- wake on LAN for updates -- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- mastodon instance -- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier -- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn -- make radarr, sonarr, and bazarr accessible over vpn -- graphana accessible though tailscale -- fix panoramax package -- actual instance -- claude code MCP servers should bundle node with them so they work in all environments -- Vikunja service \ No newline at end of file +- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) +- [ ] migrate away from flakes and move to npins +- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier + +## Broken things +- [ ] figure out steam vr things? +- [ ] whisper was having issues + +## Data Integrity +- [ ] zfs email after scrubbing # TODO: test this +- [ ] SMART test with email results +- [ ] zfs encryption FIDO2 2fa (look into shavee) +- [ ] rotate sops encryption keys periodically (and somehow sync between devices?) +- [ ] Secure Boot - https://github.com/nix-community/lanzaboote +- [ ] auto turn off on power loss - nut + +## Data Access +- [ ] nfs export should be backed by the same values for server and client +- [ ] samba mounts +- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards +- [ ] make radarr, sonarr, and bazarr accessible over vpn +- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn + +## Services +- [ ] crab-hole for ad block +- [ ] enable and learn actual for budgeting +- [ ] vikunja service for project management +- [ ] Create Tor guard/relay server +- [ ] mastodon instance + +## DevOps +- [ ] wake on LAN for updates +- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html +- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- [ ] fix panoramax package +- [ ] claude code MCP servers should bundle node with them so they work in all environments + +## Observability +- [ ] graphana for dashboards +- [ ] prometheus and loki for metric and log collection + - [ ] zfs storage usage + - [ ] zfs drive health status + - [ ] service version lag + - [ ] network/cpu/ram utilization + - [ ] http latency + - [ ] postgres db load + - [ ] nginx queries +- [ ] ntfy.sh for push notifications +- [ ] kuma for uptime visualization \ No newline at end of file From 46890110f817489b437bb8e621824bd316f4ef17 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 16:32:10 -0500 Subject: [PATCH 0894/1043] feat: created crab-hole service --- README.md | 6 +- .../nixos/defiant/configuration.nix | 14 ++ .../server/crab-hole/crab-hole.nix | 144 ++++++++++++++++++ .../server/crab-hole/default.nix | 6 + .../server/crab-hole/impermanence.nix | 26 ++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++ 7 files changed, 210 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/crab-hole/crab-hole.nix create mode 100644 modules/nixos-modules/server/crab-hole/default.nix create mode 100644 modules/nixos-modules/server/crab-hole/impermanence.nix diff --git a/README.md b/README.md index ab32ac8..f8c7ecf 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,10 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: +## Chores: +- [ ] test out crab hole service +- [ ] learn how to use actual + ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins @@ -72,8 +76,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn ## Services -- [ ] crab-hole for ad block -- [ ] enable and learn actual for budgeting - [ ] vikunja service for project management - [ ] Create Tor guard/relay server - [ ] mastodon instance diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e7646b0..c2b8fc5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -342,6 +342,20 @@ openFirewall = true; }; + crab-hole = { + enable = true; + port = 8085; + openFirewall = true; + show_doc = true; + downstreams = { + loopback = { + enable = true; + openFirewall = true; + }; + }; + upstreams.cloudFlare.enable = true; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix new file mode 100644 index 0000000..58ff660 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -0,0 +1,144 @@ +{ + config, + lib, + ... +}: let + cfg = config.services.crab-hole; +in { + options.services.crab-hole = { + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port for the crab-hole API to listen on."; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open the firewall for the crab-hole API port."; + }; + + listen = lib.mkOption { + type = lib.types.str; + default = "0.0.0.0"; + description = "Address for the crab-hole API to listen on."; + }; + + show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; + + downstreams = { + loopback = { + enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; + openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + }; + }; + + extraDownstreams = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + protocol = lib.mkOption { + type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; + description = "Protocol for the downstream server."; + }; + + listen = lib.mkOption { + type = lib.types.str; + description = "Address to listen on for downstream connections."; + }; + + port = lib.mkOption { + type = lib.types.port; + description = "Port to listen on for downstream connections."; + }; + }; + }); + default = []; + description = "List of additional downstream DNS server configurations."; + }; + + upstreams = { + cloudFlare = { + enable = lib.mkEnableOption "Cloudflare DNS over TLS upstream servers (1.1.1.1 and 1.0.0.1)"; + }; + }; + + extraUpstreams = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + socket_addr = lib.mkOption { + type = lib.types.str; + description = "Socket address of the upstream DNS server (e.g., \"1.1.1.1:853\" or \"[2606:4700:4700::1111]:853\")."; + }; + + protocol = lib.mkOption { + type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; + description = "Protocol to use for upstream DNS queries."; + }; + }; + }); + default = []; + description = "List of additional upstream DNS server configurations."; + }; + }; + + config = lib.mkIf cfg.enable { + services.crab-hole.settings = lib.mkMerge [ + { + api = { + port = cfg.port; + listen = cfg.listen; + show_doc = cfg.show_doc; + }; + downstream = cfg.extraDownstreams; + upstream.name_servers = cfg.extraUpstreams; + } + (lib.mkIf cfg.downstreams.loopback.enable { + downstream = [ + { + protocol = "udp"; + listen = "localhost"; + port = 53; + } + ]; + }) + (lib.mkIf cfg.upstreams.cloudFlare.enable { + upstream.name_servers = [ + { + socket_addr = "1.1.1.1:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "1.0.0.1:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "[2606:4700:4700::1111]:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "[2606:4700:4700::1001]:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + ]; + }) + ]; + + # Open firewall if requested + networking.firewall = lib.mkMerge [ + (lib.mkIf cfg.openFirewall { + allowedTCPPorts = [cfg.port]; + }) + (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { + allowedUDPPorts = [53]; + }) + ]; + }; +} diff --git a/modules/nixos-modules/server/crab-hole/default.nix b/modules/nixos-modules/server/crab-hole/default.nix new file mode 100644 index 0000000..158a851 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./crab-hole.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix new file mode 100644 index 0000000..455e593 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + workingDirectory = "/var/lib/private/crab-hole"; +in { + config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = + config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); + message = "crab-hole working directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = workingDirectory; + user = "crab-hole"; + group = "crab-hole"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index d35bdc1..57874d5 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,6 +8,7 @@ ./actual ./bazarr + ./crab-hole ./flaresolverr ./forgejo ./home-assistant diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 45d688a..987e080 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -30,6 +30,7 @@ sonarr = 2015; bazarr = 2016; lidarr = 2017; + crab-hole = 2018; }; gids = { @@ -52,6 +53,7 @@ sonarr = 2015; bazarr = 2016; lidarr = 2017; + crab-hole = 2018; }; users = config.users.users; @@ -229,6 +231,12 @@ in { isSystemUser = true; group = config.users.users.lidarr.name; }; + + crab-hole = { + uid = lib.mkForce uids.crab-hole; + isSystemUser = true; + group = config.users.users.crab-hole.name; + }; }; groups = { @@ -381,6 +389,13 @@ in { users.lidarr.name ]; }; + + crab-hole = { + gid = lib.mkForce gids.crab-hole; + members = [ + users.crab-hole.name + ]; + }; }; }; } From 0c88746da1f8d5d961f9606e98065df6ab9a3b49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 17:24:29 -0500 Subject: [PATCH 0895/1043] feat: stubbed out configs for eve home manager user --- configurations/home-manager/eve/packages.nix | 13 ++++++++++ .../nixos/emergent/configuration.nix | 4 ++++ .../home-manager-modules/programs/default.nix | 5 ++++ .../programs/dungeon-draft.nix | 24 +++++++++++++++++++ .../programs/guild-wars-2.nix | 24 +++++++++++++++++++ .../programs/kdenlive.nix | 23 ++++++++++++++++++ .../home-manager-modules/programs/olympus.nix | 23 ++++++++++++++++++ .../home-manager-modules/programs/vortex.nix | 24 +++++++++++++++++++ 8 files changed, 140 insertions(+) create mode 100644 modules/home-manager-modules/programs/dungeon-draft.nix create mode 100644 modules/home-manager-modules/programs/guild-wars-2.nix create mode 100644 modules/home-manager-modules/programs/kdenlive.nix create mode 100644 modules/home-manager-modules/programs/olympus.nix create mode 100644 modules/home-manager-modules/programs/vortex.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f738fe2..c8f0390 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -61,6 +61,19 @@ in { piper.enable = hardware.piperMouse.enable; krita.enable = true; ungoogled-chromium.enable = true; + + inkscape.enable = true; + obsidian.enable = true; + obs-studio.enable = true; + kdenlive.enable = true; + tor-browser.enable = true; + olympus.enable = true; + libreoffice.enable = true; + + # Windows applications that we need to figure out how to install + guild-wars-2.enable = false; + vortex.enable = false; + dungeon-draft.enable = false; }) ]; }; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index bb671f7..d9222a2 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -41,6 +41,7 @@ # installed opentabletdriver hardware.opentabletdriver.enable = true; + hardware.keyboard.qmk.enable = true; # Enable the GNOME Desktop Environment. services.displayManager.gdm.enable = true; @@ -68,6 +69,9 @@ }; services.tailscale.enable = true; + # We were having weird build errors so this is disabled right now + # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option + services.syncthing.enable = false; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 68e5c71..831e73c 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -12,11 +12,13 @@ ./obsidian.nix ./prostudiomasters.nix ./idea.nix + ./kdenlive.nix ./krita.nix ./protonvpn.nix ./calibre.nix ./bruno.nix ./dbeaver.nix + ./dungeon-draft.nix ./steam.nix ./vscode ./ungoogled-chromium.nix @@ -24,6 +26,7 @@ ./mapillary-uploader.nix ./inkscape.nix ./gimp.nix + ./guild-wars-2.nix ./proxmark3.nix ./freecad.nix ./onionshare.nix @@ -33,8 +36,10 @@ ./qflipper.nix ./openvpn.nix ./noisetorch.nix + ./olympus.nix ./openrgb.nix ./via.nix + ./vortex.nix ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix diff --git a/modules/home-manager-modules/programs/dungeon-draft.nix b/modules/home-manager-modules/programs/dungeon-draft.nix new file mode 100644 index 0000000..faa69c6 --- /dev/null +++ b/modules/home-manager-modules/programs/dungeon-draft.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.dungeon-draft; +in { + options.programs.dungeon-draft = { + enable = lib.mkEnableOption "Dungeon Draft"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Dungeon Draft module is not yet fully configured. + Please download the Dungeon Draft executable (.exe) from the official website, + then configure the Wine environment and executable path as needed. + ''; + } + ]; + }; +} diff --git a/modules/home-manager-modules/programs/guild-wars-2.nix b/modules/home-manager-modules/programs/guild-wars-2.nix new file mode 100644 index 0000000..3f68ec6 --- /dev/null +++ b/modules/home-manager-modules/programs/guild-wars-2.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.guild-wars-2; +in { + options.programs.guild-wars-2 = { + enable = lib.mkEnableOption "Guild Wars 2"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Guild Wars 2 module is not yet fully configured. + Please install Guild Wars 2 manually via Steam or the official client, + then configure the Wine environment as needed. + ''; + } + ]; + }; +} diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix new file mode 100644 index 0000000..2c72fc6 --- /dev/null +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.kdenlive; +in { + options.programs.kdenlive = { + enable = lib.mkEnableOption "kdenlive"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.kdePackages.kdenlive; + description = "The kdenlive package to install."; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + }; +} diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix new file mode 100644 index 0000000..4aec03b --- /dev/null +++ b/modules/home-manager-modules/programs/olympus.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.olympus; +in { + options.programs.olympus = { + enable = lib.mkEnableOption "olympus"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.olympus; + description = "The olympus package to install."; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + }; +} diff --git a/modules/home-manager-modules/programs/vortex.nix b/modules/home-manager-modules/programs/vortex.nix new file mode 100644 index 0000000..cb86526 --- /dev/null +++ b/modules/home-manager-modules/programs/vortex.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.vortex; +in { + options.programs.vortex = { + enable = lib.mkEnableOption "Vortex (Nexus Mods manager)"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Vortex module is not yet fully configured. + Please download and install Vortex manually from the Nexus Mods website, + then configure the Wine environment and dependencies as needed. + ''; + } + ]; + }; +} From 260e37e0169b1655d024d8100c3f2a6ebe8053fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 18:50:26 -0500 Subject: [PATCH 0896/1043] feat: supported branching for commit checking --- .hooks/post-merge | 18 ++++++++++++++ .hooks/pre-merge-commit | 37 ++++++++++++++++++++++++++++ rebuild.sh | 54 ++++++++++++++++++++++++++++++++++------- 3 files changed, 100 insertions(+), 9 deletions(-) create mode 100755 .hooks/post-merge create mode 100755 .hooks/pre-merge-commit diff --git a/.hooks/post-merge b/.hooks/post-merge new file mode 100755 index 0000000..11fb20c --- /dev/null +++ b/.hooks/post-merge @@ -0,0 +1,18 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix + +# Get current branch name +current_branch=$(git branch --show-current) + +# Only restore stash if we're on main branch and a merge just completed +if [ "$current_branch" = "main" ]; then + # Check if there are any stashes to restore + if git stash list | grep -q "stash@"; then + echo "Post-merge: restoring stashed changes on main branch" + git stash pop -q + else + echo "Post-merge: no stash to restore on main branch" + fi +else + echo "Post-merge: no action needed on branch '$current_branch'" +fi diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit new file mode 100755 index 0000000..9edaf92 --- /dev/null +++ b/.hooks/pre-merge-commit @@ -0,0 +1,37 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix + +# Get the target branch (the branch being merged into) +target_branch="" + +# Check if we're in the middle of a merge +if [ -f .git/MERGE_HEAD ]; then + # We're in a merge, check if the current branch is main + current_branch=$(git branch --show-current) + if [ "$current_branch" = "main" ]; then + target_branch="main" + fi +fi + +# If we're merging into main, run nix flake check +if [ "$target_branch" = "main" ]; then + echo "Merging into main branch - running nix flake check..." + + echo "stashing all uncommitted changes" + git stash -q --keep-index + + echo "checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed. Merge aborted." + echo "Please fix the issues and try merging again." + exit 1 + fi + + echo "nix flake check passed. Merge can proceed." +else + echo "Not merging into main branch, skipping nix flake check." +fi + +exit 0 diff --git a/rebuild.sh b/rebuild.sh index 36a1201..6750450 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,5 +1,15 @@ #!/usr/bin/env bash +# Get current branch and git status for branch-aware behavior +current_branch=$(git branch --show-current 2>/dev/null || echo "unknown") +git_status=$(git status --porcelain 2>/dev/null || echo "") + +# Default values +default_target=$(hostname) +default_user="$USER" +default_host=$(hostname) +default_mode=$(if [[ "$current_branch" != "main" ]]; then echo "test"; else echo "switch"; fi) + if [ -d "result" ]; then preserve_result=true @@ -42,14 +52,29 @@ while [ $# -gt 0 ]; do ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to rebuild on" - echo "--flake -f: set the flake to rebuild on the target system" - echo "--mode -m: set the mode to rebuild flake as on the target system" - echo "--user -u: set the user to rebuild flake as on the target system" - echo "--host: set the host that the flake will be rebuilt on (unset for current machine)" + echo "--target -t: defaults to the current system" + echo " currently: $default_target" + echo "--flake -f: defaults to same as target" + echo " currently: ${target:-$default_target}" + echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" + echo " currently would be: $default_mode" + echo "--user -u: defaults to the current user" + echo " currently: $default_user" + echo "--host: defaults to building on the current machine" + echo " currently: $default_host" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "" + echo "Branch-aware behavior:" + echo " - On non-main branches: defaults to test mode with warning" + echo " - On main with uncommitted changes: shows warning about creating a branch" + echo " - Current branch: $current_branch" + if [[ -n "$git_status" ]]; then + echo " - Git status: uncommitted changes detected" + else + echo " - Git status: clean working tree" + fi exit 0 ;; *) @@ -60,10 +85,21 @@ while [ $# -gt 0 ]; do shift done -target=${target:-$(hostname)} +target=${target:-$default_target} flake=${flake:-$target} -mode=${mode:-switch} -user=${user:-$USER} +mode=${mode:-$default_mode} +user=${user:-$default_user} + +# Branch-aware warnings and behavior +if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then + echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" + echo " Defaulting to test mode to prevent accidental system changes" + echo " Specify --mode=switch explicitly if you want to apply changes" +elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" != "test" ]]; then + echo "⚠️ WARNING: You are on main branch with uncommitted changes" + echo " Consider creating a feature branch for development:" + echo " git checkout -b feature/your-feature-name" +fi command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" @@ -91,4 +127,4 @@ then then rm -r result fi -fi \ No newline at end of file +fi From dd165d48fea49671e4c74b09fd320ee9be69d404 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 19:14:34 -0500 Subject: [PATCH 0897/1043] feat: installed vmware for eve home manager user --- configurations/home-manager/eve/packages.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../programs/vmware-workstation.nix | 37 +++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 modules/home-manager-modules/programs/vmware-workstation.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index c8f0390..a180616 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -74,6 +74,7 @@ in { guild-wars-2.enable = false; vortex.enable = false; dungeon-draft.enable = false; + vmware-workstation.enable = true; }) ]; }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 831e73c..3fff489 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -44,5 +44,6 @@ ./gdx-liftoff.nix ./tor-browser.nix ./polycule.nix + ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix new file mode 100644 index 0000000..8e9d406 --- /dev/null +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -0,0 +1,37 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.vmware-workstation = { + enable = lib.mkEnableOption "enable VMware Workstation"; + }; + + config = lib.mkIf config.programs.vmware-workstation.enable ( + lib.mkMerge [ + { + home.packages = with pkgs; [ + vmware-workstation + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + { + directory = ".vmware"; + method = "symlink"; + } + { + directory = "vmware"; + method = "symlink"; + } + ]; + allowOther = true; + }; + } + ) + ] + ); +} From ebf7ea3cf78ff7a007f216b0d0bf13f5ff3dde89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 20:32:38 -0500 Subject: [PATCH 0898/1043] feat: added impermanence for more applications --- .../programs/kdenlive.nix | 23 +++++++++++++++---- .../programs/mapillary-uploader.nix | 19 ++++++++++++--- modules/home-manager-modules/programs/obs.nix | 7 +++++- .../home-manager-modules/programs/olympus.nix | 23 +++++++++++++++---- .../home-manager-modules/programs/openrgb.nix | 22 ++++++++++++++---- modules/home-manager-modules/programs/via.nix | 23 +++++++++++++++---- 6 files changed, 93 insertions(+), 24 deletions(-) diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 2c72fc6..05327d1 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -15,9 +15,22 @@ in { }; }; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ + cfg.package + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/kdenliverc" + "${config.xdg.dataHome}/kdenlive" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 38c1144..df1f093 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -11,7 +11,20 @@ in { enable = mkEnableOption "Mapillary Desktop Uploader"; }; - config = mkIf cfg.enable { - home.packages = [pkgs.mapillary-uploader]; - }; + config = mkIf cfg.enable (mkMerge [ + { + home.packages = [pkgs.mapillary-uploader]; + } + ( + mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/mapillary-uploader" + "${config.xdg.dataHome}/mapillary-uploader" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 5c2d3c2..bfdba90 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,12 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - # TODO: map impermanence for obs + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/obs-studio" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 4aec03b..0e38eec 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -15,9 +15,22 @@ in { }; }; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ + cfg.package + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/olympus" + "${config.xdg.dataHome}/olympus" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index ab156a6..c9d5e14 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -8,9 +8,21 @@ enable = lib.mkEnableOption "enable openrgb"; }; - config = lib.mkIf config.programs.openrgb.enable { - home.packages = with pkgs; [ - openrgb - ]; - }; + config = lib.mkIf config.programs.openrgb.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + openrgb + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/OpenRGB" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 41918c8..0aa58e4 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -8,9 +8,22 @@ enable = lib.mkEnableOption "enable via"; }; - config = lib.mkIf config.programs.via.enable { - home.packages = with pkgs; [ - via - ]; - }; + config = lib.mkIf config.programs.via.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + via + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/via" + "${config.xdg.dataHome}/via" + ]; + allowOther = true; + }; + } + ) + ]); } From e8f7331b6c8e3e33bc927459e2720c0a7e954f55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 20:52:46 -0500 Subject: [PATCH 0899/1043] feat: enabled ai for emergent and claude code for eve --- configurations/home-manager/eve/packages.nix | 3 +++ configurations/nixos/emergent/configuration.nix | 1 + 2 files changed, 4 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index a180616..73195c4 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ gnomeExtensions.dash-to-panel + claude-code ] ); @@ -70,6 +71,8 @@ in { olympus.enable = true; libreoffice.enable = true; + claude-code.enable = osConfig.host.ai.enable; + # Windows applications that we need to figure out how to install guild-wars-2.enable = false; vortex.enable = false; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index d9222a2..6121069 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -48,6 +48,7 @@ services.desktopManager.gnome.enable = true; host = { + ai.enable = true; users = { eve = { isDesktopUser = true; From 197031975ab5773f493cce0457d998741e92e7aa Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 19 Oct 2025 21:51:01 -0500 Subject: [PATCH 0900/1043] updated disk id's for new hdd --- configurations/nixos/twilight/hardware-configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1389caf..94c83d6 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -18,12 +18,12 @@ fileSystems = { "/" = { - device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part2"; fsType = "ext4"; }; "/boot" = { - device = "/dev/disk/by-uuid/3006-3867"; + device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part1"; fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; From d19d535d851eedc73a56f562e7cdf652f43891ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:01:07 -0500 Subject: [PATCH 0901/1043] fix: made crab-hole dns accessible from other devices --- .../nixos/defiant/configuration.nix | 2 +- .../server/crab-hole/crab-hole.nix | 44 +++++++++++++++---- 2 files changed, 37 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c2b8fc5..fdf7356 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -348,7 +348,7 @@ openFirewall = true; show_doc = true; downstreams = { - loopback = { + host = { enable = true; openFirewall = true; }; diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index 58ff660..bde1d76 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -27,9 +27,19 @@ in { show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; downstreams = { - loopback = { - enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; - openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + host = { + enable = lib.mkEnableOption "host downstream DNS server accessible from network on all interfaces"; + port = lib.mkOption { + type = lib.types.port; + default = 53; + description = "Port for the host downstream DNS server to listen on."; + }; + openFirewall = lib.mkEnableOption "automatic port forwarding for the host downstream"; + disableSystemdResolved = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically disable systemd-resolved when using port 53. Set to false if you want to handle the conflict manually."; + }; }; }; @@ -82,6 +92,24 @@ in { }; config = lib.mkIf cfg.enable { + # Assertions for proper configuration + assertions = [ + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && config.services.resolved.enable && cfg.downstreams.host.disableSystemdResolved); + message = "crab-hole host downstream cannot use port 53 while systemd-resolved is enabled. Either disable systemd-resolved or use a different port."; + } + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && !cfg.downstreams.host.disableSystemdResolved && config.services.resolved.enable); + message = "crab-hole host downstream is configured to use port 53 but systemd-resolved is still enabled and disableSystemdResolved is false. Set disableSystemdResolved = true or manually disable systemd-resolved."; + } + ]; + + # Automatically disable systemd-resolved if using port 53 + services.resolved.enable = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkForce false); + + # Configure DNS nameservers when disabling systemd-resolved + networking.nameservers = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkDefault ["127.0.0.1" "1.1.1.1" "8.8.8.8"]); + services.crab-hole.settings = lib.mkMerge [ { api = { @@ -92,12 +120,12 @@ in { downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; } - (lib.mkIf cfg.downstreams.loopback.enable { + (lib.mkIf cfg.downstreams.host.enable { downstream = [ { protocol = "udp"; - listen = "localhost"; - port = 53; + listen = "0.0.0.0"; + port = cfg.downstreams.host.port; } ]; }) @@ -136,8 +164,8 @@ in { (lib.mkIf cfg.openFirewall { allowedTCPPorts = [cfg.port]; }) - (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { - allowedUDPPorts = [53]; + (lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.openFirewall) { + allowedUDPPorts = [cfg.downstreams.host.port]; }) ]; }; From 290c0692bb394071c470f35e96ceb08ec987f7fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:24:28 -0500 Subject: [PATCH 0902/1043] feat: added block list to crab-hole --- .../nixos/defiant/configuration.nix | 1 + .../server/crab-hole/crab-hole.nix | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fdf7356..6908eb7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -354,6 +354,7 @@ }; }; upstreams.cloudFlare.enable = true; + blocklists.ad_malware.enable = true; }; qbittorrent = { diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index bde1d76..d76323a 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -89,6 +89,23 @@ in { default = []; description = "List of additional upstream DNS server configurations."; }; + + blocklists = { + ad_malware = { + enable = lib.mkEnableOption "Host file for blocking ads and malware"; + url = lib.mkOption { + type = lib.types.str; + default = "http://sbc.io/hosts/hosts"; + description = "URL of the ad and malware blocklist host file"; + }; + }; + }; + + extraBlocklists = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional blocklist URLs to be added to the configuration"; + }; }; config = lib.mkIf cfg.enable { @@ -119,7 +136,11 @@ in { }; downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; + blocklist.lists = cfg.extraBlocklists; } + (lib.mkIf cfg.blocklists.ad_malware.enable { + blocklist.lists = [cfg.blocklists.ad_malware.url]; + }) (lib.mkIf cfg.downstreams.host.enable { downstream = [ { From f21777b1fbe69d747e84f0a7bd5eed85a62f576e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:55:35 -0500 Subject: [PATCH 0903/1043] fix: fixed pre and post commit hook behavior --- .hooks/post-commit | 10 +++++++++- .hooks/post-merge | 26 ++++++++++++++++++++------ .hooks/pre-commit | 24 +++++++++++++++++------- .hooks/pre-merge-commit | 4 ++-- 4 files changed, 48 insertions(+), 16 deletions(-) diff --git a/.hooks/post-commit b/.hooks/post-commit index 56c439d..03a160d 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -3,4 +3,12 @@ echo "restoring stashed changes" -git stash pop -q +# Find the most recent pre-commit stash and restore it +recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + +if [ -n "$recent_stash" ]; then + echo "Found recent pre-commit stash: $recent_stash" + git stash pop -q "$recent_stash" +else + echo "No pre-commit stash found to restore" +fi diff --git a/.hooks/post-merge b/.hooks/post-merge index 11fb20c..06fabc3 100755 --- a/.hooks/post-merge +++ b/.hooks/post-merge @@ -4,14 +4,28 @@ # Get current branch name current_branch=$(git branch --show-current) -# Only restore stash if we're on main branch and a merge just completed +# Only perform actions if we're on main branch and a merge just completed if [ "$current_branch" = "main" ]; then - # Check if there are any stashes to restore - if git stash list | grep -q "stash@"; then - echo "Post-merge: restoring stashed changes on main branch" - git stash pop -q + echo "Post-merge on main branch - running nix flake check" + + # Run nix flake check after merge into main + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Warning: nix flake check failed after merge into main" + echo "Please fix the issues as soon as possible" else - echo "Post-merge: no stash to restore on main branch" + echo "nix flake check passed after merge" + fi + + # Check if there are any pre-commit stashes to restore + recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + + if [ -n "$recent_stash" ]; then + echo "Post-merge: restoring pre-commit stash on main branch" + git stash pop -q "$recent_stash" + else + echo "Post-merge: no pre-commit stash to restore on main branch" fi else echo "Post-merge: no action needed on branch '$current_branch'" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index f98c64f..74cbc64 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,14 +1,24 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash ../shell.nix -echo "stashing all uncommitted changes" -git stash -q --keep-index +# Get current branch name +current_branch=$(git branch --show-current) -echo "checking flakes all compile" -nix flake check +echo "stashing all uncommitted changes with named stash (excluding hooks)" +git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' -if [ ! $? -eq 0 ]; then - exit 1 +# Only run nix flake check if we're on main branch +if [ "$current_branch" = "main" ]; then + echo "On main branch - checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed on main branch" + exit 1 + fi + echo "nix flake check passed" +else + echo "Not on main branch - skipping nix flake check" fi echo "running linter" @@ -19,4 +29,4 @@ RESULT=$? echo "adding lint changes to commit" git add -u -exit $RESULT \ No newline at end of file +exit $RESULT diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit index 9edaf92..9b7b41d 100755 --- a/.hooks/pre-merge-commit +++ b/.hooks/pre-merge-commit @@ -17,8 +17,8 @@ fi if [ "$target_branch" = "main" ]; then echo "Merging into main branch - running nix flake check..." - echo "stashing all uncommitted changes" - git stash -q --keep-index + echo "stashing all uncommitted changes with named stash (excluding hooks)" + git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/' echo "checking flakes all compile" nix flake check From 539af51473126cf2a715803d80d21b5a7bfdcd13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 18:52:38 -0500 Subject: [PATCH 0904/1043] disabled crab-hole --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/server/crab-hole/impermanence.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6908eb7..6d2925a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -343,7 +343,7 @@ }; crab-hole = { - enable = true; + enable = false; port = 8085; openFirewall = true; show_doc = true; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 455e593..8e1182c 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,7 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + config = lib.mkIf (config.services.crab-hole.enable && config.host.impermanence.enable) { assertions = [ { assertion = From 3f107f8d1eed9b38ae1270d61c283e1aed480ffa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 19:35:56 -0500 Subject: [PATCH 0905/1043] fix: fixed home manager impermanence activation on defiant --- configurations/home-manager/git/default.nix | 2 ++ configurations/home-manager/leyla/default.nix | 2 ++ modules/home-manager-modules/impermanence.nix | 16 ++++++++++------ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix index 2276e7a..1ea29cc 100644 --- a/configurations/home-manager/git/default.nix +++ b/configurations/home-manager/git/default.nix @@ -1,4 +1,6 @@ {osConfig, ...}: { + impermanence.fallbackPersistence.enable = false; + home = { username = osConfig.users.users.git.name; homeDirectory = osConfig.users.users.git.home; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index eba7f7b..8a37754 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,6 +12,8 @@ ]; config = { + impermanence.enable = osConfig.host.impermanence.enable; + # Home Manager needs a bit of information about you and the paths it should # manage. home = { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index dc9eae9..6c75edd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -8,21 +8,25 @@ in { options.impermanence = { enable = lib.mkEnableOption "impermanence for home directory"; + fallbackPersistence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkMerge [ (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.impermanence.enable; - message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + assertion = osConfig.host.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) - (lib.mkIf osConfig.host.impermanence.enable { - # If impermanence is not enabled for this user but system impermanence is enabled, - # persist the entire home directory as fallback - home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; allowOther = true; }; From 455a98810abeefa12186e6484569131db4240a73 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:03:52 -0500 Subject: [PATCH 0906/1043] feat: enabled crab-hole --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6d2925a..6908eb7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -343,7 +343,7 @@ }; crab-hole = { - enable = false; + enable = true; port = 8085; openFirewall = true; show_doc = true; From b17f8d49d5f3bd141ccc1a8e287c5f6b8b2acd76 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:32:24 -0500 Subject: [PATCH 0907/1043] build: updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index bb7e3a6..09349a6 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1760673822, - "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", + "lastModified": 1761019419, + "narHash": "sha256-lOzy4BGZtPxxNOzDEwfy3lcb7enl53f1wYP/JVWwSHg=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", + "rev": "727c8a012382db77e14d72ce1fe4e19be3206ce6", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1760662441, - "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", + "lastModified": 1761081701, + "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "722792af097dff5790f1a66d271a47759f477755", + "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1759342933, - "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", + "lastModified": 1760821194, + "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", + "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1760720017, - "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", + "lastModified": 1761011896, + "narHash": "sha256-p6oWYhpJGIV76tJExGUFRkir29yCTUYLsnKmnhzW2C0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", + "rev": "0a74c6a180110ac18584780eeff31e302b0bf8a4", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760106635, - "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "lastModified": 1760958188, + "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", + "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1760393368, - "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { From db8d36dadc3edff29eecf85137d5c5048c4a5960 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:39:16 -0500 Subject: [PATCH 0908/1043] build: updated mapillary uploader hash --- modules/common-modules/pkgs/mapillary-uploader.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 9ae2ea7..acff772 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; + sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI="; }; appimageContents = appimageTools.extractType2 { From 466926b919bbc929aece6cb0f21c6cc62cd13a06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:44:53 -0500 Subject: [PATCH 0909/1043] refactor: updated git configuration --- configurations/home-manager/eve/packages.nix | 8 +++++--- configurations/home-manager/leyla/packages/git.nix | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 73195c4..fb8d8a4 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -32,9 +32,11 @@ in { (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { git = { enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Eve"; + user.email = "evesnrobins@gmail.com"; + init.defaultBranch = "main"; + }; }; openssh = { diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 568cd7a..499e37b 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -2,9 +2,11 @@ config = { programs = { git = { - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Leyla Becker"; + user.email = "git@jan-leila.com"; + init.defaultBranch = "main"; + }; }; }; }; From 4dd285c1229a15ad051f432219897f9b3c93d0c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 12:45:17 -0500 Subject: [PATCH 0910/1043] feat: refactored reverse proxy to be a normally named module --- .../nixos/defiant/configuration.nix | 31 ++-- modules/nixos-modules/server/actual/proxy.nix | 23 ++- .../nixos-modules/server/bazarr/default.nix | 1 - modules/nixos-modules/server/bazarr/proxy.nix | 28 ---- modules/nixos-modules/server/default.nix | 2 +- .../server/flaresolverr/default.nix | 1 - .../server/flaresolverr/proxy.nix | 28 ---- .../nixos-modules/server/forgejo/default.nix | 2 +- .../nixos-modules/server/forgejo/proxy.nix | 25 ++- .../server/home-assistant/default.nix | 2 +- .../server/home-assistant/proxy.nix | 36 ++-- modules/nixos-modules/server/immich/proxy.nix | 39 +++-- .../nixos-modules/server/jackett/default.nix | 1 - .../nixos-modules/server/jackett/proxy.nix | 28 ---- .../nixos-modules/server/jellyfin/proxy.nix | 33 ++-- .../nixos-modules/server/lidarr/default.nix | 1 - modules/nixos-modules/server/lidarr/proxy.nix | 28 ---- .../nixos-modules/server/panoramax/proxy.nix | 36 ++-- .../server/paperless/default.nix | 1 - .../nixos-modules/server/paperless/proxy.nix | 33 ++-- .../nixos-modules/server/radarr/default.nix | 1 - modules/nixos-modules/server/radarr/proxy.nix | 28 ---- .../server/reverseProxy/default.nix | 6 + .../server/reverseProxy/impermanence.nix | 21 +++ .../server/reverseProxy/reverseProxy.nix | 158 ++++++++++++++++++ .../nixos-modules/server/reverse_proxy.nix | 128 -------------- modules/nixos-modules/server/searx/proxy.nix | 28 +++- .../nixos-modules/server/sonarr/default.nix | 1 - modules/nixos-modules/server/sonarr/proxy.nix | 28 ---- 29 files changed, 352 insertions(+), 426 deletions(-) delete mode 100644 modules/nixos-modules/server/bazarr/proxy.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix delete mode 100644 modules/nixos-modules/server/jackett/proxy.nix delete mode 100644 modules/nixos-modules/server/lidarr/proxy.nix delete mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/reverseProxy/default.nix create mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/reverseProxy.nix delete mode 100644 modules/nixos-modules/server/reverse_proxy.nix delete mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6908eb7..91a8c2c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,11 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - reverse_proxy = { - enable = true; - enableACME = true; - hostname = "jan-leila.com"; - }; postgres = { extraUsers = { leyla = { @@ -237,6 +232,16 @@ gnome.enable = true; }; + # Enable new reverse proxy system + reverseProxy = { + enable = true; + openFirewall = true; + acme = { + enable = true; + email = "jan-leila@protonmail.com"; + }; + }; + ollama = { enable = true; exposePort = true; @@ -294,33 +299,33 @@ jellyfin = { enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; + domain = "media.jan-leila.com"; + extraDomains = ["jellyfin.jan-leila.com"]; }; immich = { enable = true; - subdomain = "photos"; + domain = "photos.jan-leila.com"; }; forgejo = { enable = true; - subdomain = "git"; + domain = "git.jan-leila.com"; }; searx = { enable = true; - subdomain = "search"; + domain = "search.jan-leila.com"; }; actual = { enable = false; - subdomain = "budget"; + domain = "budget.jan-leila.com"; }; home-assistant = { enable = true; - subdomain = "home"; + domain = "home.jan-leila.com"; openFirewall = true; database = "postgres"; @@ -333,7 +338,7 @@ paperless = { enable = true; - subdomain = "documents"; + domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; }; diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index 6ca51e4..bf1711a 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -4,17 +4,26 @@ ... }: { options.services.actual = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; + description = "domain that actual will be hosted at"; + default = "actual.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for actual"; + default = []; }; }; - config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; + config = lib.mkIf (config.services.actual.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.actual = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + domain = config.services.actual.domain; + extraDomains = config.services.actual.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix deleted file mode 100644 index fe310d8..0000000 --- a/modules/nixos-modules/server/bazarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.bazarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { - host.reverse_proxy.subdomains.bazarr = { - subdomain = config.services.bazarr.subdomain; - extraSubdomains = config.services.bazarr.extraSubdomains; - target = "http://127.0.0.1:6767"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 57874d5..4981f28 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./reverse_proxy.nix + ./reverseProxy ./fail2ban.nix ./postgres.nix ./network_storage diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix deleted file mode 100644 index 5b8dd4c..0000000 --- a/modules/nixos-modules/server/flaresolverr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { - host.reverse_proxy.subdomains.flaresolverr = { - subdomain = config.services.flaresolverr.subdomain; - extraSubdomains = config.services.flaresolverr.extraSubdomains; - target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 1fdc8d9..5d0e7ad 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -31,7 +31,7 @@ in { lfs.enable = true; settings = { server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + DOMAIN = config.services.forgejo.reverseProxy.domain; HTTP_PORT = httpPort; START_SSH_SERVER = true; SSH_LISTEN_PORT = sshPort; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 51f769d..bde59d1 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -7,16 +7,29 @@ httpPort = const.httpPort; in { options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that forgejo will be hosted at"; + default = "git.jan-leila.com"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for forgejo"; + default = []; + }; }; }; - config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; + domain = config.services.forgejo.reverseProxy.domain; + extraDomains = config.services.forgejo.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; + }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 83d8ba7..4b1846b 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -82,7 +82,7 @@ login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + external_url = "https://${config.services.home-assistant.domain}"; # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index ba8f20d..1075c59 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -4,29 +4,33 @@ ... }: { options.services.home-assistant = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; + description = "domain that home-assistant will be hosted at"; + default = "home-assistant.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for home-assistant"; + default = []; }; }; - config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + config = lib.mkIf (config.services.reverseProxy.enable && config.services.home-assistant.enable) { + services.reverseProxy.services.home-assistant = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + domain = config.services.home-assistant.domain; + extraDomains = config.services.home-assistant.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 90; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index dae2420..a50ea1e 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -4,31 +4,34 @@ ... }: { options.services.immich = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; + description = "domain that immich will be hosted at"; + default = "immich.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for immich"; + default = []; }; }; - config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; + config = lib.mkIf (config.services.immich.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.immich = { + target = "http://localhost:${toString config.services.immich.port}"; + domain = config.services.immich.domain; + extraDomains = config.services.immich.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; + maxBodySize = 50000; - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 600; + }; }; }; }; diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix deleted file mode 100644 index af5fa79..0000000 --- a/modules/nixos-modules/server/jackett/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.jackett = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { - host.reverse_proxy.subdomains.jackett = { - subdomain = config.services.jackett.subdomain; - extraSubdomains = config.services.jackett.extraSubdomains; - target = "http://127.0.0.1:9117"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 1020a19..f803ecb 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -6,33 +6,30 @@ jellyfinPort = 8096; in { options.services.jellyfin = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; + description = "domain that jellyfin will be hosted at"; + default = "jellyfin.arpa"; }; - extraSubdomains = lib.mkOption { + extraDomains = lib.mkOption { type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; + description = "extra domains that should be configured for jellyfin"; default = []; }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.jellyfin = { + config = lib.mkIf (config.services.jellyfin.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; + domain = config.services.jellyfin.domain; + extraDomains = config.services.jellyfin.extraDomains; - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; + settings = { + forwardHeaders.enable = true; + maxBodySize = 20; + noSniff.enable = true; + proxyBuffering.enable = false; + }; }; }; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix deleted file mode 100644 index 0146ccf..0000000 --- a/modules/nixos-modules/server/lidarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.lidarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { - host.reverse_proxy.subdomains.lidarr = { - subdomain = config.services.lidarr.subdomain; - extraSubdomains = config.services.lidarr.extraSubdomains; - target = "http://127.0.0.1:8686"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 79f9326..35bc79b 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -4,31 +4,29 @@ ... }: { options.services.panoramax = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; + description = "domain that panoramax will be hosted at"; + default = "panoramax.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for panoramax"; + default = []; }; }; - config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; + config = lib.mkIf (config.services.panoramax.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.panoramax = { + target = "http://localhost:${toString config.services.panoramax.port}"; + domain = config.services.panoramax.domain; + extraDomains = config.services.panoramax.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; + maxBodySize = 100000; + timeout = 300; }; }; }; diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index a6878eb..d2bc930 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -22,7 +22,6 @@ config = lib.mkIf config.services.paperless.enable { services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; configureTika = true; settings = { PAPERLESS_DBENGINE = "postgresql"; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 2910f07..e79c8d9 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,30 @@ ... }: { options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that paperless will be hosted at"; + default = "paperless.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; + }; }; }; - config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.paperless = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + domain = config.services.paperless.reverseProxy.domain; + extraDomains = config.services.paperless.reverseProxy.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; + maxBodySize = 50000; }; }; }; diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix deleted file mode 100644 index ec5f575..0000000 --- a/modules/nixos-modules/server/radarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.radarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { - host.reverse_proxy.subdomains.radarr = { - subdomain = config.services.radarr.subdomain; - extraSubdomains = config.services.radarr.extraSubdomains; - target = "http://127.0.0.1:7878"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix new file mode 100644 index 0000000..5d57175 --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./reverseProxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix new file mode 100644 index 0000000..7af55df --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/impermanence.nix @@ -0,0 +1,21 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix new file mode 100644 index 0000000..5b8357f --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -0,0 +1,158 @@ +{ + lib, + config, + ... +}: { + options.services.reverseProxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + openFirewall = lib.mkEnableOption "open the firewall"; + ports = { + http = lib.mkOption { + type = lib.types.port; + description = "HTTP port for the reverse proxy"; + default = 80; + }; + https = lib.mkOption { + type = lib.types.port; + description = "HTTPS port for the reverse proxy"; + default = 443; + }; + }; + acme = { + enable = lib.mkOption { + type = lib.types.bool; + description = "enable ACME certificate management"; + default = true; + }; + email = lib.mkOption { + type = lib.types.str; + description = "email address for ACME certificate registration"; + }; + }; + services = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + target = lib.mkOption { + type = lib.types.str; + description = "what url will all traffic to this application be forwarded to"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + settings = { + certificateRenewal.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + forceSSL.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + proxyHeaders = { + enable = lib.mkEnableOption "should we proxy headers"; + timeout = lib.mkOption { + type = lib.types.int; + default = 60; + }; + }; + proxyWebsockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + noSniff.enable = lib.mkEnableOption "should the no sniff flags be set"; + proxyBuffering.enable = lib.mkOption { + type = lib.types.bool; + description = "should proxy buffering be enabled"; + default = true; + }; + maxBodySize = lib.mkOption { + type = lib.types.nullOr lib.types.int; + description = ""; + default = null; + }; + }; + }; + })); + }; + }; + + config = let + httpPort = config.services.reverseProxy.ports.http; + httpsPort = config.services.reverseProxy.ports.https; + in + lib.mkIf config.services.reverseProxy.enable { + security.acme = lib.mkIf config.services.reverseProxy.acme.enable { + acceptTerms = true; + defaults.email = config.services.reverseProxy.acme.email; + }; + + services.nginx = { + enable = true; + virtualHosts = lib.mkMerge ( + lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: service: let + hostConfig = { + forceSSL = service.settings.forceSSL.enable; + enableACME = service.settings.certificateRenewal.enable; + locations = { + "/" = { + proxyPass = service.target; + proxyWebsockets = service.settings.proxyWebsockets.enable; + recommendedProxySettings = service.settings.forwardHeaders.enable; + extraConfig = let + # Client upload size configuration + maxBodySizeConfig = + lib.optionalString (service.settings.maxBodySize != null) + "client_max_body_size ${toString service.settings.maxBodySize}M;"; + + # Security header configuration + noSniffConfig = + lib.optionalString service.settings.noSniff.enable + "add_header X-Content-Type-Options nosniff;"; + + # Proxy buffering configuration + proxyBufferingConfig = + lib.optionalString (!service.settings.proxyBuffering.enable) + "proxy_buffering off;"; + + # Proxy timeout configuration + proxyTimeoutConfig = + lib.optionalString service.settings.proxyHeaders.enable + '' + proxy_read_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_connect_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_send_timeout ${toString service.settings.proxyHeaders.timeout}s; + ''; + in + maxBodySizeConfig + noSniffConfig + proxyBufferingConfig + proxyTimeoutConfig; + }; + }; + }; + in ( + [ + { + ${service.domain} = hostConfig; + } + ] + ++ builtins.map (domain: {${domain} = hostConfig;}) + service.extraDomains + ) + ) + config.services.reverseProxy.services + ) + ); + }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.reverseProxy.openFirewall [ + httpPort + httpsPort + ]; + }; +} diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix deleted file mode 100644 index 26b4374..0000000 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; - httpPort = 80; - httpsPort = 443; -in { - options.host.reverse_proxy = { - enable = lib.mkEnableOption "turn on the reverse proxy"; - hostname = lib.mkOption { - type = lib.types.str; - description = "what host name are we going to be proxying from"; - }; - forceSSL = lib.mkOption { - type = lib.types.bool; - description = "force connections to use https"; - default = config.host.reverse_proxy.enableACME; - }; - enableACME = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "what is the default subdomain to be used for this application to be used for"; - default = name; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for this domain"; - default = []; - }; - - target = lib.mkOption { - type = lib.types.str; - description = "what url will all traffic to this application be forwarded to"; - }; - - websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; - - forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; - - extraConfig = lib.mkOption { - type = lib.types.lines; - default = ""; - description = '' - These lines go to the end of the upstream verbatim. - ''; - }; - }; - })); - }; - }; - - config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ - { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - services.nginx = { - enable = true; - virtualHosts = lib.mkMerge ( - lib.lists.flatten ( - lib.attrsets.mapAttrsToList ( - name: value: let - hostConfig = { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations = { - "/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets.enable; - recommendedProxySettings = value.forwardHeaders.enable; - extraConfig = - value.extraConfig; - }; - }; - }; - in ( - [ - { - ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; - } - ] - ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) - value.extraSubdomains - ) - ) - config.host.reverse_proxy.subdomains - ) - ); - }; - - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - # TODO: figure out how to write an assertion for this - # assertions = [ - # { - # assertion = security.acme.certs..directory == dataDir; - # message = "postgres data directory does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index 0c1eae1..aca5e36 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,18 +4,28 @@ ... }: { options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that searx will be hosted at"; + default = "searx.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; + }; }; }; - config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; + config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.searx = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + domain = config.services.searx.reverseProxy.domain; + extraDomains = config.services.searx.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix deleted file mode 100644 index 22b90a6..0000000 --- a/modules/nixos-modules/server/sonarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.sonarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { - host.reverse_proxy.subdomains.sonarr = { - subdomain = config.services.sonarr.subdomain; - extraSubdomains = config.services.sonarr.extraSubdomains; - target = "http://127.0.0.1:8989"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} From ad04be6534fb45e12630d2cffdea15dc82eaa48f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 12:49:36 -0500 Subject: [PATCH 0911/1043] feat: removed unused podman module --- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/podman.nix | 73 ------------------------ 2 files changed, 74 deletions(-) delete mode 100644 modules/nixos-modules/server/podman.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 4981f28..e4a68c2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -4,7 +4,6 @@ ./fail2ban.nix ./postgres.nix ./network_storage - ./podman.nix ./actual ./bazarr diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix deleted file mode 100644 index 9301140..0000000 --- a/modules/nixos-modules/server/podman.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: { - options.host.podman = { - enable = lib.mkEnableOption "should podman be enabled on this computer"; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - }; - config = lib.mkIf config.host.podman.enable { - systemd = { - services = { - # "podman-network-macvlan" = { - # path = [pkgs.podman]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # ExecStop = "podman network rm -f macvlan"; - # }; - # script = '' - # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - # ''; - # partOf = ["podman-compose-root.target"]; - # wantedBy = ["podman-compose-root.target"]; - # }; - }; - # disable computer sleeping - targets = { - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; - }; - }; - - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - # defaultNetwork.settings = { - # # Required for container networking to be able to use names. - # dns_enabled = true; - # }; - }; - - oci-containers = { - backend = "podman"; - }; - }; - }; -} From 0f5507c32800aaa8b2f215c6bf4ea1987ada6e6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 13:08:13 -0500 Subject: [PATCH 0912/1043] refactor: split configurations for fail2ban, postgres, and qbittorent into folders --- modules/nixos-modules/server/default.nix | 6 +- modules/nixos-modules/server/fail2ban.nix | 74 ----------- .../nixos-modules/server/fail2ban/default.nix | 6 + .../server/fail2ban/fail2ban.nix | 51 ++++++++ .../server/fail2ban/impermanence.nix | 27 ++++ modules/nixos-modules/server/postgres.nix | 121 ------------------ .../nixos-modules/server/postgres/default.nix | 6 + .../server/postgres/impermanence.nix | 27 ++++ .../server/postgres/postgres.nix | 98 ++++++++++++++ modules/nixos-modules/server/qbittorent.nix | 65 ---------- .../server/qbittorent/default.nix | 6 + .../server/qbittorent/impermanence.nix | 54 ++++++++ .../server/qbittorent/qbittorent.nix | 18 +++ 13 files changed, 296 insertions(+), 263 deletions(-) delete mode 100644 modules/nixos-modules/server/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/default.nix create mode 100644 modules/nixos-modules/server/fail2ban/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix delete mode 100644 modules/nixos-modules/server/postgres.nix create mode 100644 modules/nixos-modules/server/postgres/default.nix create mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/postgres.nix delete mode 100644 modules/nixos-modules/server/qbittorent.nix create mode 100644 modules/nixos-modules/server/qbittorent/default.nix create mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/qbittorent.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index e4a68c2..2b33089 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,8 +1,8 @@ {...}: { imports = [ ./reverseProxy - ./fail2ban.nix - ./postgres.nix + ./fail2ban + ./postgres ./network_storage ./actual @@ -17,7 +17,7 @@ ./lidarr ./panoramax ./paperless - ./qbittorent.nix + ./qbittorent ./radarr ./searx ./sonarr diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix deleted file mode 100644 index d19aeeb..0000000 --- a/modules/nixos-modules/server/fail2ban.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - { - environment.etc = { - "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "limiting requests, excess:.* by zone.*client: " - '') - ); - }; - - services.fail2ban = { - maxretry = 5; - ignoreIP = [ - # Whitelist local networks - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - - # tail scale tailnet - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the ban time based on all the violations - }; - jails = { - nginx-iptables.settings = lib.mkIf config.services.nginx.enable { - enabled = true; - filter = "nginx"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - # TODO; figure out if there is any fail2ban things we can do on searx - # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix new file mode 100644 index 0000000..30fca99 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./fail2ban.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/fail2ban/fail2ban.nix b/modules/nixos-modules/server/fail2ban/fail2ban.nix new file mode 100644 index 0000000..261c68f --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/fail2ban.nix @@ -0,0 +1,51 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + }; + + services.fail2ban = { + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix new file mode 100644 index 0000000..5bc4673 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + config = lib.mkIf (config.services.fail2ban.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix deleted file mode 100644 index 71ce44c..0000000 --- a/modules/nixos-modules/server/postgres.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/postgresql/16"; - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; -in { - options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isClient = lib.mkOption { - type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - })); - default = {}; - }; - extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ - { - services = { - postgresql = { - enable = true; - package = pkgs.postgresql_16; - ensureUsers = - [ - { - name = "postgres"; - } - ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; - identMap = - '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) - ) - + '' - - # Client Users - '' - + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=user_map - ''; - }; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix new file mode 100644 index 0000000..abf4ade --- /dev/null +++ b/modules/nixos-modules/server/postgres/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./postgres.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix new file mode 100644 index 0000000..6c2d295 --- /dev/null +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + config = lib.mkIf (config.host.postgres.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix new file mode 100644 index 0000000..e76857c --- /dev/null +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -0,0 +1,98 @@ +{ + config, + lib, + pkgs, + ... +}: let + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; +in { + options = { + host.postgres = { + enable = lib.mkEnableOption "enable postgres"; + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; + }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.postgres.enable { + services = { + postgresql = { + enable = true; + package = pkgs.postgresql_16; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + ensureDBOwnership = true; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=user_map + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix deleted file mode 100644 index 2d54587..0000000 --- a/modules/nixos-modules/server/qbittorent.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix new file mode 100644 index 0000000..f7511e6 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./qbittorent.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix new file mode 100644 index 0000000..da47d1a --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + config = lib.mkIf (config.services.qbittorrent.enable && config.host.impermanence.enable) { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_profile_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent/qbittorent.nix b/modules/nixos-modules/server/qbittorent/qbittorent.nix new file mode 100644 index 0000000..44603c8 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/qbittorent.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: { + options.services.qbittorrent = { + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable { + # Main qbittorrent configuration goes here if needed + }; +} From c2435883f1e9a1e945ad50bd62fdcf2ec492f3ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 15:01:16 -0500 Subject: [PATCH 0913/1043] fix: fixed domains for searx and paperless --- .../nixos-modules/server/paperless/proxy.nix | 19 ++++++------------- modules/nixos-modules/server/searx/proxy.nix | 19 ++++++------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index e79c8d9..04c8304 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,18 @@ ... }: { options.services.paperless = { - reverseProxy = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that paperless will be hosted at"; - default = "paperless.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for paperless"; - default = []; - }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; }; }; config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { services.reverseProxy.services.paperless = { target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - domain = config.services.paperless.reverseProxy.domain; - extraDomains = config.services.paperless.reverseProxy.extraDomains; + domain = config.services.paperless.domain; + extraDomains = config.services.paperless.extraDomains; settings = { proxyWebsockets.enable = true; diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index aca5e36..fbc80e0 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,25 +4,18 @@ ... }: { options.services.searx = { - reverseProxy = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that searx will be hosted at"; - default = "searx.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for searx"; - default = []; - }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; }; }; config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { services.reverseProxy.services.searx = { target = "http://localhost:${toString config.services.searx.settings.server.port}"; - domain = config.services.searx.reverseProxy.domain; - extraDomains = config.services.searx.reverseProxy.extraDomains; + domain = config.services.searx.domain; + extraDomains = config.services.searx.extraDomains; settings = { forwardHeaders.enable = true; From 7f740607133c55d32b2e5bb328563c7bda3791fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 01:55:58 -0500 Subject: [PATCH 0914/1043] chore: updated task list in README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f8c7ecf..23a4966 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins -- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier ## Broken things - [ ] figure out steam vr things? @@ -73,12 +72,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards - [ ] make radarr, sonarr, and bazarr accessible over vpn -- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn ## Services - [ ] vikunja service for project management - [ ] Create Tor guard/relay server - [ ] mastodon instance +- [ ] screeps server ## DevOps - [ ] wake on LAN for updates From ecec04a9ce84c62555b31ced2378d490681245d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:31:11 -0500 Subject: [PATCH 0915/1043] feat: added per service enable options for reverseProxy configs --- modules/nixos-modules/server/actual/proxy.nix | 6 +++++- modules/nixos-modules/server/forgejo/proxy.nix | 6 +++++- modules/nixos-modules/server/home-assistant/proxy.nix | 8 +++++++- modules/nixos-modules/server/immich/proxy.nix | 8 +++++++- modules/nixos-modules/server/jellyfin/proxy.nix | 8 +++++++- modules/nixos-modules/server/panoramax/proxy.nix | 8 +++++++- modules/nixos-modules/server/paperless/proxy.nix | 8 +++++++- modules/nixos-modules/server/searx/proxy.nix | 8 +++++++- 8 files changed, 52 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index bf1711a..9d37574 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -14,9 +14,13 @@ description = "extra domains that should be configured for actual"; default = []; }; + reverseProxy.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.services.reverseProxy.enable; + }; }; - config = lib.mkIf (config.services.actual.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.actual.reverseProxy.enable { services.reverseProxy.services.actual = { target = "http://localhost:${toString config.services.actual.settings.port}"; domain = config.services.actual.domain; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index bde59d1..c2d3131 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -8,6 +8,10 @@ in { options.services.forgejo = { reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.reverseProxy.enable; + }; domain = lib.mkOption { type = lib.types.str; description = "domain that forgejo will be hosted at"; @@ -21,7 +25,7 @@ in { }; }; - config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.forgejo.reverseProxy.enable { services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; domain = config.services.forgejo.reverseProxy.domain; diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index 1075c59..b756459 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for home-assistant"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.services.home-assistant.enable; + }; + }; }; - config = lib.mkIf (config.services.reverseProxy.enable && config.services.home-assistant.enable) { + config = lib.mkIf config.services.home-assistant.reverseProxy.enable { services.reverseProxy.services.home-assistant = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; domain = config.services.home-assistant.domain; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index a50ea1e..9c8c165 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for immich"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.immich.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.immich.reverseProxy.enable { services.reverseProxy.services.immich = { target = "http://localhost:${toString config.services.immich.port}"; domain = config.services.immich.domain; diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index f803ecb..35289e7 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -16,9 +16,15 @@ in { description = "extra domains that should be configured for jellyfin"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.jellyfin.reverseProxy.enable { services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; domain = config.services.jellyfin.domain; diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 35bc79b..7cd7111 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for panoramax"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.panoramax.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.panoramax.reverseProxy.enable { services.reverseProxy.services.panoramax = { target = "http://localhost:${toString config.services.panoramax.port}"; domain = config.services.panoramax.domain; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 04c8304..9d152c9 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -9,9 +9,15 @@ description = "extra domains that should be configured for paperless"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.paperless.reverseProxy.enable { services.reverseProxy.services.paperless = { target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; domain = config.services.paperless.domain; diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index fbc80e0..e994e4a 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -9,9 +9,15 @@ description = "extra domains that should be configured for searx"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.searx.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.searx.reverseProxy.enable { services.reverseProxy.services.searx = { target = "http://localhost:${toString config.services.searx.settings.server.port}"; domain = config.services.searx.domain; From a8af8930fa8f835bc2697aae88e3b9ddb9bf7a10 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:37:53 -0500 Subject: [PATCH 0916/1043] feat: added per service enable options for fail2ban configs --- .../nixos/defiant/configuration.nix | 2 +- .../nixos-modules/server/forgejo/fail2ban.nix | 11 +++- .../server/home-assistant/fail2ban.nix | 66 +++++++++++-------- .../nixos-modules/server/immich/fail2ban.nix | 11 +++- 4 files changed, 59 insertions(+), 31 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 91a8c2c..ae897ce 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -310,7 +310,7 @@ forgejo = { enable = true; - domain = "git.jan-leila.com"; + reverseProxy.domain = "git.jan-leila.com"; }; searx = { diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix index 213c804..dfe221a 100644 --- a/modules/nixos-modules/server/forgejo/fail2ban.nix +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + options.services.forgejo = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.fail2ban.enable; + }; + }; + }; + + config = lib.mkIf config.services.forgejo.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix index 6ac5900..25194ef 100644 --- a/modules/nixos-modules/server/home-assistant/fail2ban.nix +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -3,36 +3,46 @@ pkgs, config, ... -}: -lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { - environment.etc = { - "fail2ban/filter.d/hass.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); +}: { + options.services.home-assistant = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.home-assistant.enable; + }; + }; }; - services.fail2ban = { - jails = { - home-assistant-iptables.settings = { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; + config = lib.mkIf config.services.home-assistant.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix index c9ec87b..21593e7 100644 --- a/modules/nixos-modules/server/immich/fail2ban.nix +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + options.services.immich = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.immich.enable; + }; + }; + }; + + config = lib.mkIf config.services.immich.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] From 89793fca6aa221fa1b105f737b082320a8b0e001 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:41:00 -0500 Subject: [PATCH 0917/1043] feat: added per service enable options for impermanence configs --- modules/nixos-modules/server/actual/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/bazarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/crab-hole/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/fail2ban/impermanence.nix | 9 ++++++++- .../nixos-modules/server/flaresolverr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/forgejo/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/immich/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/jackett/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/jellyfin/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/lidarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/panoramax/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/paperless/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/qbittorent/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/radarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/sonarr/impermanence.nix | 9 ++++++++- 15 files changed, 120 insertions(+), 15 deletions(-) diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5eee95a..5a2bb6c 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -6,7 +6,14 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { - config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + options.services.actual = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix index 22fb0e6..70a45d1 100644 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -5,7 +5,14 @@ }: let bazarr_data_directory = "/var/lib/bazarr"; in { - config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + options.services.bazarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.bazarr.impermanence.enable { assertions = [ { assertion = config.services.bazarr.dataDir == bazarr_data_directory; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 8e1182c..51efc0c 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,14 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.crab-hole.enable && config.host.impermanence.enable) { + options.services.crab-hole = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.crab-hole.impermanence.enable { assertions = [ { assertion = diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix index 5bc4673..6e214b3 100644 --- a/modules/nixos-modules/server/fail2ban/impermanence.nix +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -6,7 +6,14 @@ dataFolder = "/var/lib/fail2ban"; dataFile = "fail2ban.sqlite3"; in { - config = lib.mkIf (config.services.fail2ban.enable && config.host.impermanence.enable) { + options.services.fail2ban = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.fail2ban.impermanence.enable { assertions = [ { assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix index b568a56..4544e75 100644 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + options.services.flaresolverr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.flaresolverr.impermanence.enable { # FlareSolverr typically doesn't need persistent storage as it's a proxy service # but we'll add basic structure in case it's needed for logs or configuration environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix index 04f21a5..6fe3de8 100644 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -5,7 +5,14 @@ }: let stateDir = "/var/lib/forgejo"; in { - config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + options.services.forgejo = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.forgejo.impermanence.enable { assertions = [ { assertion = config.services.forgejo.stateDir == stateDir; diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix index f63d178..56e51d0 100644 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -5,7 +5,14 @@ }: let mediaLocation = "/var/lib/immich"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.immich = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.immich.impermanence.enable { assertions = [ { assertion = config.services.immich.mediaLocation == mediaLocation; diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix index 5826a54..24fc5e6 100644 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -5,7 +5,14 @@ }: let jackett_data_directory = "/var/lib/jackett/.config/Jackett"; in { - config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + options.services.jackett = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jackett.impermanence.enable { assertions = [ { assertion = config.services.jackett.dataDir == jackett_data_directory; diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix index e0b3b5d..cbcb54f 100644 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -6,7 +6,14 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + options.services.jellyfin = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jellyfin.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix index 689b924..5d3aa3f 100644 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -5,7 +5,14 @@ }: let lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; in { - config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + options.services.lidarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.lidarr.impermanence.enable { assertions = [ { assertion = config.services.lidarr.dataDir == lidarr_data_directory; diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 41b1401..e25ef92 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { + options.services.panoramax = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.panoramax.impermanence.enable { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix index d9e17bd..fc87ea7 100644 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -5,7 +5,14 @@ }: let dataDir = "/var/lib/paperless"; in { - config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + options.services.paperless = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.paperless.impermanence.enable { assertions = [ { assertion = config.services.paperless.dataDir == dataDir; diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix index da47d1a..1489e7d 100644 --- a/modules/nixos-modules/server/qbittorent/impermanence.nix +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -5,7 +5,14 @@ }: let qbittorent_profile_directory = "/var/lib/qBittorrent/"; in { - config = lib.mkIf (config.services.qbittorrent.enable && config.host.impermanence.enable) { + options.services.qbittorrent = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.qbittorrent.impermanence.enable { fileSystems."/persist/system/qbittorrent".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix index 4a3242c..c948e3a 100644 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -5,7 +5,14 @@ }: let radarr_data_directory = "/var/lib/radarr/.config/Radarr"; in { - config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + options.services.radarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.radarr.impermanence.enable { assertions = [ { assertion = config.services.radarr.dataDir == radarr_data_directory; diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix index abc843c..5b90ee9 100644 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -5,7 +5,14 @@ }: let sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; in { - config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + options.services.sonarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.sonarr.impermanence.enable { assertions = [ { assertion = config.services.sonarr.dataDir == sonarr_data_directory; From 30a042d709f0e12eca50c001cbdbf5d7fa3855e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:56:07 -0500 Subject: [PATCH 0918/1043] refactor: moved server module configs out of default.nix files --- .../nixos-modules/server/actual/actual.nix | 20 ++++ .../nixos-modules/server/actual/default.nix | 20 +--- .../nixos-modules/server/forgejo/default.nix | 46 +------- .../nixos-modules/server/forgejo/forgejo.nix | 46 ++++++++ .../server/home-assistant/default.nix | 104 +----------------- .../server/home-assistant/home-assistant.nix | 104 ++++++++++++++++++ .../nixos-modules/server/jellyfin/default.nix | 32 +----- .../server/jellyfin/jellyfin.nix | 32 ++++++ .../server/network_storage/default.nix | 86 +-------------- .../network_storage/network_storage.nix | 86 +++++++++++++++ .../server/paperless/default.nix | 27 +---- .../server/paperless/paperless.nix | 27 +++++ .../nixos-modules/server/searx/default.nix | 59 +--------- modules/nixos-modules/server/searx/searx.nix | 59 ++++++++++ 14 files changed, 381 insertions(+), 367 deletions(-) create mode 100644 modules/nixos-modules/server/actual/actual.nix create mode 100644 modules/nixos-modules/server/forgejo/forgejo.nix create mode 100644 modules/nixos-modules/server/home-assistant/home-assistant.nix create mode 100644 modules/nixos-modules/server/jellyfin/jellyfin.nix create mode 100644 modules/nixos-modules/server/network_storage/network_storage.nix create mode 100644 modules/nixos-modules/server/paperless/paperless.nix create mode 100644 modules/nixos-modules/server/searx/searx.nix diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix new file mode 100644 index 0000000..96ea586 --- /dev/null +++ b/modules/nixos-modules/server/actual/actual.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + config = lib.mkIf config.services.actual.enable { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index 546240e..b59517b 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -1,26 +1,8 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { imports = [ + ./actual.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 5d0e7ad..4333f69 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -1,53 +1,9 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; - sshPort = const.sshPort; - db_user = "forgejo"; -in { imports = [ + ./forgejo.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.services.forgejo.reverseProxy.domain; - HTTP_PORT = httpPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/forgejo.nix b/modules/nixos-modules/server/forgejo/forgejo.nix new file mode 100644 index 0000000..70d3087 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/forgejo.nix @@ -0,0 +1,46 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.services.forgejo.reverseProxy.domain; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 4b1846b..b6f9356 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -1,112 +1,10 @@ { - lib, - config, - ... -}: { imports = [ + ./home-assistant.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ./extensions ]; - - options.services.home-assistant = { - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = "/var/lib/hass"; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.domain}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - ]); } diff --git a/modules/nixos-modules/server/home-assistant/home-assistant.nix b/modules/nixos-modules/server/home-assistant/home-assistant.nix new file mode 100644 index 0000000..fa58d5e --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/home-assistant.nix @@ -0,0 +1,104 @@ +{ + lib, + config, + ... +}: { + options.services.home-assistant = { + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.domain}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 0d88481..2dbdcfd 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -1,38 +1,8 @@ { - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; -in { imports = [ + ./jellyfin.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.jellyfin = { - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - }; } diff --git a/modules/nixos-modules/server/jellyfin/jellyfin.nix b/modules/nixos-modules/server/jellyfin/jellyfin.nix new file mode 100644 index 0000000..9bfa921 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/jellyfin.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + options.services.jellyfin = { + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index eaac7fe..cd100ab 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -1,90 +1,6 @@ { - config, - lib, - ... -}: let - export_directory = config.host.network_storage.export_directory; -in { imports = [ + ./network_storage.nix ./nfs.nix ]; - - options = { - host.network_storage = { - enable = lib.mkEnableOption "is this machine going to export network storage"; - export_directory = lib.mkOption { - type = lib.types.path; - description = "what are exports going to be stored in"; - default = "/exports"; - }; - directories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule ({config, ...}: { - options = { - folder = lib.mkOption { - type = lib.types.str; - description = "what is the name of this export directory"; - }; - bind = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = "is this directory bound to anywhere"; - default = null; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user owns this directory"; - default = "nouser"; - }; - group = lib.mkOption { - type = lib.types.str; - description = "what group owns this directory"; - default = "nogroup"; - }; - _directory = lib.mkOption { - internal = true; - readOnly = true; - type = lib.types.path; - default = "${export_directory}/${config.folder}"; - }; - }; - })); - description = "list of directory names to export"; - }; - }; - }; - - config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ - { - # create any folders that we need to have for our exports - systemd.tmpfiles.rules = - [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" - ] - ++ ( - builtins.map ( - directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" - ) - config.host.network_storage.directories - ); - - # set up any bind mounts that we need for our exports - fileSystems = builtins.listToAttrs ( - builtins.map (directory: - lib.attrsets.nameValuePair directory._directory { - device = directory.bind; - options = ["bind"]; - }) ( - builtins.filter (directory: directory.bind != null) config.host.network_storage.directories - ) - ); - } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) - ]); } diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix new file mode 100644 index 0000000..ebc3bee --- /dev/null +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.str; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.str; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index d2bc930..7e5e16b 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -1,34 +1,9 @@ { - config, - lib, - ... -}: { imports = [ + ./paperless.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.paperless = { - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable { - services.paperless = { - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - }; } diff --git a/modules/nixos-modules/server/paperless/paperless.nix b/modules/nixos-modules/server/paperless/paperless.nix new file mode 100644 index 0000000..5bcbfed --- /dev/null +++ b/modules/nixos-modules/server/paperless/paperless.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + options.services.paperless = { + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index ac84c1d..5426380 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -1,63 +1,6 @@ { - config, - lib, - inputs, - ... -}: { imports = [ + ./searx.nix ./proxy.nix ]; - - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; } diff --git a/modules/nixos-modules/server/searx/searx.nix b/modules/nixos-modules/server/searx/searx.nix new file mode 100644 index 0000000..d4d4012 --- /dev/null +++ b/modules/nixos-modules/server/searx/searx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: { + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} From 5114f52607aae5462eb391c2d13edee52beb0b70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 15:11:25 -0500 Subject: [PATCH 0919/1043] feat: added rust-analyzer vscode package --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/rustAnalyzer.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/rustAnalyzer.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index fd72006..36168b2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -69,6 +69,9 @@ in { # go development go.enable = true; + # rust development + rustAnalyzer.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 8f366fe..f9d83dc 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix ./claudeDev.nix diff --git a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix new file mode 100644 index 0000000..66e9ebe --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.rustAnalyzer = { + enable = lib.mkEnableOption "should the rust-analyzer extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "rust-analyzer" { + default = ["rust-lang" "rust-analyzer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.rustAnalyzer.enable { + extensions = [ + config.extraExtensions.rustAnalyzer.extension + ]; + }; + })); + }; +} From c97d43957df6413ab524c608169c77e58b464e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 13:06:08 -0500 Subject: [PATCH 0920/1043] feat: enabled actual --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae897ce..62ab1de 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -319,7 +319,7 @@ }; actual = { - enable = false; + enable = true; domain = "budget.jan-leila.com"; }; From 7ad6a83dfa1bc7f1d1335636e976035e1abf425f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 13:17:48 -0500 Subject: [PATCH 0921/1043] feat: broke leyla firefox config into submodules --- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager/leyla/packages/firefox.nix | 344 ------------------ .../leyla/packages/firefox/bookmarks.nix | 149 ++++++++ .../leyla/packages/firefox/default.nix | 18 + .../leyla/packages/firefox/firefox.nix | 221 +++++++++++ .../leyla/packages/firefox/harden.nix | 50 +++ 6 files changed, 439 insertions(+), 345 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/bookmarks.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/default.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/harden.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5bccad3..50cc175 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -9,7 +9,7 @@ in { imports = [ ./vscode - ./firefox.nix + ./firefox ./direnv.nix ./openssh.nix ./git.nix diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix deleted file mode 100644 index d166eb4..0000000 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ /dev/null @@ -1,344 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - config = { - programs.firefox = { - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; - - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; - }; - }; - }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes - - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes - - privacy-badger - decentraleyes - clearurls - localcdn - - snowflake - - deutsch-de-language-pack - dictionary-german - - tab-session-manager - - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; - - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" - "addon_simplelogin-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; - }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix new file mode 100644 index 0000000..8435d45 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -0,0 +1,149 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + bookmarks = { + force = true; + settings = [ + # Personal Services + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Search"; + url = "https://search.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Budget"; + url = "https://budget.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Documents"; + url = "https://documents.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + + # Defiant Server Services + { + name = "QBittorrent"; + url = "http://defiant:8084"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Sonarr"; + url = "http://defiant:8989"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Radarr"; + url = "http://defiant:7878"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Bazarr"; + url = "http://defiant:6767"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Lidarr"; + url = "http://defiant:8686"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Jackett"; + url = "http://defiant:9117"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Crab-hole DNS"; + url = "http://defiant:8085"; + keyword = ""; + tags = ["defiant"]; + } + + # External Services + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/default.nix b/configurations/home-manager/leyla/packages/firefox/default.nix new file mode 100644 index 0000000..4246c68 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/default.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./firefox.nix + ./bookmarks.nix + ./harden.nix + ]; + + config = { + programs.firefox = { + enable = true; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix new file mode 100644 index 0000000..1678353 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -0,0 +1,221 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + programs.firefox = { + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; + + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; + + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes + + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes + + privacy-badger + decentraleyes + clearurls + localcdn + + snowflake + + deutsch-de-language-pack + dictionary-german + + tab-session-manager + + # (\ + # buildFirefoxXpiAddon rec {\ + # pname = "italiano-it-language-pack";\ + # version = "132.0.20241110.231641";\ + # addonId = "langpack-it@firefox.mozilla.org";\ + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\ + # sha256 = "";\ + # meta = with lib;\ + # {\ + # description = "Firefox Language Pack for Italiano (it) – Italian";\ + # license = licenses.mpl20;\ + # mozPermissions = [];\ + # platforms = platforms.all;\ + # };\ + # }\ + # )\ + # (\ + # buildFirefoxXpiAddon rec {\ + # pname = "dizionario-italiano";\ + # version = "5.1";\ + # addonId = "it-IT@dictionaries.addons.mozilla.org";\ + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\ + # sha256 = "";\ + # meta = with lib;\ + # {\ + # description = "Add support for Italian to spellchecking";\ + # license = licenses.gpl3;\ + # mozPermissions = [];\ + # platforms = platforms.all;\ + # };\ + # }\ + # )\ + ]; + + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/harden.nix b/configurations/home-manager/leyla/packages/firefox/harden.nix new file mode 100644 index 0000000..66310c2 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/harden.nix @@ -0,0 +1,50 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + settings = { + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Privacy & Data Protection + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + + # Disable telemetry and data collection + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + }; + }; +} From f72a6da0132b370a6d84db2c91e53e3a8857cc37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 14:24:18 -0500 Subject: [PATCH 0922/1043] feat: fixed actual install --- modules/nixos-modules/server/actual/actual.nix | 14 +++++++++----- modules/nixos-modules/server/actual/const.nix | 2 +- .../nixos-modules/server/actual/impermanence.nix | 10 ++++++++-- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix index 96ea586..4cca449 100644 --- a/modules/nixos-modules/server/actual/actual.nix +++ b/modules/nixos-modules/server/actual/actual.nix @@ -6,14 +6,18 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { + options.services.actual = { + port = lib.mkOption { + type = lib.types.port; + description = "The port to listen on"; + default = 5006; + }; + }; config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - services.actual = { settings = { - ACTUAL_DATA_DIR = dataDirectory; + port = config.services.actual.port; + dataDir = dataDirectory; }; }; }; diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix index 13b068e..14b715e 100644 --- a/modules/nixos-modules/server/actual/const.nix +++ b/modules/nixos-modules/server/actual/const.nix @@ -1,3 +1,3 @@ { - dataDirectory = "/var/lib/actual/"; + dataDirectory = "/var/lib/private/actual"; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5a2bb6c..f203178 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -5,6 +5,8 @@ }: let const = import ./const.nix; dataDirectory = const.dataDirectory; + # Strip /private from dataDirectory for assertion check (systemd DynamicUser adds /private automatically) + configDataDirectory = lib.strings.replaceStrings ["/var/lib/private"] ["/var/lib"] dataDirectory; in { options.services.actual = { impermanence.enable = lib.mkOption { @@ -16,8 +18,12 @@ in { config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; } ]; environment.persistence."/persist/system/root" = { From 758cbd17f72a738658e7d8554b9d3560a01fbb06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 14:43:50 -0500 Subject: [PATCH 0923/1043] refactor: removed unused var --- modules/nixos-modules/server/actual/impermanence.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index f203178..d870789 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -5,8 +5,6 @@ }: let const = import ./const.nix; dataDirectory = const.dataDirectory; - # Strip /private from dataDirectory for assertion check (systemd DynamicUser adds /private automatically) - configDataDirectory = lib.strings.replaceStrings ["/var/lib/private"] ["/var/lib"] dataDirectory; in { options.services.actual = { impermanence.enable = lib.mkOption { From 81a65885374148fc60e0335624b8e7102cfbbdab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 23:35:54 -0500 Subject: [PATCH 0924/1043] feat: updated flack lock --- flake.lock | 30 ++++++++++++------------ modules/nixos-modules/server/wyoming.nix | 6 ++--- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 09349a6..11fb672 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761019419, - "narHash": "sha256-lOzy4BGZtPxxNOzDEwfy3lcb7enl53f1wYP/JVWwSHg=", + "lastModified": 1761478231, + "narHash": "sha256-a6ROM73M0TSrooI+8/UMj5KWKOdaDFTycVeo8XJ3dk4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "727c8a012382db77e14d72ce1fe4e19be3206ce6", + "rev": "ae968708476302f8781fb5e245d53f112ed04111", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761081701, - "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1760721282, - "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", + "lastModified": 1761339987, + "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", + "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761011896, - "narHash": "sha256-p6oWYhpJGIV76tJExGUFRkir29yCTUYLsnKmnhzW2C0=", + "lastModified": 1761530505, + "narHash": "sha256-SbuUyC5pfTcMa9JUqSxFyGJpCqoUsB74tboS22+lByY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0a74c6a180110ac18584780eeff31e302b0bf8a4", + "rev": "5a5496a7d21265e0ce7641452daf6c560f0eb7a9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index 4894dd4..c9a1474 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -37,9 +37,9 @@ openwakeword = { enable = true; uri = "tcp://0.0.0.0:10400"; - preloadModels = [ - "ok_nabu" - ]; + # preloadModels = [ + # "ok_nabu" + # ]; # TODO: custom models }; }; From bb5c94ec2c8c4955a3fd21bd1c460601889d749d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 00:53:59 -0500 Subject: [PATCH 0925/1043] feat: added catch all route to reverse proxy that blocks connections on non specified hosts --- .../server/reverseProxy/reverseProxy.nix | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix index 5b8357f..eecc9bf 100644 --- a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -6,6 +6,11 @@ options.services.reverseProxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; openFirewall = lib.mkEnableOption "open the firewall"; + refuseUnmatchedDomains = lib.mkOption { + type = lib.types.bool; + description = "refuse connections for domains that don't match any configured virtual hosts"; + default = true; + }; ports = { http = lib.mkOption { type = lib.types.port; @@ -96,7 +101,20 @@ services.nginx = { enable = true; virtualHosts = lib.mkMerge ( - lib.lists.flatten ( + (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [ + { + "_" = { + default = true; + serverName = "_"; + locations."/" = { + extraConfig = '' + return 444; + ''; + }; + }; + } + ]) + ++ lib.lists.flatten ( lib.attrsets.mapAttrsToList ( name: service: let hostConfig = { From ec802a2462571c069485b1eeaac6d3c476e332d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 00:56:56 -0500 Subject: [PATCH 0926/1043] chore: updated README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 23a4966..a251dad 100644 --- a/README.md +++ b/README.md @@ -43,12 +43,12 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- proton mail now has an smtp server we could use that for our zfs and SMART test emails # Tasks: ## Chores: - [ ] test out crab hole service -- [ ] learn how to use actual ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From f91f20be7c68920c1c52378aba82dba2a8ec472d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 01:13:42 -0500 Subject: [PATCH 0927/1043] chore: added more tasks to README.md --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a251dad..b253091 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] secondary server with data sync ## Data Access - [ ] nfs export should be backed by the same values for server and client @@ -76,6 +77,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Services - [ ] vikunja service for project management +- [ ] Penpot services (need to make this custom) +- [ ] minecraft server with old world file - [ ] Create Tor guard/relay server - [ ] mastodon instance - [ ] screeps server @@ -98,4 +101,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] postgres db load - [ ] nginx queries - [ ] ntfy.sh for push notifications -- [ ] kuma for uptime visualization \ No newline at end of file +- [ ] kuma for uptime visualization + +## Packages +- [ ] Custom private fork of MultiMC \ No newline at end of file From df663e5438753d2cde51bed048217a2dd99c3058 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 02:34:53 -0500 Subject: [PATCH 0928/1043] chore: added task to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b253091..883e143 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut -- [ ] secondary server with data sync +- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access - [ ] nfs export should be backed by the same values for server and client From e57c1df6e5a6537b4ca8f4fc315fcbdcfd69f2a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 02:52:56 -0500 Subject: [PATCH 0929/1043] chore:added task for qbittorent directory --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 883e143..d3a2121 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Chores: - [ ] test out crab hole service +- [ ] qbittorent should be downloading to `rpool/persist/system/qbittorrent` or maybe even `rpool/persist/system/jellyfin` but right now its downloading to `rpool/persist/system/root` this should be fixed ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From f9c27c82b67930a90db943587543abfe46fda406 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 03:55:09 -0500 Subject: [PATCH 0930/1043] feat: refactored database configuration --- .../nixos/defiant/configuration.nix | 15 ++- .../nixos-modules/server/forgejo/database.nix | 59 ++++------ .../server/home-assistant/database.nix | 91 +++++++-------- .../nixos-modules/server/immich/database.nix | 44 +++---- .../server/panoramax/database.nix | 64 +++++++---- .../server/paperless/database.nix | 50 ++++---- .../server/postgres/impermanence.nix | 2 +- .../server/postgres/postgres.nix | 108 +++++++++++------- 8 files changed, 229 insertions(+), 204 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 62ab1de..e2f9401 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,13 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - postgres = { - extraUsers = { - leyla = { - isAdmin = true; - }; - }; - }; }; systemd.network = { @@ -220,6 +213,12 @@ }; services = { + # PostgreSQL database server + postgresql = { + enable = true; + adminUsers = ["leyla"]; + }; + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; @@ -327,7 +326,7 @@ enable = true; domain = "home.jan-leila.com"; openFirewall = true; - database = "postgres"; + postgres.enable = true; extensions = { sonos.enable = true; diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix index 0417aab..bb8781c 100644 --- a/modules/nixos-modules/server/forgejo/database.nix +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -2,40 +2,31 @@ lib, config, ... -}: { - config = lib.mkIf config.services.forgejo.enable ( - lib.mkMerge [ +}: let + usingPostgres = config.services.forgejo.database.type == "postgres"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; - message = "Forgejo database type must be postgres"; - } - ]; + assertion = !usingPostgres || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when Forgejo database type is postgres"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - forgejo = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - forgejo = { - name = "forgejo"; - }; - }; - }; - }; - }) - ] - ); + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (db: db == "forgejo") config.services.postgresql.ensureDatabases); + message = "Forgejo built-in database creation failed - expected 'forgejo' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (user: user.name == "forgejo") config.services.postgresql.ensureUsers); + message = "Forgejo built-in user creation failed - expected user 'forgejo' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.forgejo.database.createDatabase = lib.mkDefault usingPostgres; + + systemd.services.forgejo = lib.mkIf usingPostgres { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix index 0ac8002..f1927ed 100644 --- a/modules/nixos-modules/server/home-assistant/database.nix +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -2,55 +2,52 @@ lib, config, ... -}: let - dbUser = "hass"; -in { - config = lib.mkIf config.services.home-assistant.enable ( - lib.mkMerge [ +}: { + options.services.home-assistant = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database name"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.home-assistant.database == "postgres"; - message = "Home Assistant database type must be postgres"; - } - ]; + assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Home Assistant"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; + ]; - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; + services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + enable = true; + user = config.services.home-assistant.postgres.user; + database = config.services.home-assistant.postgres.database; + }; - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - ] - ); + services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix index 74b1aaa..52af51e 100644 --- a/modules/nixos-modules/server/immich/database.nix +++ b/modules/nixos-modules/server/immich/database.nix @@ -3,24 +3,28 @@ config, ... }: { - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - }) - ]); + config = lib.mkIf config.services.immich.enable { + assertions = [ + { + assertion = !config.services.immich.database.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Immich"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (db: db == "immich") config.services.postgresql.ensureDatabases); + message = "Immich built-in database creation failed - expected 'immich' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (user: user.name == "immich") config.services.postgresql.ensureUsers); + message = "Immich built-in user creation failed - expected user 'immich' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + # Note: Immich has built-in database creation via services.immich.database.createDB we only add the systemd dependency + + systemd.services.immich-server = lib.mkIf config.services.immich.database.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 8679f9a..1721726 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -3,32 +3,46 @@ config, ... }: { - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; + options.services.panoramax = { + database = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database name"; }; }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.panoramax.database.name} = { - name = config.services.panoramax.database.user; - }; - }; - }; - }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable { + assertions = [ + { + assertion = !config.services.panoramax.database.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Panoramax"; } - ) - ]); + ]; + + services.postgresql.databases.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + enable = true; + user = config.services.panoramax.database.postgres.user; + database = config.services.panoramax.database.postgres.database; + }; + + systemd.services.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix index 6f4ce51..c63e59d 100644 --- a/modules/nixos-modules/server/paperless/database.nix +++ b/modules/nixos-modules/server/paperless/database.nix @@ -3,32 +3,28 @@ lib, ... }: { - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; + config = lib.mkIf config.services.paperless.enable { + assertions = [ + { + assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using local postgres database for Paperless"; } - ) - ]); + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases); + message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers); + message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.paperless.database.createLocally = lib.mkDefault true; + + systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix index 6c2d295..a67fb1a 100644 --- a/modules/nixos-modules/server/postgres/impermanence.nix +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -5,7 +5,7 @@ }: let dataDir = "/var/lib/postgresql/16"; in { - config = lib.mkIf (config.host.postgres.enable && config.host.impermanence.enable) { + config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix index e76857c..af7d1b4 100644 --- a/modules/nixos-modules/server/postgres/postgres.nix +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -4,70 +4,94 @@ pkgs, ... }: let - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; + enabledDatabases = lib.filterAttrs (_: db: db.enable) config.services.postgresql.databases; + extraDatabasesList = config.services.postgresql.extraDatabases; + + serviceDatabaseUsers = lib.mapAttrsToList (_: db: { + name = db.user; + ensureDBOwnership = true; + }) (lib.filterAttrs (_: db: db.ensureUser) enabledDatabases); + + extraDatabaseUsers = + builtins.map (dbName: { + name = dbName; + ensureDBOwnership = true; + }) + extraDatabasesList; + + serviceDatabases = lib.mapAttrsToList (_: db: db.database) enabledDatabases; + extraDatabaseNames = extraDatabasesList; + + serviceUserMappings = lib.mapAttrsToList (_: db: "user_map ${db.user} ${db.user}") enabledDatabases; + extraUserMappings = builtins.map (dbName: "user_map ${dbName} ${dbName}") extraDatabasesList; + + builtinServiceMappings = let + forgejoMapping = lib.optional (config.services.forgejo.enable && config.services.forgejo.database.type == "postgres") "user_map forgejo forgejo"; + immichMapping = lib.optional (config.services.immich.enable && config.services.immich.database.enable) "user_map immich immich"; + paperlessMapping = lib.optional (config.services.paperless.enable && config.services.paperless.database.createLocally) "user_map paperless paperless"; + in + forgejoMapping ++ immichMapping ++ paperlessMapping; in { options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { + services.postgresql = { + databases = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { - name = lib.mkOption { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to create this database and user"; + }; + user = lib.mkOption { type = lib.types.str; default = name; + description = "Database user name"; }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; + database = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database name"; }; - isClient = lib.mkOption { + ensureUser = lib.mkOption { type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; + default = true; + description = "Whether to ensure the user exists"; }; }; })); default = {}; + description = "Databases to create for services"; }; + extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional databases to create (user name will match database name)"; + example = ["custom_db" "test_db"]; + }; + + adminUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "System users who should have PostgreSQL superuser access"; + example = ["leyla" "admin"]; }; }; }; - config = lib.mkIf config.host.postgres.enable { + config = lib.mkIf config.services.postgresql.enable { services = { postgresql = { - enable = true; package = pkgs.postgresql_16; + ensureUsers = [ - { - name = "postgres"; - } + {name = "postgres";} ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; + ++ serviceDatabaseUsers ++ extraDatabaseUsers; + + ensureDatabases = serviceDatabases ++ extraDatabaseNames; + identMap = '' # ArbitraryMapName systemUser DBUser @@ -77,16 +101,16 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user} postgres") config.services.postgresql.adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (serviceUserMappings ++ extraUserMappings ++ builtinServiceMappings) ); - # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map From 69ccbffd86992895196013fbf737ead6a8adfe7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 11:02:42 -0500 Subject: [PATCH 0931/1043] chore: removed incorrect task --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d3a2121..883e143 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Chores: - [ ] test out crab hole service -- [ ] qbittorent should be downloading to `rpool/persist/system/qbittorrent` or maybe even `rpool/persist/system/jellyfin` but right now its downloading to `rpool/persist/system/root` this should be fixed ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From c0e2e7ba4a6294033a45685d758f31bd2651d2b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 30 Oct 2025 17:43:52 -0500 Subject: [PATCH 0932/1043] feat: updated flake.lock --- flake.lock | 36 +++++++++---------- .../common-modules/pkgs/polycule/default.nix | 4 +-- .../programs/bitwarden.nix | 2 +- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 11fb672..ae03c48 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761478231, - "narHash": "sha256-a6ROM73M0TSrooI+8/UMj5KWKOdaDFTycVeo8XJ3dk4=", + "lastModified": 1761797037, + "narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=", "owner": "rycee", "repo": "nur-expressions", - "rev": "ae968708476302f8781fb5e245d53f112ed04111", + "rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1761845621, + "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761530505, - "narHash": "sha256-SbuUyC5pfTcMa9JUqSxFyGJpCqoUsB74tboS22+lByY=", + "lastModified": 1761789484, + "narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5a5496a7d21265e0ce7641452daf6c560f0eb7a9", + "rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760958188, - "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", + "lastModified": 1761827175, + "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", + "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index b463cc5..e9841fe 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -3,7 +3,7 @@ flutter332, fetchFromGitLab, pkg-config, - wrapGAppsHook, + wrapGAppsHook3, gtk3, glib, glib-networking, @@ -65,7 +65,7 @@ flutter332.buildFlutterApplication rec { nativeBuildInputs = [ pkg-config - wrapGAppsHook + wrapGAppsHook3 ]; buildInputs = [ diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 5c14068..e305b6c 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -11,7 +11,7 @@ config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ { home.packages = with pkgs; [ - bitwarden + bitwarden-desktop ]; } ( From e1a5ddde95472de74219a40592dd746c9efa704d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 30 Oct 2025 22:28:02 -0500 Subject: [PATCH 0933/1043] feat: added storj to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 883e143..dc12d35 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] Create Tor guard/relay server - [ ] mastodon instance - [ ] screeps server +- [ ] storj server ## DevOps - [ ] wake on LAN for updates From bfe774b74ccf604029f9e2b9870b7eee096069b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:08:28 -0500 Subject: [PATCH 0934/1043] added --vm flag to rebuild --- .gitignore | 3 ++- rebuild.sh | 68 ++++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 53 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index ce2538f..2810727 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ result .direnv .vscode/* -!.vscode/settings.json \ No newline at end of file +!.vscode/settings.json +nixos.qcow2 diff --git a/rebuild.sh b/rebuild.sh index 6750450..48746d9 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -18,6 +18,7 @@ else fi show_trace=false +clean_vm=false while [ $# -gt 0 ]; do case "$1" in @@ -50,6 +51,9 @@ while [ $# -gt 0 ]; do --show-trace) show_trace=true ;; + --clean-vm) + clean_vm=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: defaults to the current system" @@ -58,6 +62,8 @@ while [ $# -gt 0 ]; do echo " currently: ${target:-$default_target}" echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" echo " currently would be: $default_mode" + echo " Available modes: switch, test, build, boot, vm" + echo " 'vm' mode builds and starts a virtual machine" echo "--user -u: defaults to the current user" echo " currently: $default_user" echo "--host: defaults to building on the current machine" @@ -65,6 +71,7 @@ while [ $# -gt 0 ]; do echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "--clean-vm: remove existing VM disk (nixos.qcow2) before building" echo "" echo "Branch-aware behavior:" echo " - On non-main branches: defaults to test mode with warning" @@ -90,6 +97,20 @@ flake=${flake:-$target} mode=${mode:-$default_mode} user=${user:-$default_user} +# Validate mode +valid_modes="switch test build boot vm" +if [[ ! " $valid_modes " =~ " $mode " ]]; then + echo "Error: Invalid mode '$mode'" + echo "Valid modes are: $valid_modes" + exit 1 +fi + +# Clean VM disk if requested +if [[ "$clean_vm" = true ]] && [[ -f "nixos.qcow2" ]]; then + echo "Removing existing VM disk: nixos.qcow2" + rm nixos.qcow2 +fi + # Branch-aware warnings and behavior if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" @@ -101,26 +122,39 @@ elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" ! echo " git checkout -b feature/your-feature-name" fi -command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" +if [[ "$mode" == "vm" ]]; then + command="nix build .#nixosConfigurations.$flake.config.system.build.vm" + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command + + if [[ $? -eq 0 ]] && [[ -d "result" ]]; then + echo "Starting VM..." + QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset + fi +else + command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" + + if [[ $host ]]; then + command="$command --build-host $host" + fi -if [[ $host ]]; -then - command="$command --build-host $host" + if [[ "$target" != "$(hostname)" ]]; then + command="$command --target-host $user@$target" + fi + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command fi -if [[ "$target" != "$(hostname)" ]]; -then - command="$command --target-host $user@$target" -fi - -if [[ "$show_trace" = true ]]; -then - command="$command --show-trace" -fi - -echo $command -$command - if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; From dfeac5585f95fd4f07a164e9002cca3b5527f3be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:29:34 -0500 Subject: [PATCH 0935/1043] chore: added task to README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index dc12d35..ba6bfc2 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins +- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices ## Broken things - [ ] figure out steam vr things? @@ -65,6 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] every service needs to have its own data pool - [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access From c6b129726d772900d459824979697d7d5eb19e99 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 17:45:26 -0500 Subject: [PATCH 0936/1043] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ba6bfc2..08c689f 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards - [ ] make radarr, sonarr, and bazarr accessible over vpn - [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services - [ ] vikunja service for project management From 34e8cf44058080b3a8532005ab05f026917fc598 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 19:37:59 -0500 Subject: [PATCH 0937/1043] chore: reorganized some tasks in TODO --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 08c689f..2a53e24 100644 --- a/README.md +++ b/README.md @@ -82,10 +82,10 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] vikunja service for project management - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file -- [ ] Create Tor guard/relay server -- [ ] mastodon instance -- [ ] screeps server - [ ] storj server +- [ ] Create Tor guard/relay server +- [ ] screeps server +- [ ] mastodon instance ## DevOps - [ ] wake on LAN for updates From 353ae4b87498c2f2b8a406d9c89992427e63edb8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 19:49:10 -0500 Subject: [PATCH 0938/1043] chore: added more description to task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a53e24..f1b559c 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] samba mounts - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards -- [ ] make radarr, sonarr, and bazarr accessible over vpn +- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy - [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn - [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's From 4f16a0cf996c9bd5874450db38ec74a1bced548a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 31 Oct 2025 21:47:30 -0500 Subject: [PATCH 0939/1043] chore: created nodes for impermanence module --- modules/nixos-modules/impermanence.nix | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 7735e97..60011cb 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,6 +3,39 @@ lib, ... }: { + # options.storage = { + # zfs = { + # # TODO: enable option + # # when this option is enabled we need to configure and enable disko things + + # # TODO: we need some way of managing notifications + + # # TODO: we need options to configure zfs pools + # # we should have warnings when the configured pool is missing drives + + # # TODO: dataset option that is a submodule that adds datasets to the system + # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + + # # TODO: pools and datasets need to be passed to disko + # }; + + # impermanence = { + # # TODO: enable option + + # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # # Then we should make a dataset for user folders local and persist + # # We should also create datasets for systemd modules that have have impermanence enabled for them + # # we need to figure out what options a dataset can have in zfs + # }; + + # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # # TODO: we should have a way of enabling impermanence for a systemd config + # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # # options for features that can be added to the dataset + # }; + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; config = lib.mkMerge [ @@ -93,6 +126,7 @@ ]; }; + # TODO: this should live in leylas home manager configuration security.sudo.extraConfig = "Defaults lecture=never"; } ) From 78dd22fed3939862ea1e2714177060a6d143ce5a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 3 Nov 2025 11:55:10 -0600 Subject: [PATCH 0940/1043] feat: started to draft out new storage interface --- modules/nixos-modules/impermanence.nix | 155 +++++++++++++++++++++---- 1 file changed, 131 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 60011cb..5b1bbd2 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,38 +3,145 @@ lib, ... }: { - # options.storage = { - # zfs = { - # # TODO: enable option - # # when this option is enabled we need to configure and enable disko things + options.storage = let + datasetSubmodule = {name, ...}: { + # TODO: we need to figure out what options a dataset can have in zfs + }; - # # TODO: we need some way of managing notifications + impermanenceDatasetSubmodules = [ + datasetSubmodule + ({...}: let + pathPermissions = { + read = lib.mkEnableOption "should the path have read permissions"; + write = lib.mkEnableOption "should the path have read permissions"; + execute = lib.mkEnableOption "should the path have read permissions"; + }; + pathTypeSubmodule = {name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + owner = { + user = lib.mkOption { + type = lib.types.str; + default = "nouser"; + }; + permissions = pathPermissions; + }; + group = { + group = lib.mkOption { + type = lib.types.str; + default = "nogroup"; + }; + permissions = pathPermissions; + }; + other = { + permissions = pathPermissions; + }; + }; + }; + in { + options = { + files = lib.types.mkOption { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + directories = { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + }; + }) + ]; + in { + zfs = { + # TODO: enable option implementation + enable = lib.mkEnableOption "Should zfs be enabled on this system."; - # # TODO: we need options to configure zfs pools - # # we should have warnings when the configured pool is missing drives + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; + }; - # # TODO: dataset option that is a submodule that adds datasets to the system - # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + # TODO: we need options to configure zfs pools + # we should have warnings when the configured pool is missing drives after activation + # TODO: implementation of this + # TODO: validations that we have at least one boot drive + pool = let + deviceType = + lib.types.coercedTo lib.types.str (device: { + device = device; + boot = false; + }) { + device = lib.mkOption { + type = lib.types.str; + }; + boot = lib.mkEnableOption "should this device be a boot device"; + }; + in { + encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; + vdevs = lib.mkOption { + type = lib.types.listOf deviceType; + default = []; + }; + cache = lib.mkOption { + type = lib.types.attrsOf deviceType; + }; + }; - # # TODO: pools and datasets need to be passed to disko - # }; + # TODO:create the root dataset automatically + # TODO: dataset option that is a submodule that adds datasets to the system + # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + datasets = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + }; - # impermanence = { - # # TODO: enable option + impermanence = { + enable = lib.mkEnableOption "should impermanence be enabled for this system"; + # TODO: enable option implementation - # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # # Then we should make a dataset for user folders local and persist - # # We should also create datasets for systemd modules that have have impermanence enabled for them - # # we need to figure out what options a dataset can have in zfs - # }; + # TODO: assertion that zfs needs to be enabled when impermanence is enabled - # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # We should also create datasets for systemd modules that have have impermanence enabled for them - # # TODO: we should have a way of enabling impermanence for a systemd config - # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) - # # options for features that can be added to the dataset - # }; + datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + + # TODO: this should just live under home-manager.users..storage.impermanence + home-manager = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + enable = lib.mkEnableOption "should impermanence be enabled for this user"; + + # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets + datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + })); + }; + + # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # TODO: we should have a way of enabling impermanence for a systemd config + # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # options for features that can be added to the dataset + }; options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; From 0d6f82f29e7341122bff2d44bf51109b4c14d458 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 3 Nov 2025 20:04:36 -0600 Subject: [PATCH 0941/1043] build: updated flake.lock --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index ae03c48..6a4736b 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761797037, - "narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=", + "lastModified": 1762162438, + "narHash": "sha256-GPnRGcVck+TPiQl6Rqj0i57c8hAa34RsQWVqQAW0OVY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891", + "rev": "2cf91d46e558b29f9f9bbdd23408f62e8423aa00", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761845621, - "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=", + "lastModified": 1762183399, + "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", "owner": "nix-community", "repo": "home-manager", - "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d", + "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", "type": "github" }, "original": { @@ -164,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1755787066, - "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", - "rev": "ac9721a92e8138d29707824dbedb484c76948493", + "lastModified": 1761937274, + "narHash": "sha256-KlELhsSq3XbemrGyQhmGurFu7m8wOEBw+8M04L7hn7A=", + "rev": "91867941fa73afea7869b7c71ede82e5ef8927da", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/91867941fa73afea7869b7c71ede82e5ef8927da.tar.gz?rev=91867941fa73afea7869b7c71ede82e5ef8927da" }, "original": { "type": "tarball", @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1759851320, - "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", + "lastModified": 1761960361, + "narHash": "sha256-FvuAw56NIVJpS3Kr8Wv9PpU4eehZMcdIVkxjStuYmqc=", "ref": "refs/heads/main", - "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", - "revCount": 163, + "rev": "c47f62187601ea2991b79a9bacdbfdf76cd29fbe", + "revCount": 167, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1761339987, - "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", + "lastModified": 1762186368, + "narHash": "sha256-dzLBZKccS0jMefj+WAYwsk7gKDluqavC7I4KfFwVh8k=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", + "rev": "69921864a70b58787abf5ba189095566c3f0ffd3", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761789484, - "narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=", + "lastModified": 1762135163, + "narHash": "sha256-gP8SCvsYSfi4olYZcrZ4P1IGMzYJSFe1FuO8RL3xpEc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813", + "rev": "5d6525e4d5372973da1777b9ebdb01f033db1395", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1761827175, - "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", + "lastModified": 1762179181, + "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", + "rev": "256770618502d2eda892af3ae91da5e386ce9586", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761672384, - "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", "type": "github" }, "original": { From 573708fd479ea551a83c54d120f22b9ca5ae6496 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Nov 2025 15:02:49 -0600 Subject: [PATCH 0942/1043] moved storage option draft to its own folder --- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/impermanence.nix | 140 ------------------ modules/nixos-modules/storage/default.nix | 12 ++ .../nixos-modules/storage/impermanence.nix | 31 ++++ .../storage/submodules/dataset.nix | 3 + .../submodules/impermanenceDataset.nix | 46 ++++++ modules/nixos-modules/storage/zfs.nix | 67 +++++++++ 7 files changed, 160 insertions(+), 140 deletions(-) create mode 100644 modules/nixos-modules/storage/default.nix create mode 100644 modules/nixos-modules/storage/impermanence.nix create mode 100644 modules/nixos-modules/storage/submodules/dataset.nix create mode 100644 modules/nixos-modules/storage/submodules/impermanenceDataset.nix create mode 100644 modules/nixos-modules/storage/zfs.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 2ba1a58..77bfe93 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -16,6 +16,7 @@ ./tailscale.nix ./steam.nix ./server + ./storage ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 5b1bbd2..4cdcd00 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,146 +3,6 @@ lib, ... }: { - options.storage = let - datasetSubmodule = {name, ...}: { - # TODO: we need to figure out what options a dataset can have in zfs - }; - - impermanenceDatasetSubmodules = [ - datasetSubmodule - ({...}: let - pathPermissions = { - read = lib.mkEnableOption "should the path have read permissions"; - write = lib.mkEnableOption "should the path have read permissions"; - execute = lib.mkEnableOption "should the path have read permissions"; - }; - pathTypeSubmodule = {name, ...}: { - options = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; - owner = { - user = lib.mkOption { - type = lib.types.str; - default = "nouser"; - }; - permissions = pathPermissions; - }; - group = { - group = lib.mkOption { - type = lib.types.str; - default = "nogroup"; - }; - permissions = pathPermissions; - }; - other = { - permissions = pathPermissions; - }; - }; - }; - in { - options = { - files = lib.types.mkOption { - type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); - default = {}; - }; - directories = { - type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); - default = {}; - }; - }; - }) - ]; - in { - zfs = { - # TODO: enable option implementation - enable = lib.mkEnableOption "Should zfs be enabled on this system."; - - notifications = { - enable = lib.mkEnableOption "are notifications enabled"; - host = lib.mkOption { - type = lib.types.str; - description = "what is the host that we are going to send the email to"; - }; - port = lib.mkOption { - type = lib.types.port; - description = "what port is the host using to receive mail on"; - }; - to = lib.mkOption { - type = lib.types.str; - description = "what account is the email going to be sent to"; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user is the email going to be set from"; - }; - tokenFile = lib.mkOption { - type = lib.types.str; - description = "file containing the password to be used by msmtp for notifications"; - }; - }; - - # TODO: we need options to configure zfs pools - # we should have warnings when the configured pool is missing drives after activation - # TODO: implementation of this - # TODO: validations that we have at least one boot drive - pool = let - deviceType = - lib.types.coercedTo lib.types.str (device: { - device = device; - boot = false; - }) { - device = lib.mkOption { - type = lib.types.str; - }; - boot = lib.mkEnableOption "should this device be a boot device"; - }; - in { - encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; - vdevs = lib.mkOption { - type = lib.types.listOf deviceType; - default = []; - }; - cache = lib.mkOption { - type = lib.types.attrsOf deviceType; - }; - }; - - # TODO:create the root dataset automatically - # TODO: dataset option that is a submodule that adds datasets to the system - # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it - datasets = lib.types.attrsOf (lib.types.submodule datasetSubmodule); - }; - - impermanence = { - enable = lib.mkEnableOption "should impermanence be enabled for this system"; - # TODO: enable option implementation - - # TODO: assertion that zfs needs to be enabled when impermanence is enabled - - # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # We should also create datasets for systemd modules that have have impermanence enabled for them - - datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); - - # TODO: this should just live under home-manager.users..storage.impermanence - home-manager = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - enable = lib.mkEnableOption "should impermanence be enabled for this user"; - - # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets - datasets = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); - })); - }; - - # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface - - # TODO: we should have a way of enabling impermanence for a systemd config - # these should have an option to put their folder into their own dataset (this needs to support private vs non private) - # options for features that can be added to the dataset - }; - options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; config = lib.mkMerge [ diff --git a/modules/nixos-modules/storage/default.nix b/modules/nixos-modules/storage/default.nix new file mode 100644 index 0000000..02f7fb9 --- /dev/null +++ b/modules/nixos-modules/storage/default.nix @@ -0,0 +1,12 @@ +{...}: { + # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # TODO: we should have a way of enabling impermanence for a systemd config + # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # options for features that can be added to the dataset + + imports = [ + ./impermanence.nix + ./zfs.nix + ]; +} diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix new file mode 100644 index 0000000..c51e35f --- /dev/null +++ b/modules/nixos-modules/storage/impermanence.nix @@ -0,0 +1,31 @@ +args @ {lib, ...}: let + impermanenceDatasetSubmodules = (import ./submodules/impermanenceDataset.nix) args; +in { + options.storage = { + impermanence = { + enable = lib.mkEnableOption "should impermanence be enabled for this system"; + # TODO: enable option implementation + + # TODO: assertion that zfs needs to be enabled when impermanence is enabled + + # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # We should also create datasets for systemd modules that have have impermanence enabled for them + + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + }; + + # TODO: this should just live under home-manager.users..storage.impermanence + home-manager = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + enable = lib.mkEnableOption "should impermanence be enabled for this user"; + # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + }; + })); + }; + }; + }; +} diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix new file mode 100644 index 0000000..a6cc3e6 --- /dev/null +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -0,0 +1,3 @@ +{name, ...}: { + # TODO: we need to figure out what options a dataset can have in zfs +} diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix new file mode 100644 index 0000000..f9a4df6 --- /dev/null +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -0,0 +1,46 @@ +{lib, ...}: let + pathPermissions = { + read = lib.mkEnableOption "should the path have read permissions"; + write = lib.mkEnableOption "should the path have read permissions"; + execute = lib.mkEnableOption "should the path have read permissions"; + }; + pathTypeSubmodule = {name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + owner = { + user = lib.mkOption { + type = lib.types.str; + default = "nouser"; + }; + permissions = pathPermissions; + }; + group = { + group = lib.mkOption { + type = lib.types.str; + default = "nogroup"; + }; + permissions = pathPermissions; + }; + other = { + permissions = pathPermissions; + }; + }; + }; +in { + imports = [ + ./dataset.nix + ]; + options = { + files = lib.types.mkOption { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + directories = { + type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); + default = {}; + }; + }; +} diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix new file mode 100644 index 0000000..c5dd412 --- /dev/null +++ b/modules/nixos-modules/storage/zfs.nix @@ -0,0 +1,67 @@ +args @ {lib, ...}: let + datasetSubmodule = (import ./submodules/dataset.nix) args; +in { + options.storage = { + zfs = { + # TODO: enable option implementation + enable = lib.mkEnableOption "Should zfs be enabled on this system."; + + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; + }; + + # TODO: we need options to configure zfs pools + # we should have warnings when the configured pool is missing drives after activation + # TODO: implementation of this + # TODO: validations that we have at least one boot drive + pool = let + deviceType = + lib.types.coercedTo lib.types.str (device: { + device = device; + boot = false; + }) { + device = lib.mkOption { + type = lib.types.str; + }; + boot = lib.mkEnableOption "should this device be a boot device"; + }; + in { + encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; + vdevs = lib.mkOption { + type = lib.types.listOf deviceType; + default = []; + }; + cache = lib.mkOption { + type = lib.types.attrsOf deviceType; + }; + }; + + # TODO:create the root dataset automatically + # TODO: dataset option that is a submodule that adds datasets to the system + # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + datasets = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + }; + }; + }; +} From f5b026bb15dd12b52611bf322f589d843210de91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Nov 2025 18:05:31 -0600 Subject: [PATCH 0943/1043] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f1b559c..2d6911b 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services +- [ ] ntfy service for unified push - [ ] vikunja service for project management - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file From 2fd14e4cc0c4c8f8a05ed91a67e9d868c67dd783 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Nov 2025 19:39:27 -0600 Subject: [PATCH 0944/1043] feat: added config block to zfs.nix and gave it notification functionality --- modules/nixos-modules/storage/zfs.nix | 70 ++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index c5dd412..e5793ca 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -1,9 +1,13 @@ -args @ {lib, ...}: let +args @ { + lib, + pkgs, + config, + ... +}: let datasetSubmodule = (import ./submodules/dataset.nix) args; in { options.storage = { zfs = { - # TODO: enable option implementation enable = lib.mkEnableOption "Should zfs be enabled on this system."; notifications = { @@ -30,10 +34,6 @@ in { }; }; - # TODO: we need options to configure zfs pools - # we should have warnings when the configured pool is missing drives after activation - # TODO: implementation of this - # TODO: validations that we have at least one boot drive pool = let deviceType = lib.types.coercedTo lib.types.str (device: { @@ -56,7 +56,7 @@ in { }; }; - # TODO:create the root dataset automatically + # TODO: create the root dataset automatically # TODO: dataset option that is a submodule that adds datasets to the system # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it datasets = lib.mkOption { @@ -64,4 +64,60 @@ in { }; }; }; + + config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # TODO: post activation script that makes sure that our configured pool match the pool that exist on the system + # TODO: validation that we have a boot drive + # TODO: disko config mapping + } + (lib.mkIf config.storage.zfs.notifications.enable { + programs.msmtp = { + enable = true; + setSendmail = true; + defaults = { + aliases = "/etc/aliases"; + port = config.storage.zfs.notifications.port; + tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + accounts = { + zfs_notifications = { + auth = true; + tls = true; + host = config.storage.zfs.notifications.host; + passwordeval = "cat ${config.storage.zfs.notifications.tokenFile}"; + user = config.storage.zfs.notifications.user; + from = config.storage.zfs.notifications.user; + }; + }; + }; + + services.zfs = { + zed = { + enableMail = true; + + settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [config.storage.zfs.notifications.to]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; + }; + }) + ]); } From d8989bb43d3353aaf2e11b01d3ea797502612436 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 5 Nov 2025 10:56:04 -0600 Subject: [PATCH 0945/1043] feat: drafted out zfs vdev, pool, and dataset implementations --- .../nixos-modules/storage/impermanence.nix | 2 + .../storage/submodules/dataset.nix | 97 +++- .../submodules/impermanenceDataset.nix | 2 +- modules/nixos-modules/storage/zfs.nix | 460 +++++++++++++++++- 4 files changed, 551 insertions(+), 10 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index c51e35f..b1fd6b5 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -14,6 +14,7 @@ in { datasets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + default = {}; }; # TODO: this should just live under home-manager.users..storage.impermanence @@ -23,6 +24,7 @@ in { # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets datasets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + default = {}; }; })); }; diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index a6cc3e6..482671e 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -1,3 +1,96 @@ -{name, ...}: { - # TODO: we need to figure out what options a dataset can have in zfs +{lib, ...}: {name, ...}: { + options = { + type = lib.mkOption { + type = lib.types.enum ["zfs_fs" "zfs_volume"]; + default = "zfs_fs"; + description = "Type of ZFS dataset (filesystem or volume)"; + }; + + # ZFS dataset options that match what's currently hardcoded in rootFsOptions + canmount = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "noauto"]); + default = null; + description = "Controls whether the file system can be mounted"; + }; + + mountpoint = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Controls the mount point used for this file system"; + }; + + xattr = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "sa" "dir"]); + default = null; + description = "Extended attribute storage method"; + }; + + acltype = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["off" "nfsv4" "posixacl"]); + default = null; + description = "Access control list type"; + }; + + relatime = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off"]); + default = null; + description = "Controls when access time is updated"; + }; + + compression = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "lz4" "gzip" "zstd" "lzjb" "zle"]); + default = null; + description = "Compression algorithm to use"; + }; + + encryption = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); + default = null; + description = "Encryption algorithm to use"; + }; + + keyformat = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); + default = null; + description = "Format of the encryption key"; + }; + + keylocation = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Location of the encryption key"; + }; + + autoSnapshot = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = "Enable automatic snapshots for this dataset"; + }; + + # Additional common ZFS options + recordsize = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Suggested block size for files in the file system"; + }; + + sync = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["standard" "always" "disabled"]); + default = null; + description = "Synchronous write behavior"; + }; + + atime = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off"]); + default = null; + description = "Controls whether access time is updated"; + }; + + # Custom options for disko integration + postCreateHook = lib.mkOption { + type = lib.types.str; + default = ""; + description = "Script to run after dataset creation"; + }; + }; } diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index f9a4df6..193ab80 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -1,4 +1,4 @@ -{lib, ...}: let +{lib, ...}: {...}: let pathPermissions = { read = lib.mkEnableOption "should the path have read permissions"; write = lib.mkEnableOption "should the path have read permissions"; diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index e5793ca..20e41ae 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -5,6 +5,49 @@ args @ { ... }: let datasetSubmodule = (import ./submodules/dataset.nix) args; + + # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + poolVdevs = [ + (builtins.map ( + device: let + deviceStr = + if builtins.isString device + then device + else device.device; + in + lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr + ) + config.storage.zfs.pool.vdevs) + ]; + + poolCache = builtins.map ( + name: let + device = config.storage.zfs.pool.cache.${name}; + deviceStr = + if builtins.isString device + then device + else device.device; + in + lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr + ) (builtins.attrNames config.storage.zfs.pool.cache); + + bootDrives = + builtins.map ( + device: + if builtins.isString device + then device + else device.device + ) (builtins.filter ( + device: + if builtins.isString device + then false + else device.boot + ) + config.storage.zfs.pool.vdevs); + + allDrives = (lib.lists.flatten poolVdevs) ++ poolCache; in { options.storage = { zfs = { @@ -46,35 +89,438 @@ in { boot = lib.mkEnableOption "should this device be a boot device"; }; in { - encryption = lib.mkEnableOption "Should encryption be enabled on this pool."; + encryption = { + enable = lib.mkEnableOption "Should encryption be enabled on this pool."; + keyformat = lib.mkOption { + type = lib.types.enum ["raw" "hex" "passphrase"]; + default = "hex"; + description = "Format of the encryption key"; + }; + keylocation = lib.mkOption { + type = lib.types.str; + default = "prompt"; + description = "Location of the encryption key"; + }; + }; + mode = lib.mkOption { + type = lib.types.enum ["stripe" "mirror" "raidz1" "raidz2" "raidz3"]; + default = "raidz2"; + description = "ZFS redundancy mode for the pool"; + }; + bootPartitionSize = lib.mkOption { + type = lib.types.str; + default = "2G"; + description = "Size of the boot partition on boot drives"; + }; vdevs = lib.mkOption { type = lib.types.listOf deviceType; default = []; }; cache = lib.mkOption { type = lib.types.attrsOf deviceType; + default = {}; }; }; - # TODO: create the root dataset automatically - # TODO: dataset option that is a submodule that adds datasets to the system - # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + rootDataset = lib.mkOption { + type = lib.types.submodule datasetSubmodule; + description = "Root ZFS dataset to create"; + default = {}; + }; + datasets = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + description = "Additional ZFS datasets to create"; + default = {}; }; }; }; config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { + assertions = [ + { + assertion = builtins.length bootDrives > 0; + message = '' + ZFS configuration requires at least one boot drive. Please configure at least one device with boot = true in storage.zfs.pool.vdevs. + ''; + } + { + assertion = + !( + config.storage.zfs.pool.encryption.enable + && (config.storage.zfs.rootDataset.encryption + != null + || config.storage.zfs.rootDataset.keyformat != null + || config.storage.zfs.rootDataset.keylocation != null) + ); + message = '' + Cannot set encryption options in both pool.encryption and rootDataset. + Use either pool.encryption for default settings or rootDataset encryption options for explicit control, but not both. + ''; + } + ]; + services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; }; - # TODO: post activation script that makes sure that our configured pool match the pool that exist on the system - # TODO: validation that we have a boot drive - # TODO: disko config mapping + # Disko configuration based on pool settings + disko.devices = { + disk = ( + builtins.listToAttrs ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf (builtins.elem drive.value bootDrives) { + size = config.storage.zfs.pool.bootPartitionSize; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + allDrives + ) + ); + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = ( + builtins.map (disks: { + mode = config.storage.zfs.pool.mode; + members = + builtins.map (disk: disk.name) disks; + }) + poolVdevs + ); + cache = builtins.map (disk: disk.name) poolCache; + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = let + rootDataset = config.storage.zfs.rootDataset; + # Start with defaults that match the original hardcoded values + defaults = { + canmount = "off"; + mountpoint = "none"; + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + compression = "lz4"; + "com.sun:auto-snapshot" = "false"; + }; + # Override defaults with non-null values from rootDataset + userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + canmount = rootDataset.canmount; + mountpoint = rootDataset.mountpoint; + xattr = rootDataset.xattr; + acltype = rootDataset.acltype; + relatime = rootDataset.relatime; + compression = rootDataset.compression; + encryption = rootDataset.encryption; + keyformat = rootDataset.keyformat; + keylocation = rootDataset.keylocation; + recordsize = rootDataset.recordsize; + sync = rootDataset.sync; + atime = rootDataset.atime; + "com.sun:auto-snapshot" = + if rootDataset.autoSnapshot == null + then null + else + ( + if rootDataset.autoSnapshot + then "true" + else "false" + ); + }; + # Only apply pool encryption if user hasn't set encryption options in rootDataset + poolEncryptionOptions = + lib.attrsets.optionalAttrs ( + config.storage.zfs.pool.encryption.enable + && rootDataset.encryption == null + && rootDataset.keyformat == null + && rootDataset.keylocation == null + ) { + encryption = "on"; + keyformat = config.storage.zfs.pool.encryption.keyformat; + keylocation = config.storage.zfs.pool.encryption.keylocation; + }; + in + defaults // userOptions // rootDataset.options // poolEncryptionOptions; + + datasets = lib.mkMerge [ + ( + lib.attrsets.mapAttrs (name: value: { + type = value.type; + options = let + # For datasets, only include non-null user-specified values + userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + canmount = value.canmount; + xattr = value.xattr; + acltype = value.acltype; + relatime = value.relatime; + compression = value.compression; + encryption = value.encryption; + keyformat = value.keyformat; + keylocation = value.keylocation; + recordsize = value.recordsize; + sync = value.sync; + atime = value.atime; + "com.sun:auto-snapshot" = + if value.autoSnapshot == null + then null + else + ( + if value.autoSnapshot + then "true" + else "false" + ); + }; + in + userOptions // (value.options or {}); + mountpoint = value.mountpoint; + postCreateHook = value.postCreateHook or ""; + }) + config.storage.zfs.datasets + ) + ]; + }; + }; + }; + + # Post-activation scripts for validation + system.activationScripts = { + # Script 1: Validate pool, cache devices, and vdevs + zfs-pool-validation = { + text = '' + echo "Running ZFS pool validation..." + + # Function to check if a device exists in a vdev or cache + check_device_in_pool() { + local device_id="$1" + local device_type="$2" # "cache" or "vdev" + + if ! zpool status rpool | grep -q "$device_id"; then + echo "ERROR: Device $device_id not found in pool rpool ($device_type)" + return 1 + fi + return 0 + } + + # Function to validate vdev configuration + validate_vdevs() { + local expected_mode="${config.storage.zfs.pool.mode}" + local pool_status=$(zpool status rpool) + + # Check if pool exists + if ! zpool list rpool >/dev/null 2>&1; then + echo "ERROR: ZFS pool 'rpool' does not exist" + return 1 + fi + + # Validate each configured vdev device + ${lib.concatMapStringsSep "\n" ( + device: let + deviceStr = + if builtins.isString device + then device + else device.device; + in '' + if ! check_device_in_pool "${deviceStr}" "vdev"; then + echo "ERROR: Vdev device ${deviceStr} not found in pool" + exit 1 + fi + '' + ) + config.storage.zfs.pool.vdevs} + + # Check pool mode matches configuration + if ! echo "$pool_status" | grep -q "$expected_mode"; then + echo "WARNING: Pool mode may not match expected configuration ($expected_mode)" + fi + + echo "✓ All vdev devices validated successfully" + return 0 + } + + # Function to validate cache configuration + validate_cache() { + ${lib.concatMapStringsSep "\n" ( + name: let + device = config.storage.zfs.pool.cache.${name}; + deviceStr = + if builtins.isString device + then device + else device.device; + in '' + if ! check_device_in_pool "${deviceStr}" "cache"; then + echo "ERROR: Cache device ${deviceStr} (${name}) not found in pool" + exit 1 + fi + '' + ) (builtins.attrNames config.storage.zfs.pool.cache)} + + echo "✓ All cache devices validated successfully" + return 0 + } + + # Run validations + if validate_vdevs && validate_cache; then + echo "✓ ZFS pool validation completed successfully" + else + echo "✗ ZFS pool validation failed" + exit 1 + fi + ''; + deps = ["zfs"]; + }; + + # Script 2: Validate datasets and their options + zfs-dataset-validation = { + text = '' + echo "Running ZFS dataset validation..." + + # Function to check if dataset exists + check_dataset_exists() { + local dataset="$1" + if ! zfs list "$dataset" >/dev/null 2>&1; then + echo "ERROR: Dataset $dataset does not exist" + return 1 + fi + return 0 + } + + # Function to validate dataset options + validate_dataset_options() { + local dataset="$1" + local expected_options="$2" + + # Parse expected options (format: "option=value option2=value2") + echo "$expected_options" | tr ' ' '\n' | while IFS='=' read -r option expected_value; do + if [ -n "$option" ] && [ -n "$expected_value" ]; then + local actual_value=$(zfs get -H -o value "$option" "$dataset" 2>/dev/null) + if [ "$actual_value" != "$expected_value" ]; then + echo "ERROR: Dataset $dataset option $option is '$actual_value', expected '$expected_value'" + return 1 + fi + fi + done + return 0 + } + + # Validate root dataset + echo "Validating root dataset..." + if check_dataset_exists "rpool"; then + root_options="" + ${lib.concatMapStringsSep "\n" ( + option: let + value = config.storage.zfs.rootDataset.${option}; + in + lib.optionalString (value != null) '' + root_options="$root_options ${option}=${toString value}" + '' + ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} + + # Add autoSnapshot option + ${lib.optionalString (config.storage.zfs.rootDataset.autoSnapshot != null) '' + root_options="$root_options com.sun:auto-snapshot=${ + if config.storage.zfs.rootDataset.autoSnapshot + then "true" + else "false" + }" + ''} + + if validate_dataset_options "rpool" "$root_options"; then + echo "✓ Root dataset options validated" + else + echo "✗ Root dataset validation failed" + exit 1 + fi + else + echo "✗ Root dataset validation failed" + exit 1 + fi + + # Validate configured datasets + ${lib.concatMapStringsSep "\n" ( + name: let + dataset = config.storage.zfs.datasets.${name}; + in '' + echo "Validating dataset: rpool/${name}" + if check_dataset_exists "rpool/${name}"; then + dataset_options="" + ${lib.concatMapStringsSep "\n" ( + option: let + value = dataset.${option}; + in + lib.optionalString (value != null) '' + dataset_options="$dataset_options ${option}=${toString value}" + '' + ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} + + # Add autoSnapshot option + ${lib.optionalString (dataset.autoSnapshot != null) '' + dataset_options="$dataset_options com.sun:auto-snapshot=${ + if dataset.autoSnapshot + then "true" + else "false" + }" + ''} + + # Add custom options + ${lib.concatMapStringsSep "\n" ( + optName: let + optValue = dataset.options.${optName}; + in '' + dataset_options="$dataset_options ${optName}=${toString optValue}" + '' + ) (builtins.attrNames (dataset.options or {}))} + + if validate_dataset_options "rpool/${name}" "$dataset_options"; then + echo "✓ Dataset rpool/${name} options validated" + else + echo "✗ Dataset rpool/${name} validation failed" + exit 1 + fi + else + echo "✗ Dataset rpool/${name} validation failed" + exit 1 + fi + '' + ) (builtins.attrNames config.storage.zfs.datasets)} + + echo "✓ ZFS dataset validation completed successfully" + ''; + deps = ["zfs" "zfs-pool-validation"]; + }; + }; } (lib.mkIf config.storage.zfs.notifications.enable { programs.msmtp = { From 1b4d0596335f140e252b6f0d6130e4e4d2a894a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 5 Nov 2025 18:37:26 -0600 Subject: [PATCH 0946/1043] feat: removed polycule application --- .../home-manager/leyla/packages/default.nix | 2 - modules/common-modules/pkgs/default.nix | 3 - .../common-modules/pkgs/polycule/default.nix | 149 - .../pkgs/polycule/polycule-pubspec.lock.json | 2459 ----------------- .../home-manager-modules/programs/default.nix | 1 - .../programs/polycule.nix | 31 - 6 files changed, 2645 deletions(-) delete mode 100644 modules/common-modules/pkgs/polycule/default.nix delete mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json delete mode 100644 modules/home-manager-modules/programs/polycule.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 50cc175..d065739 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,8 +70,6 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is now working with Flutter 3.29 - polycule.enable = true; }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index a2f61b1..c97f97c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -38,8 +38,5 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) - (final: prev: { - polycule = pkgs.callPackage ./polycule {}; - }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix deleted file mode 100644 index e9841fe..0000000 --- a/modules/common-modules/pkgs/polycule/default.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - lib, - flutter332, - fetchFromGitLab, - pkg-config, - wrapGAppsHook3, - gtk3, - glib, - glib-networking, - webkitgtk_4_1, - libsecret, - libnotify, - dbus, - sqlcipher, - openssl, - mpv, - alsa-lib, - libass, - ffmpeg-full, - libplacebo, - libunwind, - shaderc, - vulkan-headers, - vulkan-loader, - lcms2, - libdovi, - libdvdnav, - libdvdread, - mujs, - libbluray, - lua, - rubberband, - libuchardet, - zimg, - openal, - pipewire, - libpulseaudio, - libcaca, - libdrm, - libdisplay-info, - libgbm, - xorg, - nv-codec-headers-11, - libva, - libvdpau, -}: -flutter332.buildFlutterApplication rec { - pname = "polycule"; - version = "0.3.4"; - - src = fetchFromGitLab { - owner = "polycule_client"; - repo = "polycule"; - rev = "v${version}"; - hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; - }; - - pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; - - gitHashes = { - matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; - media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; - media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; - }; - - nativeBuildInputs = [ - pkg-config - wrapGAppsHook3 - ]; - - buildInputs = [ - gtk3 - glib - glib-networking - webkitgtk_4_1 - libsecret - libnotify - dbus - sqlcipher - openssl - mpv - alsa-lib - libass - ffmpeg-full - libplacebo - libunwind - shaderc - vulkan-headers - vulkan-loader - lcms2 - libdovi - libdvdnav - libdvdread - mujs - libbluray - lua - rubberband - libuchardet - zimg - openal - pipewire - libpulseaudio - libcaca - libdrm - libdisplay-info - libgbm - xorg.libXScrnSaver - xorg.libXpresent - nv-codec-headers-11 - libva - libvdpau - ]; - - flutterBuildFlags = [ - "--release" - "--target" - "lib/main.dart" - "--dart-define=POLYCULE_VERSION=v${version}" - "--dart-define=POLYCULE_IS_STABLE=true" - "--no-tree-shake-icons" - ]; - - postInstall = '' - # Install desktop files and icons from the source - install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop - install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png - - # Update desktop file to use correct executable name - substituteInPlace $out/share/applications/polycule.desktop \ - --replace 'Exec=business.braid.polycule' 'Exec=polycule' - - # Create a symlink with the expected name - ln -sf $out/bin/polycule $out/bin/business.braid.polycule - ''; - - meta = with lib; { - description = "A geeky and efficient [matrix] client for power users"; - longDescription = '' - Polycule is a modern Matrix client built with Flutter, designed for power users - who want a fast, efficient, and feature-rich Matrix experience. - ''; - homepage = "https://polycule.im/"; - license = licenses.eupl12; - maintainers = []; - platforms = ["x86_64-linux" "aarch64-linux"]; - sourceProvenance = with sourceTypes; [fromSource]; - mainProgram = "polycule"; - }; -} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json deleted file mode 100644 index e119fa2..0000000 --- a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json +++ /dev/null @@ -1,2459 +0,0 @@ -{ - "packages": { - "_fe_analyzer_shared": { - "dependency": "transitive", - "description": { - "name": "_fe_analyzer_shared", - "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "85.0.0" - }, - "analyzer": { - "dependency": "transitive", - "description": { - "name": "analyzer", - "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.7.1" - }, - "animations": { - "dependency": "direct main", - "description": { - "name": "animations", - "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.11" - }, - "app_links": { - "dependency": "direct main", - "description": { - "name": "app_links", - "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.4.0" - }, - "app_links_linux": { - "dependency": "transitive", - "description": { - "name": "app_links_linux", - "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "app_links_platform_interface": { - "dependency": "transitive", - "description": { - "name": "app_links_platform_interface", - "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "app_links_web": { - "dependency": "transitive", - "description": { - "name": "app_links_web", - "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.4" - }, - "archive": { - "dependency": "transitive", - "description": { - "name": "archive", - "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.7" - }, - "args": { - "dependency": "transitive", - "description": { - "name": "args", - "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.7.0" - }, - "async": { - "dependency": "direct main", - "description": { - "name": "async", - "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.13.0" - }, - "audio_session": { - "dependency": "transitive", - "description": { - "name": "audio_session", - "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "barcode": { - "dependency": "transitive", - "description": { - "name": "barcode", - "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.9" - }, - "barcode_widget": { - "dependency": "direct main", - "description": { - "name": "barcode_widget", - "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "base58check": { - "dependency": "transitive", - "description": { - "name": "base58check", - "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "blurhash_dart": { - "dependency": "direct main", - "description": { - "name": "blurhash_dart", - "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "boolean_selector": { - "dependency": "transitive", - "description": { - "name": "boolean_selector", - "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "build_cli_annotations": { - "dependency": "transitive", - "description": { - "name": "build_cli_annotations", - "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "camera": { - "dependency": "transitive", - "description": { - "name": "camera", - "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.2" - }, - "camera_android_camerax": { - "dependency": "transitive", - "description": { - "name": "camera_android_camerax", - "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.19+1" - }, - "camera_avfoundation": { - "dependency": "transitive", - "description": { - "name": "camera_avfoundation", - "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.21+1" - }, - "camera_platform_interface": { - "dependency": "transitive", - "description": { - "name": "camera_platform_interface", - "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "camera_web": { - "dependency": "transitive", - "description": { - "name": "camera_web", - "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.5" - }, - "canonical_json": { - "dependency": "transitive", - "description": { - "name": "canonical_json", - "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "characters": { - "dependency": "transitive", - "description": { - "name": "characters", - "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "checked_yaml": { - "dependency": "transitive", - "description": { - "name": "checked_yaml", - "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "cli_config": { - "dependency": "transitive", - "description": { - "name": "cli_config", - "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "cli_util": { - "dependency": "transitive", - "description": { - "name": "cli_util", - "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.2" - }, - "clock": { - "dependency": "transitive", - "description": { - "name": "clock", - "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "collection": { - "dependency": "direct main", - "description": { - "name": "collection", - "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.19.1" - }, - "convert": { - "dependency": "transitive", - "description": { - "name": "convert", - "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.2" - }, - "coverage": { - "dependency": "transitive", - "description": { - "name": "coverage", - "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.15.0" - }, - "cross_file": { - "dependency": "direct main", - "description": { - "name": "cross_file", - "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.4+2" - }, - "crypto": { - "dependency": "transitive", - "description": { - "name": "crypto", - "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "csslib": { - "dependency": "direct main", - "description": { - "name": "csslib", - "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "cupertino_http": { - "dependency": "direct main", - "description": { - "name": "cupertino_http", - "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "cupertino_icons": { - "dependency": "direct main", - "description": { - "name": "cupertino_icons", - "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.8" - }, - "dart_animated_emoji": { - "dependency": "direct main", - "description": { - "name": "dart_animated_emoji", - "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.2" - }, - "dbus": { - "dependency": "direct main", - "description": { - "name": "dbus", - "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.11" - }, - "diacritic": { - "dependency": "direct main", - "description": { - "name": "diacritic", - "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.6" - }, - "diffutil_dart": { - "dependency": "direct main", - "description": { - "name": "diffutil_dart", - "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.1" - }, - "dynamic_color": { - "dependency": "direct main", - "description": { - "name": "dynamic_color", - "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "emoji_extension": { - "dependency": "direct main", - "description": { - "name": "emoji_extension", - "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.0" - }, - "enhanced_enum": { - "dependency": "transitive", - "description": { - "name": "enhanced_enum", - "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.4" - }, - "equatable": { - "dependency": "transitive", - "description": { - "name": "equatable", - "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.7" - }, - "fake_async": { - "dependency": "transitive", - "description": { - "name": "fake_async", - "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.3" - }, - "fetch_api": { - "dependency": "transitive", - "description": { - "name": "fetch_api", - "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "fetch_client": { - "dependency": "direct main", - "description": { - "name": "fetch_client", - "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "ffi": { - "dependency": "transitive", - "description": { - "name": "ffi", - "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "file": { - "dependency": "transitive", - "description": { - "name": "file", - "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.1" - }, - "file_selector": { - "dependency": "direct main", - "description": { - "name": "file_selector", - "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "file_selector_android": { - "dependency": "transitive", - "description": { - "name": "file_selector_android", - "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1+15" - }, - "file_selector_ios": { - "dependency": "transitive", - "description": { - "name": "file_selector_ios", - "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.3+1" - }, - "file_selector_linux": { - "dependency": "transitive", - "description": { - "name": "file_selector_linux", - "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+2" - }, - "file_selector_macos": { - "dependency": "transitive", - "description": { - "name": "file_selector_macos", - "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+3" - }, - "file_selector_platform_interface": { - "dependency": "transitive", - "description": { - "name": "file_selector_platform_interface", - "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.6.2" - }, - "file_selector_web": { - "dependency": "transitive", - "description": { - "name": "file_selector_web", - "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+2" - }, - "file_selector_windows": { - "dependency": "transitive", - "description": { - "name": "file_selector_windows", - "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+4" - }, - "fixnum": { - "dependency": "transitive", - "description": { - "name": "fixnum", - "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "flutter": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_adaptive_scaffold": { - "dependency": "direct main", - "description": { - "name": "flutter_adaptive_scaffold", - "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.3+1" - }, - "flutter_confetti": { - "dependency": "direct main", - "description": { - "name": "flutter_confetti", - "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1" - }, - "flutter_driver": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_highlighting": { - "dependency": "direct main", - "description": { - "name": "flutter_highlighting", - "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "flutter_html": { - "dependency": "direct main", - "description": { - "name": "flutter_html", - "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_html_svg", - "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_table": { - "dependency": "direct main", - "description": { - "name": "flutter_html_table", - "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_keyboard_visibility": { - "dependency": "direct main", - "description": { - "name": "flutter_keyboard_visibility", - "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_keyboard_visibility_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_linux", - "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_macos": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_macos", - "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_platform_interface", - "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_web": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_web", - "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_windows", - "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_launcher_icons": { - "dependency": "direct dev", - "description": { - "name": "flutter_launcher_icons", - "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.14.4" - }, - "flutter_layout_grid": { - "dependency": "transitive", - "description": { - "name": "flutter_layout_grid", - "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.8" - }, - "flutter_lints": { - "dependency": "direct dev", - "description": { - "name": "flutter_lints", - "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications": { - "dependency": "direct main", - "description": { - "name": "flutter_local_notifications", - "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "19.4.0" - }, - "flutter_local_notifications_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_linux", - "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_platform_interface", - "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.1.0" - }, - "flutter_local_notifications_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_windows", - "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "flutter_localizations": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_openssl_crypto": { - "dependency": "direct main", - "description": { - "name": "flutter_openssl_crypto", - "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.0" - }, - "flutter_plugin_android_lifecycle": { - "dependency": "transitive", - "description": { - "name": "flutter_plugin_android_lifecycle", - "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.29" - }, - "flutter_rust_bridge": { - "dependency": "transitive", - "description": { - "name": "flutter_rust_bridge", - "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "flutter_secure_storage": { - "dependency": "direct main", - "description": { - "name": "flutter_secure_storage", - "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.0-beta.4" - }, - "flutter_secure_storage_darwin": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_darwin", - "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "flutter_secure_storage_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_linux", - "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_platform_interface", - "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_web": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_web", - "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_secure_storage_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_windows", - "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "flutter_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_svg", - "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "flutter_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_typeahead": { - "dependency": "direct main", - "description": { - "name": "flutter_typeahead", - "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.2.0" - }, - "flutter_vodozemac": { - "dependency": "direct main", - "description": { - "name": "flutter_vodozemac", - "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "flutter_web_plugins": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_zxing": { - "dependency": "direct main", - "description": { - "name": "flutter_zxing", - "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "frontend_server_client": { - "dependency": "transitive", - "description": { - "name": "frontend_server_client", - "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "fuchsia_remote_debug_protocol": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "glob": { - "dependency": "transitive", - "description": { - "name": "glob", - "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.3" - }, - "go_router": { - "dependency": "direct main", - "description": { - "name": "go_router", - "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "16.1.0" - }, - "gtk": { - "dependency": "transitive", - "description": { - "name": "gtk", - "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "highlighting": { - "dependency": "direct main", - "description": { - "name": "highlighting", - "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "html": { - "dependency": "direct main", - "description": { - "name": "html", - "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.15.6" - }, - "html_unescape": { - "dependency": "transitive", - "description": { - "name": "html_unescape", - "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "http": { - "dependency": "direct main", - "description": { - "name": "http", - "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.0" - }, - "http_parser": { - "dependency": "transitive", - "description": { - "name": "http_parser", - "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.1.2" - }, - "http_profile": { - "dependency": "transitive", - "description": { - "name": "http_profile", - "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "image": { - "dependency": "direct main", - "description": { - "name": "image", - "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.4" - }, - "image_picker": { - "dependency": "direct main", - "description": { - "name": "image_picker", - "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "image_picker_android": { - "dependency": "transitive", - "description": { - "name": "image_picker_android", - "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+25" - }, - "image_picker_for_web": { - "dependency": "transitive", - "description": { - "name": "image_picker_for_web", - "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "image_picker_ios": { - "dependency": "transitive", - "description": { - "name": "image_picker_ios", - "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+2" - }, - "image_picker_linux": { - "dependency": "transitive", - "description": { - "name": "image_picker_linux", - "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_macos": { - "dependency": "transitive", - "description": { - "name": "image_picker_macos", - "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_platform_interface": { - "dependency": "transitive", - "description": { - "name": "image_picker_platform_interface", - "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.1" - }, - "image_picker_windows": { - "dependency": "transitive", - "description": { - "name": "image_picker_windows", - "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+1" - }, - "import_sorter": { - "dependency": "direct main", - "description": { - "name": "import_sorter", - "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "integration_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "intl": { - "dependency": "direct main", - "description": { - "name": "intl", - "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.20.2" - }, - "io": { - "dependency": "transitive", - "description": { - "name": "io", - "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.5" - }, - "js": { - "dependency": "transitive", - "description": { - "name": "js", - "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.7" - }, - "json_annotation": { - "dependency": "transitive", - "description": { - "name": "json_annotation", - "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.9.0" - }, - "just_audio": { - "dependency": "direct main", - "description": { - "name": "just_audio", - "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.4" - }, - "just_audio_media_kit": { - "dependency": "direct main", - "description": { - "name": "just_audio_media_kit", - "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "just_audio_platform_interface": { - "dependency": "transitive", - "description": { - "name": "just_audio_platform_interface", - "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "just_audio_web": { - "dependency": "transitive", - "description": { - "name": "just_audio_web", - "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.16" - }, - "just_waveform": { - "dependency": "direct main", - "description": { - "name": "just_waveform", - "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.0.7" - }, - "leak_tracker": { - "dependency": "transitive", - "description": { - "name": "leak_tracker", - "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.9" - }, - "leak_tracker_flutter_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_flutter_testing", - "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.9" - }, - "leak_tracker_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_testing", - "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "linkify": { - "dependency": "direct main", - "description": { - "name": "linkify", - "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.0" - }, - "lints": { - "dependency": "transitive", - "description": { - "name": "lints", - "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "list_counter": { - "dependency": "transitive", - "description": { - "name": "list_counter", - "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "locale_names": { - "dependency": "direct main", - "description": { - "name": "locale_names", - "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "logging": { - "dependency": "transitive", - "description": { - "name": "logging", - "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "lottie": { - "dependency": "direct main", - "description": { - "name": "lottie", - "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.3.1" - }, - "markdown": { - "dependency": "transitive", - "description": { - "name": "markdown", - "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.3.0" - }, - "matcher": { - "dependency": "transitive", - "description": { - "name": "matcher", - "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.12.17" - }, - "material_color_utilities": { - "dependency": "transitive", - "description": { - "name": "material_color_utilities", - "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.1" - }, - "matrix": { - "dependency": "direct main", - "description": { - "path": ".", - "ref": "braid/msc3861-native-oidc", - "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", - "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" - }, - "source": "git", - "version": "1.1.0" - }, - "matrix_homeserver_recommendations": { - "dependency": "direct main", - "description": { - "name": "matrix_homeserver_recommendations", - "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.1" - }, - "media_kit": { - "dependency": "direct main", - "description": { - "path": "media_kit", - "ref": "braid/stub-template", - "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", - "url": "https://github.com/TheOneWithTheBraid/media-kit.git" - }, - "source": "git", - "version": "1.2.0" - }, - "media_kit_libs_android_video": { - "dependency": "direct overridden", - "description": { - "path": "libs/android/media_kit_libs_android_video", - "ref": "main", - "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", - "url": "https://github.com/Predidit/media-kit.git" - }, - "source": "git", - "version": "1.3.6" - }, - "media_kit_libs_ios_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_ios_video", - "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_linux": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_linux", - "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "media_kit_libs_macos_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_macos_video", - "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_libs_video", - "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.6" - }, - "media_kit_libs_windows_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_windows_video", - "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.11" - }, - "media_kit_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_video", - "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "media_store_plus": { - "dependency": "direct main", - "description": { - "name": "media_store_plus", - "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.3" - }, - "meta": { - "dependency": "transitive", - "description": { - "name": "meta", - "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.16.0" - }, - "mime": { - "dependency": "direct main", - "description": { - "name": "mime", - "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "objective_c": { - "dependency": "transitive", - "description": { - "name": "objective_c", - "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.1.0" - }, - "package_config": { - "dependency": "transitive", - "description": { - "name": "package_config", - "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "package_info_plus": { - "dependency": "transitive", - "description": { - "name": "package_info_plus", - "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "8.3.1" - }, - "package_info_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "package_info_plus_platform_interface", - "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "path": { - "dependency": "transitive", - "description": { - "name": "path", - "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.9.1" - }, - "path_parsing": { - "dependency": "transitive", - "description": { - "name": "path_parsing", - "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "path_provider": { - "dependency": "direct main", - "description": { - "name": "path_provider", - "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.5" - }, - "path_provider_android": { - "dependency": "transitive", - "description": { - "name": "path_provider_android", - "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.17" - }, - "path_provider_foundation": { - "dependency": "transitive", - "description": { - "name": "path_provider_foundation", - "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "path_provider_linux": { - "dependency": "transitive", - "description": { - "name": "path_provider_linux", - "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "path_provider_platform_interface": { - "dependency": "transitive", - "description": { - "name": "path_provider_platform_interface", - "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "path_provider_windows": { - "dependency": "transitive", - "description": { - "name": "path_provider_windows", - "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "petitparser": { - "dependency": "transitive", - "description": { - "name": "petitparser", - "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "platform": { - "dependency": "transitive", - "description": { - "name": "platform", - "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.6" - }, - "plugin_platform_interface": { - "dependency": "transitive", - "description": { - "name": "plugin_platform_interface", - "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.8" - }, - "pointer_interceptor": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor", - "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1+2" - }, - "pointer_interceptor_ios": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_ios", - "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "pointer_interceptor_platform_interface": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_platform_interface", - "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.0+1" - }, - "pointer_interceptor_web": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_web", - "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.3" - }, - "pool": { - "dependency": "transitive", - "description": { - "name": "pool", - "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.1" - }, - "posix": { - "dependency": "transitive", - "description": { - "name": "posix", - "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.3" - }, - "process": { - "dependency": "transitive", - "description": { - "name": "process", - "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.3" - }, - "pub_semver": { - "dependency": "transitive", - "description": { - "name": "pub_semver", - "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "qr": { - "dependency": "transitive", - "description": { - "name": "qr", - "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.2" - }, - "quiver": { - "dependency": "transitive", - "description": { - "name": "quiver", - "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "random_string": { - "dependency": "transitive", - "description": { - "name": "random_string", - "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "receive_sharing_intent": { - "dependency": "direct main", - "description": { - "name": "receive_sharing_intent", - "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "rxdart": { - "dependency": "transitive", - "description": { - "name": "rxdart", - "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.28.0" - }, - "safe_local_storage": { - "dependency": "transitive", - "description": { - "name": "safe_local_storage", - "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "screen_brightness_android": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_android", - "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "screen_brightness_platform_interface": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_platform_interface", - "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "sdp_transform": { - "dependency": "transitive", - "description": { - "name": "sdp_transform", - "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.2" - }, - "sentry": { - "dependency": "direct main", - "description": { - "name": "sentry", - "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.6.0" - }, - "share_plus": { - "dependency": "direct main", - "description": { - "name": "share_plus", - "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "11.1.0" - }, - "share_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "share_plus_platform_interface", - "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "sky_engine": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "slugify": { - "dependency": "transitive", - "description": { - "name": "slugify", - "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "source_map_stack_trace": { - "dependency": "transitive", - "description": { - "name": "source_map_stack_trace", - "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "source_maps": { - "dependency": "transitive", - "description": { - "name": "source_maps", - "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.13" - }, - "source_span": { - "dependency": "transitive", - "description": { - "name": "source_span", - "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.10.1" - }, - "sprintf": { - "dependency": "transitive", - "description": { - "name": "sprintf", - "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.0" - }, - "sqflite": { - "dependency": "direct main", - "description": { - "name": "sqflite", - "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_android": { - "dependency": "transitive", - "description": { - "name": "sqflite_android", - "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "sqflite_common": { - "dependency": "transitive", - "description": { - "name": "sqflite_common", - "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.5.6" - }, - "sqflite_common_ffi": { - "dependency": "direct main", - "description": { - "name": "sqflite_common_ffi", - "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.6" - }, - "sqflite_darwin": { - "dependency": "transitive", - "description": { - "name": "sqflite_darwin", - "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_platform_interface": { - "dependency": "transitive", - "description": { - "name": "sqflite_platform_interface", - "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.0" - }, - "sqlcipher_flutter_libs": { - "dependency": "direct main", - "description": { - "name": "sqlcipher_flutter_libs", - "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "sqlite3": { - "dependency": "transitive", - "description": { - "name": "sqlite3", - "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.9.0" - }, - "stack_trace": { - "dependency": "transitive", - "description": { - "name": "stack_trace", - "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.12.1" - }, - "stream_channel": { - "dependency": "transitive", - "description": { - "name": "stream_channel", - "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "stream_transform": { - "dependency": "transitive", - "description": { - "name": "stream_transform", - "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.1" - }, - "string_scanner": { - "dependency": "transitive", - "description": { - "name": "string_scanner", - "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.1" - }, - "sync_http": { - "dependency": "transitive", - "description": { - "name": "sync_http", - "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.1" - }, - "synchronized": { - "dependency": "transitive", - "description": { - "name": "synchronized", - "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "term_glyph": { - "dependency": "transitive", - "description": { - "name": "term_glyph", - "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2" - }, - "test_api": { - "dependency": "transitive", - "description": { - "name": "test_api", - "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.4" - }, - "test_core": { - "dependency": "transitive", - "description": { - "name": "test_core", - "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "timezone": { - "dependency": "transitive", - "description": { - "name": "timezone", - "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "tint": { - "dependency": "transitive", - "description": { - "name": "tint", - "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "tuple": { - "dependency": "transitive", - "description": { - "name": "tuple", - "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "typed_data": { - "dependency": "transitive", - "description": { - "name": "typed_data", - "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "unifiedpush": { - "dependency": "direct main", - "description": { - "name": "unifiedpush", - "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.2" - }, - "unifiedpush_android": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_android", - "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.1" - }, - "unifiedpush_platform_interface": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_platform_interface", - "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "universal_platform": { - "dependency": "transitive", - "description": { - "name": "universal_platform", - "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "unorm_dart": { - "dependency": "direct main", - "description": { - "name": "unorm_dart", - "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "uri_parser": { - "dependency": "transitive", - "description": { - "name": "uri_parser", - "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "url_launcher": { - "dependency": "direct main", - "description": { - "name": "url_launcher", - "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.2" - }, - "url_launcher_android": { - "dependency": "transitive", - "description": { - "name": "url_launcher_android", - "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.17" - }, - "url_launcher_ios": { - "dependency": "transitive", - "description": { - "name": "url_launcher_ios", - "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.3" - }, - "url_launcher_linux": { - "dependency": "transitive", - "description": { - "name": "url_launcher_linux", - "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "url_launcher_macos": { - "dependency": "transitive", - "description": { - "name": "url_launcher_macos", - "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "url_launcher_platform_interface": { - "dependency": "transitive", - "description": { - "name": "url_launcher_platform_interface", - "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.2" - }, - "url_launcher_web": { - "dependency": "transitive", - "description": { - "name": "url_launcher_web", - "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "url_launcher_windows": { - "dependency": "transitive", - "description": { - "name": "url_launcher_windows", - "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.4" - }, - "uuid": { - "dependency": "transitive", - "description": { - "name": "uuid", - "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.1" - }, - "vector_graphics": { - "dependency": "transitive", - "description": { - "name": "vector_graphics", - "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.19" - }, - "vector_graphics_codec": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_codec", - "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.13" - }, - "vector_graphics_compiler": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_compiler", - "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.17" - }, - "vector_math": { - "dependency": "transitive", - "description": { - "name": "vector_math", - "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "visibility_detector": { - "dependency": "direct main", - "description": { - "name": "visibility_detector", - "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.0+2" - }, - "vm_service": { - "dependency": "transitive", - "description": { - "name": "vm_service", - "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "15.0.0" - }, - "vodozemac": { - "dependency": "direct main", - "description": { - "name": "vodozemac", - "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "volume_controller": { - "dependency": "transitive", - "description": { - "name": "volume_controller", - "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "wakelock_plus": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus", - "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.2" - }, - "wakelock_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus_platform_interface", - "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.3" - }, - "watcher": { - "dependency": "transitive", - "description": { - "name": "watcher", - "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "web": { - "dependency": "direct main", - "description": { - "name": "web", - "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "web_multiple_tab_detector": { - "dependency": "direct main", - "description": { - "name": "web_multiple_tab_detector", - "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.0" - }, - "web_socket": { - "dependency": "transitive", - "description": { - "name": "web_socket", - "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.1" - }, - "webdriver": { - "dependency": "transitive", - "description": { - "name": "webdriver", - "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.0" - }, - "webrtc_interface": { - "dependency": "transitive", - "description": { - "name": "webrtc_interface", - "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2+hotfix.2" - }, - "win32": { - "dependency": "transitive", - "description": { - "name": "win32", - "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.14.0" - }, - "xdg_directories": { - "dependency": "transitive", - "description": { - "name": "xdg_directories", - "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "xml": { - "dependency": "transitive", - "description": { - "name": "xml", - "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.5.0" - }, - "yaml": { - "dependency": "transitive", - "description": { - "name": "yaml", - "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.3" - } - }, - "sdks": { - "dart": ">=3.8.0 <4.0.0", - "flutter": ">=3.29.0" - } -} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 3fff489..c164c44 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -43,7 +43,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix - ./polycule.nix ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix deleted file mode 100644 index d0aea2a..0000000 --- a/modules/home-manager-modules/programs/polycule.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.polycule = { - enable = lib.mkEnableOption "enable polycule matrix client"; - package = lib.mkPackageOption pkgs "polycule" {}; - }; - - config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ - { - home.packages = [ - config.programs.polycule.package - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - # TODO: check that these are actually the correct folders - # directories = [ - # "${config.xdg.configHome}/polycule" - # "${config.xdg.dataHome}/polycule" - # "${config.xdg.cacheHome}/polycule" - # ]; - }; - } - ) - ]); -} From 1ed8a2b8abec16fc41f5c72e28027fe4a0384759 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Nov 2025 14:21:09 -0600 Subject: [PATCH 0947/1043] feat: added cyberia matrix to leyla's bookmarks --- .../home-manager/leyla/packages/firefox/bookmarks.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix index 8435d45..4210d1e 100644 --- a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -135,6 +135,12 @@ keyword = ""; tags = [""]; } + { + name = "Cyberia Matrix"; + url = "https://chat.cyberia.club"; + keyword = ""; + tags = [""]; + } # Template # { # name = ""; From e0ad443188af8b8c4450a74b344ece65663afb9b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 11:44:45 -0600 Subject: [PATCH 0948/1043] refactor: fixed deprecation warning for pkgs.system --- configurations/home-manager/leyla/packages/firefox/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index 1678353..6b58768 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -49,7 +49,7 @@ }; }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers From e3a8ddbf32f761a4b93563d3b0c642975394a18d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 11:53:12 -0600 Subject: [PATCH 0949/1043] feat: fixed install of firefox language pack --- .../leyla/packages/firefox/firefox.nix | 66 +++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index 6b58768..f1097a1 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -49,7 +49,9 @@ }; }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; let + inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; + in [ bitwarden terms-of-service-didnt-read multi-account-containers @@ -73,38 +75,36 @@ tab-session-manager - # (\ - # buildFirefoxXpiAddon rec {\ - # pname = "italiano-it-language-pack";\ - # version = "132.0.20241110.231641";\ - # addonId = "langpack-it@firefox.mozilla.org";\ - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\ - # sha256 = "";\ - # meta = with lib;\ - # {\ - # description = "Firefox Language Pack for Italiano (it) – Italian";\ - # license = licenses.mpl20;\ - # mozPermissions = [];\ - # platforms = platforms.all;\ - # };\ - # }\ - # )\ - # (\ - # buildFirefoxXpiAddon rec {\ - # pname = "dizionario-italiano";\ - # version = "5.1";\ - # addonId = "it-IT@dictionaries.addons.mozilla.org";\ - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\ - # sha256 = "";\ - # meta = with lib;\ - # {\ - # description = "Add support for Italian to spellchecking";\ - # license = licenses.gpl3;\ - # mozPermissions = [];\ - # platforms = platforms.all;\ - # };\ - # }\ - # )\ + ( + buildFirefoxXpiAddon rec { + pname = "italiano-it-language-pack"; + version = "132.0.20241110.231641"; + addonId = "langpack-it@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; + meta = with lib; { + description = "Firefox Language Pack for Italiano (it) – Italian"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; + } + ) + ( + buildFirefoxXpiAddon rec { + pname = "dizionario-italiano"; + version = "5.1"; + addonId = "it-IT@dictionaries.addons.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; + meta = with lib; { + description = "Add support for Italian to spellchecking"; + license = licenses.gpl3; + mozPermissions = []; + platforms = platforms.all; + }; + } + ) ]; settings = { From c33121e3480823f63bc6fae461de5cbcde227739 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 12:06:11 -0600 Subject: [PATCH 0950/1043] refactor: moved firefox configs to the common modules packages folder --- .../leyla/packages/firefox/firefox.nix | 36 ++----------------- modules/common-modules/pkgs/default.nix | 11 +++++- .../pkgs/firefox-extensions/default.nix | 14 ++++++++ .../dizionario-italiano.nix | 18 ++++++++++ .../italiano-it-language-pack.nix | 18 ++++++++++ 5 files changed, 63 insertions(+), 34 deletions(-) create mode 100644 modules/common-modules/pkgs/firefox-extensions/default.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index f1097a1..fecb038 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -49,9 +49,7 @@ }; }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; let - inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; - in [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers @@ -75,36 +73,8 @@ tab-session-manager - ( - buildFirefoxXpiAddon rec { - pname = "italiano-it-language-pack"; - version = "132.0.20241110.231641"; - addonId = "langpack-it@firefox.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; - meta = with lib; { - description = "Firefox Language Pack for Italiano (it) – Italian"; - license = licenses.mpl20; - mozPermissions = []; - platforms = platforms.all; - }; - } - ) - ( - buildFirefoxXpiAddon rec { - pname = "dizionario-italiano"; - version = "5.1"; - addonId = "it-IT@dictionaries.addons.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; - meta = with lib; { - description = "Add support for Italian to spellchecking"; - license = licenses.gpl3; - mozPermissions = []; - platforms = platforms.all; - }; - } - ) + pkgs.firefox-extensions.italiano-it-language-pack + pkgs.firefox-extensions.dizionario-italiano ]; settings = { diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index c97f97c..612dd08 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ./python ]; @@ -25,6 +29,11 @@ (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + firefox-extensions = pkgs.callPackage ./firefox-extensions { + inherit inputs; + }; + }) (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix new file mode 100644 index 0000000..5e3e70c --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/default.nix @@ -0,0 +1,14 @@ +{ + pkgs, + inputs, + ... +}: let + inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; +in { + italiano-it-language-pack = pkgs.callPackage ./italiano-it-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; + dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { + inherit buildFirefoxXpiAddon; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix new file mode 100644 index 0000000..6fb793c --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "dizionario-italiano"; + version = "5.1"; + addonId = "it-IT@dictionaries.addons.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; + meta = with lib; { + description = "Add support for Italian to spellchecking"; + license = licenses.gpl3; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix new file mode 100644 index 0000000..765368c --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "italiano-it-language-pack"; + version = "132.0.20241110.231641"; + addonId = "langpack-it@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; + meta = with lib; { + description = "Firefox Language Pack for Italiano (it) – Italian"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} From f031a20d11d0f3a5281fbae0f567376153175a55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 12:57:05 -0600 Subject: [PATCH 0951/1043] build: updated firefox language extension versions --- .../leyla/packages/firefox/firefox.nix | 2 +- .../pkgs/firefox-extensions/default.nix | 3 +++ .../deutsch-de-language-pack.nix | 18 ++++++++++++++++++ .../firefox-extensions/dizionario-italiano.nix | 4 ++-- .../italiano-it-language-pack.nix | 6 +++--- 5 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix index fecb038..ef6d202 100644 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -68,7 +68,7 @@ snowflake - deutsch-de-language-pack + pkgs.firefox-extensions.deutsch-de-language-pack dictionary-german tab-session-manager diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix index 5e3e70c..922dfc7 100644 --- a/modules/common-modules/pkgs/firefox-extensions/default.nix +++ b/modules/common-modules/pkgs/firefox-extensions/default.nix @@ -11,4 +11,7 @@ in { dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { inherit buildFirefoxXpiAddon; }; + deutsch-de-language-pack = pkgs.callPackage ./deutsch-de-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; } diff --git a/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix new file mode 100644 index 0000000..b769bfd --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "deutsch-de-language-pack"; + version = "145.0.20251106.194447"; + addonId = "langpack-de@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614311/deutsch_de_language_pack-${version}.xpi"; + sha256 = "aaaa95c29984fb3802a5e7edb6b7e5020c391d81f389b8a8133c163959ea4299"; + meta = with lib; { + description = "Firefox Language Pack for Deutsch (de) – German"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix index 6fb793c..4bfca14 100644 --- a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix +++ b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix @@ -7,8 +7,8 @@ buildFirefoxXpiAddon rec { pname = "dizionario-italiano"; version = "5.1"; addonId = "it-IT@dictionaries.addons.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - sha256 = "ae75847ce65e7744ba44d5f7d98a18b81f61770a0fdfc6d06bae8b7239535ee0"; + url = "https://addons.mozilla.org/firefox/downloads/file/3693497/dizionario_italiano-${version}.xpi"; + sha256 = "90b173ffdde34a77108152a5ff51879767b1dd84e0aa0dfb7b2bab94cd2e7f53"; meta = with lib; { description = "Add support for Italian to spellchecking"; license = licenses.gpl3; diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix index 765368c..35f4243 100644 --- a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix +++ b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix @@ -5,10 +5,10 @@ }: buildFirefoxXpiAddon rec { pname = "italiano-it-language-pack"; - version = "132.0.20241110.231641"; + version = "145.0.20251106.194447"; addonId = "langpack-it@firefox.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - sha256 = "2b4764045daa62b00de8773fdfb03b5bbc1cd62c42f8fa27ef70c412d549dbe6"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614309/italiano_it_language_pack-${version}.xpi"; + sha256 = "1eb271cedbf326543e222ba1b9a1da62fceef9d3c523ac02a098df296f155038"; meta = with lib; { description = "Firefox Language Pack for Italiano (it) – Italian"; license = licenses.mpl20; From adc6b90c93dd402ec2fb4c77d94bfa4fc8ab5f33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 16:29:56 -0600 Subject: [PATCH 0952/1043] feat: made impermanence create datasets for zfs and persistence --- .../nixos-modules/storage/impermanence.nix | 101 ++++++++++++++---- modules/nixos-modules/storage/storage.nix | 73 +++++++++++++ .../submodules/impermanenceDataset.nix | 23 ++-- modules/nixos-modules/storage/zfs.nix | 34 +++--- 4 files changed, 188 insertions(+), 43 deletions(-) create mode 100644 modules/nixos-modules/storage/storage.nix diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index b1fd6b5..c5f53a3 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -1,33 +1,90 @@ -args @ {lib, ...}: let - impermanenceDatasetSubmodules = (import ./submodules/impermanenceDataset.nix) args; +args @ { + lib, + config, + ... +}: let + datasetSubmodules = (import ./submodules/dataset.nix) args; + impermanenceDatasetSubmodule = (import ./submodules/impermanenceDataset.nix) args; + + permissionsToMode = permissions: let + permSetToDigit = permSet: + ( + if permSet.read + then 4 + else 0 + ) + + ( + if permSet.write + then 2 + else 0 + ) + + ( + if permSet.execute + then 1 + else 0 + ); + + ownerDigit = permSetToDigit permissions.owner.permissions; + groupDigit = permSetToDigit permissions.group.permissions; + otherDigit = permSetToDigit permissions.other.permissions; + in + toString ownerDigit + toString groupDigit + toString otherDigit; + + # Get the option names from both submodules to automatically determine which are impermanence-specific + regularDatasetEval = lib.evalModules { + modules = [datasetSubmodules]; + specialArgs = args; + }; + impermanenceDatasetEval = lib.evalModules { + modules = [impermanenceDatasetSubmodule]; + specialArgs = args; + }; + + regularDatasetOptions = builtins.attrNames regularDatasetEval.options; + impermanenceDatasetOptions = builtins.attrNames impermanenceDatasetEval.options; + + # Find options that are only in impermanence datasets (not in regular ZFS datasets) + impermanenceOnlyOptions = lib.lists.subtractLists regularDatasetOptions impermanenceDatasetOptions; in { options.storage = { impermanence = { enable = lib.mkEnableOption "should impermanence be enabled for this system"; - # TODO: enable option implementation - - # TODO: assertion that zfs needs to be enabled when impermanence is enabled - - # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # We should also create datasets for systemd modules that have have impermanence enabled for them datasets = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); default = {}; }; - - # TODO: this should just live under home-manager.users..storage.impermanence - home-manager = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - enable = lib.mkEnableOption "should impermanence be enabled for this user"; - # We should by default create the `local/home/${name}`, and `persist/home/${name}` datasets - datasets = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodules); - default = {}; - }; - })); - }; }; }; + + config = lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ + { + environment.persistence = + lib.mapAttrs (datasetName: dataset: { + enable = true; + hideMounts = true; + directories = lib.mapAttrsToList (path: dirConfig: { + directory = path; + user = dirConfig.owner.name; + group = dirConfig.group.name; + mode = permissionsToMode dirConfig; + }) (lib.filterAttrs (_: dirConfig: dirConfig.enable) dataset.directories); + files = lib.mapAttrsToList (path: fileConfig: { + file = path; + user = fileConfig.owner.name; + group = fileConfig.group.name; + mode = permissionsToMode fileConfig; + }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); + }) + config.storage.impermanence.datasets; + } + (lib.mkIf config.storage.zfs.enable { + storage.zfs.datasets = + lib.mapAttrs ( + datasetName: dataset: + builtins.removeAttrs dataset impermanenceOnlyOptions + ) + config.storage.impermanence.datasets; + }) + ]); } diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix new file mode 100644 index 0000000..1c1986a --- /dev/null +++ b/modules/nixos-modules/storage/storage.nix @@ -0,0 +1,73 @@ +{ + lib, + config, + util, + ... +}: { + # TODO: create all of the datasets from option and home-manager datasets + # TODO: set up datasets for systemd services that want a dataset created + config = lib.mkMerge [ + ( + lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + storage.zfs.datasets = { + "persist/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + "com.sun:auto-snapshot" = "false"; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mountpoint = "/persist/system/var/log"; + options = { + "com.sun:auto-snapshot" = "false"; + }; + }; + }; + } + (util.mkUnless config.storage.impermanence.enable { + # TODO: configure datasets for normal zfs + # TODO: create datasets for systemd.services..storage.impermanence.datasets + storage.zfs.datasets = { + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + canmount = "on"; + }; + }; + }) + (lib.mkIf config.storage.impermanence.enable { + storage.impermanence.datasets = { + "persist/system/root" = { + type = "zfs_fs"; + }; + }; + storage.zfs.datasets = { + # TODO: is there a way that we can link these two folders in configs via storage.impermanence.datasets + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + }; + + # TODO: home-manager.users..storage.impermanence.enable + # is false then persist the entire directory of the user + # if true persist home-manager.users..storage.impermanence.datasets + # TODO: systemd.services..storage.datasets persists + }) + ]) + ) + # TODO: configure other needed storage modes here + ]; +} diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 193ab80..2169ec1 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -1,4 +1,10 @@ -{lib, ...}: {...}: let +args @ { + lib, + name, + ... +}: {...}: let + datasetSubmodule = (import ./dataset.nix) args; + pathPermissions = { read = lib.mkEnableOption "should the path have read permissions"; write = lib.mkEnableOption "should the path have read permissions"; @@ -11,14 +17,14 @@ default = true; }; owner = { - user = lib.mkOption { + name = lib.mkOption { type = lib.types.str; default = "nouser"; }; permissions = pathPermissions; }; group = { - group = lib.mkOption { + name = lib.mkOption { type = lib.types.str; default = "nogroup"; }; @@ -31,16 +37,21 @@ }; in { imports = [ - ./dataset.nix + datasetSubmodule ]; + options = { - files = lib.types.mkOption { + files = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); default = {}; }; - directories = { + directories = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); default = {}; }; }; + + config = { + mountpoint = "/${name}"; + }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 20e41ae..bf0c609 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -9,18 +9,21 @@ args @ { # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - poolVdevs = [ - (builtins.map ( - device: let - deviceStr = - if builtins.isString device - then device - else device.device; - in - lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr - ) - config.storage.zfs.pool.vdevs) - ]; + poolVdevs = + builtins.map ( + vdev: + builtins.map ( + device: let + deviceStr = + if builtins.isString device + then device + else device.device; + in + lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr + ) + vdev + ) + config.storage.zfs.pool.vdevs; poolCache = builtins.map ( name: let @@ -45,7 +48,7 @@ args @ { then false else device.boot ) - config.storage.zfs.pool.vdevs); + (lib.lists.flatten config.storage.zfs.pool.vdevs)); allDrives = (lib.lists.flatten poolVdevs) ++ poolCache; in { @@ -113,8 +116,9 @@ in { description = "Size of the boot partition on boot drives"; }; vdevs = lib.mkOption { - type = lib.types.listOf deviceType; + type = lib.types.listOf (lib.types.listOf deviceType); default = []; + description = "List of vdevs, where each vdev is a list of devices"; }; cache = lib.mkOption { type = lib.types.attrsOf deviceType; @@ -359,7 +363,7 @@ in { fi '' ) - config.storage.zfs.pool.vdevs} + (lib.lists.flatten config.storage.zfs.pool.vdevs)} # Check pool mode matches configuration if ! echo "$pool_status" | grep -q "$expected_mode"; then From 0e5ebb37f1ce8f93dd7316156567094f1aba788b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 16:53:05 -0600 Subject: [PATCH 0953/1043] build: update flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 6a4736b..3c1f2ad 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1762162438, - "narHash": "sha256-GPnRGcVck+TPiQl6Rqj0i57c8hAa34RsQWVqQAW0OVY=", + "lastModified": 1762488230, + "narHash": "sha256-b7FFUa+bQ8m5din6ylspTTeQvhTf7NNDwC3fPOwCkx4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "2cf91d46e558b29f9f9bbdd23408f62e8423aa00", + "rev": "05e744e2e2d174b2fd445e51ad38fb8356001a18", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1762183399, - "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", + "lastModified": 1762463325, + "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", + "rev": "0562fef070a1027325dd4ea10813d64d2c967b39", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1762186368, - "narHash": "sha256-dzLBZKccS0jMefj+WAYwsk7gKDluqavC7I4KfFwVh8k=", + "lastModified": 1762501326, + "narHash": "sha256-QbhsksHaIN6qU3oXhwUFbYycKX1GRxObpQSWAM5fhRY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "69921864a70b58787abf5ba189095566c3f0ffd3", + "rev": "e2b82ebd0f990a5d1b68fcc761b3d6383c86ccfd", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1762135163, - "narHash": "sha256-gP8SCvsYSfi4olYZcrZ4P1IGMzYJSFe1FuO8RL3xpEc=", + "lastModified": 1762480525, + "narHash": "sha256-7akzuLV8uKP3ym67TJoSIT5hTeC5FG8H745Y/7/7J+8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5d6525e4d5372973da1777b9ebdb01f033db1395", + "rev": "b8b0b207dc13cb7b004f9d0c1d2b76a85e9494c8", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762179181, - "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", + "lastModified": 1762463231, + "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "256770618502d2eda892af3ae91da5e386ce9586", + "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { From 761246a4a486a9f94a4e8cac64a7022737625ccf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 17:01:21 -0600 Subject: [PATCH 0954/1043] chore: removed installerConfigurations --- flake.nix | 7 ------- util/default.nix | 10 ---------- 2 files changed, 17 deletions(-) diff --git a/flake.nix b/flake.nix index ddf92ce..ee41728 100644 --- a/flake.nix +++ b/flake.nix @@ -91,16 +91,11 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; syncthingConfiguration = util.syncthingConfiguration; - installerSystems = { - basic = mkNixosInstaller "basic" []; - }; - nixosSystems = { horizon = mkNixosSystem "horizon"; twilight = mkNixosSystem "twilight"; @@ -170,8 +165,6 @@ }; }); - installerConfigurations = installerSystems; - nixosConfigurations = nixosSystems; darwinConfigurations = darwinSystems; diff --git a/util/default.nix b/util/default.nix index fb2f83d..1b89169 100644 --- a/util/default.nix +++ b/util/default.nix @@ -62,16 +62,6 @@ in { (lib.mkUnless condition no) ]; - mkNixosInstaller = host: userKeys: - nixpkgs.lib.nixosSystem { - modules = [ - { - # TODO: authorized keys for all users and hosts - } - ../configurations/nixos/${host} - ]; - }; - mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; From d613dee36414595ce3f49c72a0d546d086a7e027 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 17:11:41 -0600 Subject: [PATCH 0955/1043] refactor: move syncthing configs out of flake file --- flake.nix | 3 --- modules/nixos-modules/sync.nix | 4 ++-- util/default.nix | 14 +++++++------- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index ee41728..6f85fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -94,7 +94,6 @@ mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; - syncthingConfiguration = util.syncthingConfiguration; nixosSystems = { horizon = mkNixosSystem "horizon"; @@ -170,7 +169,5 @@ darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; - - syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index bf43041..96f54d5 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,7 +1,7 @@ { config, lib, - outputs, + syncthingConfiguration, ... }: let mountDir = "/mnt/sync"; @@ -27,7 +27,7 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - configuration = outputs.syncthingConfiguration; + configuration = syncthingConfiguration; deviceName = config.networking.hostName; }; } diff --git a/util/default.nix b/util/default.nix index 1b89169..97bfa49 100644 --- a/util/default.nix +++ b/util/default.nix @@ -52,6 +52,12 @@ home-manager-config ../modules/system-modules ]; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; in { forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); @@ -64,7 +70,7 @@ in { mkNixosSystem = host: nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs util;}; + specialArgs = {inherit inputs outputs util syncthingConfiguration;}; modules = system-modules ++ [ @@ -109,10 +115,4 @@ in { ../configurations/home-manager/${user} ]; }; - - syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { - modules = [ - (import ../configurations/syncthing) - ]; - }; } From 0de97fa4a2869bbce5954ee6ab21867b232a231a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Nov 2025 18:14:00 -0600 Subject: [PATCH 0956/1043] feat: added more development notes --- modules/nixos-modules/storage/impermanence.nix | 11 +++++++++++ modules/nixos-modules/storage/storage.nix | 12 +++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index c5f53a3..470ce48 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -59,6 +59,13 @@ in { config = lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ { + assertions = [ + { + assertion = config.storage.zfs.enable; + message = "storage.impermanence can not be used without storage.zfs."; + } + ]; + environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -77,8 +84,12 @@ in { }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; + # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { + # TODO: activationScripts config for private folders + # TODO: rollback post resume + # TODO: fuse userAllowOther storage.zfs.datasets = lib.mapAttrs ( datasetName: dataset: diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 1c1986a..e1f013d 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -23,7 +23,7 @@ }; "persist/system/var/log" = { type = "zfs_fs"; - mountpoint = "/persist/system/var/log"; + mountpoint = "/var/log"; options = { "com.sun:auto-snapshot" = "false"; }; @@ -31,7 +31,6 @@ }; } (util.mkUnless config.storage.impermanence.enable { - # TODO: configure datasets for normal zfs # TODO: create datasets for systemd.services..storage.impermanence.datasets storage.zfs.datasets = { "persist/system/root" = { @@ -48,7 +47,6 @@ }; }; storage.zfs.datasets = { - # TODO: is there a way that we can link these two folders in configs via storage.impermanence.datasets "local/system/root" = { type = "zfs_fs"; mountpoint = "/"; @@ -58,6 +56,14 @@ postCreateHook = '' zfs snapshot rpool/local/system/root@blank ''; + + directories = { + "/var/lib/nixos".enable = true; + "/var/lib/systemd/coredump".enable = true; + }; + files = { + "/etc/machine-id".enable = true; + }; }; }; From 5dedf4f314911d7c834c531fa98be05f61f1587b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 11:39:17 -0600 Subject: [PATCH 0957/1043] chore: service to list of services that need to be added --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2d6911b..7f49aa8 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Services - [ ] ntfy service for unified push +- [ ] signal socket server - [ ] vikunja service for project management - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file From 9df29cc07f5592e3c61e924856ceb872f30db2b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 13:21:01 -0600 Subject: [PATCH 0958/1043] feat: refined options for datasets --- .../nixos/defiant/configuration.nix | 85 +++--- modules/nixos-modules/storage/default.nix | 1 + modules/nixos-modules/storage/storage.nix | 64 ++-- .../storage/submodules/dataset.nix | 117 +++---- .../submodules/impermanenceDataset.nix | 11 +- modules/nixos-modules/storage/zfs.nix | 288 +++++++++--------- 6 files changed, 295 insertions(+), 271 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e2f9401..11a6f9d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -33,44 +33,6 @@ isPrincipleUser = true; }; }; - impermanence.enable = true; - storage = { - enable = true; - encryption = true; - notifications = { - enable = true; - host = "smtp.protonmail.ch"; - port = 587; - to = "leyla@jan-leila.com"; - user = "noreply@jan-leila.com"; - tokenFile = config.sops.secrets."services/zfs_smtp_token".path; - }; - pool = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; - vdevs = [ - [ - "ata-ST18000NE000-3G6101_ZVTCXVEB" - "ata-ST18000NE000-3G6101_ZVTCXWSC" - "ata-ST18000NE000-3G6101_ZVTD10EH" - "ata-ST18000NT001-3NF101_ZVTE0S3Q" - "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NE000-3G6101_ZVTJ7359" - ] - [ - "ata-ST4000NE001-2MA101_WS2275P3" - "ata-ST4000NE001-2MA101_WS227B9F" - "ata-ST4000NE001-2MA101_WS227CEW" - "ata-ST4000NE001-2MA101_WS227CYN" - "ata-ST4000NE001-2MA101_WS23TBWV" - "ata-ST4000NE001-2MA101_WS23TC5F" - ] - ]; - cache = [ - "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" - ]; - }; - }; network_storage = { enable = true; directories = [ @@ -104,6 +66,53 @@ }; }; + storage = { + zfs = { + enable = true; + notifications = { + enable = true; + host = "smtp.protonmail.ch"; + port = 587; + to = "leyla@jan-leila.com"; + user = "noreply@jan-leila.com"; + tokenFile = config.sops.secrets."services/zfs_smtp_token".path; + }; + pool = { + encryption = { + enable = true; + }; + vdevs = [ + [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NE000-3G6101_ZVTJ7359" + ] + [ + "ata-ST4000NE001-2MA101_WS2275P3" + "ata-ST4000NE001-2MA101_WS227B9F" + "ata-ST4000NE001-2MA101_WS227CEW" + "ata-ST4000NE001-2MA101_WS227CYN" + "ata-ST4000NE001-2MA101_WS23TBWV" + "ata-ST4000NE001-2MA101_WS23TC5F" + ] + ]; + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + cache = { + cache0 = { + device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; + boot = true; + }; + }; + }; + }; + impermanence = { + enable = true; + }; + }; + systemd.network = { enable = true; diff --git a/modules/nixos-modules/storage/default.nix b/modules/nixos-modules/storage/default.nix index 02f7fb9..ebf990a 100644 --- a/modules/nixos-modules/storage/default.nix +++ b/modules/nixos-modules/storage/default.nix @@ -8,5 +8,6 @@ imports = [ ./impermanence.nix ./zfs.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index e1f013d..06e29f1 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -1,7 +1,6 @@ { lib, config, - util, ... }: { # TODO: create all of the datasets from option and home-manager datasets @@ -13,50 +12,49 @@ storage.zfs.datasets = { "persist/system/nix" = { type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - "com.sun:auto-snapshot" = "false"; + mount = { + enable = true; + mountPoint = "/nix"; }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; }; "persist/system/var/log" = { type = "zfs_fs"; - mountpoint = "/var/log"; - options = { - "com.sun:auto-snapshot" = "false"; + mount = { + enable = true; + mountPoint = "/var/log"; + }; + snapshot = { + autoSnapshot = false; + }; + }; + "persist/system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; }; }; }; } - (util.mkUnless config.storage.impermanence.enable { + (lib.mkIf (!config.storage.impermanence.enable) { # TODO: create datasets for systemd.services..storage.impermanence.datasets storage.zfs.datasets = { "persist/system/root" = { type = "zfs_fs"; - mountpoint = "/"; - canmount = "on"; + snapshot = { + autoSnapshot = true; + }; }; }; }) (lib.mkIf config.storage.impermanence.enable { storage.impermanence.datasets = { "persist/system/root" = { - type = "zfs_fs"; - }; - }; - storage.zfs.datasets = { - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - directories = { "/var/lib/nixos".enable = true; "/var/lib/systemd/coredump".enable = true; @@ -66,6 +64,18 @@ }; }; }; + storage.zfs.datasets = { + "local/system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; + }; + snapshot = { + blankSnapshot = true; + }; + }; + }; # TODO: home-manager.users..storage.impermanence.enable # is false then persist the entire directory of the user diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 482671e..a3102fc 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -6,25 +6,6 @@ description = "Type of ZFS dataset (filesystem or volume)"; }; - # ZFS dataset options that match what's currently hardcoded in rootFsOptions - canmount = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off" "noauto"]); - default = null; - description = "Controls whether the file system can be mounted"; - }; - - mountpoint = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Controls the mount point used for this file system"; - }; - - xattr = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off" "sa" "dir"]); - default = null; - description = "Extended attribute storage method"; - }; - acltype = lib.mkOption { type = lib.types.nullOr (lib.types.enum ["off" "nfsv4" "posixacl"]); default = null; @@ -37,56 +18,82 @@ description = "Controls when access time is updated"; }; + atime = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off"]); + default = null; + description = "Controls whether access time is updated"; + }; + + xattr = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["on" "off" "sa" "dir"]); + default = null; + description = "Extended attribute storage method"; + }; + compression = lib.mkOption { type = lib.types.nullOr (lib.types.enum ["on" "off" "lz4" "gzip" "zstd" "lzjb" "zle"]); default = null; description = "Compression algorithm to use"; }; - encryption = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off" "aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); - default = null; - description = "Encryption algorithm to use"; - }; - - keyformat = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); - default = null; - description = "Format of the encryption key"; - }; - - keylocation = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Location of the encryption key"; - }; - - autoSnapshot = lib.mkOption { - type = lib.types.nullOr lib.types.bool; - default = null; - description = "Enable automatic snapshots for this dataset"; - }; - - # Additional common ZFS options - recordsize = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Suggested block size for files in the file system"; - }; - sync = lib.mkOption { type = lib.types.nullOr (lib.types.enum ["standard" "always" "disabled"]); default = null; description = "Synchronous write behavior"; }; - atime = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["on" "off"]); - default = null; - description = "Controls whether access time is updated"; + mount = { + enable = lib.mkOption { + type = lib.types.nullOr (lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"])); + default = null; + }; + mountPoint = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Controls the mount point used for this file system"; + }; + }; + + encryption = { + enable = lib.mkEnableOption "should encryption be enabled"; + type = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); + default = null; + description = "What encryption type to use"; + }; + keyformat = lib.mkOption { + type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); + default = null; + description = "Format of the encryption key"; + }; + keylocation = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Location of the encryption key"; + }; + }; + + snapshot = { + # This option should set this option flag + # "com.sun:auto-snapshot" = "false"; + autoSnapshot = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = "Enable automatic snapshots for this dataset"; + }; + # TODO: this is what blank snapshot should set + # postCreateHook = '' + # zfs snapshot rpool/local/system/root@blank + # ''; + blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; + }; + + recordSize = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Suggested block size for files in the file system"; }; - # Custom options for disko integration postCreateHook = lib.mkOption { type = lib.types.str; default = ""; diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 2169ec1..5f47c18 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -1,10 +1,5 @@ -args @ { - lib, - name, - ... -}: {...}: let +args @ {lib, ...}: {name, ...}: let datasetSubmodule = (import ./dataset.nix) args; - pathPermissions = { read = lib.mkEnableOption "should the path have read permissions"; write = lib.mkEnableOption "should the path have read permissions"; @@ -52,6 +47,8 @@ in { }; config = { - mountpoint = "/${name}"; + mount = { + mountPoint = lib.mkDefault "/${name}"; + }; }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index bf0c609..fb69f2e 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -171,153 +171,153 @@ in { }; # Disko configuration based on pool settings - disko.devices = { - disk = ( - builtins.listToAttrs ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - ESP = lib.mkIf (builtins.elem drive.value bootDrives) { - size = config.storage.zfs.pool.bootPartitionSize; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - allDrives - ) - ); - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = ( - builtins.map (disks: { - mode = config.storage.zfs.pool.mode; - members = - builtins.map (disk: disk.name) disks; - }) - poolVdevs - ); - cache = builtins.map (disk: disk.name) poolCache; - }; - }; + # disko.devices = { + # disk = ( + # builtins.listToAttrs ( + # builtins.map + # (drive: + # lib.attrsets.nameValuePair (drive.name) { + # type = "disk"; + # device = "/dev/disk/by-id/${drive.value}"; + # content = { + # type = "gpt"; + # partitions = { + # ESP = lib.mkIf (builtins.elem drive.value bootDrives) { + # size = config.storage.zfs.pool.bootPartitionSize; + # type = "EF00"; + # content = { + # type = "filesystem"; + # format = "vfat"; + # mountpoint = "/boot"; + # mountOptions = ["umask=0077"]; + # }; + # }; + # zfs = { + # size = "100%"; + # content = { + # type = "zfs"; + # pool = "rpool"; + # }; + # }; + # }; + # }; + # }) + # allDrives + # ) + # ); + # zpool = { + # rpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = ( + # builtins.map (disks: { + # mode = config.storage.zfs.pool.mode; + # members = + # builtins.map (disk: disk.name) disks; + # }) + # poolVdevs + # ); + # cache = builtins.map (disk: disk.name) poolCache; + # }; + # }; - options = { - ashift = "12"; - autotrim = "on"; - }; + # options = { + # ashift = "12"; + # autotrim = "on"; + # }; - rootFsOptions = let - rootDataset = config.storage.zfs.rootDataset; - # Start with defaults that match the original hardcoded values - defaults = { - canmount = "off"; - mountpoint = "none"; - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - compression = "lz4"; - "com.sun:auto-snapshot" = "false"; - }; - # Override defaults with non-null values from rootDataset - userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - canmount = rootDataset.canmount; - mountpoint = rootDataset.mountpoint; - xattr = rootDataset.xattr; - acltype = rootDataset.acltype; - relatime = rootDataset.relatime; - compression = rootDataset.compression; - encryption = rootDataset.encryption; - keyformat = rootDataset.keyformat; - keylocation = rootDataset.keylocation; - recordsize = rootDataset.recordsize; - sync = rootDataset.sync; - atime = rootDataset.atime; - "com.sun:auto-snapshot" = - if rootDataset.autoSnapshot == null - then null - else - ( - if rootDataset.autoSnapshot - then "true" - else "false" - ); - }; - # Only apply pool encryption if user hasn't set encryption options in rootDataset - poolEncryptionOptions = - lib.attrsets.optionalAttrs ( - config.storage.zfs.pool.encryption.enable - && rootDataset.encryption == null - && rootDataset.keyformat == null - && rootDataset.keylocation == null - ) { - encryption = "on"; - keyformat = config.storage.zfs.pool.encryption.keyformat; - keylocation = config.storage.zfs.pool.encryption.keylocation; - }; - in - defaults // userOptions // rootDataset.options // poolEncryptionOptions; + # rootFsOptions = let + # rootDataset = config.storage.zfs.rootDataset; + # # Start with defaults that match the original hardcoded values + # defaults = { + # canmount = "off"; + # mountpoint = "none"; + # xattr = "sa"; + # acltype = "posixacl"; + # relatime = "on"; + # compression = "lz4"; + # "com.sun:auto-snapshot" = "false"; + # }; + # # Override defaults with non-null values from rootDataset + # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + # canmount = rootDataset.canmount; + # mountpoint = rootDataset.mountpoint; + # xattr = rootDataset.xattr; + # acltype = rootDataset.acltype; + # relatime = rootDataset.relatime; + # compression = rootDataset.compression; + # encryption = rootDataset.encryption; + # keyformat = rootDataset.keyformat; + # keylocation = rootDataset.keylocation; + # recordsize = rootDataset.recordsize; + # sync = rootDataset.sync; + # atime = rootDataset.atime; + # "com.sun:auto-snapshot" = + # if rootDataset.autoSnapshot == null + # then null + # else + # ( + # if rootDataset.autoSnapshot + # then "true" + # else "false" + # ); + # }; + # # Only apply pool encryption if user hasn't set encryption options in rootDataset + # poolEncryptionOptions = + # lib.attrsets.optionalAttrs ( + # config.storage.zfs.pool.encryption.enable + # && rootDataset.encryption == null + # && rootDataset.keyformat == null + # && rootDataset.keylocation == null + # ) { + # encryption = "on"; + # keyformat = config.storage.zfs.pool.encryption.keyformat; + # keylocation = config.storage.zfs.pool.encryption.keylocation; + # }; + # in + # defaults // userOptions // rootDataset.options // poolEncryptionOptions; - datasets = lib.mkMerge [ - ( - lib.attrsets.mapAttrs (name: value: { - type = value.type; - options = let - # For datasets, only include non-null user-specified values - userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - canmount = value.canmount; - xattr = value.xattr; - acltype = value.acltype; - relatime = value.relatime; - compression = value.compression; - encryption = value.encryption; - keyformat = value.keyformat; - keylocation = value.keylocation; - recordsize = value.recordsize; - sync = value.sync; - atime = value.atime; - "com.sun:auto-snapshot" = - if value.autoSnapshot == null - then null - else - ( - if value.autoSnapshot - then "true" - else "false" - ); - }; - in - userOptions // (value.options or {}); - mountpoint = value.mountpoint; - postCreateHook = value.postCreateHook or ""; - }) - config.storage.zfs.datasets - ) - ]; - }; - }; - }; + # datasets = lib.mkMerge [ + # ( + # lib.attrsets.mapAttrs (name: value: { + # type = value.type; + # options = let + # # For datasets, only include non-null user-specified values + # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { + # canmount = value.canmount; + # xattr = value.xattr; + # acltype = value.acltype; + # relatime = value.relatime; + # compression = value.compression; + # encryption = value.encryption; + # keyformat = value.keyformat; + # keylocation = value.keylocation; + # recordsize = value.recordsize; + # sync = value.sync; + # atime = value.atime; + # "com.sun:auto-snapshot" = + # if value.autoSnapshot == null + # then null + # else + # ( + # if value.autoSnapshot + # then "true" + # else "false" + # ); + # }; + # in + # userOptions // (value.options or {}); + # mountpoint = value.mountpoint; + # postCreateHook = value.postCreateHook or ""; + # }) + # config.storage.zfs.datasets + # ) + # ]; + # }; + # }; + # }; # Post-activation scripts for validation system.activationScripts = { From 39edb655390fc1f6ca43c28082a0171abf33ea3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 14:21:22 -0600 Subject: [PATCH 0959/1043] feat: removed broken disko config --- modules/nixos-modules/storage/zfs.nix | 428 +------------------------- 1 file changed, 4 insertions(+), 424 deletions(-) diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index fb69f2e..65ddbd0 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -5,52 +5,6 @@ args @ { ... }: let datasetSubmodule = (import ./submodules/dataset.nix) args; - - # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that - hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - - poolVdevs = - builtins.map ( - vdev: - builtins.map ( - device: let - deviceStr = - if builtins.isString device - then device - else device.device; - in - lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr - ) - vdev - ) - config.storage.zfs.pool.vdevs; - - poolCache = builtins.map ( - name: let - device = config.storage.zfs.pool.cache.${name}; - deviceStr = - if builtins.isString device - then device - else device.device; - in - lib.attrsets.nameValuePair (hashDisk deviceStr) deviceStr - ) (builtins.attrNames config.storage.zfs.pool.cache); - - bootDrives = - builtins.map ( - device: - if builtins.isString device - then device - else device.device - ) (builtins.filter ( - device: - if builtins.isString device - then false - else device.boot - ) - (lib.lists.flatten config.storage.zfs.pool.vdevs)); - - allDrives = (lib.lists.flatten poolVdevs) ++ poolCache; in { options.storage = { zfs = { @@ -142,389 +96,15 @@ in { config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { - assertions = [ - { - assertion = builtins.length bootDrives > 0; - message = '' - ZFS configuration requires at least one boot drive. Please configure at least one device with boot = true in storage.zfs.pool.vdevs. - ''; - } - { - assertion = - !( - config.storage.zfs.pool.encryption.enable - && (config.storage.zfs.rootDataset.encryption - != null - || config.storage.zfs.rootDataset.keyformat != null - || config.storage.zfs.rootDataset.keylocation != null) - ); - message = '' - Cannot set encryption options in both pool.encryption and rootDataset. - Use either pool.encryption for default settings or rootDataset encryption options for explicit control, but not both. - ''; - } - ]; - services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; }; - # Disko configuration based on pool settings - # disko.devices = { - # disk = ( - # builtins.listToAttrs ( - # builtins.map - # (drive: - # lib.attrsets.nameValuePair (drive.name) { - # type = "disk"; - # device = "/dev/disk/by-id/${drive.value}"; - # content = { - # type = "gpt"; - # partitions = { - # ESP = lib.mkIf (builtins.elem drive.value bootDrives) { - # size = config.storage.zfs.pool.bootPartitionSize; - # type = "EF00"; - # content = { - # type = "filesystem"; - # format = "vfat"; - # mountpoint = "/boot"; - # mountOptions = ["umask=0077"]; - # }; - # }; - # zfs = { - # size = "100%"; - # content = { - # type = "zfs"; - # pool = "rpool"; - # }; - # }; - # }; - # }; - # }) - # allDrives - # ) - # ); - # zpool = { - # rpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = ( - # builtins.map (disks: { - # mode = config.storage.zfs.pool.mode; - # members = - # builtins.map (disk: disk.name) disks; - # }) - # poolVdevs - # ); - # cache = builtins.map (disk: disk.name) poolCache; - # }; - # }; - - # options = { - # ashift = "12"; - # autotrim = "on"; - # }; - - # rootFsOptions = let - # rootDataset = config.storage.zfs.rootDataset; - # # Start with defaults that match the original hardcoded values - # defaults = { - # canmount = "off"; - # mountpoint = "none"; - # xattr = "sa"; - # acltype = "posixacl"; - # relatime = "on"; - # compression = "lz4"; - # "com.sun:auto-snapshot" = "false"; - # }; - # # Override defaults with non-null values from rootDataset - # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - # canmount = rootDataset.canmount; - # mountpoint = rootDataset.mountpoint; - # xattr = rootDataset.xattr; - # acltype = rootDataset.acltype; - # relatime = rootDataset.relatime; - # compression = rootDataset.compression; - # encryption = rootDataset.encryption; - # keyformat = rootDataset.keyformat; - # keylocation = rootDataset.keylocation; - # recordsize = rootDataset.recordsize; - # sync = rootDataset.sync; - # atime = rootDataset.atime; - # "com.sun:auto-snapshot" = - # if rootDataset.autoSnapshot == null - # then null - # else - # ( - # if rootDataset.autoSnapshot - # then "true" - # else "false" - # ); - # }; - # # Only apply pool encryption if user hasn't set encryption options in rootDataset - # poolEncryptionOptions = - # lib.attrsets.optionalAttrs ( - # config.storage.zfs.pool.encryption.enable - # && rootDataset.encryption == null - # && rootDataset.keyformat == null - # && rootDataset.keylocation == null - # ) { - # encryption = "on"; - # keyformat = config.storage.zfs.pool.encryption.keyformat; - # keylocation = config.storage.zfs.pool.encryption.keylocation; - # }; - # in - # defaults // userOptions // rootDataset.options // poolEncryptionOptions; - - # datasets = lib.mkMerge [ - # ( - # lib.attrsets.mapAttrs (name: value: { - # type = value.type; - # options = let - # # For datasets, only include non-null user-specified values - # userOptions = lib.attrsets.filterAttrs (_: v: v != null) { - # canmount = value.canmount; - # xattr = value.xattr; - # acltype = value.acltype; - # relatime = value.relatime; - # compression = value.compression; - # encryption = value.encryption; - # keyformat = value.keyformat; - # keylocation = value.keylocation; - # recordsize = value.recordsize; - # sync = value.sync; - # atime = value.atime; - # "com.sun:auto-snapshot" = - # if value.autoSnapshot == null - # then null - # else - # ( - # if value.autoSnapshot - # then "true" - # else "false" - # ); - # }; - # in - # userOptions // (value.options or {}); - # mountpoint = value.mountpoint; - # postCreateHook = value.postCreateHook or ""; - # }) - # config.storage.zfs.datasets - # ) - # ]; - # }; - # }; - # }; - - # Post-activation scripts for validation - system.activationScripts = { - # Script 1: Validate pool, cache devices, and vdevs - zfs-pool-validation = { - text = '' - echo "Running ZFS pool validation..." - - # Function to check if a device exists in a vdev or cache - check_device_in_pool() { - local device_id="$1" - local device_type="$2" # "cache" or "vdev" - - if ! zpool status rpool | grep -q "$device_id"; then - echo "ERROR: Device $device_id not found in pool rpool ($device_type)" - return 1 - fi - return 0 - } - - # Function to validate vdev configuration - validate_vdevs() { - local expected_mode="${config.storage.zfs.pool.mode}" - local pool_status=$(zpool status rpool) - - # Check if pool exists - if ! zpool list rpool >/dev/null 2>&1; then - echo "ERROR: ZFS pool 'rpool' does not exist" - return 1 - fi - - # Validate each configured vdev device - ${lib.concatMapStringsSep "\n" ( - device: let - deviceStr = - if builtins.isString device - then device - else device.device; - in '' - if ! check_device_in_pool "${deviceStr}" "vdev"; then - echo "ERROR: Vdev device ${deviceStr} not found in pool" - exit 1 - fi - '' - ) - (lib.lists.flatten config.storage.zfs.pool.vdevs)} - - # Check pool mode matches configuration - if ! echo "$pool_status" | grep -q "$expected_mode"; then - echo "WARNING: Pool mode may not match expected configuration ($expected_mode)" - fi - - echo "✓ All vdev devices validated successfully" - return 0 - } - - # Function to validate cache configuration - validate_cache() { - ${lib.concatMapStringsSep "\n" ( - name: let - device = config.storage.zfs.pool.cache.${name}; - deviceStr = - if builtins.isString device - then device - else device.device; - in '' - if ! check_device_in_pool "${deviceStr}" "cache"; then - echo "ERROR: Cache device ${deviceStr} (${name}) not found in pool" - exit 1 - fi - '' - ) (builtins.attrNames config.storage.zfs.pool.cache)} - - echo "✓ All cache devices validated successfully" - return 0 - } - - # Run validations - if validate_vdevs && validate_cache; then - echo "✓ ZFS pool validation completed successfully" - else - echo "✗ ZFS pool validation failed" - exit 1 - fi - ''; - deps = ["zfs"]; - }; - - # Script 2: Validate datasets and their options - zfs-dataset-validation = { - text = '' - echo "Running ZFS dataset validation..." - - # Function to check if dataset exists - check_dataset_exists() { - local dataset="$1" - if ! zfs list "$dataset" >/dev/null 2>&1; then - echo "ERROR: Dataset $dataset does not exist" - return 1 - fi - return 0 - } - - # Function to validate dataset options - validate_dataset_options() { - local dataset="$1" - local expected_options="$2" - - # Parse expected options (format: "option=value option2=value2") - echo "$expected_options" | tr ' ' '\n' | while IFS='=' read -r option expected_value; do - if [ -n "$option" ] && [ -n "$expected_value" ]; then - local actual_value=$(zfs get -H -o value "$option" "$dataset" 2>/dev/null) - if [ "$actual_value" != "$expected_value" ]; then - echo "ERROR: Dataset $dataset option $option is '$actual_value', expected '$expected_value'" - return 1 - fi - fi - done - return 0 - } - - # Validate root dataset - echo "Validating root dataset..." - if check_dataset_exists "rpool"; then - root_options="" - ${lib.concatMapStringsSep "\n" ( - option: let - value = config.storage.zfs.rootDataset.${option}; - in - lib.optionalString (value != null) '' - root_options="$root_options ${option}=${toString value}" - '' - ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} - - # Add autoSnapshot option - ${lib.optionalString (config.storage.zfs.rootDataset.autoSnapshot != null) '' - root_options="$root_options com.sun:auto-snapshot=${ - if config.storage.zfs.rootDataset.autoSnapshot - then "true" - else "false" - }" - ''} - - if validate_dataset_options "rpool" "$root_options"; then - echo "✓ Root dataset options validated" - else - echo "✗ Root dataset validation failed" - exit 1 - fi - else - echo "✗ Root dataset validation failed" - exit 1 - fi - - # Validate configured datasets - ${lib.concatMapStringsSep "\n" ( - name: let - dataset = config.storage.zfs.datasets.${name}; - in '' - echo "Validating dataset: rpool/${name}" - if check_dataset_exists "rpool/${name}"; then - dataset_options="" - ${lib.concatMapStringsSep "\n" ( - option: let - value = dataset.${option}; - in - lib.optionalString (value != null) '' - dataset_options="$dataset_options ${option}=${toString value}" - '' - ) ["canmount" "xattr" "acltype" "relatime" "compression" "encryption" "keyformat" "keylocation" "recordsize" "sync" "atime"]} - - # Add autoSnapshot option - ${lib.optionalString (dataset.autoSnapshot != null) '' - dataset_options="$dataset_options com.sun:auto-snapshot=${ - if dataset.autoSnapshot - then "true" - else "false" - }" - ''} - - # Add custom options - ${lib.concatMapStringsSep "\n" ( - optName: let - optValue = dataset.options.${optName}; - in '' - dataset_options="$dataset_options ${optName}=${toString optValue}" - '' - ) (builtins.attrNames (dataset.options or {}))} - - if validate_dataset_options "rpool/${name}" "$dataset_options"; then - echo "✓ Dataset rpool/${name} options validated" - else - echo "✗ Dataset rpool/${name} validation failed" - exit 1 - fi - else - echo "✗ Dataset rpool/${name} validation failed" - exit 1 - fi - '' - ) (builtins.attrNames config.storage.zfs.datasets)} - - echo "✓ ZFS dataset validation completed successfully" - ''; - deps = ["zfs" "zfs-pool-validation"]; - }; - }; + # TODO: configure disko + # TODO: assertion that we have a boot device + # TODO: check that disks on system match configuration and warn user if they don't + # TODO: check that datasets on system match configuration and warn user if they don't } (lib.mkIf config.storage.zfs.notifications.enable { programs.msmtp = { From 3ca0e9bf0a3166741c634b0e6d0ba300769d9317 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 17:04:53 -0600 Subject: [PATCH 0960/1043] fix: fixed generation of disko configuration --- .../nixos-modules/storage/impermanence.nix | 9 +- modules/nixos-modules/storage/storage.nix | 15 +- .../storage/submodules/dataset.nix | 26 +-- .../submodules/impermanenceDataset.nix | 1 + modules/nixos-modules/storage/zfs.nix | 220 ++++++++++++++++-- 5 files changed, 229 insertions(+), 42 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 470ce48..6619bc5 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -70,6 +70,7 @@ in { lib.mapAttrs (datasetName: dataset: { enable = true; hideMounts = true; + persistentStoragePath = "/${datasetName}"; directories = lib.mapAttrsToList (path: dirConfig: { directory = path; user = dirConfig.owner.name; @@ -78,9 +79,11 @@ in { }) (lib.filterAttrs (_: dirConfig: dirConfig.enable) dataset.directories); files = lib.mapAttrsToList (path: fileConfig: { file = path; - user = fileConfig.owner.name; - group = fileConfig.group.name; - mode = permissionsToMode fileConfig; + parentDirectory = { + user = fileConfig.owner.name; + group = fileConfig.group.name; + mode = permissionsToMode fileConfig; + }; }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 06e29f1..b6428f6 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -32,13 +32,6 @@ autoSnapshot = false; }; }; - "persist/system/root" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - }; }; } (lib.mkIf (!config.storage.impermanence.enable) { @@ -46,6 +39,10 @@ storage.zfs.datasets = { "persist/system/root" = { type = "zfs_fs"; + mount = { + enable = false; + mountPoint = "/"; + }; snapshot = { autoSnapshot = true; }; @@ -55,6 +52,10 @@ (lib.mkIf config.storage.impermanence.enable { storage.impermanence.datasets = { "persist/system/root" = { + mount = { + enable = false; + mountPoint = "/"; + }; directories = { "/var/lib/nixos".enable = true; "/var/lib/systemd/coredump".enable = true; diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index a3102fc..3de7719 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -44,12 +44,12 @@ mount = { enable = lib.mkOption { - type = lib.types.nullOr (lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"])); - default = null; + type = lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"]); + default = true; + description = "Whether and how the dataset should be mounted"; }; mountPoint = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; + type = lib.types.str; description = "Controls the mount point used for this file system"; }; }; @@ -57,18 +57,15 @@ encryption = { enable = lib.mkEnableOption "should encryption be enabled"; type = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]); - default = null; + type = lib.types.enum ["aes-128-ccm" "aes-192-ccm" "aes-256-ccm" "aes-128-gcm" "aes-192-gcm" "aes-256-gcm"]; description = "What encryption type to use"; }; keyformat = lib.mkOption { - type = lib.types.nullOr (lib.types.enum ["raw" "hex" "passphrase"]); - default = null; + type = lib.types.enum ["raw" "hex" "passphrase"]; description = "Format of the encryption key"; }; keylocation = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; + type = lib.types.str; description = "Location of the encryption key"; }; }; @@ -77,14 +74,11 @@ # This option should set this option flag # "com.sun:auto-snapshot" = "false"; autoSnapshot = lib.mkOption { - type = lib.types.nullOr lib.types.bool; - default = null; + type = lib.types.bool; + default = false; description = "Enable automatic snapshots for this dataset"; }; - # TODO: this is what blank snapshot should set - # postCreateHook = '' - # zfs snapshot rpool/local/system/root@blank - # ''; + # Creates a blank snapshot in the post create hook for rollback purposes blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; }; diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 5f47c18..7154e90 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -49,6 +49,7 @@ in { config = { mount = { mountPoint = lib.mkDefault "/${name}"; + enable = lib.mkDefault true; }; }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 65ddbd0..451e226 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -5,6 +5,98 @@ args @ { ... }: let datasetSubmodule = (import ./submodules/dataset.nix) args; + + # Hash function for disk names (max 27 chars to fit GPT limitations) + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + # Helper to flatten vdevs into list of devices with names + allVdevDevices = lib.lists.flatten (builtins.map ( + vdev: + builtins.map ( + device: + lib.attrsets.nameValuePair (hashDisk device.device) device + ) + vdev + ) + config.storage.zfs.pool.vdevs); + + # Cache devices with names + allCacheDevices = builtins.map ( + device: + lib.attrsets.nameValuePair (hashDisk device.device) device + ) (config.storage.zfs.pool.cache); + + # All devices (vdevs + cache) + allDevices = allVdevDevices ++ allCacheDevices; + + # Boot devices - filter devices that have boot = true + bootDevices = builtins.filter (device: device.value.boot) allDevices; + + # Helper function to convert dataset options to ZFS properties + datasetToZfsOptions = dataset: let + baseOptions = + (lib.attrsets.optionalAttrs (dataset.acltype != null) {acltype = dataset.acltype;}) + // (lib.attrsets.optionalAttrs (dataset.relatime != null) {relatime = dataset.relatime;}) + // (lib.attrsets.optionalAttrs (dataset.atime != null) {atime = dataset.atime;}) + // (lib.attrsets.optionalAttrs (dataset.xattr != null) {xattr = dataset.xattr;}) + // (lib.attrsets.optionalAttrs (dataset.compression != null) {compression = dataset.compression;}) + // (lib.attrsets.optionalAttrs (dataset.sync != null) {sync = dataset.sync;}) + // (lib.attrsets.optionalAttrs (dataset.recordSize != null) {recordSize = dataset.recordSize;}); + + encryptionOptions = lib.attrsets.optionalAttrs (dataset.encryption.enable) ( + (lib.attrsets.optionalAttrs (dataset.encryption ? type) {encryption = dataset.encryption.type;}) + // (lib.attrsets.optionalAttrs (dataset.encryption ? keyformat) {keyformat = dataset.encryption.keyformat;}) + // (lib.attrsets.optionalAttrs (dataset.encryption ? keylocation) {keylocation = dataset.encryption.keylocation;}) + ); + + mountOptions = lib.attrsets.optionalAttrs (dataset ? mount && dataset.mount ? enable) ( + if builtins.isBool dataset.mount.enable + then { + canmount = + if dataset.mount.enable + then "on" + else "off"; + } + else {canmount = dataset.mount.enable;} + ); + + snapshotOptions = lib.attrsets.optionalAttrs (dataset ? snapshot && dataset.snapshot ? autoSnapshot) { + "com.sun:auto-snapshot" = + if dataset.snapshot.autoSnapshot + then "true" + else "false"; + }; + in + baseOptions // encryptionOptions // mountOptions // snapshotOptions; + + # Helper to generate post create hooks + generatePostCreateHook = name: dataset: + dataset.postCreateHook + + (lib.optionalString dataset.snapshot.blankSnapshot '' + zfs snapshot rpool/${name}@blank + ''); + + # Convert datasets to disko format + convertedDatasets = builtins.listToAttrs ( + (lib.attrsets.mapAttrsToList ( + name: dataset: + lib.attrsets.nameValuePair name { + type = dataset.type; + options = datasetToZfsOptions dataset; + mountpoint = dataset.mount.mountPoint or null; + postCreateHook = generatePostCreateHook name dataset; + } + ) + config.storage.zfs.datasets) + ++ (lib.optional (config.storage.zfs.rootDataset != null) ( + lib.attrsets.nameValuePair "" { + type = config.storage.zfs.rootDataset.type; + options = datasetToZfsOptions config.storage.zfs.rootDataset; + mountpoint = config.storage.zfs.rootDataset.mount.mountPoint or null; + postCreateHook = generatePostCreateHook "" config.storage.zfs.rootDataset; + } + )) + ); in { options.storage = { zfs = { @@ -39,12 +131,14 @@ in { lib.types.coercedTo lib.types.str (device: { device = device; boot = false; - }) { - device = lib.mkOption { - type = lib.types.str; + }) (lib.types.submodule { + options = { + device = lib.mkOption { + type = lib.types.str; + }; + boot = lib.mkEnableOption "should this device be a boot device"; }; - boot = lib.mkEnableOption "should this device be a boot device"; - }; + }); in { encryption = { enable = lib.mkEnableOption "Should encryption be enabled on this pool."; @@ -75,15 +169,15 @@ in { description = "List of vdevs, where each vdev is a list of devices"; }; cache = lib.mkOption { - type = lib.types.attrsOf deviceType; + type = lib.types.listOf deviceType; default = {}; }; }; rootDataset = lib.mkOption { - type = lib.types.submodule datasetSubmodule; + type = lib.types.nullOr (lib.types.submodule datasetSubmodule); description = "Root ZFS dataset to create"; - default = {}; + default = null; }; datasets = lib.mkOption { @@ -96,15 +190,109 @@ in { config = lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { - services.zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - }; + # Assertion that we have at least one boot device + assertions = [ + { + assertion = (builtins.length bootDevices) > 0; + message = "ZFS configuration requires at least one boot device. Set boot = true for at least one device in your vdevs or cache."; + } + ]; - # TODO: configure disko - # TODO: assertion that we have a boot device - # TODO: check that disks on system match configuration and warn user if they don't - # TODO: check that datasets on system match configuration and warn user if they don't + # # Warning about disk/dataset mismatches - these would be runtime checks + # warnings = let + # configuredDisks = builtins.map (device: device.device) (builtins.map (dev: dev.value) allDevices); + # diskWarnings = + # lib.optional (config.storage.zfs.enable) + # "ZFS: Please ensure the following disks are available on your system: ${builtins.concatStringsSep ", " configuredDisks}"; + + # configuredDatasets = builtins.attrNames config.storage.zfs.datasets; + # datasetWarnings = + # lib.optional (config.storage.zfs.enable && (builtins.length configuredDatasets) > 0) + # "ZFS: Configured datasets: ${builtins.concatStringsSep ", " configuredDatasets}. Ensure these match your intended ZFS layout."; + # in + # diskWarnings ++ datasetWarnings; + + # services.zfs = { + # autoScrub.enable = true; + # autoSnapshot.enable = true; + # }; + + # # Configure disko for ZFS setup + disko.devices = { + disk = builtins.listToAttrs ( + builtins.map ( + drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value.device}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf drive.value.boot { + size = config.storage.zfs.pool.bootPartitionSize; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + } + ) + allDevices + ); + + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = + builtins.map (vdev: { + mode = config.storage.zfs.pool.mode; + members = builtins.map (device: hashDisk device.device) vdev; + }) + config.storage.zfs.pool.vdevs; + cache = builtins.map (device: hashDisk device.device) (builtins.attrValues config.storage.zfs.pool.cache); + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + compression = "lz4"; + "com.sun:auto-snapshot" = "false"; + } + // (lib.attrsets.optionalAttrs config.storage.zfs.pool.encryption.enable { + encryption = "on"; + keyformat = config.storage.zfs.pool.encryption.keyformat; + keylocation = config.storage.zfs.pool.encryption.keylocation; + }); + + datasets = convertedDatasets; + }; + }; + }; } (lib.mkIf config.storage.zfs.notifications.enable { programs.msmtp = { From b67be1472a1b4552b57b1672129899ef8475dd41 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:17:22 -0600 Subject: [PATCH 0961/1043] feat: refactored impermanence modules to follow new pattern --- .../nixos-modules/server/actual/default.nix | 2 +- .../server/actual/impermanence.nix | 37 --------- .../nixos-modules/server/actual/storage.nix | 41 ++++++++++ .../nixos-modules/server/bazarr/default.nix | 2 +- .../server/bazarr/impermanence.nix | 33 -------- .../nixos-modules/server/bazarr/storage.nix | 36 +++++++++ .../server/crab-hole/default.nix | 2 +- .../server/crab-hole/impermanence.nix | 33 -------- .../server/crab-hole/storage.nix | 37 +++++++++ .../nixos-modules/server/fail2ban/default.nix | 2 +- .../server/fail2ban/impermanence.nix | 34 --------- .../nixos-modules/server/fail2ban/storage.nix | 37 +++++++++ .../server/flaresolverr/default.nix | 2 +- .../server/flaresolverr/impermanence.nix | 26 ------- .../server/flaresolverr/storage.nix | 26 +++++++ .../nixos-modules/server/forgejo/default.nix | 2 +- .../server/forgejo/impermanence.nix | 35 --------- .../nixos-modules/server/forgejo/storage.nix | 36 +++++++++ .../server/home-assistant/default.nix | 2 +- .../server/home-assistant/impermanence.nix | 26 ------- .../server/home-assistant/storage.nix | 36 +++++++++ .../nixos-modules/server/immich/default.nix | 2 +- .../server/immich/impermanence.nix | 32 -------- .../nixos-modules/server/immich/storage.nix | 36 +++++++++ .../nixos-modules/server/jackett/default.nix | 2 +- .../server/jackett/impermanence.nix | 33 -------- .../nixos-modules/server/jackett/storage.nix | 36 +++++++++ .../nixos-modules/server/jellyfin/default.nix | 2 +- .../server/jellyfin/impermanence.nix | 73 ------------------ .../nixos-modules/server/jellyfin/storage.nix | 76 +++++++++++++++++++ .../nixos-modules/server/lidarr/default.nix | 2 +- .../server/lidarr/impermanence.nix | 33 -------- .../nixos-modules/server/lidarr/storage.nix | 36 +++++++++ .../server/panoramax/default.nix | 2 +- .../server/panoramax/impermanence.nix | 20 ----- .../server/panoramax/storage.nix | 33 ++++++++ .../server/paperless/default.nix | 2 +- .../server/paperless/impermanence.nix | 32 -------- .../server/paperless/storage.nix | 36 +++++++++ .../nixos-modules/server/postgres/default.nix | 2 +- .../server/postgres/impermanence.nix | 27 ------- .../nixos-modules/server/postgres/storage.nix | 36 +++++++++ .../server/qbittorent/default.nix | 2 +- .../server/qbittorent/impermanence.nix | 61 --------------- .../server/qbittorent/storage.nix | 62 +++++++++++++++ .../nixos-modules/server/radarr/default.nix | 2 +- .../server/radarr/impermanence.nix | 33 -------- .../nixos-modules/server/radarr/storage.nix | 36 +++++++++ .../server/reverseProxy/default.nix | 2 +- .../server/reverseProxy/impermanence.nix | 21 ----- .../server/reverseProxy/storage.nix | 28 +++++++ .../nixos-modules/server/sonarr/default.nix | 2 +- .../server/sonarr/impermanence.nix | 33 -------- .../nixos-modules/server/sonarr/storage.nix | 36 +++++++++ 54 files changed, 718 insertions(+), 640 deletions(-) delete mode 100644 modules/nixos-modules/server/actual/impermanence.nix create mode 100644 modules/nixos-modules/server/actual/storage.nix delete mode 100644 modules/nixos-modules/server/bazarr/impermanence.nix create mode 100644 modules/nixos-modules/server/bazarr/storage.nix delete mode 100644 modules/nixos-modules/server/crab-hole/impermanence.nix create mode 100644 modules/nixos-modules/server/crab-hole/storage.nix delete mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix create mode 100644 modules/nixos-modules/server/fail2ban/storage.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/impermanence.nix create mode 100644 modules/nixos-modules/server/flaresolverr/storage.nix delete mode 100644 modules/nixos-modules/server/forgejo/impermanence.nix create mode 100644 modules/nixos-modules/server/forgejo/storage.nix delete mode 100644 modules/nixos-modules/server/home-assistant/impermanence.nix create mode 100644 modules/nixos-modules/server/home-assistant/storage.nix delete mode 100644 modules/nixos-modules/server/immich/impermanence.nix create mode 100644 modules/nixos-modules/server/immich/storage.nix delete mode 100644 modules/nixos-modules/server/jackett/impermanence.nix create mode 100644 modules/nixos-modules/server/jackett/storage.nix delete mode 100644 modules/nixos-modules/server/jellyfin/impermanence.nix create mode 100644 modules/nixos-modules/server/jellyfin/storage.nix delete mode 100644 modules/nixos-modules/server/lidarr/impermanence.nix create mode 100644 modules/nixos-modules/server/lidarr/storage.nix delete mode 100644 modules/nixos-modules/server/panoramax/impermanence.nix create mode 100644 modules/nixos-modules/server/panoramax/storage.nix delete mode 100644 modules/nixos-modules/server/paperless/impermanence.nix create mode 100644 modules/nixos-modules/server/paperless/storage.nix delete mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/storage.nix delete mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/storage.nix delete mode 100644 modules/nixos-modules/server/radarr/impermanence.nix create mode 100644 modules/nixos-modules/server/radarr/storage.nix delete mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/storage.nix delete mode 100644 modules/nixos-modules/server/sonarr/impermanence.nix create mode 100644 modules/nixos-modules/server/sonarr/storage.nix diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index b59517b..99778af 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -3,6 +3,6 @@ ./actual.nix ./proxy.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix deleted file mode 100644 index d870789..0000000 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { - options.services.actual = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.actual.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.actual.impermanence.enable { - assertions = [ - { - assertion = config.services.actual.settings.dataDir == dataDirectory; - message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; - } - { - assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; - message = "actual systemd service must have DynamicUser enabled to use private directory"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDirectory; - user = "actual"; - group = "actual"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix new file mode 100644 index 0000000..eab0817 --- /dev/null +++ b/modules/nixos-modules/server/actual/storage.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + options.services.actual.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.actual.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; + } + ]; + } + (lib.mkIf (!config.services.actual.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.actual.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDirectory}" = { + owner.name = "actual"; + group.name = "actual"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix deleted file mode 100644 index 70a45d1..0000000 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - bazarr_data_directory = "/var/lib/bazarr"; -in { - options.services.bazarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.bazarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.bazarr.impermanence.enable { - assertions = [ - { - assertion = config.services.bazarr.dataDir == bazarr_data_directory; - message = "bazarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = bazarr_data_directory; - user = "bazarr"; - group = "bazarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix new file mode 100644 index 0000000..53a9d9c --- /dev/null +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + bazarr_data_directory = "/var/lib/bazarr"; +in { + options.services.bazarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.bazarr.dataDir == bazarr_data_directory; + message = "bazarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.bazarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.bazarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${bazarr_data_directory}" = { + owner.name = "bazarr"; + group.name = "bazarr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/crab-hole/default.nix b/modules/nixos-modules/server/crab-hole/default.nix index 158a851..9f990c5 100644 --- a/modules/nixos-modules/server/crab-hole/default.nix +++ b/modules/nixos-modules/server/crab-hole/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./crab-hole.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix deleted file mode 100644 index 51efc0c..0000000 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - workingDirectory = "/var/lib/private/crab-hole"; -in { - options.services.crab-hole = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.crab-hole.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.crab-hole.impermanence.enable { - assertions = [ - { - assertion = - config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); - message = "crab-hole working directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = workingDirectory; - user = "crab-hole"; - group = "crab-hole"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix new file mode 100644 index 0000000..ec38846 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + ... +}: let + workingDirectory = "/var/lib/private/crab-hole"; +in { + options.services.crab-hole.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = + config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); + message = "crab-hole working directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.crab-hole.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.crab-hole.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${workingDirectory}" = { + owner.name = "crab-hole"; + group.name = "crab-hole"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix index 30fca99..84a46d4 100644 --- a/modules/nixos-modules/server/fail2ban/default.nix +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix deleted file mode 100644 index 6e214b3..0000000 --- a/modules/nixos-modules/server/fail2ban/impermanence.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - options.services.fail2ban = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.fail2ban.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.fail2ban.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix new file mode 100644 index 0000000..6c1f227 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + options.services.fail2ban.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.fail2ban.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.fail2ban.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataFolder}" = { + owner.name = "fail2ban"; + group.name = "fail2ban"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix deleted file mode 100644 index 4544e75..0000000 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.flaresolverr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.flaresolverr.impermanence.enable { - # FlareSolverr typically doesn't need persistent storage as it's a proxy service - # but we'll add basic structure in case it's needed for logs or configuration - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = "/var/lib/flaresolverr"; - user = "flaresolverr"; - group = "flaresolverr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix new file mode 100644 index 0000000..657bcc6 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: { + options.services.flaresolverr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + (lib.mkIf (!config.services.flaresolverr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.flaresolverr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/flaresolverr" = { + owner.name = "flaresolverr"; + group.name = "flaresolverr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 4333f69..c990e57 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -4,6 +4,6 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix deleted file mode 100644 index 6fe3de8..0000000 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - config, - ... -}: let - stateDir = "/var/lib/forgejo"; -in { - options.services.forgejo = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.forgejo.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.forgejo.impermanence.enable { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = stateDir; - user = "forgejo"; - group = "forgejo"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix new file mode 100644 index 0000000..31304e7 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + stateDir = "/var/lib/forgejo"; +in { + options.services.forgejo.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.forgejo.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.forgejo.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${stateDir}" = { + owner.name = "forgejo"; + group.name = "forgejo"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index b6f9356..d213964 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -4,7 +4,7 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ./extensions ]; } diff --git a/modules/nixos-modules/server/home-assistant/impermanence.nix b/modules/nixos-modules/server/home-assistant/impermanence.nix deleted file mode 100644 index 8c056a1..0000000 --- a/modules/nixos-modules/server/home-assistant/impermanence.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: let - configDir = "/var/lib/hass"; -in - lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; - } diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix new file mode 100644 index 0000000..231387b --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in { + options.services.home-assistant.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.home-assistant.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.home-assistant.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.home-assistant.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${configDir}" = { + owner.name = "hass"; + group.name = "hass"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix index 4d93c0b..75ae2fd 100644 --- a/modules/nixos-modules/server/immich/default.nix +++ b/modules/nixos-modules/server/immich/default.nix @@ -3,7 +3,7 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; # NOTE: This shouldn't be needed now that we are out of testing diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix deleted file mode 100644 index 56e51d0..0000000 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.services.immich = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.immich.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.immich.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix new file mode 100644 index 0000000..65b4bed --- /dev/null +++ b/modules/nixos-modules/server/immich/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + options.services.immich.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.immich.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.immich.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${mediaLocation}" = { + owner.name = "immich"; + group.name = "immich"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix deleted file mode 100644 index 24fc5e6..0000000 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - jackett_data_directory = "/var/lib/jackett/.config/Jackett"; -in { - options.services.jackett = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jackett.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.jackett.impermanence.enable { - assertions = [ - { - assertion = config.services.jackett.dataDir == jackett_data_directory; - message = "jackett data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = jackett_data_directory; - user = "jackett"; - group = "jackett"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix new file mode 100644 index 0000000..6056c9c --- /dev/null +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + jackett_data_directory = "/var/lib/jackett/.config/Jackett"; +in { + options.services.jackett.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.jackett.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.jackett.dataDir == jackett_data_directory; + message = "jackett data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.jackett.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.jackett.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${jackett_data_directory}" = { + owner.name = "jackett"; + group.name = "jackett"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 2dbdcfd..4770ae1 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -3,6 +3,6 @@ ./jellyfin.nix ./proxy.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix deleted file mode 100644 index cbcb54f..0000000 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: let - jellyfin_data_directory = "/var/lib/jellyfin"; - jellyfin_cache_directory = "/var/cache/jellyfin"; -in { - options.services.jellyfin = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jellyfin.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.jellyfin.impermanence.enable { - fileSystems."/persist/system/jellyfin".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix new file mode 100644 index 0000000..867b936 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -0,0 +1,76 @@ +{ + lib, + config, + ... +}: let + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; +in { + options.services.jellyfin.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.jellyfin.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.jellyfin.impermanence.enable { + storage.impermanence.datasets = { + "persist/system/root" = { + directories = { + "${jellyfin_data_directory}" = { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; + }; + "${jellyfin_cache_directory}" = { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; + }; + }; + }; + "persist/system/jellyfin" = { + atime = "off"; + relatime = "off"; + + directories."${config.services.jellyfin.media_directory}" = { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin_media"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix deleted file mode 100644 index 5d3aa3f..0000000 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; -in { - options.services.lidarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.lidarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.lidarr.impermanence.enable { - assertions = [ - { - assertion = config.services.lidarr.dataDir == lidarr_data_directory; - message = "lidarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = lidarr_data_directory; - user = "lidarr"; - group = "lidarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix new file mode 100644 index 0000000..9d818ff --- /dev/null +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; +in { + options.services.lidarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.lidarr.dataDir == lidarr_data_directory; + message = "lidarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.lidarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.lidarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${lidarr_data_directory}" = { + owner.name = "lidarr"; + group.name = "lidarr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index 4c6b9ea..f5a514f 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -2,7 +2,7 @@ imports = [ ./proxy.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ./panoramax.nix ./database.nix ]; diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix deleted file mode 100644 index e25ef92..0000000 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.panoramax = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.panoramax.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.panoramax.impermanence.enable { - # TODO: configure impermanence for panoramax data - # This would typically include directories like: - # - /var/lib/panoramax - # - panoramax storage directories - # - any cache or temporary directories that need to persist - }; -} diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix new file mode 100644 index 0000000..52d9d74 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + ... +}: { + options.services.panoramax.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # TODO: configure impermanence for panoramax data + # This would typically include directories like: + # - /var/lib/panoramax + # - panoramax storage directories + # - any cache or temporary directories that need to persist + } + (lib.mkIf (!config.services.panoramax.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.panoramax.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/panoramax" = { + owner.name = "panoramax"; + group.name = "panoramax"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index 7e5e16b..f7a5aa7 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -4,6 +4,6 @@ ./proxy.nix ./database.nix ./fail2ban.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix deleted file mode 100644 index fc87ea7..0000000 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: let - dataDir = "/var/lib/paperless"; -in { - options.services.paperless = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.paperless.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.paperless.impermanence.enable { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDir; - user = "paperless"; - group = "paperless"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix new file mode 100644 index 0000000..6f74441 --- /dev/null +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + options.services.paperless.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.paperless.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.paperless.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDir}" = { + owner.name = "paperless"; + group.name = "paperless"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix index abf4ade..50d90d4 100644 --- a/modules/nixos-modules/server/postgres/default.nix +++ b/modules/nixos-modules/server/postgres/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./postgres.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix deleted file mode 100644 index a67fb1a..0000000 --- a/modules/nixos-modules/server/postgres/impermanence.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: let - dataDir = "/var/lib/postgresql/16"; -in { - config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix new file mode 100644 index 0000000..0ec0eb2 --- /dev/null +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + options.services.postgresql.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.postgresql.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.postgresql.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.postgresql.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDir}" = { + owner.name = "postgres"; + group.name = "postgres"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix index f7511e6..11cc449 100644 --- a/modules/nixos-modules/server/qbittorent/default.nix +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./qbittorent.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix deleted file mode 100644 index 1489e7d..0000000 --- a/modules/nixos-modules/server/qbittorent/impermanence.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.qbittorrent.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.qbittorrent.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix new file mode 100644 index 0000000..02d4757 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -0,0 +1,62 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + options.services.qbittorrent.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.qbittorrent.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + ( + lib.mkIf config.services.qbittorrent.impermanence.enable + { + storage.impermanence.datasets = { + "persist/system/root" = { + directories."${qbittorent_profile_directory}" = { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + }; + }; + "persist/system/qbittorrent" = { + directories."${config.services.qbittorrent.mediaDir}" = { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = true; + write = false; + execute = true; + }; + }; + }; + }; + } + ) + ])) + ]); +} diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix deleted file mode 100644 index c948e3a..0000000 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - radarr_data_directory = "/var/lib/radarr/.config/Radarr"; -in { - options.services.radarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.radarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.radarr.impermanence.enable { - assertions = [ - { - assertion = config.services.radarr.dataDir == radarr_data_directory; - message = "radarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = radarr_data_directory; - user = "radarr"; - group = "radarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix new file mode 100644 index 0000000..82d2bf8 --- /dev/null +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + radarr_data_directory = "/var/lib/radarr/.config/Radarr"; +in { + options.services.radarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.radarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.radarr.dataDir == radarr_data_directory; + message = "radarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.radarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.radarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${radarr_data_directory}" = { + owner.name = "radarr"; + group.name = "radarr"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix index 5d57175..336e28b 100644 --- a/modules/nixos-modules/server/reverseProxy/default.nix +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ ./reverseProxy.nix - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix deleted file mode 100644 index 7af55df..0000000 --- a/modules/nixos-modules/server/reverseProxy/impermanence.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; -in { - config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix new file mode 100644 index 0000000..c4ee04a --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + options.services.reverseProxy.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + (lib.mkIf (!config.services.reverseProxy.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.reverseProxy.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${dataDir}" = { + owner.name = "acme"; + group.name = "acme"; + }; + }; + }) + ])) + ]); +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index 86dbb4b..cb2a5f0 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./impermanence.nix + ./storage.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix deleted file mode 100644 index 5b90ee9..0000000 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; -in { - options.services.sonarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.sonarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.sonarr.impermanence.enable { - assertions = [ - { - assertion = config.services.sonarr.dataDir == sonarr_data_directory; - message = "sonarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = sonarr_data_directory; - user = "sonarr"; - group = "sonarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix new file mode 100644 index 0000000..c74a7b8 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; +in { + options.services.sonarr.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.storage.impermanence.enable; + }; + + config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + assertions = [ + { + assertion = config.services.sonarr.dataDir == sonarr_data_directory; + message = "sonarr data directory does not match persistence"; + } + ]; + } + (lib.mkIf (!config.services.sonarr.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.sonarr.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${sonarr_data_directory}" = { + owner.name = "sonarr"; + group.name = "sonarr"; + }; + }; + }) + ])) + ]); +} From d283f881604027bb6f51d0ac8556a8cb7e394c37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:28:34 -0600 Subject: [PATCH 0962/1043] feat: moved ollama, tailscale, and sync into folders following the new storage pattern --- modules/nixos-modules/ollama/default.nix | 6 ++ modules/nixos-modules/{ => ollama}/ollama.nix | 14 ---- modules/nixos-modules/ollama/storage.nix | 49 +++++++++++++ modules/nixos-modules/sync.nix | 69 ------------------- modules/nixos-modules/sync/default.nix | 6 ++ modules/nixos-modules/sync/storage.nix | 57 +++++++++++++++ modules/nixos-modules/sync/sync.nix | 36 ++++++++++ modules/nixos-modules/tailscale.nix | 34 --------- modules/nixos-modules/tailscale/default.nix | 6 ++ modules/nixos-modules/tailscale/storage.nix | 36 ++++++++++ modules/nixos-modules/tailscale/tailscale.nix | 19 +++++ 11 files changed, 215 insertions(+), 117 deletions(-) create mode 100644 modules/nixos-modules/ollama/default.nix rename modules/nixos-modules/{ => ollama}/ollama.nix (63%) create mode 100644 modules/nixos-modules/ollama/storage.nix delete mode 100644 modules/nixos-modules/sync.nix create mode 100644 modules/nixos-modules/sync/default.nix create mode 100644 modules/nixos-modules/sync/storage.nix create mode 100644 modules/nixos-modules/sync/sync.nix delete mode 100644 modules/nixos-modules/tailscale.nix create mode 100644 modules/nixos-modules/tailscale/default.nix create mode 100644 modules/nixos-modules/tailscale/storage.nix create mode 100644 modules/nixos-modules/tailscale/tailscale.nix diff --git a/modules/nixos-modules/ollama/default.nix b/modules/nixos-modules/ollama/default.nix new file mode 100644 index 0000000..896526a --- /dev/null +++ b/modules/nixos-modules/ollama/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./ollama.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama/ollama.nix similarity index 63% rename from modules/nixos-modules/ollama.nix rename to modules/nixos-modules/ollama/ollama.nix index 99819bf..dc7cdd9 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama/ollama.nix @@ -27,20 +27,6 @@ allowedUDPPorts = ports; }; })) - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = "/var/lib/private/ollama"; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - } - ]; - }; - }) ] ); } diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix new file mode 100644 index 0000000..ff2348e --- /dev/null +++ b/modules/nixos-modules/ollama/storage.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + ... +}: { + options = { + services.ollama.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.ollama.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Ollama needs persistent storage for models and configuration + } + (lib.mkIf (!config.services.ollama.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.ollama.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/private/ollama" = { + enable = true; + owner.name = config.services.ollama.user; + group.name = config.services.ollama.group; + owner.permissions = { + read = true; + write = true; + execute = false; + }; + group.permissions = { + read = false; + write = false; + execute = false; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix deleted file mode 100644 index 96f54d5..0000000 --- a/modules/nixos-modules/sync.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - lib, - syncthingConfiguration, - ... -}: let - mountDir = "/mnt/sync"; - configDir = "/etc/syncthing"; -in { - config = lib.mkMerge [ - { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" - "d ${mountDir} 2755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - } - (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ - { - services.syncthing = { - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = configDir; - overrideDevices = true; - overrideFolders = true; - configuration = syncthingConfiguration; - deviceName = config.networking.hostName; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = mountDir; - user = "syncthing"; - group = "syncthing"; - } - { - directory = configDir; - user = "syncthing"; - group = "syncthing"; - } - ]; - }; - }; - }) - ])) - ]; -} diff --git a/modules/nixos-modules/sync/default.nix b/modules/nixos-modules/sync/default.nix new file mode 100644 index 0000000..5640417 --- /dev/null +++ b/modules/nixos-modules/sync/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./sync.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix new file mode 100644 index 0000000..a58a49f --- /dev/null +++ b/modules/nixos-modules/sync/storage.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: let + mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; +in { + options = { + services.syncthing.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.syncthing.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.syncthing.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Syncthing needs persistent storage for configuration and data + } + (lib.mkIf (!config.services.syncthing.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.syncthing.impermanence.enable { + assertions = + [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ] + ++ lib.attrsets.mapAttrsToList (_: folder: { + assertion = lib.strings.hasPrefix mountDir folder.path; + message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; + }) + config.services.syncthing.settings.folders; + + storage.impermanence.datasets."persist/system/root" = { + directories = { + "${mountDir}" = { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + "${configDir}" = { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/sync/sync.nix b/modules/nixos-modules/sync/sync.nix new file mode 100644 index 0000000..28b6e38 --- /dev/null +++ b/modules/nixos-modules/sync/sync.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + syncthingConfiguration, + ... +}: let + mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; +in { + config = lib.mkMerge [ + { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" + "d ${mountDir} 2755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" + ]; + }; + } + (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ + { + services.syncthing = { + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = configDir; + overrideDevices = true; + overrideFolders = true; + configuration = syncthingConfiguration; + deviceName = config.networking.hostName; + }; + } + ])) + ]; +} diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix deleted file mode 100644 index db664e8..0000000 --- a/modules/nixos-modules/tailscale.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: let - tailscale_data_directory = "/var/lib/tailscale"; -in { - options.host.tailscale = { - enable = lib.mkEnableOption "should tailscale be enabled on this computer"; - }; - - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - { - # any configs we want shared between all machines - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = tailscale_data_directory; - user = "root"; - group = "root"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/tailscale/default.nix b/modules/nixos-modules/tailscale/default.nix new file mode 100644 index 0000000..7a283e8 --- /dev/null +++ b/modules/nixos-modules/tailscale/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./tailscale.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix new file mode 100644 index 0000000..9533aef --- /dev/null +++ b/modules/nixos-modules/tailscale/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + tailscale_data_directory = "/var/lib/tailscale"; +in { + options = { + services.tailscale.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.tailscale.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Tailscale needs persistent storage for keys and configuration + } + (lib.mkIf (!config.services.tailscale.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.tailscale.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${tailscale_data_directory}" = { + enable = true; + owner.name = "root"; + group.name = "root"; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/tailscale/tailscale.nix b/modules/nixos-modules/tailscale/tailscale.nix new file mode 100644 index 0000000..06899b1 --- /dev/null +++ b/modules/nixos-modules/tailscale/tailscale.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: { + options = { + host.tailscale = { + enable = lib.mkEnableOption "should tailscale be enabled on this computer"; + }; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + { + # any configs we want shared between all machines + } + ] + ); +} From ab555f50ff118a4f90720723671ad45c0c44b91e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:30:49 -0600 Subject: [PATCH 0963/1043] fix: defiant config cache drive converted to correct format --- configurations/nixos/defiant/configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 11a6f9d..182b8c0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -100,12 +100,12 @@ ] ]; # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - cache = { - cache0 = { + cache = [ + { device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; boot = true; - }; - }; + } + ]; }; }; impermanence = { From 703530ddfe22c61f475a1f9a3ada43264993fa2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:48:41 -0600 Subject: [PATCH 0964/1043] feat: updated storage config for emergent --- configurations/nixos/emergent/configuration.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 6121069..781d66b 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -59,12 +59,22 @@ hardware = { piperMouse.enable = true; }; + }; - storage = { + storage = { + zfs = { enable = true; pool = { - mode = ""; - drives = ["wwn-0x5000039fd0cf05eb"]; + mode = "stripe"; + vdevs = [ + [ + { + device = "wwn-0x5000039fd0cf05eb"; + boot = true; + } + ] + ]; + cache = []; }; }; }; From 5acf060e9e9e874acfe7cdecd75e9ff67afa53b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:49:19 -0600 Subject: [PATCH 0965/1043] feat: updated imports to use new storage module only --- modules/nixos-modules/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 77bfe93..34e041e 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,12 +8,10 @@ ./desktop.nix ./ssh.nix ./i18n.nix - ./sync.nix - ./impermanence.nix - ./disko.nix - ./ollama.nix + ./sync + ./ollama ./ai.nix - ./tailscale.nix + ./tailscale ./steam.nix ./server ./storage From 1310b50794cc8261ea129695814f270ce8df056b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 19:04:59 -0600 Subject: [PATCH 0966/1043] feat: moved ssh config to use new storage config --- modules/nixos-modules/ssh.nix | 41 +++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 6f5fac1..20e7881 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -3,6 +3,13 @@ config, ... }: { + options = { + services.openssh.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.openssh.enable && config.storage.impermanence.enable; + }; + }; + config = lib.mkMerge [ { services = { @@ -17,12 +24,32 @@ }; }; } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys - ); - }; - }) + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # SSH host keys need to be persisted to maintain server identity + } + (lib.mkIf (!config.services.openssh.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.openssh.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + files = builtins.listToAttrs ( + lib.lists.flatten ( + builtins.map (hostKey: [ + { + name = hostKey.path; + value = {enable = true;}; + } + { + name = "${hostKey.path}.pub"; + value = {enable = true;}; + } + ]) + config.services.openssh.hostKeys + ) + ); + }; + }) + ])) ]; } From 4da5d65d8f81e4add37ed0ddda014515e324f29f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 21:10:18 -0600 Subject: [PATCH 0967/1043] feat: added activation and resume scripts to storage and impermanence --- .../nixos-modules/storage/impermanence.nix | 17 +++++++++-- modules/nixos-modules/storage/storage.nix | 29 +++++++++++-------- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 6619bc5..33b4706 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -66,6 +66,20 @@ in { } ]; + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + + programs.fuse.userAllowOther = true; + environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -90,9 +104,6 @@ in { # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { - # TODO: activationScripts config for private folders - # TODO: rollback post resume - # TODO: fuse userAllowOther storage.zfs.datasets = lib.mapAttrs ( datasetName: dataset: diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index b6428f6..d6a2a2b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -50,6 +50,23 @@ }; }) (lib.mkIf config.storage.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + ''; + + storage.zfs.datasets = { + "local/system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; + }; + snapshot = { + blankSnapshot = true; + }; + }; + }; + storage.impermanence.datasets = { "persist/system/root" = { mount = { @@ -65,18 +82,6 @@ }; }; }; - storage.zfs.datasets = { - "local/system/root" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - snapshot = { - blankSnapshot = true; - }; - }; - }; # TODO: home-manager.users..storage.impermanence.enable # is false then persist the entire directory of the user From 4d7d11e0c886ebb0a7e252f30eb57cf6fdc9b7f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 21:19:54 -0600 Subject: [PATCH 0968/1043] feat: removed now unneeded disko and impermanence modules --- modules/nixos-modules/disko.nix | 267 ------------------------- modules/nixos-modules/impermanence.nix | 101 ---------- 2 files changed, 368 deletions(-) delete mode 100644 modules/nixos-modules/disko.nix delete mode 100644 modules/nixos-modules/impermanence.nix diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix deleted file mode 100644 index a962689..0000000 --- a/modules/nixos-modules/disko.nix +++ /dev/null @@ -1,267 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - # there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to - # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that - hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - - vdevs = - builtins.map ( - disks: - builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks - ) - config.host.storage.pool.vdevs; - cache = - builtins.map ( - disk: lib.attrsets.nameValuePair (hashDisk disk) disk - ) - config.host.storage.pool.cache; - - datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; -in { - options.host.storage = { - enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; - encryption = lib.mkEnableOption "is the vdev going to be encrypted"; - notifications = { - enable = lib.mkEnableOption "are notifications enabled"; - host = lib.mkOption { - type = lib.types.str; - description = "what is the host that we are going to send the email to"; - }; - port = lib.mkOption { - type = lib.types.port; - description = "what port is the host using to receive mail on"; - }; - to = lib.mkOption { - type = lib.types.str; - description = "what account is the email going to be sent to"; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user is the email going to be set from"; - }; - tokenFile = lib.mkOption { - type = lib.types.str; - description = "file containing the password to be used by msmtp for notifications"; - }; - }; - pool = { - mode = lib.mkOption { - type = lib.types.str; - default = "raidz2"; - description = "what level of redundancy should this pool have"; - }; - # list of drives in pool that will have a boot partition put onto them - bootDrives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of disks that are going to have a boot partition installed on them"; - default = lib.lists.flatten config.host.storage.pool.vdevs; - }; - # shorthand for vdevs if you only have 1 vdev - drives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be in the vdev"; - default = []; - }; - # list of all drives in each vdev - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; - }; - # list of cache drives for pool - cache = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be used as cache"; - default = []; - }; - # Default datasets that are needed to make a functioning system - datasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - default = { - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - }; - }; - extraDatasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - description = "List of datasets to define"; - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.storage.enable { - programs.msmtp = lib.mkIf config.host.storage.notifications.enable { - enable = true; - setSendmail = true; - defaults = { - aliases = "/etc/aliases"; - port = config.host.storage.notifications.port; - tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; - tls = "on"; - auth = "login"; - tls_starttls = "off"; - }; - accounts = { - zfs_notifications = { - auth = true; - tls = true; - host = config.host.storage.notifications.host; - passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; - user = config.host.storage.notifications.user; - from = config.host.storage.notifications.user; - }; - }; - }; - - services.zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - - zed = lib.mkIf config.host.storage.notifications.enable { - enableMail = true; - - settings = { - ZED_DEBUG_LOG = "/tmp/zed.debug.log"; - ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; - ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; - ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; - - ZED_NOTIFY_INTERVAL_SECS = 3600; - ZED_NOTIFY_VERBOSE = true; - - ZED_USE_ENCLOSURE_LEDS = true; - ZED_SCRUB_AFTER_RESILVER = true; - }; - }; - }; - - disko.devices = { - disk = ( - builtins.listToAttrs ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { - # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - ( - (lib.lists.flatten vdevs) ++ cache - ) - ) - ); - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = ( - builtins.map (disks: { - mode = config.host.storage.pool.mode; - members = - builtins.map (disk: disk.name) disks; - }) - vdevs - ); - cache = builtins.map (disk: disk.name) cache; - }; - }; - - options = { - ashift = "12"; - autotrim = "on"; - }; - - rootFsOptions = - { - canmount = "off"; - mountpoint = "none"; - - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - - compression = "lz4"; - - "com.sun:auto-snapshot" = "false"; - } - // ( - lib.attrsets.optionalAttrs config.host.storage.encryption { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; - } - ); - - datasets = lib.mkMerge [ - ( - lib.attrsets.mapAttrs (name: value: { - type = value.type; - options = value.options; - mountpoint = value.mountpoint; - postCreateHook = value.postCreateHook; - }) - datasets - ) - ]; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix deleted file mode 100644 index 4cdcd00..0000000 --- a/modules/nixos-modules/impermanence.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ - config, - lib, - ... -}: { - options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; - - config = lib.mkMerge [ - { - assertions = [ - { - assertion = !(config.host.impermanence.enable && !config.host.storage.enable); - message = '' - Disko storage must be enabled to use impermanence. - ''; - } - ]; - } - ( - lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.host.impermanence.enable && config.host.storage.enable; - message = "Impermanence can not be used without managed host storage."; - } - ]; - - # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 - system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; - system.activationScripts = { - "var-lib-private-permissions" = { - deps = ["specialfs"]; - text = '' - mkdir -p /persist/system/root/var/lib/private - chmod 0700 /persist/system/root/var/lib/private - ''; - }; - }; - - programs.fuse.userAllowOther = true; - - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - ''; - - fileSystems = { - "/".neededForBoot = true; - "/persist/system/root".neededForBoot = true; - "/persist/system/var/log".neededForBoot = true; - }; - - host.storage.pool.extraDatasets = { - # persist datasets are datasets that contain information that we would like to keep around - "persist" = { - type = "zfs_fs"; - options.canmount = "off"; - options = { - "com.sun:auto-snapshot" = "true"; - }; - }; - # this is where root data actually lives - "persist/system/root" = { - type = "zfs_fs"; - mountpoint = "/persist/system/root"; - }; - "persist/system/var/log" = { - type = "zfs_fs"; - mountpoint = "/persist/system/var/log"; - # logs should be append only so we shouldn't need to snapshot them - options = { - "com.sun:auto-snapshot" = "false"; - }; - }; - }; - - environment.persistence."/persist/system/var/log" = { - enable = true; - hideMounts = true; - directories = [ - "/var/log" - ]; - }; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/var/lib/nixos" - "/var/lib/systemd/coredump" - ]; - files = [ - "/etc/machine-id" - ]; - }; - - # TODO: this should live in leylas home manager configuration - security.sudo.extraConfig = "Defaults lecture=never"; - } - ) - ]; -} From 318a0a974884ce803d7bd5517c56692b822f9a56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 22:37:19 -0600 Subject: [PATCH 0969/1043] feat: added sops dataset to users.nix --- modules/nixos-modules/users.nix | 138 ++++++++++++++++---------------- 1 file changed, 67 insertions(+), 71 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 987e080..3385a83 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -399,79 +399,75 @@ in { }; }; } - (lib.mkIf config.host.impermanence.enable { - boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") - normalUsers) - ); + (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable { + storage.zfs.datasets."persist/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; + }; + atime = "off"; + relatime = "off"; + }; + }) + ])) + # (lib.mkIf config.host.impermanence.enable { + # boot.initrd.postResumeCommands = lib.mkAfter ( + # lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + # normalUsers) + # ); - systemd = { - tmpfiles.rules = - builtins.map ( - user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" - ) - normalUsers; - }; + # systemd = { + # tmpfiles.rules = + # builtins.map ( + # user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + # ) + # normalUsers; + # }; - fileSystems = lib.mkMerge [ - { - ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; - } - ( - builtins.listToAttrs ( - builtins.map (user: - lib.attrsets.nameValuePair "/persist/home/${user.name}" { - neededForBoot = true; - }) - normalUsers - ) - ) - ( - builtins.listToAttrs ( - builtins.map (user: - lib.attrsets.nameValuePair "/home/${user.name}" { - neededForBoot = true; - }) - normalUsers - ) - ) - ]; + # fileSystems = lib.mkMerge [ + # ( + # builtins.listToAttrs ( + # builtins.map (user: + # lib.attrsets.nameValuePair "/persist/home/${user.name}" { + # neededForBoot = true; + # }) + # normalUsers + # ) + # ) + # ( + # builtins.listToAttrs ( + # builtins.map (user: + # lib.attrsets.nameValuePair "/home/${user.name}" { + # neededForBoot = true; + # }) + # normalUsers + # ) + # ) + # ]; - host.storage.pool.extraDatasets = lib.mkMerge ( - [ - { - # sops age key needs to be available to pre persist for user generation - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = SOPS_AGE_KEY_DIRECTORY; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - } - ] - ++ ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/home/${user.name}"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/${user.name}@blank - ''; - }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/persist/home/${user.name}"; - }; - }) - normalUsers - ) - ); - }) + # host.storage.pool.extraDatasets = lib.mkMerge ( + # ( + # builtins.map (user: { + # "local/home/${user.name}" = { + # type = "zfs_fs"; + # mountpoint = "/home/${user.name}"; + # options = { + # canmount = "on"; + # }; + # postCreateHook = '' + # zfs snapshot rpool/local/home/${user.name}@blank + # ''; + # }; + # "persist/home/${user.name}" = { + # type = "zfs_fs"; + # mountpoint = "/persist/home/${user.name}"; + # }; + # }) + # normalUsers + # ) + # ); + # }) ]; } From 81a9ed31548c9842f4f051b6c19656c4cd032382 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Nov 2025 02:21:08 -0600 Subject: [PATCH 0970/1043] doc: added documentation tasks to README.md --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 2d6911b..e16fe0e 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,20 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: +## Documentation +- [ ] project layout +- [ ] users file structure +- [ ] reverse proxy design + - public service compatibility + - vpn based services compatibility +- [ ] the choice of impermanence +- [ ] storage module design + - base impermanence compatibility and structure reason + - plans for home manager datasets + - plans for auto systemd service datasets +- [ ] plans to migrate to some kind of acl structure for user management +- [ ] plans to migrate from flakes to npins + ## Chores: - [ ] test out crab hole service From 46cd54e9bac9c0fd975f0ecbcf6a2dd90d648e3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Nov 2025 02:27:00 -0600 Subject: [PATCH 0971/1043] feat: added option for prompt footer in conventional commit plugin --- .../programs/vscode/conventionalCommits.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 5bc8124..b667c27 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -19,6 +19,10 @@ in { gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; + + promptFooter = lib.mkEnableOption "prompting for footer in conventional commits"; + + showNewVersionNotes = lib.mkEnableOption "showing new version notes for conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { @@ -27,6 +31,8 @@ in { userSettings = { "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + "conventionalCommits.promptFooter" = config.extraExtensions.conventionalCommits.promptFooter; + "conventionalCommits.showNewVersionNotes" = config.extraExtensions.conventionalCommits.showNewVersionNotes; }; }; })); From 8ddaa1c9dd45c62dd810597aa6d0abe6c7770169 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Nov 2025 02:39:43 -0600 Subject: [PATCH 0972/1043] doc: added more notes to README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7d13298..a50813e 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] the choice of impermanence - [ ] storage module design - base impermanence compatibility and structure reason + - what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?)) + - plans to possibly support btrfs in the future - plans for home manager datasets - plans for auto systemd service datasets - [ ] plans to migrate to some kind of acl structure for user management From d06c25f33f07e198d00da6331ed26cf470deb9ff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 02:38:28 -0600 Subject: [PATCH 0973/1043] feat: migrated users over to new persistence structure --- configurations/home-manager/leyla/default.nix | 2 +- .../home-manager/leyla/impermanence.nix | 1 - modules/home-manager-modules/impermanence.nix | 5 +- .../home-manager-modules/programs/anki.nix | 4 +- .../programs/bitwarden.nix | 1 - .../home-manager-modules/programs/bruno.nix | 1 - .../home-manager-modules/programs/calibre.nix | 1 - .../programs/davinci-resolve.nix | 1 - .../home-manager-modules/programs/dbeaver.nix | 1 - .../home-manager-modules/programs/discord.nix | 1 - .../home-manager-modules/programs/firefox.nix | 1 - .../home-manager-modules/programs/freecad.nix | 1 - .../home-manager-modules/programs/gimp.nix | 1 - .../programs/inkscape.nix | 1 - .../programs/kdenlive.nix | 1 - .../home-manager-modules/programs/krita.nix | 1 - .../programs/libreoffice.nix | 1 - .../programs/mapillary-uploader.nix | 1 - modules/home-manager-modules/programs/obs.nix | 1 - .../home-manager-modules/programs/olympus.nix | 1 - .../home-manager-modules/programs/openrgb.nix | 1 - .../home-manager-modules/programs/picard.nix | 1 - .../programs/qflipper.nix | 1 - .../home-manager-modules/programs/steam.nix | 1 - .../programs/tor-browser.nix | 1 - .../programs/ungoogled-chromium.nix | 1 - modules/home-manager-modules/programs/via.nix | 1 - .../programs/vmware-workstation.nix | 1 - modules/nixos-modules/users.nix | 120 ++++++++---------- 29 files changed, 57 insertions(+), 99 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 8a37754..20b04c7 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,7 +12,7 @@ ]; config = { - impermanence.enable = osConfig.host.impermanence.enable; + impermanence.enable = osConfig.storage.impermanence.enable; # Home Manager needs a bit of information about you and the paths it should # manage. diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ce81c81..ea64d56 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -14,7 +14,6 @@ ".bash_history" # keep shell history around "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ]; - allowOther = true; }; }; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 6c75edd..402cccd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -18,17 +18,16 @@ in { (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.host.impermanence.enable; + assertion = osConfig.storage.impermanence.enable; message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback - (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; - allowOther = true; }; }) ]; diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index c2f93ea..2e3f3fc 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,15 +1,13 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/Anki2/" ]; - allowOther = true; }; }; } diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index e305b6c..040d875 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/Bitwarden" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 8ad5e63..871cca0 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/bruno/" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index dbe6e2b..9219f31 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/calibre" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 6c4526f..c5fed5a 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -21,7 +21,6 @@ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 8b6c41a..87786a7 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index d5d7192..cc06bca 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/discord/" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 8841887..e50217a 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -22,7 +22,6 @@ # Extension configuration ".mozilla/firefox/${profile}/extension-settings.json" ]; - allowOther = true; }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index 89668de..553de9e 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/FreeCAD" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 925a2d9..6ec4a6f 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/GIMP" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index a26ddec..b5f5dbf 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/inkscape" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 05327d1..6773b19 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -28,7 +28,6 @@ in { "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 3ba5560..bbf9416 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -21,7 +21,6 @@ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 93163e7..618acc3 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/libreoffice" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index df1f093..f5cbb0e 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -22,7 +22,6 @@ in { "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index bfdba90..84d49b1 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -10,7 +10,6 @@ directories = [ "${config.xdg.configHome}/obs-studio" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 0e38eec..b3cfd21 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -28,7 +28,6 @@ in { "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index c9d5e14..2372f54 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/OpenRGB" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index bc37b86..b61dd8c 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/MusicBrainz" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 8b42766..6963acb 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/qFlipper" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index fd98cb6..6262eac 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -25,7 +25,6 @@ method = "symlink"; } ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index c3b085d..bc7eddc 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.dataHome}/torbrowser" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index ef6a881..8b0ade8 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -20,7 +20,6 @@ directories = [ "${config.xdg.configHome}/chromium" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 0aa58e4..524576d 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -21,7 +21,6 @@ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" ]; - allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 8e9d406..f6a3ce1 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -28,7 +28,6 @@ method = "symlink"; } ]; - allowOther = true; }; } ) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 3385a83..040261a 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -400,74 +400,60 @@ in { }; } (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable { - storage.zfs.datasets."persist/system/sops" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + storage.zfs.datasets = lib.mkMerge [ + { + "local/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; + }; + atime = "off"; + relatime = "off"; + }; + } + # Create ZFS datasets for each normal user + (lib.mkMerge ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/home/${user.name}"; + }; + snapshot.blankSnapshot = true; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/persist/home/${user.name}"; + }; + }; + }) + normalUsers + )) + ]; + + # Post resume commands to rollback user home datasets to blank snapshots + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + normalUsers) + ); + + # Create persist home directories with proper permissions + systemd = { + tmpfiles.rules = + builtins.map ( + user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + ) + normalUsers; }; - atime = "off"; - relatime = "off"; - }; - }) + } + ])) ])) - # (lib.mkIf config.host.impermanence.enable { - # boot.initrd.postResumeCommands = lib.mkAfter ( - # lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") - # normalUsers) - # ); - - # systemd = { - # tmpfiles.rules = - # builtins.map ( - # user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" - # ) - # normalUsers; - # }; - - # fileSystems = lib.mkMerge [ - # ( - # builtins.listToAttrs ( - # builtins.map (user: - # lib.attrsets.nameValuePair "/persist/home/${user.name}" { - # neededForBoot = true; - # }) - # normalUsers - # ) - # ) - # ( - # builtins.listToAttrs ( - # builtins.map (user: - # lib.attrsets.nameValuePair "/home/${user.name}" { - # neededForBoot = true; - # }) - # normalUsers - # ) - # ) - # ]; - - # host.storage.pool.extraDatasets = lib.mkMerge ( - # ( - # builtins.map (user: { - # "local/home/${user.name}" = { - # type = "zfs_fs"; - # mountpoint = "/home/${user.name}"; - # options = { - # canmount = "on"; - # }; - # postCreateHook = '' - # zfs snapshot rpool/local/home/${user.name}@blank - # ''; - # }; - # "persist/home/${user.name}" = { - # type = "zfs_fs"; - # mountpoint = "/persist/home/${user.name}"; - # }; - # }) - # normalUsers - # ) - # ); - # }) ]; } From 61eef3067e36c187b4615b2ad9d1d7101fe4027f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 15:42:25 -0600 Subject: [PATCH 0974/1043] feat: made persist build with new impermanence system --- configurations/home-manager/leyla/impermanence.nix | 2 +- modules/home-manager-modules/impermanence.nix | 2 +- modules/home-manager-modules/openssh.nix | 2 +- modules/home-manager-modules/programs/anki.nix | 4 ++-- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/davinci-resolve.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/firefox.nix | 2 +- modules/home-manager-modules/programs/freecad.nix | 2 +- modules/home-manager-modules/programs/gimp.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 2 +- modules/home-manager-modules/programs/inkscape.nix | 2 +- modules/home-manager-modules/programs/kdenlive.nix | 2 +- modules/home-manager-modules/programs/krita.nix | 2 +- modules/home-manager-modules/programs/libreoffice.nix | 2 +- modules/home-manager-modules/programs/makemkv.nix | 2 +- modules/home-manager-modules/programs/mapillary-uploader.nix | 2 +- modules/home-manager-modules/programs/obs.nix | 2 +- modules/home-manager-modules/programs/obsidian.nix | 2 +- modules/home-manager-modules/programs/olympus.nix | 2 +- modules/home-manager-modules/programs/openrgb.nix | 2 +- modules/home-manager-modules/programs/picard.nix | 2 +- modules/home-manager-modules/programs/prostudiomasters.nix | 2 +- modules/home-manager-modules/programs/protonvpn.nix | 2 +- modules/home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/qflipper.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- modules/home-manager-modules/programs/steam.nix | 2 +- modules/home-manager-modules/programs/tor-browser.nix | 2 +- modules/home-manager-modules/programs/ungoogled-chromium.nix | 2 +- modules/home-manager-modules/programs/via.nix | 2 +- modules/home-manager-modules/programs/vmware-workstation.nix | 2 +- 35 files changed, 36 insertions(+), 36 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ea64d56..c61d693 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/home/leyla" = { + home.persistence."/persist/home" = { directories = [ "desktop" "downloads" diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 402cccd..67f0ee4 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -26,7 +26,7 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/home/${config.home.username}" = { + home.persistence."/persist/home" = { directories = ["."]; }; }) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index afc98dd..213ad67 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 2e3f3fc..739245e 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -4,9 +4,9 @@ ... }: { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ - "${config.xdg.dataHome}/Anki2/" + ".local/share/Anki2" ]; }; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 040d875..c752669 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 871cca0..768299b 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/bruno/" ]; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 9219f31..14e48dc 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/calibre" ]; diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index c5fed5a..49c7c47 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 87786a7..abc7c29 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index cc06bca..c62de57 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/discord/" ]; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index e50217a..282c022 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -25,7 +25,7 @@ }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( + home.persistence."/persist/home" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index 553de9e..c546794 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 6ec4a6f..c127234 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/GIMP" ]; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index e59e7b2..438e345 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index b5f5dbf..8cef5cb 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/inkscape" ]; diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 6773b19..a130fb8 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index bbf9416..869b10b 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 618acc3..924d2a1 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index e92c3d3..e158c07 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index f5cbb0e..7fb416e 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,7 +17,7 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 84d49b1..5e226cc 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 824563d..91b59b3 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index b3cfd21..2be0084 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 2372f54..94636fc 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index b61dd8c..a6a7887 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 5345169..3653ae4 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 513a610..d04c012 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 61d13c0..37fd464 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 6963acb..8261f5e 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 7db23a7..3dae867 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 6262eac..98b970f 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,7 +18,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index bc7eddc..e13dd4c 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 8b0ade8..8ca8ec0 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/chromium" ]; diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 524576d..acf2d8c 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index f6a3ce1..30ae692 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { + home.persistence."/persist/home" = { directories = [ { directory = ".vmware"; From 8aa984a389b949ca4e0fad20c32af931341b2083 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 15:49:12 -0600 Subject: [PATCH 0975/1043] feat: made datasets build --- .../nixos-modules/storage/impermanence.nix | 10 +++++- modules/nixos-modules/storage/storage.nix | 34 ++++++++++++------- .../submodules/impermanenceDataset.nix | 4 +-- modules/nixos-modules/users.nix | 8 ----- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 33b4706..4f231bf 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -80,6 +80,15 @@ in { programs.fuse.userAllowOther = true; + fileSystems = + lib.mapAttrs' ( + datasetName: dataset: + lib.nameValuePair "/${datasetName}" { + neededForBoot = true; + } + ) + config.storage.impermanence.datasets; + environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -101,7 +110,6 @@ in { }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; - # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index d6a2a2b..e9f740b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -35,17 +35,19 @@ }; } (lib.mkIf (!config.storage.impermanence.enable) { - # TODO: create datasets for systemd.services..storage.impermanence.datasets - storage.zfs.datasets = { - "persist/system/root" = { - type = "zfs_fs"; - mount = { - enable = false; - mountPoint = "/"; - }; - snapshot = { - autoSnapshot = true; - }; + storage.zfs.rootDataset = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; + }; + compression = "lz4"; + acltype = "posixacl"; + relatime = "on"; + xattr = "sa"; + snapshot = { + autoSnapshot = true; + blankSnapshot = true; }; }; }) @@ -70,8 +72,8 @@ storage.impermanence.datasets = { "persist/system/root" = { mount = { - enable = false; - mountPoint = "/"; + enable = true; + mountPoint = "/persist/system/root"; }; directories = { "/var/lib/nixos".enable = true; @@ -81,6 +83,12 @@ "/etc/machine-id".enable = true; }; }; + "persist/home" = { + mount = { + enable = true; + mountPoint = "/persist/home"; + }; + }; }; # TODO: home-manager.users..storage.impermanence.enable diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 7154e90..0104b88 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -14,14 +14,14 @@ args @ {lib, ...}: {name, ...}: let owner = { name = lib.mkOption { type = lib.types.str; - default = "nouser"; + default = "root"; }; permissions = pathPermissions; }; group = { name = lib.mkOption { type = lib.types.str; - default = "nogroup"; + default = "root"; }; permissions = pathPermissions; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 040261a..bf45ac9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -415,7 +415,6 @@ in { relatime = "off"; }; } - # Create ZFS datasets for each normal user (lib.mkMerge ( builtins.map (user: { "local/home/${user.name}" = { @@ -426,13 +425,6 @@ in { }; snapshot.blankSnapshot = true; }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/persist/home/${user.name}"; - }; - }; }) normalUsers )) From ac0f1ce2e69c3da050f44eb1ed93e54b213de353 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Nov 2025 15:51:28 -0600 Subject: [PATCH 0976/1043] feat: updated flake input to use fork --- flake.lock | 19 ++++++++++++++----- flake.nix | 4 +++- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 3c1f2ad..6b33266 100644 --- a/flake.lock +++ b/flake.lock @@ -147,16 +147,25 @@ } }, "impermanence": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", - "owner": "nix-community", + "lastModified": 1762761176, + "narHash": "sha256-i3gM8fUozQrgZIbwVNlTuhLqPSl56zxAYpsQpQ9Lhro=", + "owner": "jan-leila", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "ffbe1ca47cf4b3008c3aa5c49cdae294d8c8058a", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "jan-leila", + "ref": "home-manager-v2", "repo": "impermanence", "type": "github" } diff --git a/flake.nix b/flake.nix index 6f85fa3..f0b9d67 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,9 @@ # delete your darlings impermanence = { - url = "github:nix-community/impermanence"; + url = "github:jan-leila/impermanence/home-manager-v2"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; }; nix-darwin = { From 1eb66d1c31e5dbd8471aa2652b0db11115389444 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Nov 2025 19:27:12 -0600 Subject: [PATCH 0977/1043] feat: updated pool names --- .../home-manager/leyla/impermanence.nix | 2 +- modules/home-manager-modules/impermanence.nix | 2 +- modules/home-manager-modules/openssh.nix | 2 +- .../home-manager-modules/programs/anki.nix | 2 +- .../programs/bitwarden.nix | 2 +- .../home-manager-modules/programs/bruno.nix | 2 +- .../home-manager-modules/programs/calibre.nix | 2 +- .../programs/davinci-resolve.nix | 2 +- .../home-manager-modules/programs/dbeaver.nix | 2 +- .../home-manager-modules/programs/discord.nix | 2 +- .../home-manager-modules/programs/firefox.nix | 2 +- .../home-manager-modules/programs/freecad.nix | 2 +- .../home-manager-modules/programs/gimp.nix | 2 +- .../home-manager-modules/programs/idea.nix | 2 +- .../programs/inkscape.nix | 2 +- .../programs/kdenlive.nix | 2 +- .../home-manager-modules/programs/krita.nix | 2 +- .../programs/libreoffice.nix | 2 +- .../home-manager-modules/programs/makemkv.nix | 2 +- .../programs/mapillary-uploader.nix | 2 +- modules/home-manager-modules/programs/obs.nix | 2 +- .../programs/obsidian.nix | 2 +- .../home-manager-modules/programs/olympus.nix | 2 +- .../home-manager-modules/programs/openrgb.nix | 2 +- .../home-manager-modules/programs/picard.nix | 2 +- .../programs/prostudiomasters.nix | 2 +- .../programs/protonvpn.nix | 2 +- .../programs/qbittorrent.nix | 2 +- .../programs/qflipper.nix | 2 +- .../home-manager-modules/programs/signal.nix | 2 +- .../home-manager-modules/programs/steam.nix | 2 +- .../programs/tor-browser.nix | 2 +- .../programs/ungoogled-chromium.nix | 2 +- modules/home-manager-modules/programs/via.nix | 2 +- .../programs/vmware-workstation.nix | 2 +- modules/nixos-modules/ollama/storage.nix | 2 +- .../nixos-modules/server/actual/storage.nix | 2 +- .../nixos-modules/server/bazarr/storage.nix | 2 +- .../server/crab-hole/storage.nix | 2 +- .../nixos-modules/server/fail2ban/storage.nix | 2 +- .../server/flaresolverr/storage.nix | 2 +- .../nixos-modules/server/forgejo/storage.nix | 2 +- .../server/home-assistant/storage.nix | 2 +- .../nixos-modules/server/immich/storage.nix | 2 +- .../nixos-modules/server/jackett/storage.nix | 2 +- .../nixos-modules/server/jellyfin/storage.nix | 2 +- .../nixos-modules/server/lidarr/storage.nix | 2 +- .../network_storage/network_storage.nix | 2 +- .../server/panoramax/storage.nix | 2 +- .../server/paperless/storage.nix | 2 +- .../nixos-modules/server/postgres/storage.nix | 2 +- .../server/qbittorent/storage.nix | 2 +- .../nixos-modules/server/radarr/storage.nix | 2 +- .../server/reverseProxy/storage.nix | 2 +- .../nixos-modules/server/sonarr/storage.nix | 2 +- modules/nixos-modules/server/wyoming.nix | 2 +- modules/nixos-modules/ssh.nix | 2 +- .../nixos-modules/storage/impermanence.nix | 4 +-- modules/nixos-modules/storage/storage.nix | 25 +++++++++++-------- modules/nixos-modules/storage/zfs.nix | 4 +-- modules/nixos-modules/sync/storage.nix | 2 +- modules/nixos-modules/tailscale/storage.nix | 2 +- modules/nixos-modules/users.nix | 8 +++--- 63 files changed, 81 insertions(+), 78 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index c61d693..4a58cbb 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "desktop" "downloads" diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 67f0ee4..f5e9869 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -26,7 +26,7 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = ["."]; }; }) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 213ad67..3e723c9 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 739245e..c54feac 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ ".local/share/Anki2" ]; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index c752669..ade24b6 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 768299b..ced1998 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/bruno/" ]; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 14e48dc..74a0cf4 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/calibre" ]; diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 49c7c47..c17c8b0 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index abc7c29..f509646 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index c62de57..3f5d72c 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/discord/" ]; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 282c022..e100200 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -25,7 +25,7 @@ }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist/home" = lib.mkMerge ( + home.persistence."/persist/replicate/home" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index c546794..19e08fa 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index c127234..fbe4471 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/GIMP" ]; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 438e345..ec9d7d6 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index 8cef5cb..67e5f80 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/inkscape" ]; diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index a130fb8..2bec5b3 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 869b10b..88d1de9 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 924d2a1..9c3537f 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index e158c07..9fcde8b 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 7fb416e..09894c9 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,7 +17,7 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 5e226cc..3a099f7 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 91b59b3..e07beab 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 2be0084..3223d62 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 94636fc..64d6229 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index a6a7887..5d197f8 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 3653ae4..5256f26 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index d04c012..57e50ab 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 37fd464..ee098e0 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 8261f5e..0c7d242 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 3dae867..962a139 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 98b970f..3dd6504 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,7 +18,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index e13dd4c..92484ae 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 8ca8ec0..e76eeeb 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/chromium" ]; diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index acf2d8c..3a638aa 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 30ae692..277e4bd 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/replicate/home" = { directories = [ { directory = ".vmware"; diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix index ff2348e..65bbe26 100644 --- a/modules/nixos-modules/ollama/storage.nix +++ b/modules/nixos-modules/ollama/storage.nix @@ -20,7 +20,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.ollama.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."/var/lib/private/ollama" = { enable = true; owner.name = config.services.ollama.user; diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix index eab0817..cec2eab 100644 --- a/modules/nixos-modules/server/actual/storage.nix +++ b/modules/nixos-modules/server/actual/storage.nix @@ -29,7 +29,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.actual.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDirectory}" = { owner.name = "actual"; group.name = "actual"; diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix index 53a9d9c..c8c7d1d 100644 --- a/modules/nixos-modules/server/bazarr/storage.nix +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.bazarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${bazarr_data_directory}" = { owner.name = "bazarr"; group.name = "bazarr"; diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix index ec38846..caacdf8 100644 --- a/modules/nixos-modules/server/crab-hole/storage.nix +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -25,7 +25,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.crab-hole.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${workingDirectory}" = { owner.name = "crab-hole"; group.name = "crab-hole"; diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix index 6c1f227..02ad3f0 100644 --- a/modules/nixos-modules/server/fail2ban/storage.nix +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -25,7 +25,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.fail2ban.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataFolder}" = { owner.name = "fail2ban"; group.name = "fail2ban"; diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix index 657bcc6..da52480 100644 --- a/modules/nixos-modules/server/flaresolverr/storage.nix +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -14,7 +14,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.flaresolverr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."/var/lib/flaresolverr" = { owner.name = "flaresolverr"; group.name = "flaresolverr"; diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix index 31304e7..d7b54b9 100644 --- a/modules/nixos-modules/server/forgejo/storage.nix +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.forgejo.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${stateDir}" = { owner.name = "forgejo"; group.name = "forgejo"; diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix index 231387b..00831c4 100644 --- a/modules/nixos-modules/server/home-assistant/storage.nix +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.home-assistant.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${configDir}" = { owner.name = "hass"; group.name = "hass"; diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix index 65b4bed..cd9f935 100644 --- a/modules/nixos-modules/server/immich/storage.nix +++ b/modules/nixos-modules/server/immich/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.immich.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${mediaLocation}" = { owner.name = "immich"; group.name = "immich"; diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix index 6056c9c..eaa0bc9 100644 --- a/modules/nixos-modules/server/jackett/storage.nix +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.jackett.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${jackett_data_directory}" = { owner.name = "jackett"; group.name = "jackett"; diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 867b936..2854cb8 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -30,7 +30,7 @@ in { }) (lib.mkIf config.services.jellyfin.impermanence.enable { storage.impermanence.datasets = { - "persist/system/root" = { + "persist/replicate/system/root" = { directories = { "${jellyfin_data_directory}" = { enable = true; diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix index 9d818ff..57c568c 100644 --- a/modules/nixos-modules/server/lidarr/storage.nix +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.lidarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${lidarr_data_directory}" = { owner.name = "lidarr"; group.name = "lidarr"; diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix index ebc3bee..b9d0446 100644 --- a/modules/nixos-modules/server/network_storage/network_storage.nix +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -74,7 +74,7 @@ in { ); } # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { + # environment.persistence."/persist/replicate/system/root" = { # enable = true; # hideMounts = true; # directories = [ diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix index 52d9d74..164c9bb 100644 --- a/modules/nixos-modules/server/panoramax/storage.nix +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -21,7 +21,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.panoramax.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."/var/lib/panoramax" = { owner.name = "panoramax"; group.name = "panoramax"; diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix index 6f74441..381e45b 100644 --- a/modules/nixos-modules/server/paperless/storage.nix +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.paperless.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDir}" = { owner.name = "paperless"; group.name = "paperless"; diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix index 0ec0eb2..068c93f 100644 --- a/modules/nixos-modules/server/postgres/storage.nix +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.postgresql.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDir}" = { owner.name = "postgres"; group.name = "postgres"; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 02d4757..0bb01e3 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -27,7 +27,7 @@ in { lib.mkIf config.services.qbittorrent.impermanence.enable { storage.impermanence.datasets = { - "persist/system/root" = { + "persist/replicate/system/root" = { directories."${qbittorent_profile_directory}" = { owner.name = "qbittorrent"; group.name = "qbittorrent"; diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix index 82d2bf8..a9b4901 100644 --- a/modules/nixos-modules/server/radarr/storage.nix +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.radarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${radarr_data_directory}" = { owner.name = "radarr"; group.name = "radarr"; diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix index c4ee04a..29a3120 100644 --- a/modules/nixos-modules/server/reverseProxy/storage.nix +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -16,7 +16,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.reverseProxy.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${dataDir}" = { owner.name = "acme"; group.name = "acme"; diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix index c74a7b8..aebd0a9 100644 --- a/modules/nixos-modules/server/sonarr/storage.nix +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -24,7 +24,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.sonarr.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${sonarr_data_directory}" = { owner.name = "sonarr"; group.name = "sonarr"; diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index c9a1474..1df6877 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -48,7 +48,7 @@ systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; } (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { + environment.persistence."/persist/replicate/system/root" = { enable = true; hideMounts = true; directories = [ diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 20e7881..dd70918 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -32,7 +32,7 @@ # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.openssh.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { files = builtins.listToAttrs ( lib.lists.flatten ( builtins.map (hostKey: [ diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 4f231bf..db0deb0 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -72,8 +72,8 @@ in { "var-lib-private-permissions" = { deps = ["specialfs"]; text = '' - mkdir -p /persist/system/root/var/lib/private - chmod 0700 /persist/system/root/var/lib/private + mkdir -p /persist/replicate/system/root/var/lib/private + chmod 0700 /persist/replicate/system/root/var/lib/private ''; }; }; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index e9f740b..2708f6b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -10,7 +10,7 @@ lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { storage.zfs.datasets = { - "persist/system/nix" = { + "persist/local/nix" = { type = "zfs_fs"; mount = { enable = true; @@ -22,15 +22,12 @@ atime = "off"; relatime = "off"; }; - "persist/system/var/log" = { + "persist/replicate/system/var/log" = { type = "zfs_fs"; mount = { enable = true; mountPoint = "/var/log"; }; - snapshot = { - autoSnapshot = false; - }; }; }; } @@ -53,11 +50,11 @@ }) (lib.mkIf config.storage.impermanence.enable { boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/ephemeral/system/root@blank ''; storage.zfs.datasets = { - "local/system/root" = { + "ephemeral/system/root" = { type = "zfs_fs"; mount = { enable = true; @@ -70,10 +67,13 @@ }; storage.impermanence.datasets = { - "persist/system/root" = { + "persist/replicate/system/root" = { mount = { enable = true; - mountPoint = "/persist/system/root"; + mountPoint = "/persist/replicate/system/root"; + }; + snapshot = { + autoSnapshot = true; }; directories = { "/var/lib/nixos".enable = true; @@ -83,10 +83,13 @@ "/etc/machine-id".enable = true; }; }; - "persist/home" = { + "persist/replicate/home" = { mount = { enable = true; - mountPoint = "/persist/home"; + mountPoint = "/persist/replicate/home"; + }; + snapshot = { + autoSnapshot = true; }; }; }; diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 451e226..1942e8d 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -170,7 +170,7 @@ in { }; cache = lib.mkOption { type = lib.types.listOf deviceType; - default = {}; + default = []; }; }; @@ -264,7 +264,7 @@ in { members = builtins.map (device: hashDisk device.device) vdev; }) config.storage.zfs.pool.vdevs; - cache = builtins.map (device: hashDisk device.device) (builtins.attrValues config.storage.zfs.pool.cache); + cache = builtins.map (device: hashDisk device.device) config.storage.zfs.pool.cache; }; }; diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix index a58a49f..7532045 100644 --- a/modules/nixos-modules/sync/storage.nix +++ b/modules/nixos-modules/sync/storage.nix @@ -36,7 +36,7 @@ in { }) config.services.syncthing.settings.folders; - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories = { "${mountDir}" = { enable = true; diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix index 9533aef..a417aaf 100644 --- a/modules/nixos-modules/tailscale/storage.nix +++ b/modules/nixos-modules/tailscale/storage.nix @@ -22,7 +22,7 @@ in { # TODO: placeholder to configure a unique dataset for this service }) (lib.mkIf config.services.tailscale.impermanence.enable { - storage.impermanence.datasets."persist/system/root" = { + storage.impermanence.datasets."persist/replicate/system/root" = { directories."${tailscale_data_directory}" = { enable = true; owner.name = "root"; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index bf45ac9..241ab6c 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -405,7 +405,7 @@ in { # sops age key needs to be available to pre persist for user generation storage.zfs.datasets = lib.mkMerge [ { - "local/system/sops" = { + "persist/local/system/sops" = { type = "zfs_fs"; mount = { enable = true; @@ -417,7 +417,7 @@ in { } (lib.mkMerge ( builtins.map (user: { - "local/home/${user.name}" = { + "ephemeral/home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; @@ -432,7 +432,7 @@ in { # Post resume commands to rollback user home datasets to blank snapshots boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") normalUsers) ); @@ -440,7 +440,7 @@ in { systemd = { tmpfiles.rules = builtins.map ( - user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -" ) normalUsers; }; From eb379816adc758207c4decdead031a56508002ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Nov 2025 22:15:22 -0600 Subject: [PATCH 0978/1043] chore: added research note to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a50813e..d29ba58 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ - proton mail now has an smtp server we could use that for our zfs and SMART test emails +- VR https://lvra.gitlab.io/docs/distros/nixos/ # Tasks: From f8edad75bf526a819a698a6df813bcecc2c06b4f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Nov 2025 22:06:32 -0600 Subject: [PATCH 0979/1043] feat: updated user configs to better match original config --- modules/nixos-modules/storage/storage.nix | 14 +++ .../storage/submodules/dataset.nix | 6 +- modules/nixos-modules/users.nix | 104 ++++++++++-------- 3 files changed, 73 insertions(+), 51 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 2708f6b..be514d7 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -10,6 +10,16 @@ lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { storage.zfs.datasets = { + "persist" = { + type = "zfs_fs"; + }; + "persist/local" = { + type = "zfs_fs"; + }; + "persist/replicate" = { + type = "zfs_fs"; + }; + "persist/local/nix" = { type = "zfs_fs"; mount = { @@ -22,6 +32,7 @@ atime = "off"; relatime = "off"; }; + "persist/replicate/system/var/log" = { type = "zfs_fs"; mount = { @@ -54,6 +65,9 @@ ''; storage.zfs.datasets = { + "ephemeral" = { + type = "zfs_fs"; + }; "ephemeral/system/root" = { type = "zfs_fs"; mount = { diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 3de7719..5199f98 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -73,11 +73,7 @@ snapshot = { # This option should set this option flag # "com.sun:auto-snapshot" = "false"; - autoSnapshot = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable automatic snapshots for this dataset"; - }; + autoSnapshot = lib.mkEnableOption "Enable automatic snapshots for this dataset"; # Creates a blank snapshot in the post create hook for rollback purposes blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 241ab6c..ab123b9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -399,53 +399,65 @@ in { }; }; } - (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # sops age key needs to be available to pre persist for user generation - storage.zfs.datasets = lib.mkMerge [ - { - "persist/local/system/sops" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; - }; - atime = "off"; - relatime = "off"; - }; - } - (lib.mkMerge ( - builtins.map (user: { - "ephemeral/home/${user.name}" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; - snapshot.blankSnapshot = true; - }; - }) - normalUsers - )) - ]; - - # Post resume commands to rollback user home datasets to blank snapshots - boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") - normalUsers) - ); - - # Create persist home directories with proper permissions - systemd = { - tmpfiles.rules = - builtins.map ( - user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -" - ) - normalUsers; + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + storage.zfs.datasets."persist/local/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; }; - } - ])) + atime = "off"; + relatime = "off"; + }; + } + (lib.mkIf (!config.storage.impermanence.enable) { + storage.zfs.datasets = lib.mkMerge ( + builtins.map (user: { + "persist/replicate/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/home/${user.name}"; + }; + snapshot.autoSnapshot = true; + }; + }) + normalUsers + ); + }) + (lib.mkIf config.storage.impermanence.enable { + storage.zfs.datasets = lib.mkMerge ( + builtins.map (user: { + "ephemeral/home/${user.name}" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/home/${user.name}"; + }; + snapshot.blankSnapshot = true; + }; + }) + normalUsers + ); + + # Post resume commands to rollback user home datasets to blank snapshots + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") + normalUsers) + ); + + # TODO: I don't think we need this anymore but I have not tested it + # Create persist home directories with proper permissions + # systemd = { + # tmpfiles.rules = + # builtins.map ( + # user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -" + # ) + # normalUsers; + # }; + }) ])) ]; } From 69a60155885b267619346be662f9181b2c6a2f6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Nov 2025 22:36:31 -0600 Subject: [PATCH 0980/1043] feat: added friture package to eve --- configurations/home-manager/eve/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index fb8d8a4..f650a70 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ gnomeExtensions.dash-to-panel claude-code + friture ] ); From 757a3892e12f58ab078341c19e1d6172ef318e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Nov 2025 13:39:53 -0600 Subject: [PATCH 0981/1043] feat: updated interface for storage --- .../nixos-modules/server/jellyfin/storage.nix | 2 +- .../server/qbittorent/storage.nix | 2 +- modules/nixos-modules/storage/storage.nix | 287 ++++++++++++------ .../storage/submodules/dataset.nix | 1 - 4 files changed, 196 insertions(+), 96 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 2854cb8..79d0605 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -44,7 +44,7 @@ in { }; }; }; - "persist/system/jellyfin" = { + "persist/replicate/system/jellyfin" = { atime = "off"; relatime = "off"; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 0bb01e3..32244ca 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -33,7 +33,7 @@ in { group.name = "qbittorrent"; }; }; - "persist/system/qbittorrent" = { + "persist/replicate/system/qbittorrent" = { directories."${config.services.qbittorrent.mediaDir}" = { owner.name = "qbittorrent"; group.name = "qbittorrent"; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index be514d7..7d14dd7 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -1,49 +1,155 @@ -{ +args @ { lib, config, ... -}: { - # TODO: create all of the datasets from option and home-manager datasets - # TODO: set up datasets for systemd services that want a dataset created +}: let + datasetSubmodule = (import ./submodules/dataset.nix) args; + impermanenceDatasetSubmodule = (import ./submodules/impermanenceDataset.nix) args; + + # Get the option names from both submodules to automatically determine which are impermanence-specific + regularDatasetEval = lib.evalModules { + modules = [datasetSubmodule]; + specialArgs = args; + }; + impermanenceDatasetEval = lib.evalModules { + modules = [impermanenceDatasetSubmodule]; + specialArgs = args; + }; + + regularDatasetOptions = builtins.attrNames regularDatasetEval.options; + impermanenceDatasetOptions = builtins.attrNames impermanenceDatasetEval.options; + + # Find options that are only in impermanence datasets (not in regular ZFS datasets) + impermanenceOnlyOptions = lib.lists.subtractLists regularDatasetOptions impermanenceDatasetOptions; +in { + options.storage.datasets = { + ephemeral = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + default = {}; + }; + local = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; + replicate = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; + }; + config = lib.mkMerge [ - ( - lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - storage.zfs.datasets = { - "persist" = { - type = "zfs_fs"; + (lib.mkIf config.storage.zfs.enable { + # Create ZFS datasets based on storage.datasets configuration + }) + (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { + storage.datasets = { + ephemeral = { + "" = { + type = "zfs_fs"; + }; + "system/root" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/"; }; - "persist/local" = { - type = "zfs_fs"; - }; - "persist/replicate" = { - type = "zfs_fs"; - }; - - "persist/local/nix" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; - snapshot = { - autoSnapshot = false; - }; - atime = "off"; - relatime = "off"; - }; - - "persist/replicate/system/var/log" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; + snapshot = { + blankSnapshot = true; }; }; - } - (lib.mkIf (!config.storage.impermanence.enable) { - storage.zfs.rootDataset = { + }; + local = { + "nix" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/nix"; + }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; + }; + }; + replicate = { + "system/var/log" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/var/log"; + }; + }; + "system/root" = { + mount = { + enable = true; + mountPoint = "/persist/replicate/system/root"; + }; + snapshot = { + autoSnapshot = true; + }; + directories = { + "/var/lib/nixos".enable = true; + "/var/lib/systemd/coredump".enable = true; + }; + files = { + "/etc/machine-id".enable = true; + }; + }; + "home" = { + mount = { + enable = true; + mountPoint = "/persist/replicate/home"; + }; + snapshot = { + autoSnapshot = true; + }; + }; + }; + }; + + storage.zfs.datasets = lib.mkMerge [ + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "ephemeral" + else "ephemeral/${name}"; + value = dataset; + }) + config.storage.datasets.ephemeral) + ]; + + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/ephemeral/system/root@blank + ''; + + storage.impermanence.datasets = lib.mkMerge [ + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/local" + else "persist/local/${name}"; + value = dataset; + }) + config.storage.datasets.local) + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/replicate" + else "persist/replicate/${name}"; + value = dataset; + }) + config.storage.datasets.replicate) + ]; + }) + (lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable) { + storage.datasets = { + # Base organizational datasets (only needed when impermanence is disabled) + local = { + "" = { + type = "zfs_fs"; + }; + "root" = { type = "zfs_fs"; mount = { enable = true; @@ -58,63 +164,58 @@ blankSnapshot = true; }; }; - }) - (lib.mkIf config.storage.impermanence.enable { - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/ephemeral/system/root@blank - ''; - - storage.zfs.datasets = { - "ephemeral" = { - type = "zfs_fs"; + "nix" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/nix"; }; - "ephemeral/system/root" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - snapshot = { - blankSnapshot = true; - }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; + }; + }; + replicate = { + "" = { + type = "zfs_fs"; + }; + "system/var/log" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/var/log"; }; }; + }; + }; - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/system/root"; - }; - snapshot = { - autoSnapshot = true; - }; - directories = { - "/var/lib/nixos".enable = true; - "/var/lib/systemd/coredump".enable = true; - }; - files = { - "/etc/machine-id".enable = true; - }; - }; - "persist/replicate/home" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/home"; - }; - snapshot = { - autoSnapshot = true; - }; - }; - }; - - # TODO: home-manager.users..storage.impermanence.enable - # is false then persist the entire directory of the user - # if true persist home-manager.users..storage.impermanence.datasets - # TODO: systemd.services..storage.datasets persists - }) - ]) - ) - # TODO: configure other needed storage modes here + storage.zfs.datasets = lib.mkMerge [ + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/local" + else "persist/local/${name}"; + value = builtins.removeAttrs dataset impermanenceOnlyOptions; + }) + config.storage.datasets.local) + (lib.mapAttrs' (name: dataset: { + name = + if name == "" + then "persist/replicate" + else "persist/replicate/${name}"; + value = builtins.removeAttrs dataset impermanenceOnlyOptions; + }) + config.storage.datasets.replicate) + ]; + }) ]; + + # TODO: set up datasets for systemd services that want a dataset created + # TODO: home-manager.users..storage.impermanence.enable + # is false then persist the entire directory of the user + # if true persist home-manager.users..storage.impermanence.datasets + # TODO: systemd.services..storage.datasets persists + # TODO: configure other needed storage modes here } diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 5199f98..0b57886 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -72,7 +72,6 @@ snapshot = { # This option should set this option flag - # "com.sun:auto-snapshot" = "false"; autoSnapshot = lib.mkEnableOption "Enable automatic snapshots for this dataset"; # Creates a blank snapshot in the post create hook for rollback purposes blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook"; From c2701ea8f0605cb8744ab53bf206a756685bc396 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Nov 2025 16:37:10 -0600 Subject: [PATCH 0982/1043] feat: moved services over to using the new storage datasets --- modules/nixos-modules/ollama/storage.nix | 60 +++++------ .../nixos-modules/server/actual/storage.nix | 35 ++----- .../nixos-modules/server/bazarr/storage.nix | 31 ++---- .../server/crab-hole/storage.nix | 32 ++---- .../nixos-modules/server/fail2ban/storage.nix | 31 ++---- .../server/flaresolverr/storage.nix | 23 ++--- .../nixos-modules/server/forgejo/storage.nix | 31 ++---- .../server/home-assistant/storage.nix | 31 ++---- .../nixos-modules/server/immich/storage.nix | 31 ++---- .../nixos-modules/server/jackett/storage.nix | 31 ++---- .../nixos-modules/server/jellyfin/storage.nix | 99 ++++++++----------- .../nixos-modules/server/lidarr/storage.nix | 31 ++---- .../server/panoramax/storage.nix | 30 ++---- .../server/paperless/storage.nix | 31 ++---- .../nixos-modules/server/postgres/storage.nix | 31 ++---- .../server/qbittorent/storage.nix | 78 ++++++--------- .../nixos-modules/server/radarr/storage.nix | 31 ++---- .../server/reverseProxy/storage.nix | 23 ++--- .../nixos-modules/server/sonarr/storage.nix | 31 ++---- modules/nixos-modules/ssh.nix | 69 ++++++------- modules/nixos-modules/sync/storage.nix | 57 +++-------- modules/nixos-modules/tailscale/storage.nix | 30 ++---- modules/nixos-modules/users.nix | 10 +- 23 files changed, 281 insertions(+), 606 deletions(-) diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix index 65bbe26..6ab0fc8 100644 --- a/modules/nixos-modules/ollama/storage.nix +++ b/modules/nixos-modules/ollama/storage.nix @@ -10,40 +10,28 @@ }; }; - config = lib.mkIf config.services.ollama.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Ollama needs persistent storage for models and configuration - } - (lib.mkIf (!config.services.ollama.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.ollama.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/private/ollama" = { - enable = true; - owner.name = config.services.ollama.user; - group.name = config.services.ollama.group; - owner.permissions = { - read = true; - write = true; - execute = false; - }; - group.permissions = { - read = false; - write = false; - execute = false; - }; - other.permissions = { - read = false; - write = false; - execute = false; - }; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf (config.services.ollama.enable) { + storage.datasets.replicate."system/root" = { + directories."/var/lib/private/ollama" = lib.mkIf config.services.ollama.impermanence.enable { + enable = true; + owner.name = config.services.ollama.user; + group.name = config.services.ollama.group; + owner.permissions = { + read = true; + write = true; + execute = false; + }; + group.permissions = { + read = false; + write = false; + execute = false; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix index cec2eab..d6b904e 100644 --- a/modules/nixos-modules/server/actual/storage.nix +++ b/modules/nixos-modules/server/actual/storage.nix @@ -11,31 +11,12 @@ in { default = config.services.actual.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.actual.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.actual.settings.dataDir == dataDirectory; - message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; - } - { - assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; - message = "actual systemd service must have DynamicUser enabled to use private directory"; - } - ]; - } - (lib.mkIf (!config.services.actual.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.actual.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDirectory}" = { - owner.name = "actual"; - group.name = "actual"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.actual.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDirectory}" = lib.mkIf config.services.actual.impermanence.enable { + owner.name = "actual"; + group.name = "actual"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix index c8c7d1d..a243d4c 100644 --- a/modules/nixos-modules/server/bazarr/storage.nix +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.bazarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.bazarr.dataDir == bazarr_data_directory; - message = "bazarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.bazarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.bazarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${bazarr_data_directory}" = { - owner.name = "bazarr"; - group.name = "bazarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.bazarr.enable { + storage.datasets.replicate."system/root" = { + directories."${bazarr_data_directory}" = lib.mkIf config.services.bazarr.impermanence.enable { + owner.name = "bazarr"; + group.name = "bazarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix index caacdf8..827fb25 100644 --- a/modules/nixos-modules/server/crab-hole/storage.nix +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -10,28 +10,12 @@ in { default = config.services.crab-hole.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = - config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); - message = "crab-hole working directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.crab-hole.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.crab-hole.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${workingDirectory}" = { - owner.name = "crab-hole"; - group.name = "crab-hole"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.crab-hole.enable { + storage.datasets.replicate."system/root" = { + directories."${workingDirectory}" = lib.mkIf config.services.crab-hole.impermanence.enable { + owner.name = "crab-hole"; + group.name = "crab-hole"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix index 02ad3f0..1ef02c7 100644 --- a/modules/nixos-modules/server/fail2ban/storage.nix +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -11,27 +11,12 @@ in { default = config.services.fail2ban.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.fail2ban.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.fail2ban.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataFolder}" = { - owner.name = "fail2ban"; - group.name = "fail2ban"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.fail2ban.enable { + storage.datasets.replicate."system/root" = { + directories."${dataFolder}" = lib.mkIf config.services.fail2ban.impermanence.enable { + owner.name = "fail2ban"; + group.name = "fail2ban"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix index da52480..919318c 100644 --- a/modules/nixos-modules/server/flaresolverr/storage.nix +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -8,19 +8,12 @@ default = config.services.flaresolverr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - (lib.mkIf (!config.services.flaresolverr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.flaresolverr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/flaresolverr" = { - owner.name = "flaresolverr"; - group.name = "flaresolverr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.flaresolverr.enable { + storage.datasets.replicate."system/root" = { + directories."/var/lib/flaresolverr" = lib.mkIf config.services.flaresolverr.impermanence.enable { + owner.name = "flaresolverr"; + group.name = "flaresolverr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix index d7b54b9..da30ed9 100644 --- a/modules/nixos-modules/server/forgejo/storage.nix +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.forgejo.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.forgejo.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.forgejo.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${stateDir}" = { - owner.name = "forgejo"; - group.name = "forgejo"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.forgejo.enable { + storage.datasets.replicate."system/root" = { + directories."${stateDir}" = lib.mkIf config.services.forgejo.impermanence.enable { + owner.name = "forgejo"; + group.name = "forgejo"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix index 00831c4..60e5085 100644 --- a/modules/nixos-modules/server/home-assistant/storage.nix +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.home-assistant.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.home-assistant.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.home-assistant.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${configDir}" = { - owner.name = "hass"; - group.name = "hass"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.home-assistant.enable { + storage.datasets.replicate."system/root" = { + directories."${configDir}" = lib.mkIf config.services.home-assistant.impermanence.enable { + owner.name = "hass"; + group.name = "hass"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix index cd9f935..de24329 100644 --- a/modules/nixos-modules/server/immich/storage.nix +++ b/modules/nixos-modules/server/immich/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.immich.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.immich.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.immich.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${mediaLocation}" = { - owner.name = "immich"; - group.name = "immich"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.immich.enable { + storage.datasets.replicate."system/root" = { + directories."${mediaLocation}" = lib.mkIf config.services.immich.impermanence.enable { + owner.name = "immich"; + group.name = "immich"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix index eaa0bc9..5f202e6 100644 --- a/modules/nixos-modules/server/jackett/storage.nix +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.jackett.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.jackett.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.jackett.dataDir == jackett_data_directory; - message = "jackett data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.jackett.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.jackett.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${jackett_data_directory}" = { - owner.name = "jackett"; - group.name = "jackett"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.jackett.enable { + storage.datasets.replicate."system/root" = { + directories."${jackett_data_directory}" = lib.mkIf config.services.jackett.impermanence.enable { + owner.name = "jackett"; + group.name = "jackett"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 79d0605..98f7a8c 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -11,66 +11,47 @@ in { default = config.services.jellyfin.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.jellyfin.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.jellyfin.impermanence.enable { - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - directories = { - "${jellyfin_data_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin"; - }; - "${jellyfin_cache_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin"; - }; - }; + config = lib.mkIf config.services.jellyfin.enable { + storage.datasets.replicate = { + "system/root" = { + directories = { + "${jellyfin_data_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; }; - "persist/replicate/system/jellyfin" = { - atime = "off"; - relatime = "off"; - - directories."${config.services.jellyfin.media_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin_media"; - owner.permissions = { - read = true; - write = true; - execute = true; - }; - group.permissions = { - read = true; - write = true; - execute = true; - }; - other.permissions = { - read = false; - write = false; - execute = false; - }; - }; + "${jellyfin_cache_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; }; }; - }) - ])) - ]); + }; + "system/jellyfin" = { + atime = "off"; + relatime = "off"; + + directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin_media"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix index 57c568c..c4c020e 100644 --- a/modules/nixos-modules/server/lidarr/storage.nix +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.lidarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.lidarr.dataDir == lidarr_data_directory; - message = "lidarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.lidarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.lidarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${lidarr_data_directory}" = { - owner.name = "lidarr"; - group.name = "lidarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.lidarr.enable { + storage.datasets.replicate."system/root" = { + directories."${lidarr_data_directory}" = lib.mkIf config.services.lidarr.impermanence.enable { + owner.name = "lidarr"; + group.name = "lidarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix index 164c9bb..b36e087 100644 --- a/modules/nixos-modules/server/panoramax/storage.nix +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -8,26 +8,12 @@ default = config.services.panoramax.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # TODO: configure impermanence for panoramax data - # This would typically include directories like: - # - /var/lib/panoramax - # - panoramax storage directories - # - any cache or temporary directories that need to persist - } - (lib.mkIf (!config.services.panoramax.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.panoramax.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/panoramax" = { - owner.name = "panoramax"; - group.name = "panoramax"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.panoramax.enable { + storage.datasets.replicate."system/root" = { + directories."/var/lib/panoramax" = lib.mkIf config.services.panoramax.impermanence.enable { + owner.name = "panoramax"; + group.name = "panoramax"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix index 381e45b..6e17bc2 100644 --- a/modules/nixos-modules/server/paperless/storage.nix +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.paperless.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.paperless.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.paperless.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "paperless"; - group.name = "paperless"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.paperless.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.paperless.impermanence.enable { + owner.name = "paperless"; + group.name = "paperless"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix index 068c93f..58a84a6 100644 --- a/modules/nixos-modules/server/postgres/storage.nix +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.postgresql.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.postgresql.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.postgresql.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "postgres"; - group.name = "postgres"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.postgresql.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.postgresql.impermanence.enable { + owner.name = "postgres"; + group.name = "postgres"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 32244ca..8dabab8 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -10,53 +10,35 @@ in { default = config.services.qbittorrent.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.qbittorrent.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - ( - lib.mkIf config.services.qbittorrent.impermanence.enable - { - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - directories."${qbittorent_profile_directory}" = { - owner.name = "qbittorrent"; - group.name = "qbittorrent"; - }; - }; - "persist/replicate/system/qbittorrent" = { - directories."${config.services.qbittorrent.mediaDir}" = { - owner.name = "qbittorrent"; - group.name = "qbittorrent"; - owner.permissions = { - read = true; - write = true; - execute = true; - }; - group.permissions = { - read = true; - write = true; - execute = true; - }; - other.permissions = { - read = true; - write = false; - execute = true; - }; - }; - }; + config = lib.mkIf config.services.qbittorrent.enable { + storage.datasets.replicate = { + "system/root" = { + directories."${qbittorent_profile_directory}" = lib.mkIf config.services.qbittorrent.impermanence.enable { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + }; + }; + "system/qbittorrent" = { + directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + owner.permissions = { + read = true; + write = true; + execute = true; }; - } - ) - ])) - ]); + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = true; + write = false; + execute = true; + }; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix index a9b4901..8f991c0 100644 --- a/modules/nixos-modules/server/radarr/storage.nix +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.radarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.radarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.radarr.dataDir == radarr_data_directory; - message = "radarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.radarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.radarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${radarr_data_directory}" = { - owner.name = "radarr"; - group.name = "radarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.radarr.enable { + storage.datasets.replicate."system/root" = { + directories."${radarr_data_directory}" = lib.mkIf config.services.radarr.impermanence.enable { + owner.name = "radarr"; + group.name = "radarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix index 29a3120..62b5451 100644 --- a/modules/nixos-modules/server/reverseProxy/storage.nix +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -10,19 +10,12 @@ in { default = config.services.reverseProxy.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - (lib.mkIf (!config.services.reverseProxy.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.reverseProxy.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "acme"; - group.name = "acme"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.reverseProxy.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.reverseProxy.impermanence.enable { + owner.name = "acme"; + group.name = "acme"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix index aebd0a9..8587751 100644 --- a/modules/nixos-modules/server/sonarr/storage.nix +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.sonarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.sonarr.dataDir == sonarr_data_directory; - message = "sonarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.sonarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.sonarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${sonarr_data_directory}" = { - owner.name = "sonarr"; - group.name = "sonarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.sonarr.enable { + storage.datasets.replicate."system/root" = { + directories."${sonarr_data_directory}" = lib.mkIf config.services.sonarr.impermanence.enable { + owner.name = "sonarr"; + group.name = "sonarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index dd70918..6fe8e5c 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -10,46 +10,35 @@ }; }; - config = lib.mkMerge [ - { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; + config = { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; }; }; - } - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # SSH host keys need to be persisted to maintain server identity - } - (lib.mkIf (!config.services.openssh.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.openssh.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - files = builtins.listToAttrs ( - lib.lists.flatten ( - builtins.map (hostKey: [ - { - name = hostKey.path; - value = {enable = true;}; - } - { - name = "${hostKey.path}.pub"; - value = {enable = true;}; - } - ]) - config.services.openssh.hostKeys - ) - ); - }; - }) - ])) - ]; + }; + + storage.datasets.replicate."system/root" = { + files = lib.mkIf config.services.openssh.impermanence.enable (builtins.listToAttrs ( + lib.lists.flatten ( + builtins.map (hostKey: [ + { + name = hostKey.path; + value = {enable = true;}; + } + { + name = "${hostKey.path}.pub"; + value = {enable = true;}; + } + ]) + config.services.openssh.hostKeys + ) + )); + }; + }; } diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix index 7532045..61bf855 100644 --- a/modules/nixos-modules/sync/storage.nix +++ b/modules/nixos-modules/sync/storage.nix @@ -13,45 +13,20 @@ in { }; }; - config = lib.mkIf config.services.syncthing.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Syncthing needs persistent storage for configuration and data - } - (lib.mkIf (!config.services.syncthing.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.syncthing.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - - storage.impermanence.datasets."persist/replicate/system/root" = { - directories = { - "${mountDir}" = { - enable = true; - owner.name = "syncthing"; - group.name = "syncthing"; - }; - "${configDir}" = { - enable = true; - owner.name = "syncthing"; - group.name = "syncthing"; - }; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf config.services.syncthing.enable { + storage.datasets.replicate."system/root" = { + directories = { + "${mountDir}" = lib.mkIf config.services.syncthing.impermanence.enable { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + "${configDir}" = lib.mkIf config.services.syncthing.impermanence.enable { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix index a417aaf..7ac7e9a 100644 --- a/modules/nixos-modules/tailscale/storage.nix +++ b/modules/nixos-modules/tailscale/storage.nix @@ -12,25 +12,13 @@ in { }; }; - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Tailscale needs persistent storage for keys and configuration - } - (lib.mkIf (!config.services.tailscale.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.tailscale.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${tailscale_data_directory}" = { - enable = true; - owner.name = "root"; - group.name = "root"; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf config.services.tailscale.enable { + storage.datasets.replicate."system/root" = { + directories."${tailscale_data_directory}" = lib.mkIf config.services.tailscale.impermanence.enable { + enable = true; + owner.name = "root"; + group.name = "root"; + }; + }; + }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index ab123b9..4018db5 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -402,7 +402,7 @@ in { (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { # sops age key needs to be available to pre persist for user generation - storage.zfs.datasets."persist/local/system/sops" = { + storage.datasets.local."system/sops" = { type = "zfs_fs"; mount = { enable = true; @@ -413,9 +413,9 @@ in { }; } (lib.mkIf (!config.storage.impermanence.enable) { - storage.zfs.datasets = lib.mkMerge ( + storage.datasets.replicate = lib.mkMerge ( builtins.map (user: { - "persist/replicate/home/${user.name}" = { + "home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; @@ -428,9 +428,9 @@ in { ); }) (lib.mkIf config.storage.impermanence.enable { - storage.zfs.datasets = lib.mkMerge ( + storage.datasets.ephemeral = lib.mkMerge ( builtins.map (user: { - "ephemeral/home/${user.name}" = { + "home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; From dfcacdc6fbcb028395b834972d36f4ca461c9fa7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Nov 2025 00:04:03 -0600 Subject: [PATCH 0983/1043] feat: moved some datasets to common zfs storage config --- modules/nixos-modules/storage/storage.nix | 58 ++++++++++++----------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 7d14dd7..1b85010 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -40,6 +40,37 @@ in { config = lib.mkMerge [ (lib.mkIf config.storage.zfs.enable { # Create ZFS datasets based on storage.datasets configuration + storage.datasets = { + local = { + "" = { + type = "zfs_fs"; + }; + "nix" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/nix"; + }; + snapshot = { + autoSnapshot = false; + }; + atime = "off"; + relatime = "off"; + }; + }; + replicate = { + "" = { + type = "zfs_fs"; + }; + "system/var/log" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = "/var/log"; + }; + }; + }; + }; }) (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { storage.datasets = { @@ -58,28 +89,7 @@ in { }; }; }; - local = { - "nix" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; - snapshot = { - autoSnapshot = false; - }; - atime = "off"; - relatime = "off"; - }; - }; replicate = { - "system/var/log" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; - }; "system/root" = { mount = { enable = true; @@ -146,9 +156,6 @@ in { storage.datasets = { # Base organizational datasets (only needed when impermanence is disabled) local = { - "" = { - type = "zfs_fs"; - }; "root" = { type = "zfs_fs"; mount = { @@ -178,9 +185,6 @@ in { }; }; replicate = { - "" = { - type = "zfs_fs"; - }; "system/var/log" = { type = "zfs_fs"; mount = { From e196541f2a0544569709b046877e946add3a3ccd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Nov 2025 00:12:29 -0600 Subject: [PATCH 0984/1043] feat: filter out impermanence datasets that dont do anything --- modules/nixos-modules/storage/impermanence.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index db0deb0..8f6d6d8 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -109,7 +109,14 @@ in { }; }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) - config.storage.impermanence.datasets; + (lib.filterAttrs ( + datasetName: dataset: let + enabledDirectories = lib.filterAttrs (_: dirConfig: dirConfig.enable) dataset.directories; + enabledFiles = lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files; + in + (enabledDirectories != {}) || (enabledFiles != {}) + ) + config.storage.impermanence.datasets); } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = From ecdd407abe8b5b3e2559977589fb935f112b1e37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Nov 2025 17:56:31 -0600 Subject: [PATCH 0985/1043] feat: switched jellyfin media and qbittorent media to being the same dataset --- modules/nixos-modules/server/jellyfin/storage.nix | 2 +- modules/nixos-modules/server/qbittorent/storage.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 98f7a8c..f6887b2 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -27,7 +27,7 @@ in { }; }; }; - "system/jellyfin" = { + "system/media" = { atime = "off"; relatime = "off"; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 8dabab8..edb9fb1 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -18,7 +18,7 @@ in { group.name = "qbittorrent"; }; }; - "system/qbittorrent" = { + "system/media" = { directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { owner.name = "qbittorrent"; group.name = "qbittorrent"; From c501b1688ea9c7ac955cbf24cf109a620b2f0ecf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Nov 2025 18:15:13 -0600 Subject: [PATCH 0986/1043] build: updated flake.lock --- flake.lock | 56 +++++++++---------- .../home-manager-modules/programs/discord.nix | 10 ---- util/default.nix | 2 +- 3 files changed, 29 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 3c1f2ad..e9d259b 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1762276996, - "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1762488230, - "narHash": "sha256-b7FFUa+bQ8m5din6ylspTTeQvhTf7NNDwC3fPOwCkx4=", + "lastModified": 1763697825, + "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "05e744e2e2d174b2fd445e51ad38fb8356001a18", + "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1762463325, - "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=", + "lastModified": 1763748372, + "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", "owner": "nix-community", "repo": "home-manager", - "rev": "0562fef070a1027325dd4ea10813d64d2c967b39", + "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1761960361, - "narHash": "sha256-FvuAw56NIVJpS3Kr8Wv9PpU4eehZMcdIVkxjStuYmqc=", + "lastModified": 1763435414, + "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", "ref": "refs/heads/main", - "rev": "c47f62187601ea2991b79a9bacdbfdf76cd29fbe", - "revCount": 167, + "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", + "revCount": 169, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1762501326, - "narHash": "sha256-QbhsksHaIN6qU3oXhwUFbYycKX1GRxObpQSWAM5fhRY=", + "lastModified": 1763505477, + "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e2b82ebd0f990a5d1b68fcc761b3d6383c86ccfd", + "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1762480525, - "narHash": "sha256-7akzuLV8uKP3ym67TJoSIT5hTeC5FG8H745Y/7/7J+8=", + "lastModified": 1763690163, + "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b8b0b207dc13cb7b004f9d0c1d2b76a85e9494c8", + "rev": "590349d9faeb398a037205c2927ffbaede980539", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762463231, - "narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762363567, - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index d5d7192..71b09b2 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -1,19 +1,9 @@ { lib, - pkgs, config, ... }: { - options.programs.discord = { - enable = lib.mkEnableOption "enable discord"; - }; - config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - discord - ]; - } ( lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/util/default.nix b/util/default.nix index 97bfa49..66e300b 100644 --- a/util/default.nix +++ b/util/default.nix @@ -79,7 +79,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 29221143670076a629dc26c8a541d5b1a3c629d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Nov 2025 11:51:53 -0600 Subject: [PATCH 0987/1043] fix: fixed file system resolution --- modules/nixos-modules/storage/storage.nix | 72 +++++++------------ .../storage/submodules/dataset.nix | 14 ++-- .../submodules/impermanenceDataset.nix | 5 +- modules/nixos-modules/storage/zfs.nix | 4 +- modules/nixos-modules/users.nix | 15 +--- 5 files changed, 36 insertions(+), 74 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 1b85010..6cff4f1 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -42,15 +42,9 @@ in { # Create ZFS datasets based on storage.datasets configuration storage.datasets = { local = { - "" = { - type = "zfs_fs"; - }; "nix" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; + mount = "/nix"; snapshot = { autoSnapshot = false; }; @@ -59,15 +53,9 @@ in { }; }; replicate = { - "" = { - type = "zfs_fs"; - }; "system/var/log" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; + mount = "/var/log"; }; }; }; @@ -77,24 +65,29 @@ in { ephemeral = { "" = { type = "zfs_fs"; + mount = null; }; "system/root" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; + mount = "/"; snapshot = { blankSnapshot = true; }; }; }; + # TODO: can we auto set the mount points on these to just be `"/persist/local/${name}"` + local = { + "" = { + mount = "/persist/local/"; + }; + }; + # TODO: can we auto set the mount points on these to just be `"/persist/replicate/${name}"` replicate = { + "" = { + mount = "/persist/replicate/"; + }; "system/root" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/system/root"; - }; + mount = "/persist/replicate/system/root"; snapshot = { autoSnapshot = true; }; @@ -107,10 +100,7 @@ in { }; }; "home" = { - mount = { - enable = true; - mountPoint = "/persist/replicate/home"; - }; + mount = "/persist/replicate/home"; snapshot = { autoSnapshot = true; }; @@ -156,12 +146,13 @@ in { storage.datasets = { # Base organizational datasets (only needed when impermanence is disabled) local = { + "" = { + type = "zfs_fs"; + mount = ""; + }; "root" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; + mount = "/"; compression = "lz4"; acltype = "posixacl"; relatime = "on"; @@ -171,26 +162,15 @@ in { blankSnapshot = true; }; }; - "nix" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/nix"; - }; - snapshot = { - autoSnapshot = false; - }; - atime = "off"; - relatime = "off"; - }; }; replicate = { + "" = { + type = "zfs_fs"; + mount = null; + }; "system/var/log" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/var/log"; - }; + mount = "/var/log"; }; }; }; diff --git a/modules/nixos-modules/storage/submodules/dataset.nix b/modules/nixos-modules/storage/submodules/dataset.nix index 0b57886..2a45552 100644 --- a/modules/nixos-modules/storage/submodules/dataset.nix +++ b/modules/nixos-modules/storage/submodules/dataset.nix @@ -42,16 +42,10 @@ description = "Synchronous write behavior"; }; - mount = { - enable = lib.mkOption { - type = lib.types.either lib.types.bool (lib.types.enum ["on" "off" "noauto"]); - default = true; - description = "Whether and how the dataset should be mounted"; - }; - mountPoint = lib.mkOption { - type = lib.types.str; - description = "Controls the mount point used for this file system"; - }; + mount = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "Controls the mount point used for this file system"; + default = null; }; encryption = { diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 0104b88..4090b48 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -47,9 +47,6 @@ in { }; config = { - mount = { - mountPoint = lib.mkDefault "/${name}"; - enable = lib.mkDefault true; - }; + mount = lib.mkDefault "/${name}"; }; } diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 1942e8d..1d3c1fb 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -83,7 +83,7 @@ args @ { lib.attrsets.nameValuePair name { type = dataset.type; options = datasetToZfsOptions dataset; - mountpoint = dataset.mount.mountPoint or null; + mountpoint = dataset.mount or null; postCreateHook = generatePostCreateHook name dataset; } ) @@ -92,7 +92,7 @@ args @ { lib.attrsets.nameValuePair "" { type = config.storage.zfs.rootDataset.type; options = datasetToZfsOptions config.storage.zfs.rootDataset; - mountpoint = config.storage.zfs.rootDataset.mount.mountPoint or null; + mountpoint = config.storage.zfs.rootDataset.mount or null; postCreateHook = generatePostCreateHook "" config.storage.zfs.rootDataset; } )) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 4018db5..f952861 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -404,10 +404,7 @@ in { # sops age key needs to be available to pre persist for user generation storage.datasets.local."system/sops" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; - }; + mount = SOPS_AGE_KEY_DIRECTORY; atime = "off"; relatime = "off"; }; @@ -417,10 +414,7 @@ in { builtins.map (user: { "home/${user.name}" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; + mount = "/home/${user.name}"; snapshot.autoSnapshot = true; }; }) @@ -432,10 +426,7 @@ in { builtins.map (user: { "home/${user.name}" = { type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; + mount = "/home/${user.name}"; snapshot.blankSnapshot = true; }; }) From a4f3b3141d59a1c73b56512317b644ae5a5df4d6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Nov 2025 15:35:26 -0600 Subject: [PATCH 0988/1043] fix: fixed trailing mount path issue --- modules/nixos-modules/storage/impermanence.nix | 10 ++++++++-- modules/nixos-modules/storage/storage.nix | 6 ++++-- .../storage/submodules/impermanenceDataset.nix | 4 ++++ modules/nixos-modules/users.nix | 1 + 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 8f6d6d8..9af5681 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -87,7 +87,10 @@ in { neededForBoot = true; } ) - config.storage.impermanence.datasets; + (lib.filterAttrs ( + datasetName: dataset: dataset.impermanence.enable + ) + config.storage.impermanence.datasets); environment.persistence = lib.mapAttrs (datasetName: dataset: { @@ -116,7 +119,10 @@ in { in (enabledDirectories != {}) || (enabledFiles != {}) ) - config.storage.impermanence.datasets); + (lib.filterAttrs ( + datasetName: dataset: dataset.impermanence.enable + ) + config.storage.impermanence.datasets)); } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 6cff4f1..c059733 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -43,6 +43,7 @@ in { storage.datasets = { local = { "nix" = { + impermanence.enable = false; type = "zfs_fs"; mount = "/nix"; snapshot = { @@ -54,6 +55,7 @@ in { }; replicate = { "system/var/log" = { + impermanence.enable = false; type = "zfs_fs"; mount = "/var/log"; }; @@ -78,13 +80,13 @@ in { # TODO: can we auto set the mount points on these to just be `"/persist/local/${name}"` local = { "" = { - mount = "/persist/local/"; + mount = "/persist/local"; }; }; # TODO: can we auto set the mount points on these to just be `"/persist/replicate/${name}"` replicate = { "" = { - mount = "/persist/replicate/"; + mount = "/persist/replicate"; }; "system/root" = { mount = "/persist/replicate/system/root"; diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 4090b48..e4d3584 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -44,6 +44,10 @@ in { type = lib.types.attrsOf (lib.types.submodule pathTypeSubmodule); default = {}; }; + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index f952861..195d8b6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -407,6 +407,7 @@ in { mount = SOPS_AGE_KEY_DIRECTORY; atime = "off"; relatime = "off"; + impermanence.enable = false; }; } (lib.mkIf (!config.storage.impermanence.enable) { From 3d1750060de1669ce93a1d546ad537848b628ddc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Nov 2025 15:44:59 -0600 Subject: [PATCH 0989/1043] fix: fixed nix flake check --- modules/nixos-modules/server/jellyfin/storage.nix | 3 +-- modules/nixos-modules/server/qbittorent/storage.nix | 2 ++ modules/nixos-modules/storage/storage.nix | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index f6887b2..5cff3e8 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -28,8 +28,7 @@ in { }; }; "system/media" = { - atime = "off"; - relatime = "off"; + mount = "/persist/replicate/system/media"; directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { enable = true; diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index edb9fb1..da82bcc 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -19,6 +19,8 @@ in { }; }; "system/media" = { + mount = "/persist/replicate/system/media"; + directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { owner.name = "qbittorrent"; group.name = "qbittorrent"; diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index c059733..2247559 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -150,7 +150,7 @@ in { local = { "" = { type = "zfs_fs"; - mount = ""; + mount = null; }; "root" = { type = "zfs_fs"; From f660b601e2d7c039509595533e5721736498e19c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Nov 2025 21:42:02 -0600 Subject: [PATCH 0990/1043] feat: installed noita entangled worlds on horizon --- .../nixos/horizon/configuration.nix | 1 + flake.lock | 75 +++++++++++++++++++ flake.nix | 6 ++ modules/common-modules/overlays/default.nix | 4 + modules/common-modules/pkgs/default.nix | 3 - .../pkgs/noita-entangled-worlds.nix | 46 ------------ 6 files changed, 86 insertions(+), 49 deletions(-) delete mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0e86fe7..0245253 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -88,6 +88,7 @@ environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl + noita_entangled_worlds ]; services.cachefilesd.enable = true; diff --git a/flake.lock b/flake.lock index e9d259b..a3c552f 100644 --- a/flake.lock +++ b/flake.lock @@ -329,6 +329,43 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "noita-entangled-worlds": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1764204484, + "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", + "owner": "IntQuant", + "repo": "noita_entangled_worlds", + "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", + "type": "github" + }, + "original": { + "owner": "IntQuant", + "ref": "master", + "repo": "noita_entangled_worlds", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -343,10 +380,32 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "noita-entangled-worlds", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759199574, + "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "secrets": { "flake": false, "locked": { @@ -412,6 +471,22 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "flake": false, + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6f85fa3..e935688 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,12 @@ url = "github:utensils/mcp-nixos"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Noita Entangled Worlds package + # Not following our nixpkgs so it can use its own rust-overlay configuration + noita-entangled-worlds = { + url = "github:IntQuant/noita_entangled_worlds/master"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 2c0f712..f658e8a 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,9 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.nix-vscode-extensions.overlays.default + # Add noita_entangled_worlds from upstream flake to pkgs + (final: prev: { + noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.system}.noita-proxy; + }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 612dd08..2afc9f2 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -20,9 +20,6 @@ ./prostudiomasters.nix {}; }) - (final: prev: { - noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; - }) (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix deleted file mode 100644 index 322ce41..0000000 --- a/modules/common-modules/pkgs/noita-entangled-worlds.nix +++ /dev/null @@ -1,46 +0,0 @@ -# not working yet -{ - pkgs, - rustPlatform, - fetchFromGitHub, - ... -}: let - version = "1.5.3"; - repo = fetchFromGitHub { - owner = "IntQuant"; - repo = "noita_entangled_worlds"; - rev = "v${version}"; - hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; - }; -in - rustPlatform.buildRustPackage { - name = "noita-proxy-${version}"; - src = repo + "/noita-proxy"; - prePatch = '' - substituteInPlace Cargo.toml \ - --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" - ''; - nativeBuildInputs = with pkgs; [ - pkg-config - python3 - cmake - ]; - buildInputs = with pkgs; [ - openssl - openssl.dev - libpulseaudio - libjack2 - alsa-lib - xorg.libxcb - xorg.libxcb.dev - libopus - ]; - propagatedBuildInputs = with pkgs; [ - steamworks-sdk-redist - ]; - runtimeDependencies = with pkgs; [ - steamworks-sdk-redist - ]; - doCheck = false; - cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; - } From 1d5bb9e945b5bf6e49bc54db57d41e903903ade2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Nov 2025 21:52:17 -0600 Subject: [PATCH 0991/1043] feat: installed noita proxy for eve and leyla users --- configurations/home-manager/eve/packages.nix | 1 + .../home-manager/leyla/packages/default.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 - .../home-manager-modules/programs/default.nix | 1 + .../programs/noita-entangled-worlds.nix | 18 ++++++++++++++++++ 5 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/noita-entangled-worlds.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f650a70..6b3c2e2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -73,6 +73,7 @@ in { tor-browser.enable = true; olympus.enable = true; libreoffice.enable = true; + noita-entangled-worlds.enable = true; claude-code.enable = osConfig.host.ai.enable; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index d065739..bc41350 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -68,6 +68,7 @@ in { qflipper.enable = true; openvpn.enable = true; noisetorch.enable = true; + noita-entangled-worlds.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; }) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0245253..0e86fe7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -88,7 +88,6 @@ environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl - noita_entangled_worlds ]; services.cachefilesd.enable = true; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index c164c44..e70cfc8 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -31,6 +31,7 @@ ./freecad.nix ./onionshare.nix ./mfoc.nix + ./noita-entangled-worlds.nix ./pdfarranger.nix ./picard.nix ./qflipper.nix diff --git a/modules/home-manager-modules/programs/noita-entangled-worlds.nix b/modules/home-manager-modules/programs/noita-entangled-worlds.nix new file mode 100644 index 0000000..3f3af64 --- /dev/null +++ b/modules/home-manager-modules/programs/noita-entangled-worlds.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + config, + ... +}: { + options = { + programs.noita-entangled-worlds = { + enable = lib.mkEnableOption "Noita Entangled Worlds multiplayer mod"; + }; + }; + + config = lib.mkIf config.programs.noita-entangled-worlds.enable { + home.packages = with pkgs; [ + noita_entangled_worlds + ]; + }; +} From 5776640b5d431d9520b8c42d7442ef4b798e4e91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 14:26:33 -0600 Subject: [PATCH 0992/1043] feat: only allow post quantum crypto --- modules/nixos-modules/ssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 6f5fac1..0a82116 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -16,6 +16,8 @@ }; }; }; + + programs.ssh.kexAlgorithms = config.services.openssh.settings.KexAlgorithms; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { From b9251029d57b808af7af130d166a6dd2b282b69a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 14:33:11 -0600 Subject: [PATCH 0993/1043] feat: fixed deprecation warning --- modules/common-modules/overlays/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index f658e8a..3def9e9 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -4,7 +4,7 @@ inputs.nix-vscode-extensions.overlays.default # Add noita_entangled_worlds from upstream flake to pkgs (final: prev: { - noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.system}.noita-proxy; + noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.stdenv.hostPlatform.system}.noita-proxy; }) ]; } From 3a58722815367ca4844a5b4bbac5ad8d5b63b550 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 14:54:24 -0600 Subject: [PATCH 0994/1043] feat: installed wacom kernal driver --- configurations/nixos/emergent/configuration.nix | 2 +- configurations/nixos/emergent/hardware-configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 6121069..fd27374 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -40,7 +40,7 @@ services.xserver.wacom.enable = true; # installed opentabletdriver - hardware.opentabletdriver.enable = true; + # hardware.opentabletdriver.enable = true; hardware.keyboard.qmk.enable = true; # Enable the GNOME Desktop Environment. diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix index 4e13149..67149df 100644 --- a/configurations/nixos/emergent/hardware-configuration.nix +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -12,7 +12,7 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; From 0a8b3e1496a489240caf344719726d0ea0afb40d Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 14:57:56 -0600 Subject: [PATCH 0995/1043] merge: merged leyla/main --- .gitignore | 3 +- .hooks/post-commit | 10 +- .hooks/post-merge | 26 +- .hooks/pre-commit | 24 +- .hooks/pre-merge-commit | 4 +- README.md | 39 +- configurations/home-manager/eve/packages.nix | 10 +- configurations/home-manager/git/default.nix | 2 + configurations/home-manager/leyla/default.nix | 2 + .../home-manager/leyla/packages/default.nix | 5 +- .../home-manager/leyla/packages/firefox.nix | 344 --- .../leyla/packages/firefox/bookmarks.nix | 155 ++ .../leyla/packages/firefox/default.nix | 18 + .../leyla/packages/firefox/firefox.nix | 191 ++ .../leyla/packages/firefox/harden.nix | 50 + .../home-manager/leyla/packages/git.nix | 8 +- .../leyla/packages/vscode/default.nix | 3 + .../nixos/defiant/configuration.nix | 51 +- flake.lock | 151 +- flake.nix | 16 +- modules/common-modules/overlays/default.nix | 4 + modules/common-modules/pkgs/default.nix | 17 +- .../pkgs/firefox-extensions/default.nix | 17 + .../deutsch-de-language-pack.nix | 18 + .../dizionario-italiano.nix | 18 + .../italiano-it-language-pack.nix | 18 + .../pkgs/mapillary-uploader.nix | 2 +- .../pkgs/noita-entangled-worlds.nix | 46 - .../common-modules/pkgs/polycule/default.nix | 149 - .../pkgs/polycule/polycule-pubspec.lock.json | 2459 ----------------- modules/home-manager-modules/impermanence.nix | 16 +- .../programs/bitwarden.nix | 2 +- .../home-manager-modules/programs/default.nix | 2 +- .../home-manager-modules/programs/discord.nix | 10 - .../programs/noita-entangled-worlds.nix | 18 + .../programs/polycule.nix | 31 - .../programs/vscode/conventionalCommits.nix | 6 + .../programs/vscode/default.nix | 1 + .../programs/vscode/rustAnalyzer.nix | 27 + modules/nixos-modules/impermanence.nix | 34 + .../nixos-modules/server/actual/actual.nix | 24 + modules/nixos-modules/server/actual/const.nix | 2 +- .../nixos-modules/server/actual/default.nix | 20 +- .../server/actual/impermanence.nix | 17 +- modules/nixos-modules/server/actual/proxy.nix | 27 +- .../nixos-modules/server/bazarr/default.nix | 1 - .../server/bazarr/impermanence.nix | 9 +- modules/nixos-modules/server/bazarr/proxy.nix | 28 - .../server/crab-hole/crab-hole.nix | 65 +- .../server/crab-hole/impermanence.nix | 9 +- modules/nixos-modules/server/default.nix | 9 +- modules/nixos-modules/server/fail2ban.nix | 74 - .../nixos-modules/server/fail2ban/default.nix | 6 + .../server/fail2ban/fail2ban.nix | 51 + .../server/fail2ban/impermanence.nix | 34 + .../server/flaresolverr/default.nix | 1 - .../server/flaresolverr/impermanence.nix | 9 +- .../server/flaresolverr/proxy.nix | 28 - .../nixos-modules/server/forgejo/database.nix | 59 +- .../nixos-modules/server/forgejo/default.nix | 46 +- .../nixos-modules/server/forgejo/fail2ban.nix | 11 +- .../nixos-modules/server/forgejo/forgejo.nix | 46 + .../server/forgejo/impermanence.nix | 9 +- .../nixos-modules/server/forgejo/proxy.nix | 29 +- .../server/home-assistant/database.nix | 91 +- .../server/home-assistant/default.nix | 104 +- .../server/home-assistant/fail2ban.nix | 66 +- .../server/home-assistant/home-assistant.nix | 104 + .../server/home-assistant/proxy.nix | 42 +- .../nixos-modules/server/immich/database.nix | 44 +- .../nixos-modules/server/immich/fail2ban.nix | 11 +- .../server/immich/impermanence.nix | 9 +- modules/nixos-modules/server/immich/proxy.nix | 45 +- .../nixos-modules/server/jackett/default.nix | 1 - .../server/jackett/impermanence.nix | 9 +- .../nixos-modules/server/jackett/proxy.nix | 28 - .../nixos-modules/server/jellyfin/default.nix | 32 +- .../server/jellyfin/impermanence.nix | 9 +- .../server/jellyfin/jellyfin.nix | 32 + .../nixos-modules/server/jellyfin/proxy.nix | 39 +- .../nixos-modules/server/lidarr/default.nix | 1 - .../server/lidarr/impermanence.nix | 9 +- modules/nixos-modules/server/lidarr/proxy.nix | 28 - .../server/network_storage/default.nix | 86 +- .../network_storage/network_storage.nix | 86 + .../server/panoramax/database.nix | 64 +- .../server/panoramax/impermanence.nix | 9 +- .../nixos-modules/server/panoramax/proxy.nix | 42 +- .../server/paperless/database.nix | 50 +- .../server/paperless/default.nix | 28 +- .../server/paperless/impermanence.nix | 9 +- .../server/paperless/paperless.nix | 27 + .../nixos-modules/server/paperless/proxy.nix | 32 +- modules/nixos-modules/server/podman.nix | 73 - modules/nixos-modules/server/postgres.nix | 121 - .../nixos-modules/server/postgres/default.nix | 6 + .../server/postgres/impermanence.nix | 27 + .../server/postgres/postgres.nix | 122 + modules/nixos-modules/server/qbittorent.nix | 65 - .../server/qbittorent/default.nix | 6 + .../server/qbittorent/impermanence.nix | 61 + .../server/qbittorent/qbittorent.nix | 18 + .../nixos-modules/server/radarr/default.nix | 1 - .../server/radarr/impermanence.nix | 9 +- modules/nixos-modules/server/radarr/proxy.nix | 28 - .../server/reverseProxy/default.nix | 6 + .../server/reverseProxy/impermanence.nix | 21 + .../server/reverseProxy/reverseProxy.nix | 176 ++ .../nixos-modules/server/reverse_proxy.nix | 128 - .../nixos-modules/server/searx/default.nix | 59 +- modules/nixos-modules/server/searx/proxy.nix | 27 +- modules/nixos-modules/server/searx/searx.nix | 59 + .../nixos-modules/server/sonarr/default.nix | 1 - .../server/sonarr/impermanence.nix | 9 +- modules/nixos-modules/server/sonarr/proxy.nix | 28 - modules/nixos-modules/server/wyoming.nix | 6 +- modules/nixos-modules/ssh.nix | 2 + modules/nixos-modules/sync.nix | 4 +- rebuild.sh | 68 +- util/default.nix | 26 +- 120 files changed, 2396 insertions(+), 4519 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/bookmarks.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/default.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/harden.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/default.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix create mode 100644 modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix delete mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix delete mode 100644 modules/common-modules/pkgs/polycule/default.nix delete mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json create mode 100644 modules/home-manager-modules/programs/noita-entangled-worlds.nix delete mode 100644 modules/home-manager-modules/programs/polycule.nix create mode 100644 modules/home-manager-modules/programs/vscode/rustAnalyzer.nix create mode 100644 modules/nixos-modules/server/actual/actual.nix delete mode 100644 modules/nixos-modules/server/bazarr/proxy.nix delete mode 100644 modules/nixos-modules/server/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/default.nix create mode 100644 modules/nixos-modules/server/fail2ban/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix create mode 100644 modules/nixos-modules/server/forgejo/forgejo.nix create mode 100644 modules/nixos-modules/server/home-assistant/home-assistant.nix delete mode 100644 modules/nixos-modules/server/jackett/proxy.nix create mode 100644 modules/nixos-modules/server/jellyfin/jellyfin.nix delete mode 100644 modules/nixos-modules/server/lidarr/proxy.nix create mode 100644 modules/nixos-modules/server/network_storage/network_storage.nix create mode 100644 modules/nixos-modules/server/paperless/paperless.nix delete mode 100644 modules/nixos-modules/server/podman.nix delete mode 100644 modules/nixos-modules/server/postgres.nix create mode 100644 modules/nixos-modules/server/postgres/default.nix create mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/postgres.nix delete mode 100644 modules/nixos-modules/server/qbittorent.nix create mode 100644 modules/nixos-modules/server/qbittorent/default.nix create mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/qbittorent.nix delete mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/reverseProxy/default.nix create mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/reverseProxy.nix delete mode 100644 modules/nixos-modules/server/reverse_proxy.nix create mode 100644 modules/nixos-modules/server/searx/searx.nix delete mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/.gitignore b/.gitignore index ce2538f..2810727 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ result .direnv .vscode/* -!.vscode/settings.json \ No newline at end of file +!.vscode/settings.json +nixos.qcow2 diff --git a/.hooks/post-commit b/.hooks/post-commit index 56c439d..03a160d 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -3,4 +3,12 @@ echo "restoring stashed changes" -git stash pop -q +# Find the most recent pre-commit stash and restore it +recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + +if [ -n "$recent_stash" ]; then + echo "Found recent pre-commit stash: $recent_stash" + git stash pop -q "$recent_stash" +else + echo "No pre-commit stash found to restore" +fi diff --git a/.hooks/post-merge b/.hooks/post-merge index 11fb20c..06fabc3 100755 --- a/.hooks/post-merge +++ b/.hooks/post-merge @@ -4,14 +4,28 @@ # Get current branch name current_branch=$(git branch --show-current) -# Only restore stash if we're on main branch and a merge just completed +# Only perform actions if we're on main branch and a merge just completed if [ "$current_branch" = "main" ]; then - # Check if there are any stashes to restore - if git stash list | grep -q "stash@"; then - echo "Post-merge: restoring stashed changes on main branch" - git stash pop -q + echo "Post-merge on main branch - running nix flake check" + + # Run nix flake check after merge into main + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Warning: nix flake check failed after merge into main" + echo "Please fix the issues as soon as possible" else - echo "Post-merge: no stash to restore on main branch" + echo "nix flake check passed after merge" + fi + + # Check if there are any pre-commit stashes to restore + recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + + if [ -n "$recent_stash" ]; then + echo "Post-merge: restoring pre-commit stash on main branch" + git stash pop -q "$recent_stash" + else + echo "Post-merge: no pre-commit stash to restore on main branch" fi else echo "Post-merge: no action needed on branch '$current_branch'" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index f98c64f..74cbc64 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,14 +1,24 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash ../shell.nix -echo "stashing all uncommitted changes" -git stash -q --keep-index +# Get current branch name +current_branch=$(git branch --show-current) -echo "checking flakes all compile" -nix flake check +echo "stashing all uncommitted changes with named stash (excluding hooks)" +git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' -if [ ! $? -eq 0 ]; then - exit 1 +# Only run nix flake check if we're on main branch +if [ "$current_branch" = "main" ]; then + echo "On main branch - checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed on main branch" + exit 1 + fi + echo "nix flake check passed" +else + echo "Not on main branch - skipping nix flake check" fi echo "running linter" @@ -19,4 +29,4 @@ RESULT=$? echo "adding lint changes to commit" git add -u -exit $RESULT \ No newline at end of file +exit $RESULT diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit index 9edaf92..9b7b41d 100755 --- a/.hooks/pre-merge-commit +++ b/.hooks/pre-merge-commit @@ -17,8 +17,8 @@ fi if [ "$target_branch" = "main" ]; then echo "Merging into main branch - running nix flake check..." - echo "stashing all uncommitted changes" - git stash -q --keep-index + echo "stashing all uncommitted changes with named stash (excluding hooks)" + git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/' echo "checking flakes all compile" nix flake check diff --git a/README.md b/README.md index f8c7ecf..d29ba58 100644 --- a/README.md +++ b/README.md @@ -43,17 +43,34 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- proton mail now has an smtp server we could use that for our zfs and SMART test emails +- VR https://lvra.gitlab.io/docs/distros/nixos/ # Tasks: +## Documentation +- [ ] project layout +- [ ] users file structure +- [ ] reverse proxy design + - public service compatibility + - vpn based services compatibility +- [ ] the choice of impermanence +- [ ] storage module design + - base impermanence compatibility and structure reason + - what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?)) + - plans to possibly support btrfs in the future + - plans for home manager datasets + - plans for auto systemd service datasets +- [ ] plans to migrate to some kind of acl structure for user management +- [ ] plans to migrate from flakes to npins + ## Chores: - [ ] test out crab hole service -- [ ] learn how to use actual ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins -- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier +- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices ## Broken things - [ ] figure out steam vr things? @@ -66,18 +83,27 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] every service needs to have its own data pool +- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access - [ ] nfs export should be backed by the same values for server and client - [ ] samba mounts - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards -- [ ] make radarr, sonarr, and bazarr accessible over vpn -- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy +- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's ## Services +- [ ] ntfy service for unified push +- [ ] signal socket server - [ ] vikunja service for project management +- [ ] Penpot services (need to make this custom) +- [ ] minecraft server with old world file +- [ ] storj server - [ ] Create Tor guard/relay server +- [ ] screeps server - [ ] mastodon instance ## DevOps @@ -98,4 +124,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] postgres db load - [ ] nginx queries - [ ] ntfy.sh for push notifications -- [ ] kuma for uptime visualization \ No newline at end of file +- [ ] kuma for uptime visualization + +## Packages +- [ ] Custom private fork of MultiMC \ No newline at end of file diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 73195c4..6b3c2e2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ gnomeExtensions.dash-to-panel claude-code + friture ] ); @@ -32,9 +33,11 @@ in { (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { git = { enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Eve"; + user.email = "evesnrobins@gmail.com"; + init.defaultBranch = "main"; + }; }; openssh = { @@ -70,6 +73,7 @@ in { tor-browser.enable = true; olympus.enable = true; libreoffice.enable = true; + noita-entangled-worlds.enable = true; claude-code.enable = osConfig.host.ai.enable; diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix index 2276e7a..1ea29cc 100644 --- a/configurations/home-manager/git/default.nix +++ b/configurations/home-manager/git/default.nix @@ -1,4 +1,6 @@ {osConfig, ...}: { + impermanence.fallbackPersistence.enable = false; + home = { username = osConfig.users.users.git.name; homeDirectory = osConfig.users.users.git.home; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index eba7f7b..8a37754 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,6 +12,8 @@ ]; config = { + impermanence.enable = osConfig.host.impermanence.enable; + # Home Manager needs a bit of information about you and the paths it should # manage. home = { diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5bccad3..bc41350 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -9,7 +9,7 @@ in { imports = [ ./vscode - ./firefox.nix + ./firefox ./direnv.nix ./openssh.nix ./git.nix @@ -68,10 +68,9 @@ in { qflipper.enable = true; openvpn.enable = true; noisetorch.enable = true; + noita-entangled-worlds.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is now working with Flutter 3.29 - polycule.enable = true; }) ]; } diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix deleted file mode 100644 index d166eb4..0000000 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ /dev/null @@ -1,344 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - config = { - programs.firefox = { - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; - - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; - }; - }; - }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes - - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes - - privacy-badger - decentraleyes - clearurls - localcdn - - snowflake - - deutsch-de-language-pack - dictionary-german - - tab-session-manager - - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; - - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" - "addon_simplelogin-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; - }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix new file mode 100644 index 0000000..4210d1e --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -0,0 +1,155 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + bookmarks = { + force = true; + settings = [ + # Personal Services + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Search"; + url = "https://search.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Budget"; + url = "https://budget.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Documents"; + url = "https://documents.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + + # Defiant Server Services + { + name = "QBittorrent"; + url = "http://defiant:8084"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Sonarr"; + url = "http://defiant:8989"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Radarr"; + url = "http://defiant:7878"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Bazarr"; + url = "http://defiant:6767"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Lidarr"; + url = "http://defiant:8686"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Jackett"; + url = "http://defiant:9117"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Crab-hole DNS"; + url = "http://defiant:8085"; + keyword = ""; + tags = ["defiant"]; + } + + # External Services + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + { + name = "Cyberia Matrix"; + url = "https://chat.cyberia.club"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/default.nix b/configurations/home-manager/leyla/packages/firefox/default.nix new file mode 100644 index 0000000..4246c68 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/default.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./firefox.nix + ./bookmarks.nix + ./harden.nix + ]; + + config = { + programs.firefox = { + enable = true; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix new file mode 100644 index 0000000..ef6d202 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -0,0 +1,191 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + programs.firefox = { + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; + + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; + + extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes + + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes + + privacy-badger + decentraleyes + clearurls + localcdn + + snowflake + + pkgs.firefox-extensions.deutsch-de-language-pack + dictionary-german + + tab-session-manager + + pkgs.firefox-extensions.italiano-it-language-pack + pkgs.firefox-extensions.dizionario-italiano + ]; + + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/harden.nix b/configurations/home-manager/leyla/packages/firefox/harden.nix new file mode 100644 index 0000000..66310c2 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/harden.nix @@ -0,0 +1,50 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + settings = { + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Privacy & Data Protection + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + + # Disable telemetry and data collection + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 568cd7a..499e37b 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -2,9 +2,11 @@ config = { programs = { git = { - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Leyla Becker"; + user.email = "git@jan-leila.com"; + init.defaultBranch = "main"; + }; }; }; }; diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index fd72006..36168b2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -69,6 +69,9 @@ in { # go development go.enable = true; + # rust development + rustAnalyzer.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c2b8fc5..e2f9401 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,18 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - reverse_proxy = { - enable = true; - enableACME = true; - hostname = "jan-leila.com"; - }; - postgres = { - extraUsers = { - leyla = { - isAdmin = true; - }; - }; - }; }; systemd.network = { @@ -225,6 +213,12 @@ }; services = { + # PostgreSQL database server + postgresql = { + enable = true; + adminUsers = ["leyla"]; + }; + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; @@ -237,6 +231,16 @@ gnome.enable = true; }; + # Enable new reverse proxy system + reverseProxy = { + enable = true; + openFirewall = true; + acme = { + enable = true; + email = "jan-leila@protonmail.com"; + }; + }; + ollama = { enable = true; exposePort = true; @@ -294,35 +298,35 @@ jellyfin = { enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; + domain = "media.jan-leila.com"; + extraDomains = ["jellyfin.jan-leila.com"]; }; immich = { enable = true; - subdomain = "photos"; + domain = "photos.jan-leila.com"; }; forgejo = { enable = true; - subdomain = "git"; + reverseProxy.domain = "git.jan-leila.com"; }; searx = { enable = true; - subdomain = "search"; + domain = "search.jan-leila.com"; }; actual = { - enable = false; - subdomain = "budget"; + enable = true; + domain = "budget.jan-leila.com"; }; home-assistant = { enable = true; - subdomain = "home"; + domain = "home.jan-leila.com"; openFirewall = true; - database = "postgres"; + postgres.enable = true; extensions = { sonos.enable = true; @@ -333,7 +337,7 @@ paperless = { enable = true; - subdomain = "documents"; + domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; }; @@ -348,12 +352,13 @@ openFirewall = true; show_doc = true; downstreams = { - loopback = { + host = { enable = true; openFirewall = true; }; }; upstreams.cloudFlare.enable = true; + blocklists.ad_malware.enable = true; }; qbittorrent = { diff --git a/flake.lock b/flake.lock index bb7e3a6..a3c552f 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1760701190, - "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", + "lastModified": 1763651264, + "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", "owner": "nix-community", "repo": "disko", - "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", + "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1760673822, - "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", + "lastModified": 1763697825, + "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", + "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1760662441, - "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", + "lastModified": 1763748372, + "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", "owner": "nix-community", "repo": "home-manager", - "rev": "722792af097dff5790f1a66d271a47759f477755", + "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", "type": "github" }, "original": { @@ -164,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1755787066, - "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", - "rev": "ac9721a92e8138d29707824dbedb484c76948493", + "lastModified": 1761937274, + "narHash": "sha256-KlELhsSq3XbemrGyQhmGurFu7m8wOEBw+8M04L7hn7A=", + "rev": "91867941fa73afea7869b7c71ede82e5ef8927da", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/91867941fa73afea7869b7c71ede82e5ef8927da.tar.gz?rev=91867941fa73afea7869b7c71ede82e5ef8927da" }, "original": { "type": "tarball", @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1759851320, - "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", + "lastModified": 1763435414, + "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", "ref": "refs/heads/main", - "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", - "revCount": 163, + "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", + "revCount": 169, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1759342933, - "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", + "lastModified": 1760821194, + "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", + "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1760721282, - "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", + "lastModified": 1763505477, + "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", + "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1760720017, - "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", + "lastModified": 1763690163, + "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", + "rev": "590349d9faeb398a037205c2927ffbaede980539", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760106635, - "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -329,6 +329,43 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "noita-entangled-worlds": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1764204484, + "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", + "owner": "IntQuant", + "repo": "noita_entangled_worlds", + "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", + "type": "github" + }, + "original": { + "owner": "IntQuant", + "ref": "master", + "repo": "noita_entangled_worlds", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -343,10 +380,32 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", + "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "noita-entangled-worlds", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759199574, + "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "secrets": { "flake": false, "locked": { @@ -370,11 +429,11 @@ ] }, "locked": { - "lastModified": 1760393368, - "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { @@ -412,6 +471,22 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "flake": false, + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ddf92ce..e935688 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,12 @@ url = "github:utensils/mcp-nixos"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # Noita Entangled Worlds package + # Not following our nixpkgs so it can use its own rust-overlay configuration + noita-entangled-worlds = { + url = "github:IntQuant/noita_entangled_worlds/master"; + }; }; outputs = { @@ -91,15 +97,9 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; - syncthingConfiguration = util.syncthingConfiguration; - - installerSystems = { - basic = mkNixosInstaller "basic" []; - }; nixosSystems = { horizon = mkNixosSystem "horizon"; @@ -170,14 +170,10 @@ }; }); - installerConfigurations = installerSystems; - nixosConfigurations = nixosSystems; darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; - - syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 2c0f712..3def9e9 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,9 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.nix-vscode-extensions.overlays.default + # Add noita_entangled_worlds from upstream flake to pkgs + (final: prev: { + noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.stdenv.hostPlatform.system}.noita-proxy; + }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index a2f61b1..2afc9f2 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ./python ]; @@ -16,15 +20,17 @@ ./prostudiomasters.nix {}; }) - (final: prev: { - noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; - }) (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + firefox-extensions = pkgs.callPackage ./firefox-extensions { + inherit inputs; + }; + }) (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) @@ -38,8 +44,5 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) - (final: prev: { - polycule = pkgs.callPackage ./polycule {}; - }) ]; } diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix new file mode 100644 index 0000000..922dfc7 --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/default.nix @@ -0,0 +1,17 @@ +{ + pkgs, + inputs, + ... +}: let + inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; +in { + italiano-it-language-pack = pkgs.callPackage ./italiano-it-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; + dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { + inherit buildFirefoxXpiAddon; + }; + deutsch-de-language-pack = pkgs.callPackage ./deutsch-de-language-pack.nix { + inherit buildFirefoxXpiAddon; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix new file mode 100644 index 0000000..b769bfd --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "deutsch-de-language-pack"; + version = "145.0.20251106.194447"; + addonId = "langpack-de@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614311/deutsch_de_language_pack-${version}.xpi"; + sha256 = "aaaa95c29984fb3802a5e7edb6b7e5020c391d81f389b8a8133c163959ea4299"; + meta = with lib; { + description = "Firefox Language Pack for Deutsch (de) – German"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix new file mode 100644 index 0000000..4bfca14 --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "dizionario-italiano"; + version = "5.1"; + addonId = "it-IT@dictionaries.addons.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/3693497/dizionario_italiano-${version}.xpi"; + sha256 = "90b173ffdde34a77108152a5ff51879767b1dd84e0aa0dfb7b2bab94cd2e7f53"; + meta = with lib; { + description = "Add support for Italian to spellchecking"; + license = licenses.gpl3; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix new file mode 100644 index 0000000..35f4243 --- /dev/null +++ b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix @@ -0,0 +1,18 @@ +{ + lib, + buildFirefoxXpiAddon, + ... +}: +buildFirefoxXpiAddon rec { + pname = "italiano-it-language-pack"; + version = "145.0.20251106.194447"; + addonId = "langpack-it@firefox.mozilla.org"; + url = "https://addons.mozilla.org/firefox/downloads/file/4614309/italiano_it_language_pack-${version}.xpi"; + sha256 = "1eb271cedbf326543e222ba1b9a1da62fceef9d3c523ac02a098df296f155038"; + meta = with lib; { + description = "Firefox Language Pack for Italiano (it) – Italian"; + license = licenses.mpl20; + mozPermissions = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 9ae2ea7..acff772 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; + sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI="; }; appimageContents = appimageTools.extractType2 { diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix deleted file mode 100644 index 322ce41..0000000 --- a/modules/common-modules/pkgs/noita-entangled-worlds.nix +++ /dev/null @@ -1,46 +0,0 @@ -# not working yet -{ - pkgs, - rustPlatform, - fetchFromGitHub, - ... -}: let - version = "1.5.3"; - repo = fetchFromGitHub { - owner = "IntQuant"; - repo = "noita_entangled_worlds"; - rev = "v${version}"; - hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; - }; -in - rustPlatform.buildRustPackage { - name = "noita-proxy-${version}"; - src = repo + "/noita-proxy"; - prePatch = '' - substituteInPlace Cargo.toml \ - --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" - ''; - nativeBuildInputs = with pkgs; [ - pkg-config - python3 - cmake - ]; - buildInputs = with pkgs; [ - openssl - openssl.dev - libpulseaudio - libjack2 - alsa-lib - xorg.libxcb - xorg.libxcb.dev - libopus - ]; - propagatedBuildInputs = with pkgs; [ - steamworks-sdk-redist - ]; - runtimeDependencies = with pkgs; [ - steamworks-sdk-redist - ]; - doCheck = false; - cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; - } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix deleted file mode 100644 index b463cc5..0000000 --- a/modules/common-modules/pkgs/polycule/default.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - lib, - flutter332, - fetchFromGitLab, - pkg-config, - wrapGAppsHook, - gtk3, - glib, - glib-networking, - webkitgtk_4_1, - libsecret, - libnotify, - dbus, - sqlcipher, - openssl, - mpv, - alsa-lib, - libass, - ffmpeg-full, - libplacebo, - libunwind, - shaderc, - vulkan-headers, - vulkan-loader, - lcms2, - libdovi, - libdvdnav, - libdvdread, - mujs, - libbluray, - lua, - rubberband, - libuchardet, - zimg, - openal, - pipewire, - libpulseaudio, - libcaca, - libdrm, - libdisplay-info, - libgbm, - xorg, - nv-codec-headers-11, - libva, - libvdpau, -}: -flutter332.buildFlutterApplication rec { - pname = "polycule"; - version = "0.3.4"; - - src = fetchFromGitLab { - owner = "polycule_client"; - repo = "polycule"; - rev = "v${version}"; - hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; - }; - - pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; - - gitHashes = { - matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; - media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; - media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; - }; - - nativeBuildInputs = [ - pkg-config - wrapGAppsHook - ]; - - buildInputs = [ - gtk3 - glib - glib-networking - webkitgtk_4_1 - libsecret - libnotify - dbus - sqlcipher - openssl - mpv - alsa-lib - libass - ffmpeg-full - libplacebo - libunwind - shaderc - vulkan-headers - vulkan-loader - lcms2 - libdovi - libdvdnav - libdvdread - mujs - libbluray - lua - rubberband - libuchardet - zimg - openal - pipewire - libpulseaudio - libcaca - libdrm - libdisplay-info - libgbm - xorg.libXScrnSaver - xorg.libXpresent - nv-codec-headers-11 - libva - libvdpau - ]; - - flutterBuildFlags = [ - "--release" - "--target" - "lib/main.dart" - "--dart-define=POLYCULE_VERSION=v${version}" - "--dart-define=POLYCULE_IS_STABLE=true" - "--no-tree-shake-icons" - ]; - - postInstall = '' - # Install desktop files and icons from the source - install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop - install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png - - # Update desktop file to use correct executable name - substituteInPlace $out/share/applications/polycule.desktop \ - --replace 'Exec=business.braid.polycule' 'Exec=polycule' - - # Create a symlink with the expected name - ln -sf $out/bin/polycule $out/bin/business.braid.polycule - ''; - - meta = with lib; { - description = "A geeky and efficient [matrix] client for power users"; - longDescription = '' - Polycule is a modern Matrix client built with Flutter, designed for power users - who want a fast, efficient, and feature-rich Matrix experience. - ''; - homepage = "https://polycule.im/"; - license = licenses.eupl12; - maintainers = []; - platforms = ["x86_64-linux" "aarch64-linux"]; - sourceProvenance = with sourceTypes; [fromSource]; - mainProgram = "polycule"; - }; -} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json deleted file mode 100644 index e119fa2..0000000 --- a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json +++ /dev/null @@ -1,2459 +0,0 @@ -{ - "packages": { - "_fe_analyzer_shared": { - "dependency": "transitive", - "description": { - "name": "_fe_analyzer_shared", - "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "85.0.0" - }, - "analyzer": { - "dependency": "transitive", - "description": { - "name": "analyzer", - "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.7.1" - }, - "animations": { - "dependency": "direct main", - "description": { - "name": "animations", - "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.11" - }, - "app_links": { - "dependency": "direct main", - "description": { - "name": "app_links", - "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.4.0" - }, - "app_links_linux": { - "dependency": "transitive", - "description": { - "name": "app_links_linux", - "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "app_links_platform_interface": { - "dependency": "transitive", - "description": { - "name": "app_links_platform_interface", - "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "app_links_web": { - "dependency": "transitive", - "description": { - "name": "app_links_web", - "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.4" - }, - "archive": { - "dependency": "transitive", - "description": { - "name": "archive", - "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.7" - }, - "args": { - "dependency": "transitive", - "description": { - "name": "args", - "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.7.0" - }, - "async": { - "dependency": "direct main", - "description": { - "name": "async", - "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.13.0" - }, - "audio_session": { - "dependency": "transitive", - "description": { - "name": "audio_session", - "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "barcode": { - "dependency": "transitive", - "description": { - "name": "barcode", - "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.9" - }, - "barcode_widget": { - "dependency": "direct main", - "description": { - "name": "barcode_widget", - "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "base58check": { - "dependency": "transitive", - "description": { - "name": "base58check", - "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "blurhash_dart": { - "dependency": "direct main", - "description": { - "name": "blurhash_dart", - "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "boolean_selector": { - "dependency": "transitive", - "description": { - "name": "boolean_selector", - "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "build_cli_annotations": { - "dependency": "transitive", - "description": { - "name": "build_cli_annotations", - "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "camera": { - "dependency": "transitive", - "description": { - "name": "camera", - "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.2" - }, - "camera_android_camerax": { - "dependency": "transitive", - "description": { - "name": "camera_android_camerax", - "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.19+1" - }, - "camera_avfoundation": { - "dependency": "transitive", - "description": { - "name": "camera_avfoundation", - "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.21+1" - }, - "camera_platform_interface": { - "dependency": "transitive", - "description": { - "name": "camera_platform_interface", - "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "camera_web": { - "dependency": "transitive", - "description": { - "name": "camera_web", - "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.5" - }, - "canonical_json": { - "dependency": "transitive", - "description": { - "name": "canonical_json", - "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "characters": { - "dependency": "transitive", - "description": { - "name": "characters", - "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "checked_yaml": { - "dependency": "transitive", - "description": { - "name": "checked_yaml", - "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.4" - }, - "cli_config": { - "dependency": "transitive", - "description": { - "name": "cli_config", - "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "cli_util": { - "dependency": "transitive", - "description": { - "name": "cli_util", - "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.2" - }, - "clock": { - "dependency": "transitive", - "description": { - "name": "clock", - "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "collection": { - "dependency": "direct main", - "description": { - "name": "collection", - "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.19.1" - }, - "convert": { - "dependency": "transitive", - "description": { - "name": "convert", - "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.2" - }, - "coverage": { - "dependency": "transitive", - "description": { - "name": "coverage", - "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.15.0" - }, - "cross_file": { - "dependency": "direct main", - "description": { - "name": "cross_file", - "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.4+2" - }, - "crypto": { - "dependency": "transitive", - "description": { - "name": "crypto", - "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "csslib": { - "dependency": "direct main", - "description": { - "name": "csslib", - "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "cupertino_http": { - "dependency": "direct main", - "description": { - "name": "cupertino_http", - "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "cupertino_icons": { - "dependency": "direct main", - "description": { - "name": "cupertino_icons", - "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.8" - }, - "dart_animated_emoji": { - "dependency": "direct main", - "description": { - "name": "dart_animated_emoji", - "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.2" - }, - "dbus": { - "dependency": "direct main", - "description": { - "name": "dbus", - "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.11" - }, - "diacritic": { - "dependency": "direct main", - "description": { - "name": "diacritic", - "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.6" - }, - "diffutil_dart": { - "dependency": "direct main", - "description": { - "name": "diffutil_dart", - "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.1" - }, - "dynamic_color": { - "dependency": "direct main", - "description": { - "name": "dynamic_color", - "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "emoji_extension": { - "dependency": "direct main", - "description": { - "name": "emoji_extension", - "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.0" - }, - "enhanced_enum": { - "dependency": "transitive", - "description": { - "name": "enhanced_enum", - "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.4" - }, - "equatable": { - "dependency": "transitive", - "description": { - "name": "equatable", - "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.7" - }, - "fake_async": { - "dependency": "transitive", - "description": { - "name": "fake_async", - "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.3" - }, - "fetch_api": { - "dependency": "transitive", - "description": { - "name": "fetch_api", - "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "fetch_client": { - "dependency": "direct main", - "description": { - "name": "fetch_client", - "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "ffi": { - "dependency": "transitive", - "description": { - "name": "ffi", - "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "file": { - "dependency": "transitive", - "description": { - "name": "file", - "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.1" - }, - "file_selector": { - "dependency": "direct main", - "description": { - "name": "file_selector", - "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.3" - }, - "file_selector_android": { - "dependency": "transitive", - "description": { - "name": "file_selector_android", - "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1+15" - }, - "file_selector_ios": { - "dependency": "transitive", - "description": { - "name": "file_selector_ios", - "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.3+1" - }, - "file_selector_linux": { - "dependency": "transitive", - "description": { - "name": "file_selector_linux", - "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+2" - }, - "file_selector_macos": { - "dependency": "transitive", - "description": { - "name": "file_selector_macos", - "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+3" - }, - "file_selector_platform_interface": { - "dependency": "transitive", - "description": { - "name": "file_selector_platform_interface", - "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.6.2" - }, - "file_selector_web": { - "dependency": "transitive", - "description": { - "name": "file_selector_web", - "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.4+2" - }, - "file_selector_windows": { - "dependency": "transitive", - "description": { - "name": "file_selector_windows", - "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.3+4" - }, - "fixnum": { - "dependency": "transitive", - "description": { - "name": "fixnum", - "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "flutter": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_adaptive_scaffold": { - "dependency": "direct main", - "description": { - "name": "flutter_adaptive_scaffold", - "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.3+1" - }, - "flutter_confetti": { - "dependency": "direct main", - "description": { - "name": "flutter_confetti", - "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.1" - }, - "flutter_driver": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_highlighting": { - "dependency": "direct main", - "description": { - "name": "flutter_highlighting", - "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "flutter_html": { - "dependency": "direct main", - "description": { - "name": "flutter_html", - "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_html_svg", - "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_html_table": { - "dependency": "direct main", - "description": { - "name": "flutter_html_table", - "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "flutter_keyboard_visibility": { - "dependency": "direct main", - "description": { - "name": "flutter_keyboard_visibility", - "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_keyboard_visibility_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_linux", - "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_macos": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_macos", - "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_keyboard_visibility_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_platform_interface", - "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_web": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_web", - "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_keyboard_visibility_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_keyboard_visibility_windows", - "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.0" - }, - "flutter_launcher_icons": { - "dependency": "direct dev", - "description": { - "name": "flutter_launcher_icons", - "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.14.4" - }, - "flutter_layout_grid": { - "dependency": "transitive", - "description": { - "name": "flutter_layout_grid", - "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.8" - }, - "flutter_lints": { - "dependency": "direct dev", - "description": { - "name": "flutter_lints", - "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications": { - "dependency": "direct main", - "description": { - "name": "flutter_local_notifications", - "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "19.4.0" - }, - "flutter_local_notifications_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_linux", - "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "flutter_local_notifications_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_platform_interface", - "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.1.0" - }, - "flutter_local_notifications_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_local_notifications_windows", - "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "flutter_localizations": { - "dependency": "direct main", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_openssl_crypto": { - "dependency": "direct main", - "description": { - "name": "flutter_openssl_crypto", - "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.5.0" - }, - "flutter_plugin_android_lifecycle": { - "dependency": "transitive", - "description": { - "name": "flutter_plugin_android_lifecycle", - "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.29" - }, - "flutter_rust_bridge": { - "dependency": "transitive", - "description": { - "name": "flutter_rust_bridge", - "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.0" - }, - "flutter_secure_storage": { - "dependency": "direct main", - "description": { - "name": "flutter_secure_storage", - "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.0-beta.4" - }, - "flutter_secure_storage_darwin": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_darwin", - "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "flutter_secure_storage_linux": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_linux", - "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_platform_interface": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_platform_interface", - "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "flutter_secure_storage_web": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_web", - "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "flutter_secure_storage_windows": { - "dependency": "transitive", - "description": { - "name": "flutter_secure_storage_windows", - "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "flutter_svg": { - "dependency": "direct main", - "description": { - "name": "flutter_svg", - "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "flutter_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_typeahead": { - "dependency": "direct main", - "description": { - "name": "flutter_typeahead", - "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.2.0" - }, - "flutter_vodozemac": { - "dependency": "direct main", - "description": { - "name": "flutter_vodozemac", - "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.2" - }, - "flutter_web_plugins": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "flutter_zxing": { - "dependency": "direct main", - "description": { - "name": "flutter_zxing", - "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "frontend_server_client": { - "dependency": "transitive", - "description": { - "name": "frontend_server_client", - "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.0.0" - }, - "fuchsia_remote_debug_protocol": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "glob": { - "dependency": "transitive", - "description": { - "name": "glob", - "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.3" - }, - "go_router": { - "dependency": "direct main", - "description": { - "name": "go_router", - "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "16.1.0" - }, - "gtk": { - "dependency": "transitive", - "description": { - "name": "gtk", - "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "highlighting": { - "dependency": "direct main", - "description": { - "name": "highlighting", - "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.9.0+11.8.0" - }, - "html": { - "dependency": "direct main", - "description": { - "name": "html", - "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.15.6" - }, - "html_unescape": { - "dependency": "transitive", - "description": { - "name": "html_unescape", - "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "http": { - "dependency": "direct main", - "description": { - "name": "http", - "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.0" - }, - "http_parser": { - "dependency": "transitive", - "description": { - "name": "http_parser", - "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.1.2" - }, - "http_profile": { - "dependency": "transitive", - "description": { - "name": "http_profile", - "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.0" - }, - "image": { - "dependency": "direct main", - "description": { - "name": "image", - "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.4" - }, - "image_picker": { - "dependency": "direct main", - "description": { - "name": "image_picker", - "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "image_picker_android": { - "dependency": "transitive", - "description": { - "name": "image_picker_android", - "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+25" - }, - "image_picker_for_web": { - "dependency": "transitive", - "description": { - "name": "image_picker_for_web", - "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.6" - }, - "image_picker_ios": { - "dependency": "transitive", - "description": { - "name": "image_picker_ios", - "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.8.12+2" - }, - "image_picker_linux": { - "dependency": "transitive", - "description": { - "name": "image_picker_linux", - "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_macos": { - "dependency": "transitive", - "description": { - "name": "image_picker_macos", - "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+2" - }, - "image_picker_platform_interface": { - "dependency": "transitive", - "description": { - "name": "image_picker_platform_interface", - "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.10.1" - }, - "image_picker_windows": { - "dependency": "transitive", - "description": { - "name": "image_picker_windows", - "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.1+1" - }, - "import_sorter": { - "dependency": "direct main", - "description": { - "name": "import_sorter", - "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "integration_test": { - "dependency": "direct dev", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "intl": { - "dependency": "direct main", - "description": { - "name": "intl", - "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.20.2" - }, - "io": { - "dependency": "transitive", - "description": { - "name": "io", - "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.5" - }, - "js": { - "dependency": "transitive", - "description": { - "name": "js", - "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.7" - }, - "json_annotation": { - "dependency": "transitive", - "description": { - "name": "json_annotation", - "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.9.0" - }, - "just_audio": { - "dependency": "direct main", - "description": { - "name": "just_audio", - "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.4" - }, - "just_audio_media_kit": { - "dependency": "direct main", - "description": { - "name": "just_audio_media_kit", - "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "just_audio_platform_interface": { - "dependency": "transitive", - "description": { - "name": "just_audio_platform_interface", - "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.6.0" - }, - "just_audio_web": { - "dependency": "transitive", - "description": { - "name": "just_audio_web", - "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.16" - }, - "just_waveform": { - "dependency": "direct main", - "description": { - "name": "just_waveform", - "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.0.7" - }, - "leak_tracker": { - "dependency": "transitive", - "description": { - "name": "leak_tracker", - "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "10.0.9" - }, - "leak_tracker_flutter_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_flutter_testing", - "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.9" - }, - "leak_tracker_testing": { - "dependency": "transitive", - "description": { - "name": "leak_tracker_testing", - "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "linkify": { - "dependency": "direct main", - "description": { - "name": "linkify", - "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.0" - }, - "lints": { - "dependency": "transitive", - "description": { - "name": "lints", - "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.0" - }, - "list_counter": { - "dependency": "transitive", - "description": { - "name": "list_counter", - "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.2" - }, - "locale_names": { - "dependency": "direct main", - "description": { - "name": "locale_names", - "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "logging": { - "dependency": "transitive", - "description": { - "name": "logging", - "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "lottie": { - "dependency": "direct main", - "description": { - "name": "lottie", - "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.3.1" - }, - "markdown": { - "dependency": "transitive", - "description": { - "name": "markdown", - "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.3.0" - }, - "matcher": { - "dependency": "transitive", - "description": { - "name": "matcher", - "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.12.17" - }, - "material_color_utilities": { - "dependency": "transitive", - "description": { - "name": "material_color_utilities", - "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.11.1" - }, - "matrix": { - "dependency": "direct main", - "description": { - "path": ".", - "ref": "braid/msc3861-native-oidc", - "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", - "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" - }, - "source": "git", - "version": "1.1.0" - }, - "matrix_homeserver_recommendations": { - "dependency": "direct main", - "description": { - "name": "matrix_homeserver_recommendations", - "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.1" - }, - "media_kit": { - "dependency": "direct main", - "description": { - "path": "media_kit", - "ref": "braid/stub-template", - "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", - "url": "https://github.com/TheOneWithTheBraid/media-kit.git" - }, - "source": "git", - "version": "1.2.0" - }, - "media_kit_libs_android_video": { - "dependency": "direct overridden", - "description": { - "path": "libs/android/media_kit_libs_android_video", - "ref": "main", - "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", - "url": "https://github.com/Predidit/media-kit.git" - }, - "source": "git", - "version": "1.3.6" - }, - "media_kit_libs_ios_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_ios_video", - "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_linux": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_linux", - "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.1" - }, - "media_kit_libs_macos_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_macos_video", - "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.4" - }, - "media_kit_libs_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_libs_video", - "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.6" - }, - "media_kit_libs_windows_video": { - "dependency": "transitive", - "description": { - "name": "media_kit_libs_windows_video", - "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.11" - }, - "media_kit_video": { - "dependency": "direct main", - "description": { - "name": "media_kit_video", - "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.0" - }, - "media_store_plus": { - "dependency": "direct main", - "description": { - "name": "media_store_plus", - "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.1.3" - }, - "meta": { - "dependency": "transitive", - "description": { - "name": "meta", - "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.16.0" - }, - "mime": { - "dependency": "direct main", - "description": { - "name": "mime", - "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "objective_c": { - "dependency": "transitive", - "description": { - "name": "objective_c", - "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.1.0" - }, - "package_config": { - "dependency": "transitive", - "description": { - "name": "package_config", - "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "package_info_plus": { - "dependency": "transitive", - "description": { - "name": "package_info_plus", - "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "8.3.1" - }, - "package_info_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "package_info_plus_platform_interface", - "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "path": { - "dependency": "transitive", - "description": { - "name": "path", - "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.9.1" - }, - "path_parsing": { - "dependency": "transitive", - "description": { - "name": "path_parsing", - "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "path_provider": { - "dependency": "direct main", - "description": { - "name": "path_provider", - "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.5" - }, - "path_provider_android": { - "dependency": "transitive", - "description": { - "name": "path_provider_android", - "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.17" - }, - "path_provider_foundation": { - "dependency": "transitive", - "description": { - "name": "path_provider_foundation", - "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "path_provider_linux": { - "dependency": "transitive", - "description": { - "name": "path_provider_linux", - "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.1" - }, - "path_provider_platform_interface": { - "dependency": "transitive", - "description": { - "name": "path_provider_platform_interface", - "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "path_provider_windows": { - "dependency": "transitive", - "description": { - "name": "path_provider_windows", - "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.0" - }, - "petitparser": { - "dependency": "transitive", - "description": { - "name": "petitparser", - "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "platform": { - "dependency": "transitive", - "description": { - "name": "platform", - "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.6" - }, - "plugin_platform_interface": { - "dependency": "transitive", - "description": { - "name": "plugin_platform_interface", - "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.8" - }, - "pointer_interceptor": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor", - "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1+2" - }, - "pointer_interceptor_ios": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_ios", - "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "pointer_interceptor_platform_interface": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_platform_interface", - "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.0+1" - }, - "pointer_interceptor_web": { - "dependency": "transitive", - "description": { - "name": "pointer_interceptor_web", - "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.3" - }, - "pool": { - "dependency": "transitive", - "description": { - "name": "pool", - "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.5.1" - }, - "posix": { - "dependency": "transitive", - "description": { - "name": "posix", - "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.3" - }, - "process": { - "dependency": "transitive", - "description": { - "name": "process", - "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.0.3" - }, - "pub_semver": { - "dependency": "transitive", - "description": { - "name": "pub_semver", - "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.2.0" - }, - "qr": { - "dependency": "transitive", - "description": { - "name": "qr", - "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.2" - }, - "quiver": { - "dependency": "transitive", - "description": { - "name": "quiver", - "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "random_string": { - "dependency": "transitive", - "description": { - "name": "random_string", - "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.1" - }, - "receive_sharing_intent": { - "dependency": "direct main", - "description": { - "name": "receive_sharing_intent", - "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.8.1" - }, - "rxdart": { - "dependency": "transitive", - "description": { - "name": "rxdart", - "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.28.0" - }, - "safe_local_storage": { - "dependency": "transitive", - "description": { - "name": "safe_local_storage", - "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "screen_brightness_android": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_android", - "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "screen_brightness_platform_interface": { - "dependency": "transitive", - "description": { - "name": "screen_brightness_platform_interface", - "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.0" - }, - "sdp_transform": { - "dependency": "transitive", - "description": { - "name": "sdp_transform", - "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.2" - }, - "sentry": { - "dependency": "direct main", - "description": { - "name": "sentry", - "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "9.6.0" - }, - "share_plus": { - "dependency": "direct main", - "description": { - "name": "share_plus", - "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "11.1.0" - }, - "share_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "share_plus_platform_interface", - "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.1.0" - }, - "sky_engine": { - "dependency": "transitive", - "description": "flutter", - "source": "sdk", - "version": "0.0.0" - }, - "slugify": { - "dependency": "transitive", - "description": { - "name": "slugify", - "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.0" - }, - "source_map_stack_trace": { - "dependency": "transitive", - "description": { - "name": "source_map_stack_trace", - "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.2" - }, - "source_maps": { - "dependency": "transitive", - "description": { - "name": "source_maps", - "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.13" - }, - "source_span": { - "dependency": "transitive", - "description": { - "name": "source_span", - "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.10.1" - }, - "sprintf": { - "dependency": "transitive", - "description": { - "name": "sprintf", - "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "7.0.0" - }, - "sqflite": { - "dependency": "direct main", - "description": { - "name": "sqflite", - "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_android": { - "dependency": "transitive", - "description": { - "name": "sqflite_android", - "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "sqflite_common": { - "dependency": "transitive", - "description": { - "name": "sqflite_common", - "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.5.6" - }, - "sqflite_common_ffi": { - "dependency": "direct main", - "description": { - "name": "sqflite_common_ffi", - "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.6" - }, - "sqflite_darwin": { - "dependency": "transitive", - "description": { - "name": "sqflite_darwin", - "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.2" - }, - "sqflite_platform_interface": { - "dependency": "transitive", - "description": { - "name": "sqflite_platform_interface", - "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.0" - }, - "sqlcipher_flutter_libs": { - "dependency": "direct main", - "description": { - "name": "sqlcipher_flutter_libs", - "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "sqlite3": { - "dependency": "transitive", - "description": { - "name": "sqlite3", - "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.9.0" - }, - "stack_trace": { - "dependency": "transitive", - "description": { - "name": "stack_trace", - "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.12.1" - }, - "stream_channel": { - "dependency": "transitive", - "description": { - "name": "stream_channel", - "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "stream_transform": { - "dependency": "transitive", - "description": { - "name": "stream_transform", - "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.1" - }, - "string_scanner": { - "dependency": "transitive", - "description": { - "name": "string_scanner", - "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.1" - }, - "sync_http": { - "dependency": "transitive", - "description": { - "name": "sync_http", - "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.1" - }, - "synchronized": { - "dependency": "transitive", - "description": { - "name": "synchronized", - "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "term_glyph": { - "dependency": "transitive", - "description": { - "name": "term_glyph", - "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2" - }, - "test_api": { - "dependency": "transitive", - "description": { - "name": "test_api", - "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.7.4" - }, - "test_core": { - "dependency": "transitive", - "description": { - "name": "test_core", - "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.6.8" - }, - "timezone": { - "dependency": "transitive", - "description": { - "name": "timezone", - "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.10.1" - }, - "tint": { - "dependency": "transitive", - "description": { - "name": "tint", - "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.1" - }, - "tuple": { - "dependency": "transitive", - "description": { - "name": "tuple", - "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.0.2" - }, - "typed_data": { - "dependency": "transitive", - "description": { - "name": "typed_data", - "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.4.0" - }, - "unifiedpush": { - "dependency": "direct main", - "description": { - "name": "unifiedpush", - "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.0.2" - }, - "unifiedpush_android": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_android", - "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.1" - }, - "unifiedpush_platform_interface": { - "dependency": "transitive", - "description": { - "name": "unifiedpush_platform_interface", - "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.1" - }, - "universal_platform": { - "dependency": "transitive", - "description": { - "name": "universal_platform", - "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "unorm_dart": { - "dependency": "direct main", - "description": { - "name": "unorm_dart", - "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "uri_parser": { - "dependency": "transitive", - "description": { - "name": "uri_parser", - "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.0.0" - }, - "url_launcher": { - "dependency": "direct main", - "description": { - "name": "url_launcher", - "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.2" - }, - "url_launcher_android": { - "dependency": "transitive", - "description": { - "name": "url_launcher_android", - "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.17" - }, - "url_launcher_ios": { - "dependency": "transitive", - "description": { - "name": "url_launcher_ios", - "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.3.3" - }, - "url_launcher_linux": { - "dependency": "transitive", - "description": { - "name": "url_launcher_linux", - "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.1" - }, - "url_launcher_macos": { - "dependency": "transitive", - "description": { - "name": "url_launcher_macos", - "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.2.2" - }, - "url_launcher_platform_interface": { - "dependency": "transitive", - "description": { - "name": "url_launcher_platform_interface", - "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.3.2" - }, - "url_launcher_web": { - "dependency": "transitive", - "description": { - "name": "url_launcher_web", - "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.4.1" - }, - "url_launcher_windows": { - "dependency": "transitive", - "description": { - "name": "url_launcher_windows", - "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.4" - }, - "uuid": { - "dependency": "transitive", - "description": { - "name": "uuid", - "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "4.5.1" - }, - "vector_graphics": { - "dependency": "transitive", - "description": { - "name": "vector_graphics", - "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.19" - }, - "vector_graphics_codec": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_codec", - "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.13" - }, - "vector_graphics_compiler": { - "dependency": "transitive", - "description": { - "name": "vector_graphics_compiler", - "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.17" - }, - "vector_math": { - "dependency": "transitive", - "description": { - "name": "vector_math", - "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "2.1.4" - }, - "visibility_detector": { - "dependency": "direct main", - "description": { - "name": "visibility_detector", - "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.4.0+2" - }, - "vm_service": { - "dependency": "transitive", - "description": { - "name": "vm_service", - "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "15.0.0" - }, - "vodozemac": { - "dependency": "direct main", - "description": { - "name": "vodozemac", - "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.2.0" - }, - "volume_controller": { - "dependency": "transitive", - "description": { - "name": "volume_controller", - "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.4.0" - }, - "wakelock_plus": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus", - "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.3.2" - }, - "wakelock_plus_platform_interface": { - "dependency": "transitive", - "description": { - "name": "wakelock_plus_platform_interface", - "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.3" - }, - "watcher": { - "dependency": "transitive", - "description": { - "name": "watcher", - "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.2" - }, - "web": { - "dependency": "direct main", - "description": { - "name": "web", - "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.1" - }, - "web_multiple_tab_detector": { - "dependency": "direct main", - "description": { - "name": "web_multiple_tab_detector", - "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "0.3.0" - }, - "web_socket": { - "dependency": "transitive", - "description": { - "name": "web_socket", - "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.0.1" - }, - "webdriver": { - "dependency": "transitive", - "description": { - "name": "webdriver", - "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.0" - }, - "webrtc_interface": { - "dependency": "transitive", - "description": { - "name": "webrtc_interface", - "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.2.2+hotfix.2" - }, - "win32": { - "dependency": "transitive", - "description": { - "name": "win32", - "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "5.14.0" - }, - "xdg_directories": { - "dependency": "transitive", - "description": { - "name": "xdg_directories", - "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "1.1.0" - }, - "xml": { - "dependency": "transitive", - "description": { - "name": "xml", - "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "6.5.0" - }, - "yaml": { - "dependency": "transitive", - "description": { - "name": "yaml", - "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", - "url": "https://pub.dev" - }, - "source": "hosted", - "version": "3.1.3" - } - }, - "sdks": { - "dart": ">=3.8.0 <4.0.0", - "flutter": ">=3.29.0" - } -} diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index dc9eae9..6c75edd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -8,21 +8,25 @@ in { options.impermanence = { enable = lib.mkEnableOption "impermanence for home directory"; + fallbackPersistence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkMerge [ (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.impermanence.enable; - message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + assertion = osConfig.host.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) - (lib.mkIf osConfig.host.impermanence.enable { - # If impermanence is not enabled for this user but system impermanence is enabled, - # persist the entire home directory as fallback - home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 5c14068..e305b6c 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -11,7 +11,7 @@ config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ { home.packages = with pkgs; [ - bitwarden + bitwarden-desktop ]; } ( diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 3fff489..e70cfc8 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -31,6 +31,7 @@ ./freecad.nix ./onionshare.nix ./mfoc.nix + ./noita-entangled-worlds.nix ./pdfarranger.nix ./picard.nix ./qflipper.nix @@ -43,7 +44,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix - ./polycule.nix ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index d5d7192..71b09b2 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -1,19 +1,9 @@ { lib, - pkgs, config, ... }: { - options.programs.discord = { - enable = lib.mkEnableOption "enable discord"; - }; - config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - discord - ]; - } ( lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/modules/home-manager-modules/programs/noita-entangled-worlds.nix b/modules/home-manager-modules/programs/noita-entangled-worlds.nix new file mode 100644 index 0000000..3f3af64 --- /dev/null +++ b/modules/home-manager-modules/programs/noita-entangled-worlds.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + config, + ... +}: { + options = { + programs.noita-entangled-worlds = { + enable = lib.mkEnableOption "Noita Entangled Worlds multiplayer mod"; + }; + }; + + config = lib.mkIf config.programs.noita-entangled-worlds.enable { + home.packages = with pkgs; [ + noita_entangled_worlds + ]; + }; +} diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix deleted file mode 100644 index d0aea2a..0000000 --- a/modules/home-manager-modules/programs/polycule.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.polycule = { - enable = lib.mkEnableOption "enable polycule matrix client"; - package = lib.mkPackageOption pkgs "polycule" {}; - }; - - config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ - { - home.packages = [ - config.programs.polycule.package - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - # TODO: check that these are actually the correct folders - # directories = [ - # "${config.xdg.configHome}/polycule" - # "${config.xdg.dataHome}/polycule" - # "${config.xdg.cacheHome}/polycule" - # ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 5bc8124..b667c27 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -19,6 +19,10 @@ in { gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; + + promptFooter = lib.mkEnableOption "prompting for footer in conventional commits"; + + showNewVersionNotes = lib.mkEnableOption "showing new version notes for conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { @@ -27,6 +31,8 @@ in { userSettings = { "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + "conventionalCommits.promptFooter" = config.extraExtensions.conventionalCommits.promptFooter; + "conventionalCommits.showNewVersionNotes" = config.extraExtensions.conventionalCommits.showNewVersionNotes; }; }; })); diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 8f366fe..f9d83dc 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix ./claudeDev.nix diff --git a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix new file mode 100644 index 0000000..66e9ebe --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.rustAnalyzer = { + enable = lib.mkEnableOption "should the rust-analyzer extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "rust-analyzer" { + default = ["rust-lang" "rust-analyzer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.rustAnalyzer.enable { + extensions = [ + config.extraExtensions.rustAnalyzer.extension + ]; + }; + })); + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 7735e97..60011cb 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -3,6 +3,39 @@ lib, ... }: { + # options.storage = { + # zfs = { + # # TODO: enable option + # # when this option is enabled we need to configure and enable disko things + + # # TODO: we need some way of managing notifications + + # # TODO: we need options to configure zfs pools + # # we should have warnings when the configured pool is missing drives + + # # TODO: dataset option that is a submodule that adds datasets to the system + # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it + + # # TODO: pools and datasets need to be passed to disko + # }; + + # impermanence = { + # # TODO: enable option + + # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system + # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets + # # Then we should make a dataset for user folders local and persist + # # We should also create datasets for systemd modules that have have impermanence enabled for them + # # we need to figure out what options a dataset can have in zfs + # }; + + # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface + + # # TODO: we should have a way of enabling impermanence for a systemd config + # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) + # # options for features that can be added to the dataset + # }; + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; config = lib.mkMerge [ @@ -93,6 +126,7 @@ ]; }; + # TODO: this should live in leylas home manager configuration security.sudo.extraConfig = "Defaults lecture=never"; } ) diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix new file mode 100644 index 0000000..4cca449 --- /dev/null +++ b/modules/nixos-modules/server/actual/actual.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + options.services.actual = { + port = lib.mkOption { + type = lib.types.port; + description = "The port to listen on"; + default = 5006; + }; + }; + config = lib.mkIf config.services.actual.enable { + services.actual = { + settings = { + port = config.services.actual.port; + dataDir = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix index 13b068e..14b715e 100644 --- a/modules/nixos-modules/server/actual/const.nix +++ b/modules/nixos-modules/server/actual/const.nix @@ -1,3 +1,3 @@ { - dataDirectory = "/var/lib/actual/"; + dataDirectory = "/var/lib/private/actual"; } diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index 546240e..b59517b 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -1,26 +1,8 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { imports = [ + ./actual.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - }; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5eee95a..d870789 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -6,11 +6,22 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { - config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + options.services.actual = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; } ]; environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index 6ca51e4..9d37574 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -4,17 +4,30 @@ ... }: { options.services.actual = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; + description = "domain that actual will be hosted at"; + default = "actual.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for actual"; + default = []; + }; + reverseProxy.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.services.reverseProxy.enable; }; }; - config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; + config = lib.mkIf config.services.actual.reverseProxy.enable { + services.reverseProxy.services.actual = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + domain = config.services.actual.domain; + extraDomains = config.services.actual.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix index 22fb0e6..70a45d1 100644 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -5,7 +5,14 @@ }: let bazarr_data_directory = "/var/lib/bazarr"; in { - config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + options.services.bazarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.bazarr.impermanence.enable { assertions = [ { assertion = config.services.bazarr.dataDir == bazarr_data_directory; diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix deleted file mode 100644 index fe310d8..0000000 --- a/modules/nixos-modules/server/bazarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.bazarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { - host.reverse_proxy.subdomains.bazarr = { - subdomain = config.services.bazarr.subdomain; - extraSubdomains = config.services.bazarr.extraSubdomains; - target = "http://127.0.0.1:6767"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index 58ff660..d76323a 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -27,9 +27,19 @@ in { show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; downstreams = { - loopback = { - enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; - openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + host = { + enable = lib.mkEnableOption "host downstream DNS server accessible from network on all interfaces"; + port = lib.mkOption { + type = lib.types.port; + default = 53; + description = "Port for the host downstream DNS server to listen on."; + }; + openFirewall = lib.mkEnableOption "automatic port forwarding for the host downstream"; + disableSystemdResolved = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically disable systemd-resolved when using port 53. Set to false if you want to handle the conflict manually."; + }; }; }; @@ -79,9 +89,44 @@ in { default = []; description = "List of additional upstream DNS server configurations."; }; + + blocklists = { + ad_malware = { + enable = lib.mkEnableOption "Host file for blocking ads and malware"; + url = lib.mkOption { + type = lib.types.str; + default = "http://sbc.io/hosts/hosts"; + description = "URL of the ad and malware blocklist host file"; + }; + }; + }; + + extraBlocklists = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional blocklist URLs to be added to the configuration"; + }; }; config = lib.mkIf cfg.enable { + # Assertions for proper configuration + assertions = [ + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && config.services.resolved.enable && cfg.downstreams.host.disableSystemdResolved); + message = "crab-hole host downstream cannot use port 53 while systemd-resolved is enabled. Either disable systemd-resolved or use a different port."; + } + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && !cfg.downstreams.host.disableSystemdResolved && config.services.resolved.enable); + message = "crab-hole host downstream is configured to use port 53 but systemd-resolved is still enabled and disableSystemdResolved is false. Set disableSystemdResolved = true or manually disable systemd-resolved."; + } + ]; + + # Automatically disable systemd-resolved if using port 53 + services.resolved.enable = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkForce false); + + # Configure DNS nameservers when disabling systemd-resolved + networking.nameservers = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkDefault ["127.0.0.1" "1.1.1.1" "8.8.8.8"]); + services.crab-hole.settings = lib.mkMerge [ { api = { @@ -91,13 +136,17 @@ in { }; downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; + blocklist.lists = cfg.extraBlocklists; } - (lib.mkIf cfg.downstreams.loopback.enable { + (lib.mkIf cfg.blocklists.ad_malware.enable { + blocklist.lists = [cfg.blocklists.ad_malware.url]; + }) + (lib.mkIf cfg.downstreams.host.enable { downstream = [ { protocol = "udp"; - listen = "localhost"; - port = 53; + listen = "0.0.0.0"; + port = cfg.downstreams.host.port; } ]; }) @@ -136,8 +185,8 @@ in { (lib.mkIf cfg.openFirewall { allowedTCPPorts = [cfg.port]; }) - (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { - allowedUDPPorts = [53]; + (lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.openFirewall) { + allowedUDPPorts = [cfg.downstreams.host.port]; }) ]; }; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 455e593..51efc0c 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,14 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.crab-hole = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.crab-hole.impermanence.enable { assertions = [ { assertion = diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 57874d5..2b33089 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,10 +1,9 @@ {...}: { imports = [ - ./reverse_proxy.nix - ./fail2ban.nix - ./postgres.nix + ./reverseProxy + ./fail2ban + ./postgres ./network_storage - ./podman.nix ./actual ./bazarr @@ -18,7 +17,7 @@ ./lidarr ./panoramax ./paperless - ./qbittorent.nix + ./qbittorent ./radarr ./searx ./sonarr diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix deleted file mode 100644 index d19aeeb..0000000 --- a/modules/nixos-modules/server/fail2ban.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - { - environment.etc = { - "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "limiting requests, excess:.* by zone.*client: " - '') - ); - }; - - services.fail2ban = { - maxretry = 5; - ignoreIP = [ - # Whitelist local networks - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - - # tail scale tailnet - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the ban time based on all the violations - }; - jails = { - nginx-iptables.settings = lib.mkIf config.services.nginx.enable { - enabled = true; - filter = "nginx"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - # TODO; figure out if there is any fail2ban things we can do on searx - # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix new file mode 100644 index 0000000..30fca99 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./fail2ban.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/fail2ban/fail2ban.nix b/modules/nixos-modules/server/fail2ban/fail2ban.nix new file mode 100644 index 0000000..261c68f --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/fail2ban.nix @@ -0,0 +1,51 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + }; + + services.fail2ban = { + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix new file mode 100644 index 0000000..6e214b3 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + options.services.fail2ban = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.fail2ban.impermanence.enable { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix index b568a56..4544e75 100644 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + options.services.flaresolverr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.flaresolverr.impermanence.enable { # FlareSolverr typically doesn't need persistent storage as it's a proxy service # but we'll add basic structure in case it's needed for logs or configuration environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix deleted file mode 100644 index 5b8dd4c..0000000 --- a/modules/nixos-modules/server/flaresolverr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { - host.reverse_proxy.subdomains.flaresolverr = { - subdomain = config.services.flaresolverr.subdomain; - extraSubdomains = config.services.flaresolverr.extraSubdomains; - target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix index 0417aab..bb8781c 100644 --- a/modules/nixos-modules/server/forgejo/database.nix +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -2,40 +2,31 @@ lib, config, ... -}: { - config = lib.mkIf config.services.forgejo.enable ( - lib.mkMerge [ +}: let + usingPostgres = config.services.forgejo.database.type == "postgres"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; - message = "Forgejo database type must be postgres"; - } - ]; + assertion = !usingPostgres || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when Forgejo database type is postgres"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - forgejo = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - forgejo = { - name = "forgejo"; - }; - }; - }; - }; - }) - ] - ); + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (db: db == "forgejo") config.services.postgresql.ensureDatabases); + message = "Forgejo built-in database creation failed - expected 'forgejo' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (user: user.name == "forgejo") config.services.postgresql.ensureUsers); + message = "Forgejo built-in user creation failed - expected user 'forgejo' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.forgejo.database.createDatabase = lib.mkDefault usingPostgres; + + systemd.services.forgejo = lib.mkIf usingPostgres { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 1fdc8d9..4333f69 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -1,53 +1,9 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; - sshPort = const.sshPort; - db_user = "forgejo"; -in { imports = [ + ./forgejo.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = httpPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix index 213c804..dfe221a 100644 --- a/modules/nixos-modules/server/forgejo/fail2ban.nix +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + options.services.forgejo = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.fail2ban.enable; + }; + }; + }; + + config = lib.mkIf config.services.forgejo.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' diff --git a/modules/nixos-modules/server/forgejo/forgejo.nix b/modules/nixos-modules/server/forgejo/forgejo.nix new file mode 100644 index 0000000..70d3087 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/forgejo.nix @@ -0,0 +1,46 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.services.forgejo.reverseProxy.domain; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix index 04f21a5..6fe3de8 100644 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -5,7 +5,14 @@ }: let stateDir = "/var/lib/forgejo"; in { - config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + options.services.forgejo = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.forgejo.impermanence.enable { assertions = [ { assertion = config.services.forgejo.stateDir == stateDir; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 51f769d..c2d3131 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -7,16 +7,33 @@ httpPort = const.httpPort; in { options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.reverseProxy.enable; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "domain that forgejo will be hosted at"; + default = "git.jan-leila.com"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for forgejo"; + default = []; + }; }; }; - config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + config = lib.mkIf config.services.forgejo.reverseProxy.enable { + services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; + domain = config.services.forgejo.reverseProxy.domain; + extraDomains = config.services.forgejo.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; + }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix index 0ac8002..f1927ed 100644 --- a/modules/nixos-modules/server/home-assistant/database.nix +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -2,55 +2,52 @@ lib, config, ... -}: let - dbUser = "hass"; -in { - config = lib.mkIf config.services.home-assistant.enable ( - lib.mkMerge [ +}: { + options.services.home-assistant = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database name"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.home-assistant.database == "postgres"; - message = "Home Assistant database type must be postgres"; - } - ]; + assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Home Assistant"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; + ]; - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; + services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + enable = true; + user = config.services.home-assistant.postgres.user; + database = config.services.home-assistant.postgres.database; + }; - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - ] - ); + services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 83d8ba7..b6f9356 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -1,112 +1,10 @@ { - lib, - config, - ... -}: { imports = [ + ./home-assistant.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ./extensions ]; - - options.services.home-assistant = { - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = "/var/lib/hass"; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - ]); } diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix index 6ac5900..25194ef 100644 --- a/modules/nixos-modules/server/home-assistant/fail2ban.nix +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -3,36 +3,46 @@ pkgs, config, ... -}: -lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { - environment.etc = { - "fail2ban/filter.d/hass.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); +}: { + options.services.home-assistant = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.home-assistant.enable; + }; + }; }; - services.fail2ban = { - jails = { - home-assistant-iptables.settings = { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; + config = lib.mkIf config.services.home-assistant.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; }; }; }; diff --git a/modules/nixos-modules/server/home-assistant/home-assistant.nix b/modules/nixos-modules/server/home-assistant/home-assistant.nix new file mode 100644 index 0000000..fa58d5e --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/home-assistant.nix @@ -0,0 +1,104 @@ +{ + lib, + config, + ... +}: { + options.services.home-assistant = { + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.domain}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index ba8f20d..b756459 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -4,29 +4,39 @@ ... }: { options.services.home-assistant = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; + description = "domain that home-assistant will be hosted at"; + default = "home-assistant.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for home-assistant"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.services.home-assistant.enable; + }; }; }; - config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + config = lib.mkIf config.services.home-assistant.reverseProxy.enable { + services.reverseProxy.services.home-assistant = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + domain = config.services.home-assistant.domain; + extraDomains = config.services.home-assistant.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 90; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix index 74b1aaa..52af51e 100644 --- a/modules/nixos-modules/server/immich/database.nix +++ b/modules/nixos-modules/server/immich/database.nix @@ -3,24 +3,28 @@ config, ... }: { - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - }) - ]); + config = lib.mkIf config.services.immich.enable { + assertions = [ + { + assertion = !config.services.immich.database.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Immich"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (db: db == "immich") config.services.postgresql.ensureDatabases); + message = "Immich built-in database creation failed - expected 'immich' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (user: user.name == "immich") config.services.postgresql.ensureUsers); + message = "Immich built-in user creation failed - expected user 'immich' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + # Note: Immich has built-in database creation via services.immich.database.createDB we only add the systemd dependency + + systemd.services.immich-server = lib.mkIf config.services.immich.database.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix index c9ec87b..21593e7 100644 --- a/modules/nixos-modules/server/immich/fail2ban.nix +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + options.services.immich = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.immich.enable; + }; + }; + }; + + config = lib.mkIf config.services.immich.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix index f63d178..56e51d0 100644 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -5,7 +5,14 @@ }: let mediaLocation = "/var/lib/immich"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.immich = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.immich.impermanence.enable { assertions = [ { assertion = config.services.immich.mediaLocation == mediaLocation; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index dae2420..9c8c165 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -4,31 +4,40 @@ ... }: { options.services.immich = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; + description = "domain that immich will be hosted at"; + default = "immich.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for immich"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; + config = lib.mkIf config.services.immich.reverseProxy.enable { + services.reverseProxy.services.immich = { + target = "http://localhost:${toString config.services.immich.port}"; + domain = config.services.immich.domain; + extraDomains = config.services.immich.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; + maxBodySize = 50000; - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 600; + }; }; }; }; diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix index 5826a54..24fc5e6 100644 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -5,7 +5,14 @@ }: let jackett_data_directory = "/var/lib/jackett/.config/Jackett"; in { - config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + options.services.jackett = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jackett.impermanence.enable { assertions = [ { assertion = config.services.jackett.dataDir == jackett_data_directory; diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix deleted file mode 100644 index af5fa79..0000000 --- a/modules/nixos-modules/server/jackett/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.jackett = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { - host.reverse_proxy.subdomains.jackett = { - subdomain = config.services.jackett.subdomain; - extraSubdomains = config.services.jackett.extraSubdomains; - target = "http://127.0.0.1:9117"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 0d88481..2dbdcfd 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -1,38 +1,8 @@ { - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; -in { imports = [ + ./jellyfin.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.jellyfin = { - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - }; } diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix index e0b3b5d..cbcb54f 100644 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -6,7 +6,14 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + options.services.jellyfin = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jellyfin.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/jellyfin/jellyfin.nix b/modules/nixos-modules/server/jellyfin/jellyfin.nix new file mode 100644 index 0000000..9bfa921 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/jellyfin.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + options.services.jellyfin = { + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 1020a19..35289e7 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -6,33 +6,36 @@ jellyfinPort = 8096; in { options.services.jellyfin = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; + description = "domain that jellyfin will be hosted at"; + default = "jellyfin.arpa"; }; - extraSubdomains = lib.mkOption { + extraDomains = lib.mkOption { type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; + description = "extra domains that should be configured for jellyfin"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.jellyfin = { + config = lib.mkIf config.services.jellyfin.reverseProxy.enable { + services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; + domain = config.services.jellyfin.domain; + extraDomains = config.services.jellyfin.extraDomains; - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; + settings = { + forwardHeaders.enable = true; + maxBodySize = 20; + noSniff.enable = true; + proxyBuffering.enable = false; + }; }; }; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix index 689b924..5d3aa3f 100644 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -5,7 +5,14 @@ }: let lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; in { - config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + options.services.lidarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.lidarr.impermanence.enable { assertions = [ { assertion = config.services.lidarr.dataDir == lidarr_data_directory; diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix deleted file mode 100644 index 0146ccf..0000000 --- a/modules/nixos-modules/server/lidarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.lidarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { - host.reverse_proxy.subdomains.lidarr = { - subdomain = config.services.lidarr.subdomain; - extraSubdomains = config.services.lidarr.extraSubdomains; - target = "http://127.0.0.1:8686"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index eaac7fe..cd100ab 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -1,90 +1,6 @@ { - config, - lib, - ... -}: let - export_directory = config.host.network_storage.export_directory; -in { imports = [ + ./network_storage.nix ./nfs.nix ]; - - options = { - host.network_storage = { - enable = lib.mkEnableOption "is this machine going to export network storage"; - export_directory = lib.mkOption { - type = lib.types.path; - description = "what are exports going to be stored in"; - default = "/exports"; - }; - directories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule ({config, ...}: { - options = { - folder = lib.mkOption { - type = lib.types.str; - description = "what is the name of this export directory"; - }; - bind = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = "is this directory bound to anywhere"; - default = null; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user owns this directory"; - default = "nouser"; - }; - group = lib.mkOption { - type = lib.types.str; - description = "what group owns this directory"; - default = "nogroup"; - }; - _directory = lib.mkOption { - internal = true; - readOnly = true; - type = lib.types.path; - default = "${export_directory}/${config.folder}"; - }; - }; - })); - description = "list of directory names to export"; - }; - }; - }; - - config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ - { - # create any folders that we need to have for our exports - systemd.tmpfiles.rules = - [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" - ] - ++ ( - builtins.map ( - directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" - ) - config.host.network_storage.directories - ); - - # set up any bind mounts that we need for our exports - fileSystems = builtins.listToAttrs ( - builtins.map (directory: - lib.attrsets.nameValuePair directory._directory { - device = directory.bind; - options = ["bind"]; - }) ( - builtins.filter (directory: directory.bind != null) config.host.network_storage.directories - ) - ); - } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) - ]); } diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix new file mode 100644 index 0000000..ebc3bee --- /dev/null +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.str; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.str; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 8679f9a..1721726 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -3,32 +3,46 @@ config, ... }: { - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; + options.services.panoramax = { + database = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database name"; }; }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.panoramax.database.name} = { - name = config.services.panoramax.database.user; - }; - }; - }; - }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable { + assertions = [ + { + assertion = !config.services.panoramax.database.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Panoramax"; } - ) - ]); + ]; + + services.postgresql.databases.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + enable = true; + user = config.services.panoramax.database.postgres.user; + database = config.services.panoramax.database.postgres.database; + }; + + systemd.services.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 41b1401..e25ef92 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { + options.services.panoramax = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.panoramax.impermanence.enable { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 79f9326..7cd7111 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -4,31 +4,35 @@ ... }: { options.services.panoramax = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; + description = "domain that panoramax will be hosted at"; + default = "panoramax.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for panoramax"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; + config = lib.mkIf config.services.panoramax.reverseProxy.enable { + services.reverseProxy.services.panoramax = { + target = "http://localhost:${toString config.services.panoramax.port}"; + domain = config.services.panoramax.domain; + extraDomains = config.services.panoramax.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; + maxBodySize = 100000; + timeout = 300; }; }; }; diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix index 6f4ce51..c63e59d 100644 --- a/modules/nixos-modules/server/paperless/database.nix +++ b/modules/nixos-modules/server/paperless/database.nix @@ -3,32 +3,28 @@ lib, ... }: { - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; + config = lib.mkIf config.services.paperless.enable { + assertions = [ + { + assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using local postgres database for Paperless"; } - ) - ]); + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases); + message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers); + message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.paperless.database.createLocally = lib.mkDefault true; + + systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index a6878eb..7e5e16b 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -1,35 +1,9 @@ { - config, - lib, - ... -}: { imports = [ + ./paperless.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.paperless = { - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable { - services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - }; } diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix index d9e17bd..fc87ea7 100644 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -5,7 +5,14 @@ }: let dataDir = "/var/lib/paperless"; in { - config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + options.services.paperless = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.paperless.impermanence.enable { assertions = [ { assertion = config.services.paperless.dataDir == dataDir; diff --git a/modules/nixos-modules/server/paperless/paperless.nix b/modules/nixos-modules/server/paperless/paperless.nix new file mode 100644 index 0000000..5bcbfed --- /dev/null +++ b/modules/nixos-modules/server/paperless/paperless.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + options.services.paperless = { + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 2910f07..9d152c9 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,29 @@ ... }: { options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + config = lib.mkIf config.services.paperless.reverseProxy.enable { + services.reverseProxy.services.paperless = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + domain = config.services.paperless.domain; + extraDomains = config.services.paperless.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; + maxBodySize = 50000; }; }; }; diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix deleted file mode 100644 index 9301140..0000000 --- a/modules/nixos-modules/server/podman.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: { - options.host.podman = { - enable = lib.mkEnableOption "should podman be enabled on this computer"; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - }; - config = lib.mkIf config.host.podman.enable { - systemd = { - services = { - # "podman-network-macvlan" = { - # path = [pkgs.podman]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # ExecStop = "podman network rm -f macvlan"; - # }; - # script = '' - # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - # ''; - # partOf = ["podman-compose-root.target"]; - # wantedBy = ["podman-compose-root.target"]; - # }; - }; - # disable computer sleeping - targets = { - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; - }; - }; - - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - # defaultNetwork.settings = { - # # Required for container networking to be able to use names. - # dns_enabled = true; - # }; - }; - - oci-containers = { - backend = "podman"; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix deleted file mode 100644 index 71ce44c..0000000 --- a/modules/nixos-modules/server/postgres.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/postgresql/16"; - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; -in { - options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isClient = lib.mkOption { - type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - })); - default = {}; - }; - extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ - { - services = { - postgresql = { - enable = true; - package = pkgs.postgresql_16; - ensureUsers = - [ - { - name = "postgres"; - } - ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; - identMap = - '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) - ) - + '' - - # Client Users - '' - + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=user_map - ''; - }; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix new file mode 100644 index 0000000..abf4ade --- /dev/null +++ b/modules/nixos-modules/server/postgres/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./postgres.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix new file mode 100644 index 0000000..a67fb1a --- /dev/null +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix new file mode 100644 index 0000000..af7d1b4 --- /dev/null +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -0,0 +1,122 @@ +{ + config, + lib, + pkgs, + ... +}: let + enabledDatabases = lib.filterAttrs (_: db: db.enable) config.services.postgresql.databases; + extraDatabasesList = config.services.postgresql.extraDatabases; + + serviceDatabaseUsers = lib.mapAttrsToList (_: db: { + name = db.user; + ensureDBOwnership = true; + }) (lib.filterAttrs (_: db: db.ensureUser) enabledDatabases); + + extraDatabaseUsers = + builtins.map (dbName: { + name = dbName; + ensureDBOwnership = true; + }) + extraDatabasesList; + + serviceDatabases = lib.mapAttrsToList (_: db: db.database) enabledDatabases; + extraDatabaseNames = extraDatabasesList; + + serviceUserMappings = lib.mapAttrsToList (_: db: "user_map ${db.user} ${db.user}") enabledDatabases; + extraUserMappings = builtins.map (dbName: "user_map ${dbName} ${dbName}") extraDatabasesList; + + builtinServiceMappings = let + forgejoMapping = lib.optional (config.services.forgejo.enable && config.services.forgejo.database.type == "postgres") "user_map forgejo forgejo"; + immichMapping = lib.optional (config.services.immich.enable && config.services.immich.database.enable) "user_map immich immich"; + paperlessMapping = lib.optional (config.services.paperless.enable && config.services.paperless.database.createLocally) "user_map paperless paperless"; + in + forgejoMapping ++ immichMapping ++ paperlessMapping; +in { + options = { + services.postgresql = { + databases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to create this database and user"; + }; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database name"; + }; + ensureUser = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to ensure the user exists"; + }; + }; + })); + default = {}; + description = "Databases to create for services"; + }; + + extraDatabases = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional databases to create (user name will match database name)"; + example = ["custom_db" "test_db"]; + }; + + adminUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "System users who should have PostgreSQL superuser access"; + example = ["leyla" "admin"]; + }; + }; + }; + + config = lib.mkIf config.services.postgresql.enable { + services = { + postgresql = { + package = pkgs.postgresql_16; + + ensureUsers = + [ + {name = "postgres";} + ] + ++ serviceDatabaseUsers ++ extraDatabaseUsers; + + ensureDatabases = serviceDatabases ++ extraDatabaseNames; + + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (builtins.map (user: "superuser_map ${user} postgres") config.services.postgresql.adminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (serviceUserMappings ++ extraUserMappings ++ builtinServiceMappings) + ); + + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=user_map + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix deleted file mode 100644 index 2d54587..0000000 --- a/modules/nixos-modules/server/qbittorent.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix new file mode 100644 index 0000000..f7511e6 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./qbittorent.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix new file mode 100644 index 0000000..1489e7d --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + options.services.qbittorrent = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.qbittorrent.impermanence.enable { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_profile_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent/qbittorent.nix b/modules/nixos-modules/server/qbittorent/qbittorent.nix new file mode 100644 index 0000000..44603c8 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/qbittorent.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: { + options.services.qbittorrent = { + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable { + # Main qbittorrent configuration goes here if needed + }; +} diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix index 4a3242c..c948e3a 100644 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -5,7 +5,14 @@ }: let radarr_data_directory = "/var/lib/radarr/.config/Radarr"; in { - config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + options.services.radarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.radarr.impermanence.enable { assertions = [ { assertion = config.services.radarr.dataDir == radarr_data_directory; diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix deleted file mode 100644 index ec5f575..0000000 --- a/modules/nixos-modules/server/radarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.radarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { - host.reverse_proxy.subdomains.radarr = { - subdomain = config.services.radarr.subdomain; - extraSubdomains = config.services.radarr.extraSubdomains; - target = "http://127.0.0.1:7878"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix new file mode 100644 index 0000000..5d57175 --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./reverseProxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix new file mode 100644 index 0000000..7af55df --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/impermanence.nix @@ -0,0 +1,21 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix new file mode 100644 index 0000000..eecc9bf --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -0,0 +1,176 @@ +{ + lib, + config, + ... +}: { + options.services.reverseProxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + openFirewall = lib.mkEnableOption "open the firewall"; + refuseUnmatchedDomains = lib.mkOption { + type = lib.types.bool; + description = "refuse connections for domains that don't match any configured virtual hosts"; + default = true; + }; + ports = { + http = lib.mkOption { + type = lib.types.port; + description = "HTTP port for the reverse proxy"; + default = 80; + }; + https = lib.mkOption { + type = lib.types.port; + description = "HTTPS port for the reverse proxy"; + default = 443; + }; + }; + acme = { + enable = lib.mkOption { + type = lib.types.bool; + description = "enable ACME certificate management"; + default = true; + }; + email = lib.mkOption { + type = lib.types.str; + description = "email address for ACME certificate registration"; + }; + }; + services = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + target = lib.mkOption { + type = lib.types.str; + description = "what url will all traffic to this application be forwarded to"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + settings = { + certificateRenewal.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + forceSSL.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + proxyHeaders = { + enable = lib.mkEnableOption "should we proxy headers"; + timeout = lib.mkOption { + type = lib.types.int; + default = 60; + }; + }; + proxyWebsockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + noSniff.enable = lib.mkEnableOption "should the no sniff flags be set"; + proxyBuffering.enable = lib.mkOption { + type = lib.types.bool; + description = "should proxy buffering be enabled"; + default = true; + }; + maxBodySize = lib.mkOption { + type = lib.types.nullOr lib.types.int; + description = ""; + default = null; + }; + }; + }; + })); + }; + }; + + config = let + httpPort = config.services.reverseProxy.ports.http; + httpsPort = config.services.reverseProxy.ports.https; + in + lib.mkIf config.services.reverseProxy.enable { + security.acme = lib.mkIf config.services.reverseProxy.acme.enable { + acceptTerms = true; + defaults.email = config.services.reverseProxy.acme.email; + }; + + services.nginx = { + enable = true; + virtualHosts = lib.mkMerge ( + (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [ + { + "_" = { + default = true; + serverName = "_"; + locations."/" = { + extraConfig = '' + return 444; + ''; + }; + }; + } + ]) + ++ lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: service: let + hostConfig = { + forceSSL = service.settings.forceSSL.enable; + enableACME = service.settings.certificateRenewal.enable; + locations = { + "/" = { + proxyPass = service.target; + proxyWebsockets = service.settings.proxyWebsockets.enable; + recommendedProxySettings = service.settings.forwardHeaders.enable; + extraConfig = let + # Client upload size configuration + maxBodySizeConfig = + lib.optionalString (service.settings.maxBodySize != null) + "client_max_body_size ${toString service.settings.maxBodySize}M;"; + + # Security header configuration + noSniffConfig = + lib.optionalString service.settings.noSniff.enable + "add_header X-Content-Type-Options nosniff;"; + + # Proxy buffering configuration + proxyBufferingConfig = + lib.optionalString (!service.settings.proxyBuffering.enable) + "proxy_buffering off;"; + + # Proxy timeout configuration + proxyTimeoutConfig = + lib.optionalString service.settings.proxyHeaders.enable + '' + proxy_read_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_connect_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_send_timeout ${toString service.settings.proxyHeaders.timeout}s; + ''; + in + maxBodySizeConfig + noSniffConfig + proxyBufferingConfig + proxyTimeoutConfig; + }; + }; + }; + in ( + [ + { + ${service.domain} = hostConfig; + } + ] + ++ builtins.map (domain: {${domain} = hostConfig;}) + service.extraDomains + ) + ) + config.services.reverseProxy.services + ) + ); + }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.reverseProxy.openFirewall [ + httpPort + httpsPort + ]; + }; +} diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix deleted file mode 100644 index 26b4374..0000000 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; - httpPort = 80; - httpsPort = 443; -in { - options.host.reverse_proxy = { - enable = lib.mkEnableOption "turn on the reverse proxy"; - hostname = lib.mkOption { - type = lib.types.str; - description = "what host name are we going to be proxying from"; - }; - forceSSL = lib.mkOption { - type = lib.types.bool; - description = "force connections to use https"; - default = config.host.reverse_proxy.enableACME; - }; - enableACME = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "what is the default subdomain to be used for this application to be used for"; - default = name; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for this domain"; - default = []; - }; - - target = lib.mkOption { - type = lib.types.str; - description = "what url will all traffic to this application be forwarded to"; - }; - - websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; - - forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; - - extraConfig = lib.mkOption { - type = lib.types.lines; - default = ""; - description = '' - These lines go to the end of the upstream verbatim. - ''; - }; - }; - })); - }; - }; - - config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ - { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - services.nginx = { - enable = true; - virtualHosts = lib.mkMerge ( - lib.lists.flatten ( - lib.attrsets.mapAttrsToList ( - name: value: let - hostConfig = { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations = { - "/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets.enable; - recommendedProxySettings = value.forwardHeaders.enable; - extraConfig = - value.extraConfig; - }; - }; - }; - in ( - [ - { - ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; - } - ] - ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) - value.extraSubdomains - ) - ) - config.host.reverse_proxy.subdomains - ) - ); - }; - - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - # TODO: figure out how to write an assertion for this - # assertions = [ - # { - # assertion = security.acme.certs..directory == dataDir; - # message = "postgres data directory does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index ac84c1d..5426380 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -1,63 +1,6 @@ { - config, - lib, - inputs, - ... -}: { imports = [ + ./searx.nix ./proxy.nix ]; - - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; } diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index 0c1eae1..e994e4a 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,18 +4,27 @@ ... }: { options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; + }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.searx.enable && config.services.reverseProxy.enable; + }; }; }; - config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; + config = lib.mkIf config.services.searx.reverseProxy.enable { + services.reverseProxy.services.searx = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + domain = config.services.searx.domain; + extraDomains = config.services.searx.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/searx/searx.nix b/modules/nixos-modules/server/searx/searx.nix new file mode 100644 index 0000000..d4d4012 --- /dev/null +++ b/modules/nixos-modules/server/searx/searx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: { + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index f39d940..86dbb4b 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix index abc843c..5b90ee9 100644 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -5,7 +5,14 @@ }: let sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; in { - config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + options.services.sonarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.sonarr.impermanence.enable { assertions = [ { assertion = config.services.sonarr.dataDir == sonarr_data_directory; diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix deleted file mode 100644 index 22b90a6..0000000 --- a/modules/nixos-modules/server/sonarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.sonarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { - host.reverse_proxy.subdomains.sonarr = { - subdomain = config.services.sonarr.subdomain; - extraSubdomains = config.services.sonarr.extraSubdomains; - target = "http://127.0.0.1:8989"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index 4894dd4..c9a1474 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -37,9 +37,9 @@ openwakeword = { enable = true; uri = "tcp://0.0.0.0:10400"; - preloadModels = [ - "ok_nabu" - ]; + # preloadModels = [ + # "ok_nabu" + # ]; # TODO: custom models }; }; diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 6f5fac1..0a82116 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -16,6 +16,8 @@ }; }; }; + + programs.ssh.kexAlgorithms = config.services.openssh.settings.KexAlgorithms; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index bf43041..96f54d5 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,7 +1,7 @@ { config, lib, - outputs, + syncthingConfiguration, ... }: let mountDir = "/mnt/sync"; @@ -27,7 +27,7 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - configuration = outputs.syncthingConfiguration; + configuration = syncthingConfiguration; deviceName = config.networking.hostName; }; } diff --git a/rebuild.sh b/rebuild.sh index 6750450..48746d9 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -18,6 +18,7 @@ else fi show_trace=false +clean_vm=false while [ $# -gt 0 ]; do case "$1" in @@ -50,6 +51,9 @@ while [ $# -gt 0 ]; do --show-trace) show_trace=true ;; + --clean-vm) + clean_vm=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: defaults to the current system" @@ -58,6 +62,8 @@ while [ $# -gt 0 ]; do echo " currently: ${target:-$default_target}" echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" echo " currently would be: $default_mode" + echo " Available modes: switch, test, build, boot, vm" + echo " 'vm' mode builds and starts a virtual machine" echo "--user -u: defaults to the current user" echo " currently: $default_user" echo "--host: defaults to building on the current machine" @@ -65,6 +71,7 @@ while [ $# -gt 0 ]; do echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "--clean-vm: remove existing VM disk (nixos.qcow2) before building" echo "" echo "Branch-aware behavior:" echo " - On non-main branches: defaults to test mode with warning" @@ -90,6 +97,20 @@ flake=${flake:-$target} mode=${mode:-$default_mode} user=${user:-$default_user} +# Validate mode +valid_modes="switch test build boot vm" +if [[ ! " $valid_modes " =~ " $mode " ]]; then + echo "Error: Invalid mode '$mode'" + echo "Valid modes are: $valid_modes" + exit 1 +fi + +# Clean VM disk if requested +if [[ "$clean_vm" = true ]] && [[ -f "nixos.qcow2" ]]; then + echo "Removing existing VM disk: nixos.qcow2" + rm nixos.qcow2 +fi + # Branch-aware warnings and behavior if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" @@ -101,26 +122,39 @@ elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" ! echo " git checkout -b feature/your-feature-name" fi -command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" +if [[ "$mode" == "vm" ]]; then + command="nix build .#nixosConfigurations.$flake.config.system.build.vm" + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command + + if [[ $? -eq 0 ]] && [[ -d "result" ]]; then + echo "Starting VM..." + QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset + fi +else + command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" + + if [[ $host ]]; then + command="$command --build-host $host" + fi -if [[ $host ]]; -then - command="$command --build-host $host" + if [[ "$target" != "$(hostname)" ]]; then + command="$command --target-host $user@$target" + fi + + if [[ "$show_trace" = true ]]; then + command="$command --show-trace" + fi + + echo $command + $command fi -if [[ "$target" != "$(hostname)" ]]; -then - command="$command --target-host $user@$target" -fi - -if [[ "$show_trace" = true ]]; -then - command="$command --show-trace" -fi - -echo $command -$command - if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; diff --git a/util/default.nix b/util/default.nix index fb2f83d..66e300b 100644 --- a/util/default.nix +++ b/util/default.nix @@ -52,6 +52,12 @@ home-manager-config ../modules/system-modules ]; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; in { forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); @@ -62,19 +68,9 @@ in { (lib.mkUnless condition no) ]; - mkNixosInstaller = host: userKeys: - nixpkgs.lib.nixosSystem { - modules = [ - { - # TODO: authorized keys for all users and hosts - } - ../configurations/nixos/${host} - ]; - }; - mkNixosSystem = host: nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs util;}; + specialArgs = {inherit inputs outputs util syncthingConfiguration;}; modules = system-modules ++ [ @@ -83,7 +79,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; @@ -119,10 +115,4 @@ in { ../configurations/home-manager/${user} ]; }; - - syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { - modules = [ - (import ../configurations/syncthing) - ]; - }; } From b45d08e30d89dbaa05552d9a650a8957bdf0d781 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 16:07:04 -0600 Subject: [PATCH 0996/1043] feat: installed gnome-boxes for eve --- configurations/nixos/emergent/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index fd27374..156344e 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -109,6 +109,7 @@ # See https://search.nixos.org/packages for all options environment.systemPackages = with pkgs; [ wget + gnome-boxes ]; # Packages that need to be installed with some extra configuration From be8126e2c540c5e8cb7921527fc205351c2f3922 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 18:21:55 -0600 Subject: [PATCH 0997/1043] feat: switched to wayland --- .../nixos/twilight/configuration.nix | 4 - configurations/nixos/twilight/monitors.nix | 199 ------------------ .../nixos/twilight/nvidia-drivers.nix | 5 +- 3 files changed, 3 insertions(+), 205 deletions(-) delete mode 100644 configurations/nixos/twilight/monitors.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 477c517..d02af0a 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -4,10 +4,6 @@ pkgs, ... }: { - imports = [ - ./monitors.nix - ]; - nixpkgs.config.allowUnfree = true; boot.initrd.availableKernelModules = ["usb_storage"]; diff --git a/configurations/nixos/twilight/monitors.nix b/configurations/nixos/twilight/monitors.nix deleted file mode 100644 index 1308f50..0000000 --- a/configurations/nixos/twilight/monitors.nix +++ /dev/null @@ -1,199 +0,0 @@ -{pkgs, ...}: { - systemd.tmpfiles.rules = [ - "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' - - - - 0 - 156 - 1 - - - DP-4 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 2560 - 324 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 0 - 1 - - left - no - - - - HDMI-0 - HWP - HP w2207 - CND7332S88 - - - 1600 - 1000 - 59.999 - - - - - - - 0 - 0 - 1 - yes - - - DP-1 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 4480 - 226 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 2560 - 226 - 1 - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - - - 2560 - 228 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 69 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 0 - 0 - 1 - - - DP-3 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - - None-1 - unknown - unknown - unknown - - - - - ''}" - ]; -} diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index d875e37..2842d0a 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -4,8 +4,9 @@ # Load nvidia driver for Xorg and Wayland videoDrivers = ["nvidia"]; }; - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; + # Temporarily enable wayland to fix boot issue + # TODO: Investigate proper X11 session generation for gaming + displayManager.gdm.wayland = true; }; hardware = { From 04777cfb8f0a549576c187c189e0718cf6d89815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 18:43:03 -0600 Subject: [PATCH 0998/1043] feat: removed xterm --- modules/nixos-modules/desktop.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 6686ee3..66a2433 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -47,6 +47,9 @@ # Get rid of xTerm desktopManager.xterm.enable = false; + excludePackages = with pkgs; [ + xterm + ]; }; # Enable the GNOME Desktop Environment. From 719a21a95e57476e098f332d0dc9cc7417dfd2fb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 18:44:49 -0600 Subject: [PATCH 0999/1043] feat: switched emergent to using wayland --- configurations/nixos/emergent/nvidia-drivers.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b532446..05b7205 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: { +{config, ...}: { # Enable OpenGL hardware.graphics = { enable = true; @@ -16,7 +11,7 @@ videoDrivers = ["nvidia"]; }; # Use X instead of wayland - displayManager.gdm.wayland = false; + displayManager.gdm.wayland = true; }; hardware.nvidia = { From a0807b014c087a03dc585076ff455152af7de82f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Nov 2025 20:29:03 -0600 Subject: [PATCH 1000/1043] feat: moved logs to impermanence --- modules/nixos-modules/storage/storage.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 2247559..5f9f6f1 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -53,13 +53,6 @@ in { relatime = "off"; }; }; - replicate = { - "system/var/log" = { - impermanence.enable = false; - type = "zfs_fs"; - mount = "/var/log"; - }; - }; }; }) (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { @@ -107,6 +100,12 @@ in { autoSnapshot = true; }; }; + "system/var/log" = { + type = "zfs_fs"; + directories = { + "/var/log".enable = true; + }; + }; }; }; From e21cfeab94e107e47238702e319543e7c5789289 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 21:31:08 -0600 Subject: [PATCH 1001/1043] feat: switched emergent to wayland --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b532446..0fc51ac 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -16,7 +16,7 @@ videoDrivers = ["nvidia"]; }; # Use X instead of wayland - displayManager.gdm.wayland = false; + displayManager.gdm.wayland = true; }; hardware.nvidia = { From 765dde3f0fc28a028d2414a5c5f57a46df08afc5 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 27 Nov 2025 21:53:23 -0600 Subject: [PATCH 1002/1043] fix: fixed gnome boxes --- configurations/nixos/emergent/configuration.nix | 7 +++++++ configurations/nixos/emergent/hardware-configuration.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 156344e..bf6c553 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -69,6 +69,12 @@ }; }; + virtualisation.libvirtd.enable = true; + + users.users.eve = { + extraGroups = [ "libvirtd" ]; + }; + services.tailscale.enable = true; # We were having weird build errors so this is disabled right now # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option @@ -110,6 +116,7 @@ environment.systemPackages = with pkgs; [ wget gnome-boxes + libvirt ]; # Packages that need to be installed with some extra configuration diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix index 67149df..b077f9c 100644 --- a/configurations/nixos/emergent/hardware-configuration.nix +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -12,7 +12,7 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom"]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom" "kvm" "kvm_amd"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; From 9ed0958463de57a39a903ee82b65584fb4a003ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 28 Nov 2025 10:05:59 -0600 Subject: [PATCH 1003/1043] feat: installed android studio for leyla --- .../home-manager/leyla/packages/default.nix | 1 + .../nixos/emergent/configuration.nix | 2 +- .../programs/android-studio.nix | 35 +++++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + 4 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/android-studio.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index bc41350..0917d04 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -46,6 +46,7 @@ in { }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; + android-studio.enable = true; makemkv.enable = true; discord.enable = true; signal-desktop-bin.enable = true; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index bf6c553..958b423 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -72,7 +72,7 @@ virtualisation.libvirtd.enable = true; users.users.eve = { - extraGroups = [ "libvirtd" ]; + extraGroups = ["libvirtd"]; }; services.tailscale.enable = true; diff --git a/modules/home-manager-modules/programs/android-studio.nix b/modules/home-manager-modules/programs/android-studio.nix new file mode 100644 index 0000000..0f76276 --- /dev/null +++ b/modules/home-manager-modules/programs/android-studio.nix @@ -0,0 +1,35 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.android-studio = { + enable = lib.mkEnableOption "enable android-studio"; + }; + + config = lib.mkIf config.programs.android-studio.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + android-studio + ]; + } + # TODO: create this + # ( + # lib.mkIf config.impermanence.enable { + # home.persistence."/persist${config.home.homeDirectory}" = { + # directories = [ + # # configuration + # "${config.xdg.configHome}/Google/AndroidStudio" + # # Android SDK + # ".android" + # # Gradle cache + # ".gradle" + # # Android Studio projects cache + # "${config.xdg.cacheHome}/Google/AndroidStudio" + # ]; + # }; + # } + # ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index e70cfc8..5b3a169 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./android-studio.nix ./firefox.nix ./signal.nix ./bitwarden.nix From dce767403a75902c0a002537cf9f3107296e2835 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 28 Nov 2025 15:12:26 -0600 Subject: [PATCH 1004/1043] feat: updated flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index a3c552f..607a09c 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1763651264, - "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", + "lastModified": 1764350888, + "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", "owner": "nix-community", "repo": "disko", - "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", + "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1763697825, - "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", + "lastModified": 1764332086, + "narHash": "sha256-sQTS3T4nNU/he+X62q5aflqSLx2zs4A8/cx3QsLc0Vw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", + "rev": "fdc5a0a8a7cf1eb4d134ee42f62c56f293781a0e", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1763748372, - "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1763505477, - "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", + "lastModified": 1764161084, + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", + "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1763690163, - "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", + "lastModified": 1764294946, + "narHash": "sha256-8BObMeUmCAZW1BTMUQGRGiz9tpNkVt/6/+blpS9Xxgk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "590349d9faeb398a037205c2927ffbaede980539", + "rev": "134c052c3213dc69ed881e41383b8ed29c5ffe72", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762847253, - "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", + "lastModified": 1764328224, + "narHash": "sha256-hFyF1XQd+XrRx7WZCrGJp544dykexD8Q5SrJJZpEQYg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", + "rev": "d62603a997438e19182af69d3ce7be07565ecad4", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -352,11 +352,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1764204484, - "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", + "lastModified": 1764349553, + "narHash": "sha256-ZOWEZK/pZLri/jEK1J8TEbjtwpIjXwCTH9F4gbor9qQ=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", + "rev": "01aac406df2c6d0a10faa19083d608bdf90cf3a9", "type": "github" }, "original": { @@ -429,11 +429,11 @@ ] }, "locked": { - "lastModified": 1763607916, - "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { From c01ca13fcb1cf5a36b67a5a82d7d3eb66dfc51d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 28 Nov 2025 15:45:38 -0600 Subject: [PATCH 1005/1043] feat: installed docker on horizon --- configurations/nixos/horizon/configuration.nix | 2 ++ modules/nixos-modules/users.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0e86fe7..dd5975c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -85,6 +85,8 @@ }; }; + virtualisation.docker.enable = true; + environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 987e080..127c180 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -113,7 +113,7 @@ in { description = "Leyla"; extraGroups = (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) - ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout" "docker"]) ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; isNormalUser = host.users.leyla.isNormalUser; From 1c12c96efe711aac5d1909b3beab661df5276ef1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Nov 2025 12:26:57 -0600 Subject: [PATCH 1006/1043] feat: fixed disk names for twilight --- configurations/nixos/twilight/hardware-configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 94c83d6..1288343 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -18,12 +18,12 @@ fileSystems = { "/" = { - device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part2"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part2"; fsType = "ext4"; }; "/boot" = { - device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part1"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part1"; fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; From 8060e39b1193608d93821c6a27c098000053e7ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Nov 2025 13:46:25 -0600 Subject: [PATCH 1007/1043] feat: updated android studio config to match new patter --- .../programs/android-studio.nix | 29 ++++++++----------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/modules/home-manager-modules/programs/android-studio.nix b/modules/home-manager-modules/programs/android-studio.nix index 0f76276..7c60e6e 100644 --- a/modules/home-manager-modules/programs/android-studio.nix +++ b/modules/home-manager-modules/programs/android-studio.nix @@ -14,22 +14,17 @@ android-studio ]; } - # TODO: create this - # ( - # lib.mkIf config.impermanence.enable { - # home.persistence."/persist${config.home.homeDirectory}" = { - # directories = [ - # # configuration - # "${config.xdg.configHome}/Google/AndroidStudio" - # # Android SDK - # ".android" - # # Gradle cache - # ".gradle" - # # Android Studio projects cache - # "${config.xdg.cacheHome}/Google/AndroidStudio" - # ]; - # }; - # } - # ) + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist/replicate/home" = { + directories = [ + "${config.xdg.configHome}/Google/AndroidStudio" + ".android" + ".gradle" + "${config.xdg.cacheHome}/Google/AndroidStudio" + ]; + }; + } + ) ]); } From 8cd453844ab495080a1d153ea4b1320e95115e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Dec 2025 20:15:31 -0600 Subject: [PATCH 1008/1043] feat: updated flake.lock --- .../nixos/defiant/configuration.nix | 2 - flake.lock | 68 +++++++++---------- .../home-manager-modules/programs/calibre.nix | 4 -- 3 files changed, 34 insertions(+), 40 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e2f9401..d204c71 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -245,8 +245,6 @@ enable = true; exposePort = true; - acceleration = false; - environmentVariables = { OLLAMA_KEEP_ALIVE = "24h"; }; diff --git a/flake.lock b/flake.lock index 607a09c..188cb09 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1764350888, - "narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=", + "lastModified": 1765326679, + "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", "owner": "nix-community", "repo": "disko", - "rev": "2055a08fd0e2fd41318279a5355eb8a161accf26", + "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1764332086, - "narHash": "sha256-sQTS3T4nNU/he+X62q5aflqSLx2zs4A8/cx3QsLc0Vw=", + "lastModified": 1765253041, + "narHash": "sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3+5h0VRI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fdc5a0a8a7cf1eb4d134ee42f62c56f293781a0e", + "rev": "687d6eb2a8503afdeaaf9e230fb72f880daa7252", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1765121682, + "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1764361670, - "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", + "lastModified": 1765217760, + "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", "owner": "nix-community", "repo": "home-manager", - "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", + "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1763435414, - "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", + "lastModified": 1764519849, + "narHash": "sha256-XnNABKfIYKSimQVvKc9FnlC2H0LurOhd9MS6l0Z67lE=", "ref": "refs/heads/main", - "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", - "revCount": 169, + "rev": "6c95c0b6f73f831226453fc6905c216ab634c30f", + "revCount": 170, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1764161084, - "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", + "lastModified": 1765065051, + "narHash": "sha256-b7W9WsvyMOkUScNxbzS45KEJp0iiqRPyJ1I3JBE+oEE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e95de00a471d07435e0527ff4db092c84998698e", + "rev": "7e22bf538aa3e0937effcb1cee73d5f1bcc26f79", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1764294946, - "narHash": "sha256-8BObMeUmCAZW1BTMUQGRGiz9tpNkVt/6/+blpS9Xxgk=", + "lastModified": 1765245651, + "narHash": "sha256-/+ahII8MXi59KnRmzz+OgPXScr2Oyygin/XJWP7GvdU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "134c052c3213dc69ed881e41383b8ed29c5ffe72", + "rev": "32a0d010099f0b982498b11cc04d5335b0fc1556", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764328224, - "narHash": "sha256-hFyF1XQd+XrRx7WZCrGJp544dykexD8Q5SrJJZpEQYg=", + "lastModified": 1764440730, + "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d62603a997438e19182af69d3ce7be07565ecad4", + "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -352,11 +352,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1764349553, - "narHash": "sha256-ZOWEZK/pZLri/jEK1J8TEbjtwpIjXwCTH9F4gbor9qQ=", + "lastModified": 1765312847, + "narHash": "sha256-8yHfYUiFYQQrtmHl/5jBcrDLgOM8s5vPkAAVu2fiAk0=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "01aac406df2c6d0a10faa19083d608bdf90cf3a9", + "rev": "2957cdaa49117a613c46739e3c65bf28f0662b20", "type": "github" }, "original": { @@ -429,11 +429,11 @@ ] }, "locked": { - "lastModified": 1764021963, - "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", + "lastModified": 1765231718, + "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", + "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index dbe6e2b..608c75d 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -4,10 +4,6 @@ config, ... }: { - options.programs.calibre = { - enable = lib.mkEnableOption "enable calibre"; - }; - config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ { home.packages = with pkgs; [ From fa0f7b0765d471f3b821c975629b972fe2f36403 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Dec 2025 13:38:46 -0600 Subject: [PATCH 1009/1043] feat: removed ivy user --- configurations/home-manager/default.nix | 1 - configurations/home-manager/ivy/default.nix | 55 -------------- configurations/home-manager/ivy/packages.nix | 73 ------------------- .../nixos/horizon/configuration.nix | 1 - flake.lock | 8 +- modules/nixos-modules/users.nix | 34 +-------- modules/system-modules/users.nix | 5 -- nix-config-secrets | 2 +- 8 files changed, 9 insertions(+), 170 deletions(-) delete mode 100644 configurations/home-manager/ivy/default.nix delete mode 100644 configurations/home-manager/ivy/packages.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 3f88481..a7fa478 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -8,6 +8,5 @@ in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); - ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy); git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/ivy/default.nix b/configurations/home-manager/ivy/default.nix deleted file mode 100644 index 48a3cae..0000000 --- a/configurations/home-manager/ivy/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{osConfig, ...}: let - userConfig = osConfig.host.users.ivy; -in { - imports = [ - ./packages.nix - ]; - - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.ivy.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - }; -} diff --git a/configurations/home-manager/ivy/packages.nix b/configurations/home-manager/ivy/packages.nix deleted file mode 100644 index 3c2a3d9..0000000 --- a/configurations/home-manager/ivy/packages.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - config = { - nixpkgs.config = { - allowUnfree = true; - }; - - # Programs that need to be installed with some extra configuration - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - # git = { - # enable = true; - # userName = "Ivy"; - # userEmail = "ivy@example.com"; # Update this with actual email - # extraConfig.init.defaultBranch = "main"; - # }; - - openssh = { - enable = true; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }) - (lib.mkIf config.user.isDesktopUser { - vscode = { - enable = true; - package = pkgs.vscodium; - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - extraExtensions = { - # Cline extension (Claude AI assistant) - claudeDev.enable = true; - # Auto Rename Tag - autoRenameTag.enable = true; - # Live Server - liveServer.enable = true; - }; - - extensions = let - extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - in ( - with extension-pkgs.open-vsx; [ - streetsidesoftware.code-spell-checker - ] - ); - }; - }; - - firefox.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - claude-code.enable = true; - }) - ]; - }; -} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index dd5975c..aa15642 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -32,7 +32,6 @@ isPrincipleUser = true; }; eve.isDesktopUser = true; - ivy.isDesktopUser = true; }; hardware = { diff --git a/flake.lock b/flake.lock index 188cb09..fe3dc5f 100644 --- a/flake.lock +++ b/flake.lock @@ -409,11 +409,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1759945215, - "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=", + "lastModified": 1765740994, + "narHash": "sha256-aBs7m69yuiixzGzhUlWAAN+zBziBNII+BFEC/5mPcSI=", "ref": "refs/heads/main", - "rev": "444229a105445339fb028d15a8d866063c5f8141", - "revCount": 21, + "rev": "6e90a73ed2e1e81ba37628fc5e5494a80d22b526", + "revCount": 22, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 127c180..bee8ca3 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -15,7 +15,8 @@ uids = { leyla = 1000; eve = 1002; - ivy = 1004; + # ester = 1003; + # ivy = 1004; jellyfin = 2000; forgejo = 2002; hass = 2004; @@ -36,7 +37,8 @@ gids = { leyla = 1000; eve = 1002; - ivy = 1004; + # ester = 1003 + # ivy = 1004; users = 100; jellyfin_media = 2001; jellyfin = 2000; @@ -59,7 +61,6 @@ users = config.users.users; leyla = users.leyla.name; eve = users.eve.name; - ivy = users.ivy.name; in { config = lib.mkMerge [ { @@ -97,10 +98,6 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; - "passwords/ivy" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; }; }; @@ -134,19 +131,6 @@ in { group = config.users.users.eve.name; }; - ivy = { - uid = lib.mkForce uids.ivy; - name = lib.mkForce host.users.ivy.name; - description = "Ivy"; - extraGroups = - lib.optionals host.users.ivy.isNormalUser ["networkmanager"] - ++ (lib.lists.optionals host.users.ivy.isPrincipleUser ["wheel"]); - hashedPasswordFile = config.sops.secrets."passwords/ivy".path; - isNormalUser = host.users.ivy.isNormalUser; - isSystemUser = !host.users.ivy.isNormalUser; - group = config.users.users.ivy.name; - }; - jellyfin = { uid = lib.mkForce uids.jellyfin; isSystemUser = true; @@ -254,19 +238,11 @@ in { ]; }; - ivy = { - gid = lib.mkForce gids.ivy; - members = [ - ivy - ]; - }; - users = { gid = lib.mkForce gids.users; members = [ leyla eve - ivy ]; }; @@ -280,7 +256,6 @@ in { users.lidarr.name leyla eve - ivy ]; }; @@ -314,7 +289,6 @@ in { users.syncthing.name leyla eve - ivy ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index dda9ed3..cd9c900 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -89,11 +89,6 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; - ivy = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; }; assertions = diff --git a/nix-config-secrets b/nix-config-secrets index 444229a..6e90a73 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 444229a105445339fb028d15a8d866063c5f8141 +Subproject commit 6e90a73ed2e1e81ba37628fc5e5494a80d22b526 From aab05a8135ea55b5bf6326c08e64b49dc1c0b04d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 20 Dec 2025 10:35:21 -0600 Subject: [PATCH 1010/1043] feat: created entries to install PWA's --- .../home-manager/leyla/packages/default.nix | 3 ++ .../home-manager-modules/programs/default.nix | 3 ++ .../programs/matrix-cyberia-pwa.nix | 33 +++++++++++++++++++ .../programs/proton-calendar-pwa.nix | 32 ++++++++++++++++++ .../programs/proton-mail-pwa.nix | 32 ++++++++++++++++++ 5 files changed, 103 insertions(+) create mode 100644 modules/home-manager-modules/programs/matrix-cyberia-pwa.nix create mode 100644 modules/home-manager-modules/programs/proton-calendar-pwa.nix create mode 100644 modules/home-manager-modules/programs/proton-mail-pwa.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 0917d04..a3669af 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -72,6 +72,9 @@ in { noita-entangled-worlds.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; + proton-mail-pwa.enable = true; + proton-calendar-pwa.enable = true; + matrix-cyberia-pwa.enable = true; }) ]; } diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 5b3a169..916eb31 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -46,5 +46,8 @@ ./gdx-liftoff.nix ./tor-browser.nix ./vmware-workstation.nix + ./proton-mail-pwa.nix + ./proton-calendar-pwa.nix + ./matrix-cyberia-pwa.nix ]; } diff --git a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix new file mode 100644 index 0000000..46cb402 --- /dev/null +++ b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix @@ -0,0 +1,33 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.matrix-cyberia-pwa = { + enable = lib.mkEnableOption "enable Matrix Cyberia PWA"; + }; + + config = lib.mkIf config.programs.matrix-cyberia-pwa.enable (lib.mkMerge [ + { + xdg.desktopEntries.matrix-cyberia-pwa = { + name = "Matrix (Cyberia)"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=https://chat.cyberia.club/"; + icon = "matrix"; + terminal = false; + categories = ["Network" "InstantMessaging"]; + }; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proton-calendar-pwa.nix b/modules/home-manager-modules/programs/proton-calendar-pwa.nix new file mode 100644 index 0000000..4a52dd8 --- /dev/null +++ b/modules/home-manager-modules/programs/proton-calendar-pwa.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.proton-calendar-pwa = { + enable = lib.mkEnableOption "enable Proton Calendar PWA"; + }; + + config = lib.mkIf config.programs.proton-calendar-pwa.enable (lib.mkMerge [ + { + xdg.desktopEntries.proton-calendar-pwa = { + name = "Proton Calendar"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=https://calendar.proton.me"; + icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; + terminal = false; + }; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proton-mail-pwa.nix b/modules/home-manager-modules/programs/proton-mail-pwa.nix new file mode 100644 index 0000000..7b302d5 --- /dev/null +++ b/modules/home-manager-modules/programs/proton-mail-pwa.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.proton-mail-pwa = { + enable = lib.mkEnableOption "enable Proton Mail PWA"; + }; + + config = lib.mkIf config.programs.proton-mail-pwa.enable (lib.mkMerge [ + { + xdg.desktopEntries.proton-mail-pwa = { + name = "Proton Mail"; + type = "Application"; + exec = "${pkgs.chromium}/bin/chromium --app=https://mail.proton.me"; + icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; + terminal = false; + }; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} From b75aaca605b32a6e8bf4ba36d48a3743f2890e2f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Dec 2025 01:42:59 -0600 Subject: [PATCH 1011/1043] feat: added more options to pwa packages --- .../programs/matrix-cyberia-pwa.nix | 28 ++++++++++++++++--- .../programs/proton-calendar-pwa.nix | 28 ++++++++++++++++--- .../programs/proton-mail-pwa.nix | 28 ++++++++++++++++--- 3 files changed, 72 insertions(+), 12 deletions(-) diff --git a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix index 46cb402..666836b 100644 --- a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix +++ b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix @@ -3,24 +3,44 @@ pkgs, config, ... -}: { +}: let + cfg = config.programs.matrix-cyberia-pwa; + isChromium = cfg.package == pkgs.chromium; + isBrowserImpermanenceSupported = cfg.package == pkgs.chromium; +in { options.programs.matrix-cyberia-pwa = { enable = lib.mkEnableOption "enable Matrix Cyberia PWA"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chromium; + description = "Browser package to use for the PWA"; + }; + impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = isBrowserImpermanenceSupported; + description = "Enable impermanence configuration for the PWA. Only automatically enabled when using chromium."; + }; + }; }; - config = lib.mkIf config.programs.matrix-cyberia-pwa.enable (lib.mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { xdg.desktopEntries.matrix-cyberia-pwa = { name = "Matrix (Cyberia)"; type = "Application"; - exec = "${pkgs.chromium}/bin/chromium --app=https://chat.cyberia.club/"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://chat.cyberia.club/"; icon = "matrix"; terminal = false; categories = ["Network" "InstantMessaging"]; }; + + warnings = + lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) + "matrix-cyberia-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } ( - lib.mkIf config.impermanence.enable { + lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/home-manager-modules/programs/proton-calendar-pwa.nix b/modules/home-manager-modules/programs/proton-calendar-pwa.nix index 4a52dd8..d927452 100644 --- a/modules/home-manager-modules/programs/proton-calendar-pwa.nix +++ b/modules/home-manager-modules/programs/proton-calendar-pwa.nix @@ -3,23 +3,43 @@ pkgs, config, ... -}: { +}: let + cfg = config.programs.proton-calendar-pwa; + isChromium = cfg.package == pkgs.chromium; + isBrowserImpermanenceSupported = cfg.package == pkgs.chromium; +in { options.programs.proton-calendar-pwa = { enable = lib.mkEnableOption "enable Proton Calendar PWA"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chromium; + description = "Browser package to use for the PWA"; + }; + impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = isBrowserImpermanenceSupported; + description = "Enable impermanence configuration for the PWA. Only automatically enabled when using chromium."; + }; + }; }; - config = lib.mkIf config.programs.proton-calendar-pwa.enable (lib.mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { xdg.desktopEntries.proton-calendar-pwa = { name = "Proton Calendar"; type = "Application"; - exec = "${pkgs.chromium}/bin/chromium --app=https://calendar.proton.me"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://calendar.proton.me"; icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; terminal = false; }; + + warnings = + lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) + "proton-calendar-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } ( - lib.mkIf config.impermanence.enable { + lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/home-manager-modules/programs/proton-mail-pwa.nix b/modules/home-manager-modules/programs/proton-mail-pwa.nix index 7b302d5..bbbf3b2 100644 --- a/modules/home-manager-modules/programs/proton-mail-pwa.nix +++ b/modules/home-manager-modules/programs/proton-mail-pwa.nix @@ -3,23 +3,43 @@ pkgs, config, ... -}: { +}: let + cfg = config.programs.proton-mail-pwa; + isChromium = cfg.package == pkgs.chromium; + isBrowserImpermanenceSupported = cfg.package == pkgs.chromium; +in { options.programs.proton-mail-pwa = { enable = lib.mkEnableOption "enable Proton Mail PWA"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chromium; + description = "Browser package to use for the PWA"; + }; + impermanence = { + enable = lib.mkOption { + type = lib.types.bool; + default = isBrowserImpermanenceSupported; + description = "Enable impermanence configuration for the PWA. Only automatically enabled when using chromium."; + }; + }; }; - config = lib.mkIf config.programs.proton-mail-pwa.enable (lib.mkMerge [ + config = lib.mkIf cfg.enable (lib.mkMerge [ { xdg.desktopEntries.proton-mail-pwa = { name = "Proton Mail"; type = "Application"; - exec = "${pkgs.chromium}/bin/chromium --app=https://mail.proton.me"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://mail.proton.me"; icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; terminal = false; }; + + warnings = + lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) + "proton-mail-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } ( - lib.mkIf config.impermanence.enable { + lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" From cb19c771f50199b47e5bd6171773a57dca3dfa34 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Dec 2025 13:19:49 -0600 Subject: [PATCH 1012/1043] fix: fixed generation when we manually set the package --- .../programs/matrix-cyberia-pwa.nix | 23 +++++++++++-------- .../programs/proton-calendar-pwa.nix | 21 +++++++++-------- .../programs/proton-mail-pwa.nix | 21 +++++++++-------- 3 files changed, 37 insertions(+), 28 deletions(-) diff --git a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix index 666836b..644df92 100644 --- a/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix +++ b/modules/home-manager-modules/programs/matrix-cyberia-pwa.nix @@ -26,19 +26,22 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [ { - xdg.desktopEntries.matrix-cyberia-pwa = { - name = "Matrix (Cyberia)"; - type = "Application"; - exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://chat.cyberia.club/"; - icon = "matrix"; - terminal = false; - categories = ["Network" "InstantMessaging"]; - }; - warnings = lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) - "matrix-cyberia-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; + "matrix-cyberia-pwa: Using unsupported package. You will need to manually configure pwa for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } + ( + lib.mkIf isChromium { + xdg.desktopEntries.matrix-cyberia-pwa = { + name = "Matrix (Cyberia)"; + type = "Application"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://chat.cyberia.club/"; + icon = "matrix"; + terminal = false; + categories = ["Network" "InstantMessaging"]; + }; + } + ) ( lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/modules/home-manager-modules/programs/proton-calendar-pwa.nix b/modules/home-manager-modules/programs/proton-calendar-pwa.nix index d927452..33796e2 100644 --- a/modules/home-manager-modules/programs/proton-calendar-pwa.nix +++ b/modules/home-manager-modules/programs/proton-calendar-pwa.nix @@ -26,18 +26,21 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [ { - xdg.desktopEntries.proton-calendar-pwa = { - name = "Proton Calendar"; - type = "Application"; - exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://calendar.proton.me"; - icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; - terminal = false; - }; - warnings = lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) - "proton-calendar-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; + "proton-calendar-pwa: Using unsupported package. You will need to manually configure pwa for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } + ( + lib.mkIf isChromium { + xdg.desktopEntries.proton-calendar-pwa = { + name = "Proton Calendar"; + type = "Application"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://calendar.proton.me"; + icon = "chrome-ojibjkjikcpjonjjngfkegflhmffeemk-Default"; + terminal = false; + }; + } + ) ( lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { diff --git a/modules/home-manager-modules/programs/proton-mail-pwa.nix b/modules/home-manager-modules/programs/proton-mail-pwa.nix index bbbf3b2..3a3fe89 100644 --- a/modules/home-manager-modules/programs/proton-mail-pwa.nix +++ b/modules/home-manager-modules/programs/proton-mail-pwa.nix @@ -26,18 +26,21 @@ in { config = lib.mkIf cfg.enable (lib.mkMerge [ { - xdg.desktopEntries.proton-mail-pwa = { - name = "Proton Mail"; - type = "Application"; - exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://mail.proton.me"; - icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; - terminal = false; - }; - warnings = lib.optional (config.impermanence.enable && !isBrowserImpermanenceSupported) - "proton-mail-pwa: Using unsupported package with impermanence enabled. You will need to manually configure impermanence for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; + "proton-mail-pwa: Using unsupported package. You will need to manually configure pwa for ${cfg.package.pname}. Supported package(s) ${pkgs.chromium.pname}"; } + ( + lib.mkIf isChromium { + xdg.desktopEntries.proton-mail-pwa = { + name = "Proton Mail"; + type = "Application"; + exec = "${cfg.package}/bin/${cfg.package.pname} --app=https://mail.proton.me"; + icon = "chrome-jnpecgipniidlgicjocehkhajgdnjekh-Default"; + terminal = false; + }; + } + ) ( lib.mkIf (config.impermanence.enable && cfg.impermanence.enable && isChromium) { home.persistence."/persist${config.home.homeDirectory}" = { From 8df63b30945484541fc91b9ba08473ea4c853477 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 8 Jan 2026 20:09:40 -0600 Subject: [PATCH 1013/1043] feat: updated flake.lock --- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/horizon/configuration.nix | 5 +- flake.lock | 196 +++++++++--------- .../home-manager-modules/programs/idea.nix | 8 +- 4 files changed, 105 insertions(+), 106 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index a3669af..ae9b1a9 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -52,7 +52,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = true; + jetbrains.idea-oss.enable = true; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index aa15642..b81a895 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -89,13 +89,10 @@ environment.systemPackages = with pkgs; [ cachefilesd webtoon-dl + android-tools ]; services.cachefilesd.enable = true; - programs = { - adb.enable = true; - }; - networking = { networkmanager.enable = true; hostName = "horizon"; # Define your hostname. diff --git a/flake.lock b/flake.lock index fe3dc5f..0e0008a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,5 @@ { "nodes": { - "devshell": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -25,11 +7,11 @@ ] }, "locked": { - "lastModified": 1765326679, - "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -46,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1765253041, - "narHash": "sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3+5h0VRI=", + "lastModified": 1767911574, + "narHash": "sha256-JsYIPaTgbJHEb1rgzwS9H+c0hCy/Sr1WaxNgtvu6xro=", "owner": "rycee", "repo": "nur-expressions", - "rev": "687d6eb2a8503afdeaaf9e230fb72f880daa7252", + "rev": "0d02843bec4ca8a16f7f08c25fe4e40cd829de0f", "type": "gitlab" }, "original": { @@ -62,11 +44,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1765121682, - "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -75,6 +57,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -93,24 +93,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -133,11 +115,32 @@ ] }, "locked": { - "lastModified": 1765217760, - "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", + "lastModified": 1767909183, + "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", + "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -185,11 +188,11 @@ ] }, "locked": { - "lastModified": 1764519849, - "narHash": "sha256-XnNABKfIYKSimQVvKc9FnlC2H0LurOhd9MS6l0Z67lE=", + "lastModified": 1767364176, + "narHash": "sha256-l6YdEBYQxXjD8ujqvc0tKdwWc3K8UQOi+E4Y3DKQ318=", "ref": "refs/heads/main", - "rev": "6c95c0b6f73f831226453fc6905c216ab634c30f", - "revCount": 170, + "rev": "1688100bba140492658d597f6b307c327f35c780", + "revCount": 179, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -200,18 +203,17 @@ }, "mcp-nixos": { "inputs": { - "devshell": "devshell", - "flake-utils": "flake-utils_2", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1760821194, - "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", + "lastModified": 1767822362, + "narHash": "sha256-rnpIDY/sy/uV+1dsW+MrFwAFE/RHg5K/6aa5k7Yt1Dc=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", + "rev": "9706014c1530ba12ff36ca8d9d1717b1e61d29db", "type": "github" }, "original": { @@ -227,11 +229,11 @@ ] }, "locked": { - "lastModified": 1765065051, - "narHash": "sha256-b7W9WsvyMOkUScNxbzS45KEJp0iiqRPyJ1I3JBE+oEE=", + "lastModified": 1767718503, + "narHash": "sha256-V+VkFs0aSG0ca8p/N3gib7FAf4cq9jyr5Gm+ZBrHQpo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7e22bf538aa3e0937effcb1cee73d5f1bcc26f79", + "rev": "9f48ffaca1f44b3e590976b4da8666a9e86e6eb1", "type": "github" }, "original": { @@ -268,11 +270,11 @@ ] }, "locked": { - "lastModified": 1765245651, - "narHash": "sha256-/+ahII8MXi59KnRmzz+OgPXScr2Oyygin/XJWP7GvdU=", + "lastModified": 1767838417, + "narHash": "sha256-UJ6qBXzOh/FMYgP/OlM8QeKolpQYN0198onIu8oB6dM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32a0d010099f0b982498b11cc04d5335b0fc1556", + "rev": "4e92639f25e4f530990a99a32da696ee9117eb1e", "type": "github" }, "original": { @@ -283,11 +285,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1764440730, - "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", + "lastModified": 1767185284, + "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", + "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", "type": "github" }, "original": { @@ -299,27 +301,42 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722073938, - "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", - "owner": "NixOS", + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs_2": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "type": "github" }, "original": { @@ -349,14 +366,14 @@ "inputs": { "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1765312847, - "narHash": "sha256-8yHfYUiFYQQrtmHl/5jBcrDLgOM8s5vPkAAVu2fiAk0=", + "lastModified": 1765628894, + "narHash": "sha256-7q1foPZ6ZlspMNa48oRT7iMl89cvMMaWtdrJweE6B8I=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "2957cdaa49117a613c46739e3c65bf28f0662b20", + "rev": "266c6871b2878cf3b6f180c6d299da88f12c9f8e", "type": "github" }, "original": { @@ -429,11 +446,11 @@ ] }, "locked": { - "lastModified": 1765231718, - "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", + "lastModified": 1767826491, + "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", + "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe", "type": "github" }, "original": { @@ -458,21 +475,6 @@ } }, "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { "flake": false, "locked": { "lastModified": 1681028828, diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index e59e7b2..b193416 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -4,14 +4,14 @@ config, ... }: { - options.programs.jetbrains.idea-community = { - enable = lib.mkEnableOption "enable idea-community"; + options.programs.jetbrains.idea-oss = { + enable = lib.mkEnableOption "enable idea-oss"; }; - config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ + config = lib.mkIf config.programs.jetbrains.idea-oss.enable (lib.mkMerge [ { home.packages = with pkgs; [ - jetbrains.idea-community + jetbrains.idea-oss ]; } ( From 2868448c2ddc29771dfb10a2e06f1a0cb2699ab6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 8 Jan 2026 20:27:06 -0600 Subject: [PATCH 1014/1043] fix: disabled build tests for jackett due to failing year rollover tests upstream --- modules/nixos-modules/server/jackett/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index 86dbb4b..e70a929 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -2,4 +2,16 @@ imports = [ ./impermanence.nix ]; + + config = { + nixpkgs.overlays = [ + # Disable jackett tests due to date-related test failures + # (ParseDateTimeGoLangTest expects 2024-09-14 but gets 2025-09-14 due to year rollover logic) + (final: prev: { + jackett = prev.jackett.overrideAttrs (oldAttrs: { + doCheck = false; + }); + }) + ]; + }; } From 3081267b4e3470e0c4b5ad7a0712484e88d716b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 11 Jan 2026 18:14:06 -0600 Subject: [PATCH 1015/1043] feat: installed kicad --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/kicad.nix | 23 +++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 modules/home-manager-modules/programs/kicad.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index ae9b1a9..33dd033 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -75,6 +75,7 @@ in { proton-mail-pwa.enable = true; proton-calendar-pwa.enable = true; matrix-cyberia-pwa.enable = true; + kicad.enable = true; }) ]; } diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 916eb31..8a8e8b5 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -14,6 +14,7 @@ ./prostudiomasters.nix ./idea.nix ./kdenlive.nix + ./kicad.nix ./krita.nix ./protonvpn.nix ./calibre.nix diff --git a/modules/home-manager-modules/programs/kicad.nix b/modules/home-manager-modules/programs/kicad.nix new file mode 100644 index 0000000..c2414c1 --- /dev/null +++ b/modules/home-manager-modules/programs/kicad.nix @@ -0,0 +1,23 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.kicad = { + enable = lib.mkEnableOption "enable kicad"; + }; + + config = lib.mkIf config.programs.kicad.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + kicad + ]; + } + ( + lib.mkIf config.impermanence.enable { + # TODO: + } + ) + ]); +} From 629950bc6f0e0460fcf79fd275ca03a4464b267e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 11 Jan 2026 18:19:36 -0600 Subject: [PATCH 1016/1043] feat: installed pioarduino for vscode --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/platformIO.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/platformIO.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 36168b2..9d82ef2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,6 +72,9 @@ in { # rust development rustAnalyzer.enable = true; + # arduino development + platformIO.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index f9d83dc..b735e72 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./platformIO.nix ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix diff --git a/modules/home-manager-modules/programs/vscode/platformIO.nix b/modules/home-manager-modules/programs/vscode/platformIO.nix new file mode 100644 index 0000000..ec57ef2 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/platformIO.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.platformIO = { + enable = lib.mkEnableOption "should the platformIO extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "platformIO" { + default = ["pioarduino" "pioarduino-ide"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.platformIO.enable { + extensions = [ + config.extraExtensions.platformIO.extension + ]; + }; + })); + }; +} From 769359d6e9210446335a2935a6a2e440d1bb4fad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 11 Jan 2026 18:42:34 -0600 Subject: [PATCH 1017/1043] fix: made platformio not used built in things --- modules/home-manager-modules/programs/vscode/platformIO.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/platformIO.nix b/modules/home-manager-modules/programs/vscode/platformIO.nix index ec57ef2..ace83b7 100644 --- a/modules/home-manager-modules/programs/vscode/platformIO.nix +++ b/modules/home-manager-modules/programs/vscode/platformIO.nix @@ -21,6 +21,9 @@ in { extensions = [ config.extraExtensions.platformIO.extension ]; + userSettings = { + "platformio-ide.useBuiltinPIOCore" = false; + }; }; })); }; From 2a3c5b76eeb8b57c5cf3f473b68f0d30d7fc8fe4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 15 Jan 2026 19:53:27 -0600 Subject: [PATCH 1018/1043] feat: updated flake.lock --- flake.lock | 77 +++++++++++++++++------------------------------- flake.nix | 2 +- util/default.nix | 2 +- 3 files changed, 29 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index 0e0008a..6116658 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1767911574, - "narHash": "sha256-JsYIPaTgbJHEb1rgzwS9H+c0hCy/Sr1WaxNgtvu6xro=", + "lastModified": 1768500104, + "narHash": "sha256-Xa8XJaydHKAhDCLyjdKcDKjFrGgdahNcVo1boGUdZKY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "0d02843bec4ca8a16f7f08c25fe4e40cd829de0f", + "rev": "7e517454cd248c76046c3157b56662d223de29b1", "type": "gitlab" }, "original": { @@ -115,32 +115,11 @@ ] }, "locked": { - "lastModified": 1767909183, - "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", + "lastModified": 1768512489, + "narHash": "sha256-jZi945d3e6DYhrw3K5Pew+QaL3qSgq3O6xiVaEVLgXs=", "owner": "nix-community", "repo": "home-manager", - "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "impermanence", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "bba859cd85b90dd9e4e6fd44b2af4aa64ae801a1", "type": "github" }, "original": { @@ -204,9 +183,7 @@ "mcp-nixos": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1767822362, @@ -229,11 +206,11 @@ ] }, "locked": { - "lastModified": 1767718503, - "narHash": "sha256-V+VkFs0aSG0ca8p/N3gib7FAf4cq9jyr5Gm+ZBrHQpo=", + "lastModified": 1768220509, + "narHash": "sha256-8wMrJP/Xk5Dkm0TxzaERLt3eGFEhHTWaJKUpK3AoL4o=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "9f48ffaca1f44b3e590976b4da8666a9e86e6eb1", + "rev": "7b1d394e7d9112d4060e12ef3271b38a7c43e83b", "type": "github" }, "original": { @@ -270,11 +247,11 @@ ] }, "locked": { - "lastModified": 1767838417, - "narHash": "sha256-UJ6qBXzOh/FMYgP/OlM8QeKolpQYN0198onIu8oB6dM=", + "lastModified": 1768443224, + "narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4e92639f25e4f530990a99a32da696ee9117eb1e", + "rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5", "type": "github" }, "original": { @@ -285,11 +262,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1767185284, - "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", + "lastModified": 1768499669, + "narHash": "sha256-jJr/zDxu5evfQxlXtMrFFF68/RNj1UrctS/eIsay4k0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", + "rev": "7297dfc69ae9b06e984a6f69900ce25e67c76f46", "type": "github" }, "original": { @@ -301,15 +278,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", - "owner": "nixos", + "lastModified": 1767640445, + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -332,11 +309,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1768305791, + "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", "type": "github" }, "original": { @@ -446,11 +423,11 @@ ] }, "locked": { - "lastModified": 1767826491, - "narHash": "sha256-WSBENPotD2MIhZwolL6GC9npqgaS5fkM7j07V2i/Ur8=", + "lastModified": 1768481291, + "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ea3adcb6d2a000d9a69d0e23cad1f2cacb3a9fbe", + "rev": "e085e303dfcce21adcb5fec535d65aacb066f101", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e935688..ae110da 100644 --- a/flake.nix +++ b/flake.nix @@ -75,7 +75,7 @@ # MCP NixOS server for Claude Dev mcp-nixos = { url = "github:utensils/mcp-nixos"; - inputs.nixpkgs.follows = "nixpkgs"; + # Not following nixpkgs because aws-sam-translator doesn't support Python 3.14 yet }; # Noita Entangled Worlds package diff --git a/util/default.nix b/util/default.nix index 66e300b..246543d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" From e6e53141ce83ef5be528a6eec797ee89334dc338 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 15 Jan 2026 20:09:21 -0600 Subject: [PATCH 1019/1043] feat: switched back to main for impermanence --- flake.lock | 11 +++++------ flake.nix | 2 +- util/default.nix | 1 - 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index fc9272e..0c32755 100644 --- a/flake.lock +++ b/flake.lock @@ -138,16 +138,15 @@ ] }, "locked": { - "lastModified": 1762761176, - "narHash": "sha256-i3gM8fUozQrgZIbwVNlTuhLqPSl56zxAYpsQpQ9Lhro=", - "owner": "jan-leila", + "lastModified": 1767822991, + "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "owner": "nix-community", "repo": "impermanence", - "rev": "ffbe1ca47cf4b3008c3aa5c49cdae294d8c8058a", + "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", "type": "github" }, "original": { - "owner": "jan-leila", - "ref": "home-manager-v2", + "owner": "nix-community", "repo": "impermanence", "type": "github" } diff --git a/flake.nix b/flake.nix index 5fe65db..df5f6e9 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ # delete your darlings impermanence = { - url = "github:jan-leila/impermanence/home-manager-v2"; + url = "github:nix-community/impermanence"; inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; diff --git a/util/default.nix b/util/default.nix index 246543d..d72d00d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -29,7 +29,6 @@ common-modules ++ [ sops-nix.homeManagerModules.sops - impermanence.homeManagerModules.impermanence ../modules/home-manager-modules ]; From 3370cd7ab305db5f87be1a19b4e12230e39bab81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 15 Jan 2026 21:50:36 -0600 Subject: [PATCH 1020/1043] feat: bound impermanence filesystem datasets filesystem --- modules/nixos-modules/storage/impermanence.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 9af5681..cb20295 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -84,6 +84,8 @@ in { lib.mapAttrs' ( datasetName: dataset: lib.nameValuePair "/${datasetName}" { + device = "rpool/${datasetName}"; + fsType = "zfs"; neededForBoot = true; } ) From 66ed7e75ba73fbf8f0a6383bd470f1f55f7ee2d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Feb 2026 17:40:31 -0600 Subject: [PATCH 1021/1043] fix: disabled IdentityFile config for ssh --- modules/home-manager-modules/openssh.nix | 6 +++--- nix-config-secrets | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index afc98dd..5f07491 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -52,9 +52,9 @@ addKeysToAgent = "confirm"; }; }; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); + # extraConfig = lib.strings.concatLines ( + # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + # ); }; systemd.user.services = builtins.listToAttrs ( diff --git a/nix-config-secrets b/nix-config-secrets index 6e90a73..22be815 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 6e90a73ed2e1e81ba37628fc5e5494a80d22b526 +Subproject commit 22be81505a49cd205e9b5c91f51af69c0b885ed3 From d7301886c6e42bda4fbb25cd1342d8cde1e8d4a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 12:12:51 -0600 Subject: [PATCH 1022/1043] chore: added tasks to README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d29ba58..3ffeac8 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins - [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices +- [ ] Home manager impermanence is preventing updates to the latest version of the module ## Broken things - [ ] figure out steam vr things? @@ -102,7 +103,9 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] Penpot services (need to make this custom) - [ ] minecraft server with old world file - [ ] storj server +- [ ] XMR miner used to heat home based on smart thermostat - [ ] Create Tor guard/relay server +- [ ] Create i2P node - [ ] screeps server - [ ] mastodon instance From f86cba6d021c49f8b249884a9879eed4007528b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 12:14:49 -0600 Subject: [PATCH 1023/1043] chore: added tasks to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3ffeac8..15ea0a3 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Broken things - [ ] figure out steam vr things? - [ ] whisper was having issues +- [ ] auto loading of ssh agent keys that we auto generate per system ## Data Integrity - [ ] zfs email after scrubbing # TODO: test this From 468f1cb40f74ef062387593102d94ca3126f9c7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 14:17:08 -0600 Subject: [PATCH 1024/1043] feat: added bookmark for Cyberia git --- .../home-manager/leyla/packages/firefox/bookmarks.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix index 4210d1e..bd172e7 100644 --- a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -141,6 +141,12 @@ keyword = ""; tags = [""]; } + { + name = "Cyberia Git"; + url = "https://git.cyberia.club"; + keyword = ""; + tags = [""]; + } # Template # { # name = ""; From b9a746a98980998429eca5ac92af0e45e870944e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Feb 2026 14:31:51 -0600 Subject: [PATCH 1025/1043] feat: added Cyberia to leyla words --- configurations/home-manager/leyla/packages/vscode/user-words.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index bb99bbc..112269e 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -6,6 +6,7 @@ config.programs.vscode.profiles.default.userSettings = { "cSpell.userWords" = [ "leyla" + "Cyberia" ]; "cSpell.languageSettings" = [ From 18c738cc2f0d59c104ca4b73a8df4db5d56df65e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 12:37:42 -0600 Subject: [PATCH 1026/1043] feat: disabled impermanence for all the needed services --- .../nixos/defiant/configuration.nix | 29 +++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9aa2e34..52eb452 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -226,6 +226,7 @@ postgresql = { enable = true; adminUsers = ["leyla"]; + impermanence.enable = false; }; # temp enable desktop environment for setup @@ -244,6 +245,7 @@ reverseProxy = { enable = true; openFirewall = true; + impermanence.enable = false; acme = { enable = true; email = "jan-leila@protonmail.com"; @@ -253,6 +255,7 @@ ollama = { enable = true; exposePort = true; + impermanence.enable = false; environmentVariables = { OLLAMA_KEEP_ALIVE = "24h"; @@ -287,6 +290,7 @@ enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; + impermanence.enable = false; extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" @@ -299,24 +303,33 @@ ]; }; - syncthing.enable = true; + syncthing = { + enable = true; + impermanence.enable = false; + }; - fail2ban.enable = true; + fail2ban = { + enable = true; + impermanence.enable = false; + }; jellyfin = { enable = true; domain = "media.jan-leila.com"; extraDomains = ["jellyfin.jan-leila.com"]; + impermanence.enable = false; }; immich = { enable = true; domain = "photos.jan-leila.com"; + impermanence.enable = false; }; forgejo = { enable = true; reverseProxy.domain = "git.jan-leila.com"; + impermanence.enable = false; }; searx = { @@ -327,6 +340,7 @@ actual = { enable = true; domain = "budget.jan-leila.com"; + impermanence.enable = false; }; home-assistant = { @@ -334,6 +348,7 @@ domain = "home.jan-leila.com"; openFirewall = true; postgres.enable = true; + impermanence.enable = false; extensions = { sonos.enable = true; @@ -346,11 +361,13 @@ enable = true; domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; + impermanence.enable = false; }; panoramax = { enable = false; openFirewall = true; + impermanence.enable = false; }; crab-hole = { @@ -358,6 +375,7 @@ port = 8085; openFirewall = true; show_doc = true; + impermanence.enable = false; downstreams = { host = { enable = true; @@ -373,31 +391,38 @@ mediaDir = "/srv/qbittorent"; openFirewall = true; webuiPort = 8084; + impermanence.enable = false; }; sonarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; radarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; bazarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; lidarr = { enable = true; openFirewall = true; + impermanence.enable = false; }; jackett = { enable = true; openFirewall = true; + impermanence.enable = false; }; flaresolverr = { enable = true; openFirewall = true; + impermanence.enable = false; }; }; From 3302af38b38ab61ea9de9f065ac213da3d8d2e58 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 12:50:58 -0600 Subject: [PATCH 1027/1043] feat: moved legacy datasets from main into defiant configuration --- configurations/nixos/defiant/default.nix | 1 + .../nixos/defiant/legacy-impermanence.nix | 214 ++++++++++++++++++ 2 files changed, 215 insertions(+) create mode 100644 configurations/nixos/defiant/legacy-impermanence.nix diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 3013946..d53f9cc 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,5 +4,6 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./legacy-impermanence.nix ]; } diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix new file mode 100644 index 0000000..5d6081c --- /dev/null +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -0,0 +1,214 @@ +# Legacy impermanence module for defiant +# This module contains all the impermanence configurations that were previously +# handled by individual service modules on the main branch. It allows us to +# merge the storage-refactor branch into main while keeping current functionality, +# and then migrate services one at a time to the new automated impermanence system. +# +# To migrate a service to the new system: +# 1. Remove the service's configuration from this file +# 2. Set `impermanence.enable = true` for that service in configuration.nix +# 3. Remove `impermanence.enable = false` from the service configuration +{ + config, + lib, + ... +}: { + config = lib.mkIf config.storage.impermanence.enable { + environment.persistence."/persist/replicate/system/root" = { + enable = true; + hideMounts = true; + directories = lib.mkMerge [ + # PostgreSQL + (lib.mkIf config.services.postgresql.enable [ + { + directory = "/var/lib/postgresql/16"; + user = "postgres"; + group = "postgres"; + } + ]) + + # Reverse Proxy (ACME) + (lib.mkIf config.services.reverseProxy.enable [ + { + directory = "/var/lib/acme"; + user = "acme"; + group = "acme"; + } + ]) + + # Ollama + (lib.mkIf config.services.ollama.enable [ + { + directory = "/var/lib/private/ollama"; + user = config.services.ollama.user; + group = config.services.ollama.group; + mode = "0700"; + } + ]) + + # Tailscale + (lib.mkIf config.services.tailscale.enable [ + { + directory = "/var/lib/tailscale"; + user = "root"; + group = "root"; + } + ]) + + # Syncthing + (lib.mkIf config.services.syncthing.enable [ + { + directory = "/mnt/sync"; + user = "syncthing"; + group = "syncthing"; + } + { + directory = "/etc/syncthing"; + user = "syncthing"; + group = "syncthing"; + } + ]) + + # Fail2ban + (lib.mkIf config.services.fail2ban.enable [ + { + directory = "/var/lib/fail2ban"; + user = "fail2ban"; + group = "fail2ban"; + } + ]) + + # Jellyfin + (lib.mkIf config.services.jellyfin.enable [ + { + directory = "/var/lib/jellyfin"; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = "/var/cache/jellyfin"; + user = "jellyfin"; + group = "jellyfin"; + } + ]) + + # Immich + (lib.mkIf config.services.immich.enable [ + { + directory = "/var/lib/immich"; + user = "immich"; + group = "immich"; + } + ]) + + # Forgejo + (lib.mkIf config.services.forgejo.enable [ + { + directory = "/var/lib/forgejo"; + user = "forgejo"; + group = "forgejo"; + } + ]) + + # Actual + (lib.mkIf config.services.actual.enable [ + { + directory = "/var/lib/private/actual"; + user = "actual"; + group = "actual"; + } + ]) + + # Home Assistant + (lib.mkIf config.services.home-assistant.enable [ + { + directory = "/var/lib/hass"; + user = "hass"; + group = "hass"; + } + ]) + + # Paperless + (lib.mkIf config.services.paperless.enable [ + { + directory = "/var/lib/paperless"; + user = "paperless"; + group = "paperless"; + } + ]) + + # Crab-hole + (lib.mkIf config.services.crab-hole.enable [ + { + directory = "/var/lib/private/crab-hole"; + user = "crab-hole"; + group = "crab-hole"; + } + ]) + + # qBittorrent + (lib.mkIf config.services.qbittorrent.enable [ + { + directory = "/var/lib/qBittorrent/"; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]) + + # Sonarr + (lib.mkIf config.services.sonarr.enable [ + { + directory = "/var/lib/sonarr/.config/NzbDrone"; + user = "sonarr"; + group = "sonarr"; + } + ]) + + # Radarr + (lib.mkIf config.services.radarr.enable [ + { + directory = "/var/lib/radarr/.config/Radarr"; + user = "radarr"; + group = "radarr"; + } + ]) + + # Bazarr + (lib.mkIf config.services.bazarr.enable [ + { + directory = "/var/lib/bazarr"; + user = "bazarr"; + group = "bazarr"; + } + ]) + + # Lidarr + (lib.mkIf config.services.lidarr.enable [ + { + directory = "/var/lib/lidarr/.config/Lidarr"; + user = "lidarr"; + group = "lidarr"; + } + ]) + + # Jackett + (lib.mkIf config.services.jackett.enable [ + { + directory = "/var/lib/jackett/.config/Jackett"; + user = "jackett"; + group = "jackett"; + } + ]) + + # FlareSolverr + (lib.mkIf config.services.flaresolverr.enable [ + { + directory = "/var/lib/flaresolverr"; + user = "flaresolverr"; + group = "flaresolverr"; + } + ]) + ]; + }; + }; +} From 6ce567a53b7df1cdfb1a54907b1addd297efda47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 13:03:05 -0600 Subject: [PATCH 1028/1043] fix: added missing impermanence configs --- configurations/nixos/defiant/legacy-impermanence.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix index 5d6081c..27d0813 100644 --- a/configurations/nixos/defiant/legacy-impermanence.nix +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -90,6 +90,12 @@ user = "jellyfin"; group = "jellyfin"; } + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } ]) # Immich @@ -153,6 +159,12 @@ user = "qbittorrent"; group = "qbittorrent"; } + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } ]) # Sonarr From 65e0c6e0e5e8c22de2e2eeadb4c92a9fc7361ac7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Feb 2026 18:01:31 -0600 Subject: [PATCH 1029/1043] fix: added missing datasets to config --- .../nixos/defiant/configuration.nix | 1 + configurations/nixos/defiant/default.nix | 1 + .../nixos/defiant/legacy-impermanence.nix | 65 ++++++++--- .../nixos/defiant/legacy-storage.nix | 103 ++++++++++++++++++ flake.lock | 14 +-- .../nixos-modules/storage/impermanence.nix | 7 +- modules/nixos-modules/storage/storage.nix | 36 +++--- 7 files changed, 185 insertions(+), 42 deletions(-) create mode 100644 configurations/nixos/defiant/legacy-storage.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 52eb452..390ae71 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,6 +67,7 @@ }; storage = { + generateBase = false; zfs = { enable = true; notifications = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index d53f9cc..dd2383f 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,6 +4,7 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./legacy-storage.nix ./legacy-impermanence.nix ]; } diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix index 27d0813..b272fb8 100644 --- a/configurations/nixos/defiant/legacy-impermanence.nix +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -14,7 +14,17 @@ ... }: { config = lib.mkIf config.storage.impermanence.enable { - environment.persistence."/persist/replicate/system/root" = { + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = lib.mkMerge [ @@ -78,7 +88,7 @@ } ]) - # Jellyfin + # Jellyfin (data/cache only - media is on separate dataset) (lib.mkIf config.services.jellyfin.enable [ { directory = "/var/lib/jellyfin"; @@ -90,12 +100,6 @@ user = "jellyfin"; group = "jellyfin"; } - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } ]) # Immich @@ -152,19 +156,13 @@ } ]) - # qBittorrent + # qBittorrent (config only - media is on separate dataset) (lib.mkIf config.services.qbittorrent.enable [ { directory = "/var/lib/qBittorrent/"; user = "qbittorrent"; group = "qbittorrent"; } - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } ]) # Sonarr @@ -222,5 +220,42 @@ ]) ]; }; + + # Jellyfin media on separate dataset (matching main) + environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + + # qBittorrent media on separate dataset (matching main) + environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + + # /var/log persistence (matching main) + environment.persistence."/persist/system/var/log" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + ]; + }; }; } diff --git a/configurations/nixos/defiant/legacy-storage.nix b/configurations/nixos/defiant/legacy-storage.nix new file mode 100644 index 0000000..b998e2c --- /dev/null +++ b/configurations/nixos/defiant/legacy-storage.nix @@ -0,0 +1,103 @@ +# Legacy storage configuration for defiant +# This file manually defines ZFS datasets matching the main branch structure +# to allow incremental migration to the new storage module. +# +# Datasets from main branch: +# - local/ - ephemeral parent +# - local/home/leyla - ephemeral user home +# - local/system/nix - nix store +# - local/system/root - root filesystem (rolled back on boot) +# - local/system/sops - sops age key +# - persist/ - persistent parent +# - persist/home/leyla - persistent user home +# - persist/system/jellyfin - jellyfin media +# - persist/system/qbittorrent - qbittorrent media +# - persist/system/root - persistent root data +# - persist/system/var/log - log persistence +{lib, ...}: { + # Manually define ZFS datasets matching main's structure + storage.zfs.datasets = { + # Ephemeral datasets (local/) + "local" = { + type = "zfs_fs"; + mount = null; + }; + "local/home/leyla" = { + type = "zfs_fs"; + mount = "/home/leyla"; + snapshot = { + blankSnapshot = true; + }; + }; + "local/system/nix" = { + type = "zfs_fs"; + mount = "/nix"; + atime = "off"; + relatime = "off"; + snapshot = { + autoSnapshot = false; + }; + }; + "local/system/root" = { + type = "zfs_fs"; + mount = "/"; + snapshot = { + blankSnapshot = true; + }; + }; + "local/system/sops" = { + type = "zfs_fs"; + mount = "/persist/sops"; + }; + + # Persistent datasets (persist/) + "persist" = { + type = "zfs_fs"; + mount = null; + }; + "persist/home/leyla" = { + type = "zfs_fs"; + mount = "/persist/home/leyla"; + snapshot = { + autoSnapshot = true; + }; + }; + "persist/system/jellyfin" = { + type = "zfs_fs"; + mount = "/persist/system/jellyfin"; + atime = "off"; + relatime = "off"; + }; + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mount = "/persist/system/qbittorrent"; + atime = "off"; + relatime = "off"; + }; + "persist/system/root" = { + type = "zfs_fs"; + mount = "/persist/system/root"; + snapshot = { + autoSnapshot = true; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mount = "/persist/system/var/log"; + }; + }; + + # Boot commands to rollback ephemeral root on boot + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + ''; + + # FileSystems needed for boot + fileSystems = { + "/".neededForBoot = true; + "/persist/system/root".neededForBoot = true; + "/persist/system/var/log".neededForBoot = true; + "/persist/system/jellyfin".neededForBoot = true; + "/persist/system/qbittorrent".neededForBoot = true; + }; +} diff --git a/flake.lock b/flake.lock index 0c32755..6116658 100644 --- a/flake.lock +++ b/flake.lock @@ -129,20 +129,12 @@ } }, "impermanence": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1767822991, - "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index cb20295..637e882 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -66,10 +66,11 @@ in { } ]; - # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 - system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; system.activationScripts = { - "var-lib-private-permissions" = { + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + "createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + + "var-lib-private-permissions" = lib.mkIf config.storage.generateBase { deps = ["specialfs"]; text = '' mkdir -p /persist/replicate/system/root/var/lib/private diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index 5f9f6f1..a0b4fc9 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -22,23 +22,33 @@ args @ { # Find options that are only in impermanence datasets (not in regular ZFS datasets) impermanenceOnlyOptions = lib.lists.subtractLists regularDatasetOptions impermanenceDatasetOptions; in { - options.storage.datasets = { - ephemeral = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); - default = {}; + options.storage = { + generateBase = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + When enabled, enables automatic generation of base datasets (ephemeral, local, replicate roots). + This allows manual definition of datasets matching an existing system layout for migration purposes. + ''; }; - local = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); - default = {}; - }; - replicate = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); - default = {}; + datasets = { + ephemeral = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule datasetSubmodule); + default = {}; + }; + local = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; + replicate = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule impermanenceDatasetSubmodule); + default = {}; + }; }; }; config = lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable { + (lib.mkIf (config.storage.zfs.enable && config.storage.generateBase) { # Create ZFS datasets based on storage.datasets configuration storage.datasets = { local = { @@ -55,7 +65,7 @@ in { }; }; }) - (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable) { + (lib.mkIf (config.storage.zfs.enable && config.storage.impermanence.enable && config.storage.generateBase) { storage.datasets = { ephemeral = { "" = { From 08e3ec3d7461bdd4a1d0a2907f76d837df88503a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Feb 2026 20:02:10 -0600 Subject: [PATCH 1030/1043] feat: updated flake lock --- flake.lock | 123 +++++++++++++------- modules/common-modules/pkgs/gdx-liftoff.nix | 16 ++- 2 files changed, 90 insertions(+), 49 deletions(-) diff --git a/flake.lock b/flake.lock index 6116658..21af562 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1771469470, + "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1768500104, - "narHash": "sha256-Xa8XJaydHKAhDCLyjdKcDKjFrGgdahNcVo1boGUdZKY=", + "lastModified": 1771616655, + "narHash": "sha256-APFEjtfQf18WsP7wJRuda2dmz9W7Ur/xGyTBlWuvlgk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7e517454cd248c76046c3157b56662d223de29b1", + "rev": "55dba96bd37209fc595049a435284acbb79a5df2", "type": "gitlab" }, "original": { @@ -115,11 +115,32 @@ ] }, "locked": { - "lastModified": 1768512489, - "narHash": "sha256-jZi945d3e6DYhrw3K5Pew+QaL3qSgq3O6xiVaEVLgXs=", + "lastModified": 1771625283, + "narHash": "sha256-1T88/PSNKpRNtaiXATTae0hpRnBpjmIL0b1QfGO6HBA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bba859cd85b90dd9e4e6fd44b2af4aa64ae801a1", + "rev": "a913ae61bf3b9f4312f6097b68cdf0a0fa699279", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -183,14 +204,14 @@ "mcp-nixos": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1767822362, - "narHash": "sha256-rnpIDY/sy/uV+1dsW+MrFwAFE/RHg5K/6aa5k7Yt1Dc=", + "lastModified": 1769804089, + "narHash": "sha256-Wkot1j0cTx64xxjmLXzPubTckaZBSUJFhESEdOzPYas=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "9706014c1530ba12ff36ca8d9d1717b1e61d29db", + "rev": "37a691ea4ea9c8bdcccfe174c6127847b8213fd3", "type": "github" }, "original": { @@ -206,11 +227,11 @@ ] }, "locked": { - "lastModified": 1768220509, - "narHash": "sha256-8wMrJP/Xk5Dkm0TxzaERLt3eGFEhHTWaJKUpK3AoL4o=", + "lastModified": 1771520882, + "narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7b1d394e7d9112d4060e12ef3271b38a7c43e83b", + "rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf", "type": "github" }, "original": { @@ -247,11 +268,11 @@ ] }, "locked": { - "lastModified": 1768443224, - "narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=", + "lastModified": 1771555311, + "narHash": "sha256-aFjIc57eYBx5jgyLcHujraPf6b/p9RWxzvOGnHML5h0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5", + "rev": "88fc33a8a8868de1ac41362fb62341513904dc0f", "type": "github" }, "original": { @@ -262,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1768499669, - "narHash": "sha256-jJr/zDxu5evfQxlXtMrFFF68/RNj1UrctS/eIsay4k0=", + "lastModified": 1771423359, + "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7297dfc69ae9b06e984a6f69900ce25e67c76f46", + "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b", "type": "github" }, "original": { @@ -278,15 +299,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1767640445, - "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", - "owner": "NixOS", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -309,11 +330,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768305791, - "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", + "lastModified": 1767640445, + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -323,7 +360,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -341,16 +378,16 @@ }, "noita-entangled-worlds": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay", "systems": "systems_2" }, "locked": { - "lastModified": 1765628894, - "narHash": "sha256-7q1foPZ6ZlspMNa48oRT7iMl89cvMMaWtdrJweE6B8I=", + "lastModified": 1771445312, + "narHash": "sha256-8uOcu+ZurGx0LmGFCf87Zbj4ikhVPQtP+PuBscEBCv0=", "owner": "IntQuant", "repo": "noita_entangled_worlds", - "rev": "266c6871b2878cf3b6f180c6d299da88f12c9f8e", + "rev": "4a842f29d0e5fb8dc6df73d87f7bb8d2a16f0fc8", "type": "github" }, "original": { @@ -373,7 +410,7 @@ "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" @@ -403,11 +440,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1765740994, - "narHash": "sha256-aBs7m69yuiixzGzhUlWAAN+zBziBNII+BFEC/5mPcSI=", + "lastModified": 1768867162, + "narHash": "sha256-NiW2gUcdhnUbYQw476HzgBz+uVjyLnz151hzCQbWBX8=", "ref": "refs/heads/main", - "rev": "6e90a73ed2e1e81ba37628fc5e5494a80d22b526", - "revCount": 22, + "rev": "22be81505a49cd205e9b5c91f51af69c0b885ed3", + "revCount": 23, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -423,11 +460,11 @@ ] }, "locked": { - "lastModified": 1768481291, - "narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=", + "lastModified": 1771524872, + "narHash": "sha256-eksVUcUsfS9mQx4D9DrYu88u9w70bAf+n6KmTDuIGEE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e085e303dfcce21adcb5fec535d65aacb066f101", + "rev": "e85540ffe97322dc1fea14dd11cdc2f59d540ac7", "type": "github" }, "original": { diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index d2e9424..da7d51f 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -4,8 +4,12 @@ makeWrapper, jdk, lib, - xorg, libGL, + libx11, + libxcursor, + libxext, + libxrandr, + libxxf86vm, ... }: stdenv.mkDerivation rec { @@ -24,11 +28,11 @@ stdenv.mkDerivation rec { runtimeDependencies = lib.makeLibraryPath [ # glfw libGL - xorg.libX11 - xorg.libXcursor - xorg.libXext - xorg.libXrandr - xorg.libXxf86vm + libx11 + libxcursor + libxext + libxrandr + libxxf86vm ]; installPhase = '' From 0e1c8d0d4f7b8a9287eff9f257a92e68130b4077 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Feb 2026 17:24:11 -0600 Subject: [PATCH 1031/1043] feat: installed cline package --- .../pkgs/cline/cline-package-lock.json | 4102 +++++++++++++++++ modules/common-modules/pkgs/cline/default.nix | 53 + modules/common-modules/pkgs/default.nix | 3 + .../programs/vscode/claudeDev.nix | 30 + 4 files changed, 4188 insertions(+) create mode 100644 modules/common-modules/pkgs/cline/cline-package-lock.json create mode 100644 modules/common-modules/pkgs/cline/default.nix diff --git a/modules/common-modules/pkgs/cline/cline-package-lock.json b/modules/common-modules/pkgs/cline/cline-package-lock.json new file mode 100644 index 0000000..b8d0d6e --- /dev/null +++ b/modules/common-modules/pkgs/cline/cline-package-lock.json @@ -0,0 +1,4102 @@ +{ + "name": "cline", + "version": "2.4.2", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "cline", + "version": "2.4.2", + "cpu": [ + "x64", + "arm64" + ], + "license": "Apache-2.0", + "os": [ + "darwin", + "linux", + "win32" + ], + "dependencies": { + "@agentclientprotocol/sdk": "^0.13.1", + "aws4fetch": "^1.0.20", + "chalk": "^5.3.0", + "commander": "^12.1.0", + "ink": "npm:@jrichman/ink@6.4.7", + "ink-picture": "^1.3.3", + "ink-spinner": "^5.0.0", + "nanoid": "^5.1.6", + "ora": "^8.0.1", + "pino": "^10.0.0", + "pino-roll": "^4.0.0", + "prompts": "^2.4.2", + "react": "^19.2.3" + }, + "bin": { + "cline": "dist/cli.mjs" + }, + "devDependencies": { + "@types/node": "20.x", + "@types/prompts": "^2.4.9", + "@types/react": "^19.2.9", + "dotenv": "^16.4.5", + "esbuild": "^0.25.0", + "ink-testing-library": "^4.0.0", + "rimraf": "^6.0.1", + "typescript": "^5.4.5", + "vitest": "^4.0.17" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@agentclientprotocol/sdk": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/@agentclientprotocol/sdk/-/sdk-0.13.1.tgz", + "integrity": "sha512-6byvu+F/xc96GBkdAx4hq6/tB3vT63DSBO4i3gYCz8nuyZMerVFna2Gkhm8EHNpZX0J9DjUxzZCW+rnHXUg0FA==", + "license": "Apache-2.0", + "peerDependencies": { + "zod": "^3.25.0 || ^4.0.0" + } + }, + "node_modules/@alcalzone/ansi-tokenize": { + "version": "0.2.5", + "resolved": "https://registry.npmjs.org/@alcalzone/ansi-tokenize/-/ansi-tokenize-0.2.5.tgz", + "integrity": "sha512-3NX/MpTdroi0aKz134A6RC2Gb2iXVECN4QaAXnvCIxxIm3C3AVB1mkUe8NaaiyvOpDfsrqWhYtj+Q6a62RrTsw==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.2.1", + "is-fullwidth-code-point": "^5.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@emnapi/runtime": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.8.1.tgz", + "integrity": "sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg==", + "license": "MIT", + "optional": true, + "dependencies": { + "tslib": "^2.4.0" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.12.tgz", + "integrity": "sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.12.tgz", + "integrity": "sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.12.tgz", + "integrity": "sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.12.tgz", + "integrity": "sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.12.tgz", + "integrity": "sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.12.tgz", + "integrity": "sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.12.tgz", + "integrity": "sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.12.tgz", + "integrity": "sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.12.tgz", + "integrity": "sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.12.tgz", + "integrity": "sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.12.tgz", + "integrity": "sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.12.tgz", + "integrity": "sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.12.tgz", + "integrity": "sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.12.tgz", + "integrity": "sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.12.tgz", + "integrity": "sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.12.tgz", + "integrity": "sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.12.tgz", + "integrity": "sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.12.tgz", + "integrity": "sha512-xXwcTq4GhRM7J9A8Gv5boanHhRa/Q9KLVmcyXHCTaM4wKfIpWkdXiMog/KsnxzJ0A1+nD+zoecuzqPmCRyBGjg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.12.tgz", + "integrity": "sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.12.tgz", + "integrity": "sha512-fF96T6KsBo/pkQI950FARU9apGNTSlZGsv1jZBAlcLL1MLjLNIWPBkj5NlSz8aAzYKg+eNqknrUJ24QBybeR5A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.12.tgz", + "integrity": "sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openharmony-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.12.tgz", + "integrity": "sha512-rm0YWsqUSRrjncSXGA7Zv78Nbnw4XL6/dzr20cyrQf7ZmRcsovpcRBdhD43Nuk3y7XIoW2OxMVvwuRvk9XdASg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.12.tgz", + "integrity": "sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.12.tgz", + "integrity": "sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.12.tgz", + "integrity": "sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.12.tgz", + "integrity": "sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@img/colour": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.0.0.tgz", + "integrity": "sha512-A5P/LfWGFSl6nsckYtjw9da+19jB8hkJ6ACTGcDfEJ0aE+l2n2El7dsVM7UVHZQ9s2lmYMWlrS21YLy2IR1LUw==", + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/@img/sharp-darwin-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz", + "integrity": "sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-darwin-arm64": "1.2.4" + } + }, + "node_modules/@img/sharp-darwin-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz", + "integrity": "sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-darwin-x64": "1.2.4" + } + }, + "node_modules/@img/sharp-libvips-darwin-arm64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz", + "integrity": "sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==", + "cpu": [ + "arm64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "darwin" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-darwin-x64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz", + "integrity": "sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==", + "cpu": [ + "x64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "darwin" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-arm": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz", + "integrity": "sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==", + "cpu": [ + "arm" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-arm64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz", + "integrity": "sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==", + "cpu": [ + "arm64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-ppc64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz", + "integrity": "sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==", + "cpu": [ + "ppc64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-riscv64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz", + "integrity": "sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==", + "cpu": [ + "riscv64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-s390x": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz", + "integrity": "sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==", + "cpu": [ + "s390x" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linux-x64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz", + "integrity": "sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==", + "cpu": [ + "x64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linuxmusl-arm64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz", + "integrity": "sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==", + "cpu": [ + "arm64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-libvips-linuxmusl-x64": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz", + "integrity": "sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==", + "cpu": [ + "x64" + ], + "license": "LGPL-3.0-or-later", + "optional": true, + "os": [ + "linux" + ], + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-linux-arm": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz", + "integrity": "sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==", + "cpu": [ + "arm" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-arm": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz", + "integrity": "sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-arm64": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-ppc64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz", + "integrity": "sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==", + "cpu": [ + "ppc64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-ppc64": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-riscv64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz", + "integrity": "sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==", + "cpu": [ + "riscv64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-riscv64": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-s390x": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz", + "integrity": "sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==", + "cpu": [ + "s390x" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-s390x": "1.2.4" + } + }, + "node_modules/@img/sharp-linux-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz", + "integrity": "sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-x64": "1.2.4" + } + }, + "node_modules/@img/sharp-linuxmusl-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz", + "integrity": "sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linuxmusl-arm64": "1.2.4" + } + }, + "node_modules/@img/sharp-linuxmusl-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz", + "integrity": "sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linuxmusl-x64": "1.2.4" + } + }, + "node_modules/@img/sharp-wasm32": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz", + "integrity": "sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==", + "cpu": [ + "wasm32" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT", + "optional": true, + "dependencies": { + "@emnapi/runtime": "^1.7.0" + }, + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-win32-arm64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz", + "integrity": "sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-win32-ia32": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz", + "integrity": "sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==", + "cpu": [ + "ia32" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@img/sharp-win32-x64": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz", + "integrity": "sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==", + "cpu": [ + "x64" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "dev": true, + "license": "MIT" + }, + "node_modules/@pinojs/redact": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/@pinojs/redact/-/redact-0.4.0.tgz", + "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==", + "license": "MIT" + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.58.0.tgz", + "integrity": "sha512-mr0tmS/4FoVk1cnaeN244A/wjvGDNItZKR8hRhnmCzygyRXYtKF5jVDSIILR1U97CTzAYmbgIj/Dukg62ggG5w==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.58.0.tgz", + "integrity": "sha512-+s++dbp+/RTte62mQD9wLSbiMTV+xr/PeRJEc/sFZFSBRlHPNPVaf5FXlzAL77Mr8FtSfQqCN+I598M8U41ccQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.58.0.tgz", + "integrity": "sha512-MFWBwTcYs0jZbINQBXHfSrpSQJq3IUOakcKPzfeSznONop14Pxuqa0Kg19GD0rNBMPQI2tFtu3UzapZpH0Uc1Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.58.0.tgz", + "integrity": "sha512-yiKJY7pj9c9JwzuKYLFaDZw5gma3fI9bkPEIyofvVfsPqjCWPglSHdpdwXpKGvDeYDms3Qal8qGMEHZ1M/4Udg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.58.0.tgz", + "integrity": "sha512-x97kCoBh5MOevpn/CNK9W1x8BEzO238541BGWBc315uOlN0AD/ifZ1msg+ZQB05Ux+VF6EcYqpiagfLJ8U3LvQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.58.0.tgz", + "integrity": "sha512-Aa8jPoZ6IQAG2eIrcXPpjRcMjROMFxCt1UYPZZtCxRV68WkuSigYtQ/7Zwrcr2IvtNJo7T2JfDXyMLxq5L4Jlg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.58.0.tgz", + "integrity": "sha512-Ob8YgT5kD/lSIYW2Rcngs5kNB/44Q2RzBSPz9brf2WEtcGR7/f/E9HeHn1wYaAwKBni+bdXEwgHvUd0x12lQSA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.58.0.tgz", + "integrity": "sha512-K+RI5oP1ceqoadvNt1FecL17Qtw/n9BgRSzxif3rTL2QlIu88ccvY+Y9nnHe/cmT5zbH9+bpiJuG1mGHRVwF4Q==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.58.0.tgz", + "integrity": "sha512-T+17JAsCKUjmbopcKepJjHWHXSjeW7O5PL7lEFaeQmiVyw4kkc5/lyYKzrv6ElWRX/MrEWfPiJWqbTvfIvjM1Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.58.0.tgz", + "integrity": "sha512-cCePktb9+6R9itIJdeCFF9txPU7pQeEHB5AbHu/MKsfH/k70ZtOeq1k4YAtBv9Z7mmKI5/wOLYjQ+B9QdxR6LA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.58.0.tgz", + "integrity": "sha512-iekUaLkfliAsDl4/xSdoCJ1gnnIXvoNz85C8U8+ZxknM5pBStfZjeXgB8lXobDQvvPRCN8FPmmuTtH+z95HTmg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.58.0.tgz", + "integrity": "sha512-68ofRgJNl/jYJbxFjCKE7IwhbfxOl1muPN4KbIqAIe32lm22KmU7E8OPvyy68HTNkI2iV/c8y2kSPSm2mW/Q9Q==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.58.0.tgz", + "integrity": "sha512-dpz8vT0i+JqUKuSNPCP5SYyIV2Lh0sNL1+FhM7eLC457d5B9/BC3kDPp5BBftMmTNsBarcPcoz5UGSsnCiw4XQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.58.0.tgz", + "integrity": "sha512-4gdkkf9UJ7tafnweBCR/mk4jf3Jfl0cKX9Np80t5i78kjIH0ZdezUv/JDI2VtruE5lunfACqftJ8dIMGN4oHew==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.58.0.tgz", + "integrity": "sha512-YFS4vPnOkDTD/JriUeeZurFYoJhPf9GQQEF/v4lltp3mVcBmnsAdjEWhr2cjUCZzZNzxCG0HZOvJU44UGHSdzw==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.58.0.tgz", + "integrity": "sha512-x2xgZlFne+QVNKV8b4wwaCS8pwq3y14zedZ5DqLzjdRITvreBk//4Knbcvm7+lWmms9V9qFp60MtUd0/t/PXPw==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.58.0.tgz", + "integrity": "sha512-jIhrujyn4UnWF8S+DHSkAkDEO3hLX0cjzxJZPLF80xFyzyUIYgSMRcYQ3+uqEoyDD2beGq7Dj7edi8OnJcS/hg==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.58.0.tgz", + "integrity": "sha512-+410Srdoh78MKSJxTQ+hZ/Mx+ajd6RjjPwBPNd0R3J9FtL6ZA0GqiiyNjCO9In0IzZkCNrpGymSfn+kgyPQocg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.58.0.tgz", + "integrity": "sha512-ZjMyby5SICi227y1MTR3VYBpFTdZs823Rs/hpakufleBoufoOIB6jtm9FEoxn/cgO7l6PM2rCEl5Kre5vX0QrQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.58.0.tgz", + "integrity": "sha512-ds4iwfYkSQ0k1nb8LTcyXw//ToHOnNTJtceySpL3fa7tc/AsE+UpUFphW126A6fKBGJD5dhRvg8zw1rvoGFxmw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.58.0.tgz", + "integrity": "sha512-fd/zpJniln4ICdPkjWFhZYeY/bpnaN9pGa6ko+5WD38I0tTqk9lXMgXZg09MNdhpARngmxiCg0B0XUamNw/5BQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.58.0.tgz", + "integrity": "sha512-YpG8dUOip7DCz3nr/JUfPbIUo+2d/dy++5bFzgi4ugOGBIox+qMbbqt/JoORwvI/C9Kn2tz6+Bieoqd5+B1CjA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.58.0.tgz", + "integrity": "sha512-b9DI8jpFQVh4hIXFr0/+N/TzLdpBIoPzjt0Rt4xJbW3mzguV3mduR9cNgiuFcuL/TeORejJhCWiAXe3E/6PxWA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.58.0.tgz", + "integrity": "sha512-CSrVpmoRJFN06LL9xhkitkwUcTZtIotYAF5p6XOR2zW0Zz5mzb3IPpcoPhB02frzMHFNo1reQ9xSF5fFm3hUsQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.58.0.tgz", + "integrity": "sha512-QFsBgQNTnh5K0t/sBsjJLq24YVqEIVkGpfN2VHsnN90soZyhaiA9UUHufcctVNL4ypJY0wrwad0wslx2KJQ1/w==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@standard-schema/spec": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz", + "integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/chai": { + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.3.tgz", + "integrity": "sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/deep-eql": "*", + "assertion-error": "^2.0.1" + } + }, + "node_modules/@types/deep-eql": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz", + "integrity": "sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "20.19.33", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.33.tgz", + "integrity": "sha512-Rs1bVAIdBs5gbTIKza/tgpMuG1k3U/UMJLWecIMxNdJFDMzcM5LOiLVRYh3PilWEYDIeUDv7bpiHPLPsbydGcw==", + "dev": true, + "license": "MIT", + "dependencies": { + "undici-types": "~6.21.0" + } + }, + "node_modules/@types/prompts": { + "version": "2.4.9", + "resolved": "https://registry.npmjs.org/@types/prompts/-/prompts-2.4.9.tgz", + "integrity": "sha512-qTxFi6Buiu8+50/+3DGIWLHM6QuWsEKugJnnP6iv2Mc4ncxE4A/OJkjuVOA+5X0X1S/nq5VJRa8Lu+nwcvbrKA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*", + "kleur": "^3.0.3" + } + }, + "node_modules/@types/react": { + "version": "19.2.14", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", + "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==", + "devOptional": true, + "license": "MIT", + "peer": true, + "dependencies": { + "csstype": "^3.2.2" + } + }, + "node_modules/@vitest/expect": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz", + "integrity": "sha512-8sCWUyckXXYvx4opfzVY03EOiYVxyNrHS5QxX3DAIi5dpJAAkyJezHCP77VMX4HKA2LDT/Jpfo8i2r5BE3GnQQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@standard-schema/spec": "^1.0.0", + "@types/chai": "^5.2.2", + "@vitest/spy": "4.0.18", + "@vitest/utils": "4.0.18", + "chai": "^6.2.1", + "tinyrainbow": "^3.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/mocker": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.18.tgz", + "integrity": "sha512-HhVd0MDnzzsgevnOWCBj5Otnzobjy5wLBe4EdeeFGv8luMsGcYqDuFRMcttKWZA5vVO8RFjexVovXvAM4JoJDQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/spy": "4.0.18", + "estree-walker": "^3.0.3", + "magic-string": "^0.30.21" + }, + "funding": { + "url": "https://opencollective.com/vitest" + }, + "peerDependencies": { + "msw": "^2.4.9", + "vite": "^6.0.0 || ^7.0.0-0" + }, + "peerDependenciesMeta": { + "msw": { + "optional": true + }, + "vite": { + "optional": true + } + } + }, + "node_modules/@vitest/pretty-format": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.18.tgz", + "integrity": "sha512-P24GK3GulZWC5tz87ux0m8OADrQIUVDPIjjj65vBXYG17ZeU3qD7r+MNZ1RNv4l8CGU2vtTRqixrOi9fYk/yKw==", + "dev": true, + "license": "MIT", + "dependencies": { + "tinyrainbow": "^3.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/runner": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.18.tgz", + "integrity": "sha512-rpk9y12PGa22Jg6g5M3UVVnTS7+zycIGk9ZNGN+m6tZHKQb7jrP7/77WfZy13Y/EUDd52NDsLRQhYKtv7XfPQw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/utils": "4.0.18", + "pathe": "^2.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/snapshot": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.18.tgz", + "integrity": "sha512-PCiV0rcl7jKQjbgYqjtakly6T1uwv/5BQ9SwBLekVg/EaYeQFPiXcgrC2Y7vDMA8dM1SUEAEV82kgSQIlXNMvA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/pretty-format": "4.0.18", + "magic-string": "^0.30.21", + "pathe": "^2.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/spy": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.18.tgz", + "integrity": "sha512-cbQt3PTSD7P2OARdVW3qWER5EGq7PHlvE+QfzSC0lbwO+xnt7+XH06ZzFjFRgzUX//JmpxrCu92VdwvEPlWSNw==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/utils": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.18.tgz", + "integrity": "sha512-msMRKLMVLWygpK3u2Hybgi4MNjcYJvwTb0Ru09+fOyCXIgT5raYP041DRRdiJiI3k/2U6SEbAETB3YtBrUkCFA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/pretty-format": "4.0.18", + "tinyrainbow": "^3.0.3" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@xmldom/xmldom": { + "version": "0.8.11", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.11.tgz", + "integrity": "sha512-cQzWCtO6C8TQiYl1ruKNn2U6Ao4o4WBBcbL61yJl84x+j5sOWWFU9X7DpND8XZG3daDppSsigMdfAIl2upQBRw==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/ansi-escapes": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-7.3.0.tgz", + "integrity": "sha512-BvU8nYgGQBxcmMuEeUEmNTvrMVjJNSH7RgW24vXexN4Ven6qCvy4TntnvlnwnMLTVlcRQQdbRY8NKnaIoeWDNg==", + "license": "MIT", + "dependencies": { + "environment": "^1.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-regex": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/ansi-styles": { + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/app-path": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/app-path/-/app-path-4.0.0.tgz", + "integrity": "sha512-mgBO9PZJ3MpbKbwFTljTi36ZKBvG5X/fkVR1F85ANsVcVllEb+C0LGNdJfGUm84GpC4xxgN6HFkmkMU8VEO4mA==", + "license": "MIT", + "dependencies": { + "execa": "^5.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/assertion-error": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz", + "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + } + }, + "node_modules/atomic-sleep": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/atomic-sleep/-/atomic-sleep-1.0.0.tgz", + "integrity": "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==", + "license": "MIT", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/auto-bind": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/auto-bind/-/auto-bind-5.0.1.tgz", + "integrity": "sha512-ooviqdwwgfIfNmDwo94wlshcdzfO64XV0Cg6oDsDYBJfITDz1EngD2z7DkbvCWn+XIMsIqW27sEVF6qcpJrRcg==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/aws4fetch": { + "version": "1.0.20", + "resolved": "https://registry.npmjs.org/aws4fetch/-/aws4fetch-1.0.20.tgz", + "integrity": "sha512-/djoAN709iY65ETD6LKCtyyEI04XIBP5xVvfmNxsEP0uJB5tyaGBztSryRr4HqMStr9R06PisQE7m9zDTXKu6g==", + "license": "MIT" + }, + "node_modules/balanced-match": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.3.tgz", + "integrity": "sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/brace-expansion": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.2.tgz", + "integrity": "sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/chai": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/chai/-/chai-6.2.2.tgz", + "integrity": "sha512-NUPRluOfOiTKBKvWPtSD4PhFvWCqOi0BGStNWs57X9js7XGTprSmFoz5F0tWhR4WPjNeR9jXqdC7/UpSJTnlRg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/chalk": { + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", + "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==", + "license": "MIT", + "engines": { + "node": "^12.17.0 || ^14.13 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/cli-boxes": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cli-boxes/-/cli-boxes-3.0.0.tgz", + "integrity": "sha512-/lzGpEWL/8PfI0BmBOPRwp0c/wFNX1RdUML3jK/RcSBA9T8mZDdQpqYBKtCFTOfQbwPqWEOpjqW+Fnayc0969g==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-cursor": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-4.0.0.tgz", + "integrity": "sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==", + "license": "MIT", + "dependencies": { + "restore-cursor": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-spinners": { + "version": "2.9.2", + "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==", + "license": "MIT", + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-truncate": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-4.0.0.tgz", + "integrity": "sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==", + "license": "MIT", + "dependencies": { + "slice-ansi": "^5.0.0", + "string-width": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-truncate/node_modules/is-fullwidth-code-point": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz", + "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-truncate/node_modules/slice-ansi": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz", + "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.0.0", + "is-fullwidth-code-point": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/cli-truncate/node_modules/string-width": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^10.3.0", + "get-east-asian-width": "^1.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/code-excerpt": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/code-excerpt/-/code-excerpt-4.0.0.tgz", + "integrity": "sha512-xxodCmBen3iy2i0WtAK8FlFNrRzjUqjRsMfho58xT/wvZU1YTM3fCnRjcy1gJPMepaRlgm/0e6w8SpWHpn3/cA==", + "license": "MIT", + "dependencies": { + "convert-to-spaces": "^2.0.1" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/commander": { + "version": "12.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", + "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/convert-to-spaces": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/convert-to-spaces/-/convert-to-spaces-2.0.1.tgz", + "integrity": "sha512-rcQ1bsQO9799wq24uE5AM2tAILy4gXGIK/njFWcVQkGNZ96edlpY+A7bjwvzjYvLDyzmG1MmMLZhpcsb+klNMQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/csstype": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "devOptional": true, + "license": "MIT" + }, + "node_modules/data-uri-to-buffer": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/date-fns": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz", + "integrity": "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/kossnocorp" + } + }, + "node_modules/detect-libc": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "license": "Apache-2.0", + "engines": { + "node": ">=8" + } + }, + "node_modules/dotenv": { + "version": "16.6.1", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.6.1.tgz", + "integrity": "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, + "node_modules/emoji-regex": { + "version": "10.6.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz", + "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==", + "license": "MIT" + }, + "node_modules/environment": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/environment/-/environment-1.1.0.tgz", + "integrity": "sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/es-module-lexer": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz", + "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==", + "dev": true, + "license": "MIT" + }, + "node_modules/es-toolkit": { + "version": "1.44.0", + "resolved": "https://registry.npmjs.org/es-toolkit/-/es-toolkit-1.44.0.tgz", + "integrity": "sha512-6penXeZalaV88MM3cGkFZZfOoLGWshWWfdy0tWw/RlVVyhvMaWSBTOvXNeiW3e5FwdS5ePW0LGEu17zT139ktg==", + "license": "MIT", + "workspaces": [ + "docs", + "benchmarks" + ] + }, + "node_modules/esbuild": { + "version": "0.25.12", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.12.tgz", + "integrity": "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.25.12", + "@esbuild/android-arm": "0.25.12", + "@esbuild/android-arm64": "0.25.12", + "@esbuild/android-x64": "0.25.12", + "@esbuild/darwin-arm64": "0.25.12", + "@esbuild/darwin-x64": "0.25.12", + "@esbuild/freebsd-arm64": "0.25.12", + "@esbuild/freebsd-x64": "0.25.12", + "@esbuild/linux-arm": "0.25.12", + "@esbuild/linux-arm64": "0.25.12", + "@esbuild/linux-ia32": "0.25.12", + "@esbuild/linux-loong64": "0.25.12", + "@esbuild/linux-mips64el": "0.25.12", + "@esbuild/linux-ppc64": "0.25.12", + "@esbuild/linux-riscv64": "0.25.12", + "@esbuild/linux-s390x": "0.25.12", + "@esbuild/linux-x64": "0.25.12", + "@esbuild/netbsd-arm64": "0.25.12", + "@esbuild/netbsd-x64": "0.25.12", + "@esbuild/openbsd-arm64": "0.25.12", + "@esbuild/openbsd-x64": "0.25.12", + "@esbuild/openharmony-arm64": "0.25.12", + "@esbuild/sunos-x64": "0.25.12", + "@esbuild/win32-arm64": "0.25.12", + "@esbuild/win32-ia32": "0.25.12", + "@esbuild/win32-x64": "0.25.12" + } + }, + "node_modules/escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/estree-walker": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", + "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + } + }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/expect-type": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz", + "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/fdir": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "picomatch": "^3 || ^4" + }, + "peerDependenciesMeta": { + "picomatch": { + "optional": true + } + } + }, + "node_modules/fetch-blob": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz", + "integrity": "sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "paypal", + "url": "https://paypal.me/jimmywarting" + } + ], + "license": "MIT", + "dependencies": { + "node-domexception": "^1.0.0", + "web-streams-polyfill": "^3.0.3" + }, + "engines": { + "node": "^12.20 || >= 14.13" + } + }, + "node_modules/formdata-polyfill": { + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", + "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==", + "license": "MIT", + "dependencies": { + "fetch-blob": "^3.1.2" + }, + "engines": { + "node": ">=12.20.0" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/get-east-asian-width": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.5.0.tgz", + "integrity": "sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/glob": { + "version": "13.0.6", + "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", + "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "minimatch": "^10.2.2", + "minipass": "^7.1.3", + "path-scurry": "^2.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/indent-string": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-5.0.0.tgz", + "integrity": "sha512-m6FAo/spmsW2Ab2fU35JTYwtOKa2yAwXSwgjSv1TJzh4Mh7mC3lzAOVLBprb72XsTrgkEIsl7YrFNAiDiRhIGg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ink": { + "name": "@jrichman/ink", + "version": "6.4.7", + "resolved": "https://registry.npmjs.org/@jrichman/ink/-/ink-6.4.7.tgz", + "integrity": "sha512-QHyxhNF5VonF5cRmdAJD/UPucB9nRx3FozWMjQrDGfBxfAL9lpyu72/MlFPgloS1TMTGsOt7YN6dTPPA6mh0Aw==", + "license": "MIT", + "peer": true, + "dependencies": { + "@alcalzone/ansi-tokenize": "^0.2.1", + "ansi-escapes": "^7.0.0", + "ansi-styles": "^6.2.1", + "auto-bind": "^5.0.1", + "chalk": "^5.6.0", + "cli-boxes": "^3.0.0", + "cli-cursor": "^4.0.0", + "cli-truncate": "^4.0.0", + "code-excerpt": "^4.0.0", + "es-toolkit": "^1.39.10", + "indent-string": "^5.0.0", + "is-in-ci": "^2.0.0", + "mnemonist": "^0.40.3", + "patch-console": "^2.0.0", + "react-reconciler": "^0.32.0", + "signal-exit": "^3.0.7", + "slice-ansi": "^7.1.0", + "stack-utils": "^2.0.6", + "string-width": "^8.1.0", + "type-fest": "^4.27.0", + "wrap-ansi": "^9.0.0", + "ws": "^8.18.0", + "yoga-layout": "~3.2.1" + }, + "engines": { + "node": ">=20" + }, + "peerDependencies": { + "@types/react": ">=19.0.0", + "react": ">=19.0.0", + "react-devtools-core": "^6.1.2" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "react-devtools-core": { + "optional": true + } + } + }, + "node_modules/ink-picture": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/ink-picture/-/ink-picture-1.3.3.tgz", + "integrity": "sha512-kFDZaiqnvbM2cU46ptIHFeh4RJkfsZfQUh657JmbOmD/swANdCkUvcb8c3Qv6270qFWKwRehf04fghMwtHwEGw==", + "license": "MIT", + "dependencies": { + "chalk": "^5.6.0", + "is-unicode-supported": "^2.1.0", + "iterm2-version": "^5.0.0", + "node-fetch": "^3.3.2", + "sharp": "^0.34.3", + "sixel": "^0.16.0", + "supports-color": "^10.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "ink": ">=5", + "react": ">=18" + } + }, + "node_modules/ink-spinner": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/ink-spinner/-/ink-spinner-5.0.0.tgz", + "integrity": "sha512-EYEasbEjkqLGyPOUc8hBJZNuC5GvXGMLu0w5gdTNskPc7Izc5vO3tdQEYnzvshucyGCBXc86ig0ujXPMWaQCdA==", + "license": "MIT", + "dependencies": { + "cli-spinners": "^2.7.0" + }, + "engines": { + "node": ">=14.16" + }, + "peerDependencies": { + "ink": ">=4.0.0", + "react": ">=18.0.0" + } + }, + "node_modules/ink-testing-library": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/ink-testing-library/-/ink-testing-library-4.0.0.tgz", + "integrity": "sha512-yF92kj3pmBvk7oKbSq5vEALO//o7Z9Ck/OaLNlkzXNeYdwfpxMQkSowGTFUCS5MSu9bWfSZMewGpp7bFc66D7Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@types/react": ">=18.0.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + } + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.1.0.tgz", + "integrity": "sha512-5XHYaSyiqADb4RnZ1Bdad6cPp8Toise4TzEjcOYDHZkTCbKgiUl7WTUCpNWHuxmDt91wnsZBc9xinNzopv3JMQ==", + "license": "MIT", + "dependencies": { + "get-east-asian-width": "^1.3.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-in-ci": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-in-ci/-/is-in-ci-2.0.0.tgz", + "integrity": "sha512-cFeerHriAnhrQSbpAxL37W1wcJKUUX07HyLWZCW1URJT/ra3GyUTzBgUnh24TMVfNTV2Hij2HLxkPHFZfOZy5w==", + "license": "MIT", + "bin": { + "is-in-ci": "cli.js" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-interactive": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-2.0.0.tgz", + "integrity": "sha512-qP1vozQRI+BMOPcjFzrjXuQvdak2pHNUMZoeG2eRbiSqyvbEf/wQtEOTOX1guk6E3t36RkaqiSt8A/6YElNxLQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-unicode-supported": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-2.1.0.tgz", + "integrity": "sha512-mE00Gnza5EEB3Ds0HfMyllZzbBrmLOX3vfWoj9A9PEnTfratQ/BcaJOuMhnkhjXvb2+FkY3VuHqtAGpTPmglFQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "license": "ISC" + }, + "node_modules/iterm2-version": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/iterm2-version/-/iterm2-version-5.0.0.tgz", + "integrity": "sha512-WdLXcMYvN3SXT6vEtuW78vnZs4pVWm2nBnb4VKjOPPXmdlR1xTHmBgqKacOzAe4RXOiY/V+0u/0zsU3LoGQoBg==", + "license": "MIT", + "dependencies": { + "app-path": "^4.0.0", + "plist": "^3.0.2" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/log-symbols": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-6.0.0.tgz", + "integrity": "sha512-i24m8rpwhmPIS4zscNzK6MSEhk0DUWa/8iYQWxhffV8jkI4Phvs3F+quL5xvS0gdQR0FyTCMMH33Y78dDTzzIw==", + "license": "MIT", + "dependencies": { + "chalk": "^5.3.0", + "is-unicode-supported": "^1.3.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/log-symbols/node_modules/is-unicode-supported": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-1.3.0.tgz", + "integrity": "sha512-43r2mRvz+8JRIKnWJ+3j8JtjRKZ6GmjzfaE/qiBJnikNnYv/6bagRJ1kUhNk8R5EX/GkobD+r+sfxCPJsiKBLQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lru-cache": { + "version": "11.2.6", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.6.tgz", + "integrity": "sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/magic-string": { + "version": "0.30.21", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz", + "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.5" + } + }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "license": "MIT" + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/mimic-function": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/mimic-function/-/mimic-function-5.0.1.tgz", + "integrity": "sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/minimatch": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.2.tgz", + "integrity": "sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/minipass": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz", + "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/mnemonist": { + "version": "0.40.3", + "resolved": "https://registry.npmjs.org/mnemonist/-/mnemonist-0.40.3.tgz", + "integrity": "sha512-Vjyr90sJ23CKKH/qPAgUKicw/v6pRoamxIEDFOF8uSgFME7DqPRpHgRTejWVjkdGg5dXj0/NyxZHZ9bcjH+2uQ==", + "license": "MIT", + "dependencies": { + "obliterator": "^2.0.4" + } + }, + "node_modules/nanoid": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.6.tgz", + "integrity": "sha512-c7+7RQ+dMB5dPwwCp4ee1/iV/q2P6aK1mTZcfr1BTuVlyW9hJYiMPybJCcnBlQtuSmTIWNeazm/zqNoZSSElBg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.js" + }, + "engines": { + "node": "^18 || >=20" + } + }, + "node_modules/node-domexception": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", + "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==", + "deprecated": "Use your platform's native DOMException instead", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "github", + "url": "https://paypal.me/jimmywarting" + } + ], + "license": "MIT", + "engines": { + "node": ">=10.5.0" + } + }, + "node_modules/node-fetch": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", + "license": "MIT", + "dependencies": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/node-fetch" + } + }, + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "license": "MIT", + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/obliterator": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/obliterator/-/obliterator-2.0.5.tgz", + "integrity": "sha512-42CPE9AhahZRsMNslczq0ctAEtqk8Eka26QofnqC346BZdHDySk3LWka23LI7ULIw11NmltpiLagIq8gBozxTw==", + "license": "MIT" + }, + "node_modules/obug": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/obug/-/obug-2.1.1.tgz", + "integrity": "sha512-uTqF9MuPraAQ+IsnPf366RG4cP9RtUi7MLO1N3KEc+wb0a6yKpeL0lmk2IB1jY5KHPAlTc6T/JRdC/YqxHNwkQ==", + "dev": true, + "funding": [ + "https://github.com/sponsors/sxzz", + "https://opencollective.com/debug" + ], + "license": "MIT" + }, + "node_modules/on-exit-leak-free": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz", + "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==", + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "license": "MIT", + "dependencies": { + "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/ora/-/ora-8.2.0.tgz", + "integrity": "sha512-weP+BZ8MVNnlCm8c0Qdc1WSWq4Qn7I+9CJGm7Qali6g44e/PUzbjNqJX5NJ9ljlNMosfJvg1fKEGILklK9cwnw==", + "license": "MIT", + "dependencies": { + "chalk": "^5.3.0", + "cli-cursor": "^5.0.0", + "cli-spinners": "^2.9.2", + "is-interactive": "^2.0.0", + "is-unicode-supported": "^2.0.0", + "log-symbols": "^6.0.0", + "stdin-discarder": "^0.2.2", + "string-width": "^7.2.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/cli-cursor": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-5.0.0.tgz", + "integrity": "sha512-aCj4O5wKyszjMmDT4tZj93kxyydN/K5zPWSCe6/0AV/AA1pqe5ZBIw0a2ZfPQV7lL5/yb5HsUreJ6UFAF1tEQw==", + "license": "MIT", + "dependencies": { + "restore-cursor": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/onetime": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-7.0.0.tgz", + "integrity": "sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==", + "license": "MIT", + "dependencies": { + "mimic-function": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/restore-cursor": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-5.1.0.tgz", + "integrity": "sha512-oMA2dcrw6u0YfxJQXm342bFKX/E4sG9rbTzO9ptUcR/e8A33cHuvStiYOwH7fszkZlZ1z/ta9AAoPk2F4qIOHA==", + "license": "MIT", + "dependencies": { + "onetime": "^7.0.0", + "signal-exit": "^4.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ora/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "license": "ISC", + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/ora/node_modules/string-width": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^10.3.0", + "get-east-asian-width": "^1.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/package-json-from-dist": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", + "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", + "dev": true, + "license": "BlueOak-1.0.0" + }, + "node_modules/patch-console": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/patch-console/-/patch-console-2.0.0.tgz", + "integrity": "sha512-0YNdUceMdaQwoKce1gatDScmMo5pu/tfABfnzEqeG0gtTmd7mh/WcwgUjtAeOU7N8nFFlbQBnFK2gXW5fGvmMA==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-scurry": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.2.tgz", + "integrity": "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "lru-cache": "^11.0.0", + "minipass": "^7.1.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/pathe": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz", + "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==", + "dev": true, + "license": "MIT" + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dev": true, + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", + "dev": true, + "license": "MIT", + "peer": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pino": { + "version": "10.3.1", + "resolved": "https://registry.npmjs.org/pino/-/pino-10.3.1.tgz", + "integrity": "sha512-r34yH/GlQpKZbU1BvFFqOjhISRo1MNx1tWYsYvmj6KIRHSPMT2+yHOEb1SG6NMvRoHRF0a07kCOox/9yakl1vg==", + "license": "MIT", + "dependencies": { + "@pinojs/redact": "^0.4.0", + "atomic-sleep": "^1.0.0", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^3.0.0", + "pino-std-serializers": "^7.0.0", + "process-warning": "^5.0.0", + "quick-format-unescaped": "^4.0.3", + "real-require": "^0.2.0", + "safe-stable-stringify": "^2.3.1", + "sonic-boom": "^4.0.1", + "thread-stream": "^4.0.0" + }, + "bin": { + "pino": "bin.js" + } + }, + "node_modules/pino-abstract-transport": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-3.0.0.tgz", + "integrity": "sha512-wlfUczU+n7Hy/Ha5j9a/gZNy7We5+cXp8YL+X+PG8S0KXxw7n/JXA3c46Y0zQznIJ83URJiwy7Lh56WLokNuxg==", + "license": "MIT", + "dependencies": { + "split2": "^4.0.0" + } + }, + "node_modules/pino-roll": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/pino-roll/-/pino-roll-4.0.0.tgz", + "integrity": "sha512-axI1aQaIxXdw1F4OFFli1EDxIrdYNGLowkw/ZoZogX8oCSLHUghzwVVXUS8U+xD/Savwa5IXpiXmsSGKFX/7Sg==", + "license": "MIT", + "dependencies": { + "date-fns": "^4.1.0", + "sonic-boom": "^4.0.1" + } + }, + "node_modules/pino-std-serializers": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.1.0.tgz", + "integrity": "sha512-BndPH67/JxGExRgiX1dX0w1FvZck5Wa4aal9198SrRhZjH3GxKQUKIBnYJTdj2HDN3UQAS06HlfcSbQj2OHmaw==", + "license": "MIT" + }, + "node_modules/plist": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/plist/-/plist-3.1.0.tgz", + "integrity": "sha512-uysumyrvkUX0rX/dEVqt8gC3sTBzd4zoWfLeS29nb53imdaXVvLINYXTI2GNqzaMuvacNx4uJQ8+b3zXR0pkgQ==", + "license": "MIT", + "dependencies": { + "@xmldom/xmldom": "^0.8.8", + "base64-js": "^1.5.1", + "xmlbuilder": "^15.1.1" + }, + "engines": { + "node": ">=10.4.0" + } + }, + "node_modules/postcss": { + "version": "8.5.6", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", + "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss/node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/process-warning": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-5.0.0.tgz", + "integrity": "sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "MIT" + }, + "node_modules/prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "license": "MIT", + "dependencies": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/quick-format-unescaped": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/quick-format-unescaped/-/quick-format-unescaped-4.0.4.tgz", + "integrity": "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==", + "license": "MIT" + }, + "node_modules/react": { + "version": "19.2.4", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.4.tgz", + "integrity": "sha512-9nfp2hYpCwOjAN+8TZFGhtWEwgvWHXqESH8qT89AT/lWklpLON22Lc8pEtnpsZz7VmawabSU0gCjnj8aC0euHQ==", + "license": "MIT", + "peer": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-reconciler": { + "version": "0.32.0", + "resolved": "https://registry.npmjs.org/react-reconciler/-/react-reconciler-0.32.0.tgz", + "integrity": "sha512-2NPMOzgTlG0ZWdIf3qG+dcbLSoAc/uLfOwckc3ofy5sSK0pLJqnQLpUFxvGcN2rlXSjnVtGeeFLNimCQEj5gOQ==", + "license": "MIT", + "dependencies": { + "scheduler": "^0.26.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "peerDependencies": { + "react": "^19.1.0" + } + }, + "node_modules/real-require": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz", + "integrity": "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==", + "license": "MIT", + "engines": { + "node": ">= 12.13.0" + } + }, + "node_modules/restore-cursor": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz", + "integrity": "sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==", + "license": "MIT", + "dependencies": { + "onetime": "^5.1.0", + "signal-exit": "^3.0.2" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/rimraf": { + "version": "6.1.3", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.1.3.tgz", + "integrity": "sha512-LKg+Cr2ZF61fkcaK1UdkH2yEBBKnYjTyWzTJT6KNPcSPaiT7HSdhtMXQuN5wkTX0Xu72KQ1l8S42rlmexS2hSA==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "glob": "^13.0.3", + "package-json-from-dist": "^1.0.1" + }, + "bin": { + "rimraf": "dist/esm/bin.mjs" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rollup": { + "version": "4.58.0", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.58.0.tgz", + "integrity": "sha512-wbT0mBmWbIvvq8NeEYWWvevvxnOyhKChir47S66WCxw1SXqhw7ssIYejnQEVt7XYQpsj2y8F9PM+Cr3SNEa0gw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.58.0", + "@rollup/rollup-android-arm64": "4.58.0", + "@rollup/rollup-darwin-arm64": "4.58.0", + "@rollup/rollup-darwin-x64": "4.58.0", + "@rollup/rollup-freebsd-arm64": "4.58.0", + "@rollup/rollup-freebsd-x64": "4.58.0", + "@rollup/rollup-linux-arm-gnueabihf": "4.58.0", + "@rollup/rollup-linux-arm-musleabihf": "4.58.0", + "@rollup/rollup-linux-arm64-gnu": "4.58.0", + "@rollup/rollup-linux-arm64-musl": "4.58.0", + "@rollup/rollup-linux-loong64-gnu": "4.58.0", + "@rollup/rollup-linux-loong64-musl": "4.58.0", + "@rollup/rollup-linux-ppc64-gnu": "4.58.0", + "@rollup/rollup-linux-ppc64-musl": "4.58.0", + "@rollup/rollup-linux-riscv64-gnu": "4.58.0", + "@rollup/rollup-linux-riscv64-musl": "4.58.0", + "@rollup/rollup-linux-s390x-gnu": "4.58.0", + "@rollup/rollup-linux-x64-gnu": "4.58.0", + "@rollup/rollup-linux-x64-musl": "4.58.0", + "@rollup/rollup-openbsd-x64": "4.58.0", + "@rollup/rollup-openharmony-arm64": "4.58.0", + "@rollup/rollup-win32-arm64-msvc": "4.58.0", + "@rollup/rollup-win32-ia32-msvc": "4.58.0", + "@rollup/rollup-win32-x64-gnu": "4.58.0", + "@rollup/rollup-win32-x64-msvc": "4.58.0", + "fsevents": "~2.3.2" + } + }, + "node_modules/safe-stable-stringify": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz", + "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/scheduler": { + "version": "0.26.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.26.0.tgz", + "integrity": "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.7.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", + "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/sharp": { + "version": "0.34.5", + "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz", + "integrity": "sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==", + "hasInstallScript": true, + "license": "Apache-2.0", + "dependencies": { + "@img/colour": "^1.0.0", + "detect-libc": "^2.1.2", + "semver": "^7.7.3" + }, + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-darwin-arm64": "0.34.5", + "@img/sharp-darwin-x64": "0.34.5", + "@img/sharp-libvips-darwin-arm64": "1.2.4", + "@img/sharp-libvips-darwin-x64": "1.2.4", + "@img/sharp-libvips-linux-arm": "1.2.4", + "@img/sharp-libvips-linux-arm64": "1.2.4", + "@img/sharp-libvips-linux-ppc64": "1.2.4", + "@img/sharp-libvips-linux-riscv64": "1.2.4", + "@img/sharp-libvips-linux-s390x": "1.2.4", + "@img/sharp-libvips-linux-x64": "1.2.4", + "@img/sharp-libvips-linuxmusl-arm64": "1.2.4", + "@img/sharp-libvips-linuxmusl-x64": "1.2.4", + "@img/sharp-linux-arm": "0.34.5", + "@img/sharp-linux-arm64": "0.34.5", + "@img/sharp-linux-ppc64": "0.34.5", + "@img/sharp-linux-riscv64": "0.34.5", + "@img/sharp-linux-s390x": "0.34.5", + "@img/sharp-linux-x64": "0.34.5", + "@img/sharp-linuxmusl-arm64": "0.34.5", + "@img/sharp-linuxmusl-x64": "0.34.5", + "@img/sharp-wasm32": "0.34.5", + "@img/sharp-win32-arm64": "0.34.5", + "@img/sharp-win32-ia32": "0.34.5", + "@img/sharp-win32-x64": "0.34.5" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/siginfo": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz", + "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==", + "dev": true, + "license": "ISC" + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "license": "ISC" + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "license": "MIT" + }, + "node_modules/sixel": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/sixel/-/sixel-0.16.0.tgz", + "integrity": "sha512-xicu6Y6Cyhmv5rjyHxq2r5RnKerlL/nyZEGjOU5bLCshXkZryc9JFJThTCKPOAtWXCfeWquEKFVFfMPcTD25PA==", + "license": "MIT" + }, + "node_modules/slice-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-7.1.2.tgz", + "integrity": "sha512-iOBWFgUX7caIZiuutICxVgX1SdxwAVFFKwt1EvMYYec/NWO5meOJ6K5uQxhrYBdQJne4KxiqZc+KptFOWFSI9w==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.2.1", + "is-fullwidth-code-point": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/sonic-boom": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.1.tgz", + "integrity": "sha512-w6AxtubXa2wTXAUsZMMWERrsIRAdrK0Sc+FUytWvYAhBJLyuI4llrMIC1DtlNSdI99EI86KZum2MMq3EAZlF9Q==", + "license": "MIT", + "dependencies": { + "atomic-sleep": "^1.0.0" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/split2": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==", + "license": "ISC", + "engines": { + "node": ">= 10.x" + } + }, + "node_modules/stack-utils": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "integrity": "sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==", + "license": "MIT", + "dependencies": { + "escape-string-regexp": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/stackback": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz", + "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==", + "dev": true, + "license": "MIT" + }, + "node_modules/std-env": { + "version": "3.10.0", + "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz", + "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==", + "dev": true, + "license": "MIT" + }, + "node_modules/stdin-discarder": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/stdin-discarder/-/stdin-discarder-0.2.2.tgz", + "integrity": "sha512-UhDfHmA92YAlNnCfhmq0VeNL5bDbiZGg7sZ2IvPsXubGkiNa9EC+tUTsjBRsYUAz87btI6/1wf4XoVvQ3uRnmQ==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/string-width": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.0.tgz", + "integrity": "sha512-6hJPQ8N0V0P3SNmP6h2J99RLuzrWz2gvT7VnK5tKvrNqJoyS9W4/Fb8mo31UiPvy00z7DQXkP2hnKBVav76thw==", + "license": "MIT", + "dependencies": { + "get-east-asian-width": "^1.5.0", + "strip-ansi": "^7.1.2" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/strip-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/supports-color": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-10.2.2.tgz", + "integrity": "sha512-SS+jx45GF1QjgEXQx4NJZV9ImqmO2NPz5FNsIHrsDjh2YsHnawpan7SNQ1o8NuhrbHZy9AZhIoCUiCeaW/C80g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/thread-stream": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.0.0.tgz", + "integrity": "sha512-4iMVL6HAINXWf1ZKZjIPcz5wYaOdPhtO8ATvZ+Xqp3BTdaqtAwQkNmKORqcIo5YkQqGXq5cwfswDwMqqQNrpJA==", + "license": "MIT", + "dependencies": { + "real-require": "^0.2.0" + }, + "engines": { + "node": ">=20" + } + }, + "node_modules/tinybench": { + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz", + "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==", + "dev": true, + "license": "MIT" + }, + "node_modules/tinyexec": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.2.tgz", + "integrity": "sha512-W/KYk+NFhkmsYpuHq5JykngiOCnxeVL8v8dFnqxSD8qEEdRfXk1SDM6JzNqcERbcGYj9tMrDQBYV9cjgnunFIg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/tinyglobby": { + "version": "0.2.15", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz", + "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "fdir": "^6.5.0", + "picomatch": "^4.0.3" + }, + "engines": { + "node": ">=12.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/SuperchupuDev" + } + }, + "node_modules/tinyrainbow": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.0.3.tgz", + "integrity": "sha512-PSkbLUoxOFRzJYjjxHJt9xro7D+iilgMX/C9lawzVuYiIdcihh9DXmVibBe8lmcFrRi/VzlPjBxbN7rH24q8/Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD", + "optional": true + }, + "node_modules/type-fest": { + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", + "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/undici-types": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/vite": { + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz", + "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "esbuild": "^0.27.0", + "fdir": "^6.5.0", + "picomatch": "^4.0.3", + "postcss": "^8.5.6", + "rollup": "^4.43.0", + "tinyglobby": "^0.2.15" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^20.19.0 || >=22.12.0", + "jiti": ">=1.21.0", + "less": "^4.0.0", + "lightningcss": "^1.21.0", + "sass": "^1.70.0", + "sass-embedded": "^1.70.0", + "stylus": ">=0.54.8", + "sugarss": "^5.0.0", + "terser": "^5.16.0", + "tsx": "^4.8.1", + "yaml": "^2.4.2" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "jiti": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + }, + "tsx": { + "optional": true + }, + "yaml": { + "optional": true + } + } + }, + "node_modules/vite/node_modules/@esbuild/aix-ppc64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.3.tgz", + "integrity": "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/android-arm": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.3.tgz", + "integrity": "sha512-i5D1hPY7GIQmXlXhs2w8AWHhenb00+GxjxRncS2ZM7YNVGNfaMxgzSGuO8o8SJzRc/oZwU2bcScvVERk03QhzA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/android-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.3.tgz", + "integrity": "sha512-YdghPYUmj/FX2SYKJ0OZxf+iaKgMsKHVPF1MAq/P8WirnSpCStzKJFjOjzsW0QQ7oIAiccHdcqjbHmJxRb/dmg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/android-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.3.tgz", + "integrity": "sha512-IN/0BNTkHtk8lkOM8JWAYFg4ORxBkZQf9zXiEOfERX/CzxW3Vg1ewAhU7QSWQpVIzTW+b8Xy+lGzdYXV6UZObQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/darwin-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.3.tgz", + "integrity": "sha512-Re491k7ByTVRy0t3EKWajdLIr0gz2kKKfzafkth4Q8A5n1xTHrkqZgLLjFEHVD+AXdUGgQMq+Godfq45mGpCKg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/darwin-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.3.tgz", + "integrity": "sha512-vHk/hA7/1AckjGzRqi6wbo+jaShzRowYip6rt6q7VYEDX4LEy1pZfDpdxCBnGtl+A5zq8iXDcyuxwtv3hNtHFg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/freebsd-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.3.tgz", + "integrity": "sha512-ipTYM2fjt3kQAYOvo6vcxJx3nBYAzPjgTCk7QEgZG8AUO3ydUhvelmhrbOheMnGOlaSFUoHXB6un+A7q4ygY9w==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/freebsd-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.3.tgz", + "integrity": "sha512-dDk0X87T7mI6U3K9VjWtHOXqwAMJBNN2r7bejDsc+j03SEjtD9HrOl8gVFByeM0aJksoUuUVU9TBaZa2rgj0oA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-arm": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.3.tgz", + "integrity": "sha512-s6nPv2QkSupJwLYyfS+gwdirm0ukyTFNl3KTgZEAiJDd+iHZcbTPPcWCcRYH+WlNbwChgH2QkE9NSlNrMT8Gfw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.3.tgz", + "integrity": "sha512-sZOuFz/xWnZ4KH3YfFrKCf1WyPZHakVzTiqji3WDc0BCl2kBwiJLCXpzLzUBLgmp4veFZdvN5ChW4Eq/8Fc2Fg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-ia32": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.3.tgz", + "integrity": "sha512-yGlQYjdxtLdh0a3jHjuwOrxQjOZYD/C9PfdbgJJF3TIZWnm/tMd/RcNiLngiu4iwcBAOezdnSLAwQDPqTmtTYg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-loong64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.3.tgz", + "integrity": "sha512-WO60Sn8ly3gtzhyjATDgieJNet/KqsDlX5nRC5Y3oTFcS1l0KWba+SEa9Ja1GfDqSF1z6hif/SkpQJbL63cgOA==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-mips64el": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.3.tgz", + "integrity": "sha512-APsymYA6sGcZ4pD6k+UxbDjOFSvPWyZhjaiPyl/f79xKxwTnrn5QUnXR5prvetuaSMsb4jgeHewIDCIWljrSxw==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-ppc64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.3.tgz", + "integrity": "sha512-eizBnTeBefojtDb9nSh4vvVQ3V9Qf9Df01PfawPcRzJH4gFSgrObw+LveUyDoKU3kxi5+9RJTCWlj4FjYXVPEA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-riscv64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.3.tgz", + "integrity": "sha512-3Emwh0r5wmfm3ssTWRQSyVhbOHvqegUDRd0WhmXKX2mkHJe1SFCMJhagUleMq+Uci34wLSipf8Lagt4LlpRFWQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-s390x": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.3.tgz", + "integrity": "sha512-pBHUx9LzXWBc7MFIEEL0yD/ZVtNgLytvx60gES28GcWMqil8ElCYR4kvbV2BDqsHOvVDRrOxGySBM9Fcv744hw==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/linux-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.3.tgz", + "integrity": "sha512-Czi8yzXUWIQYAtL/2y6vogER8pvcsOsk5cpwL4Gk5nJqH5UZiVByIY8Eorm5R13gq+DQKYg0+JyQoytLQas4dA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/netbsd-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.3.tgz", + "integrity": "sha512-sDpk0RgmTCR/5HguIZa9n9u+HVKf40fbEUt+iTzSnCaGvY9kFP0YKBWZtJaraonFnqef5SlJ8/TiPAxzyS+UoA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/netbsd-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.3.tgz", + "integrity": "sha512-P14lFKJl/DdaE00LItAukUdZO5iqNH7+PjoBm+fLQjtxfcfFE20Xf5CrLsmZdq5LFFZzb5JMZ9grUwvtVYzjiA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/openbsd-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.3.tgz", + "integrity": "sha512-AIcMP77AvirGbRl/UZFTq5hjXK+2wC7qFRGoHSDrZ5v5b8DK/GYpXW3CPRL53NkvDqb9D+alBiC/dV0Fb7eJcw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/openbsd-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.3.tgz", + "integrity": "sha512-DnW2sRrBzA+YnE70LKqnM3P+z8vehfJWHXECbwBmH/CU51z6FiqTQTHFenPlHmo3a8UgpLyH3PT+87OViOh1AQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/openharmony-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.3.tgz", + "integrity": "sha512-NinAEgr/etERPTsZJ7aEZQvvg/A6IsZG/LgZy+81wON2huV7SrK3e63dU0XhyZP4RKGyTm7aOgmQk0bGp0fy2g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/sunos-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.3.tgz", + "integrity": "sha512-PanZ+nEz+eWoBJ8/f8HKxTTD172SKwdXebZ0ndd953gt1HRBbhMsaNqjTyYLGLPdoWHy4zLU7bDVJztF5f3BHA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/win32-arm64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.3.tgz", + "integrity": "sha512-B2t59lWWYrbRDw/tjiWOuzSsFh1Y/E95ofKz7rIVYSQkUYBjfSgf6oeYPNWHToFRr2zx52JKApIcAS/D5TUBnA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/win32-ia32": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.3.tgz", + "integrity": "sha512-QLKSFeXNS8+tHW7tZpMtjlNb7HKau0QDpwm49u0vUp9y1WOF+PEzkU84y9GqYaAVW8aH8f3GcBck26jh54cX4Q==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/@esbuild/win32-x64": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.3.tgz", + "integrity": "sha512-4uJGhsxuptu3OcpVAzli+/gWusVGwZZHTlS63hh++ehExkVT8SgiEf7/uC/PclrPPkLhZqGgCTjd0VWLo6xMqA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/vite/node_modules/esbuild": { + "version": "0.27.3", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz", + "integrity": "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.27.3", + "@esbuild/android-arm": "0.27.3", + "@esbuild/android-arm64": "0.27.3", + "@esbuild/android-x64": "0.27.3", + "@esbuild/darwin-arm64": "0.27.3", + "@esbuild/darwin-x64": "0.27.3", + "@esbuild/freebsd-arm64": "0.27.3", + "@esbuild/freebsd-x64": "0.27.3", + "@esbuild/linux-arm": "0.27.3", + "@esbuild/linux-arm64": "0.27.3", + "@esbuild/linux-ia32": "0.27.3", + "@esbuild/linux-loong64": "0.27.3", + "@esbuild/linux-mips64el": "0.27.3", + "@esbuild/linux-ppc64": "0.27.3", + "@esbuild/linux-riscv64": "0.27.3", + "@esbuild/linux-s390x": "0.27.3", + "@esbuild/linux-x64": "0.27.3", + "@esbuild/netbsd-arm64": "0.27.3", + "@esbuild/netbsd-x64": "0.27.3", + "@esbuild/openbsd-arm64": "0.27.3", + "@esbuild/openbsd-x64": "0.27.3", + "@esbuild/openharmony-arm64": "0.27.3", + "@esbuild/sunos-x64": "0.27.3", + "@esbuild/win32-arm64": "0.27.3", + "@esbuild/win32-ia32": "0.27.3", + "@esbuild/win32-x64": "0.27.3" + } + }, + "node_modules/vitest": { + "version": "4.0.18", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.18.tgz", + "integrity": "sha512-hOQuK7h0FGKgBAas7v0mSAsnvrIgAvWmRFjmzpJ7SwFHH3g1k2u37JtYwOwmEKhK6ZO3v9ggDBBm0La1LCK4uQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/expect": "4.0.18", + "@vitest/mocker": "4.0.18", + "@vitest/pretty-format": "4.0.18", + "@vitest/runner": "4.0.18", + "@vitest/snapshot": "4.0.18", + "@vitest/spy": "4.0.18", + "@vitest/utils": "4.0.18", + "es-module-lexer": "^1.7.0", + "expect-type": "^1.2.2", + "magic-string": "^0.30.21", + "obug": "^2.1.1", + "pathe": "^2.0.3", + "picomatch": "^4.0.3", + "std-env": "^3.10.0", + "tinybench": "^2.9.0", + "tinyexec": "^1.0.2", + "tinyglobby": "^0.2.15", + "tinyrainbow": "^3.0.3", + "vite": "^6.0.0 || ^7.0.0", + "why-is-node-running": "^2.3.0" + }, + "bin": { + "vitest": "vitest.mjs" + }, + "engines": { + "node": "^20.0.0 || ^22.0.0 || >=24.0.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + }, + "peerDependencies": { + "@edge-runtime/vm": "*", + "@opentelemetry/api": "^1.9.0", + "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0", + "@vitest/browser-playwright": "4.0.18", + "@vitest/browser-preview": "4.0.18", + "@vitest/browser-webdriverio": "4.0.18", + "@vitest/ui": "4.0.18", + "happy-dom": "*", + "jsdom": "*" + }, + "peerDependenciesMeta": { + "@edge-runtime/vm": { + "optional": true + }, + "@opentelemetry/api": { + "optional": true + }, + "@types/node": { + "optional": true + }, + "@vitest/browser-playwright": { + "optional": true + }, + "@vitest/browser-preview": { + "optional": true + }, + "@vitest/browser-webdriverio": { + "optional": true + }, + "@vitest/ui": { + "optional": true + }, + "happy-dom": { + "optional": true + }, + "jsdom": { + "optional": true + } + } + }, + "node_modules/web-streams-polyfill": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz", + "integrity": "sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/why-is-node-running": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz", + "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==", + "dev": true, + "license": "MIT", + "dependencies": { + "siginfo": "^2.0.0", + "stackback": "0.0.2" + }, + "bin": { + "why-is-node-running": "cli.js" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz", + "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.2.1", + "string-width": "^7.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/string-width": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz", + "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^10.3.0", + "get-east-asian-width": "^1.0.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ws": { + "version": "8.19.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz", + "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/xmlbuilder": { + "version": "15.1.1", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-15.1.1.tgz", + "integrity": "sha512-yMqGBqtXyeN1e3TGYvgNgDVZ3j84W4cwkOXQswghol6APgZWaff9lnbvN7MHYJOiXsvGPXtjTYJEiC9J2wv9Eg==", + "license": "MIT", + "engines": { + "node": ">=8.0" + } + }, + "node_modules/yoga-layout": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/yoga-layout/-/yoga-layout-3.2.1.tgz", + "integrity": "sha512-0LPOt3AxKqMdFBZA3HBAt/t/8vIKq7VaQYbuA8WxCgung+p9TVyKRYdpvCb80HcdTN2NkbIKbhNwKUfm3tQywQ==", + "license": "MIT" + }, + "node_modules/zod": { + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.3.6.tgz", + "integrity": "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg==", + "license": "MIT", + "peer": true, + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + } + } +} diff --git a/modules/common-modules/pkgs/cline/default.nix b/modules/common-modules/pkgs/cline/default.nix new file mode 100644 index 0000000..05dbf48 --- /dev/null +++ b/modules/common-modules/pkgs/cline/default.nix @@ -0,0 +1,53 @@ +{ + lib, + buildNpmPackage, + fetchurl, + ripgrep, + makeWrapper, + jq, + ... +}: +buildNpmPackage rec { + pname = "cline"; + version = "2.4.2"; + + src = fetchurl { + url = "https://registry.npmjs.org/cline/-/cline-${version}.tgz"; + hash = "sha256-2utOBC0vhoj5fR+cG+Vdo3N6+i/pNW1E4mESF/dZS/c="; + }; + + sourceRoot = "package"; + + postPatch = '' + cp ${./cline-package-lock.json} package-lock.json + + # Remove @vscode/ripgrep from package.json since it tries to download + # a binary from GitHub during install, which fails in the nix sandbox. + # We provide ripgrep from nixpkgs instead via PATH wrapping. + # Also remove the man field since the man page is not included in the npm tarball. + ${jq}/bin/jq 'del(.dependencies["@vscode/ripgrep"]) | del(.man)' package.json > package.json.tmp + mv package.json.tmp package.json + ''; + + npmDepsHash = "sha256-oHo60ghR7A4SUT0cLmIe7glPDYBK3twJ0F71RKVrxQc="; + + dontNpmBuild = true; + + # Skip post-install scripts to be safe + npmFlags = ["--ignore-scripts"]; + + nativeBuildInputs = [makeWrapper jq]; + + # Provide ripgrep from nixpkgs since @vscode/ripgrep was removed + postInstall = '' + wrapProgram $out/bin/cline \ + --prefix PATH : ${lib.makeBinPath [ripgrep]} + ''; + + meta = with lib; { + description = "Autonomous coding agent CLI - capable of creating/editing files, running commands, using the browser, and more"; + homepage = "https://cline.bot"; + license = licenses.asl20; + mainProgram = "cline"; + }; +} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 2afc9f2..81af054 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -44,5 +44,8 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) + (final: prev: { + cline = pkgs.callPackage ./cline/default.nix {}; + }) ]; } diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index ffeaff3..c4d2dd7 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,6 +10,19 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + anyProfileHasInstallTool = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.installTool + ) (lib.attrValues config.programs.vscode.profiles); + + getInstallToolPackage = lib.findFirst (package: package != null) pkgs.cline (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.installTool + then profile.extraExtensions.claudeDev.package + else null + ) (lib.attrValues config.programs.vscode.profiles)); + anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable @@ -69,6 +82,17 @@ in { default = ["saoudrizwan" "claude-dev"]; }; + installTool = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to install the cline CLI tool for subagent support when the extension is enabled"; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.cline; + description = "The package to install for the cline CLI tool"; + }; + mcp = { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; @@ -145,6 +169,12 @@ in { }; config = lib.mkMerge [ + (lib.mkIf anyProfileHasInstallTool { + home.packages = [ + getInstallToolPackage + ]; + }) + (lib.mkIf anyProfileHasMcpNixos { home.packages = [ mcp-nixos From 81680932be2baae4188261c7de62b252dbc2a2e8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Feb 2026 22:03:25 -0600 Subject: [PATCH 1032/1043] feat: disabled actual --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d204c71..2cadfd5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -316,7 +316,7 @@ }; actual = { - enable = true; + enable = false; domain = "budget.jan-leila.com"; }; From 50cc74833025aa901274fd24d018f21e16f97dd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Feb 2026 22:44:23 -0600 Subject: [PATCH 1033/1043] feat: updated flake.lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 21af562..1403bb4 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1771469470, - "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=", + "lastModified": 1771881364, + "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", "owner": "nix-community", "repo": "disko", - "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13", + "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1771616655, - "narHash": "sha256-APFEjtfQf18WsP7wJRuda2dmz9W7Ur/xGyTBlWuvlgk=", + "lastModified": 1771888219, + "narHash": "sha256-XlA/l99y1Qilmd8ttYJ9y5BSse9GKoQlt9hnY8H+EHM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "55dba96bd37209fc595049a435284acbb79a5df2", + "rev": "a347c1da78da64eeb78a0c9005bdaadace33e83c", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1771625283, - "narHash": "sha256-1T88/PSNKpRNtaiXATTae0hpRnBpjmIL0b1QfGO6HBA=", + "lastModified": 1771851181, + "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "a913ae61bf3b9f4312f6097b68cdf0a0fa699279", + "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1771555311, - "narHash": "sha256-aFjIc57eYBx5jgyLcHujraPf6b/p9RWxzvOGnHML5h0=", + "lastModified": 1771901087, + "narHash": "sha256-b5eSke+C8UeR5Er+TZOzHCDStBJ68yyFlqAUc6fNBX0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "88fc33a8a8868de1ac41362fb62341513904dc0f", + "rev": "c22e7adea9adec98b3dc79be954ee17d56a232bd", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1771524872, - "narHash": "sha256-eksVUcUsfS9mQx4D9DrYu88u9w70bAf+n6KmTDuIGEE=", + "lastModified": 1771889317, + "narHash": "sha256-YV17Q5lEU0S9ppw08Y+cs4eEQJBuc79AzblFoHORLMU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e85540ffe97322dc1fea14dd11cdc2f59d540ac7", + "rev": "b027513c32e5b39b59f64626b87fbe168ae02094", "type": "github" }, "original": { From 1b5c62f2e69b56d49876b93bcf4306ab54ba2db4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Feb 2026 21:37:13 -0600 Subject: [PATCH 1034/1043] feat: added open code to packages --- configurations/home-manager/leyla/packages/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 33dd033..475269d 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -41,6 +41,7 @@ in { openrgb.enable = hardware.openRGB.enable; via.enable = hardware.viaKeyboard.enable; claude-code.enable = osConfig.host.ai.enable; + opencode.enable = osConfig.host.ai.enable; davinci-resolve.enable = hardware.graphicsAcceleration.enable; mfoc.enable = true; }) From 64e29f793fa905a82bce9a2046de98c0680d65c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 26 Feb 2026 08:15:28 -0600 Subject: [PATCH 1035/1043] feat: instealled graphql plugin for leyla vscode --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/graphql.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/graphql.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9d82ef2..41e025a 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -58,6 +58,9 @@ in { nearley.enable = true; + # graphql + graphql.enable = true; + # astro development vscodeMdx.enable = true; astroVscode.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index b735e72..6b7fbb9 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -26,5 +26,6 @@ ./direnv.nix ./conventionalCommits.nix ./openDyslexicFont.nix + ./graphql.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/graphql.nix b/modules/home-manager-modules/programs/vscode/graphql.nix new file mode 100644 index 0000000..fde08f3 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/graphql.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.graphql = { + enable = lib.mkEnableOption "should the graphql highlighting extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-graphql" { + default = ["graphql" "vscode-graphql-syntax"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.graphql.enable { + extensions = [ + config.extraExtensions.graphql.extension + ]; + }; + })); + }; +} From c4f4276680512b9d06093e530e317f56fa78d7fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 28 Feb 2026 20:19:42 -0600 Subject: [PATCH 1036/1043] feat: disabled cline --- configurations/home-manager/leyla/packages/vscode/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 41e025a..469c4ad 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -80,7 +80,7 @@ in { # claude development claudeDev = lib.mkIf ai-tooling-enabled { - enable = true; + enable = false; mcp = { nixos = { enable = true; From 12d746804db7d7890041457fef0714823f01b0b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Mar 2026 01:42:21 -0600 Subject: [PATCH 1037/1043] feat: updated vscode extensions config --- .../home-manager/leyla/packages/vscode/default.nix | 2 +- modules/home-manager-modules/programs/vscode/go.nix | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 469c4ad..e0b2d98 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -76,7 +76,7 @@ in { rustAnalyzer.enable = true; # arduino development - platformIO.enable = true; + platformIO.enable = false; # claude development claudeDev = lib.mkIf ai-tooling-enabled { diff --git a/modules/home-manager-modules/programs/vscode/go.nix b/modules/home-manager-modules/programs/vscode/go.nix index 02ffe5d..bd9b771 100644 --- a/modules/home-manager-modules/programs/vscode/go.nix +++ b/modules/home-manager-modules/programs/vscode/go.nix @@ -21,6 +21,13 @@ in { extensions = [ config.extraExtensions.go.extension ]; + userSettings = { + "go.alternateTools" = { + "gopls" = "gopls"; + }; + "go.toolsManagement.autoUpdate" = false; + "go.useLanguageServer" = true; + }; }; })); }; From 58bacc46357eccf63ecd9c3c283fb2938840f03b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 6 Mar 2026 15:33:19 -0600 Subject: [PATCH 1038/1043] feat: added keep alive to wg on defiant --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2cadfd5..19252a5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -134,6 +134,7 @@ Endpoint = "185.230.126.146:51820"; # Allow all traffic but use policy routing to prevent system-wide VPN AllowedIPs = ["0.0.0.0/0"]; + PersistentKeepalive = 25; } ]; }; From fa0adaa51145653b7bbce6404cd54f2d62cc50e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 11:15:45 -0600 Subject: [PATCH 1039/1043] feat: reenabled auto snapshot/scrubbing --- modules/nixos-modules/storage/zfs.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 1d3c1fb..0d6ca18 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -212,10 +212,10 @@ in { # in # diskWarnings ++ datasetWarnings; - # services.zfs = { - # autoScrub.enable = true; - # autoSnapshot.enable = true; - # }; + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; # # Configure disko for ZFS setup disko.devices = { From 1145703cfe30700ed12cbda894e5b3fda361fcff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 12:03:09 -0600 Subject: [PATCH 1040/1043] feat: fixed merge incompatibilities --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/defiant/configuration.nix | 1 - .../nixos/defiant/legacy-impermanence.nix | 97 ++++++++---- .../nixos/defiant/legacy-storage.nix | 147 ++++++++++++++++-- flake.lock | 125 ++++++--------- modules/home-manager-modules/impermanence.nix | 7 +- .../home-manager-modules/programs/signal.nix | 6 +- .../nixos-modules/storage/impermanence.nix | 3 + 9 files changed, 259 insertions(+), 131 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6b3c2e2..ac24fa2 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -60,7 +60,7 @@ in { bitwarden.enable = true; discord.enable = true; makemkv.enable = true; - signal-desktop-bin.enable = true; + signal-desktop.enable = true; steam.enable = true; piper.enable = hardware.piperMouse.enable; krita.enable = true; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 475269d..5f64742 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -50,7 +50,7 @@ in { android-studio.enable = true; makemkv.enable = true; discord.enable = true; - signal-desktop-bin.enable = true; + signal-desktop.enable = true; calibre.enable = true; obsidian.enable = true; jetbrains.idea-oss.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5885264..40adbd5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,7 +67,6 @@ }; storage = { - generateBase = false; zfs = { enable = true; notifications = { diff --git a/configurations/nixos/defiant/legacy-impermanence.nix b/configurations/nixos/defiant/legacy-impermanence.nix index b272fb8..4cfe18b 100644 --- a/configurations/nixos/defiant/legacy-impermanence.nix +++ b/configurations/nixos/defiant/legacy-impermanence.nix @@ -1,19 +1,32 @@ # Legacy impermanence module for defiant -# This module contains all the impermanence configurations that were previously -# handled by individual service modules on the main branch. It allows us to -# merge the storage-refactor branch into main while keeping current functionality, -# and then migrate services one at a time to the new automated impermanence system. +# See legacy-storage.nix for the full incremental migration plan. # -# To migrate a service to the new system: -# 1. Remove the service's configuration from this file -# 2. Set `impermanence.enable = true` for that service in configuration.nix -# 3. Remove `impermanence.enable = false` from the service configuration +# This file is consumed in two phases: +# +# Phase 3 (after generateBase is enabled): +# Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be +# handled automatically by storage.nix, ssh.nix, and the impermanence module: +# - var-lib-private-permissions activation script +# - /etc/machine-id +# - SSH host keys +# - /var/lib/nixos +# - /var/lib/systemd/coredump +# - /persist/system/var/log persistence block +# +# Phase 4 (migrate services one at a time, any order): +# For each service: +# 1. Remove the service's section marked [PHASE 4] from this file +# 2. Remove `impermanence.enable = false` for that service in configuration.nix +# For jellyfin/qbittorrent, also remove the separate media persistence blocks. +# +# Phase 5: Delete this file once empty. { config, lib, ... }: { config = lib.mkIf config.storage.impermanence.enable { + # [PHASE 3] Remove this activation script after enabling generateBase system.activationScripts = { "var-lib-private-permissions" = { deps = ["specialfs"]; @@ -27,8 +40,28 @@ environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; + # [PHASE 3] Remove this files block after enabling generateBase + files = lib.mkMerge [ + ["/etc/machine-id"] + # SSH host keys + (lib.mkIf config.services.openssh.enable ( + lib.lists.flatten ( + builtins.map (hostKey: [ + hostKey.path + "${hostKey.path}.pub" + ]) + config.services.openssh.hostKeys + ) + )) + ]; directories = lib.mkMerge [ - # PostgreSQL + # [PHASE 3] Remove these system directories after enabling generateBase + [ + "/var/lib/nixos" + "/var/lib/systemd/coredump" + ] + + # [PHASE 4] PostgreSQL (lib.mkIf config.services.postgresql.enable [ { directory = "/var/lib/postgresql/16"; @@ -37,7 +70,7 @@ } ]) - # Reverse Proxy (ACME) + # [PHASE 4] Reverse Proxy (ACME) (lib.mkIf config.services.reverseProxy.enable [ { directory = "/var/lib/acme"; @@ -46,7 +79,7 @@ } ]) - # Ollama + # [PHASE 4] Ollama (lib.mkIf config.services.ollama.enable [ { directory = "/var/lib/private/ollama"; @@ -56,7 +89,7 @@ } ]) - # Tailscale + # [PHASE 4] Tailscale (lib.mkIf config.services.tailscale.enable [ { directory = "/var/lib/tailscale"; @@ -65,7 +98,7 @@ } ]) - # Syncthing + # [PHASE 4] Syncthing (lib.mkIf config.services.syncthing.enable [ { directory = "/mnt/sync"; @@ -79,7 +112,7 @@ } ]) - # Fail2ban + # [PHASE 4] Fail2ban (lib.mkIf config.services.fail2ban.enable [ { directory = "/var/lib/fail2ban"; @@ -88,7 +121,7 @@ } ]) - # Jellyfin (data/cache only - media is on separate dataset) + # [PHASE 4] Jellyfin (data/cache only - media is on separate dataset) (lib.mkIf config.services.jellyfin.enable [ { directory = "/var/lib/jellyfin"; @@ -102,7 +135,7 @@ } ]) - # Immich + # [PHASE 4] Immich (lib.mkIf config.services.immich.enable [ { directory = "/var/lib/immich"; @@ -111,7 +144,7 @@ } ]) - # Forgejo + # [PHASE 4] Forgejo (lib.mkIf config.services.forgejo.enable [ { directory = "/var/lib/forgejo"; @@ -120,7 +153,7 @@ } ]) - # Actual + # [PHASE 4] Actual (lib.mkIf config.services.actual.enable [ { directory = "/var/lib/private/actual"; @@ -129,7 +162,7 @@ } ]) - # Home Assistant + # [PHASE 4] Home Assistant (lib.mkIf config.services.home-assistant.enable [ { directory = "/var/lib/hass"; @@ -138,7 +171,7 @@ } ]) - # Paperless + # [PHASE 4] Paperless (lib.mkIf config.services.paperless.enable [ { directory = "/var/lib/paperless"; @@ -147,7 +180,7 @@ } ]) - # Crab-hole + # [PHASE 4] Crab-hole (lib.mkIf config.services.crab-hole.enable [ { directory = "/var/lib/private/crab-hole"; @@ -156,7 +189,7 @@ } ]) - # qBittorrent (config only - media is on separate dataset) + # [PHASE 4] qBittorrent (config only - media is on separate dataset) (lib.mkIf config.services.qbittorrent.enable [ { directory = "/var/lib/qBittorrent/"; @@ -165,7 +198,7 @@ } ]) - # Sonarr + # [PHASE 4] Sonarr (lib.mkIf config.services.sonarr.enable [ { directory = "/var/lib/sonarr/.config/NzbDrone"; @@ -174,7 +207,7 @@ } ]) - # Radarr + # [PHASE 4] Radarr (lib.mkIf config.services.radarr.enable [ { directory = "/var/lib/radarr/.config/Radarr"; @@ -183,7 +216,7 @@ } ]) - # Bazarr + # [PHASE 4] Bazarr (lib.mkIf config.services.bazarr.enable [ { directory = "/var/lib/bazarr"; @@ -192,7 +225,7 @@ } ]) - # Lidarr + # [PHASE 4] Lidarr (lib.mkIf config.services.lidarr.enable [ { directory = "/var/lib/lidarr/.config/Lidarr"; @@ -201,7 +234,7 @@ } ]) - # Jackett + # [PHASE 4] Jackett (lib.mkIf config.services.jackett.enable [ { directory = "/var/lib/jackett/.config/Jackett"; @@ -210,7 +243,7 @@ } ]) - # FlareSolverr + # [PHASE 4] FlareSolverr (lib.mkIf config.services.flaresolverr.enable [ { directory = "/var/lib/flaresolverr"; @@ -221,7 +254,8 @@ ]; }; - # Jellyfin media on separate dataset (matching main) + # [PHASE 4 - LAST] Jellyfin media on separate dataset + # Requires Phase 2 media dataset merge before migrating (several days of data copy) environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable { enable = true; hideMounts = true; @@ -235,7 +269,8 @@ ]; }; - # qBittorrent media on separate dataset (matching main) + # [PHASE 4 - LAST] qBittorrent media on separate dataset + # Requires Phase 2 media dataset merge before migrating (several days of data copy) environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable { enable = true; hideMounts = true; @@ -249,7 +284,7 @@ ]; }; - # /var/log persistence (matching main) + # [PHASE 3] /var/log persistence - handled by storage.nix after generateBase environment.persistence."/persist/system/var/log" = { enable = true; hideMounts = true; diff --git a/configurations/nixos/defiant/legacy-storage.nix b/configurations/nixos/defiant/legacy-storage.nix index b998e2c..9ab79a6 100644 --- a/configurations/nixos/defiant/legacy-storage.nix +++ b/configurations/nixos/defiant/legacy-storage.nix @@ -1,20 +1,131 @@ # Legacy storage configuration for defiant -# This file manually defines ZFS datasets matching the main branch structure -# to allow incremental migration to the new storage module. +# This file manually defines ZFS datasets matching the existing on-disk layout +# to allow incremental migration to the new storage module (generateBase = true). # -# Datasets from main branch: -# - local/ - ephemeral parent -# - local/home/leyla - ephemeral user home -# - local/system/nix - nix store -# - local/system/root - root filesystem (rolled back on boot) -# - local/system/sops - sops age key -# - persist/ - persistent parent -# - persist/home/leyla - persistent user home -# - persist/system/jellyfin - jellyfin media -# - persist/system/qbittorrent - qbittorrent media -# - persist/system/root - persistent root data -# - persist/system/var/log - log persistence +# ============================================================================ +# INCREMENTAL MIGRATION PLAN +# ============================================================================ +# +# Current disk usage (for reference): +# rpool/local/system/nix ~26G (renamed in place, no copy) +# rpool/local/system/sops ~328K (renamed in place, no copy) +# rpool/persist/system/jellyfin ~32T (renamed in place, no copy) +# rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp) +# rpool free space ~30T +# +# Phase 1: Migrate base datasets on disk (boot from live USB or rescue) +# All operations in this phase are instant renames -- no data is copied. +# +# Unlock the pool: +# zfs load-key -a +# +# Step 1a: Move nix and sops out of local/ (they go to persist/local/) +# The -p flag auto-creates the parent datasets. +# +# zfs rename -p rpool/local/system/nix rpool/persist/local/nix +# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops +# +# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it) +# zfs rename rpool/local rpool/ephemeral +# # This moves: local/system/root -> ephemeral/system/root +# # local/home/leyla -> ephemeral/home/leyla +# +# Step 1c: Recreate blank snapshots on ephemeral datasets +# zfs destroy rpool/ephemeral/system/root@blank +# zfs snapshot rpool/ephemeral/system/root@blank +# zfs destroy rpool/ephemeral/home/leyla@blank +# zfs snapshot rpool/ephemeral/home/leyla@blank +# +# Step 1d: Move persist/ children under persist/replicate/ +# zfs create -o canmount=off rpool/persist/replicate +# zfs create -o canmount=off rpool/persist/replicate/system +# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root +# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var +# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home +# # Clean up the now-empty home parent +# zfs destroy rpool/persist/home +# # NOTE: Do NOT destroy rpool/persist/system -- it still contains +# # persist/system/jellyfin and persist/system/qbittorrent which are +# # migrated in Phase 2. +# +# Verify the new layout: +# zfs list -r rpool -o name,used,mountpoint +# +# Phase 2: Merge media into a single dataset (do this last) +# Strategy: Rename the jellyfin dataset to become the shared media dataset +# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy). +# This avoids duplicating the 32T jellyfin dataset. +# +# Step 2a: Rename jellyfin dataset to the shared media name +# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media +# +# Step 2b: Copy qbittorrent data into the media dataset +# This copies ~6.5T and may take several hours/days depending on disk speed. +# The qbittorrent data is not critical to back up so no snapshot needed. +# +# systemctl stop qbittorrent +# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/ +# +# Step 2c: Verify the data and clean up +# ls -la /persist/replicate/system/media/ +# zfs destroy rpool/persist/system/qbittorrent +# # persist/system should now be empty, clean it up: +# zfs destroy rpool/persist/system +# +# Phase 3: Enable generateBase +# In the nix config: +# - Delete this file (legacy-storage.nix) and remove its import from default.nix +# - Remove [PHASE 3] entries from legacy-impermanence.nix: +# - var-lib-private-permissions activation script +# - /etc/machine-id, SSH host keys (files block) +# - /var/lib/nixos, /var/lib/systemd/coredump (directories) +# - /persist/system/var/log persistence block +# These are now handled automatically by storage.nix and ssh.nix. +# Rebuild and verify: +# sudo nixos-rebuild switch --flake .#defiant +# # Verify mounts: findmnt -t fuse.bindfs,fuse +# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos +# # Verify boot: reboot and confirm system comes up cleanly +# +# Phase 4: Migrate services (one at a time, any order) +# For each service (except jellyfin/qbittorrent): +# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix +# 2. Remove `impermanence.enable = false` for that service in configuration.nix +# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant +# 4. Verify: systemctl status , check the service's data is intact +# No data migration is needed -- the data already lives on the renamed +# dataset at the new path. +# +# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge): +# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix +# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix +# 3. Remove `impermanence.enable = false` for both in configuration.nix +# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant +# 5. Verify: systemctl status jellyfin qbittorrent +# +# Phase 5: Cleanup +# Once all services are migrated and legacy-impermanence.nix is empty: +# - Delete legacy-impermanence.nix and remove its import from default.nix +# - Rebuild: sudo nixos-rebuild switch --flake .#defiant +# +# ============================================================================ +# +# Current on-disk dataset layout: +# rpool/local/ - ephemeral parent +# rpool/local/home/leyla - ephemeral user home (rolled back on boot) +# rpool/local/system/nix - nix store +# rpool/local/system/root - root filesystem (rolled back on boot) +# rpool/local/system/sops - sops age key +# rpool/persist/ - persistent parent +# rpool/persist/home/leyla - persistent user home +# rpool/persist/system/jellyfin - jellyfin media +# rpool/persist/system/qbittorrent - qbittorrent media +# rpool/persist/system/root - persistent root data +# rpool/persist/system/var/log - log persistence {lib, ...}: { + # Disable automatic base dataset generation so we can define them manually + storage.generateBase = false; + # Manually define ZFS datasets matching main's structure storage.zfs.datasets = { # Ephemeral datasets (local/) @@ -47,7 +158,7 @@ }; "local/system/sops" = { type = "zfs_fs"; - mount = "/persist/sops"; + mount = "/var/lib/sops-nix"; }; # Persistent datasets (persist/) @@ -87,9 +198,10 @@ }; }; - # Boot commands to rollback ephemeral root on boot + # Boot commands to rollback ephemeral root and user homes on boot boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/local/home/leyla@blank ''; # FileSystems needed for boot @@ -99,5 +211,8 @@ "/persist/system/var/log".neededForBoot = true; "/persist/system/jellyfin".neededForBoot = true; "/persist/system/qbittorrent".neededForBoot = true; + "/var/lib/sops-nix".neededForBoot = true; + "/persist/home/leyla".neededForBoot = true; + "/home/leyla".neededForBoot = true; }; } diff --git a/flake.lock b/flake.lock index 1403bb4..14c8561 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1771881364, - "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", + "lastModified": 1772867152, + "narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=", "owner": "nix-community", "repo": "disko", - "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", + "rev": "eaafb89b56e948661d618eefd4757d9ea8d77514", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1771888219, - "narHash": "sha256-XlA/l99y1Qilmd8ttYJ9y5BSse9GKoQlt9hnY8H+EHM=", + "lastModified": 1772856163, + "narHash": "sha256-xD+d1+FVhKJ+oFYMTWOdVSBoXS4yeMyVZyDjMXqWEJE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a347c1da78da64eeb78a0c9005bdaadace33e83c", + "rev": "d358a550c7beac5f04fbc5a786e14af079606689", "type": "gitlab" }, "original": { @@ -115,32 +115,11 @@ ] }, "locked": { - "lastModified": 1771851181, - "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", + "lastModified": 1772845525, + "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", "owner": "nix-community", "repo": "home-manager", - "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "impermanence", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768598210, - "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", + "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", "type": "github" }, "original": { @@ -150,12 +129,20 @@ } }, "impermanence": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -204,14 +191,14 @@ "mcp-nixos": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1769804089, - "narHash": "sha256-Wkot1j0cTx64xxjmLXzPubTckaZBSUJFhESEdOzPYas=", + "lastModified": 1772769318, + "narHash": "sha256-RAyOW5JMXRhiREqxFPOzw80fVsYVBnOPFgBSjnJ6gbY=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "37a691ea4ea9c8bdcccfe174c6127847b8213fd3", + "rev": "60c1efbba0de1268b42f1144c904e6c8a9627dde", "type": "github" }, "original": { @@ -227,11 +214,11 @@ ] }, "locked": { - "lastModified": 1771520882, - "narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=", + "lastModified": 1772379624, + "narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf", + "rev": "52d061516108769656a8bd9c6e811c677ec5b462", "type": "github" }, "original": { @@ -268,11 +255,11 @@ ] }, "locked": { - "lastModified": 1771901087, - "narHash": "sha256-b5eSke+C8UeR5Er+TZOzHCDStBJ68yyFlqAUc6fNBX0=", + "lastModified": 1772850876, + "narHash": "sha256-Ga19zlfMpakCY4GMwBSOljNLOF0nEYrYBXv0hP/d4rw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c22e7adea9adec98b3dc79be954ee17d56a232bd", + "rev": "22f084d4c280dfc8a9d764f7b85af38e5d69c3dc", "type": "github" }, "original": { @@ -283,11 +270,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771423359, - "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=", + "lastModified": 1771969195, + "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b", + "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", "type": "github" }, "original": { @@ -299,15 +286,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", + "lastModified": 1767640445, + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -330,37 +317,21 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767640445, - "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", - "owner": "NixOS", + "lastModified": 1772773019, + "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", + "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { - "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -378,7 +349,7 @@ }, "noita-entangled-worlds": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay", "systems": "systems_2" }, @@ -410,7 +381,7 @@ "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "noita-entangled-worlds": "noita-entangled-worlds", "secrets": "secrets", "sops-nix": "sops-nix" @@ -460,11 +431,11 @@ ] }, "locked": { - "lastModified": 1771889317, - "narHash": "sha256-YV17Q5lEU0S9ppw08Y+cs4eEQJBuc79AzblFoHORLMU=", + "lastModified": 1772495394, + "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b027513c32e5b39b59f64626b87fbe168ae02094", + "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index f5e9869..fcc130d 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -26,8 +26,13 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/replicate/home" = { + home.persistence."${ + if osConfig.storage.generateBase + then "/persist/replicate/home" + else "/persist/home/${config.home.username}" + }" = { directories = ["."]; + allowOther = true; }; }) ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 962a139..bf5205e 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -4,14 +4,14 @@ config, ... }: { - options.programs.signal-desktop-bin = { + options.programs.signal-desktop = { enable = lib.mkEnableOption "enable signal"; }; - config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ + config = lib.mkIf config.programs.signal-desktop.enable (lib.mkMerge [ { home.packages = with pkgs; [ - signal-desktop-bin + signal-desktop ]; } ( diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 637e882..4fdf803 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -81,6 +81,9 @@ in { programs.fuse.userAllowOther = true; + # Suppress sudo lecture on every boot since impermanence wipes the lecture status file + security.sudo.extraConfig = "Defaults lecture=never"; + fileSystems = lib.mapAttrs' ( datasetName: dataset: From 2f7bbf3e1c8a8d7aa5a34aedd5ee033cef58efc4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 14:33:08 -0600 Subject: [PATCH 1041/1043] feat: fixed more missing datasets --- configurations/nixos/emergent/default.nix | 1 + .../nixos/emergent/legacy-storage.nix | 51 +++++++++++++++++++ modules/nixos-modules/storage/storage.nix | 2 +- modules/nixos-modules/storage/zfs.nix | 8 ++- modules/nixos-modules/users.nix | 7 ++- 5 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 configurations/nixos/emergent/legacy-storage.nix diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 452334a..3acaeda 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./legacy-storage.nix ]; } diff --git a/configurations/nixos/emergent/legacy-storage.nix b/configurations/nixos/emergent/legacy-storage.nix new file mode 100644 index 0000000..2b24729 --- /dev/null +++ b/configurations/nixos/emergent/legacy-storage.nix @@ -0,0 +1,51 @@ +# Legacy storage configuration for emergent +# This file manually defines ZFS datasets matching the existing on-disk layout +# to allow incremental migration to the new storage module (generateBase = true). +# +# Current on-disk dataset layout: +# rpool/local/ - parent (canmount=off) +# rpool/local/system/nix - nix store +# rpool/local/system/root - root filesystem +# +# Migration plan: +# Phase 1: Rename datasets on disk (boot from live USB) +# zfs rename -p rpool/local/system/nix rpool/persist/local/nix +# zfs rename rpool/local rpool/persist/local +# # This moves: local/system/root -> persist/local/root (need to rename after) +# # Actually, since local/system/root needs to become persist/local/root: +# zfs rename rpool/persist/local/system/root rpool/persist/local/root +# zfs destroy rpool/persist/local/system # now empty +# # Recreate blank snapshot: +# zfs destroy rpool/persist/local/root@blank +# zfs snapshot rpool/persist/local/root@blank +# +# Phase 2: Delete this file, remove its import from default.nix, rebuild. +{...}: { + # Disable automatic base dataset generation so we can define them manually + storage.generateBase = false; + + # Manually define ZFS datasets matching the existing on-disk layout + storage.zfs.datasets = { + "local" = { + type = "zfs_fs"; + mount = null; + }; + "local/system/nix" = { + type = "zfs_fs"; + mount = "/nix"; + atime = "off"; + relatime = "off"; + snapshot = { + autoSnapshot = false; + }; + }; + "local/system/root" = { + type = "zfs_fs"; + mount = "/"; + snapshot = { + blankSnapshot = true; + autoSnapshot = true; + }; + }; + }; +} diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index a0b4fc9..771d661 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -153,7 +153,7 @@ in { config.storage.datasets.replicate) ]; }) - (lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable) { + (lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable && config.storage.generateBase) { storage.datasets = { # Base organizational datasets (only needed when impermanence is disabled) local = { diff --git a/modules/nixos-modules/storage/zfs.nix b/modules/nixos-modules/storage/zfs.nix index 0d6ca18..2fc6cb4 100644 --- a/modules/nixos-modules/storage/zfs.nix +++ b/modules/nixos-modules/storage/zfs.nix @@ -9,6 +9,12 @@ args @ { # Hash function for disk names (max 27 chars to fit GPT limitations) hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + # Map "stripe" to "" for disko compatibility (disko uses "" for stripe mode) + diskoPoolMode = + if config.storage.zfs.pool.mode == "stripe" + then "" + else config.storage.zfs.pool.mode; + # Helper to flatten vdevs into list of devices with names allVdevDevices = lib.lists.flatten (builtins.map ( vdev: @@ -260,7 +266,7 @@ in { type = "topology"; vdev = builtins.map (vdev: { - mode = config.storage.zfs.pool.mode; + mode = diskoPoolMode; members = builtins.map (device: hashDisk device.device) vdev; }) config.storage.zfs.pool.vdevs; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 8a384e3..9cef952 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -409,10 +409,13 @@ in { ); # Post resume commands to rollback user home datasets to blank snapshots - boot.initrd.postResumeCommands = lib.mkAfter ( + # Only add these when generateBase is true -- when false, the legacy + # storage config is responsible for providing rollback commands with + # the correct (old) dataset paths. + boot.initrd.postResumeCommands = lib.mkIf config.storage.generateBase (lib.mkAfter ( lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank") normalUsers) - ); + )); # TODO: I don't think we need this anymore but I have not tested it # Create persist home directories with proper permissions From 16089e0371c2d4fed5f463baf9653c57211220e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Mar 2026 19:00:01 -0600 Subject: [PATCH 1042/1043] fix: fixed more datasets --- configurations/home-manager/leyla/impermanence.nix | 2 +- modules/home-manager-modules/impermanence.nix | 14 +++++++++----- modules/home-manager-modules/openssh.nix | 2 +- .../programs/android-studio.nix | 2 +- modules/home-manager-modules/programs/anki.nix | 2 +- .../home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- .../programs/davinci-resolve.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/firefox.nix | 2 +- modules/home-manager-modules/programs/freecad.nix | 2 +- modules/home-manager-modules/programs/gimp.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 2 +- modules/home-manager-modules/programs/inkscape.nix | 2 +- modules/home-manager-modules/programs/kdenlive.nix | 2 +- modules/home-manager-modules/programs/krita.nix | 2 +- .../home-manager-modules/programs/libreoffice.nix | 2 +- modules/home-manager-modules/programs/makemkv.nix | 2 +- .../programs/mapillary-uploader.nix | 2 +- modules/home-manager-modules/programs/obs.nix | 2 +- modules/home-manager-modules/programs/obsidian.nix | 2 +- modules/home-manager-modules/programs/olympus.nix | 2 +- modules/home-manager-modules/programs/openrgb.nix | 2 +- modules/home-manager-modules/programs/picard.nix | 2 +- .../programs/prostudiomasters.nix | 2 +- .../home-manager-modules/programs/protonvpn.nix | 2 +- .../home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/qflipper.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- modules/home-manager-modules/programs/steam.nix | 2 +- .../home-manager-modules/programs/tor-browser.nix | 2 +- .../programs/ungoogled-chromium.nix | 2 +- modules/home-manager-modules/programs/via.nix | 2 +- .../programs/vmware-workstation.nix | 2 +- 36 files changed, 44 insertions(+), 40 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 4a58cbb..8fbff41 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "desktop" "downloads" diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index fcc130d..e8b3ec4 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -12,6 +12,14 @@ in { type = lib.types.bool; default = true; }; + persistencePath = lib.mkOption { + type = lib.types.str; + default = + if osConfig.storage.generateBase + then "/persist/replicate/home" + else "/persist"; + description = "The base path for user home persistence. The impermanence module will automatically append the user's home directory path. Automatically adapts based on whether the system uses the new dataset layout or the legacy one."; + }; }; config = lib.mkMerge [ @@ -26,11 +34,7 @@ in { # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."${ - if osConfig.storage.generateBase - then "/persist/replicate/home" - else "/persist/home/${config.home.username}" - }" = { + home.persistence."${cfg.persistencePath}" = { directories = ["."]; allowOther = true; }; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index cbe7d8d..2f44957 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/android-studio.nix b/modules/home-manager-modules/programs/android-studio.nix index 7c60e6e..8d1e28c 100644 --- a/modules/home-manager-modules/programs/android-studio.nix +++ b/modules/home-manager-modules/programs/android-studio.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/Google/AndroidStudio" ".android" diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index c54feac..dcabce8 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ ".local/share/Anki2" ]; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index ade24b6..bbd2086 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index ced1998..7bc64b6 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/bruno/" ]; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index f41ced7..7174b43 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -12,7 +12,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/calibre" ]; diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index c17c8b0..5956578 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index f509646..1595a02 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index 0b0588e..e42367b 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/discord/" ]; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index e100200..2756e31 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -25,7 +25,7 @@ }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist/replicate/home" = lib.mkMerge ( + home.persistence."${config.impermanence.persistencePath}" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index 19e08fa..50600db 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index fbe4471..95c87e6 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/GIMP" ]; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index b195096..a1aebda 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index 67e5f80..28eb334 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/inkscape" ]; diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 2bec5b3..2c4bac8 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 88d1de9..dd7bb12 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 9c3537f..283c8db 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index 9fcde8b..f748f68 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 09894c9..0d9ad5f 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,7 +17,7 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 3a099f7..0a4caf7 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index e07beab..6676ecd 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 3223d62..2d5adb6 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,7 +23,7 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 64d6229..c350b1e 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index 5d197f8..ffc4289 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 5256f26..d61b7e5 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 57e50ab..5742948 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index ee098e0..b2e0f50 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 0c7d242..bb141a4 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index bf5205e..a50a49e 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 3dd6504..4e0644e 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,7 +18,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index 92484ae..c108805 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index e76eeeb..32f4b40 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/chromium" ]; diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 3a638aa..ad6f45a 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 277e4bd..76f260b 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/replicate/home" = { + home.persistence."${config.impermanence.persistencePath}" = { directories = [ { directory = ".vmware"; From 69c10a87b643c7f40f0a07b1c80d6687e50dfb89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Mar 2026 22:41:48 -0500 Subject: [PATCH 1043/1043] feat: instealled e621-downloader --- configurations/home-manager/eve/packages.nix | 4 ++- modules/common-modules/pkgs/default.nix | 3 ++ .../common-modules/pkgs/e621-downloader.nix | 36 +++++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + .../programs/e621-downloader.nix | 16 +++++++++ 5 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 modules/common-modules/pkgs/e621-downloader.nix create mode 100644 modules/home-manager-modules/programs/e621-downloader.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index ac24fa2..c87f786 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -75,7 +75,9 @@ in { libreoffice.enable = true; noita-entangled-worlds.enable = true; - claude-code.enable = osConfig.host.ai.enable; + opencode.enable = osConfig.host.ai.enable; + + e621-downloader.enable = true; # Windows applications that we need to figure out how to install guild-wars-2.enable = false; diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 81af054..c1e5e80 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -47,5 +47,8 @@ (final: prev: { cline = pkgs.callPackage ./cline/default.nix {}; }) + (final: prev: { + e621-downloader = pkgs.callPackage ./e621-downloader.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/e621-downloader.nix b/modules/common-modules/pkgs/e621-downloader.nix new file mode 100644 index 0000000..3e7c546 --- /dev/null +++ b/modules/common-modules/pkgs/e621-downloader.nix @@ -0,0 +1,36 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + pkg-config, + openssl, + ... +}: +rustPlatform.buildRustPackage rec { + pname = "e621-downloader"; + version = "1.7.2"; + + src = fetchFromGitHub { + owner = "McSib"; + repo = "e621_downloader"; + rev = version; + hash = "sha256-4z+PrCv8Mlp0VOJ5Akv1TXrJir1Ws/+45a6VCZGuCtk="; + }; + + cargoHash = "sha256-/yqNYjP7BuFQWilL2Ty+E5rd8qXj30twteptHx7cLRo="; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + openssl + ]; + + meta = with lib; { + description = "E621 and E926 downloader made in Rust"; + homepage = "https://github.com/McSib/e621_downloader"; + license = licenses.asl20; + mainProgram = "e621_downloader"; + }; +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 8a8e8b5..044d076 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -50,5 +50,6 @@ ./proton-mail-pwa.nix ./proton-calendar-pwa.nix ./matrix-cyberia-pwa.nix + ./e621-downloader.nix ]; } diff --git a/modules/home-manager-modules/programs/e621-downloader.nix b/modules/home-manager-modules/programs/e621-downloader.nix new file mode 100644 index 0000000..2cb32a9 --- /dev/null +++ b/modules/home-manager-modules/programs/e621-downloader.nix @@ -0,0 +1,16 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.e621-downloader = { + enable = lib.mkEnableOption "enable e621-downloader"; + }; + + config = lib.mkIf config.programs.e621-downloader.enable { + home.packages = with pkgs; [ + e621-downloader + ]; + }; +}