From 8ef437334f712238da4e0b7f3a4b3998240d078f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Mar 2024 21:31:57 -0600 Subject: [PATCH 001/695] initialized flake --- .sops.yaml | 7 + flake.lock | 100 ++++++++ flake.nix | 32 +++ hosts/emergent/configuration.nix | 5 + hosts/hesperium/configuration.nix | 5 + hosts/horizon/configuration.nix | 291 +++++++++++++++++++++++ hosts/horizon/hardware-configuration.nix | 62 +++++ hosts/threshold/configuration.nix | 5 + hosts/twilight/configuration.nix | 5 + 9 files changed, 512 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/emergent/configuration.nix create mode 100644 hosts/hesperium/configuration.nix create mode 100644 hosts/horizon/configuration.nix create mode 100644 hosts/horizon/hardware-configuration.nix create mode 100644 hosts/threshold/configuration.nix create mode 100644 hosts/twilight/configuration.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8b0366e --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f13caba --- /dev/null +++ b/flake.lock @@ -0,0 +1,100 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710033658, + "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1710039806, + "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..9be492f --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + sops-nix.url = "github:Mic92/sops-nix"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations = { + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix new file mode 100644 index 0000000..215fc8c --- /dev/null +++ b/hosts/emergent/configuration.nix @@ -0,0 +1,5 @@ +# eve desktop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix new file mode 100644 index 0000000..8cd6f61 --- /dev/null +++ b/hosts/hesperium/configuration.nix @@ -0,0 +1,5 @@ +# nas +{}: +{ + +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 0000000..a0e247e --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,291 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "leyla-laptop"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # enabled virtualisation for docker + virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Disables creating or editing users though methods not defined in this file + users.mutableUsers = false; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; + + sops.secrets."passwords/leyla".neededForUsers = true; + sops.secrets."passwords/ester".neededForUsers = true; + sops.secrets."passwords/eve".neededForUsers = true; + + # Define user accounts + users.users = { + leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden +# vscode + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; + + eve = { + isNormalUser = true; + uid = 1001; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; + + ester = { + isNormalUser = true; + uid = 1002; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + # resilio-sync + yt-dlp + spotdl + ffmpeg + chromaprint + docker + aileron +# sox +# songrec +# csvkit +# losslessaudiochecker + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # # List services that you want to enable: + # systemd.services = { + # # Start resilio sync on boot + # resilio-sync = { + # description = "Resilio Sync service"; + + # serviceConfig = { + # Type = "forking"; + # Restart = "on-failure"; + # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; + # }; + + # after = [ "network.target" "network-online.target" ]; + # wantedBy = [ "multi-user.target" ]; + # }; + # }; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 0000000..d6751d0 --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix new file mode 100644 index 0000000..305f2f7 --- /dev/null +++ b/hosts/threshold/configuration.nix @@ -0,0 +1,5 @@ +# eve laptop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 0000000..6930d8f --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,5 @@ +# leyla desktop +{}: +{ + +} \ No newline at end of file From f3ef75504210bafb30e60979fada38faff619877 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Mar 2024 21:31:57 -0600 Subject: [PATCH 002/695] initialized flake --- .sops.yaml | 7 + flake.lock | 100 ++++++++ flake.nix | 32 +++ hosts/emergent/configuration.nix | 5 + hosts/hesperium/configuration.nix | 5 + hosts/horizon/configuration.nix | 291 +++++++++++++++++++++++ hosts/horizon/hardware-configuration.nix | 62 +++++ hosts/threshold/configuration.nix | 5 + hosts/twilight/configuration.nix | 5 + secrets/secrets.yaml | 24 ++ 10 files changed, 536 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/emergent/configuration.nix create mode 100644 hosts/hesperium/configuration.nix create mode 100644 hosts/horizon/configuration.nix create mode 100644 hosts/horizon/hardware-configuration.nix create mode 100644 hosts/threshold/configuration.nix create mode 100644 hosts/twilight/configuration.nix create mode 100644 secrets/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8b0366e --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..f13caba --- /dev/null +++ b/flake.lock @@ -0,0 +1,100 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710033658, + "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1710039806, + "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..9be492f --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + sops-nix.url = "github:Mic92/sops-nix"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations = { + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix new file mode 100644 index 0000000..215fc8c --- /dev/null +++ b/hosts/emergent/configuration.nix @@ -0,0 +1,5 @@ +# eve desktop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix new file mode 100644 index 0000000..8cd6f61 --- /dev/null +++ b/hosts/hesperium/configuration.nix @@ -0,0 +1,5 @@ +# nas +{}: +{ + +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 0000000..a0e247e --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,291 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "leyla-laptop"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # enabled virtualisation for docker + virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Disables creating or editing users though methods not defined in this file + users.mutableUsers = false; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; + + sops.secrets."passwords/leyla".neededForUsers = true; + sops.secrets."passwords/ester".neededForUsers = true; + sops.secrets."passwords/eve".neededForUsers = true; + + # Define user accounts + users.users = { + leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden +# vscode + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; + + eve = { + isNormalUser = true; + uid = 1001; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; + + ester = { + isNormalUser = true; + uid = 1002; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + # resilio-sync + yt-dlp + spotdl + ffmpeg + chromaprint + docker + aileron +# sox +# songrec +# csvkit +# losslessaudiochecker + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # # List services that you want to enable: + # systemd.services = { + # # Start resilio sync on boot + # resilio-sync = { + # description = "Resilio Sync service"; + + # serviceConfig = { + # Type = "forking"; + # Restart = "on-failure"; + # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; + # }; + + # after = [ "network.target" "network-online.target" ]; + # wantedBy = [ "multi-user.target" ]; + # }; + # }; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 0000000..d6751d0 --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix new file mode 100644 index 0000000..305f2f7 --- /dev/null +++ b/hosts/threshold/configuration.nix @@ -0,0 +1,5 @@ +# eve laptop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 0000000..6930d8f --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,5 @@ +# leyla desktop +{}: +{ + +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..5c76b34 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,24 @@ +passwords: + leyla: ENC[AES256_GCM,data:2sTuJTlW9JQv+SDSkyaYEc/CjyBhzJe9FHHvacL2SEVilnHyVKi1XpBnn9WJxsRha2UEUad9wn0iw0vu04O2dN+jZO7iLBawyg==,iv:FacSTQ3LV+An9hzYj7veeIQdZUgUZO3/RDGa+5rqo1I=,tag:PH3G1oedpe8Mh6kmm4qDIw==,type:str] + ester: ENC[AES256_GCM,data:4TkuZr9hCskJZNnTeARz8f6jFWmsEKatoi/jpWrK2JGdvJBdqcodP119p1zfTqaFGA6O67YGhXQVAPVceIxAMplUL0UfV3tK6A==,iv:kmozFDwgtHeS02avCk40Ic0EUEJXvYbE5bl4lHX80pk=,tag:r3gmve2678RbJxeF5qdM8A==,type:str] + eve: ENC[AES256_GCM,data:3xXOvblJkUaX+lcL+jgibng49PnTHldMsObE6VMwyWuGaUbZh0psRZKU8TfojW7TCgVEF93aOTc+DWxVqy8ZrfN4gN7CSudCfQ==,iv:LngLHLPXNgc33xH8WniJFnqoExhytnnEvNVBKKSnCTA=,tag:dQ7sVsMHHus39DTXpiBS+A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFdXWDJ1SGNpNEw5b0NZ + U0xjU0Q0N2krdWRUS0w5SkQwNUVUd2FHRFZjCmpkZDZxSE9laC9RbDZhTG83UjVL + UWM0S2wvUWhJRkpQMER2UGphZWhsU2sKLS0tIHFoQ3Jic2RURXNtK1NYWlBxdnJy + WTluMWJsYUxLRVpVeHQ2N0VicUhtWTAKtMgsEkDABJLQi3Wa4NnzMmW5qQw6ExoO + g6AsAMTAN/eOuxNTA6+aMP3M0hMlO07f4UHwvYGifAfHHLidDlgc2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-10T03:20:40Z" + mac: ENC[AES256_GCM,data:iqLZeEEb0PNKkCppho3BMx4rAKNco7y1aa81cvAcjim5lHvYiPKPzod4A6sd2ioc+uTVXbQO2Jt/zetYpld5YQ+lCgAyaaJ9oqI4gMruqpEYE+kQEO5e0+G84SVeMmp4DyRklCFfvsXATwPjkvpIixKASdJC+MLzqGuLkXUmueA=,iv:8h+d/gNxb3tbWdHZCtdXyTswOApjV3n9cuosHxscQu8=,tag:50mmDQcVwPJ7Ns9pkn6esQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 From b60bacf752ac9df9bc090f1d85a3752274eedc7d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 04:28:47 -0500 Subject: [PATCH 003/695] made user files --- README.md | 1 + flake.nix | 1 - hosts/horizon/configuration.nix | 131 ++++---------------------------- users/default.nix | 6 ++ users/ester/default.nix | 23 ++++++ users/eve/default.nix | 25 ++++++ users/leyla/default.nix | 69 +++++++++++++++++ 7 files changed, 137 insertions(+), 119 deletions(-) create mode 100644 README.md create mode 100644 users/default.nix create mode 100644 users/ester/default.nix create mode 100644 users/eve/default.nix create mode 100644 users/leyla/default.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..f3290d2 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file diff --git a/flake.nix b/flake.nix index 9be492f..bc7b3d1 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a0e247e..14520a0 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,13 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../users ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -22,13 +25,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "leyla-laptop"; # Define your hostname. + networking.hostName = "horizon"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking networking.networkmanager.enable = true; @@ -88,14 +87,11 @@ }; # enabled virtualisation for docker - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Disables creating or editing users though methods not defined in this file - users.mutableUsers = false; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; @@ -125,107 +121,6 @@ }) ]; - sops.secrets."passwords/leyla".neededForUsers = true; - sops.secrets."passwords/ester".neededForUsers = true; - sops.secrets."passwords/eve".neededForUsers = true; - - # Define user accounts - users.users = { - leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden -# vscode - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; - }; - - eve = { - isNormalUser = true; - uid = 1001; - description = "Eve"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - }; - - ester = { - isNormalUser = true; - uid = 1002; - description = "Ester"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - }; - }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -233,13 +128,13 @@ # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget + # wget # resilio-sync - yt-dlp - spotdl - ffmpeg - chromaprint - docker + # yt-dlp + # spotdl + # ffmpeg + # chromaprint + # docker aileron # sox # songrec diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..8471c05 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{...}: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 0000000..3108fca --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.ester = { + isNormalUser = true; + uid = 1001; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 0000000..c6ae188 --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.eve = { + isNormalUser = true; + uid = 1002; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 0000000..d902f51 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,69 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; +} \ No newline at end of file From 9418b91b4d3b0b8543793f21ae9213ac876f7d30 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 04:28:47 -0500 Subject: [PATCH 004/695] made user files --- README.md | 1 + flake.nix | 1 - hosts/horizon/configuration.nix | 131 ++++---------------------------- users/default.nix | 6 ++ users/ester/default.nix | 23 ++++++ users/eve/default.nix | 25 ++++++ users/leyla/default.nix | 69 +++++++++++++++++ 7 files changed, 137 insertions(+), 119 deletions(-) create mode 100644 README.md create mode 100644 users/default.nix create mode 100644 users/ester/default.nix create mode 100644 users/eve/default.nix create mode 100644 users/leyla/default.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..f3290d2 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file diff --git a/flake.nix b/flake.nix index 9be492f..bc7b3d1 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a0e247e..14520a0 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,13 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../users ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -22,13 +25,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "leyla-laptop"; # Define your hostname. + networking.hostName = "horizon"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking networking.networkmanager.enable = true; @@ -88,14 +87,11 @@ }; # enabled virtualisation for docker - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Disables creating or editing users though methods not defined in this file - users.mutableUsers = false; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; @@ -125,107 +121,6 @@ }) ]; - sops.secrets."passwords/leyla".neededForUsers = true; - sops.secrets."passwords/ester".neededForUsers = true; - sops.secrets."passwords/eve".neededForUsers = true; - - # Define user accounts - users.users = { - leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden -# vscode - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; - }; - - eve = { - isNormalUser = true; - uid = 1001; - description = "Eve"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - }; - - ester = { - isNormalUser = true; - uid = 1002; - description = "Ester"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - }; - }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -233,13 +128,13 @@ # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget + # wget # resilio-sync - yt-dlp - spotdl - ffmpeg - chromaprint - docker + # yt-dlp + # spotdl + # ffmpeg + # chromaprint + # docker aileron # sox # songrec diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..8471c05 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{...}: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 0000000..3108fca --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.ester = { + isNormalUser = true; + uid = 1001; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 0000000..c6ae188 --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.eve = { + isNormalUser = true; + uid = 1002; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 0000000..d902f51 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,69 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; +} \ No newline at end of file From 3b76e4a8a87beeaa82dc322561d6a79ae28d348d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH 005/695] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a0..c26438a 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05..077fda5 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca..0f7f3be 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188..d5b6f29 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f51..7192d10 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 0000000..491bc51 --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file From eda1db913619d357083cbd72dbc784986af0ca7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH 006/695] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a0..c26438a 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05..077fda5 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca..0f7f3be 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188..d5b6f29 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f51..7192d10 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 0000000..491bc51 --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file From d20cf49ba2a6aa79788abe75b4b282c797a8b66e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 19:01:23 -0500 Subject: [PATCH 007/695] moved overlays to own folder made environments folder --- enviroments/client/default.nix | 72 +++++++++++++++++++++++++++++ enviroments/common/default.nix | 16 +++++++ hosts/horizon/configuration.nix | 81 +-------------------------------- overlays/intellij.nix | 19 ++++++++ overlays/vscodium.nix | 15 ++++++ users/leyla/default.nix | 56 ++--------------------- users/leyla/packages.nix | 62 +++++++++++++++++++++++++ 7 files changed, 189 insertions(+), 132 deletions(-) create mode 100644 enviroments/client/default.nix create mode 100644 enviroments/common/default.nix create mode 100644 overlays/intellij.nix create mode 100644 overlays/vscodium.nix create mode 100644 users/leyla/packages.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 0000000..239058c --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us,it,de"; + xkbVariant = ""; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + # version control + git + + # helvetica font + aileron + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 0000000..3115625 --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + ]; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c26438a..3fbe076 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix - ../../users + ../../enviroments/client ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -26,68 +26,7 @@ boot.kernelModules = [ "sg" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "horizon"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; - - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -127,24 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # resilio-sync - # yt-dlp - # spotdl - # ffmpeg - # chromaprint - # docker - aileron -# sox -# songrec -# csvkit -# losslessaudiochecker - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 0000000..25ee779 --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + }) + ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 0000000..902bd78 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7192d10..14f4e38 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -3,6 +3,10 @@ let cfg = config.users.leyla; in { + imports =[ + ./packages.nix + ]; + options.users.leyla = { isNormalUser = lib.mkEnableOption "leyla"; }; @@ -30,58 +34,6 @@ in extraGroups = [ "networkmanager" "wheel" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small - # jdk - # android-tools - # android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; } else { isSystemUser = true; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 0000000..dc5bdc8 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,62 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + freecad + kicad-small + cura + makemkv + transmission-gtk + easytag + rhythmbox + + # proprietary platforms + discord + obsidian + + # development enviroments + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver + + # development tools + # TODO: move these to flakes + nodejs + + # bridges + protonvpn-gui + nextcloud-client + + # gaming + steam + # emulators + yuzu-mainline # Switch Emulator + dolphin-emu # GameCube and Wii Emulator + desmume # DS Emulator + mupen64plus # N64 Emulator + zsnes # SNES Emulator + vbam # Game Boy Advanced Emulator + fceux # NES Emulator + stella # Atari 2600 Emulator + mame # mame Emulator + + + ] + ); +} \ No newline at end of file From ffe16a8d251e62dac712de9a5832d9b65f9a76ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 19:01:23 -0500 Subject: [PATCH 008/695] moved overlays to own folder made environments folder --- enviroments/client/default.nix | 72 +++++++++++++++++++++++++++++ enviroments/common/default.nix | 16 +++++++ hosts/horizon/configuration.nix | 81 +-------------------------------- overlays/intellij.nix | 19 ++++++++ overlays/vscodium.nix | 15 ++++++ users/leyla/default.nix | 56 ++--------------------- users/leyla/packages.nix | 62 +++++++++++++++++++++++++ 7 files changed, 189 insertions(+), 132 deletions(-) create mode 100644 enviroments/client/default.nix create mode 100644 enviroments/common/default.nix create mode 100644 overlays/intellij.nix create mode 100644 overlays/vscodium.nix create mode 100644 users/leyla/packages.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 0000000..239058c --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us,it,de"; + xkbVariant = ""; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + # version control + git + + # helvetica font + aileron + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 0000000..3115625 --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + ]; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c26438a..3fbe076 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix - ../../users + ../../enviroments/client ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -26,68 +26,7 @@ boot.kernelModules = [ "sg" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "horizon"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; - - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -127,24 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # resilio-sync - # yt-dlp - # spotdl - # ffmpeg - # chromaprint - # docker - aileron -# sox -# songrec -# csvkit -# losslessaudiochecker - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 0000000..25ee779 --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + }) + ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 0000000..902bd78 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7192d10..14f4e38 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -3,6 +3,10 @@ let cfg = config.users.leyla; in { + imports =[ + ./packages.nix + ]; + options.users.leyla = { isNormalUser = lib.mkEnableOption "leyla"; }; @@ -30,58 +34,6 @@ in extraGroups = [ "networkmanager" "wheel" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small - # jdk - # android-tools - # android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; } else { isSystemUser = true; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 0000000..dc5bdc8 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,62 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + freecad + kicad-small + cura + makemkv + transmission-gtk + easytag + rhythmbox + + # proprietary platforms + discord + obsidian + + # development enviroments + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver + + # development tools + # TODO: move these to flakes + nodejs + + # bridges + protonvpn-gui + nextcloud-client + + # gaming + steam + # emulators + yuzu-mainline # Switch Emulator + dolphin-emu # GameCube and Wii Emulator + desmume # DS Emulator + mupen64plus # N64 Emulator + zsnes # SNES Emulator + vbam # Game Boy Advanced Emulator + fceux # NES Emulator + stella # Atari 2600 Emulator + mame # mame Emulator + + + ] + ); +} \ No newline at end of file From d828fc27dc4ca90cfa1860ec67b3fd6c74375e9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 20:13:57 -0500 Subject: [PATCH 009/695] installed steam --- users/leyla/packages.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index dc5bdc8..225cf92 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -44,19 +50,23 @@ in nextcloud-client # gaming - steam + # steam # emulators + # nintendo yuzu-mainline # Switch Emulator + citra-canary # 3DS emulator + cemu # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator zsnes # SNES Emulator vbam # Game Boy Advanced Emulator fceux # NES Emulator + # play station + rpcs3 # PS3 Emulator + #misc stella # Atari 2600 Emulator mame # mame Emulator - - ] ); } \ No newline at end of file From 51d567148583323b903e3c0451c2bacdaae31e37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 20:13:57 -0500 Subject: [PATCH 010/695] installed steam --- users/leyla/packages.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index dc5bdc8..225cf92 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -44,19 +50,23 @@ in nextcloud-client # gaming - steam + # steam # emulators + # nintendo yuzu-mainline # Switch Emulator + citra-canary # 3DS emulator + cemu # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator zsnes # SNES Emulator vbam # Game Boy Advanced Emulator fceux # NES Emulator + # play station + rpcs3 # PS3 Emulator + #misc stella # Atari 2600 Emulator mame # mame Emulator - - ] ); } \ No newline at end of file From afc0dfdb35616f9e391e103982b6adac800eab8b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 00:43:10 -0500 Subject: [PATCH 011/695] cleaned up packages file for leyla --- hosts/horizon/configuration.nix | 29 ------------------------- users/leyla/default.nix | 6 +++++- users/leyla/packages.nix | 38 +++++++++++++++++++++++++++------ 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3fbe076..ecb5b47 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -34,35 +34,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; - # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 14f4e38..96ea3cb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,11 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "leyla"; + isNormalUser = lib.mkEnableOption "create usable leyla user"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; config = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 225cf92..554b8c0 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -14,6 +14,12 @@ in dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + programs.noisetorch.enable = true; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -23,17 +29,26 @@ in ungoogled-chromium libreoffice inkscape + gimp + krita freecad - kicad-small cura + kicad-small makemkv transmission-gtk - easytag - rhythmbox + onionshare + # easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing # proprietary platforms discord obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) # development enviroments vscodium @@ -45,17 +60,23 @@ in # TODO: move these to flakes nodejs - # bridges + # system tools protonvpn-gui nextcloud-client - + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + # gaming # steam # emulators # nintendo - yuzu-mainline # Switch Emulator + (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator citra-canary # 3DS emulator - cemu # Wii-U emulator + (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator @@ -63,7 +84,10 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station + pcsxr # PS1 Emulator + pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator mame # mame Emulator From a6d16fe29f2d6677636157737daa8da5b3c356d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 00:43:10 -0500 Subject: [PATCH 012/695] cleaned up packages file for leyla --- hosts/horizon/configuration.nix | 29 ------------------------- users/leyla/default.nix | 6 +++++- users/leyla/packages.nix | 38 +++++++++++++++++++++++++++------ 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3fbe076..ecb5b47 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -34,35 +34,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; - # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 14f4e38..96ea3cb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,11 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "leyla"; + isNormalUser = lib.mkEnableOption "create usable leyla user"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; config = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 225cf92..554b8c0 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -14,6 +14,12 @@ in dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + programs.noisetorch.enable = true; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -23,17 +29,26 @@ in ungoogled-chromium libreoffice inkscape + gimp + krita freecad - kicad-small cura + kicad-small makemkv transmission-gtk - easytag - rhythmbox + onionshare + # easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing # proprietary platforms discord obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) # development enviroments vscodium @@ -45,17 +60,23 @@ in # TODO: move these to flakes nodejs - # bridges + # system tools protonvpn-gui nextcloud-client - + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + # gaming # steam # emulators # nintendo - yuzu-mainline # Switch Emulator + (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator citra-canary # 3DS emulator - cemu # Wii-U emulator + (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator @@ -63,7 +84,10 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station + pcsxr # PS1 Emulator + pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator mame # mame Emulator From 46aa44a23e445613ccc7d39c3f9c46e9ac321602 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 01:57:17 -0500 Subject: [PATCH 013/695] added home manager for leyla --- enviroments/client/default.nix | 6 ++- flake.lock | 8 ++-- flake.nix | 2 +- users/default.nix | 4 +- users/leyla/default.nix | 2 + users/leyla/home.nix | 82 ++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 4 +- 7 files changed, 99 insertions(+), 9 deletions(-) create mode 100644 users/leyla/home.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 239058c..fc05ac1 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -23,8 +23,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us,it,de"; - xkbVariant = ""; + xkb = { + layout = "us,it,de"; + variant = ""; + }; }; # Enable sound with pipewire. diff --git a/flake.lock b/flake.lock index f13caba..eb6a19f 100644 --- a/flake.lock +++ b/flake.lock @@ -22,16 +22,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bc7b3d1..43f8cd7 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/users/default.nix b/users/default.nix index 077fda5..97133d9 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 96ea3cb..8745e7b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -43,5 +43,7 @@ in } ) ]; + + home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 0000000..baf2ebf --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "leyla"; + home.homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 554b8c0..c1311a7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -74,8 +74,10 @@ in # steam # emulators # nintendo + # TODO: replace this with self hosted flake (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - citra-canary # 3DS emulator + # TODO: replace this with self hosted flake + # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator From 0e8697bf66a0ba66b990088e05d5a6d622102bdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 01:57:17 -0500 Subject: [PATCH 014/695] added home manager for leyla --- enviroments/client/default.nix | 6 ++- flake.lock | 8 ++-- flake.nix | 2 +- users/default.nix | 4 +- users/leyla/default.nix | 2 + users/leyla/home.nix | 82 ++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 4 +- 7 files changed, 99 insertions(+), 9 deletions(-) create mode 100644 users/leyla/home.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 239058c..fc05ac1 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -23,8 +23,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us,it,de"; - xkbVariant = ""; + xkb = { + layout = "us,it,de"; + variant = ""; + }; }; # Enable sound with pipewire. diff --git a/flake.lock b/flake.lock index f13caba..eb6a19f 100644 --- a/flake.lock +++ b/flake.lock @@ -22,16 +22,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bc7b3d1..43f8cd7 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/users/default.nix b/users/default.nix index 077fda5..97133d9 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 96ea3cb..8745e7b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -43,5 +43,7 @@ in } ) ]; + + home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 0000000..baf2ebf --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "leyla"; + home.homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 554b8c0..c1311a7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -74,8 +74,10 @@ in # steam # emulators # nintendo + # TODO: replace this with self hosted flake (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - citra-canary # 3DS emulator + # TODO: replace this with self hosted flake + # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator From d6ca7d5a60bdb2b549e50fa2bd434b6a8592530b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 12 Mar 2024 00:53:45 -0500 Subject: [PATCH 015/695] set init default branch for git to main --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index baf2ebf..3b26ed4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,6 +77,7 @@ enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; } From 6bafea9b7b85065ed466533bd8554f19a221e1d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 12 Mar 2024 00:53:45 -0500 Subject: [PATCH 016/695] set init default branch for git to main --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index baf2ebf..3b26ed4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,6 +77,7 @@ enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; } From a18d2d373a79fc1b791821ec3c0c6545db8bdb68 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:33:03 -0500 Subject: [PATCH 017/695] regenerated age keys to use leylas credentials --- .sops.yaml | 4 ++-- flake.nix | 6 ++++-- pkgs/default.nix | 4 ++++ users/leyla/packages.nix | 7 +++---- 4 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 pkgs/default.nix diff --git a/.sops.yaml b/.sops.yaml index 8b0366e..0ac5664 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - - *primary \ No newline at end of file + - *leyla diff --git a/flake.nix b/flake.nix index 43f8cd7..a0d15de 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,12 @@ outputs = { self, nixpkgs, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..b0fd62b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +pkgs: { + # yuzu-clone = pkgs.callPackage ./yuzo { }; + # citra-clone = pkgs.callPackage ./citra { }; +} \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c1311a7..3d2429b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,11 +71,10 @@ in (lib.mkIf cfg.hasViaKeyboard via) # gaming - # steam # emulators # nintendo # TODO: replace this with self hosted flake - (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator # TODO: replace this with self hosted flake # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator @@ -86,9 +85,9 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station - pcsxr # PS1 Emulator - pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + pcsx2 # PS2 Emulator + pcsxr # PS1 Emulator # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator From 9348d4094cdc71177cd51a93927e47dc981335b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:33:03 -0500 Subject: [PATCH 018/695] regenerated age keys to use leylas credentials --- .sops.yaml | 4 ++-- flake.nix | 6 ++++-- pkgs/default.nix | 4 ++++ secrets/secrets.yaml | 22 +++++++++++----------- users/leyla/packages.nix | 7 +++---- 5 files changed, 24 insertions(+), 19 deletions(-) create mode 100644 pkgs/default.nix diff --git a/.sops.yaml b/.sops.yaml index 8b0366e..0ac5664 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - - *primary \ No newline at end of file + - *leyla diff --git a/flake.nix b/flake.nix index 43f8cd7..a0d15de 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,12 @@ outputs = { self, nixpkgs, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..b0fd62b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +pkgs: { + # yuzu-clone = pkgs.callPackage ./yuzo { }; + # citra-clone = pkgs.callPackage ./citra { }; +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 5c76b34..fb57b2b 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,24 +1,24 @@ passwords: - leyla: ENC[AES256_GCM,data:2sTuJTlW9JQv+SDSkyaYEc/CjyBhzJe9FHHvacL2SEVilnHyVKi1XpBnn9WJxsRha2UEUad9wn0iw0vu04O2dN+jZO7iLBawyg==,iv:FacSTQ3LV+An9hzYj7veeIQdZUgUZO3/RDGa+5rqo1I=,tag:PH3G1oedpe8Mh6kmm4qDIw==,type:str] - ester: ENC[AES256_GCM,data:4TkuZr9hCskJZNnTeARz8f6jFWmsEKatoi/jpWrK2JGdvJBdqcodP119p1zfTqaFGA6O67YGhXQVAPVceIxAMplUL0UfV3tK6A==,iv:kmozFDwgtHeS02avCk40Ic0EUEJXvYbE5bl4lHX80pk=,tag:r3gmve2678RbJxeF5qdM8A==,type:str] - eve: ENC[AES256_GCM,data:3xXOvblJkUaX+lcL+jgibng49PnTHldMsObE6VMwyWuGaUbZh0psRZKU8TfojW7TCgVEF93aOTc+DWxVqy8ZrfN4gN7CSudCfQ==,iv:LngLHLPXNgc33xH8WniJFnqoExhytnnEvNVBKKSnCTA=,tag:dQ7sVsMHHus39DTXpiBS+A==,type:str] + leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] + ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] + eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - recipient: age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFdXWDJ1SGNpNEw5b0NZ - U0xjU0Q0N2krdWRUS0w5SkQwNUVUd2FHRFZjCmpkZDZxSE9laC9RbDZhTG83UjVL - UWM0S2wvUWhJRkpQMER2UGphZWhsU2sKLS0tIHFoQ3Jic2RURXNtK1NYWlBxdnJy - WTluMWJsYUxLRVpVeHQ2N0VicUhtWTAKtMgsEkDABJLQi3Wa4NnzMmW5qQw6ExoO - g6AsAMTAN/eOuxNTA6+aMP3M0hMlO07f4UHwvYGifAfHHLidDlgc2g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd3BCR2RmMms4ZkNlbTdy + SzRKQ1NqZmFmOHJIS0oxZ3BMSnUyWXAyUUVrCk9tNjNNb0xEcnkvamJpSFF5UlhU + ejF4ZHFlZzJoemxpWXd0clN3cFZvMlkKLS0tIDdoK1oxc2doQTh3QlVyc3dhUE1W + VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ + Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-10T03:20:40Z" - mac: ENC[AES256_GCM,data:iqLZeEEb0PNKkCppho3BMx4rAKNco7y1aa81cvAcjim5lHvYiPKPzod4A6sd2ioc+uTVXbQO2Jt/zetYpld5YQ+lCgAyaaJ9oqI4gMruqpEYE+kQEO5e0+G84SVeMmp4DyRklCFfvsXATwPjkvpIixKASdJC+MLzqGuLkXUmueA=,iv:8h+d/gNxb3tbWdHZCtdXyTswOApjV3n9cuosHxscQu8=,tag:50mmDQcVwPJ7Ns9pkn6esQ==,type:str] + lastmodified: "2024-04-03T01:27:28Z" + mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c1311a7..3d2429b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,11 +71,10 @@ in (lib.mkIf cfg.hasViaKeyboard via) # gaming - # steam # emulators # nintendo # TODO: replace this with self hosted flake - (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator # TODO: replace this with self hosted flake # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator @@ -86,9 +85,9 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station - pcsxr # PS1 Emulator - pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + pcsx2 # PS2 Emulator + pcsxr # PS1 Emulator # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator From cbb09462059f71eec6d2d67d3b381db7d9cff2b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:55:11 -0500 Subject: [PATCH 019/695] updated README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3290d2..110e05a 100644 --- a/README.md +++ b/README.md @@ -1 +1,13 @@ -sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file + + + +Build Command: +`sudo nixos-rebuild switch --flake .#hostname` + +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | Steam Desk | Leyla | Handheld | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | From 9c2d5201fc353b93965710ffd66ee3ff5d721fee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:55:11 -0500 Subject: [PATCH 020/695] updated README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3290d2..110e05a 100644 --- a/README.md +++ b/README.md @@ -1 +1,13 @@ -sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file + + + +Build Command: +`sudo nixos-rebuild switch --flake .#hostname` + +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | Steam Desk | Leyla | Handheld | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | From a45d441f019d791267815a9f33d022f0c55d0a4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 15:58:30 -0500 Subject: [PATCH 021/695] added code shell aliases --- users/leyla/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 3d2429b..55c2faa 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,10 @@ in ../../overlays/vscodium.nix ]; + programs.bash.shellAliases = { + code = "codium"; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 712ecbb8b33f833cb72705cc5598e367ff0bb1d4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 15:58:30 -0500 Subject: [PATCH 022/695] added code shell aliases --- users/leyla/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 3d2429b..55c2faa 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,10 @@ in ../../overlays/vscodium.nix ]; + programs.bash.shellAliases = { + code = "codium"; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 0b6065befc904e235c2ceb03d1883227ab14fc6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 16:11:16 -0500 Subject: [PATCH 023/695] removed node from packages --- users/leyla/packages.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 55c2faa..196373a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -54,16 +54,12 @@ in steam (lib.mkIf cfg.hasGPU davinci-resolve) - # development enviroments + # development tools vscodium androidStudioPackages.canary jetbrains.idea-community dbeaver - # development tools - # TODO: move these to flakes - nodejs - # system tools protonvpn-gui nextcloud-client From d4c2999b8ed969080a709e90e0fe1451be6f5243 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 16:11:16 -0500 Subject: [PATCH 024/695] removed node from packages --- users/leyla/packages.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 55c2faa..196373a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -54,16 +54,12 @@ in steam (lib.mkIf cfg.hasGPU davinci-resolve) - # development enviroments + # development tools vscodium androidStudioPackages.canary jetbrains.idea-community dbeaver - # development tools - # TODO: move these to flakes - nodejs - # system tools protonvpn-gui nextcloud-client From 8267680a0293e626d0dd8ad9953d69936293400f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Apr 2024 12:23:34 -0500 Subject: [PATCH 025/695] installed bruno --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 196373a..2545068 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -59,6 +59,7 @@ in androidStudioPackages.canary jetbrains.idea-community dbeaver + bruno # system tools protonvpn-gui From c568b7fb65a4f1fe2f521dbf352bffcabd26dc33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Apr 2024 12:23:34 -0500 Subject: [PATCH 026/695] installed bruno --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 196373a..2545068 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -59,6 +59,7 @@ in androidStudioPackages.canary jetbrains.idea-community dbeaver + bruno # system tools protonvpn-gui From f0a6d7362a8c094ed2d9a41440c90a9dda3bbfb0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 May 2024 15:10:54 -0500 Subject: [PATCH 027/695] installed cachefilesd --- enviroments/client/default.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fc05ac1..c0f82e0 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -70,5 +70,7 @@ # system debuging tools iputils dnsutils + + cachefilesd ]; } \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index d6751d0..e83bda5 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -23,18 +23,20 @@ fsType = "vfat"; }; + services.cachefilesd.enable = true; + fileSystems."/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/docker_home" = From 5fb145662261f301d179480e8ad044f332c33c21 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 May 2024 15:10:54 -0500 Subject: [PATCH 028/695] installed cachefilesd --- enviroments/client/default.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fc05ac1..c0f82e0 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -70,5 +70,7 @@ # system debuging tools iputils dnsutils + + cachefilesd ]; } \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index d6751d0..e83bda5 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -23,18 +23,20 @@ fsType = "vfat"; }; + services.cachefilesd.enable = true; + fileSystems."/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/docker_home" = From 85a34279b30e1e009f3a7b02901e449dac7c678b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:47:44 -0500 Subject: [PATCH 029/695] added config for framework specific hardware things --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a0d15de..b97f0a0 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); @@ -26,6 +28,7 @@ modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; }; From effeb63067b439c433efede905165af752919f3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:47:44 -0500 Subject: [PATCH 030/695] added config for framework specific hardware things --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a0d15de..b97f0a0 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); @@ -26,6 +28,7 @@ modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; }; From 215e5c8660a366cf7412d101a451b58c2b2b5b3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:48:02 -0500 Subject: [PATCH 031/695] updated flake lock --- flake.lock | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index eb6a19f..59947ee 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -20,13 +20,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -38,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710033658, - "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709968316, - "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -71,6 +87,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -81,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1710039806, - "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { From c119ceed99fda27158c3ac22507572ca7f5e8b3f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:48:02 -0500 Subject: [PATCH 032/695] updated flake lock --- flake.lock | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index eb6a19f..59947ee 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -20,13 +20,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -38,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710033658, - "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709968316, - "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -71,6 +87,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -81,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1710039806, - "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { From 7186c2736b709dbd6011952623780d7660e2c5f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 16:10:39 -0500 Subject: [PATCH 033/695] updated dbeaver --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2545068..4147054 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -58,7 +58,7 @@ in vscodium androidStudioPackages.canary jetbrains.idea-community - dbeaver + dbeaver-bin bruno # system tools From e50a9e71a5931f5e8cadd57429cb2bd2d50e8ad3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 16:10:39 -0500 Subject: [PATCH 034/695] updated dbeaver --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2545068..4147054 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -58,7 +58,7 @@ in vscodium androidStudioPackages.canary jetbrains.idea-community - dbeaver + dbeaver-bin bruno # system tools From 50f2c88fff4210dd1e858bdd69e40ddd27b91524 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:13 -0500 Subject: [PATCH 035/695] added leyla to abd users --- README.md | 2 -- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 110e05a..cedb557 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ - - Build Command: `sudo nixos-rebuild switch --flake .#hostname` diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 8745e7b..2f798be 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 4147054..0f87f9a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -20,6 +20,8 @@ in programs.noisetorch.enable = true; + programs.adb.enable = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; From 30961e681b9fb8530cc1d7c2ceab6d9f003567d3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:13 -0500 Subject: [PATCH 036/695] added leyla to abd users --- README.md | 2 -- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 110e05a..cedb557 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ - - Build Command: `sudo nixos-rebuild switch --flake .#hostname` diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 8745e7b..2f798be 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 4147054..0f87f9a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -20,6 +20,8 @@ in programs.noisetorch.enable = true; + programs.adb.enable = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; From e07cfe1eeb31ef79c615602b40f8b1f8fd4d63d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:34 -0500 Subject: [PATCH 037/695] removed emulators --- users/leyla/packages.nix | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0f87f9a..8ef0beb 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -73,28 +73,28 @@ in (lib.mkIf cfg.hasOpenRGBHardware openrgb) (lib.mkIf cfg.hasViaKeyboard via) - # gaming - # emulators - # nintendo - # TODO: replace this with self hosted flake - # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # TODO: replace this with self hosted flake - # citra-canary # 3DS emulator - (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - dolphin-emu # GameCube and Wii Emulator - desmume # DS Emulator - mupen64plus # N64 Emulator - zsnes # SNES Emulator - vbam # Game Boy Advanced Emulator - fceux # NES Emulator - # play station - rpcs3 # PS3 Emulator - pcsx2 # PS2 Emulator - pcsxr # PS1 Emulator - # TODO: more play station emulators here when they come out - #misc - stella # Atari 2600 Emulator - mame # mame Emulator + # # gaming + # # emulators + # # nintendo + # # TODO: replace this with self hosted flake + # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # # TODO: replace this with self hosted flake + # # citra-canary # 3DS emulator + # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator + # dolphin-emu # GameCube and Wii Emulator + # desmume # DS Emulator + # mupen64plus # N64 Emulator + # zsnes # SNES Emulator + # vbam # Game Boy Advanced Emulator + # fceux # NES Emulator + # # play station + # rpcs3 # PS3 Emulator + # pcsx2 # PS2 Emulator + # pcsxr # PS1 Emulator + # # TODO: more play station emulators here when they come out + # #misc + # stella # Atari 2600 Emulator + # mame # mame Emulator ] ); } \ No newline at end of file From b526c1850cc190fd3927d23ad6f075762c87f84f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:34 -0500 Subject: [PATCH 038/695] removed emulators --- users/leyla/packages.nix | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0f87f9a..8ef0beb 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -73,28 +73,28 @@ in (lib.mkIf cfg.hasOpenRGBHardware openrgb) (lib.mkIf cfg.hasViaKeyboard via) - # gaming - # emulators - # nintendo - # TODO: replace this with self hosted flake - # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # TODO: replace this with self hosted flake - # citra-canary # 3DS emulator - (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - dolphin-emu # GameCube and Wii Emulator - desmume # DS Emulator - mupen64plus # N64 Emulator - zsnes # SNES Emulator - vbam # Game Boy Advanced Emulator - fceux # NES Emulator - # play station - rpcs3 # PS3 Emulator - pcsx2 # PS2 Emulator - pcsxr # PS1 Emulator - # TODO: more play station emulators here when they come out - #misc - stella # Atari 2600 Emulator - mame # mame Emulator + # # gaming + # # emulators + # # nintendo + # # TODO: replace this with self hosted flake + # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # # TODO: replace this with self hosted flake + # # citra-canary # 3DS emulator + # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator + # dolphin-emu # GameCube and Wii Emulator + # desmume # DS Emulator + # mupen64plus # N64 Emulator + # zsnes # SNES Emulator + # vbam # Game Boy Advanced Emulator + # fceux # NES Emulator + # # play station + # rpcs3 # PS3 Emulator + # pcsx2 # PS2 Emulator + # pcsxr # PS1 Emulator + # # TODO: more play station emulators here when they come out + # #misc + # stella # Atari 2600 Emulator + # mame # mame Emulator ] ); } \ No newline at end of file From 09cc8450517efd3bbcda035cc367ed9521028fb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:23:15 -0500 Subject: [PATCH 039/695] added command line tools to leyla --- users/leyla/packages.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 8ef0beb..68e0547 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -50,6 +50,11 @@ in # rpi-imager # fritzing + # comand line tools + yt-dlp + ffmpeg + imagemagick + # proprietary platforms discord obsidian From c866449822003e086c92bf2ee6756344749393c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:23:15 -0500 Subject: [PATCH 040/695] added command line tools to leyla --- users/leyla/packages.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 8ef0beb..68e0547 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -50,6 +50,11 @@ in # rpi-imager # fritzing + # comand line tools + yt-dlp + ffmpeg + imagemagick + # proprietary platforms discord obsidian From f02f5046aab2a73f2b4c6cfc28a0f7ebd744f6ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 16:07:18 -0500 Subject: [PATCH 041/695] added back in easytag --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 68e0547..b2dffbf 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -43,7 +43,7 @@ in makemkv transmission-gtk onionshare - # easytag + easytag # rhythmbox (lib.mkIf cfg.hasGPU obs-studio) # wireshark From cae7b865833d0683a1eeef0b540912756f089465 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 16:07:18 -0500 Subject: [PATCH 042/695] added back in easytag --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 68e0547..b2dffbf 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -43,7 +43,7 @@ in makemkv transmission-gtk onionshare - # easytag + easytag # rhythmbox (lib.mkIf cfg.hasGPU obs-studio) # wireshark From e28365b30ee617dc619a9c10f6a5e4e6743f730c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 21:19:44 -0500 Subject: [PATCH 043/695] added twilight system --- flake.nix | 7 +++++++ hosts/twilight/configuration.nix | 4 ++-- hosts/twilight/hardware-configuration.nix | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 hosts/twilight/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b97f0a0..43893ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,13 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; }; }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6930d8f..06a0a3a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,5 @@ # leyla desktop -{}: +{ config, pkgs, inputs, modulesPath, ... }: { -} \ No newline at end of file +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 0000000..2ddff10 --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,4 @@ + +{ + +} \ No newline at end of file From 01fb021284f302c5c1a987db52922377b31ecaa3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 21:19:44 -0500 Subject: [PATCH 044/695] added twilight system --- flake.nix | 7 +++++++ hosts/twilight/configuration.nix | 4 ++-- hosts/twilight/hardware-configuration.nix | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 hosts/twilight/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b97f0a0..43893ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,13 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; }; }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6930d8f..06a0a3a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,5 @@ # leyla desktop -{}: +{ config, pkgs, inputs, modulesPath, ... }: { -} \ No newline at end of file +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 0000000..2ddff10 --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,4 @@ + +{ + +} \ No newline at end of file From cd6812e97436922b0994f587247f5439f41c58c2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 Aug 2024 19:14:29 -0500 Subject: [PATCH 045/695] updated packages --- enviroments/client/default.nix | 1 - flake.lock | 38 +++++++++++++++++----------------- users/leyla/packages.nix | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..041ed49 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -30,7 +30,6 @@ }; # Enable sound with pipewire. - sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { diff --git a/flake.lock b/flake.lock index 59947ee..f2b124e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717525419, - "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", + "lastModified": 1722462338, + "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", + "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -54,27 +54,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717265169, - "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717455931, - "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index b2dffbf..2266dd1 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,10 +38,10 @@ in gimp krita freecad - cura + # cura kicad-small makemkv - transmission-gtk + transmission_4-gtk onionshare easytag # rhythmbox From b2ed3dfa335502b38f44501965dbaeeed3f44766 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 Aug 2024 19:14:29 -0500 Subject: [PATCH 046/695] updated packages --- enviroments/client/default.nix | 1 - flake.lock | 38 +++++++++++++++++----------------- users/leyla/packages.nix | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..041ed49 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -30,7 +30,6 @@ }; # Enable sound with pipewire. - sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { diff --git a/flake.lock b/flake.lock index 59947ee..f2b124e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717525419, - "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", + "lastModified": 1722462338, + "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", + "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -54,27 +54,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717265169, - "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717455931, - "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index b2dffbf..2266dd1 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,10 +38,10 @@ in gimp krita freecad - cura + # cura kicad-small makemkv - transmission-gtk + transmission_4-gtk onionshare easytag # rhythmbox From b72941c75f8d168605d8b655b59b375ac933bb82 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:14:45 -0500 Subject: [PATCH 047/695] created hardware configuration for twilight --- hosts/twilight/hardware-configuration.nix | 40 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ddff10..9bd1e70 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,4 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - -} \ No newline at end of file + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + From 4e906c894da4cdc02994525ea97bf85185881b56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:14:45 -0500 Subject: [PATCH 048/695] created hardware configuration for twilight --- hosts/twilight/hardware-configuration.nix | 40 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ddff10..9bd1e70 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,4 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - -} \ No newline at end of file + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + From 5962641f03538532176b71eebda91678a5bb2cb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:15:20 -0500 Subject: [PATCH 049/695] updated twilight configuration --- enviroments/client/default.nix | 2 +- flake.nix | 2 + hosts/twilight/configuration.nix | 89 ++++++++++++++++++++++- hosts/twilight/hardware-configuration.nix | 21 ++++++ 4 files changed, 111 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..08c3171 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -16,7 +16,7 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xterm.enable = false; # Get rid of xTerm services.xserver.excludePackages = [ pkgs.xterm ]; diff --git a/flake.nix b/flake.nix index 43893ba..3902062 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); nixosConfigurations = { + # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ @@ -31,6 +32,7 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 06a0a3a..c2145e9 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,90 @@ -# leyla desktop -{ config, pkgs, inputs, modulesPath, ... }: +# leyla laptop +{ config, pkgs, inputs, ... }: { + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "twilight"; # Define your hostname. + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 9bd1e70..ef71502 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -23,6 +23,27 @@ fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; swapDevices = [ ]; From a0da53da75a987a3592b0869adf8099694b9f875 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:15:20 -0500 Subject: [PATCH 050/695] updated twilight configuration --- enviroments/client/default.nix | 2 +- flake.nix | 2 + hosts/twilight/configuration.nix | 89 ++++++++++++++++++++++- hosts/twilight/hardware-configuration.nix | 21 ++++++ 4 files changed, 111 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0..08c3171 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -16,7 +16,7 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xterm.enable = false; # Get rid of xTerm services.xserver.excludePackages = [ pkgs.xterm ]; diff --git a/flake.nix b/flake.nix index 43893ba..3902062 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); nixosConfigurations = { + # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ @@ -31,6 +32,7 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 06a0a3a..c2145e9 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,90 @@ -# leyla desktop -{ config, pkgs, inputs, modulesPath, ... }: +# leyla laptop +{ config, pkgs, inputs, ... }: { + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "twilight"; # Define your hostname. + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 9bd1e70..ef71502 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -23,6 +23,27 @@ fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; swapDevices = [ ]; From 96ef08b010f62a0e470763eba5024cbbce29ba49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:20 -0500 Subject: [PATCH 051/695] created rebuild.sh for rebuilding current active system quickly --- rebuild.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 rebuild.sh diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 0000000..7f2a072 --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file From f7963b8010d063c2efddb96b6a93edaf33cbc6d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:20 -0500 Subject: [PATCH 052/695] created rebuild.sh for rebuilding current active system quickly --- rebuild.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 rebuild.sh diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 0000000..7f2a072 --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file From 4cd603416d71b40a1cf7028809047c95a2889464 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:46 -0500 Subject: [PATCH 053/695] added docker to leyla and horizon --- hosts/horizon/configuration.nix | 9 ++++++++- users/leyla/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ecb5b47..26768f8 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -29,7 +29,14 @@ networking.hostName = "horizon"; # Define your hostname. # enabled virtualisation for docker - # virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2f798be..41daeb2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { From 8d48ce99a1dda2e827c33af32693d584cc79cc15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:46 -0500 Subject: [PATCH 054/695] added docker to leyla and horizon --- hosts/horizon/configuration.nix | 9 ++++++++- users/leyla/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ecb5b47..26768f8 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -29,7 +29,14 @@ networking.hostName = "horizon"; # Define your hostname. # enabled virtualisation for docker - # virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2f798be..41daeb2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { From 07bdf080215d763cc1055dcc4d4a76631a094b2a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:54 -0500 Subject: [PATCH 055/695] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f2b124e..0869d11 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1722462338, - "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724495652, + "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { From 3cf43bbe9dc55068552cb84c73a2b41670d2795b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:54 -0500 Subject: [PATCH 056/695] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f2b124e..0869d11 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1722462338, - "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724495652, + "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { From aabad6f30eb20db2cfafba4e3b48dadf830a8412 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:58:05 -0500 Subject: [PATCH 057/695] enabled hardware graphics on horizon --- hosts/horizon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 26768f8..79fa555 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -37,6 +37,7 @@ }; }; + hardware.graphics.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From c181da1de5fba56c0d2de0ace2ba36c97afd6a70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:58:05 -0500 Subject: [PATCH 058/695] enabled hardware graphics on horizon --- hosts/horizon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 26768f8..79fa555 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -37,6 +37,7 @@ }; }; + hardware.graphics.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From eca25529d7ef2c9feec4d8ec7d3aabaf190052b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 Aug 2024 11:53:34 -0500 Subject: [PATCH 059/695] set up defiant --- README.md | 2 +- enviroments/client/default.nix | 21 --------------------- enviroments/common/default.nix | 21 +++++++++++++++++++++ enviroments/server/default.nix | 7 +++++++ flake.nix | 11 +++++++++-- hosts/defiant/configuration.nix | 12 ++++++++++++ hosts/defiant/hardware-configuration.nix | 11 +++++++++++ 7 files changed, 61 insertions(+), 24 deletions(-) create mode 100644 enviroments/server/default.nix create mode 100644 hosts/defiant/configuration.nix create mode 100644 hosts/defiant/hardware-configuration.nix diff --git a/README.md b/README.md index cedb557..1cfbddf 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Build Command: | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | Steam Desk | Leyla | Handheld | +| `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 060e51f..fba0edd 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -45,31 +45,10 @@ #media-session.enable = true; }; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - environment.systemPackages = with pkgs; [ - # version control - git - # helvetica font aileron - # system debuging tools - iputils - dnsutils - cachefilesd ]; } \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3115625..6aeeb97 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,8 +9,29 @@ # Set your time zone. time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget + + # version control + git + + # system debuging tools + iputils + dnsutils ]; } \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 0000000..861f142 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 3902062..5d86bae 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default @@ -34,12 +34,19 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/twilight/configuration.nix inputs.home-manager.nixosModules.default ]; }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inpits; } + modules = [ + ./hosts/defiant/configuration.nix + ] + }; }; }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 0000000..c148f94 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,12 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; +} \ No newline at end of file diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 0000000..f7efd4b --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,11 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + +} \ No newline at end of file From 90b53df81c20befe84adce29acf040dc4c5841d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 Aug 2024 11:53:34 -0500 Subject: [PATCH 060/695] set up defiant --- README.md | 2 +- enviroments/client/default.nix | 21 --------------------- enviroments/common/default.nix | 21 +++++++++++++++++++++ enviroments/server/default.nix | 7 +++++++ flake.nix | 11 +++++++++-- hosts/defiant/configuration.nix | 12 ++++++++++++ hosts/defiant/hardware-configuration.nix | 11 +++++++++++ 7 files changed, 61 insertions(+), 24 deletions(-) create mode 100644 enviroments/server/default.nix create mode 100644 hosts/defiant/configuration.nix create mode 100644 hosts/defiant/hardware-configuration.nix diff --git a/README.md b/README.md index cedb557..1cfbddf 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Build Command: | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | Steam Desk | Leyla | Handheld | +| `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 060e51f..fba0edd 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -45,31 +45,10 @@ #media-session.enable = true; }; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - environment.systemPackages = with pkgs; [ - # version control - git - # helvetica font aileron - # system debuging tools - iputils - dnsutils - cachefilesd ]; } \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3115625..6aeeb97 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,8 +9,29 @@ # Set your time zone. time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget + + # version control + git + + # system debuging tools + iputils + dnsutils ]; } \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 0000000..861f142 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 3902062..5d86bae 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default @@ -34,12 +34,19 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/twilight/configuration.nix inputs.home-manager.nixosModules.default ]; }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inpits; } + modules = [ + ./hosts/defiant/configuration.nix + ] + }; }; }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 0000000..c148f94 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,12 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; +} \ No newline at end of file diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 0000000..f7efd4b --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,11 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + +} \ No newline at end of file From feb7844c7dfe9a4389c94a74b527ebd85ddefe55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:06:36 -0500 Subject: [PATCH 061/695] fixed defiant configuration --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5d86bae..33b4f83 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,10 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inpits; } + specialArgs = { inherit inputs; }; modules = [ ./hosts/defiant/configuration.nix - ] + ]; }; }; }; From 8b6ed7f0a05f09288c76d238fb349c11f2d4c54b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:06:36 -0500 Subject: [PATCH 062/695] fixed defiant configuration --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5d86bae..33b4f83 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,10 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inpits; } + specialArgs = { inherit inputs; }; modules = [ ./hosts/defiant/configuration.nix - ] + ]; }; }; }; From 38ee264e080ffe5c3d7b03a7f66e1f234f776db2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:07:04 -0500 Subject: [PATCH 063/695] added gnome super t hotkey to declarative configs --- users/leyla/home.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 3b26ed4..c2fe4ea 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -80,4 +80,46 @@ extraConfig.init.defaultBranch = "main"; }; }; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + + # dconf.settings = { + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + # }; + + # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + # binding = "t"; + # command = "kgx"; + # name = "Open Terminal"; + # }; + + + # services.xserver.desktopManager.gnome3 = { + # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + # extraGSettingsOverrides = '' + # [org.gnome.settings-daemon.plugins.media-keys] + # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] + + + # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] + # binding='t' + # command='kgx' + # name='Open terminal' + # ''; + # } } From 846533f001a0407bd472495e33b6066bb25f120c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:07:04 -0500 Subject: [PATCH 064/695] added gnome super t hotkey to declarative configs --- users/leyla/home.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 3b26ed4..c2fe4ea 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -80,4 +80,46 @@ extraConfig.init.defaultBranch = "main"; }; }; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + + # dconf.settings = { + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + # }; + + # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + # binding = "t"; + # command = "kgx"; + # name = "Open Terminal"; + # }; + + + # services.xserver.desktopManager.gnome3 = { + # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + # extraGSettingsOverrides = '' + # [org.gnome.settings-daemon.plugins.media-keys] + # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] + + + # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] + # binding='t' + # command='kgx' + # name='Open terminal' + # ''; + # } } From cdd3967f7271f9207943b304f3f83a560d224b33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:41:15 -0500 Subject: [PATCH 065/695] added dash to dock for leyls --- enviroments/client/default.nix | 2 ++ users/leyla/home.nix | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fba0edd..a08942e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -50,5 +50,7 @@ aileron cachefilesd + + gnomeExtensions.dash-to-dock ]; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c2fe4ea..dd9b57e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -81,16 +81,43 @@ }; }; - dconf.settings = { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; From 394c5b815a804edf98fcf0991c62dd427f2a8ec0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:41:15 -0500 Subject: [PATCH 066/695] added dash to dock for leyls --- enviroments/client/default.nix | 2 ++ users/leyla/home.nix | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fba0edd..a08942e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -50,5 +50,7 @@ aileron cachefilesd + + gnomeExtensions.dash-to-dock ]; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c2fe4ea..dd9b57e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -81,16 +81,43 @@ }; }; - dconf.settings = { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; From 72b62bed3706dd15efd683595134d36fc72e354a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:30:16 -0500 Subject: [PATCH 067/695] added hardware config for defiant --- hosts/defiant/hardware-configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index f7efd4b..088af3f 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -7,5 +7,27 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } \ No newline at end of file From 0389206ec1afeeaac9de6b2057a2a3691a52d1c7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:30:16 -0500 Subject: [PATCH 068/695] added hardware config for defiant --- hosts/defiant/hardware-configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index f7efd4b..088af3f 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -7,5 +7,27 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } \ No newline at end of file From 1217959d6d76cc862d879d5845e63c585898d84c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:51:30 -0500 Subject: [PATCH 069/695] added password for remote user --- README.md | 21 ++++++++++++++++++--- users/remote/default.nix | 3 +++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1cfbddf..31eec77 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ +# Hosts -Build Command: -`sudo nixos-rebuild switch --flake .#hostname` - +## Host Map | Hostname | Device Description | Primary User | Role | | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | @@ -9,3 +8,19 @@ Build Command: | `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | + + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target +`./rebuild.sh` + +# New machine setup +keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt + +updating passwords: `sops secrets/secrets.yaml` + +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU + +> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ diff --git a/users/remote/default.nix b/users/remote/default.nix index 491bc51..6792b74 100644 --- a/users/remote/default.nix +++ b/users/remote/default.nix @@ -19,6 +19,9 @@ in ( if cfg.isNormalUser then { # extraGroups = [ "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/remote".path; + isNormalUser = true; openssh.authorizedKeys.keys = []; } else { From 6393af9620be93178b2df3c4aca2b8fa74f8d2a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:51:30 -0500 Subject: [PATCH 070/695] added password for remote user --- README.md | 21 ++++++++++++++++++--- secrets/secrets.yaml | 7 ++++--- users/remote/default.nix | 3 +++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1cfbddf..31eec77 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ +# Hosts -Build Command: -`sudo nixos-rebuild switch --flake .#hostname` - +## Host Map | Hostname | Device Description | Primary User | Role | | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | @@ -9,3 +8,19 @@ Build Command: | `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | + + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target +`./rebuild.sh` + +# New machine setup +keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt + +updating passwords: `sops secrets/secrets.yaml` + +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU + +> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index fb57b2b..dc3185e 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,6 +2,7 @@ passwords: leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] + remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-03T01:27:28Z" - mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str] + lastmodified: "2024-09-03T01:50:34Z" + mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/users/remote/default.nix b/users/remote/default.nix index 491bc51..6792b74 100644 --- a/users/remote/default.nix +++ b/users/remote/default.nix @@ -19,6 +19,9 @@ in ( if cfg.isNormalUser then { # extraGroups = [ "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/remote".path; + isNormalUser = true; openssh.authorizedKeys.keys = []; } else { From 91fe8cc1b4f1d8b067e01c38ddf09f70158a7e06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:10:22 -0500 Subject: [PATCH 071/695] updated defiant config so it builds --- enviroments/client/default.nix | 3 --- enviroments/common/default.nix | 3 +++ hosts/defiant/configuration.nix | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index a08942e..ccc5a55 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,9 +7,6 @@ # Enable CUPS to print documents. services.printing.enable = true; - # Enable networking - networking.networkmanager.enable = true; - # Enable the X11 windowing system. services.xserver.enable = true; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 6aeeb97..59dda19 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -6,6 +6,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "America/Chicago"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c148f94..dbf4347 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -3,10 +3,48 @@ { imports = [ + inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../enviroments/server ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = false; + users.eve.isNormalUser = false; + + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + networking.hostName = "defiant"; # Define your hostname. + + nixpkgs.config.allowUnfree = true; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } \ No newline at end of file From f8e40790e42e1f6162c19705ab36e0d588030d54 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:10:22 -0500 Subject: [PATCH 072/695] updated defiant config so it builds --- enviroments/client/default.nix | 3 --- enviroments/common/default.nix | 3 +++ hosts/defiant/configuration.nix | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index a08942e..ccc5a55 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,9 +7,6 @@ # Enable CUPS to print documents. services.printing.enable = true; - # Enable networking - networking.networkmanager.enable = true; - # Enable the X11 windowing system. services.xserver.enable = true; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 6aeeb97..59dda19 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -6,6 +6,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "America/Chicago"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c148f94..dbf4347 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -3,10 +3,48 @@ { imports = [ + inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../enviroments/server ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = false; + users.eve.isNormalUser = false; + + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + networking.hostName = "defiant"; # Define your hostname. + + nixpkgs.config.allowUnfree = true; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } \ No newline at end of file From dfb59a6444cfd9c0c32e739b87f6b43fe51a8bbc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:20:30 -0500 Subject: [PATCH 073/695] removed remote user --- users/default.nix | 2 +- users/remote/default.nix | 33 --------------------------------- 2 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 users/remote/default.nix diff --git a/users/default.nix b/users/default.nix index 97133d9..57effe3 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - imports = [ ./leyla ./ester ./eve ./remote ]; + imports = [ ./leyla ./ester ./eve ]; users.mutableUsers = false; diff --git a/users/remote/default.nix b/users/remote/default.nix deleted file mode 100644 index 6792b74..0000000 --- a/users/remote/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.users.remote; -in -{ - options.users.remote = { - isNormalUser = lib.mkEnableOption "remote"; - }; - - config.users = { - groups.remote = {}; - - users.remote = lib.mkMerge [ - { - uid = 2000; - group = "remote"; - } - - ( - if cfg.isNormalUser then { - # extraGroups = [ "wheel" ]; - - hashedPasswordFile = config.sops.secrets."passwords/remote".path; - - isNormalUser = true; - openssh.authorizedKeys.keys = []; - } else { - isSystemUser = true; - } - ) - ]; - }; -} \ No newline at end of file From 6dd46478a30d9a006c85d297367e124c9f62917d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:20:30 -0500 Subject: [PATCH 074/695] removed remote user --- secrets/secrets.yaml | 5 ++--- users/default.nix | 2 +- users/remote/default.nix | 33 --------------------------------- 3 files changed, 3 insertions(+), 37 deletions(-) delete mode 100644 users/remote/default.nix diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index dc3185e..1c7579e 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,7 +2,6 @@ passwords: leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] - remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +17,8 @@ sops: VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-03T01:50:34Z" - mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str] + lastmodified: "2024-09-03T02:19:43Z" + mac: ENC[AES256_GCM,data:Wc8nCiXVj6/+FANq82T+KsObOgwKUJTfkEnrK5MRU5gbLF3Skn0BY/alskV4aI9Kgi1cwh5ZBhHNzvyeIujuRB55QYyoocY0Pq7vLH5dgnA58DKEzrb09SAayiiH9hzRSTkdhtxj8FgCAdA6dWVkHEAO351ee67QNkG0nSwDdK0=,iv:vwUO50SKvzAPwACV1xhh7r+Am/OdlkNEN1pMimEVfC8=,tag:yF2CK41sLHLQqIISlQGAGg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/users/default.nix b/users/default.nix index 97133d9..57effe3 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - imports = [ ./leyla ./ester ./eve ./remote ]; + imports = [ ./leyla ./ester ./eve ]; users.mutableUsers = false; diff --git a/users/remote/default.nix b/users/remote/default.nix deleted file mode 100644 index 6792b74..0000000 --- a/users/remote/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.users.remote; -in -{ - options.users.remote = { - isNormalUser = lib.mkEnableOption "remote"; - }; - - config.users = { - groups.remote = {}; - - users.remote = lib.mkMerge [ - { - uid = 2000; - group = "remote"; - } - - ( - if cfg.isNormalUser then { - # extraGroups = [ "wheel" ]; - - hashedPasswordFile = config.sops.secrets."passwords/remote".path; - - isNormalUser = true; - openssh.authorizedKeys.keys = []; - } else { - isSystemUser = true; - } - ) - ]; - }; -} \ No newline at end of file From feb30a45bfd626cc495690bf8eec354d5bb43b5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:23:04 -0500 Subject: [PATCH 075/695] added ssh to defiant --- hosts/defiant/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index dbf4347..b5276c8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -40,6 +40,19 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # temp enable password auth over ssh for setup + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 4ab2cad4d2db16ae6c719b52a2b7824851228d0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:23:04 -0500 Subject: [PATCH 076/695] added ssh to defiant --- hosts/defiant/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index dbf4347..b5276c8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -40,6 +40,19 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # temp enable password auth over ssh for setup + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 0545051a1b252579cdc1a55a2478d370b4b41a3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:16:33 -0500 Subject: [PATCH 077/695] added thin user option to leyla --- hosts/defiant/configuration.nix | 2 +- users/leyla/default.nix | 8 +- users/leyla/home.nix | 29 -------- users/leyla/packages.nix | 126 ++++++++++++++------------------ 4 files changed, 64 insertions(+), 101 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b5276c8..123d612 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,10 +17,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla.isNormalUser = true; + users.leyla.isThinInstallation = true; users.ester.isNormalUser = false; users.eve.isNormalUser = false; - boot.loader.grub = { enable = true; device = "/dev/sda"; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 41daeb2..78a9261 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,6 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; + isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -35,7 +36,12 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "docker"] + ( + lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + ) + ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index dd9b57e..1ae0057 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -120,33 +120,4 @@ }; }; }; - - # dconf.settings = { - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; - # }; - - # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - # binding = "t"; - # command = "kgx"; - # name = "Open Terminal"; - # }; - - - # services.xserver.desktopManager.gnome3 = { - # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; - # extraGSettingsOverrides = '' - # [org.gnome.settings-daemon.plugins.media-keys] - # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] - - - # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] - # binding='t' - # command='kgx' - # name='Open terminal' - # ''; - # } } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2266dd1..d6e39b4 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -27,79 +27,65 @@ in ]; users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinInstallation) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing - # comand line tools - yt-dlp - ffmpeg - imagemagick + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - vscodium - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno + # system tools + protonvpn-gui + nextcloud-client + noisetorch - # system tools - protonvpn-gui - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) - - # # gaming - # # emulators - # # nintendo - # # TODO: replace this with self hosted flake - # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # # TODO: replace this with self hosted flake - # # citra-canary # 3DS emulator - # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - # dolphin-emu # GameCube and Wii Emulator - # desmume # DS Emulator - # mupen64plus # N64 Emulator - # zsnes # SNES Emulator - # vbam # Game Boy Advanced Emulator - # fceux # NES Emulator - # # play station - # rpcs3 # PS3 Emulator - # pcsx2 # PS2 Emulator - # pcsxr # PS1 Emulator - # # TODO: more play station emulators here when they come out - # #misc - # stella # Atari 2600 Emulator - # mame # mame Emulator + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) ] ); } \ No newline at end of file From fef18e7902d42ed8f8820fd747a7d0373ce8eea4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:16:33 -0500 Subject: [PATCH 078/695] added thin user option to leyla --- hosts/defiant/configuration.nix | 2 +- users/leyla/default.nix | 8 +- users/leyla/home.nix | 29 -------- users/leyla/packages.nix | 126 ++++++++++++++------------------ 4 files changed, 64 insertions(+), 101 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b5276c8..123d612 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,10 +17,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla.isNormalUser = true; + users.leyla.isThinInstallation = true; users.ester.isNormalUser = false; users.eve.isNormalUser = false; - boot.loader.grub = { enable = true; device = "/dev/sda"; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 41daeb2..78a9261 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,6 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; + isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -35,7 +36,12 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "docker"] + ( + lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + ) + ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index dd9b57e..1ae0057 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -120,33 +120,4 @@ }; }; }; - - # dconf.settings = { - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; - # }; - - # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - # binding = "t"; - # command = "kgx"; - # name = "Open Terminal"; - # }; - - - # services.xserver.desktopManager.gnome3 = { - # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; - # extraGSettingsOverrides = '' - # [org.gnome.settings-daemon.plugins.media-keys] - # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] - - - # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] - # binding='t' - # command='kgx' - # name='Open terminal' - # ''; - # } } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2266dd1..d6e39b4 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -27,79 +27,65 @@ in ]; users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinInstallation) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing - # comand line tools - yt-dlp - ffmpeg - imagemagick + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - vscodium - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno + # system tools + protonvpn-gui + nextcloud-client + noisetorch - # system tools - protonvpn-gui - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) - - # # gaming - # # emulators - # # nintendo - # # TODO: replace this with self hosted flake - # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # # TODO: replace this with self hosted flake - # # citra-canary # 3DS emulator - # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - # dolphin-emu # GameCube and Wii Emulator - # desmume # DS Emulator - # mupen64plus # N64 Emulator - # zsnes # SNES Emulator - # vbam # Game Boy Advanced Emulator - # fceux # NES Emulator - # # play station - # rpcs3 # PS3 Emulator - # pcsx2 # PS2 Emulator - # pcsxr # PS1 Emulator - # # TODO: more play station emulators here when they come out - # #misc - # stella # Atari 2600 Emulator - # mame # mame Emulator + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) ] ); } \ No newline at end of file From e9645905f45d6e29c0583e437a8c1f9cb92296b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:26:27 -0500 Subject: [PATCH 079/695] cleaned up configs --- README.md | 4 +++- hosts/defiant/configuration.nix | 6 ++++-- hosts/twilight/configuration.nix | 8 +++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 31eec77..706b38f 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ keys for decrypting password secrets for each users located at ~/.config/sops/ag updating passwords: `sops secrets/secrets.yaml` +TODO: keys.txt should prob be readable by owning user only? + > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 123d612..735d31e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,8 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.leyla.isThinInstallation = true; + users.leyla = { + isNormalUser = true; + isThinInstallation = true; + }; users.ester.isNormalUser = false; users.eve.isNormalUser = false; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2145e9..eee38be 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -16,7 +16,13 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; + users.leyla = { + isNormalUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; users.ester.isNormalUser = true; users.eve.isNormalUser = true; From 62c0faf5ce0dccbe0e18a60d8b44f1871ea856c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:26:27 -0500 Subject: [PATCH 080/695] cleaned up configs --- README.md | 4 +++- hosts/defiant/configuration.nix | 6 ++++-- hosts/twilight/configuration.nix | 8 +++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 31eec77..706b38f 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ keys for decrypting password secrets for each users located at ~/.config/sops/ag updating passwords: `sops secrets/secrets.yaml` +TODO: keys.txt should prob be readable by owning user only? + > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 123d612..735d31e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,8 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.leyla.isThinInstallation = true; + users.leyla = { + isNormalUser = true; + isThinInstallation = true; + }; users.ester.isNormalUser = false; users.eve.isNormalUser = false; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2145e9..eee38be 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -16,7 +16,13 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; + users.leyla = { + isNormalUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; users.ester.isNormalUser = true; users.eve.isNormalUser = true; From b1053ad5e2f748962386d8ded34ed6afdd0f122c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:31:54 -0500 Subject: [PATCH 081/695] created list of tech debt built up --- debt.txt | 7 +++++++ hosts/defiant/configuration.nix | 2 -- hosts/twilight/configuration.nix | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 debt.txt diff --git a/debt.txt b/debt.txt new file mode 100644 index 0000000..32af171 --- /dev/null +++ b/debt.txt @@ -0,0 +1,7 @@ +1. Open GL? +2. allowUnfree should be dynamically enabled by the users whenever they need them +3. graphics driver things should prob be in the hardware-configuration.nix +4. what does `boot.kernelModules = [ "sg" ]` do? +5. sops.age.keyFile should not just be hard coded to leyla? +6. openssh configuration for server +7. isThinInstallation -> isThinUser diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 735d31e..99cbde4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,8 +20,6 @@ isNormalUser = true; isThinInstallation = true; }; - users.ester.isNormalUser = false; - users.eve.isNormalUser = false; boot.loader.grub = { enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index eee38be..88cd750 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -44,9 +44,7 @@ nixpkgs.config.allowUnfree = true; # Enable OpenGL - hardware.opengl = { - enable = true; - }; + hardware.graphics.enable = true; # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = ["nvidia"]; From ccd44ff2085e062c46d10ce557664508b9b68cdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:31:54 -0500 Subject: [PATCH 082/695] created list of tech debt built up --- debt.txt | 7 +++++++ hosts/defiant/configuration.nix | 2 -- hosts/twilight/configuration.nix | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 debt.txt diff --git a/debt.txt b/debt.txt new file mode 100644 index 0000000..32af171 --- /dev/null +++ b/debt.txt @@ -0,0 +1,7 @@ +1. Open GL? +2. allowUnfree should be dynamically enabled by the users whenever they need them +3. graphics driver things should prob be in the hardware-configuration.nix +4. what does `boot.kernelModules = [ "sg" ]` do? +5. sops.age.keyFile should not just be hard coded to leyla? +6. openssh configuration for server +7. isThinInstallation -> isThinUser diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 735d31e..99cbde4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,8 +20,6 @@ isNormalUser = true; isThinInstallation = true; }; - users.ester.isNormalUser = false; - users.eve.isNormalUser = false; boot.loader.grub = { enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index eee38be..88cd750 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -44,9 +44,7 @@ nixpkgs.config.allowUnfree = true; # Enable OpenGL - hardware.opengl = { - enable = true; - }; + hardware.graphics.enable = true; # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = ["nvidia"]; From 58db4a0dee96b2e231a912d2d0b643c2263e63b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:12 -0500 Subject: [PATCH 083/695] removed now unused allow insecure --- users/leyla/packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d6e39b4..f2350b7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,10 +22,6 @@ in programs.adb.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( lib.mkMerge [ ( From 613d087e9cfe3174a5e7e7ee80cea1619bcc1dac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:12 -0500 Subject: [PATCH 084/695] removed now unused allow insecure --- users/leyla/packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d6e39b4..f2350b7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,10 +22,6 @@ in programs.adb.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( lib.mkMerge [ ( From 6149b54fd1c6c5d9fd3c85ca7132a03d0efe3594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:19 -0500 Subject: [PATCH 085/695] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0869d11..ec704cf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724495652, - "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 876ee45e4daf410721b0a95b678868ca2dc82c6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:19 -0500 Subject: [PATCH 086/695] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0869d11..ec704cf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724495652, - "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 531c90b22acc550d17c4b4e91c96fd47c53b2e4d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:42:29 -0500 Subject: [PATCH 087/695] renamed debt file to tasks file --- debt.txt => tasks.txt | 5 +++++ 1 file changed, 5 insertions(+) rename debt.txt => tasks.txt (62%) diff --git a/debt.txt b/tasks.txt similarity index 62% rename from debt.txt rename to tasks.txt index 32af171..be1f0e4 100644 --- a/debt.txt +++ b/tasks.txt @@ -5,3 +5,8 @@ 5. sops.age.keyFile should not just be hard coded to leyla? 6. openssh configuration for server 7. isThinInstallation -> isThinUser +8. VS code extensions should be installed declaratively +9. firefox declarative??? +10. figure out steam vr things? +11. GNOME default monitors per hardware configuration? +12. Install all the things on the NAS \ No newline at end of file From f418705e493e3dd477b0f0f49c84c55784e3d04c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:42:29 -0500 Subject: [PATCH 088/695] renamed debt file to tasks file --- debt.txt => tasks.txt | 5 +++++ 1 file changed, 5 insertions(+) rename debt.txt => tasks.txt (62%) diff --git a/debt.txt b/tasks.txt similarity index 62% rename from debt.txt rename to tasks.txt index 32af171..be1f0e4 100644 --- a/debt.txt +++ b/tasks.txt @@ -5,3 +5,8 @@ 5. sops.age.keyFile should not just be hard coded to leyla? 6. openssh configuration for server 7. isThinInstallation -> isThinUser +8. VS code extensions should be installed declaratively +9. firefox declarative??? +10. figure out steam vr things? +11. GNOME default monitors per hardware configuration? +12. Install all the things on the NAS \ No newline at end of file From d16deca6357267c6d7e719f47e8ec5bed3b7ca81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:00 -0500 Subject: [PATCH 089/695] added flake templates to tasks --- tasks.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.txt b/tasks.txt index be1f0e4..07ce8ca 100644 --- a/tasks.txt +++ b/tasks.txt @@ -9,4 +9,5 @@ 9. firefox declarative??? 10. figure out steam vr things? 11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS \ No newline at end of file +12. Install all the things on the NAS +13. Flake templates \ No newline at end of file From cc2c9093c841155d5d384b06caf10fb46e165836 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:00 -0500 Subject: [PATCH 090/695] added flake templates to tasks --- tasks.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.txt b/tasks.txt index be1f0e4..07ce8ca 100644 --- a/tasks.txt +++ b/tasks.txt @@ -9,4 +9,5 @@ 9. firefox declarative??? 10. figure out steam vr things? 11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS \ No newline at end of file +12. Install all the things on the NAS +13. Flake templates \ No newline at end of file From 6391b0522d45175276e9b998448a6fa3ee2f00b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:44 -0500 Subject: [PATCH 091/695] removed un needed comments --- pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index b0fd62b..9a81f3b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ pkgs: { - # yuzu-clone = pkgs.callPackage ./yuzo { }; - # citra-clone = pkgs.callPackage ./citra { }; + } \ No newline at end of file From e028eeeca38e4c28e2dea1fcd818324a1f0e48e5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:44 -0500 Subject: [PATCH 092/695] removed un needed comments --- pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index b0fd62b..9a81f3b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ pkgs: { - # yuzu-clone = pkgs.callPackage ./yuzo { }; - # citra-clone = pkgs.callPackage ./citra { }; + } \ No newline at end of file From 0e58bc282b04a1e8c78dda11ccaa95ca4483a995 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:15:01 -0500 Subject: [PATCH 093/695] moved tasks into README --- README.md | 20 +++++++++++++++++++- tasks.txt | 13 ------------- 2 files changed, 19 insertions(+), 14 deletions(-) delete mode 100644 tasks.txt diff --git a/README.md b/README.md index 706b38f..7cd1f81 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,22 @@ TODO: keys.txt should prob be readable by owning user only? > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` + +# Tasks: + +## Tech Debt +- allowUnfree should be dynamically enabled by the users whenever they need them +- GNOME default monitors per hardware configuration? +- graphics driver things should prob be in the hardware-configuration.nix +- what does `boot.kernelModules = [ "sg" ]` do? +- sops.age.keyFile should not just be hard coded to leyla? +- isThinInstallation -> isThinUser +## New Features +- openssh configuration for server +- VS code extensions should be installed declaratively +- Flake templates +- Install all the things on the NAS +- firefox declarative??? +- figure out steam vr things? +- Open GL? \ No newline at end of file diff --git a/tasks.txt b/tasks.txt deleted file mode 100644 index 07ce8ca..0000000 --- a/tasks.txt +++ /dev/null @@ -1,13 +0,0 @@ -1. Open GL? -2. allowUnfree should be dynamically enabled by the users whenever they need them -3. graphics driver things should prob be in the hardware-configuration.nix -4. what does `boot.kernelModules = [ "sg" ]` do? -5. sops.age.keyFile should not just be hard coded to leyla? -6. openssh configuration for server -7. isThinInstallation -> isThinUser -8. VS code extensions should be installed declaratively -9. firefox declarative??? -10. figure out steam vr things? -11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS -13. Flake templates \ No newline at end of file From 8232ae338c6004aa493972d9721e588dee615eb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:15:01 -0500 Subject: [PATCH 094/695] moved tasks into README --- README.md | 20 +++++++++++++++++++- tasks.txt | 13 ------------- 2 files changed, 19 insertions(+), 14 deletions(-) delete mode 100644 tasks.txt diff --git a/README.md b/README.md index 706b38f..7cd1f81 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,22 @@ TODO: keys.txt should prob be readable by owning user only? > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` + +# Tasks: + +## Tech Debt +- allowUnfree should be dynamically enabled by the users whenever they need them +- GNOME default monitors per hardware configuration? +- graphics driver things should prob be in the hardware-configuration.nix +- what does `boot.kernelModules = [ "sg" ]` do? +- sops.age.keyFile should not just be hard coded to leyla? +- isThinInstallation -> isThinUser +## New Features +- openssh configuration for server +- VS code extensions should be installed declaratively +- Flake templates +- Install all the things on the NAS +- firefox declarative??? +- figure out steam vr things? +- Open GL? \ No newline at end of file diff --git a/tasks.txt b/tasks.txt deleted file mode 100644 index 07ce8ca..0000000 --- a/tasks.txt +++ /dev/null @@ -1,13 +0,0 @@ -1. Open GL? -2. allowUnfree should be dynamically enabled by the users whenever they need them -3. graphics driver things should prob be in the hardware-configuration.nix -4. what does `boot.kernelModules = [ "sg" ]` do? -5. sops.age.keyFile should not just be hard coded to leyla? -6. openssh configuration for server -7. isThinInstallation -> isThinUser -8. VS code extensions should be installed declaratively -9. firefox declarative??? -10. figure out steam vr things? -11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS -13. Flake templates \ No newline at end of file From 30fb7851acbc3e660ac18e20a33a683acce7661c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:10 -0500 Subject: [PATCH 095/695] replaced isThinInstallation with isThinUser added util folder --- README.md | 7 ++++--- hosts/defiant/configuration.nix | 5 +---- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 4 ++-- util/default.nix | 8 ++++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 util/default.nix diff --git a/README.md b/README.md index 7cd1f81..4dc35cf 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,13 @@ TODO: keys.txt should prob be readable by owning user only? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? - sops.age.keyFile should not just be hard coded to leyla? -- isThinInstallation -> isThinUser +- use dashes for options not camel case ## New Features - openssh configuration for server - VS code extensions should be installed declaratively -- Flake templates +- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? -- Open GL? \ No newline at end of file +- Open GL? +- util functions \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 99cbde4..05b2f73 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,10 +16,7 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { - isNormalUser = true; - isThinInstallation = true; - }; + users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 78a9261..7d679cc 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; - isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -34,12 +34,12 @@ in } ( - if cfg.isNormalUser then { + if (cfg.isNormalUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] ( - lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) ]; @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index f2350b7..7c27a09 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,7 +22,7 @@ in programs.adb.enable = true; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ @@ -33,7 +33,7 @@ in ] ) ( - lib.mkIf (!cfg.isThinInstallation) ( + lib.mkIf (!cfg.isThinUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/util/default.nix b/util/default.nix new file mode 100644 index 0000000..795ad04 --- /dev/null +++ b/util/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +{ + mkUnless = condition: then: (mkIf (!condition) then); + mkIfElse = condition: then: else: lib.mkMerge [ + (mkIf condition then) + (mkUnless condition else) + ]; +} \ No newline at end of file From b9431f5814290764317e79022221f4669b8b6df8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:10 -0500 Subject: [PATCH 096/695] replaced isThinInstallation with isThinUser added util folder --- README.md | 7 ++++--- hosts/defiant/configuration.nix | 5 +---- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 4 ++-- util/default.nix | 8 ++++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 util/default.nix diff --git a/README.md b/README.md index 7cd1f81..4dc35cf 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,13 @@ TODO: keys.txt should prob be readable by owning user only? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? - sops.age.keyFile should not just be hard coded to leyla? -- isThinInstallation -> isThinUser +- use dashes for options not camel case ## New Features - openssh configuration for server - VS code extensions should be installed declaratively -- Flake templates +- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? -- Open GL? \ No newline at end of file +- Open GL? +- util functions \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 99cbde4..05b2f73 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,10 +16,7 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { - isNormalUser = true; - isThinInstallation = true; - }; + users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 78a9261..7d679cc 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; - isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -34,12 +34,12 @@ in } ( - if cfg.isNormalUser then { + if (cfg.isNormalUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] ( - lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) ]; @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index f2350b7..7c27a09 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,7 +22,7 @@ in programs.adb.enable = true; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ @@ -33,7 +33,7 @@ in ] ) ( - lib.mkIf (!cfg.isThinInstallation) ( + lib.mkIf (!cfg.isThinUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/util/default.nix b/util/default.nix new file mode 100644 index 0000000..795ad04 --- /dev/null +++ b/util/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +{ + mkUnless = condition: then: (mkIf (!condition) then); + mkIfElse = condition: then: else: lib.mkMerge [ + (mkIf condition then) + (mkUnless condition else) + ]; +} \ No newline at end of file From d9bb30a19d454fa099495249aa7bcff7790e945f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:29 -0500 Subject: [PATCH 097/695] created template folder --- templates/default.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..e69de29 From a459ce6eb3fe157b0ca21cf1afd04b0062c23e08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:29 -0500 Subject: [PATCH 098/695] created template folder --- templates/default.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..e69de29 From 9b520878c49d059ae2ad2957ecb139d420e9970b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 14:24:11 -0500 Subject: [PATCH 099/695] restricted more of leylas configs behind full user --- hosts/horizon/configuration.nix | 6 +++--- hosts/twilight/configuration.nix | 6 +++--- users/ester/default.nix | 6 +++--- users/eve/default.nix | 6 +++--- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 14 +++++++------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 79fa555..d28ca5b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -16,9 +16,9 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.leyla.isFullUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 88cd750..34e6922 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -17,14 +17,14 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla = { - isNormalUser = true; + isFullUser = true; hasPiperMouse = true; hasOpenRGBHardware = true; hasViaKeyboard = true; hasGPU = true; }; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 0f7f3be..4850e0f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -4,11 +4,11 @@ let in { options.users.ester = { - isNormalUser = lib.mkEnableOption "ester"; + isFullUser = lib.mkEnableOption "ester"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/eve/default.nix b/users/eve/default.nix index d5b6f29..bf2b51b 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -4,11 +4,11 @@ let in { options.users.eve = { - isNormalUser = lib.mkEnableOption "eve"; + isFullUser = lib.mkEnableOption "eve"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7d679cc..a887dfb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,7 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "create usable leyla user"; + isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -34,7 +34,7 @@ in } ( - if (cfg.isNormalUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 7c27a09..a1332cc 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,21 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = { + programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ code = "codium"; - }; + }); - programs.steam = { + programs.steam = lib.mkIf cfg.isFullUser ({ enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; + }); - programs.noisetorch.enable = true; + programs.noisetorch.enable = cfg.isFullUser; - programs.adb.enable = true; + programs.adb.enable = cfg.isFullUser; - users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ From b0de438060076df937b7ae57790c2a422dbb6b09 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 14:24:11 -0500 Subject: [PATCH 100/695] restricted more of leylas configs behind full user --- hosts/horizon/configuration.nix | 6 +++--- hosts/twilight/configuration.nix | 6 +++--- users/ester/default.nix | 6 +++--- users/eve/default.nix | 6 +++--- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 14 +++++++------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 79fa555..d28ca5b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -16,9 +16,9 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.leyla.isFullUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 88cd750..34e6922 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -17,14 +17,14 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla = { - isNormalUser = true; + isFullUser = true; hasPiperMouse = true; hasOpenRGBHardware = true; hasViaKeyboard = true; hasGPU = true; }; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 0f7f3be..4850e0f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -4,11 +4,11 @@ let in { options.users.ester = { - isNormalUser = lib.mkEnableOption "ester"; + isFullUser = lib.mkEnableOption "ester"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/eve/default.nix b/users/eve/default.nix index d5b6f29..bf2b51b 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -4,11 +4,11 @@ let in { options.users.eve = { - isNormalUser = lib.mkEnableOption "eve"; + isFullUser = lib.mkEnableOption "eve"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7d679cc..a887dfb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,7 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "create usable leyla user"; + isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -34,7 +34,7 @@ in } ( - if (cfg.isNormalUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 7c27a09..a1332cc 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,21 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = { + programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ code = "codium"; - }; + }); - programs.steam = { + programs.steam = lib.mkIf cfg.isFullUser ({ enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; + }); - programs.noisetorch.enable = true; + programs.noisetorch.enable = cfg.isFullUser; - programs.adb.enable = true; + programs.adb.enable = cfg.isFullUser; - users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ From 453ed74a3ac21788f40433ddd0490e36e992749f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:33:16 -0500 Subject: [PATCH 101/695] added note to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dc35cf..32398fd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ TODO: keys.txt should prob be readable by owning user only? > look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` +> something about ssh keys for remotes + # Tasks: ## Tech Debt From 0138aebb26f910e907082804c37e59a0c12b4d94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:33:16 -0500 Subject: [PATCH 102/695] added note to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dc35cf..32398fd 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ TODO: keys.txt should prob be readable by owning user only? > look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` +> something about ssh keys for remotes + # Tasks: ## Tech Debt From a91f5998367fae2018e8cdef09cfedcd98826159 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:34:40 -0500 Subject: [PATCH 103/695] removed password auth from ssh for defiant --- hosts/defiant/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b2f73..0dc7fd1 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -42,11 +42,10 @@ enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; - PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" }; }; From aa19c47149f4a52176a13eb350377ff5755e32db Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:34:40 -0500 Subject: [PATCH 104/695] removed password auth from ssh for defiant --- hosts/defiant/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b2f73..0dc7fd1 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -42,11 +42,10 @@ enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; - PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" }; }; From 51a44a7f6620a4bdbaf05096fdce462bda8849e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:39:59 -0500 Subject: [PATCH 105/695] disabled sleep on defiant --- hosts/defiant/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 0dc7fd1..a80c520 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -37,6 +37,12 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # disable computer sleeping + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + # temp enable password auth over ssh for setup services.openssh = { enable = true; From e66c2233e81e0ed7ff427bcf49e57ab6148a3775 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:39:59 -0500 Subject: [PATCH 106/695] disabled sleep on defiant --- hosts/defiant/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 0dc7fd1..a80c520 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -37,6 +37,12 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # disable computer sleeping + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + # temp enable password auth over ssh for setup services.openssh = { enable = true; From 8916b78f7b7d8eaf0b9fc9d4d18be557dae74e6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:04:48 -0500 Subject: [PATCH 107/695] added password for leyla when thin user --- users/leyla/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a887dfb..c5bfef9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; From 67e528c0ceca6b08d01c9c0c4d207d78b26f7b78 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:04:48 -0500 Subject: [PATCH 108/695] added password for leyla when thin user --- users/leyla/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a887dfb..c5bfef9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; From 2f24bb0a4db89e4f0c81d4cbf16c2344e6993e1e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:54:29 -0500 Subject: [PATCH 109/695] removed thing from todo --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 32398fd..8544371 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- openssh configuration for server - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From a0de710c44b678590182d0591f417e0ba7444f8f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:54:29 -0500 Subject: [PATCH 110/695] removed thing from todo --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 32398fd..8544371 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- openssh configuration for server - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 6a309284a3bce94f607c5babc17e329eb15790f9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:23 -0500 Subject: [PATCH 111/695] organized flake.nix --- flake.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 33b4f83..e75e133 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,30 @@ description = "Nixos config flake"; inputs = { + # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let - forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { From 3530ee07d7ae611657f5ce997762fb64659a5c7b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:23 -0500 Subject: [PATCH 112/695] organized flake.nix --- flake.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 33b4f83..e75e133 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,30 @@ description = "Nixos config flake"; inputs = { + # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let - forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { From f00cec11ac0671ff033887ded040c5ca6a1aeb47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:38 -0500 Subject: [PATCH 113/695] added more things to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8544371..341d84b 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,13 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? -- util functions \ No newline at end of file +- util functions +- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- limit boot configurations to 2 on defiant \ No newline at end of file From 1635bdddbadcaa5dc6d45063c332ae422988fabe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:38 -0500 Subject: [PATCH 114/695] added more things to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8544371..341d84b 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,13 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? -- util functions \ No newline at end of file +- util functions +- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- limit boot configurations to 2 on defiant \ No newline at end of file From cee99874493c23562da6515a06a9bfe3e6fb5409 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:48 -0500 Subject: [PATCH 115/695] added driver to defiant --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 088af3f..575ae36 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; From c929a2c7e668877aed9f846377096c417ee7e15e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:48 -0500 Subject: [PATCH 116/695] added driver to defiant --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 088af3f..575ae36 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; From 696ea9872a927e0fb79e7716f4ccf137b106b853 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 20:17:41 -0500 Subject: [PATCH 117/695] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 341d84b..8dcfde3 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 5a6bd285e385b39cbb28d19a98ecf7c7ec5a1a69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 20:17:41 -0500 Subject: [PATCH 118/695] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 341d84b..8dcfde3 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 41f834d5d2c3bbd968fc05901da422d56f8b0518 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:11:27 -0500 Subject: [PATCH 119/695] task added to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8dcfde3..9a33b19 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 85345eedf5bcd368e2ad8aa7b8d6e614e8dc6af2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:11:27 -0500 Subject: [PATCH 120/695] task added to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8dcfde3..9a33b19 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From dfec548b619b81fb68247265a17a21bfa3be3a75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:26:15 -0500 Subject: [PATCH 121/695] updated flakes --- README.md | 3 +++ flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9a33b19..3e61367 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,9 @@ TODO: keys.txt should prob be readable by owning user only? > something about ssh keys for remotes +# Updating +`nix flake update` + # Tasks: ## Tech Debt diff --git a/flake.lock b/flake.lock index ec704cf..1e8ab51 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721466660, - "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From e507d502c75d2b69e48851472b9aa6e707bb182e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:26:15 -0500 Subject: [PATCH 122/695] updated flakes --- README.md | 3 +++ flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9a33b19..3e61367 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,9 @@ TODO: keys.txt should prob be readable by owning user only? > something about ssh keys for remotes +# Updating +`nix flake update` + # Tasks: ## Tech Debt diff --git a/flake.lock b/flake.lock index ec704cf..1e8ab51 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721466660, - "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From 88d8ec0077bb445cb9f68fc6adc5a632fdaef17b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 19:00:15 -0500 Subject: [PATCH 123/695] added openvpn to packages --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a1332cc..462c34e 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -72,6 +72,7 @@ in # system tools protonvpn-gui + openvpn nextcloud-client noisetorch From 126940814ec0b14d7c2a5a156f10ebb431c0580c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 19:00:15 -0500 Subject: [PATCH 124/695] added openvpn to packages --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a1332cc..462c34e 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -72,6 +72,7 @@ in # system tools protonvpn-gui + openvpn nextcloud-client noisetorch From 430e1e80124bcc2c8623ec8b835f5ef2f0a1112c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Sep 2024 17:41:48 -0500 Subject: [PATCH 125/695] added disko to tasks --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3e61367..6783009 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From 20e65ebf0f5a86dc1d745a6a20fa04d085fe02b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Sep 2024 17:41:48 -0500 Subject: [PATCH 126/695] added disko to tasks --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3e61367..6783009 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From 5df7df6129864c48f5e5b815a2a5caf4773da1d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 14 Sep 2024 09:19:08 -0500 Subject: [PATCH 127/695] got nixos-anywhere half working --- README.md | 21 ++-- flake.lock | 21 ++++ flake.nix | 10 +- hosts/defiant/configuration.nix | 30 +++++- hosts/defiant/disko-config.nix | 120 +++++++++++++++++++++++ hosts/defiant/hardware-configuration.nix | 8 +- 6 files changed, 193 insertions(+), 17 deletions(-) create mode 100644 hosts/defiant/disko-config.nix diff --git a/README.md b/README.md index 6783009..c3773c0 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,31 @@ `./rebuild.sh` # New machine setup + keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt +> TODO: `keys.txt`` should prob be readable by owning user only? updating passwords: `sops secrets/secrets.yaml` -TODO: keys.txt should prob be readable by owning user only? +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` - > something about ssh keys for remotes +# Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init + # Updating `nix flake update` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them +- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? @@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only? - DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively -- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Flake templates - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? - util functions -- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh -- limit boot configurations to 2 on defiant \ No newline at end of file +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1e8ab51..1182330 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,6 +106,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index e75e133..ee87ab5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,12 @@ # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # declairtive disk configuration + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # managment per user home-manager = { url = "github:nix-community/home-manager"; @@ -18,7 +24,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" @@ -53,6 +59,8 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; }; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a80c520..bff81ea 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,19 +11,39 @@ ../../enviroments/server ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + age ={ + keyFile = "/home/leyla/.config/sops/age/keys.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + + # home.sessionVariables = { + # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; + # }; users.leyla.isThinUser = true; boot.loader.grub = { enable = true; - device = "/dev/sda"; - useOSProber = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; + # mirroredBoots = [ + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } + # ]; }; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "c8985fc5"; # TODO: populate this when I get home networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 0000000..3a113eb --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,120 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + }; + # zpool = { + # zpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = [ + # { + # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + # mode = "mirror"; + # members = [ + # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + # ]; + # } + # ]; + # cache = [ ]; + # # cache = [ "ssd_2_tb_a" ]; + # }; + # }; + + # options = { + # ashift = "12"; + # }; + + # rootFsOptions = { + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; + # compression = "lz4"; + # xattr = "sa"; + # acltype = "posixacl"; + # "com.sun:auto-snapshot" = "false"; + # }; + + # datasets = { + # "root" = { + # type = "zfs_fs"; + # mountpoint = "/"; + # }; + # "nix" = { + # type = "zfs_fs"; + # mountpoint = "/nix"; + # }; + # "home" = { + # type = "zfs_fs"; + # mountpoint = "/home"; + # options = { + # "com.sun:auto-snapshot" = "true"; + # }; + # }; + # "var" = { + # type = "zfs_fs"; + # mountpoint = "/var"; + # }; + # }; + # }; + # }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 575ae36..cd075ca 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; swapDevices = [ ]; From 2a30c00ffbbcb1ac46a2fb41f7c489595294ccd8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 14 Sep 2024 09:19:08 -0500 Subject: [PATCH 128/695] got nixos-anywhere half working --- README.md | 21 ++-- flake.lock | 21 ++++ flake.nix | 10 +- hosts/defiant/configuration.nix | 30 +++++- hosts/defiant/disko-config.nix | 120 +++++++++++++++++++++++ hosts/defiant/hardware-configuration.nix | 8 +- 6 files changed, 193 insertions(+), 17 deletions(-) create mode 100644 hosts/defiant/disko-config.nix diff --git a/README.md b/README.md index 6783009..c3773c0 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,31 @@ `./rebuild.sh` # New machine setup + keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt +> TODO: `keys.txt`` should prob be readable by owning user only? updating passwords: `sops secrets/secrets.yaml` -TODO: keys.txt should prob be readable by owning user only? +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` - > something about ssh keys for remotes +# Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init + # Updating `nix flake update` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them +- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? @@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only? - DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively -- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Flake templates - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? - util functions -- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh -- limit boot configurations to 2 on defiant \ No newline at end of file +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1e8ab51..1182330 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,6 +106,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index e75e133..ee87ab5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,12 @@ # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # declairtive disk configuration + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # managment per user home-manager = { url = "github:nix-community/home-manager"; @@ -18,7 +24,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" @@ -53,6 +59,8 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; }; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a80c520..bff81ea 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,19 +11,39 @@ ../../enviroments/server ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + age ={ + keyFile = "/home/leyla/.config/sops/age/keys.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + + # home.sessionVariables = { + # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; + # }; users.leyla.isThinUser = true; boot.loader.grub = { enable = true; - device = "/dev/sda"; - useOSProber = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; + # mirroredBoots = [ + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } + # ]; }; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "c8985fc5"; # TODO: populate this when I get home networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 0000000..3a113eb --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,120 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + }; + # zpool = { + # zpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = [ + # { + # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + # mode = "mirror"; + # members = [ + # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + # ]; + # } + # ]; + # cache = [ ]; + # # cache = [ "ssd_2_tb_a" ]; + # }; + # }; + + # options = { + # ashift = "12"; + # }; + + # rootFsOptions = { + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; + # compression = "lz4"; + # xattr = "sa"; + # acltype = "posixacl"; + # "com.sun:auto-snapshot" = "false"; + # }; + + # datasets = { + # "root" = { + # type = "zfs_fs"; + # mountpoint = "/"; + # }; + # "nix" = { + # type = "zfs_fs"; + # mountpoint = "/nix"; + # }; + # "home" = { + # type = "zfs_fs"; + # mountpoint = "/home"; + # options = { + # "com.sun:auto-snapshot" = "true"; + # }; + # }; + # "var" = { + # type = "zfs_fs"; + # mountpoint = "/var"; + # }; + # }; + # }; + # }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 575ae36..cd075ca 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; swapDevices = [ ]; From 8f8cea0ab2690a80e895758575c5cbeb21aa3fc0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 10:12:32 -0500 Subject: [PATCH 129/695] added zfs disks to defiant --- hosts/defiant/configuration.nix | 1 - hosts/defiant/disko-config.nix | 130 ++++++++++++++++---------------- hosts/horizon/configuration.nix | 2 +- 3 files changed, 66 insertions(+), 67 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bff81ea..bc6c34c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -63,7 +63,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - # temp enable password auth over ssh for setup services.openssh = { enable = true; ports = [ 22 ]; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 3a113eb..7fd2427 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,14 @@ let mountpoint = "/boot"; }; }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; + # root = { + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; }; }; }; @@ -52,69 +52,69 @@ in { disk = { boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; - # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; }; - # zpool = { - # zpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = [ - # { - # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - # mode = "mirror"; - # members = [ - # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" - # ]; - # } - # ]; - # cache = [ ]; - # # cache = [ "ssd_2_tb_a" ]; - # }; - # }; + zpool = { + zpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; - # options = { - # ashift = "12"; - # }; + options = { + ashift = "12"; + }; - # rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - # compression = "lz4"; - # xattr = "sa"; - # acltype = "posixacl"; - # "com.sun:auto-snapshot" = "false"; - # }; + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # mountpoint = "/"; - # }; - # "nix" = { - # type = "zfs_fs"; - # mountpoint = "/nix"; - # }; - # "home" = { - # type = "zfs_fs"; - # mountpoint = "/home"; - # options = { - # "com.sun:auto-snapshot" = "true"; - # }; - # }; - # "var" = { - # type = "zfs_fs"; - # mountpoint = "/var"; - # }; - # }; - # }; - # }; + datasets = { + "root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; }; } diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d28ca5b..18d4348 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -71,7 +71,7 @@ # }; # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; From d22f470e2449d431aab49ca5b8070a95a2ffdb16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 10:12:32 -0500 Subject: [PATCH 130/695] added zfs disks to defiant --- hosts/defiant/configuration.nix | 1 - hosts/defiant/disko-config.nix | 130 ++++++++++++++++---------------- hosts/horizon/configuration.nix | 2 +- 3 files changed, 66 insertions(+), 67 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bff81ea..bc6c34c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -63,7 +63,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - # temp enable password auth over ssh for setup services.openssh = { enable = true; ports = [ 22 ]; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 3a113eb..7fd2427 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,14 @@ let mountpoint = "/boot"; }; }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; + # root = { + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; }; }; }; @@ -52,69 +52,69 @@ in { disk = { boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; - # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; }; - # zpool = { - # zpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = [ - # { - # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - # mode = "mirror"; - # members = [ - # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" - # ]; - # } - # ]; - # cache = [ ]; - # # cache = [ "ssd_2_tb_a" ]; - # }; - # }; + zpool = { + zpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; - # options = { - # ashift = "12"; - # }; + options = { + ashift = "12"; + }; - # rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - # compression = "lz4"; - # xattr = "sa"; - # acltype = "posixacl"; - # "com.sun:auto-snapshot" = "false"; - # }; + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # mountpoint = "/"; - # }; - # "nix" = { - # type = "zfs_fs"; - # mountpoint = "/nix"; - # }; - # "home" = { - # type = "zfs_fs"; - # mountpoint = "/home"; - # options = { - # "com.sun:auto-snapshot" = "true"; - # }; - # }; - # "var" = { - # type = "zfs_fs"; - # mountpoint = "/var"; - # }; - # }; - # }; - # }; + datasets = { + "root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; }; } diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d28ca5b..18d4348 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -71,7 +71,7 @@ # }; # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; From 417aafe2e82b3364306682e2a257f25f3ad263f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 12:55:31 -0500 Subject: [PATCH 131/695] moved sops config into common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- hosts/twilight/configuration.nix | 5 ----- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 59dda19..a6c671c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -26,6 +26,19 @@ LC_TIME = "en_US.UTF-8"; }; + users.groups.users = {}; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bc6c34c..594e83f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,17 +11,6 @@ ../../enviroments/server ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - - age ={ - keyFile = "/home/leyla/.config/sops/age/keys.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; - # generateKey = true; - }; - }; - # home.sessionVariables = { # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; # }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 34e6922..93f9265 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,11 +11,6 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { isFullUser = true; hasPiperMouse = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 4850e0f..156716f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index bf2b51b..4ed06a8 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index c5bfef9..7546613 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker"] + ["networkmanager" "wheel" "docker" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From 88ab5420eb98f7a0733346967fd01225bd02aef1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 12:55:31 -0500 Subject: [PATCH 132/695] moved sops config into common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- hosts/twilight/configuration.nix | 5 ----- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 59dda19..a6c671c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -26,6 +26,19 @@ LC_TIME = "en_US.UTF-8"; }; + users.groups.users = {}; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bc6c34c..594e83f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,17 +11,6 @@ ../../enviroments/server ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - - age ={ - keyFile = "/home/leyla/.config/sops/age/keys.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; - # generateKey = true; - }; - }; - # home.sessionVariables = { # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; # }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 34e6922..93f9265 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,11 +11,6 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { isFullUser = true; hasPiperMouse = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 4850e0f..156716f 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index bf2b51b..4ed06a8 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index c5bfef9..7546613 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker"] + ["networkmanager" "wheel" "docker" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From d55d5933de90636459e7c15d6a36f9e211600953 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:03:53 -0500 Subject: [PATCH 133/695] reduced tech debt by moving things into hardware configs --- README.md | 9 ++--- hosts/horizon/configuration.nix | 40 ------------------ hosts/horizon/hardware-configuration.nix | 9 ++++- hosts/twilight/configuration.nix | 49 ----------------------- hosts/twilight/hardware-configuration.nix | 48 +++++++++++++++++++++- 5 files changed, 58 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index c3773c0..006fdb9 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ `./rebuild.sh` # New machine setup - -keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt -> TODO: `keys.txt`` should prob be readable by owning user only? +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU @@ -44,9 +42,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix -- what does `boot.kernelModules = [ "sg" ]` do? -- sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server - STOP FROM SLEEPING diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 18d4348..9eae057 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,23 +11,10 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isFullUser = true; users.ester.isFullUser = true; users.eve.isFullUser = true; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "horizon"; # Define your hostname. - # enabled virtualisation for docker virtualisation.docker = { enable = true; @@ -37,39 +24,12 @@ }; }; - hardware.graphics.enable = true; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # # List services that you want to enable: - # systemd.services = { - # # Start resilio sync on boot - # resilio-sync = { - # description = "Resilio Sync service"; - - # serviceConfig = { - # Type = "forking"; - # Restart = "on-failure"; - # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; - # }; - - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # }; - # }; - # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e83bda5..40561a9 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,9 +10,15 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.graphics.enable = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; fsType = "ext4"; @@ -57,6 +63,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking.hostName = "horizon"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 93f9265..fc4f425 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,15 +20,7 @@ }; users.ester.isFullUser = true; users.eve.isFullUser = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "sg" ]; - - networking.hostName = "twilight"; # Define your hostname. - # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -38,47 +30,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ef71502..2ab871e 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,9 +10,54 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable OpenGL + hardware.graphics.enable = true; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + fileSystems."/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; fsType = "ext4"; @@ -54,6 +99,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + networking.hostName = "twilight"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From e338b8eac5d343a4d10bfba8efd3e8dcb8170d7a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:03:53 -0500 Subject: [PATCH 134/695] reduced tech debt by moving things into hardware configs --- README.md | 9 ++--- hosts/horizon/configuration.nix | 40 ------------------ hosts/horizon/hardware-configuration.nix | 9 ++++- hosts/twilight/configuration.nix | 49 ----------------------- hosts/twilight/hardware-configuration.nix | 48 +++++++++++++++++++++- 5 files changed, 58 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index c3773c0..006fdb9 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ `./rebuild.sh` # New machine setup - -keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt -> TODO: `keys.txt`` should prob be readable by owning user only? +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU @@ -44,9 +42,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix -- what does `boot.kernelModules = [ "sg" ]` do? -- sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server - STOP FROM SLEEPING diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 18d4348..9eae057 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,23 +11,10 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isFullUser = true; users.ester.isFullUser = true; users.eve.isFullUser = true; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "horizon"; # Define your hostname. - # enabled virtualisation for docker virtualisation.docker = { enable = true; @@ -37,39 +24,12 @@ }; }; - hardware.graphics.enable = true; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # # List services that you want to enable: - # systemd.services = { - # # Start resilio sync on boot - # resilio-sync = { - # description = "Resilio Sync service"; - - # serviceConfig = { - # Type = "forking"; - # Restart = "on-failure"; - # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; - # }; - - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # }; - # }; - # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e83bda5..40561a9 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,9 +10,15 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.graphics.enable = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; fsType = "ext4"; @@ -57,6 +63,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking.hostName = "horizon"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 93f9265..fc4f425 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,15 +20,7 @@ }; users.ester.isFullUser = true; users.eve.isFullUser = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "sg" ]; - - networking.hostName = "twilight"; # Define your hostname. - # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -38,47 +30,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ef71502..2ab871e 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,9 +10,54 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable OpenGL + hardware.graphics.enable = true; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + fileSystems."/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; fsType = "ext4"; @@ -54,6 +99,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + networking.hostName = "twilight"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 15ce7680a6e0156bf2b9432670cf271bab82923b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:04:11 -0500 Subject: [PATCH 135/695] switched boot disk to using path for defiant --- hosts/defiant/disko-config.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 7fd2427..10ec163 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,6 @@ let mountpoint = "/boot"; }; }; - # root = { - # size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - # }; }; }; }; @@ -50,7 +42,7 @@ let in { disko.devices = { disk = { - boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; From 9cf91a73164e8685d6194b91a5062bba1c6d2005 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:04:11 -0500 Subject: [PATCH 136/695] switched boot disk to using path for defiant --- hosts/defiant/disko-config.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 7fd2427..10ec163 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,6 @@ let mountpoint = "/boot"; }; }; - # root = { - # size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - # }; }; }; }; @@ -50,7 +42,7 @@ let in { disko.devices = { disk = { - boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; From 2b10a4b81d21280e7a99623d1cf0a84175274eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:31:59 -0500 Subject: [PATCH 137/695] updated README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 006fdb9..b059a71 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- GNOME default monitors per hardware configuration? -- graphics driver things should prob be in the hardware-configuration.nix - use dashes for options not camel case - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server -- STOP FROM SLEEPING +- GNOME default monitors per hardware configuration? +- stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates - Install all the things on the NAS From e65143b835705cc6479b254db649d0065de05025 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:31:59 -0500 Subject: [PATCH 138/695] updated README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 006fdb9..b059a71 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- GNOME default monitors per hardware configuration? -- graphics driver things should prob be in the hardware-configuration.nix - use dashes for options not camel case - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server -- STOP FROM SLEEPING +- GNOME default monitors per hardware configuration? +- stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates - Install all the things on the NAS From 8934d441dc6b5f9f034ed8d544b4db22d494d9dd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 19:49:30 -0500 Subject: [PATCH 139/695] fixed sops age keyFile getting sent to instal target --- README.md | 2 +- enviroments/common/default.nix | 6 +++- install.sh | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100755 install.sh diff --git a/README.md b/README.md index b059a71..2bfa30d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`./install.sh --target 192.168.1.130 --flake hostname` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a6c671c..8fb75e9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,13 +31,17 @@ sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; age ={ keyFile = "/var/lib/sops-nix/key.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + sshKeyPaths = []; # generateKey = true; }; }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..0718998 --- /dev/null +++ b/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +if [ -z ${target} ]; then + echo "target is blank"; + exit 1; +fi + +if [ -z ${flake} ]; then + echo "flake is blank"; + exit 1; +fi + +temp=$(mktemp -d) +# Function to cleanup temporary directory on exit +cleanup() { + rm -rf "$temp" +} +trap cleanup EXIT + +# copy key file to temp folder to copy over to target +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION + +# commit number in this is because the main branch of nixos-anywhere is broken right now +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 16bb44f5e86b3e908105e85fcd9c5a918dae03a7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 19:49:30 -0500 Subject: [PATCH 140/695] fixed sops age keyFile getting sent to instal target --- README.md | 2 +- enviroments/common/default.nix | 6 +++- install.sh | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100755 install.sh diff --git a/README.md b/README.md index b059a71..2bfa30d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`./install.sh --target 192.168.1.130 --flake hostname` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a6c671c..8fb75e9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,13 +31,17 @@ sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; age ={ keyFile = "/var/lib/sops-nix/key.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + sshKeyPaths = []; # generateKey = true; }; }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..0718998 --- /dev/null +++ b/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +if [ -z ${target} ]; then + echo "target is blank"; + exit 1; +fi + +if [ -z ${flake} ]; then + echo "flake is blank"; + exit 1; +fi + +temp=$(mktemp -d) +# Function to cleanup temporary directory on exit +cleanup() { + rm -rf "$temp" +} +trap cleanup EXIT + +# copy key file to temp folder to copy over to target +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION + +# commit number in this is because the main branch of nixos-anywhere is broken right now +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 8e5978d1b58995387fe12762742b23fca05d8564 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 16 Sep 2024 21:18:08 -0500 Subject: [PATCH 141/695] added key for horizon to authorized keys for defiant --- users/leyla/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7546613..5e39f80 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -44,6 +44,12 @@ in ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + }; } else { isSystemUser = true; } From ad44943abe68af082001457e7ae96e9069f32346 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 16 Sep 2024 21:18:08 -0500 Subject: [PATCH 142/695] added key for horizon to authorized keys for defiant --- users/leyla/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7546613..5e39f80 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -44,6 +44,12 @@ in ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + }; } else { isSystemUser = true; } From 1ddce31f00f20a6fb71d6ce818727b97671c0dcd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 08:51:31 -0500 Subject: [PATCH 143/695] added more details to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bfa30d..eb07f88 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,4 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file From 764f7f57cbef94169eb8ef9d89de4c504f19840e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 08:51:31 -0500 Subject: [PATCH 144/695] added more details to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bfa30d..eb07f88 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,4 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file From f7248ab781fd147a86aae5b81dbf0209df124aea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:57:13 -0500 Subject: [PATCH 145/695] created disko config for defiant --- hosts/defiant/configuration.nix | 8 ++++++- hosts/defiant/disko-config.nix | 42 ++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 594e83f..e42db42 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,10 @@ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c8985fc5"; # TODO: populate this when I get home + boot.zfs.extraPools = [ "zpool" ]; + + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE + networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; @@ -46,6 +49,9 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + # disable computer sleeping systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 10ec163..653f29f 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -33,7 +33,32 @@ let size = "100%"; content = { type = "zfs"; - pool = "zpool"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; }; }; }; @@ -48,10 +73,10 @@ in { hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zpool = { + zroot = { type = "zpool"; mode = { topology = { @@ -73,7 +98,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -83,19 +108,18 @@ in { acltype = "posixacl"; "com.sun:auto-snapshot" = "false"; }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - "root" = { - type = "zfs_fs"; - mountpoint = "/"; - }; "nix" = { type = "zfs_fs"; mountpoint = "/nix"; }; "home" = { type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/mnt/home"; options = { "com.sun:auto-snapshot" = "true"; }; From c3a19fb6f91137402406e63d84abc874a23a42a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:57:13 -0500 Subject: [PATCH 146/695] created disko config for defiant --- hosts/defiant/configuration.nix | 8 ++++++- hosts/defiant/disko-config.nix | 42 ++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 594e83f..e42db42 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,10 @@ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c8985fc5"; # TODO: populate this when I get home + boot.zfs.extraPools = [ "zpool" ]; + + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE + networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; @@ -46,6 +49,9 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + # disable computer sleeping systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 10ec163..653f29f 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -33,7 +33,32 @@ let size = "100%"; content = { type = "zfs"; - pool = "zpool"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; }; }; }; @@ -48,10 +73,10 @@ in { hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zpool = { + zroot = { type = "zpool"; mode = { topology = { @@ -73,7 +98,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -83,19 +108,18 @@ in { acltype = "posixacl"; "com.sun:auto-snapshot" = "false"; }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - "root" = { - type = "zfs_fs"; - mountpoint = "/"; - }; "nix" = { type = "zfs_fs"; mountpoint = "/nix"; }; "home" = { type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/mnt/home"; options = { "com.sun:auto-snapshot" = "true"; }; From 6480ca95dd13600b1b1a2c9c985bfcfdff920eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:59:57 -0500 Subject: [PATCH 147/695] added zfs auto scrub and snapshot --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e42db42..e7b1e5e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -34,6 +34,9 @@ boot.zfs.extraPools = [ "zpool" ]; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot.enable = true; + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. From f994ba035c3750aac46f48658c6be75839c868d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:59:57 -0500 Subject: [PATCH 148/695] added zfs auto scrub and snapshot --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e42db42..e7b1e5e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -34,6 +34,9 @@ boot.zfs.extraPools = [ "zpool" ]; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot.enable = true; + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. From 8897a5646b8ade1d5978d1708b3ef7d7c224db4d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:00:19 -0500 Subject: [PATCH 149/695] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eb07f88..3ba5458 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,5 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing \ No newline at end of file From a171e586bdbe686fda342d999c4b0f3e5abbf361 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:00:19 -0500 Subject: [PATCH 150/695] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eb07f88..3ba5458 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,5 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing \ No newline at end of file From 63d23d6c54bbe958b5d76fb339bcd21301bd4161 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:07:44 -0500 Subject: [PATCH 151/695] fixed extra pool name --- hosts/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e7b1e5e..b705068 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,7 @@ boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.extraPools = [ "zpool" ]; + boot.zfs.extraPools = [ "zroot" ]; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; From afc3bab3ad0afdd28e74c99c596e2bb3178971d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:07:44 -0500 Subject: [PATCH 152/695] fixed extra pool name --- hosts/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e7b1e5e..b705068 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,7 @@ boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.extraPools = [ "zpool" ]; + boot.zfs.extraPools = [ "zroot" ]; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; From 76cd196363bddeeb41ff6e1a8831497d94051d97 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:14:50 -0500 Subject: [PATCH 153/695] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba5458..82212c9 100644 --- a/README.md +++ b/README.md @@ -56,4 +56,5 @@ updating passwords: `sops secrets/secrets.yaml` - openssh known hosts - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing \ No newline at end of file +- zfs email after scrubbing +- tail scale on clients and PiKVM \ No newline at end of file From 772c758e23cc29a6fe7b0a3256abf60e7224cf58 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:14:50 -0500 Subject: [PATCH 154/695] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba5458..82212c9 100644 --- a/README.md +++ b/README.md @@ -56,4 +56,5 @@ updating passwords: `sops secrets/secrets.yaml` - openssh known hosts - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing \ No newline at end of file +- zfs email after scrubbing +- tail scale on clients and PiKVM \ No newline at end of file From f0a10c122d9911c0eff6e99dedffc84cb4c46ce9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:16:11 -0500 Subject: [PATCH 155/695] clarified task in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82212c9..d1758c0 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case +- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server From 0f1e6a9c988045cf8428d7705b5939372b3f49c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:16:11 -0500 Subject: [PATCH 156/695] clarified task in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82212c9..d1758c0 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case +- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server From a3a66300315043656d0910e872e663369cbaae68 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:08 -0500 Subject: [PATCH 157/695] updated rebuild.sh to support remote rebuilds --- rebuild.sh | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index 7f2a072..c54dd1a 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,41 @@ #!/usr/bin/env bash -sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-h*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --mode*|-m*) + if [[ "$1" != *=* ]]; then shift; fi + mode="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +target=${target:-$(hostname)} +flake=${flake:-$target} +mode=${mode:-switch} + +if [[ "$target" == "$(hostname)" ]] +then + sudo nixos-rebuild $mode --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake +fi From 5a1bc95a1a7e1f73c5fd2b1b9b9d22e5597fd822 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:08 -0500 Subject: [PATCH 158/695] updated rebuild.sh to support remote rebuilds --- rebuild.sh | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index 7f2a072..c54dd1a 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,41 @@ #!/usr/bin/env bash -sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-h*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --mode*|-m*) + if [[ "$1" != *=* ]]; then shift; fi + mode="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +target=${target:-$(hostname)} +flake=${flake:-$target} +mode=${mode:-switch} + +if [[ "$target" == "$(hostname)" ]] +then + sudo nixos-rebuild $mode --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake +fi From bf0d0190473f483ee87b3a7a59c679bb1f35dbd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:23 -0500 Subject: [PATCH 159/695] added more details to tasks in readme --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d1758c0..afd7536 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ # Updating `nix flake update` @@ -43,12 +44,12 @@ updating passwords: `sops secrets/secrets.yaml` - use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features -- DISKO for server - GNOME default monitors per hardware configuration? - stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates -- Install all the things on the NAS +- Docker parity with existing NAS on defiant +- NFS on defiant - firefox declarative??? - figure out steam vr things? - Open GL? @@ -57,4 +58,6 @@ updating passwords: `sops secrets/secrets.yaml` - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale on clients and PiKVM \ No newline at end of file +- headscale server +- mastodon server +- tail scale clients \ No newline at end of file From 5d2b7a2ce5bbf2ad9773fb1aca5eca28d01023d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:23 -0500 Subject: [PATCH 160/695] added more details to tasks in readme --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d1758c0..afd7536 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ # Updating `nix flake update` @@ -43,12 +44,12 @@ updating passwords: `sops secrets/secrets.yaml` - use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features -- DISKO for server - GNOME default monitors per hardware configuration? - stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates -- Install all the things on the NAS +- Docker parity with existing NAS on defiant +- NFS on defiant - firefox declarative??? - figure out steam vr things? - Open GL? @@ -57,4 +58,6 @@ updating passwords: `sops secrets/secrets.yaml` - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale on clients and PiKVM \ No newline at end of file +- headscale server +- mastodon server +- tail scale clients \ No newline at end of file From 11603852f4c23ba718b83a201ef3341856ae752b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:40 -0500 Subject: [PATCH 161/695] added docker to defiant --- enviroments/common/default.nix | 1 + hosts/defiant/configuration.nix | 48 ++++++++++++++++++++++++++------- hosts/horizon/configuration.nix | 1 + users/leyla/default.nix | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e9..f0231c3 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068..1608e4a 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae057..230a83e 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f80..d0a9a96 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From f68a46c46a0d7019c5b241687c38c648853f3f37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:40 -0500 Subject: [PATCH 162/695] added docker to defiant --- enviroments/common/default.nix | 1 + hosts/defiant/configuration.nix | 48 ++++++++++++++++++++++++++------- hosts/horizon/configuration.nix | 1 + users/leyla/default.nix | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e9..f0231c3 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068..1608e4a 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae057..230a83e 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f80..d0a9a96 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From 0b1309dd0f64f0e5babf302d9cd30a3bd1e41016 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:49:59 -0500 Subject: [PATCH 163/695] ran statix linter --- enviroments/client/default.nix | 61 ++++---- hosts/defiant/configuration.nix | 136 +++++++++-------- hosts/defiant/hardware-configuration.nix | 34 +++-- hosts/emergent/configuration.nix | 5 - hosts/hesperium/configuration.nix | 5 - hosts/horizon/configuration.nix | 8 +- hosts/horizon/hardware-configuration.nix | 99 ++++++------ hosts/threshold/configuration.nix | 5 - hosts/twilight/configuration.nix | 18 ++- hosts/twilight/hardware-configuration.nix | 176 ++++++++++++---------- overlays/intellij.nix | 2 +- overlays/vscodium.nix | 2 +- templates/default.nix | 2 + users/leyla/home.nix | 118 ++++++++------- users/leyla/packages.nix | 22 +-- util/default.nix | 12 +- 16 files changed, 376 insertions(+), 329 deletions(-) delete mode 100644 hosts/emergent/configuration.nix delete mode 100644 hosts/hesperium/configuration.nix delete mode 100644 hosts/threshold/configuration.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index ccc5a55..555305f 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -4,43 +4,50 @@ ../common ]; - # Enable CUPS to print documents. - services.printing.enable = true; + services = { - # Enable the X11 windowing system. - services.xserver.enable = true; + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + xserver = { + # Enable the X11 windowing system. + enable = true; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; - # Configure keymap in X11 - services.xserver = { - xkb = { - layout = "us,it,de"; - variant = ""; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; }; }; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; environment.systemPackages = with pkgs; [ # helvetica font diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1608e4a..77d07b0 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,83 +23,91 @@ virtualisation.docker.enable = true; users.extraGroups.docker.members = [ "leyla" ]; - boot.supportedFilesystems = [ "zfs" ]; - - boot.zfs.extraPools = [ "zroot" ]; - - services.zfs.autoScrub.enable = true; - services.zfs.autoSnapshot.enable = true; - - # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE - networking.hostId = "c51763d6"; - networking.hostName = "defiant"; # Define your hostname. - nixpkgs.config.allowUnfree = true; - # temp enable desktop enviroment for setup - # Enable the X11 windowing system. - services.xserver.enable = true; + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + # Enable the GNOME Desktop Environment. + services.xserver.displayManager = { + gdm.enable = true; + }; + services.xserver.desktopManager = { + gnome.enable = true; + desktopManager.xterm.enable = false; + }; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; - # disable computer sleeping - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; + nfs.server = { + enable = true; + exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; }; }; - fileSystems."/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; }; - fileSystems."/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; + fileSystems = { + "/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + "/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + "/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + "/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; }; - fileSystems."/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - fileSystems."/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index cd075ca..3ba63d0 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,10 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; @@ -20,13 +28,17 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix deleted file mode 100644 index 215fc8c..0000000 --- a/hosts/emergent/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve desktop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix deleted file mode 100644 index 8cd6f61..0000000 --- a/hosts/hesperium/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# nas -{}: -{ - -} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 230a83e..3a27081 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,9 +11,11 @@ ../../enviroments/client ]; - users.leyla.isFullUser = true; - users.ester.isFullUser = true; - users.eve.isFullUser = true; + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; # enabled virtualisation for docker virtualisation.docker = { diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 40561a9..96f2423 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -8,62 +8,73 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; hardware.graphics.enable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; services.cachefilesd.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - networking.hostName = "horizon"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix deleted file mode 100644 index 305f2f7..0000000 --- a/hosts/threshold/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve laptop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index fc4f425..1352c8b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,15 +11,17 @@ ../../enviroments/client ]; - users.leyla = { - isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; - hasGPU = true; + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; }; - users.ester.isFullUser = true; - users.eve.isFullUser = true; # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ab871e..01f3ac6 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -8,98 +8,112 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - networking.hostName = "twilight"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 25ee779..65eef92 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 902bd78..c271af3 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/templates/default.nix b/templates/default.nix index e69de29..f9d63b0 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1ae0057..40a6926 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -3,71 +3,73 @@ { # Home Manager needs a bit of information about you and the paths it should # manage. - home.username = "leyla"; - home.homeDirectory = "/home/leyla"; + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - # EDITOR = "emacs"; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; programs = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 462c34e..ca4ec7d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,19 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ - code = "codium"; - }); + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; - programs.steam = lib.mkIf cfg.isFullUser ({ - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }); + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; - programs.noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isFullUser; - programs.adb.enable = cfg.isFullUser; + adb.enable = cfg.isFullUser; + }; users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ diff --git a/util/default.nix b/util/default.nix index 795ad04..a4fab1e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +_: { - mkUnless = condition: then: (mkIf (!condition) then); - mkIfElse = condition: then: else: lib.mkMerge [ - (mkIf condition then) - (mkUnless condition else) - ]; + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; } \ No newline at end of file From 9706360841cbfbed254d5d80c4fc63792faa4d44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:49:59 -0500 Subject: [PATCH 164/695] ran statix linter --- enviroments/client/default.nix | 61 ++++---- hosts/defiant/configuration.nix | 136 +++++++++-------- hosts/defiant/hardware-configuration.nix | 34 +++-- hosts/emergent/configuration.nix | 5 - hosts/hesperium/configuration.nix | 5 - hosts/horizon/configuration.nix | 8 +- hosts/horizon/hardware-configuration.nix | 99 ++++++------ hosts/threshold/configuration.nix | 5 - hosts/twilight/configuration.nix | 18 ++- hosts/twilight/hardware-configuration.nix | 176 ++++++++++++---------- overlays/intellij.nix | 2 +- overlays/vscodium.nix | 2 +- templates/default.nix | 2 + users/leyla/home.nix | 118 ++++++++------- users/leyla/packages.nix | 22 +-- util/default.nix | 12 +- 16 files changed, 376 insertions(+), 329 deletions(-) delete mode 100644 hosts/emergent/configuration.nix delete mode 100644 hosts/hesperium/configuration.nix delete mode 100644 hosts/threshold/configuration.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index ccc5a55..555305f 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -4,43 +4,50 @@ ../common ]; - # Enable CUPS to print documents. - services.printing.enable = true; + services = { - # Enable the X11 windowing system. - services.xserver.enable = true; + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + xserver = { + # Enable the X11 windowing system. + enable = true; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; - # Configure keymap in X11 - services.xserver = { - xkb = { - layout = "us,it,de"; - variant = ""; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; }; }; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; environment.systemPackages = with pkgs; [ # helvetica font diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1608e4a..77d07b0 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,83 +23,91 @@ virtualisation.docker.enable = true; users.extraGroups.docker.members = [ "leyla" ]; - boot.supportedFilesystems = [ "zfs" ]; - - boot.zfs.extraPools = [ "zroot" ]; - - services.zfs.autoScrub.enable = true; - services.zfs.autoSnapshot.enable = true; - - # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE - networking.hostId = "c51763d6"; - networking.hostName = "defiant"; # Define your hostname. - nixpkgs.config.allowUnfree = true; - # temp enable desktop enviroment for setup - # Enable the X11 windowing system. - services.xserver.enable = true; + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + # Enable the GNOME Desktop Environment. + services.xserver.displayManager = { + gdm.enable = true; + }; + services.xserver.desktopManager = { + gnome.enable = true; + desktopManager.xterm.enable = false; + }; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; - # disable computer sleeping - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; + nfs.server = { + enable = true; + exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; }; }; - fileSystems."/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; }; - fileSystems."/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; + fileSystems = { + "/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + "/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + "/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + "/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; }; - fileSystems."/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - fileSystems."/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index cd075ca..3ba63d0 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,10 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; @@ -20,13 +28,17 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix deleted file mode 100644 index 215fc8c..0000000 --- a/hosts/emergent/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve desktop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix deleted file mode 100644 index 8cd6f61..0000000 --- a/hosts/hesperium/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# nas -{}: -{ - -} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 230a83e..3a27081 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,9 +11,11 @@ ../../enviroments/client ]; - users.leyla.isFullUser = true; - users.ester.isFullUser = true; - users.eve.isFullUser = true; + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; # enabled virtualisation for docker virtualisation.docker = { diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 40561a9..96f2423 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -8,62 +8,73 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; hardware.graphics.enable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; services.cachefilesd.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - networking.hostName = "horizon"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix deleted file mode 100644 index 305f2f7..0000000 --- a/hosts/threshold/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve laptop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index fc4f425..1352c8b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,15 +11,17 @@ ../../enviroments/client ]; - users.leyla = { - isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; - hasGPU = true; + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; }; - users.ester.isFullUser = true; - users.eve.isFullUser = true; # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ab871e..01f3ac6 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -8,98 +8,112 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - networking.hostName = "twilight"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 25ee779..65eef92 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 902bd78..c271af3 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/templates/default.nix b/templates/default.nix index e69de29..f9d63b0 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1ae0057..40a6926 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -3,71 +3,73 @@ { # Home Manager needs a bit of information about you and the paths it should # manage. - home.username = "leyla"; - home.homeDirectory = "/home/leyla"; + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - # EDITOR = "emacs"; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; programs = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 462c34e..ca4ec7d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,19 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ - code = "codium"; - }); + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; - programs.steam = lib.mkIf cfg.isFullUser ({ - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }); + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; - programs.noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isFullUser; - programs.adb.enable = cfg.isFullUser; + adb.enable = cfg.isFullUser; + }; users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ diff --git a/util/default.nix b/util/default.nix index 795ad04..a4fab1e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +_: { - mkUnless = condition: then: (mkIf (!condition) then); - mkIfElse = condition: then: else: lib.mkMerge [ - (mkIf condition then) - (mkUnless condition else) - ]; + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; } \ No newline at end of file From 84877be6f473d825dc43397f921cf00a82cec625 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:22:30 -0500 Subject: [PATCH 165/695] removed sudo call from rebuild.sh --- rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index c54dd1a..503dfdb 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -35,7 +35,7 @@ mode=${mode:-switch} if [[ "$target" == "$(hostname)" ]] then - sudo nixos-rebuild $mode --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake fi From 04dc0cb5ba92b573a594ab39406f53c6e0cde37e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:22:30 -0500 Subject: [PATCH 166/695] removed sudo call from rebuild.sh --- rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index c54dd1a..503dfdb 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -35,7 +35,7 @@ mode=${mode:-switch} if [[ "$target" == "$(hostname)" ]] then - sudo nixos-rebuild $mode --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake fi From e2625d0c0ad632ba8081155ff115f126647e23c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:24:09 -0500 Subject: [PATCH 167/695] added user option to rebuild.sh --- rebuild.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 503dfdb..b37be13 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -14,11 +14,16 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi mode="${1#*=}" ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to install on" - echo "--flake -f: set the flake to install on the target system" - echo "--user -u: set the user to install flake as on the target system" + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -32,10 +37,11 @@ done target=${target:-$(hostname)} flake=${flake:-$target} mode=${mode:-switch} +user=${user:-$USER} if [[ "$target" == "$(hostname)" ]] then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi From 2150819f7dfff56270cecd9241ea0340cca377b9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:24:09 -0500 Subject: [PATCH 168/695] added user option to rebuild.sh --- rebuild.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 503dfdb..b37be13 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -14,11 +14,16 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi mode="${1#*=}" ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to install on" - echo "--flake -f: set the flake to install on the target system" - echo "--user -u: set the user to install flake as on the target system" + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -32,10 +37,11 @@ done target=${target:-$(hostname)} flake=${flake:-$target} mode=${mode:-switch} +user=${user:-$USER} if [[ "$target" == "$(hostname)" ]] then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi From 19f2deb87f4fec50850e80c599c6b6b527f8b747 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:20 -0500 Subject: [PATCH 169/695] added headscale service --- hosts/defiant/configuration.nix | 43 ++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 77d07b0..6c2c61f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,7 +25,9 @@ nixpkgs.config.allowUnfree = true; - services = { + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -37,12 +39,12 @@ enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager = { + displayManager = { gdm.enable = true; }; - services.xserver.desktopManager = { + desktopManager = { gnome.enable = true; - desktopManager.xterm.enable = false; + xterm.enable = false; }; # Get rid of xTerm @@ -76,6 +78,37 @@ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) ''; }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; }; # disable computer sleeping @@ -108,6 +141,8 @@ }; }; + environment.systemPackages = [ config.services.headscale.package ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From c8a6ff7e5454dc8dbcf674a5ea1d8d5c41fe622a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:20 -0500 Subject: [PATCH 170/695] added headscale service --- hosts/defiant/configuration.nix | 43 ++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 77d07b0..6c2c61f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,7 +25,9 @@ nixpkgs.config.allowUnfree = true; - services = { + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -37,12 +39,12 @@ enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager = { + displayManager = { gdm.enable = true; }; - services.xserver.desktopManager = { + desktopManager = { gnome.enable = true; - desktopManager.xterm.enable = false; + xterm.enable = false; }; # Get rid of xTerm @@ -76,6 +78,37 @@ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) ''; }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; }; # disable computer sleeping @@ -108,6 +141,8 @@ }; }; + environment.systemPackages = [ config.services.headscale.package ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 0ab447e00caf5d464bdb339eb6afc87ccc83b07a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:33 -0500 Subject: [PATCH 171/695] added task to tech debt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afd7536..d7b8371 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 41434d640056a033062c55b0a91e106fdea31ad6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:33 -0500 Subject: [PATCH 172/695] added task to tech debt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afd7536..d7b8371 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 615fb21505c247e865dffd5b43fd2f5badfa0a75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:43:02 -0500 Subject: [PATCH 173/695] added more tasks to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d7b8371..59ed515 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 22e870288eda7ad44e9ba2f4d06e667079bc98fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:43:02 -0500 Subject: [PATCH 174/695] added more tasks to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d7b8371..59ed515 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From b4f3349caf8056ef5e78a65309d6f011ae2a3e0c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:06 -0500 Subject: [PATCH 175/695] managed vs code extensions though nix --- README.md | 3 +- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ overlays/vscodium.nix | 24 +++++++------- users/leyla/packages.nix | 42 +++++++++++++++++++++-- 5 files changed, 131 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 59ed515..b728b5e 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake @@ -48,7 +48,6 @@ updating passwords: `sops secrets/secrets.yaml` ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping -- VS code extensions should be installed declaratively - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant diff --git a/flake.lock b/flake.lock index 1182330..3f277b2 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,40 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +74,28 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -108,6 +164,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -131,6 +188,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ee87ab5..033e2c2 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,12 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # vscode extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index c271af3..618af19 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,15 +1,15 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index ca4ec7d..d962b34 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, inputs, ... }: let cfg = config.users.leyla; in @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + programs = { bash.shellAliases = lib.mkIf cfg.isFullUser { code = "codium"; @@ -66,7 +72,39 @@ in (lib.mkIf cfg.hasGPU davinci-resolve) # development tools - vscodium + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + jeanp413.open-remote-ssh + ] ++ (with vscode-marketplace; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + karyfoundation.nearley + + # misc extensions + bungcip.better-toml + ]); + }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 237c01f11e0423183feb86d2869a2a7839229bd0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:06 -0500 Subject: [PATCH 176/695] managed vs code extensions though nix --- README.md | 3 +- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ overlays/vscodium.nix | 24 +++++++------- users/leyla/packages.nix | 42 +++++++++++++++++++++-- 5 files changed, 131 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 59ed515..b728b5e 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake @@ -48,7 +48,6 @@ updating passwords: `sops secrets/secrets.yaml` ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping -- VS code extensions should be installed declaratively - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant diff --git a/flake.lock b/flake.lock index 1182330..3f277b2 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,40 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +74,28 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -108,6 +164,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -131,6 +188,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ee87ab5..033e2c2 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,12 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # vscode extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index c271af3..618af19 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,15 +1,15 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index ca4ec7d..d962b34 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, inputs, ... }: let cfg = config.users.leyla; in @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + programs = { bash.shellAliases = lib.mkIf cfg.isFullUser { code = "codium"; @@ -66,7 +72,39 @@ in (lib.mkIf cfg.hasGPU davinci-resolve) # development tools - vscodium + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + jeanp413.open-remote-ssh + ] ++ (with vscode-marketplace; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + karyfoundation.nearley + + # misc extensions + bungcip.better-toml + ]); + }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 4fa16929615b0e205a2c8642489c5e1414bcff3f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:36 -0500 Subject: [PATCH 177/695] added gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2f5dd2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file From 959eb2574e487f9f8e09407b6c7aefe040706103 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:36 -0500 Subject: [PATCH 178/695] added gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2f5dd2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file From 29506590b2df8f7530a833e4de437a72b78ab03d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:20:05 -0500 Subject: [PATCH 179/695] moved extensions over to open-vsx --- users/leyla/packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d962b34..223f568 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,14 +75,13 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = with open-vsx; [ - jeanp413.open-remote-ssh - ] ++ (with vscode-marketplace; [ # vs code feel extensions ms-vscode.atom-keybindings akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh # nix extensions pinage404.nix-extension-pack @@ -99,10 +98,12 @@ in firsttris.vscode-jest-runner stylelint.vscode-stylelint tauri-apps.tauri-vscode - karyfoundation.nearley # misc extensions bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley ]); }) androidStudioPackages.canary From 49de4a1ab07f502e8bd7fbd2ab01a22289240651 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:20:05 -0500 Subject: [PATCH 180/695] moved extensions over to open-vsx --- users/leyla/packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d962b34..223f568 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,14 +75,13 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = with open-vsx; [ - jeanp413.open-remote-ssh - ] ++ (with vscode-marketplace; [ # vs code feel extensions ms-vscode.atom-keybindings akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh # nix extensions pinage404.nix-extension-pack @@ -99,10 +98,12 @@ in firsttris.vscode-jest-runner stylelint.vscode-stylelint tauri-apps.tauri-vscode - karyfoundation.nearley # misc extensions bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley ]); }) androidStudioPackages.canary From 9bca1e81d28a2a43d8a618b4c2af347c0a967c46 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:21:24 -0500 Subject: [PATCH 181/695] added tech debt task to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b728b5e..bb5fd6c 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ updating passwords: `sops secrets/secrets.yaml` - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 117f394e411ce651c2d3066f722049f2d3fe6796 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:21:24 -0500 Subject: [PATCH 182/695] added tech debt task to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b728b5e..bb5fd6c 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ updating passwords: `sops secrets/secrets.yaml` - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From a99368bdb25dec3dd5cc7e011389687f6043fda6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 09:40:41 -0500 Subject: [PATCH 183/695] disabled overlay for jetbrains idea --- overlays/intellij.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 65eef92..d83bd15 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,19 +1,19 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; } \ No newline at end of file From 513cc95af77693e6e1c56ae9ef9afe49b282b2b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 09:40:41 -0500 Subject: [PATCH 184/695] disabled overlay for jetbrains idea --- overlays/intellij.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 65eef92..d83bd15 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,19 +1,19 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; } \ No newline at end of file From b05f633d2e7cdd232b980f271384b1b20cabc2b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:07:17 -0500 Subject: [PATCH 185/695] moved openssh config to common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index f0231c3..99f3e5a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -29,6 +29,19 @@ users.groups.users = {}; + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 6c2c61f..9e4a1e6 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -51,17 +51,6 @@ excludePackages = [ pkgs.xterm ]; }; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - }; - }; - nfs.server = { enable = true; exports = '' From dbd44077549477d6e1dbf974b79fe8d7800592c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:07:17 -0500 Subject: [PATCH 186/695] moved openssh config to common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index f0231c3..99f3e5a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -29,6 +29,19 @@ users.groups.users = {}; + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 6c2c61f..9e4a1e6 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -51,17 +51,6 @@ excludePackages = [ pkgs.xterm ]; }; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - }; - }; - nfs.server = { enable = true; exports = '' From f758eebc424baad5936d9c497aae5a9aafd71c3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:17:11 -0500 Subject: [PATCH 187/695] added key generation to leyla user configuration --- users/leyla/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d0a9a96..76e5a25 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -56,6 +56,15 @@ in ) ]; + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file From e97b8738e5f06578531d519139ae67f4478d184a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:17:11 -0500 Subject: [PATCH 188/695] added key generation to leyla user configuration --- users/leyla/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d0a9a96..76e5a25 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -56,6 +56,15 @@ in ) ]; + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file From eafdd4c71234d3f81ff54a7fbcec1279a7bfd31c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 189/695] set comment on hostKeys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 76e5a25..b321cdd 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -59,6 +59,7 @@ in # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ { + comment = "leyla@" + config.networking.hostName; path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; rounds = 100; type = "ed25519"; From 45f0ffb096766cc61e59c3f1c0d3ea800d142fb8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 190/695] set comment on hostKeys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 76e5a25..b321cdd 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -59,6 +59,7 @@ in # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ { + comment = "leyla@" + config.networking.hostName; path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; rounds = 100; type = "ed25519"; From 1edaafcd1bf88cbe8930133439711a440866e1a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:18 -0500 Subject: [PATCH 191/695] added twilight key to authorized keys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index b321cdd..7a8dc54 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -48,6 +48,7 @@ in openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; } else { From f71d104f8d152e8ead21757ec4997b92d5ba7e1c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:18 -0500 Subject: [PATCH 192/695] added twilight key to authorized keys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index b321cdd..7a8dc54 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -48,6 +48,7 @@ in openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; } else { From 0ddd754850fe7fa6f587ef50ad37296b1627da1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:27 -0500 Subject: [PATCH 193/695] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bb5fd6c..2528214 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ updating passwords: `sops secrets/secrets.yaml` - zfs email after scrubbing - headscale server - mastodon server -- tail scale clients \ No newline at end of file +- tail scale clients +- wake on LAN \ No newline at end of file From ce8293167922a6f69e50efa6ecdfc35dad231202 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:27 -0500 Subject: [PATCH 194/695] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bb5fd6c..2528214 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ updating passwords: `sops secrets/secrets.yaml` - zfs email after scrubbing - headscale server - mastodon server -- tail scale clients \ No newline at end of file +- tail scale clients +- wake on LAN \ No newline at end of file From 29ee94d7f7302adc80a93ba265a8733177056eeb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:06:04 -0500 Subject: [PATCH 195/695] removed comments --- hosts/horizon/configuration.nix | 3 --- hosts/horizon/hardware-configuration.nix | 6 ------ hosts/twilight/hardware-configuration.nix | 2 -- 3 files changed, 11 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3a27081..f1c3bee 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 96f2423..76b87df 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -66,13 +66,7 @@ ]; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 01f3ac6..ab24b97 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -110,8 +110,6 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; hostName = "twilight"; # Define your hostname. }; From 24296367bcbd0a899b6998ae00980dedc4a4a7f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:06:04 -0500 Subject: [PATCH 196/695] removed comments --- hosts/horizon/configuration.nix | 3 --- hosts/horizon/hardware-configuration.nix | 6 ------ hosts/twilight/hardware-configuration.nix | 2 -- 3 files changed, 11 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3a27081..f1c3bee 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 96f2423..76b87df 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -66,13 +66,7 @@ ]; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 01f3ac6..ab24b97 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -110,8 +110,6 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; hostName = "twilight"; # Define your hostname. }; From c2d9b77eefe5e4852718e9d093aa4e3c15897f6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:33 -0500 Subject: [PATCH 197/695] moved defiant server configuration to server folder --- enviroments/server/default.nix | 58 +++++++++++++++++++++- hosts/defiant/configuration.nix | 87 +-------------------------------- 2 files changed, 58 insertions(+), 87 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 861f142..d3e9d63 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,7 +1,63 @@ -{ pkgs, ... }: +{ config, ... }: { imports = [ ../common ]; + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; } \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9e4a1e6..d2b1348 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,14 +20,9 @@ efiInstallAsRemovable = true; }; - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ "leyla" ]; - nixpkgs.config.allowUnfree = true; - services = let - headscaleDomain = "headscale.jan-leila.com"; - in { + services = { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -50,87 +45,7 @@ # Get rid of xTerm excludePackages = [ pkgs.xterm ]; }; - - nfs.server = { - enable = true; - exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - }; - - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; - }; - }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - fileSystems = { - "/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; - }; - - "/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; - }; - - "/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - "/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 62fa9b60934e1e5bf7fa4440985012af2c546ec9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:33 -0500 Subject: [PATCH 198/695] moved defiant server configuration to server folder --- enviroments/server/default.nix | 58 +++++++++++++++++++++- hosts/defiant/configuration.nix | 87 +-------------------------------- 2 files changed, 58 insertions(+), 87 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 861f142..d3e9d63 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,7 +1,63 @@ -{ pkgs, ... }: +{ config, ... }: { imports = [ ../common ]; + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; } \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9e4a1e6..d2b1348 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,14 +20,9 @@ efiInstallAsRemovable = true; }; - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ "leyla" ]; - nixpkgs.config.allowUnfree = true; - services = let - headscaleDomain = "headscale.jan-leila.com"; - in { + services = { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -50,87 +45,7 @@ # Get rid of xTerm excludePackages = [ pkgs.xterm ]; }; - - nfs.server = { - enable = true; - exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - }; - - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; - }; - }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - fileSystems = { - "/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; - }; - - "/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; - }; - - "/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - "/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From f74787c63936d825109d9c14971515d9f73dd1fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:51 -0500 Subject: [PATCH 199/695] added nfs mount points for defiant to horizon --- hosts/horizon/hardware-configuration.nix | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 76b87df..cfd9c64 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -38,20 +38,48 @@ }; "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/legacy_leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/share_home" = + "/mnt/legacy_share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/docker_home" = + "/mnt/legacy_docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; From fc6438d1212608bf67401057412da4c7ac1bcdef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:51 -0500 Subject: [PATCH 200/695] added nfs mount points for defiant to horizon --- hosts/horizon/hardware-configuration.nix | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 76b87df..cfd9c64 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -38,20 +38,48 @@ }; "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/legacy_leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/share_home" = + "/mnt/legacy_share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/docker_home" = + "/mnt/legacy_docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; From b364fbb7b8edfa579f1407f7c5a4e6c5bb67d82d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:28 -0500 Subject: [PATCH 201/695] updated tasks in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2528214..c257613 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- stop nas from sleeping +- offline access for nfs mounts (overlay with rsync might be a good option here?) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From d443c83c4d52154c37dd1b150135c5b657e5883f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:28 -0500 Subject: [PATCH 202/695] updated tasks in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2528214..c257613 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- stop nas from sleeping +- offline access for nfs mounts (overlay with rsync might be a good option here?) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From 0cc454bcac81fc5b40fa5e124f7ff3ee454eeef3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:52 -0500 Subject: [PATCH 203/695] updated options for leyla home mount --- hosts/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index cfd9c64..c940fd7 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; }; "/mnt/eve_home" = From b0e4ab8f6dba7dbc925906732fa6cf47442dd8b9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:52 -0500 Subject: [PATCH 204/695] updated options for leyla home mount --- hosts/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index cfd9c64..c940fd7 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; }; "/mnt/eve_home" = From 8f6e6281d6d190584ba5f0d02853f0057e72bb85 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:24:56 -0500 Subject: [PATCH 205/695] added more options to leyla home mount --- hosts/horizon/hardware-configuration.nix | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index c940fd7..59a900d 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; "/mnt/eve_home" = @@ -65,26 +65,26 @@ options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/legacy_leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; }; services.cachefilesd.enable = true; From b7246000975b99c7ab0e67c3d8bdc219701a19f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:24:56 -0500 Subject: [PATCH 206/695] added more options to leyla home mount --- hosts/horizon/hardware-configuration.nix | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index c940fd7..59a900d 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; "/mnt/eve_home" = @@ -65,26 +65,26 @@ options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/legacy_leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; }; services.cachefilesd.enable = true; From ab27e5c3a3593dbca590ad5ad4811626fb7c0b2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:25:10 -0500 Subject: [PATCH 207/695] added note to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c257613..b8bed40 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- offline access for nfs mounts (overlay with rsync might be a good option here?) +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From f8300aa0333f07db30a5b4dd99458cbbb4b60f0d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:25:10 -0500 Subject: [PATCH 208/695] added note to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c257613..b8bed40 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- offline access for nfs mounts (overlay with rsync might be a good option here?) +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From 7090db82d38a94be6e2d262e139afef493247d1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:44:04 -0500 Subject: [PATCH 209/695] removed un needed note --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b8bed40..662941c 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ updating passwords: `sops secrets/secrets.yaml` > something about ssh keys for remotes # Notes: -- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From a4b356c1f0f1acaf4a0a7c31797abe0d1ca1fdc8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:46:13 -0500 Subject: [PATCH 210/695] updated readme.md --- README.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 662941c..06850ce 100644 --- a/README.md +++ b/README.md @@ -9,24 +9,16 @@ | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | - -### Rebuild current machine to match target host: -`sudo nixos-rebuild switch --flake .#hostname` - -### Rebuild current machine maintaining current target +### Rebuilding machines `./rebuild.sh` # New machine setup -keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` and will be copied over to new machines installed with ./`install.sh` updating passwords: `sops secrets/secrets.yaml` `./install.sh --target 192.168.1.130 --flake hostname` -> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU - -> something about ssh keys for remotes - # Notes: - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh From 34d9ec4f9d41c137f619ccddb85ff3228507baad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 20:21:39 -0500 Subject: [PATCH 211/695] updated flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f277b2..a424800 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1726842196, + "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1725948275, - "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", + "lastModified": 1726863345, + "narHash": "sha256-fjbKe1/UJpLT6tQLAKJ/djJFdnmAh2kkdsgmylyFrQA=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", + "rev": "dfe4d334b172071e7189d971ddecd3a7f811b48d", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1726623336, - "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "lastModified": 1726796602, + "narHash": "sha256-rYMcODISSljSETcqUUTMo++ZEa1CC6Xx6d3xuydishM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "rev": "91dea80194080f017c6edf84fd94e33f6c12aec3", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1726724509, + "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726755586, + "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", "type": "github" }, "original": { From 834165443a0d0cec246999d1b354f1478e91b6ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 20:22:30 -0500 Subject: [PATCH 212/695] added jellyfin to server config --- enviroments/server/default.nix | 49 ++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index d3e9d63..3bdc8c4 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,10 +1,32 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ ../common ]; + users.groups.jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + users.groups.jellyfin = { + members = ["jellyfin" "leyla"]; + }; + + users.users.jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + ]; + services = let + jellyfinDomain = "jellyfin.jan-leila.com"; headscaleDomain = "headscale.jan-leila.com"; in { nfs.server = { @@ -28,6 +50,15 @@ }; }; + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + openFirewall = false; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -40,6 +71,15 @@ proxyWebsockets = true; }; }; + ${jellyfinDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:8096"; + proxyWebsockets = true; + }; + }; }; }; }; @@ -59,5 +99,10 @@ networking.firewall.allowedTCPPorts = [ 2049 ]; - environment.systemPackages = [ config.services.headscale.package ]; + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; } \ No newline at end of file From 2213d099d0f4239a2c648ba10188427132114872 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 21:28:53 -0500 Subject: [PATCH 213/695] moved hardware configuration software options to hardware.nix --- README.md | 2 +- hosts/defiant/hardware-configuration.nix | 12 ++-- hosts/hardware-common.nix | 16 +++++ hosts/horizon/hardware-configuration.nix | 17 +++-- hosts/twilight/configuration.nix | 3 - hosts/twilight/hardware-configuration.nix | 88 ++++++++++++----------- users/leyla/default.nix | 3 - users/leyla/packages.nix | 6 +- 8 files changed, 85 insertions(+), 62 deletions(-) create mode 100644 hosts/hardware-common.nix diff --git a/README.md b/README.md index 06850ce..96a36ab 100644 --- a/README.md +++ b/README.md @@ -32,11 +32,11 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) +- server service system users should also be on local systems for file permission reasons ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 3ba63d0..60e940b 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -41,5 +42,8 @@ }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware = { + # TODO: hardware graphics + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } \ No newline at end of file diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix new file mode 100644 index 0000000..dea9450 --- /dev/null +++ b/hosts/hardware-common.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + options = { + hardware = { + piperMouse = { + enable = lib.mkEnableOption "host has a piper mouse"; + }; + viaKeyboard = { + enable = lib.mkEnableOption "host has a via keyboard"; + }; + openRGB = { + enable = lib.mkEnableOption "host has open rgb hardware"; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 59a900d..82e1bf7 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -23,9 +24,6 @@ }; }; - - hardware.graphics.enable = true; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; @@ -100,5 +98,10 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + + hardware = { + graphics.enable = true; + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 1352c8b..727f028 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,9 +14,6 @@ users = { leyla = { isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; hasGPU = true; }; ester.isFullUser = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ab24b97..0f77e81 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -31,43 +32,6 @@ displayManager.gdm.wayland = false; }; - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - }; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; @@ -114,6 +78,48 @@ }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware = { + piperMouse.enable = true; + viaKeyboard.enable = true; + openRGB.enable = true; + + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7a8dc54..42fd3ab 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -10,9 +10,6 @@ in options.users.leyla = { isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; - hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; - hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; - hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 223f568..756593a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -118,9 +118,9 @@ in noisetorch # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) + (lib.mkIf config.hardware.piperMouse.enable piper) + (lib.mkIf config.hardware.openRGB.enable openrgb) + (lib.mkIf config.hardware.viaKeyboard.enable via) ] ) ) From 5da0753b7c5ec4fac8de6744aeadf665e3840ed7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:04:01 -0500 Subject: [PATCH 214/695] reformated file --- pkgs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 9a81f3b..fbc54ee 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,4 @@ -pkgs: { +_: +{ } \ No newline at end of file From dcd5accea05a7228979d2d75f7366ce6f041bd32 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:26:18 -0500 Subject: [PATCH 215/695] ran linter --- enviroments/client/default.nix | 9 +-- enviroments/common/default.nix | 17 +++-- enviroments/server/default.nix | 76 ++++++++++++++------ flake.nix | 84 +++++++++++----------- hosts/defiant/configuration.nix | 27 +++---- hosts/defiant/disko-config.nix | 16 ++--- hosts/defiant/hardware-configuration.nix | 26 ++++--- hosts/hardware-common.nix | 5 +- hosts/horizon/configuration.nix | 23 +++--- hosts/horizon/hardware-configuration.nix | 85 +++++++++++------------ hosts/twilight/configuration.nix | 23 +++--- hosts/twilight/hardware-configuration.nix | 84 +++++++++++----------- overlays/intellij.nix | 5 +- overlays/vscodium.nix | 5 +- pkgs/default.nix | 6 +- templates/default.nix | 3 +- users/default.nix | 9 ++- users/ester/default.nix | 21 +++--- users/eve/default.nix | 21 +++--- users/leyla/default.nix | 23 +++--- users/leyla/home.nix | 34 ++++----- users/leyla/packages.nix | 74 +++++++++++--------- util/default.nix | 5 +- 23 files changed, 372 insertions(+), 309 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 555305f..86ff67b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,11 +1,9 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { imports = [ ../common ]; services = { - # Enable CUPS to print documents. printing.enable = true; @@ -21,7 +19,7 @@ }; # Get rid of xTerm - excludePackages = [ pkgs.xterm ]; + excludePackages = [pkgs.xterm]; # Configure keymap in X11 xkb = { @@ -44,7 +42,6 @@ }; }; - # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; @@ -57,4 +54,4 @@ gnomeExtensions.dash-to-dock ]; -} \ No newline at end of file +} diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 99f3e5a..96ad012 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,11 +1,10 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { imports = [ - ../../users + ../../users ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.trusted-users = [ "leyla" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.trusted-users = ["leyla"]; # Enable networking networking.networkmanager.enable = true; @@ -32,10 +31,10 @@ services = { openssh = { enable = true; - ports = [ 22 ]; + ports = [22]; settings = { PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + AllowUsers = ["leyla"]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; }; @@ -47,7 +46,7 @@ defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; - age ={ + age = { keyFile = "/var/lib/sops-nix/key.txt"; sshKeyPaths = []; # generateKey = true; @@ -68,4 +67,4 @@ iputils dnsutils ]; -} \ No newline at end of file +} diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3bdc8c4..8b32992 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,21 +1,40 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { imports = [ ../common ]; - users.groups.jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; - }; + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - users.groups.jellyfin = { - members = ["jellyfin" "leyla"]; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - users.users.jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; + }; + + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; + # }; + }; }; systemd.tmpfiles.rules = [ @@ -23,11 +42,14 @@ "d /home/jellyfin/media 775 jellyfin jellyfin_media -" "d /home/jellyfin/config 750 jellyfin jellyfin -" "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" ]; services = let jellyfinDomain = "jellyfin.jan-leila.com"; headscaleDomain = "headscale.jan-leila.com"; + # forgejoDomain = "forgejo.jan-leila.com"; in { nfs.server = { enable = true; @@ -59,6 +81,20 @@ openFirewall = false; }; + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -66,20 +102,20 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; + proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; ${jellyfinDomain} = { forceSSL = true; enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:8096"; - proxyWebsockets = true; - }; + locations."/".proxyPass = "http://localhost:8096"; }; + # ${forgejoDomain} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; }; }; }; @@ -97,7 +133,7 @@ hybrid-sleep.enable = false; }; - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [2049]; environment.systemPackages = [ config.services.headscale.package @@ -105,4 +141,4 @@ pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; -} \ No newline at end of file +} diff --git a/flake.nix b/flake.nix index 033e2c2..70992b0 100644 --- a/flake.nix +++ b/flake.nix @@ -23,53 +23,57 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: - let - forEachSystem = nixpkgs.lib.genAttrs [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - in - { - packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + outputs = { + self, + nixpkgs, + disko, + nixos-hardware, + ... + } @ inputs: let + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); + in { + packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = { - # Leyla Laptop - horizon = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/horizon/configuration.nix - inputs.home-manager.nixosModules.default - nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - }; - # Leyla Desktop - twilight = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/twilight/configuration.nix - inputs.home-manager.nixosModules.default - ]; - }; - # NAS Service - defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - disko.nixosModules.disko - ./hosts/defiant/disko-config.nix - ./hosts/defiant/configuration.nix - ]; - }; + nixosConfigurations = { + # Leyla Laptop + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel + ]; + }; + # Leyla Desktop + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix + ./hosts/defiant/configuration.nix + ]; }; }; + }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index d2b1348..42cf19f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,15 +1,18 @@ # server nas -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/server - ]; + ./hardware-configuration.nix + + ../../enviroments/server + ]; users.leyla.isThinUser = true; @@ -27,7 +30,7 @@ autoScrub.enable = true; autoSnapshot.enable = true; }; - + # temp enable desktop enviroment for setup # Enable the X11 windowing system. xserver = { @@ -43,7 +46,7 @@ }; # Get rid of xTerm - excludePackages = [ pkgs.xterm ]; + excludePackages = [pkgs.xterm]; }; }; @@ -54,4 +57,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? -} \ No newline at end of file +} diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 653f29f..a913aeb 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -1,11 +1,10 @@ -{ lib, ... }: -let +{lib, ...}: let bootDisk = devicePath: { type = "disk"; device = devicePath; content = { type = "gpt"; - + partitions = { boot = { size = "1M"; @@ -86,11 +85,13 @@ in { # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? mode = "mirror"; members = [ - "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + "hd_13_tb_a" + "hd_13_tb_b" + "hd_13_tb_c" ]; } ]; - cache = [ ]; + cache = []; # cache = [ "ssd_2_tb_a" ]; }; }; @@ -98,7 +99,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -111,7 +112,7 @@ in { mountpoint = "/"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - + datasets = { "nix" = { type = "zfs_fs"; @@ -133,4 +134,3 @@ in { }; }; } - diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 60e940b..219b6a5 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,15 +15,15 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - - supportedFilesystems = [ "zfs" ]; + kernelModules = ["kvm-amd"]; + extraModulePackages = []; - zfs.extraPools = [ "zroot" ]; + supportedFilesystems = ["zfs"]; + + zfs.extraPools = ["zroot"]; }; # fileSystems."/" = @@ -27,7 +31,7 @@ # fsType = "ext4"; # }; - swapDevices = [ ]; + swapDevices = []; networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -46,4 +50,4 @@ # TODO: hardware graphics cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; -} \ No newline at end of file +} diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix index dea9450..920d609 100644 --- a/hosts/hardware-common.nix +++ b/hosts/hardware-common.nix @@ -1,5 +1,4 @@ -{ lib, ... }: -{ +{lib, ...}: { options = { hardware = { piperMouse = { @@ -13,4 +12,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index f1c3bee..1bd5bfc 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,15 +1,18 @@ # leyla laptop -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/client - ]; + ./hardware-configuration.nix + + ../../enviroments/client + ]; users = { leyla.isFullUser = true; @@ -25,7 +28,7 @@ setSocketVariable = true; }; }; - users.extraGroups.docker.members = [ "leyla" ]; + users.extraGroups.docker.members = ["leyla"]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 82e1bf7..1e203f3 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,12 +15,12 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-intel" "sg" ]; - extraModulePackages = [ ]; - + kernelModules = ["kvm-intel" "sg"]; + extraModulePackages = []; + # Bootloader. loader = { systemd-boot.enable = true; @@ -25,43 +29,39 @@ }; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + "/" = { + device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - "/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = { + device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; - "/mnt/leyla_home" = - { - device = "defiant:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/leyla_home" = { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/eve_home" = - { - device = "defiant:/home/eve"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/eve_home" = { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/ester_home" = - { - device = "defiant:/home/ester"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/ester_home" = { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/users_home" = - { - device = "defiant:/home/users"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/users_home" = { + device = "defiant:/home/users"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; # "/mnt/legacy_leyla_home" = # { @@ -87,9 +87,9 @@ services.cachefilesd.enable = true; - swapDevices = - [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} + ]; networking = { useDHCP = lib.mkDefault true; @@ -99,7 +99,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware = { graphics.enable = true; cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 727f028..991ecbc 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,15 +1,18 @@ # leyla laptop -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/client - ]; + ./hardware-configuration.nix + + ../../enviroments/client + ]; users = { leyla = { @@ -19,7 +22,7 @@ ester.isFullUser = true; eve.isFullUser = true; }; - + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 0f77e81..b2f11ee 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,11 +15,11 @@ boot = { initrd = { - availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" "sg" ]; - extraModulePackages = [ ]; + kernelModules = ["kvm-amd" "sg"]; + extraModulePackages = []; # Bootloader. loader = { @@ -33,40 +37,37 @@ }; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + "/" = { + device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; - "/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - "/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/boot" = { + device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - "/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/leyla_home" = { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + "/mnt/share_home" = { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; + + "/mnt/docker_home" = { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + }; }; - swapDevices = [ ]; + swapDevices = []; networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -86,7 +87,7 @@ # Enable OpenGL graphics.enable = true; - + # install graphics drivers nvidia = { # Modesetting is required. @@ -94,7 +95,7 @@ # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -104,15 +105,15 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ # Currently alpha-quality/buggy, so false is currently the recommended setting. open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. @@ -122,4 +123,3 @@ cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } - diff --git a/overlays/intellij.nix b/overlays/intellij.nix index d83bd15..c907588 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,5 +1,4 @@ -_: -{ +_: { # nixpkgs.overlays = [ # (self: super: { # # idea is too out of date for android gradle things @@ -16,4 +15,4 @@ _: # }; # }) # ]; -} \ No newline at end of file +} diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 618af19..7c5f863 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,5 +1,4 @@ -_: -{ +_: { # nixpkgs.overlays = [ # (self: super: { # # ui is broken on 1.84 @@ -12,4 +11,4 @@ _: # }); # }) # ]; -} \ No newline at end of file +} diff --git a/pkgs/default.nix b/pkgs/default.nix index fbc54ee..87a13d7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,2 @@ -_: -{ - -} \ No newline at end of file +_: { +} diff --git a/templates/default.nix b/templates/default.nix index f9d63b0..eed7124 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -1,2 +1 @@ -_: -{} \ No newline at end of file +_: {} diff --git a/users/default.nix b/users/default.nix index 57effe3..4c0b5d7 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,7 @@ -{ inputs, ... }: -{ - imports = [ ./leyla ./ester ./eve ]; +{inputs, ...}: { + imports = [./leyla ./ester ./eve]; users.mutableUsers = false; - home-manager.extraSpecialArgs = { inherit inputs; }; -} \ No newline at end of file + home-manager.extraSpecialArgs = {inherit inputs;}; +} diff --git a/users/ester/default.nix b/users/ester/default.nix index 156716f..a16b69b 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,8 +1,11 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.ester; -in { + lib, + config, + pkgs, + ... +}: let + cfg = config.users.ester; +in { options.users.ester = { isFullUser = lib.mkEnableOption "ester"; }; @@ -25,9 +28,10 @@ in } ( - if cfg.isFullUser then { + if cfg.isFullUser + then { isNormalUser = true; - extraGroups = [ "networkmanager" "users" ]; + extraGroups = ["networkmanager" "users"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; @@ -36,10 +40,11 @@ in bitwarden discord ]; - } else { + } + else { isSystemUser = true; } ) ]; }; -} \ No newline at end of file +} diff --git a/users/eve/default.nix b/users/eve/default.nix index 4ed06a8..8ad6b61 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,8 +1,11 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.eve; -in { + lib, + config, + pkgs, + ... +}: let + cfg = config.users.eve; +in { options.users.eve = { isFullUser = lib.mkEnableOption "eve"; }; @@ -25,9 +28,10 @@ in } ( - if cfg.isFullUser then { + if cfg.isFullUser + then { isNormalUser = true; - extraGroups = [ "networkmanager" "users" ]; + extraGroups = ["networkmanager" "users"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; @@ -38,10 +42,11 @@ in makemkv signal-desktop ]; - } else { + } + else { isSystemUser = true; } ) ]; }; -} \ No newline at end of file +} diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 42fd3ab..9454c2d 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,9 +1,12 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.leyla; -in { - imports =[ + lib, + config, + pkgs, + ... +}: let + cfg = config.users.leyla; +in { + imports = [ ./packages.nix ]; @@ -31,12 +34,13 @@ in } ( - if (cfg.isFullUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) + then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "users"] ( - lib.mkIf (!cfg.isThinUser) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) ["adbusers"] ) ]; @@ -48,7 +52,8 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; - } else { + } + else { isSystemUser = true; } ) @@ -66,4 +71,4 @@ in home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; -} \ No newline at end of file +} diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 40a6926..fdca257 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { # Home Manager needs a bit of information about you and the paths it should # manage. home = { @@ -73,11 +75,11 @@ }; programs = { - # Let Home Manager install and manage itself. + # Let Home Manager install and manage itself. home-manager.enable = true; git = { enable = true; - userName = "Leyla Becker"; + userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; @@ -89,18 +91,18 @@ "org/gnome/desktop/interface".color-scheme = "prefer-dark"; "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 756593a..e206d22 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,8 +1,12 @@ -{ lib, config, pkgs, inputs, ... }: -let - cfg = config.users.leyla; -in { + lib, + config, + pkgs, + inputs, + ... +}: let + cfg = config.users.leyla; +in { imports = [ ../../overlays/intellij.nix ../../overlays/vscodium.nix @@ -70,41 +74,43 @@ in obsidian steam (lib.mkIf cfg.hasGPU davinci-resolve) - + # development tools (vscode-with-extensions.override { vscode = vscodium; - vscodeExtensions = with open-vsx; [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + vscodeExtensions = with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # misc extensions - bungcip.better-toml - ] ++ (with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + ] + ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }) androidStudioPackages.canary jetbrains.idea-community @@ -126,4 +132,4 @@ in ) ] ); -} \ No newline at end of file +} diff --git a/util/default.nix b/util/default.nix index a4fab1e..acd1997 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,7 @@ -_: -{ +_: { # mkUnless = condition: then: (mkIf (!condition) then); # mkIfElse = condition: then: else: lib.mkMerge [ # (mkIf condition then) # (mkUnless condition else) # ]; -} \ No newline at end of file +} From c236668389ff2a0eb8af24209846990f812ddf1c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:27:52 -0500 Subject: [PATCH 216/695] added linting command to readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 96a36ab..b0458e1 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,11 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -# Updating +# Tooling +## Lint +`nix run git+https://github.com/kamadorueda/alejandra -- .` + +## Updating `nix flake update` # Tasks: From 52ae2ef47dd78ddb8ee1c559d2208f51a992172f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:12:58 -0500 Subject: [PATCH 217/695] added pre and post commit hooks to run linting --- hooks/post-commit | 3 +++ hooks/pre-commit | 11 +++++++++++ lint.sh | 3 +++ 3 files changed, 17 insertions(+) create mode 100755 hooks/post-commit create mode 100755 hooks/pre-commit create mode 100755 lint.sh diff --git a/hooks/post-commit b/hooks/post-commit new file mode 100755 index 0000000..7803850 --- /dev/null +++ b/hooks/post-commit @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +git stash pop -q diff --git a/hooks/pre-commit b/hooks/pre-commit new file mode 100755 index 0000000..5721472 --- /dev/null +++ b/hooks/pre-commit @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +git stash -q --keep-index + +./lint.sh + +RESULT=$? + +git add -u + +exit $RESULT \ No newline at end of file diff --git a/lint.sh b/lint.sh new file mode 100755 index 0000000..3fc29e9 --- /dev/null +++ b/lint.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +nix run git+https://github.com/kamadorueda/alejandra -- -q . From 7e4817db1c4189422afe873b576989e3d484f691 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:15:09 -0500 Subject: [PATCH 218/695] updated readme.md --- README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b0458e1..4bed40f 100644 --- a/README.md +++ b/README.md @@ -9,28 +9,29 @@ | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | -### Rebuilding machines +# Tooling +## Lint +`./lint.sh` + +## Rebuilding `./rebuild.sh` -# New machine setup -keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` and will be copied over to new machines installed with ./`install.sh` - -updating passwords: `sops secrets/secrets.yaml` +## Updating +`nix flake update` +## New host setup `./install.sh --target 192.168.1.130 --flake hostname` # Notes: + +## Research topics - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -# Tooling -## Lint -`nix run git+https://github.com/kamadorueda/alejandra -- .` - -## Updating -`nix flake update` +## Configuration +updating passwords: `sops secrets/secrets.yaml` # Tasks: From 6e527026b6ff45ffd5e2c17bbabdea1e0f733a60 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:17:54 -0500 Subject: [PATCH 219/695] added config note to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4bed40f..a33eb2c 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ ## Configuration updating passwords: `sops secrets/secrets.yaml` +set up git pre-commit and post commit hooks: `git config core.hooksPath hooks` # Tasks: From a21606e51edfbf28904aa400497143e07ebc4f79 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:20:17 -0500 Subject: [PATCH 220/695] updated git config note in README.md --- .gitconfig | 2 ++ README.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 .gitconfig diff --git a/.gitconfig b/.gitconfig new file mode 100644 index 0000000..1c8d4a7 --- /dev/null +++ b/.gitconfig @@ -0,0 +1,2 @@ +[core] + hooksPath = .githooks diff --git a/README.md b/README.md index a33eb2c..07276ed 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ ## Configuration updating passwords: `sops secrets/secrets.yaml` -set up git pre-commit and post commit hooks: `git config core.hooksPath hooks` +set up git configuration for local development: `git config --local include.path .gitconfig` # Tasks: From 630eb55f09d5c139be4c36bb8f6816a597e3dc6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:24:03 -0500 Subject: [PATCH 221/695] removed resolved task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 07276ed..d6830d5 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) From a0e047db97bb456c5b983b1e2e94644ae2a92860 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:24:54 -0500 Subject: [PATCH 222/695] updated hooks folder location --- .gitconfig | 2 +- {hooks => .hooks}/post-commit | 0 {hooks => .hooks}/pre-commit | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename {hooks => .hooks}/post-commit (100%) rename {hooks => .hooks}/pre-commit (100%) diff --git a/.gitconfig b/.gitconfig index 1c8d4a7..78d2a4a 100644 --- a/.gitconfig +++ b/.gitconfig @@ -1,2 +1,2 @@ [core] - hooksPath = .githooks + hooksPath = .hooks diff --git a/hooks/post-commit b/.hooks/post-commit similarity index 100% rename from hooks/post-commit rename to .hooks/post-commit diff --git a/hooks/pre-commit b/.hooks/pre-commit similarity index 100% rename from hooks/pre-commit rename to .hooks/pre-commit From e3990cb6d2991a68c767dc2f2ff6bfa25c1269fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:52:44 -0500 Subject: [PATCH 223/695] made services in defiant configurable --- README.md | 2 - enviroments/server/default.nix | 271 ++++++++++++++++++-------------- hosts/defiant/configuration.nix | 4 + 3 files changed, 157 insertions(+), 120 deletions(-) diff --git a/README.md b/README.md index d6830d5..bb41e97 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- move services from defiant into own flake -- made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons ## New Features diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 8b32992..f7f7e25 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,4 +1,5 @@ { + lib, config, pkgs, ... @@ -7,138 +8,172 @@ ../common ]; - users = { - groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; + options = { + domains = { + base_domain = lib.mkOption { type = lib.types.str; }; + headscale = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; }; - jellyfin = { - members = ["jellyfin" "leyla"]; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that jellyfin will be hosted at"; + default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that foregjo will be hosted at"; + default = "forgejo"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that forgejo will be hosted at"; + default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" - ]; + config = { + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - services = let - jellyfinDomain = "jellyfin.jan-leila.com"; - headscaleDomain = "headscale.jan-leila.com"; - # forgejoDomain = "forgejo.jan-leila.com"; - in { - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; }; - }; - jellyfin = { - enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache - openFirewall = false; - }; - - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; }; - ${jellyfinDomain} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; - }; - # ${forgejoDomain} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; # }; }; }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" + ]; + + services = { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + dns_config.base_domain = config.domains.base_domain; + logtail.enabled = false; + }; + }; + + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + }; + + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${config.domains.headscale.hostname} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + ${config.domains.jellyfin.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:8096"; + }; + # ${config.domains.forgejo.hostname} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [2049]; + + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - networking.firewall.allowedTCPPorts = [2049]; - - environment.systemPackages = [ - config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 42cf19f..1fd09eb 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,6 +25,10 @@ nixpkgs.config.allowUnfree = true; + domains = { + base_domain = "jan-leila.com"; + }; + services = { zfs = { autoScrub.enable = true; From 9c05ba0593392291512d67b3ef0e333f22467934 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 15:09:03 -0500 Subject: [PATCH 224/695] fixed headscale server url --- enviroments/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f7f7e25..0988c4d 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -101,7 +101,7 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + server_url = "http://${config.domains.headscale.subdomain}.${config.domains.base_domain}"; dns_config.base_domain = config.domains.base_domain; logtail.enabled = false; }; From 949726e8510e4caa0e6660c01a53e6d02ba95705 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 15:09:17 -0500 Subject: [PATCH 225/695] created postgresql service --- enviroments/server/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 0988c4d..503c37a 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -96,6 +96,22 @@ ''; }; + postgresql = { + enable = true; + ensureDatabases = [ "forgejo" ]; + identMap = '' + # ArbitraryMapName systemUser DBUser + superuser_map root postgres + superuser_map postgres postgres + superuser_map forgejo forgejo + ''; + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser auth-method optional_ident_map + local sameuser all peer map=superuser_map + ''; + }; + headscale = { enable = true; address = "0.0.0.0"; From ef9e1d7e6ac5bfe9463e3c5b5bc1fe936383219a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 16:44:22 -0500 Subject: [PATCH 226/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bb41e97..1ef5e50 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ set up git configuration for local development: `git config --local include.path - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons +- join config for systemd.tmpfiles.rules and service directory bindings ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) From 7b4639b78c677659745f6649de7da8f8c69761f4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 16:57:08 -0500 Subject: [PATCH 227/695] finished forgejo configuration --- enviroments/server/default.nix | 69 ++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 503c37a..20acb89 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,17 +48,20 @@ config = { users = { groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - jellyfin = { + gid = 2000; members = ["jellyfin" "leyla"]; }; - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; + jellyfin_media = { + gid = 2001; + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + forgejo = { + uid = 2002; + members = ["forgejo" "leyla"]; + }; }; users = { @@ -68,11 +71,11 @@ isSystemUser = true; }; - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; + forgejo = { + uid = 2002; + group = "forgejo"; + isSystemUser = true; + }; }; }; @@ -81,8 +84,8 @@ "d /home/jellyfin/media 775 jellyfin jellyfin_media -" "d /home/jellyfin/config 750 jellyfin jellyfin -" "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" + "d /home/forgejo 750 forgejo forgejo -" + "d /home/forgejo/data 750 forgejo forgejo -" ]; services = { @@ -131,19 +134,19 @@ cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache }; - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; + forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.domains.forgejo.hostname; + HTTP_PORT = 8081; + }; + service.DISABLE_REGISTRATION = true; + }; + stateDir = "/home/forgejo/data"; + }; nginx = { enable = false; # TODO: enable this when you want to test all the configs @@ -161,11 +164,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:8096"; }; - # ${config.domains.forgejo.hostname} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - # }; + ${config.domains.forgejo.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + }; }; }; }; @@ -183,7 +186,7 @@ hybrid-sleep.enable = false; }; - networking.firewall.allowedTCPPorts = [2049]; + networking.firewall.allowedTCPPorts = [2049 8081]; environment.systemPackages = [ config.services.headscale.package From 8a38515694b493a038f80b62ecfeca7a02ef1b39 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:19:20 -0500 Subject: [PATCH 228/695] set subdomains for defiant --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1fd09eb..05c590e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -27,6 +27,9 @@ domains = { base_domain = "jan-leila.com"; + headscale.subdomain = "vpn"; + jellyfin.subdomain = "media"; + forgejo.subdomain = "git"; }; services = { From a566e56a94abc6e30a6ba99a3d16c34a0792358d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:21:29 -0500 Subject: [PATCH 229/695] ran linter --- enviroments/server/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 20acb89..5570207 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -10,7 +10,9 @@ options = { domains = { - base_domain = lib.mkOption { type = lib.types.str; }; + base_domain = lib.mkOption { + type = lib.types.str; + }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -101,7 +103,7 @@ postgresql = { enable = true; - ensureDatabases = [ "forgejo" ]; + ensureDatabases = ["forgejo"]; identMap = '' # ArbitraryMapName systemUser DBUser superuser_map root postgres From 521d3193999e75fe7a25f393e5f8f28fb35216c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:52:10 -0500 Subject: [PATCH 230/695] added research note to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1ef5e50..8222653 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ +- Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html ## Configuration updating passwords: `sops secrets/secrets.yaml` From 7c7468cf20f2c6a08d4fc8b5af6f7be46361cb7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 18:50:04 -0500 Subject: [PATCH 231/695] drafted out pihole config --- enviroments/server/default.nix | 90 +++++++++++++++++++++++++++------- 1 file changed, 73 insertions(+), 17 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 5570207..defb37b 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -61,9 +61,14 @@ }; forgejo = { - uid = 2002; + gid = 2002; members = ["forgejo" "leyla"]; }; + + # pihole = { + # gid = 2003; + # members = ["pihole" "leyla"]; + # }; }; users = { @@ -78,17 +83,76 @@ group = "forgejo"; isSystemUser = true; }; + + # pihole = { + # uid = 2003; + # group = "forgejo"; + # isSystemUser = true; + # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" - ]; + # virtualisation.oci-containers.containers.pihole = { + # image = "pihole/pihole:latest"; + # environment = { + # TZ = "America/Chicago"; # TODO: set this to the systems timezone + # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) + # }; + # volumes = [ + # "/home/docker/pihole:/etc/pihole:rw" # TODO; set this based on configs + # ]; + # ports = [ + # "53:53/tcp" + # "53:53/udp" + # "3000:80/tcp" # TODO: bind container ip address? + # ]; + # log-driver = "journald"; + # extraOptions = [ + # "--ip=172.18.1.5" # TODO: set this to some ip address from configs + # "--network-alias=pihole" # TODO: set this from configs + # "--network=nas_default" + # ]; + # }; + + systemd = { + tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + "d /home/forgejo 750 forgejo forgejo -" + "d /home/forgejo/data 750 forgejo forgejo -" + # "d /home/forgejo 750 pihole pihole -" + ]; + + # services = { + # pihole = { + # serviceConfig = { + # Restart = lib.mkOverride 500 "always"; + # }; + # after = [ + # "podman-network-nas_default.service" + # ]; + # requires = [ + # "podman-network-nas_default.service" + # ]; + # partOf = [ + # "podman-compose-nas-root.target" + # ]; + # wantedBy = [ + # "podman-compose-nas-root.target" + # ]; + # }; + # }; + + # disable computer sleeping + targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + }; services = { nfs.server = { @@ -180,14 +244,6 @@ defaults.email = "jan-leila@protonmail.com"; }; - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - networking.firewall.allowedTCPPorts = [2049 8081]; environment.systemPackages = [ From d7627a21c217e49c40e34cf1ea35b90894818c2f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 21:43:19 -0500 Subject: [PATCH 232/695] added bond network to defiant --- hosts/defiant/hardware-configuration.nix | 52 ++++++++++++++++++++---- 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 219b6a5..3d9a46c 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -34,15 +34,53 @@ swapDevices = []; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. + useNetworkd = true; + }; + + systemd.network = { + enable = true; + + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + }; + + networks = { + "30-enp4s0" = { + matchConfig.Name = "enp4s0"; + networkConfig.Bond = "bond0"; + DHCP = "ipv4"; + }; + "30-enp5s0" = { + matchConfig.Name = "enp5s0"; + networkConfig.Bond = "bond0"; + DHCP = "ipv4"; + }; + + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "carrier"; + }; + networkConfig.LinkLocalAddressing = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.1.10/24" + # TODO: ipv6 address configuration + ]; + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From edbf13b19ec4c31d7afa6ca17c40259b65072347 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 21:57:38 -0500 Subject: [PATCH 233/695] removed outdated unneeded comment --- hosts/defiant/hardware-configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 3d9a46c..709430e 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -26,11 +26,6 @@ zfs.extraPools = ["zroot"]; }; - # fileSystems."/" = - # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - # fsType = "ext4"; - # }; - swapDevices = []; networking = { From 10941b1e454ded43ac6cb3ec58977d85918d8b84 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 22:07:09 -0500 Subject: [PATCH 234/695] updated tasks in README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8222653..6387080 100644 --- a/README.md +++ b/README.md @@ -46,8 +46,11 @@ set up git configuration for local development: `git config --local include.path - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- Docker parity with existing NAS on defiant -- NFS on defiant +- home assistant virtual machine +- pi hole docker +- searxng docker +- nextcloud ??? +- samba mounts - firefox declarative??? - figure out steam vr things? - Open GL? From b9226b4b15d09b5f3e3b10aacac4eb48913977f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:21:35 -0500 Subject: [PATCH 235/695] ran linter --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 709430e..4b58353 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -33,7 +33,7 @@ hostName = "defiant"; # Define your hostname. useNetworkd = true; }; - + systemd.network = { enable = true; From 454f002883d00f63be8af9811f55e16fc4b2265d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:21:52 -0500 Subject: [PATCH 236/695] added to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6387080..9ab1f70 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ set up git configuration for local development: `git config --local include.path ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- fix pre commit hook - Flake templates - home assistant virtual machine - pi hole docker From 5c94b8f21ad261360038217c0803a51d21cdc7ba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:26:27 -0500 Subject: [PATCH 237/695] added automatic weekly garbage collects --- enviroments/common/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 96ad012..2152820 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -3,8 +3,13 @@ ../../users ]; - nix.settings.experimental-features = ["nix-command" "flakes"]; - nix.settings.trusted-users = ["leyla"]; + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["leyla"]; + }; + gc.automatic = true; + }; # Enable networking networking.networkmanager.enable = true; From e81cb84c21484aa7805f3c4b575223baf7b6cf98 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:28:24 -0500 Subject: [PATCH 238/695] updated task list --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9ab1f70..dad07c2 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ set up git configuration for local development: `git config --local include.path - Open GL? - util functions - openssh known hosts -- limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing - headscale server From 94ac2d581d41f8140219dc06a6c2523418f462bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:48:15 -0500 Subject: [PATCH 239/695] added note to task on README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dad07c2..2fa1c05 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ set up git configuration for local development: `git config --local include.path - server service system users should also be on local systems for file permission reasons - join config for systemd.tmpfiles.rules and service directory bindings ## New Features -- GNOME default monitors per hardware configuration? +- GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates From 54ecd6d24b9a9c161663d772d6c330dcedc0de81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:46:27 -0500 Subject: [PATCH 240/695] moved user configuration to common --- enviroments/common/default.nix | 77 +++++++++++++++++++++++++++++++++- enviroments/server/default.nix | 44 ------------------- users/ester/default.nix | 42 +++++++------------ users/eve/default.nix | 46 ++++++++------------ users/leyla/default.nix | 52 ++++++++++------------- 5 files changed, 131 insertions(+), 130 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 2152820..643240a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,7 +31,82 @@ LC_TIME = "en_US.UTF-8"; }; - users.groups.users = {}; + users = { + users = { + leyla = { + uid = 1000; + description = "Leyla"; + group = "leyla"; + }; + + ester = { + uid = 1001; + description = "Ester"; + group = "ester"; + }; + + eve = { + uid = 1002; + description = "Eve"; + group = "eve"; + }; + + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + forgejo = { + uid = 2002; + group = "forgejo"; + isSystemUser = true; + }; + + # pihole = { + # uid = 2003; + # group = "forgejo"; + # isSystemUser = true; + # }; + }; + + groups = { + leyla = { + gid = 1000; + members = ["lelya"]; + }; + + ester = { + gid = 1001; + members = ["ester"]; + }; + + eve = { + gid = 1002; + members = ["eve"]; + }; + + jellyfin = { + gid = 2000; + members = ["jellyfin" "leyla"]; + }; + + jellyfin_media = { + gid = 2001; + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + forgejo = { + gid = 2002; + members = ["forgejo" "leyla"]; + }; + + # pihole = { + # gid = 2003; + # members = ["pihole" "leyla"]; + # }; + }; + }; services = { openssh = { diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index defb37b..3b567eb 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,50 +48,6 @@ }; config = { - users = { - groups = { - jellyfin = { - gid = 2000; - members = ["jellyfin" "leyla"]; - }; - - jellyfin_media = { - gid = 2001; - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - - forgejo = { - gid = 2002; - members = ["forgejo" "leyla"]; - }; - - # pihole = { - # gid = 2003; - # members = ["pihole" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; - }; - - forgejo = { - uid = 2002; - group = "forgejo"; - isSystemUser = true; - }; - - # pihole = { - # uid = 2003; - # group = "forgejo"; - # isSystemUser = true; - # }; - }; - }; - # virtualisation.oci-containers.containers.pihole = { # image = "pihole/pihole:latest"; # environment = { diff --git a/users/ester/default.nix b/users/ester/default.nix index a16b69b..e3ddc15 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -18,33 +18,23 @@ in { }; }; - users.groups.ester = {}; + users.users.ester = ( + if cfg.isFullUser + then { + isNormalUser = true; + extraGroups = ["networkmanager" "users"]; - users.users.ester = lib.mkMerge [ - { - uid = 1001; - description = "Ester"; - group = "ester"; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; } - - ( - if cfg.isFullUser - then { - isNormalUser = true; - extraGroups = ["networkmanager" "users"]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - } - else { - isSystemUser = true; - } - ) - ]; + else { + isSystemUser = true; + } + ); }; } diff --git a/users/eve/default.nix b/users/eve/default.nix index 8ad6b61..32693c1 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -18,35 +18,25 @@ in { }; }; - users.groups.eve = {}; + users.users.eve = ( + if cfg.isFullUser + then { + isNormalUser = true; + extraGroups = ["networkmanager" "users"]; - users.users.eve = lib.mkMerge [ - { - uid = 1002; - description = "Eve"; - group = "eve"; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; } - - ( - if cfg.isFullUser - then { - isNormalUser = true; - extraGroups = ["networkmanager" "users"]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - } - else { - isSystemUser = true; - } - ) - ]; + else { + isSystemUser = true; + } + ); }; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 9454c2d..1934bd2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -24,40 +24,30 @@ in { }; }; - users.groups.leyla = {}; + users.users.leyla = ( + if (cfg.isFullUser || cfg.isThinUser) + then { + isNormalUser = true; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "users"] + ( + lib.mkIf (!cfg.isThinUser) ["adbusers"] + ) + ]; - users.users.leyla = lib.mkMerge [ - { - uid = 1000; - description = "Leyla"; - group = "leyla"; - } + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - ( - if (cfg.isFullUser || cfg.isThinUser) - then { - isNormalUser = true; - extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "users"] - ( - lib.mkIf (!cfg.isThinUser) ["adbusers"] - ) + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - }; - } - else { - isSystemUser = true; - } - ) - ]; + }; + } + else { + isSystemUser = true; + } + ); # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ From 79a9d08b12af1a870a1cea64fb3c8c79b70d3d4b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:47:00 -0500 Subject: [PATCH 241/695] removed completed tech debt task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2fa1c05..b0f0206 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) -- server service system users should also be on local systems for file permission reasons - join config for systemd.tmpfiles.rules and service directory bindings ## New Features - GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 From 6a558120b9a0867608212835f783a0ce20a6cfc8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:47:24 -0500 Subject: [PATCH 242/695] added notes to task in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b0f0206..ad9853a 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ set up git configuration for local development: `git config --local include.path - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- headscale server +- headscale server (just needs to be tested) - mastodon server - tail scale clients - wake on LAN \ No newline at end of file From c993929049ced998ecc24ec02e95c766fcca0bb7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:53:50 -0500 Subject: [PATCH 243/695] set monitor configuration pre login --- hosts/twilight/configuration.nix | 198 +++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 991ecbc..c2951f3 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -23,6 +23,204 @@ eve.isFullUser = true; }; + systemd.tmpfiles.rules = [ + "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' + + + + 0 + 156 + 1 + + + DP-4 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 2560 + 324 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 0 + 1 + + left + no + + + + HDMI-0 + HWP + HP w2207 + CND7332S88 + + + 1600 + 1000 + 59.999 + + + + + + + 0 + 0 + 1 + yes + + + DP-1 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 4480 + 226 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 2560 + 226 + 1 + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + + + 2560 + 228 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 69 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 0 + 0 + 1 + + + DP-3 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + + None-1 + unknown + unknown + unknown + + + + + ''}" + ]; + # enabled virtualisation for docker # virtualisation.docker.enable = true; From a11dbffdb39f9e0f3f249e407665fc84ebffaac0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:54:27 -0500 Subject: [PATCH 244/695] disabled pressure showing dash to dock --- users/leyla/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index fdca257..118d0cc 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -108,7 +108,7 @@ "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; "show-trash" = false; - "require-pressure-to-show" = true; + "require-pressure-to-show" = false; "show-mounts" = false; }; From c11e94626ac9d629483d3a2b6148ddc325d3cc25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:57:39 -0500 Subject: [PATCH 245/695] added tech debt task to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ad9853a..1336f55 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ set up git configuration for local development: `git config --local include.path - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings +- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` ## New Features -- GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates From 822cdc65bb1caa95ccc1f06800ca1024ee5ab0af Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 11:28:35 -0500 Subject: [PATCH 246/695] added task to new features in README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1336f55..471605e 100644 --- a/README.md +++ b/README.md @@ -61,4 +61,5 @@ set up git configuration for local development: `git config --local include.path - headscale server (just needs to be tested) - mastodon server - tail scale clients -- wake on LAN \ No newline at end of file +- wake on LAN +- ISO target that contains authorized keys for nixos-anywhere \ No newline at end of file From d11a24f33763bca6fefe734fe46a0fde5ca5b54f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 11:31:59 -0500 Subject: [PATCH 247/695] fixed folder name for pihole --- enviroments/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3b567eb..ac834a8 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -78,7 +78,7 @@ "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" - # "d /home/forgejo 750 pihole pihole -" + # "d /home/pihole 750 pihole pihole -" ]; # services = { From 8f36a609db86174579e83cadb71b55425b3bb634 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 13:05:25 -0500 Subject: [PATCH 248/695] moved allow unfree into user files --- README.md | 1 - hosts/defiant/configuration.nix | 2 -- hosts/horizon/configuration.nix | 3 --- hosts/twilight/configuration.nix | 3 --- users/ester/default.nix | 2 ++ users/eve/default.nix | 2 ++ users/leyla/default.nix | 3 ++- 7 files changed, 6 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 471605e..829bd2d 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ set up git configuration for local development: `git config --local include.path # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05c590e..ec5cf1d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,8 +23,6 @@ efiInstallAsRemovable = true; }; - nixpkgs.config.allowUnfree = true; - domains = { base_domain = "jan-leila.com"; headscale.subdomain = "vpn"; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 1bd5bfc..c83fcc6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2951f3..6441e2a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -227,9 +227,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/users/ester/default.nix b/users/ester/default.nix index e3ddc15..c4a18fb 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; diff --git a/users/eve/default.nix b/users/eve/default.nix index 32693c1..b674331 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 1934bd2..cd4332e 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, ... }: let cfg = config.users.leyla; @@ -17,6 +16,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; From 1e0218d928f74c438d9d6c016802d012cec2b7e1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 13:30:23 -0500 Subject: [PATCH 249/695] updated rebuild script to auto delete result --- rebuild.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index b37be13..9988b7b 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash +if [ -d "result" ]; +then + preserve_result=true +else + preserve_result=false +fi + while [ $# -gt 0 ]; do case "$1" in --target*|-t*) @@ -18,12 +25,20 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; + --preserve-result) + preserve_result=true + ;; + --no-preserve-result) + preserve_result=false + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: set the target system to rebuild on" echo "--flake -f: set the flake to rebuild on the target system" echo "--mode -m: set the mode to rebuild flake as on the target system" echo "--user -u: set the user to rebuild flake as on the target system" + echo "--preserve-result: do not remove the generated result folder after building" + echo "--no-preserve-result: remove any result folder after building" exit 0 ;; *) @@ -39,9 +54,17 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -if [[ "$target" == "$(hostname)" ]] +if [[ "$target" == "$(hostname)" ]]; then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi + +if [ -d "result" ]; +then + if [[ "$preserve_result" == "false" ]]; + then + rm -r result + fi +fi \ No newline at end of file From 70d1b98ce210cf43bd2c4824ee8db8a9a28173e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:03:00 -0500 Subject: [PATCH 250/695] added task to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 829bd2d..bce959b 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ set up git configuration for local development: `git config --local include.path - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` +- move applications in server environment into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 1be145193eddf40670ef27ab97222233c9549f13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:16:20 -0500 Subject: [PATCH 251/695] moved users password secret file --- enviroments/common/default.nix | 1 - enviroments/server/default.nix | 4 ++-- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 643240a..660b94d 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -122,7 +122,6 @@ }; sops = { - defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index ac834a8..c3be1e7 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -49,9 +49,9 @@ config = { # virtualisation.oci-containers.containers.pihole = { - # image = "pihole/pihole:latest"; + # image = "pihole/pihole:2024.07.0"; # environment = { - # TZ = "America/Chicago"; # TODO: set this to the systems timezone + # TZ = time.timeZone; # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) # }; # volumes = [ diff --git a/users/ester/default.nix b/users/ester/default.nix index c4a18fb..356a746 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -16,7 +16,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; diff --git a/users/eve/default.nix b/users/eve/default.nix index b674331..3d768f9 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -16,7 +16,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index cd4332e..e227fdb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -21,7 +21,7 @@ in { sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; From 4145dd770f9302c432c5cd1df5db5c87ed0f2f36 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:56:50 -0500 Subject: [PATCH 252/695] moved user group configuration to environment common --- enviroments/common/default.nix | 5 +++++ users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 660b94d..192d5a9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,6 +86,11 @@ members = ["eve"]; }; + useres = { + gid = 100; + members = ["lelya" "ester" "eve"]; + }; + jellyfin = { gid = 2000; members = ["jellyfin" "leyla"]; diff --git a/users/ester/default.nix b/users/ester/default.nix index 356a746..3597d2d 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -24,7 +24,7 @@ in { if cfg.isFullUser then { isNormalUser = true; - extraGroups = ["networkmanager" "users"]; + extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index 3d768f9..16787f8 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -24,7 +24,7 @@ in { if cfg.isFullUser then { isNormalUser = true; - extraGroups = ["networkmanager" "users"]; + extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index e227fdb..20f99ab 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -30,7 +30,7 @@ in { then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "users"] + ["networkmanager" "wheel"] ( lib.mkIf (!cfg.isThinUser) ["adbusers"] ) From 9603fba06277739b585310fa8607090c659656a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 19:24:59 -0500 Subject: [PATCH 253/695] updated secrets files --- .sops.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index 0ac5664..e9ddb56 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,11 @@ keys: - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: secrets/user-passwords.yaml$ + key_groups: + - age: + - *leyla + - path_regex: secrets/defiant-services.yaml$ key_groups: - age: - *leyla From 3159ea9a4071bcae4e59cecbd2634a3ddacd7f3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 19:25:21 -0500 Subject: [PATCH 254/695] fixed group name typo --- enviroments/common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 192d5a9..5236a8b 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,7 +86,7 @@ members = ["eve"]; }; - useres = { + users = { gid = 100; members = ["lelya" "ester" "eve"]; }; From 101d8941746fb028233fa464840e1d6810c88fe8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 19:59:12 -0500 Subject: [PATCH 255/695] reformated bond network --- hosts/defiant/hardware-configuration.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 4b58353..8601a8a 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -64,9 +64,7 @@ "40-bond0" = { matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "carrier"; - }; + linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; address = [ From 44aae0065d474c168aabc0d0043644054e79e310 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 19:59:20 -0500 Subject: [PATCH 256/695] added DHCP to bond network --- hosts/defiant/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 8601a8a..766a02d 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -66,6 +66,7 @@ matchConfig.Name = "bond0"; linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; + networkConfig.DHCP = "yes"; address = [ # configure addresses including subnet mask From bd7e575868b0991a60f40a6410a207e9e18f4e75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 20:27:38 -0500 Subject: [PATCH 257/695] changed env var for sops files --- enviroments/common/default.nix | 29 +++++++++++++++-------------- install.sh | 4 ++-- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 5236a8b..397799f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -63,11 +63,11 @@ isSystemUser = true; }; - # pihole = { - # uid = 2003; - # group = "forgejo"; - # isSystemUser = true; - # }; + pihole = { + uid = 2003; + group = "pihole"; + isSystemUser = true; + }; }; groups = { @@ -88,7 +88,7 @@ users = { gid = 100; - members = ["lelya" "ester" "eve"]; + members = ["leyla" "ester" "eve"]; }; jellyfin = { @@ -106,10 +106,10 @@ members = ["forgejo" "leyla"]; }; - # pihole = { - # gid = 2003; - # members = ["pihole" "leyla"]; - # }; + pihole = { + gid = 2003; + members = ["pihole" "leyla"]; + }; }; }; @@ -126,6 +126,11 @@ }; }; + environment.sessionVariables = rec { + AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + AGE_KEY_FILE = "${AGE_KEY_DIRECTORY}/key.txt"; + }; + sops = { defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; @@ -136,10 +141,6 @@ # generateKey = true; }; }; - environment.sessionVariables = { - AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; - }; - # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/install.sh b/install.sh index 0718998..b0a01ef 100755 --- a/install.sh +++ b/install.sh @@ -47,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$AGE_KEY_FILE_LOCATION -cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION +mkdir -p $temp$AGE_KEY_DIRECTORY +cp -r $AGE_KEY_DIRECTORY/* $temp$AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 4515bab713b87c44f7d28ab8b6b8f0b8324370ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 21:34:04 -0500 Subject: [PATCH 258/695] fixed password update command --- README.md | 3 ++- enviroments/common/default.nix | 4 ++-- install.sh | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bce959b..ef81d6b 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,10 @@ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html ## Configuration -updating passwords: `sops secrets/secrets.yaml` set up git configuration for local development: `git config --local include.path .gitconfig` +to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) + # Tasks: ## Tech Debt diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 397799f..0194ec1 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -127,8 +127,8 @@ }; environment.sessionVariables = rec { - AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; - AGE_KEY_FILE = "${AGE_KEY_DIRECTORY}/key.txt"; + SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; }; sops = { diff --git a/install.sh b/install.sh index b0a01ef..882a935 100755 --- a/install.sh +++ b/install.sh @@ -47,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$AGE_KEY_DIRECTORY -cp -r $AGE_KEY_DIRECTORY/* $temp$AGE_KEY_DIRECTORY +mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY +cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 8772c463235163f386fe8d2c42c87235fa07cc80 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:11:49 -0500 Subject: [PATCH 259/695] added pihole config to defiant --- enviroments/server/default.nix | 130 +++++++++++++++-------- hosts/defiant/hardware-configuration.nix | 4 +- 2 files changed, 89 insertions(+), 45 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3be1e7..6c18f29 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,27 +48,43 @@ }; config = { - # virtualisation.oci-containers.containers.pihole = { - # image = "pihole/pihole:2024.07.0"; - # environment = { - # TZ = time.timeZone; - # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) - # }; - # volumes = [ - # "/home/docker/pihole:/etc/pihole:rw" # TODO; set this based on configs - # ]; - # ports = [ - # "53:53/tcp" - # "53:53/udp" - # "3000:80/tcp" # TODO: bind container ip address? - # ]; - # log-driver = "journald"; - # extraOptions = [ - # "--ip=172.18.1.5" # TODO: set this to some ip address from configs - # "--network-alias=pihole" # TODO: set this from configs - # "--network=nas_default" - # ]; - # }; + sops.secrets = { + "services/pi-hole" = { + sopsFile = ../../secrets/defiant-services.yaml; + }; + }; + + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + virtualisation.oci-containers.containers.pihole = { + image = "pihole/pihole:2024.07.0"; + hostname = "pihole"; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs + "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt"; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=192.168.1.201" # TODO: set this to some ip address from configs + "--network=macvlan" + ]; + }; systemd = { tmpfiles.rules = [ @@ -78,28 +94,45 @@ "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" - # "d /home/pihole 750 pihole pihole -" + "d /home/pihole 750 pihole pihole -" ]; - # services = { - # pihole = { - # serviceConfig = { - # Restart = lib.mkOverride 500 "always"; - # }; - # after = [ - # "podman-network-nas_default.service" - # ]; - # requires = [ - # "podman-network-nas_default.service" - # ]; - # partOf = [ - # "podman-compose-nas-root.target" - # ]; - # wantedBy = [ - # "podman-compose-nas-root.target" - # ]; - # }; - # }; + services = { + "podman-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-macvlan.service" + ]; + requires = [ + "podman-network-macvlan.service" + ]; + partOf = [ + "podman-compose-root.target" + ]; + wantedBy = [ + "podman-compose-root.target" + ]; + }; + + "podman-network-macvlan" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f macvlan"; + }; + # TODO: check subnet against pi-hole ip address + # TODO: make lan configurable + # TODO: make parent interface configurable + script = '' + podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan + ''; + partOf = [ "podman-compose-root.target" ]; + wantedBy = [ "podman-compose-root.target" ]; + }; + }; # disable computer sleeping targets = { @@ -107,10 +140,23 @@ suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "podman-compose-root" = { + unitConfig = { + Description = "Root target for podman targets."; + }; + wantedBy = [ "multi-user.target" ]; + }; }; }; services = { + # DNS stub needs to be disabled so pi hole can bind + # resolved.extraConfig = "DNSStubListener=no"; + nfs.server = { enable = true; exports = '' @@ -200,7 +246,7 @@ defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [2049 8081]; + networking.firewall.allowedTCPPorts = [53 2049 3000 8081]; environment.systemPackages = [ config.services.headscale.package diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 766a02d..7755d1b 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -54,19 +54,17 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; - DHCP = "ipv4"; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; - DHCP = "ipv4"; }; "40-bond0" = { matchConfig.Name = "bond0"; linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; - networkConfig.DHCP = "yes"; + DHCP = "ipv4"; address = [ # configure addresses including subnet mask From e1ebfab7a30b063cfd9b997fcdb1313e4972cb47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:28:03 -0500 Subject: [PATCH 260/695] disabled DHCP on host network cards --- hosts/defiant/hardware-configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 7755d1b..edfaeee 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -54,10 +54,12 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; + DHCP = "no"; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; + DHCP = "no"; }; "40-bond0" = { From 469ba5671a36bbc70d687d7afd9d727f4e9ee4dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:28:30 -0500 Subject: [PATCH 261/695] moved task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef81d6b..60e9169 100644 --- a/README.md +++ b/README.md @@ -43,12 +43,12 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes +- pihole config files ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates - home assistant virtual machine -- pi hole docker - searxng docker - nextcloud ??? - samba mounts From 454cac088e8262e006de3b9d80bab2810ad2dcfa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 00:12:58 -0500 Subject: [PATCH 262/695] added submodule --- .gitmodules | 3 +++ secrets | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 secrets diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..810e39f --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "secrets"] + path = secrets + url = git@git.jan-leila.com:jan-leila/nix-config.git diff --git a/secrets b/secrets new file mode 160000 index 0000000..46172e9 --- /dev/null +++ b/secrets @@ -0,0 +1 @@ +Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 From 67efe92536eb40aa85d25e668666507a2b76ba4b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 00:15:21 -0500 Subject: [PATCH 263/695] replaced ambiguous unicode character --- hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 2 +- hosts/twilight/configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index ec5cf1d..9731f87 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -57,7 +57,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c83fcc6..018fb77 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -41,7 +41,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6441e2a..5c27001 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -229,7 +229,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). From 22ef0e838dc62507c8904f9b4c1f74e99614506c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:05:26 -0500 Subject: [PATCH 264/695] renamed domains to apps --- enviroments/server/default.nix | 18 +++++++++--------- hosts/defiant/configuration.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 6c18f29..f478413 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -9,7 +9,7 @@ ]; options = { - domains = { + apps = { base_domain = lib.mkOption { type = lib.types.str; }; @@ -29,7 +29,7 @@ hostname = lib.mkOption { type = lib.types.str; description = "hosname that jellyfin will be hosted at"; - default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; }; forgejo = { @@ -41,7 +41,7 @@ hostname = lib.mkOption { type = lib.types.str; description = "hosname that forgejo will be hosted at"; - default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; }; @@ -188,8 +188,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.domains.headscale.subdomain}.${config.domains.base_domain}"; - dns_config.base_domain = config.domains.base_domain; + server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns_config.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -208,7 +208,7 @@ lfs.enable = true; settings = { server = { - DOMAIN = config.domains.forgejo.hostname; + DOMAIN = config.apps.forgejo.hostname; HTTP_PORT = 8081; }; service.DISABLE_REGISTRATION = true; @@ -219,7 +219,7 @@ nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { - ${config.domains.headscale.hostname} = { + ${config.apps.headscale.hostname} = { forceSSL = true; enableACME = true; locations."/" = { @@ -227,12 +227,12 @@ proxyWebsockets = true; }; }; - ${config.domains.jellyfin.hostname} = { + ${config.apps.jellyfin.hostname} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:8096"; }; - ${config.domains.forgejo.hostname} = { + ${config.apps.forgejo.hostname} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9731f87..05b169e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,7 +23,7 @@ efiInstallAsRemovable = true; }; - domains = { + apps = { base_domain = "jan-leila.com"; headscale.subdomain = "vpn"; jellyfin.subdomain = "media"; From 8adc6b97cd424a01510f287e6bd786bb24dd8d1b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:29:22 -0500 Subject: [PATCH 265/695] removed git tracking requirement from rebuilds --- install.sh | 2 +- rebuild.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index 882a935..d7e10df 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target diff --git a/rebuild.sh b/rebuild.sh index 9988b7b..96cfc3d 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -54,11 +54,13 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} +# path: prefixes on rebuilds here make nix not treat this flake like it has a git repo so we can +# access secret files in the submodule this is kinda bad and we should find a way to not need it if [[ "$target" == "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake fi if [ -d "result" ]; From baced6f8fd8cefba7550ea12dc4e291659b51764 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:29:35 -0500 Subject: [PATCH 266/695] added config options for pihole --- enviroments/server/default.nix | 92 ++++++++++++++++++++++----------- hosts/defiant/configuration.nix | 21 ++++++-- 2 files changed, 79 insertions(+), 34 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f478413..5a55a69 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -13,6 +13,33 @@ base_domain = lib.mkOption { type = lib.types.str; }; + macvlan = { + subnet = lib.mkOption { + type = lib.types.str; + description = "Subnet for macvlan address range"; + }; + gateway = lib.mkOption { + type = lib.types.str; + description = "Gateway for macvlan"; + # TODO: see if we can default this to systemd network gateway + }; + networkInterface = lib.mkOption { + type = lib.types.str; + description = "Parent network interface for macvlan"; + # TODO: see if we can default this some interface? + }; + }; + pihole = { + image = lib.mkOption { + type = lib.types.str; + description = "container image to use for pi-hole"; + }; + # TODO: check against subnet for macvlan + ip = lib.mkOption { + type = lib.types.str; + description = "ip address to use for pi-hole"; + }; + }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -54,36 +81,42 @@ }; }; - # Runtime - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; + virtualisation = { + # Runtime + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; }; - }; - virtualisation.oci-containers.backend = "podman"; - virtualisation.oci-containers.containers.pihole = { - image = "pihole/pihole:2024.07.0"; - hostname = "pihole"; - volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs - "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt" - ]; - environment = { - TZ = config.time.timeZone; - WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt"; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; + oci-containers = { + backend = "podman"; + + containers.pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.apps.pihole.image; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.apps.pihole.ip}" + "--network=macvlan" + ]; + }; }; - log-driver = "journald"; - extraOptions = [ - "--ip=192.168.1.201" # TODO: set this to some ip address from configs - "--network=macvlan" - ]; }; systemd = { @@ -123,11 +156,8 @@ RemainAfterExit = true; ExecStop = "podman network rm -f macvlan"; }; - # TODO: check subnet against pi-hole ip address - # TODO: make lan configurable - # TODO: make parent interface configurable script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan + podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan ''; partOf = [ "podman-compose-root.target" ]; wantedBy = [ "podman-compose-root.target" ]; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b169e..9288d36 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,9 +25,24 @@ apps = { base_domain = "jan-leila.com"; - headscale.subdomain = "vpn"; - jellyfin.subdomain = "media"; - forgejo.subdomain = "git"; + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + pihole = { + image = "pihole/pihole:2024.07.0"; + ip = "192.168.1.201"; + }; + headscale = { + subdomain = "vpn"; + }; + jellyfin = { + subdomain = "media"; + }; + forgejo = { + subdomain = "git"; + }; }; services = { From 3e3f175e1b29ac04b3c5eacd89eb825f808595f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:30:28 -0500 Subject: [PATCH 267/695] updated task in README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 60e9169..b42f061 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes -- pihole config files ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From ac14a781b297d0496a8603e20d88676c1d7c231b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:31:02 -0500 Subject: [PATCH 268/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b42f061..d086102 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes +- make subrepo a flake that gets imported (and then remove `path:` from build scripts) ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 27b58dc288041ab5b9004c021eec802b10cafc6d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 02:30:54 -0500 Subject: [PATCH 269/695] switched submodule files to non flake input --- .gitmodules | 2 +- README.md | 1 - enviroments/server/default.nix | 3 ++- flake.lock | 18 ++++++++++++++++++ flake.nix | 7 ++++++- install.sh | 2 +- rebuild.sh | 4 ++-- users/ester/default.nix | 3 ++- users/eve/default.nix | 3 ++- users/leyla/default.nix | 3 ++- 10 files changed, 36 insertions(+), 10 deletions(-) diff --git a/.gitmodules b/.gitmodules index 810e39f..dcfaddd 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "secrets"] path = secrets - url = git@git.jan-leila.com:jan-leila/nix-config.git + url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git diff --git a/README.md b/README.md index d086102..b42f061 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes -- make subrepo a flake that gets imported (and then remove `path:` from build scripts) ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 5a55a69..a36a1db 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: { imports = [ @@ -77,7 +78,7 @@ config = { sops.secrets = { "services/pi-hole" = { - sopsFile = ../../secrets/defiant-services.yaml; + sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; diff --git a/flake.lock b/flake.lock index a424800..d6f3015 100644 --- a/flake.lock +++ b/flake.lock @@ -167,9 +167,27 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "secrets": "secrets", "sops-nix": "sops-nix" } }, + "secrets": { + "flake": false, + "locked": { + "lastModified": 1727152771, + "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "ref": "main", + "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", + "revCount": 2, + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_2", diff --git a/flake.nix b/flake.nix index 70992b0..d1ff05b 100644 --- a/flake.nix +++ b/flake.nix @@ -5,9 +5,14 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # encrypt files that contain secreats that I would like to not encrypt + # encrypt files that contain secrets that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + secrets = { + url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; + flake = false; + }; + # declairtive disk configuration disko = { url = "github:nix-community/disko"; diff --git a/install.sh b/install.sh index d7e10df..882a935 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/rebuild.sh b/rebuild.sh index 96cfc3d..630a2b4 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -58,9 +58,9 @@ user=${user:-$USER} # access secret files in the submodule this is kinda bad and we should find a way to not need it if [[ "$target" == "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi if [ -d "result" ]; diff --git a/users/ester/default.nix b/users/ester/default.nix index 3597d2d..f6a1203 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: let cfg = config.users.ester; @@ -16,7 +17,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; diff --git a/users/eve/default.nix b/users/eve/default.nix index 16787f8..7902ff2 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: let cfg = config.users.eve; @@ -16,7 +17,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 20f99ab..1cd30fe 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: let cfg = config.users.leyla; @@ -21,7 +22,7 @@ in { sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; From b1fbaf169d78ed8f454b83a00cc079656a9bc14c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 17:58:47 -0500 Subject: [PATCH 270/695] ran linter --- enviroments/server/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index a36a1db..7d7d7b5 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -151,7 +151,7 @@ }; "podman-network-macvlan" = { - path = [ pkgs.podman ]; + path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -160,8 +160,8 @@ script = '' podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan ''; - partOf = [ "podman-compose-root.target" ]; - wantedBy = [ "podman-compose-root.target" ]; + partOf = ["podman-compose-root.target"]; + wantedBy = ["podman-compose-root.target"]; }; }; @@ -179,7 +179,7 @@ unitConfig = { Description = "Root target for podman targets."; }; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; }; }; }; From 6fc22b821448bc5eb3cb2fd7e99d6f9be15e8d24 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 17:58:54 -0500 Subject: [PATCH 271/695] added note to task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b42f061..8bcb5ed 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## Tech Debt - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings -- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` +- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) From aaa7f0aa3d403c9852c22f73a1bb829472075879 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 18:43:32 -0500 Subject: [PATCH 272/695] restructured containers object --- enviroments/server/default.nix | 38 ++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 7d7d7b5..9466c42 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -97,25 +97,27 @@ oci-containers = { backend = "podman"; - containers.pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.apps.pihole.image; - volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = config.time.timeZone; - WEBPASSWORD_FILE = passwordFileLocation; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; + containers = { + pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.apps.pihole.image; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.apps.pihole.ip}" + "--network=macvlan" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--ip=${config.apps.pihole.ip}" - "--network=macvlan" - ]; }; }; }; From a86f39668b04e40efe7d3d6e8547b81ffa09fbe2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 20:05:25 -0500 Subject: [PATCH 273/695] reorganized flake inputs --- flake.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index d1ff05b..f8254b7 100644 --- a/flake.nix +++ b/flake.nix @@ -5,34 +5,37 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # encrypt files that contain secrets that I would like to not encrypt + # secret encryption sops-nix.url = "github:Mic92/sops-nix"; + # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities secrets = { url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; flake = false; }; - # declairtive disk configuration + # disk configurations disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - # managment per user + # users home directories home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - # repo of hardware configs for prebuilt systems - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # pregenerated hardware configurations + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; }; outputs = { From 5916073839be3a4ca61db0c65b03a32666a883f5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 11:16:13 -0500 Subject: [PATCH 274/695] groups environment vars in common environment added qemu to system --- enviroments/common/default.nix | 38 +++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 0194ec1..a5e1c9c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -126,9 +126,30 @@ }; }; - environment.sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + environment = { + # List packages installed in system profile. + systemPackages = with pkgs; [ + qemu + (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' + qemu-system-x86_64 \ + -bios ${OVMF.fd}/FV/OVMF.fd \ + "$@" + '') + + wget + + # version control + git + + # system debuging tools + iputils + dnsutils + ]; + + sessionVariables = rec { + SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; }; sops = { @@ -141,15 +162,4 @@ # generateKey = true; }; }; - # List packages installed in system profile. - environment.systemPackages = with pkgs; [ - wget - - # version control - git - - # system debuging tools - iputils - dnsutils - ]; } From da7a41ce507fe19b6f009dec3003cc49af932410 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 11:16:42 -0500 Subject: [PATCH 275/695] updated flakes --- flake.lock | 30 +++++++++++++++--------------- flake.nix | 6 ++++++ 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index d6f3015..167e2f9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1727249977, + "narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1726863345, - "narHash": "sha256-fjbKe1/UJpLT6tQLAKJ/djJFdnmAh2kkdsgmylyFrQA=", + "lastModified": 1727246346, + "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", "owner": "nix-community", "repo": "home-manager", - "rev": "dfe4d334b172071e7189d971ddecd3a7f811b48d", + "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1726796602, - "narHash": "sha256-rYMcODISSljSETcqUUTMo++ZEa1CC6Xx6d3xuydishM=", + "lastModified": 1727228778, + "narHash": "sha256-vg1b7yLH8TgKsUi5KlctSx4GuET7MAoWUR7nqAGnU/Y=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "91dea80194080f017c6edf84fd94e33f6c12aec3", + "rev": "fb86a415579cd38eb7b47c3ada597841b97e2ea9", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726724509, - "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", + "lastModified": 1727040444, + "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", + "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726755586, - "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f8254b7..b320777 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # # virtual machine managment + # nix-virt = { + # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; From 62ad7255bae131ff46be171f0563f4734b8ba9b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 12:15:15 -0500 Subject: [PATCH 276/695] added ollama plugin --- users/leyla/default.nix | 26 +++++++++++++++++--------- users/leyla/packages.nix | 2 ++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 1cd30fe..69f8193 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -51,15 +51,23 @@ in { } ); - # TODO: this should reference the home directory from the user config - services.openssh.hostKeys = [ - { - comment = "leyla@" + config.networking.hostName; - path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; - rounds = 100; - type = "ed25519"; - } - ]; + services = { + ollama = { + enable = true; + acceleration = lib.mkIf cfg.hasGPU "cuda"; + }; + + + # TODO: this should reference the home directory from the user config + openssh.hostKeys = [ + { + comment = "leyla@" + config.networking.hostName; + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + }; home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index e206d22..a5960d9 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -106,6 +106,8 @@ in { # misc extensions bungcip.better-toml + + open-vsx."10nates".ollama-autocoder ] ++ (with vscode-marketplace; [ # js extensions From a625779b78639cdd50bd544b3938b3c8ed2c5ceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 19:56:54 -0500 Subject: [PATCH 277/695] drafted out firefox config --- flake.nix | 5 +- users/leyla/home.nix | 122 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index b320777..aa908e0 100644 --- a/flake.nix +++ b/flake.nix @@ -26,9 +26,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # # virtual machine managment - # nix-virt = { - # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + # firefox-addons = { + # url = "gitlab.com:rycee/nur-expressions?dir=pkgs/firefox-addons"; # inputs.nixpkgs.follows = "nixpkgs"; # }; diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 118d0cc..c951aaf 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -83,6 +83,128 @@ userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } }; dconf = { From e728268b9b2416d03605ec6bf962d06d8184d229 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Sep 2024 09:33:52 -0500 Subject: [PATCH 278/695] simplified flake.nix --- flake.lock | 20 +++----------------- flake.nix | 16 +++++++++++++--- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 167e2f9..e323be9 100644 --- a/flake.lock +++ b/flake.lock @@ -144,22 +144,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1725534445, - "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", @@ -190,7 +174,9 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/flake.nix b/flake.nix index aa908e0..8e2192e 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,10 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # secret encryption - sops-nix.url = "github:Mic92/sops-nix"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities secrets = { @@ -48,6 +51,7 @@ nixpkgs, disko, nixos-hardware, + home-manager, ... } @ inputs: let forEachSystem = nixpkgs.lib.genAttrs [ @@ -66,8 +70,14 @@ specialArgs = {inherit inputs;}; modules = [ ./hosts/horizon/configuration.nix - inputs.home-manager.nixosModules.default nixos-hardware.nixosModules.framework-11th-gen-intel + home-manager.nixosModules.default + # { + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.extraSpecialArgs = { inherit inputs; }; + # home-manager.users = import ./users; + # } ]; }; # Leyla Desktop @@ -75,7 +85,7 @@ specialArgs = {inherit inputs;}; modules = [ ./hosts/twilight/configuration.nix - inputs.home-manager.nixosModules.default + home-manager.nixosModules.default ]; }; # NAS Service From 292d9d0790a9e29aaeef77e44c8e0229c65d7b1f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Sep 2024 21:44:54 +0200 Subject: [PATCH 279/695] set timezone automatically --- enviroments/common/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a5e1c9c..25c221a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -15,7 +15,7 @@ networking.networkmanager.enable = true; # Set your time zone. - time.timeZone = "America/Chicago"; + # time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; @@ -114,6 +114,10 @@ }; services = { + automatic-timezoned = { + enable = true; + }; + openssh = { enable = true; ports = [22]; From f975bd047d1da96c70e67e7ccad5f3375a92ba26 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 2 Oct 2024 22:31:57 +0200 Subject: [PATCH 280/695] added direnv to system packages --- enviroments/client/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 86ff67b..134d7e2 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -47,6 +47,8 @@ security.rtkit.enable = true; environment.systemPackages = with pkgs; [ + direnv + # helvetica font aileron From 37d01a92b764bdcb0824905309344f921ed05bd4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:19:06 +0200 Subject: [PATCH 281/695] added direnv to bash.interactiveShellInit --- enviroments/client/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 134d7e2..85b5e47 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -46,6 +46,8 @@ hardware.pulseaudio.enable = false; security.rtkit.enable = true; + programs.bash.interactiveShellInit = ''eval "$(direnv hook bash)"''; + environment.systemPackages = with pkgs; [ direnv From 26b231a329cfdd72d2322befa87b58f1ca50a017 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:21:54 +0200 Subject: [PATCH 282/695] moved dir env to nix-direnv in home manager --- enviroments/client/default.nix | 4 ---- users/leyla/home.nix | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 85b5e47..86ff67b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -46,11 +46,7 @@ hardware.pulseaudio.enable = false; security.rtkit.enable = true; - programs.bash.interactiveShellInit = ''eval "$(direnv hook bash)"''; - environment.systemPackages = with pkgs; [ - direnv - # helvetica font aileron diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c951aaf..af3940a 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,12 +77,23 @@ programs = { # Let Home Manager install and manage itself. home-manager.enable = true; + + # set up git defaults git = { enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + bash.enable = true; # see note on other shells below + # firefox = { # enable = true; # profiles.leyla = { From ff295dc7acb6dd948026fdad5a81d7a018a8b7a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:48:14 +0200 Subject: [PATCH 283/695] reconfigured how home manager gets applied --- README.md | 1 + flake.nix | 14 +- hosts/horizon/configuration.nix | 4 + users/default.nix | 1 + users/home.nix | 5 + users/leyla/default.nix | 8 +- users/leyla/home.nix | 491 ++++++++++++++++---------------- users/leyla/packages.nix | 275 ++++++++++-------- 8 files changed, 438 insertions(+), 361 deletions(-) create mode 100644 users/home.nix diff --git a/README.md b/README.md index 8bcb5ed..e9f9e8f 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html +- This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ ## Configuration set up git configuration for local development: `git config --local include.path .gitconfig` diff --git a/flake.nix b/flake.nix index 8e2192e..4f551e2 100644 --- a/flake.nix +++ b/flake.nix @@ -71,13 +71,13 @@ modules = [ ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel - home-manager.nixosModules.default - # { - # home-manager.useGlobalPkgs = true; - # home-manager.useUserPackages = true; - # home-manager.extraSpecialArgs = { inherit inputs; }; - # home-manager.users = import ./users; - # } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ]; }; # Leyla Desktop diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 018fb77..714429d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,6 +14,10 @@ ../../enviroments/client ]; + home-manager.users.leyla.config = { + isFullUser = true; + }; + users = { leyla.isFullUser = true; ester.isFullUser = true; diff --git a/users/default.nix b/users/default.nix index 4c0b5d7..3dc52d9 100644 --- a/users/default.nix +++ b/users/default.nix @@ -4,4 +4,5 @@ users.mutableUsers = false; home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.users = import ./home.nix; } diff --git a/users/home.nix b/users/home.nix new file mode 100644 index 0000000..62be450 --- /dev/null +++ b/users/home.nix @@ -0,0 +1,5 @@ +{ + leyla = import ./leyla/home.nix; + # ester = import ./ester/home.nix; + # eve = import ./eve/home.nix; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 69f8193..0089d35 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -6,9 +6,9 @@ }: let cfg = config.users.leyla; in { - imports = [ - ./packages.nix - ]; + # imports = [ + # ./packages.nix + # ]; options.users.leyla = { isFullUser = lib.mkEnableOption "create usable leyla user"; @@ -69,6 +69,6 @@ in { ]; }; - home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); + # home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } diff --git a/users/leyla/home.nix b/users/leyla/home.nix index af3940a..9644e62 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,259 +1,272 @@ { + lib, config, pkgs, ... }: { - # Home Manager needs a bit of information about you and the paths it should - # manage. - home = { - username = "leyla"; - homeDirectory = "/home/leyla"; + imports = [ + ./packages.nix + ]; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # The home.packages option allows you to install Nix packages into your - # environment. - packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; + options = { + isFullUser = lib.mkEnableOption "create usable leyla user"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + config = { + # Home Manager needs a bit of information about you and the paths it should + # manage. + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; # see note on other shells below - nix-direnv.enable = true; + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + bash.enable = true; # see note on other shells below + + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } }; - bash.enable = true; # see note on other shells below - # firefox = { - # enable = true; - # profiles.leyla = { + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } - }; - - dconf = { - enable = true; - settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a5960d9..e14f157 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,17 +1,12 @@ { lib, config, + osConfig, pkgs, inputs, ... -}: let - cfg = config.users.leyla; -in { - imports = [ - ../../overlays/intellij.nix - ../../overlays/vscodium.nix - ]; - +}: +{ nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -19,119 +14,177 @@ in { }; programs = { - bash.shellAliases = lib.mkIf cfg.isFullUser { + bash.shellAliases = lib.mkIf config.isFullUser { code = "codium"; }; - steam = lib.mkIf cfg.isFullUser { + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in + { enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + }; + + extensions = with extensions.open-vsx; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }; - noisetorch.enable = cfg.isFullUser; - adb.enable = cfg.isFullUser; + # steam = lib.mkIf config.isFullUser { + # enable = true; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # }; + + # noisetorch.enable = config.isFullUser; + + # adb.enable = config.isFullUser; }; - users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( - lib.mkMerge [ - ( - with pkgs; [ - # comand line tools - yt-dlp - ffmpeg - imagemagick - ] - ) - ( - lib.mkIf (!cfg.isThinUser) ( + home = { + packages = lib.mkIf (config.isFullUser || config.isThinUser) ( + lib.mkMerge [ + ( with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing - - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # misc extensions - bungcip.better-toml - - open-vsx."10nates".ollama-autocoder - ] - ++ (with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); - }) - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno - - # system tools - protonvpn-gui - openvpn - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf config.hardware.piperMouse.enable piper) - (lib.mkIf config.hardware.openRGB.enable openrgb) - (lib.mkIf config.hardware.viaKeyboard.enable via) + # comand line tools + yt-dlp + ffmpeg + imagemagick ] ) - ) - ] - ); + ( + lib.mkIf (!config.isThinUser) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf config.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf config.hasGPU davinci-resolve) + + # development tools + # (vscode-with-extensions.override { + # vscode = vscodium; + # vscodeExtensions = with open-vsx; + # [ + # # vs code feel extensions + # ms-vscode.atom-keybindings + # akamud.vscode-theme-onedark + # streetsidesoftware.code-spell-checker + # streetsidesoftware.code-spell-checker-german + # streetsidesoftware.code-spell-checker-italian + # jeanp413.open-remote-ssh + + # # nix extensions + # pinage404.nix-extension-pack + # jnoortheen.nix-ide + + # # html extensions + # formulahendry.auto-rename-tag + # ms-vscode.live-server + + # # js extensions + # dsznajder.es7-react-js-snippets + # dbaeumer.vscode-eslint + # standard.vscode-standard + # firsttris.vscode-jest-runner + # stylelint.vscode-stylelint + # tauri-apps.tauri-vscode + + # # misc extensions + # bungcip.better-toml + + # open-vsx."10nates".ollama-autocoder + # ] + # ++ (with vscode-marketplace; [ + # # js extensions + # karyfoundation.nearley + # ]); + # }) + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf osConfig.hardware.piperMouse.enable piper) + (lib.mkIf osConfig.hardware.openRGB.enable openrgb) + (lib.mkIf osConfig.hardware.viaKeyboard.enable via) + ] + ) + ) + ] + ); + }; } From 89c8c729fac68ca4c499e071db16c7078a917739 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 15:38:03 +0200 Subject: [PATCH 284/695] added show-trace option to rebuild --- rebuild.sh | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 630a2b4..a4b7fdc 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -7,6 +7,8 @@ else preserve_result=false fi +show_trace=false + while [ $# -gt 0 ]; do case "$1" in --target*|-t*) @@ -31,6 +33,9 @@ while [ $# -gt 0 ]; do --no-preserve-result) preserve_result=false ;; + --show-trace) + show_trace=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: set the target system to rebuild on" @@ -39,6 +44,7 @@ while [ $# -gt 0 ]; do echo "--user -u: set the user to rebuild flake as on the target system" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" + echo "--show-trace: show trace on builds" exit 0 ;; *) @@ -54,15 +60,20 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -# path: prefixes on rebuilds here make nix not treat this flake like it has a git repo so we can -# access secret files in the submodule this is kinda bad and we should find a way to not need it -if [[ "$target" == "$(hostname)" ]]; +command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" + +if [[ "$target" != "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake .#$flake -else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake + command="$command --target-host $user@$target" fi +if [[ "$show_trace" = true ]]; +then + command="$command --show-trace" +fi + +$command + if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; From bba88fc3fe89c7256a880fb8ab4f0d67a71015c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:38:51 +0200 Subject: [PATCH 285/695] added home manger to all flakes --- enviroments/common/default.nix | 3 --- enviroments/server/default.nix | 2 +- flake.nix | 20 +++++++++++++++----- hosts/defiant/configuration.nix | 4 ++++ hosts/twilight/configuration.nix | 10 ++++++---- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 25c221a..a1dbdb0 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -14,9 +14,6 @@ # Enable networking networking.networkmanager.enable = true; - # Set your time zone. - # time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 9466c42..3d20a17 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -107,7 +107,7 @@ "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" ]; environment = { - TZ = config.time.timeZone; + TZ = "America/Chicago"; WEBPASSWORD_FILE = passwordFileLocation; PIHOLE_UID = toString config.users.users.pihole.uid; PIHOLE_GID = toString config.users.groups.pihole.gid; diff --git a/flake.nix b/flake.nix index 4f551e2..7567deb 100644 --- a/flake.nix +++ b/flake.nix @@ -69,23 +69,27 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - ./hosts/horizon/configuration.nix - nixos-hardware.nixosModules.framework-11th-gen-intel - home-manager.nixosModules.home-manager - { + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = { inherit inputs; }; } + ./hosts/horizon/configuration.nix + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ./hosts/twilight/configuration.nix - home-manager.nixosModules.default ]; }; # NAS Service @@ -93,6 +97,12 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9288d36..2faa378 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,6 +14,10 @@ ../../enviroments/server ]; + + home-manager.users.leyla.config = { + isThinUser = true; + }; users.leyla.isThinUser = true; boot.loader.grub = { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 5c27001..972fd72 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,11 +14,13 @@ ../../enviroments/client ]; + home-manager.users.leyla.config = { + isFullUser = true; + hasGPU = true; + }; + users = { - leyla = { - isFullUser = true; - hasGPU = true; - }; + leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; From d99da6cd44f83651e02704fc58822e4d3bc9c9bd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:39:02 +0200 Subject: [PATCH 286/695] added flake check to pre commit hook --- .hooks/pre-commit | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 5721472..4d465c4 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -2,6 +2,13 @@ git stash -q --keep-index + +nix flake check + +if [ $? -eq 0 ]; then + exit 1 +fi + ./lint.sh RESULT=$? From bbb4be8ac84cd4f0dd0b7a7ceb517688e5cf58b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:39:36 +0200 Subject: [PATCH 287/695] added optimize to nix settings --- enviroments/common/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a1dbdb0..78bd2cd 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,6 +9,7 @@ trusted-users = ["leyla"]; }; gc.automatic = true; + optimise.automatic = true; }; # Enable networking From cfa0f64f7054afb992f9f0c5cd96b9d0d9790a27 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:48:35 +0200 Subject: [PATCH 288/695] added weekly timers to garbage collect and optimize made garbage collector collect older then a week --- enviroments/common/default.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 78bd2cd..db1549d0 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -8,8 +8,15 @@ experimental-features = ["nix-command" "flakes"]; trusted-users = ["leyla"]; }; - gc.automatic = true; - optimise.automatic = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + dates = "weekly"; + }; }; # Enable networking From 48a321fbd518b7f8ad19255b75b541f7a9a39459 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:50:46 +0200 Subject: [PATCH 289/695] ran linter --- enviroments/common/default.nix | 4 +- flake.nix | 15 ++++--- hosts/defiant/configuration.nix | 1 - users/home.nix | 2 +- users/leyla/default.nix | 1 - users/leyla/home.nix | 2 +- users/leyla/packages.nix | 72 ++++++++++++++++----------------- 7 files changed, 48 insertions(+), 49 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index db1549d0..3dd24c1 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -122,7 +122,7 @@ automatic-timezoned = { enable = true; }; - + openssh = { enable = true; ports = [22]; @@ -154,7 +154,7 @@ iputils dnsutils ]; - + sessionVariables = rec { SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; diff --git a/flake.nix b/flake.nix index 7567deb..982ca67 100644 --- a/flake.nix +++ b/flake.nix @@ -69,11 +69,12 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel @@ -83,11 +84,12 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/twilight/configuration.nix ]; @@ -97,11 +99,12 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2faa378..59744c8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,7 +14,6 @@ ../../enviroments/server ]; - home-manager.users.leyla.config = { isThinUser = true; }; diff --git a/users/home.nix b/users/home.nix index 62be450..0571905 100644 --- a/users/home.nix +++ b/users/home.nix @@ -2,4 +2,4 @@ leyla = import ./leyla/home.nix; # ester = import ./ester/home.nix; # eve = import ./eve/home.nix; -} \ No newline at end of file +} diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 0089d35..102e029 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -57,7 +57,6 @@ in { acceleration = lib.mkIf cfg.hasGPU "cuda"; }; - # TODO: this should reference the home directory from the user config openssh.hostKeys = [ { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 9644e62..f8d4c42 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -105,7 +105,7 @@ nix-direnv.enable = true; }; bash.enable = true; # see note on other shells below - + # firefox = { # enable = true; # profiles.leyla = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index e14f157..294cad5 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -5,8 +5,7 @@ pkgs, inputs, ... -}: -{ +}: { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -18,14 +17,13 @@ code = "codium"; }; - vscode = let + vscode = let extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; - in - { + in { enable = true; - + package = pkgs.vscodium; mutableExtensionsDir = false; @@ -36,44 +34,44 @@ "workbench.colorTheme" = "Atom One Dark"; }; - extensions = with extensions.open-vsx; [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + extensions = with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # misc extensions - bungcip.better-toml + # misc extensions + bungcip.better-toml - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }; - # steam = lib.mkIf config.isFullUser { # enable = true; # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 67abf0d448a726487b482b48c969bb26630cea44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:56:43 +0200 Subject: [PATCH 290/695] fixed optimise dates value --- enviroments/common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3dd24c1..9ee0c50 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -15,7 +15,7 @@ }; optimise = { automatic = true; - dates = "weekly"; + dates = ["weekly"]; }; }; From da7b146213eaabd3a68a4fbef2aaae535b72a16c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:04:12 +0200 Subject: [PATCH 291/695] added tasks to tech debt --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e9f9e8f..b023e09 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,8 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes +- we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) +- Eve and Ester home-manager ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 232f31d23de402d0ab56a1c2f1fec08c105a32cd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:06:42 +0200 Subject: [PATCH 292/695] merged home manager configs for all systems --- flake.nix | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/flake.nix b/flake.nix index 982ca67..85d1a96 100644 --- a/flake.nix +++ b/flake.nix @@ -64,18 +64,20 @@ in { packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = { + nixosConfigurations = let + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + }; + in + { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -84,13 +86,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix ]; }; @@ -99,13 +95,7 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; From 6f3022c23bb77bff590d32d2b39af8b6ff3a3fa5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:06:49 +0200 Subject: [PATCH 293/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b023e09..ce7ed16 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - move applications in server environment into their own flakes - we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) - Eve and Ester home-manager +- get rid of default config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 3cc48070339fd5c173fafdb4c05517912c6e785d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:07:22 +0200 Subject: [PATCH 294/695] moved home-manager-config variable up --- flake.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 85d1a96..6a25fab 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,12 @@ home-manager, ... } @ inputs: let + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + }; forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" "aarch64-linux" @@ -64,15 +70,7 @@ in { packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = let - home-manager-config = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - }; - in - { + nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; From 6eb6ac12785b2e9cdf3e57349b348f85d9da8b89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:20:16 +0200 Subject: [PATCH 295/695] removed non home manager isFullUser and isThinUser for leyla --- hosts/defiant/configuration.nix | 1 - hosts/horizon/configuration.nix | 1 - hosts/twilight/configuration.nix | 1 - users/leyla/default.nix | 14 +---------- users/leyla/packages.nix | 41 ++------------------------------ 5 files changed, 3 insertions(+), 55 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 59744c8..09c51a4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,7 +17,6 @@ home-manager.users.leyla.config = { isThinUser = true; }; - users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 714429d..7086276 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -19,7 +19,6 @@ }; users = { - leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 972fd72..39bf38b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,7 +20,6 @@ }; users = { - leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 102e029..10e9ae9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -4,18 +4,8 @@ inputs, ... }: let - cfg = config.users.leyla; + cfg = config.home-manager.users.leyla; in { - # imports = [ - # ./packages.nix - # ]; - - options.users.leyla = { - isFullUser = lib.mkEnableOption "create usable leyla user"; - isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - config = { nixpkgs.config.allowUnfree = true; @@ -67,7 +57,5 @@ in { } ]; }; - - # home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 294cad5..6b64616 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,7 +75,8 @@ # steam = lib.mkIf config.isFullUser { # enable = true; # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer + # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers # }; # noisetorch.enable = config.isFullUser; @@ -126,44 +127,6 @@ (lib.mkIf config.hasGPU davinci-resolve) # development tools - # (vscode-with-extensions.override { - # vscode = vscodium; - # vscodeExtensions = with open-vsx; - # [ - # # vs code feel extensions - # ms-vscode.atom-keybindings - # akamud.vscode-theme-onedark - # streetsidesoftware.code-spell-checker - # streetsidesoftware.code-spell-checker-german - # streetsidesoftware.code-spell-checker-italian - # jeanp413.open-remote-ssh - - # # nix extensions - # pinage404.nix-extension-pack - # jnoortheen.nix-ide - - # # html extensions - # formulahendry.auto-rename-tag - # ms-vscode.live-server - - # # js extensions - # dsznajder.es7-react-js-snippets - # dbaeumer.vscode-eslint - # standard.vscode-standard - # firsttris.vscode-jest-runner - # stylelint.vscode-stylelint - # tauri-apps.tauri-vscode - - # # misc extensions - # bungcip.better-toml - - # open-vsx."10nates".ollama-autocoder - # ] - # ++ (with vscode-marketplace; [ - # # js extensions - # karyfoundation.nearley - # ]); - # }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 27406218b5cde8426adeba95669bdd9074dca5c0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:20:44 +0200 Subject: [PATCH 296/695] removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ce7ed16..0132d4a 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) - Eve and Ester home-manager - get rid of default config and import it in hardware-configuration.nix ## New Features From da4f1299c768262dca43c517561919a72a28f974 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:41:12 +0200 Subject: [PATCH 297/695] added configs for steam noisetorch and adb back in --- users/leyla/default.nix | 13 +++++++++++++ users/leyla/packages.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 10e9ae9..a9efe1c 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -57,5 +57,18 @@ in { } ]; }; + + programs = { + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + + noisetorch.enable = cfg.isFullUser; + + adb.enable = cfg.isFullUser; + }; }; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 6b64616..eabd4ba 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,17 +71,6 @@ karyfoundation.nearley ]); }; - - # steam = lib.mkIf config.isFullUser { - # enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer - # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - # }; - - # noisetorch.enable = config.isFullUser; - - # adb.enable = config.isFullUser; }; home = { From 1cef697f9b53605055cab272ab87d0815b3c1107 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:43:00 +0200 Subject: [PATCH 298/695] fixed task typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0132d4a..dd6a036 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes - Eve and Ester home-manager -- get rid of default config and import it in hardware-configuration.nix +- get rid of disko config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From dd6046af2766bd8de8b376ec1a9257beaf275c1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 18:11:52 +0200 Subject: [PATCH 299/695] added spell check words --- users/leyla/packages.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index eabd4ba..2239ff2 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -32,6 +32,9 @@ userSettings = { "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; }; extensions = with extensions.open-vsx; From 2d6b16950b424c10dc8bca6522f057e84d29b723 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:42:30 +0200 Subject: [PATCH 300/695] added util to lib --- flake.nix | 11 ++++++----- users/leyla/default.nix | 2 +- util/default.nix | 16 ++++++++++------ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index 6a25fab..bfd7292 100644 --- a/flake.nix +++ b/flake.nix @@ -67,13 +67,14 @@ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - in { - packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); + callPackage = nixpkgs.lib.callPackageWith (nixpkgs // { lib = lib; }); + lib = callPackage ./util {} // nixpkgs.lib; + in { nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix @@ -82,7 +83,7 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix @@ -90,7 +91,7 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a9efe1c..47b3edb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -23,7 +23,7 @@ in { extraGroups = lib.mkMerge [ ["networkmanager" "wheel"] ( - lib.mkIf (!cfg.isThinUser) ["adbusers"] + lib.mkUnless cfg.isThinUser ["adbusers"] ) ]; diff --git a/util/default.nix b/util/default.nix index acd1997..3d16bf3 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,7 +1,11 @@ -_: { - # mkUnless = condition: then: (mkIf (!condition) then); - # mkIfElse = condition: then: else: lib.mkMerge [ - # (mkIf condition then) - # (mkUnless condition else) - # ]; +{ + lib, + ... +}: +{ + mkUnless = condition: yes: (lib.mkIf (!condition) yes); + mkIfElse = condition: yes: no: lib.mkMerge [ + (lib.mkIf condition yes) + (lib.mkUnless condition no) + ]; } From 8f4e70c0d0e454aac16dd56b569c20f826efdb05 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:48:52 +0200 Subject: [PATCH 301/695] moved vscode to own file --- README.md | 1 - users/leyla/packages.nix | 72 ++----------------------------------- users/leyla/vscode.nix | 77 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 70 deletions(-) create mode 100644 users/leyla/vscode.nix diff --git a/README.md b/README.md index dd6a036..4f1e59b 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. # Tasks: ## Tech Debt -- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2239ff2..1478d1d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -6,75 +6,9 @@ inputs, ... }: { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = lib.mkIf config.isFullUser { - code = "codium"; - }; - - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; - - package = pkgs.vscodium; - - mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - }; - - extensions = with extensions.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # misc extensions - bungcip.better-toml - - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); - }; - }; + imports = [ + ./vscode.nix + ]; home = { packages = lib.mkIf (config.isFullUser || config.isThinUser) ( diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix new file mode 100644 index 0000000..ffe84b6 --- /dev/null +++ b/users/leyla/vscode.nix @@ -0,0 +1,77 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = lib.mkIf config.isFullUser { + code = "codium"; + }; + + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + }; + + extensions = with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); + }; + }; +} \ No newline at end of file From cb1f8665e52d41d1146092ac3d5a8e55ab11cd3e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:52:53 +0200 Subject: [PATCH 302/695] ran linted --- flake.nix | 11 +++++++---- users/leyla/vscode.nix | 2 +- util/default.nix | 15 ++++++--------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index bfd7292..efffbd2 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,7 @@ ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - callPackage = nixpkgs.lib.callPackageWith (nixpkgs // { lib = lib; }); + callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); lib = callPackage ./util {} // nixpkgs.lib; in { nixosConfigurations = { @@ -76,7 +76,8 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -85,7 +86,8 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/twilight/configuration.nix ]; }; @@ -94,7 +96,8 @@ specialArgs = {inherit inputs lib;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index ffe84b6..37fc4be 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -74,4 +74,4 @@ ]); }; }; -} \ No newline at end of file +} diff --git a/util/default.nix b/util/default.nix index 3d16bf3..a06ac29 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,11 +1,8 @@ -{ - lib, - ... -}: -{ +{lib, ...}: { mkUnless = condition: yes: (lib.mkIf (!condition) yes); - mkIfElse = condition: yes: no: lib.mkMerge [ - (lib.mkIf condition yes) - (lib.mkUnless condition no) - ]; + mkIfElse = condition: yes: no: + lib.mkMerge [ + (lib.mkIf condition yes) + (lib.mkUnless condition no) + ]; } From c0167bd5d188af037d35f9f31c1591bc2f17b2a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:04:17 +0200 Subject: [PATCH 303/695] updated README --- .hooks/pre-commit | 5 +++-- README.md | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 4d465c4..524d4e5 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -2,13 +2,14 @@ git stash -q --keep-index - +echo "checking flakes all compile" nix flake check -if [ $? -eq 0 ]; then +if [ ! $? -eq 0 ]; then exit 1 fi +echo "running linter" ./lint.sh RESULT=$? diff --git a/README.md b/README.md index 4f1e59b..f639b53 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ ## Configuration -set up git configuration for local development: `git config --local include.path .gitconfig` +set up git configuration for local development: `git config core.hooksPath .hooks` to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) From 8da184333e7384d09e56c5caed34c8e5565efbe2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:06:12 +0200 Subject: [PATCH 304/695] added logging to commit hooks --- .hooks/post-commit | 2 ++ .hooks/pre-commit | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.hooks/post-commit b/.hooks/post-commit index 7803850..93d7f15 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -1,3 +1,5 @@ #!/usr/bin/env bash +echo "restoring stashed changes" + git stash pop -q diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 524d4e5..6687ec0 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,5 +1,6 @@ #!/usr/bin/env bash +echo "stashing all uncommitted changes" git stash -q --keep-index echo "checking flakes all compile" @@ -14,6 +15,7 @@ echo "running linter" RESULT=$? +echo "adding lint changes to commit" git add -u exit $RESULT \ No newline at end of file From dec1ef1d963804884d11510b5c54c1cb09a58712 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:07:27 +0200 Subject: [PATCH 305/695] removed completed task from README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index f639b53..8e7e794 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - get rid of disko config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- fix pre commit hook - Flake templates - home assistant virtual machine - searxng docker From 04871258ee4233cb29d9662eb8ba6eb2de9d3197 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:01:41 +0200 Subject: [PATCH 306/695] moved ester and eve over to home manager --- README.md | 2 +- enviroments/common/default.nix | 3 ++ hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 17 +++++--- hosts/twilight/configuration.nix | 19 ++++---- users/default.nix | 1 - users/ester/default.nix | 16 ++----- users/ester/home.nix | 73 +++++++++++++++++++++++++++++++ users/eve/default.nix | 18 ++------ users/eve/home.nix | 75 ++++++++++++++++++++++++++++++++ users/home.nix | 4 +- users/leyla/default.nix | 22 +++++----- users/leyla/home.nix | 29 ++---------- users/leyla/packages.nix | 4 +- users/leyla/vscode.nix | 67 ++++++++++++++-------------- 15 files changed, 233 insertions(+), 119 deletions(-) create mode 100644 users/ester/home.nix create mode 100644 users/eve/home.nix diff --git a/README.md b/README.md index 8e7e794..677971c 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,8 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- Eve and Ester home-manager - get rid of disko config and import it in hardware-configuration.nix +- why does users.users..home conflict with home-manager.users..home.homeDirectory ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 9ee0c50..3416c1a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -42,18 +42,21 @@ uid = 1000; description = "Leyla"; group = "leyla"; + home = "/home/leyla"; }; ester = { uid = 1001; description = "Ester"; group = "ester"; + home = "/home/ester"; }; eve = { uid = 1002; description = "Eve"; group = "eve"; + home = "/home/eve"; }; jellyfin = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 09c51a4..bbe9601 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -15,7 +15,7 @@ ]; home-manager.users.leyla.config = { - isThinUser = true; + isTerminalUser = true; }; boot.loader.grub = { diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 7086276..ef042d6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,13 +14,16 @@ ../../enviroments/client ]; - home-manager.users.leyla.config = { - isFullUser = true; - }; - - users = { - ester.isFullUser = true; - eve.isFullUser = true; + home-manager.users = { + leyla.config = { + isDesktopUser = true; + }; + ester.config = { + isDesktopUser = true; + }; + eve.config = { + isDesktopUser = true; + }; }; # enabled virtualisation for docker diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 39bf38b..4de1e5f 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,14 +14,17 @@ ../../enviroments/client ]; - home-manager.users.leyla.config = { - isFullUser = true; - hasGPU = true; - }; - - users = { - ester.isFullUser = true; - eve.isFullUser = true; + home-manager.users = { + leyla.config = { + isDesktopUser = true; + hasGPU = true; + }; + ester.config = { + isDesktopUser = true; + }; + eve.config = { + isDesktopUser = true; + }; }; systemd.tmpfiles.rules = [ diff --git a/users/default.nix b/users/default.nix index 3dc52d9..ab74274 100644 --- a/users/default.nix +++ b/users/default.nix @@ -3,6 +3,5 @@ users.mutableUsers = false; - home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.users = import ./home.nix; } diff --git a/users/ester/default.nix b/users/ester/default.nix index f6a1203..61e0d4e 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -5,16 +5,12 @@ inputs, ... }: let - cfg = config.users.ester; + cfg = config.home-manager.users.ester; in { - options.users.ester = { - isFullUser = lib.mkEnableOption "ester"; - }; - config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf cfg.isDesktopUser { "passwords/ester" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -22,18 +18,12 @@ in { }; users.users.ester = ( - if cfg.isFullUser + if cfg.isDesktopUser then { isNormalUser = true; extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; } else { isSystemUser = true; diff --git a/users/ester/home.nix b/users/ester/home.nix new file mode 100644 index 0000000..1d3a2a2 --- /dev/null +++ b/users/ester/home.nix @@ -0,0 +1,73 @@ +{ + pkgs, + lib, + config, + ... +}: { + options = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + + config = { + home = { + username = "ester"; + homeDirectory = "/home/ester"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/ester/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + + packages = lib.mkIf config.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + }; + }; +} diff --git a/users/eve/default.nix b/users/eve/default.nix index 7902ff2..4956dea 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -5,16 +5,12 @@ inputs, ... }: let - cfg = config.users.eve; + cfg = config.home-manager.users.eve; in { - options.users.eve = { - isFullUser = lib.mkEnableOption "eve"; - }; - config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf cfg.isDesktopUser { "passwords/eve" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -22,20 +18,12 @@ in { }; users.users.eve = ( - if cfg.isFullUser + if cfg.isDesktopUser then { isNormalUser = true; extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; } else { isSystemUser = true; diff --git a/users/eve/home.nix b/users/eve/home.nix new file mode 100644 index 0000000..461458d --- /dev/null +++ b/users/eve/home.nix @@ -0,0 +1,75 @@ +{ + pkgs, + lib, + config, + ... +}: { + options = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + + config = { + home = { + username = "eve"; + homeDirectory = "/home/eve"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + + packages = lib.mkIf config.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + }; + }; +} diff --git a/users/home.nix b/users/home.nix index 0571905..88d6337 100644 --- a/users/home.nix +++ b/users/home.nix @@ -1,5 +1,5 @@ { leyla = import ./leyla/home.nix; - # ester = import ./ester/home.nix; - # eve = import ./eve/home.nix; + ester = import ./ester/home.nix; + eve = import ./eve/home.nix; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 47b3edb..e8baee3 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in { config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { + sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) { "passwords/leyla" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -17,15 +17,13 @@ in { }; users.users.leyla = ( - if (cfg.isFullUser || cfg.isThinUser) + if (cfg.isDesktopUser || cfg.isTerminalUser) then { isNormalUser = true; - extraGroups = lib.mkMerge [ + extraGroups = ( ["networkmanager" "wheel"] - ( - lib.mkUnless cfg.isThinUser ["adbusers"] - ) - ]; + ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" + ); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; @@ -43,8 +41,8 @@ in { services = { ollama = { - enable = true; - acceleration = lib.mkIf cfg.hasGPU "cuda"; + enable = cfg.hasGPU; + acceleration = "cuda"; }; # TODO: this should reference the home directory from the user config @@ -59,16 +57,16 @@ in { }; programs = { - steam = lib.mkIf cfg.isFullUser { + steam = lib.mkIf cfg.isDesktopUser { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers }; - noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isDesktopUser; - adb.enable = cfg.isFullUser; + adb.enable = cfg.isDesktopUser; }; }; } diff --git a/users/leyla/home.nix b/users/leyla/home.nix index f8d4c42..ac513de 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -9,8 +9,8 @@ ]; options = { - isFullUser = lib.mkEnableOption "create usable leyla user"; - isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; @@ -30,27 +30,6 @@ # release notes. stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage # plain files is through 'home.file'. file = { @@ -101,10 +80,10 @@ # add direnv to auto load flakes for development direnv = { enable = true; - enableBashIntegration = true; # see note on other shells below + enableBashIntegration = true; nix-direnv.enable = true; }; - bash.enable = true; # see note on other shells below + bash.enable = true; # firefox = { # enable = true; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 1478d1d..d59696d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -11,7 +11,7 @@ ]; home = { - packages = lib.mkIf (config.isFullUser || config.isThinUser) ( + packages = lib.mkIf (config.isDesktopUser || config.isTerminalUser) ( lib.mkMerge [ ( with pkgs; [ @@ -22,7 +22,7 @@ ] ) ( - lib.mkIf (!config.isThinUser) ( + lib.mkIf (!config.isTerminalUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index 37fc4be..dbb5ae0 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -12,7 +12,7 @@ }; programs = { - bash.shellAliases = lib.mkIf config.isFullUser { + bash.shellAliases = lib.mkIf config.isDesktopUser { code = "codium"; }; @@ -36,42 +36,45 @@ ]; }; - extensions = with extensions.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + extensions = ( + with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # misc extensions - bungcip.better-toml + # misc extensions + bungcip.better-toml - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + open-vsx."10nates".ollama-autocoder + ] + ++ ( + with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); }; }; } From ce2f59a386a559117f8871064c51dd1ba50efa04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:05:35 +0200 Subject: [PATCH 307/695] moved firefox draft to own file --- users/leyla/firefox.nix | 132 +++++++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 1 + 2 files changed, 133 insertions(+) create mode 100644 users/leyla/firefox.nix diff --git a/users/leyla/firefox.nix b/users/leyla/firefox.nix new file mode 100644 index 0000000..615b3e3 --- /dev/null +++ b/users/leyla/firefox.nix @@ -0,0 +1,132 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: { + programs = { + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d59696d..bf3589c 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,7 @@ }: { imports = [ ./vscode.nix + ./firefox.nix ]; home = { From 60fba00be909e9fc9a5adfa97227557c1735ec41 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:51:38 +0200 Subject: [PATCH 308/695] moved user config back into user file from home file --- hosts/defiant/configuration.nix | 6 ++++-- hosts/horizon/configuration.nix | 8 ++++---- hosts/twilight/configuration.nix | 9 ++++----- users/default.nix | 11 +++++++++-- users/ester/default.nix | 6 +++++- users/ester/home.nix | 13 ++++++------- users/eve/default.nix | 6 +++++- users/eve/home.nix | 14 ++++++-------- users/home.nix | 10 +++++++--- users/leyla/default.nix | 8 +++++++- users/leyla/home.nix | 10 ++-------- users/leyla/packages.nix | 12 +++++++----- users/leyla/vscode.nix | 8 +++++--- 13 files changed, 71 insertions(+), 50 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bbe9601..07017bd 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,8 +14,10 @@ ../../enviroments/server ]; - home-manager.users.leyla.config = { - isTerminalUser = true; + nixos.users = { + leyla = { + isTerminalUser = true; + }; }; boot.loader.grub = { diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ef042d6..f49e83d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,14 +14,14 @@ ../../enviroments/client ]; - home-manager.users = { - leyla.config = { + nixos.users = { + leyla = { isDesktopUser = true; }; - ester.config = { + ester = { isDesktopUser = true; }; - eve.config = { + eve = { isDesktopUser = true; }; }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 4de1e5f..0ed47c8 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -13,16 +13,15 @@ ../../enviroments/client ]; - - home-manager.users = { - leyla.config = { + nixos.users = { + leyla = { isDesktopUser = true; hasGPU = true; }; - ester.config = { + ester = { isDesktopUser = true; }; - eve.config = { + eve = { isDesktopUser = true; }; }; diff --git a/users/default.nix b/users/default.nix index ab74274..fd1f6a4 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,7 +1,14 @@ -{inputs, ...}: { +{ + lib, + config, + ... +}: { imports = [./leyla ./ester ./eve]; users.mutableUsers = false; - home-manager.users = import ./home.nix; + home-manager.users = import ./home.nix { + lib = lib; + config = config; + }; } diff --git a/users/ester/default.nix b/users/ester/default.nix index 61e0d4e..ec5449c 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -5,8 +5,12 @@ inputs, ... }: let - cfg = config.home-manager.users.ester; + cfg = config.nixos.users.ester; in { + options.nixos.users.ester = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/ester/home.nix b/users/ester/home.nix index 1d3a2a2..773c13c 100644 --- a/users/ester/home.nix +++ b/users/ester/home.nix @@ -2,16 +2,15 @@ pkgs, lib, config, + osConfig, ... -}: { - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - +}: let + cfg = osConfig.nixos.users.ester; +in { config = { home = { username = "ester"; - homeDirectory = "/home/ester"; + homeDirectory = osConfig.users.users.ester.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release @@ -56,7 +55,7 @@ # EDITOR = "emacs"; }; - packages = lib.mkIf config.isDesktopUser ( + packages = lib.mkIf cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/users/eve/default.nix b/users/eve/default.nix index 4956dea..46c9a8a 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -5,8 +5,12 @@ inputs, ... }: let - cfg = config.home-manager.users.eve; + cfg = config.nixos.users.eve; in { + options.nixos.users.eve = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/eve/home.nix b/users/eve/home.nix index 461458d..0b1d25c 100644 --- a/users/eve/home.nix +++ b/users/eve/home.nix @@ -1,17 +1,15 @@ { pkgs, lib, - config, + osConfig, ... -}: { - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - +}: let + cfg = osConfig.nixos.users.eve; +in { config = { home = { username = "eve"; - homeDirectory = "/home/eve"; + homeDirectory = osConfig.users.users.eve.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release @@ -56,7 +54,7 @@ # EDITOR = "emacs"; }; - packages = lib.mkIf config.isDesktopUser ( + packages = lib.mkIf cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/users/home.nix b/users/home.nix index 88d6337..d32f2df 100644 --- a/users/home.nix +++ b/users/home.nix @@ -1,5 +1,9 @@ { - leyla = import ./leyla/home.nix; - ester = import ./ester/home.nix; - eve = import ./eve/home.nix; + lib, + config, + ... +}: { + leyla = lib.mkIf (config.nixos.users.leyla.isDesktopUser || config.nixos.users.leyla.isTerminalUser) (import ./leyla/home.nix); + ester = lib.mkIf config.nixos.users.ester.isDesktopUser (import ./ester/home.nix); + eve = lib.mkIf config.nixos.users.eve.isDesktopUser (import ./eve/home.nix); } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index e8baee3..48e3c98 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -4,8 +4,14 @@ inputs, ... }: let - cfg = config.home-manager.users.leyla; + cfg = config.nixos.users.leyla; in { + options.nixos.users.leyla = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/home.nix b/users/leyla/home.nix index ac513de..14f4e8b 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,25 +1,19 @@ { lib, - config, pkgs, + osConfig, ... }: { imports = [ ./packages.nix ]; - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - config = { # Home Manager needs a bit of information about you and the paths it should # manage. home = { username = "leyla"; - homeDirectory = "/home/leyla"; + homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index bf3589c..0b40333 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -5,14 +5,16 @@ pkgs, inputs, ... -}: { +}: let + cfg = osConfig.nixos.users.leyla; +in { imports = [ ./vscode.nix ./firefox.nix ]; home = { - packages = lib.mkIf (config.isDesktopUser || config.isTerminalUser) ( + packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( lib.mkMerge [ ( with pkgs; [ @@ -23,7 +25,7 @@ ] ) ( - lib.mkIf (!config.isTerminalUser) ( + lib.mkIf (!cfg.isTerminalUser) ( with pkgs; [ #foss platforms signal-desktop @@ -42,7 +44,7 @@ onionshare easytag # rhythmbox - (lib.mkIf config.hasGPU obs-studio) + (lib.mkIf cfg.hasGPU obs-studio) # wireshark # rpi-imager # fritzing @@ -51,7 +53,7 @@ discord obsidian steam - (lib.mkIf config.hasGPU davinci-resolve) + (lib.mkIf cfg.hasGPU davinci-resolve) # development tools androidStudioPackages.canary diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index dbb5ae0..a0dd27c 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -1,10 +1,12 @@ { lib, - config, + osConfig, pkgs, inputs, ... -}: { +}: let + cfg = osConfig.nixos.users.leyla; +in { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -12,7 +14,7 @@ }; programs = { - bash.shellAliases = lib.mkIf config.isDesktopUser { + bash.shellAliases = lib.mkIf cfg.isDesktopUser { code = "codium"; }; From 3cf6791d9e3a6bc80d302ceca05bf965b1e09d4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Oct 2024 17:16:59 +0200 Subject: [PATCH 309/695] installed anki --- users/leyla/packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0b40333..33bdc28 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -55,6 +55,8 @@ in { steam (lib.mkIf cfg.hasGPU davinci-resolve) + anki-bin + # development tools androidStudioPackages.canary jetbrains.idea-community From 8dc253056cd34d5d95e81242cc37239f126a6726 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Oct 2024 17:35:54 +0200 Subject: [PATCH 310/695] updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index e323be9..9f0181a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1727249977, - "narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=", + "lastModified": 1728659696, + "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", "owner": "nix-community", "repo": "disko", - "rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa", + "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1727246346, - "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", + "lastModified": 1728650932, + "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", + "rev": "65ae9c147349829d3df0222151f53f79821c5134", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1727228778, - "narHash": "sha256-vg1b7yLH8TgKsUi5KlctSx4GuET7MAoWUR7nqAGnU/Y=", + "lastModified": 1728179514, + "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "fb86a415579cd38eb7b47c3ada597841b97e2ea9", + "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { From f6e0b8684cf5d2739e17a13ff1e1c1e59fdc3c38 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Oct 2024 20:21:36 +0200 Subject: [PATCH 311/695] added home assistant to defiant --- enviroments/server/default.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3d20a17..f2f32bf 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -72,6 +72,18 @@ default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; + home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that home-assistant will be hosted at"; + default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -249,6 +261,17 @@ stateDir = "/home/forgejo/data"; }; + home-assistant = { + enable = true; + config.http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -270,6 +293,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; + ${config.apps.home-assistant.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + }; }; }; }; @@ -279,7 +307,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [53 2049 3000 8081]; + # TODO: remove 8081 and 8082 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; environment.systemPackages = [ config.services.headscale.package From abede83bfac00d9ec9169f26bdb0a452112e0c42 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Oct 2024 19:13:36 -0500 Subject: [PATCH 312/695] added legacy mount points back to horizon --- hosts/horizon/hardware-configuration.nix | 33 +++++++++++------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 1e203f3..3645905 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -63,26 +63,23 @@ options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - # "/mnt/legacy_leyla_home" = - # { - # device = "server.arpa:/home/leyla"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - # }; + "/mnt/legacy_leyla_home" = { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - # "/mnt/legacy_share_home" = - # { - # device = "server.arpa:/home/share"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - # }; + "/mnt/legacy_share_home" = { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - # "/mnt/legacy_docker_home" = - # { - # device = "server.arpa:/home/docker"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - # }; + "/mnt/legacy_docker_home" = { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + }; }; services.cachefilesd.enable = true; From b2ee04dce5aa9cc2a429bd252be1927b39067e22 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Oct 2024 19:21:07 -0500 Subject: [PATCH 313/695] added more hass config --- enviroments/common/default.nix | 17 ++++++++++++++++- enviroments/server/default.nix | 16 +++++++++------- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3416c1a..db170db 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { imports = [ ../../users ]; @@ -76,6 +80,12 @@ group = "pihole"; isSystemUser = true; }; + + hass = { + uid = lib.mkForce 2004; + group = "hass"; + isSystemUser = true; + }; }; groups = { @@ -118,6 +128,11 @@ gid = 2003; members = ["pihole" "leyla"]; }; + + hass = { + gid = lib.mkForce 2004; + members = ["hass" "leyla"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f2f32bf..c3e6464 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -137,12 +137,13 @@ systemd = { tmpfiles.rules = [ "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d /home/jellyfin/config 750 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" # is /home/docker/jellyfin/cache on existing server "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" - "d /home/pihole 750 pihole pihole -" + "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server + "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system + "d /home/hass 750 hass hass -" # is /home/docker/hass on old system ]; services = { @@ -243,8 +244,8 @@ enable = true; user = "jellyfin"; group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + dataDir = "/home/jellyfin/config"; + cacheDir = "/home/jellyfin/cache"; }; forgejo = { @@ -263,6 +264,7 @@ home-assistant = { enable = true; + configDir = "/home/hass"; config.http = { server_port = 8082; use_x_forwarded_for = true; From 7c3aaf241a9f1199efdd263c4c27ae8a935e03c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 19 Oct 2024 11:15:13 -0500 Subject: [PATCH 314/695] added searxng --- README.md | 3 +-- enviroments/server/default.nix | 40 ++++++++++++++++++++++++++++++---- flake.lock | 38 ++++++++++++++++---------------- secrets | 2 +- 4 files changed, 57 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 677971c..32b2a22 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- home assistant virtual machine -- searxng docker +- searxng - nextcloud ??? - samba mounts - firefox declarative??? diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3e6464..7d44a14 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -84,6 +84,18 @@ default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; + searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "search"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that searx will be hosted at"; + default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -92,6 +104,9 @@ "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; virtualisation = { @@ -234,8 +249,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns_config.base_domain = config.apps.base_domain; + # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -274,6 +289,18 @@ }; }; + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + base_url = config.apps.searx.hostname; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -300,6 +327,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; + ${config.apps.searx.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + }; }; }; }; @@ -309,8 +341,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081 and 8082 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; + # TODO: remove 8081, 8082, 8083 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 9f0181a..0e62de9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1728659696, - "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", + "lastModified": 1729281548, + "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", "owner": "nix-community", "repo": "disko", - "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", + "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1728650932, - "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", + "lastModified": 1729321331, + "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", "owner": "nix-community", "repo": "home-manager", - "rev": "65ae9c147349829d3df0222151f53f79821c5134", + "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1728179514, - "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", + "lastModified": 1729302344, + "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", + "rev": "a2a26f1bada2202572599346eb952bd3e130af66", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1729333370, + "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1727152771, - "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "lastModified": 1729353554, + "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", "ref": "main", - "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", - "revCount": 2, + "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", + "revCount": 3, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, diff --git a/secrets b/secrets index 46172e9..73b4f30 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 +Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb From 1790d785f528ca8473953bcdc9975e85f03368bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 22 Oct 2024 10:27:51 -0500 Subject: [PATCH 315/695] installed flipperq --- enviroments/client/default.nix | 1 + flake.lock | 30 +++++++++++++++--------------- users/leyla/packages.nix | 3 ++- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 86ff67b..9dfa06b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -44,6 +44,7 @@ # Enable sound with pipewire. hardware.pulseaudio.enable = false; + hardware.flipperzero.enable = true; security.rtkit.enable = true; environment.systemPackages = with pkgs; [ diff --git a/flake.lock b/flake.lock index 0e62de9..7fc8f4b 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1729321331, - "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", + "lastModified": 1729551526, + "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", + "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1729302344, - "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", + "lastModified": 1729475384, + "narHash": "sha256-x7ODafOKfxXMdgs/wPXVpmf04vOr7cJLEDWYT/TBjY0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a2a26f1bada2202572599346eb952bd3e130af66", + "rev": "77a421d6c7ea09381c7e33d90c3017c9727dfbc3", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729333370, - "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", + "lastModified": 1729509737, + "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", + "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728156290, - "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", + "lastModified": 1729357638, + "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17ae88b569bb15590549ff478bab6494dde4a907", + "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1728345710, - "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", + "lastModified": 1729394972, + "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", + "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 33bdc28..c8c5058 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,7 +38,7 @@ in { krita freecad # cura - kicad-small + # kicad-small makemkv transmission_4-gtk onionshare @@ -62,6 +62,7 @@ in { jetbrains.idea-community dbeaver-bin bruno + qFlipper # system tools protonvpn-gui From 77e3d687d4d4db1b5df94b5f6595855682e71bee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Oct 2024 12:10:25 -0500 Subject: [PATCH 316/695] added nix language server removed ollama --- enviroments/client/default.nix | 13 ++++++++++++- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 2 -- users/leyla/vscode.nix | 14 +++++++++++--- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 9dfa06b..0e07090 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,8 +1,16 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ../common ]; + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + services = { # Enable CUPS to print documents. printing.enable = true; @@ -51,6 +59,9 @@ # helvetica font aileron + # nix langauge server + nixd + cachefilesd gnomeExtensions.dash-to-dock diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 48e3c98..2698b8e 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -46,10 +46,10 @@ in { ); services = { - ollama = { - enable = cfg.hasGPU; - acceleration = "cuda"; - }; + # ollama = { + # enable = cfg.hasGPU; + # acceleration = "cuda"; + # }; # TODO: this should reference the home directory from the user config openssh.hostKeys = [ diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c8c5058..1406f6d 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,9 +1,7 @@ { lib, - config, osConfig, pkgs, - inputs, ... }: let cfg = osConfig.nixos.users.leyla; diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index a0dd27c..2da1844 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -36,10 +36,18 @@ in { "cSpell.userWords" = [ "webdav" ]; + "nix.serverPath" = "nixd"; + "nix.enableLanguageServer" = true; + "nixpkgs" = { + "expr" = "import {}"; + }; + # "fomratting": { + # "command": [ "alejandra" ]; + # }; }; extensions = ( - with extensions.open-vsx; + with open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -68,10 +76,10 @@ in { # misc extensions bungcip.better-toml - open-vsx."10nates".ollama-autocoder + # lib.mkIf open-vsx."10nates".ollama-autocoder ] ++ ( - with extensions.vscode-marketplace; [ + with vscode-marketplace; [ # js extensions karyfoundation.nearley ] From f132f44b9603a93c6daed26ce61340bc19a2b93f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Oct 2024 13:16:14 -0500 Subject: [PATCH 317/695] installed proxmark tools --- README.md | 1 + flake.nix | 11 +++++++++-- overlays/default.nix | 7 +++++++ pkgs/default.nix | 3 ++- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 6 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 overlays/default.nix diff --git a/README.md b/README.md index 32b2a22..94476a5 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ +- https://nixos-and-flakes.thiscute.world/ ## Configuration set up git configuration for local development: `git config core.hooksPath .hooks` diff --git a/flake.nix b/flake.nix index efffbd2..aaf2266 100644 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,6 @@ }; outputs = { - self, nixpkgs, disko, nixos-hardware, @@ -60,22 +59,28 @@ home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; }; - forEachSystem = nixpkgs.lib.genAttrs [ + systems = [ "aarch64-darwin" "aarch64-linux" "x86_64-darwin" "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs systems; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); lib = callPackage ./util {} // nixpkgs.lib; in { + packages = forEachPkgs (import ./pkgs); + + formatter = forEachPkgs (system: system.alejandra); + nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix @@ -86,6 +91,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix @@ -95,6 +101,7 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..4957ab8 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,7 @@ +{...}: { + nixpkgs.overlays = [ + ( + self: super: import ../pkgs {pkgs = super;} + ) + ]; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 87a13d7..b02ba6c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,2 +1,3 @@ -_: { +{...}: { + # package = pkgs.callPackage ./package.nix {}; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2698b8e..2c1f87b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -27,7 +27,7 @@ in { then { isNormalUser = true; extraGroups = ( - ["networkmanager" "wheel"] + ["networkmanager" "wheel" "dialout"] ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" ); diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 1406f6d..8aa3a72 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -61,6 +61,8 @@ in { dbeaver-bin bruno qFlipper + proxmark3 + mfoc # system tools protonvpn-gui From 3e11cfd967714bc3e4665db4bca6673a5d29bf8a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 2 Nov 2024 15:58:03 -0500 Subject: [PATCH 318/695] fixed configs connection to nginx --- enviroments/common/default.nix | 11 +++ enviroments/server/default.nix | 153 ++++++++++++++++++++++++++------- 2 files changed, 133 insertions(+), 31 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index db170db..c07382f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,6 +86,12 @@ group = "hass"; isSystemUser = true; }; + + headscale = { + uid = 2005; + group = "headscale"; + isSystemUser = true; + }; }; groups = { @@ -133,6 +139,11 @@ gid = lib.mkForce 2004; members = ["hass" "leyla"]; }; + + headscale = { + gid = 2005; + members = ["headscale"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 7d44a14..fee58c6 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -4,7 +4,13 @@ pkgs, inputs, ... -}: { +}: let + jellyfinPort = 8096; + nfsPort = 2049; + dnsPort = 53; + httpPort = 80; + httpsPort = 443; +in { imports = [ ../common ]; @@ -47,6 +53,11 @@ description = "subdomain of base domain that headscale will be hosted at"; default = "headscale"; }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that headscale will be hosted at"; + default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + }; }; jellyfin = { subdomain = lib.mkOption { @@ -59,6 +70,43 @@ description = "hosname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; + directory = { + root = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will be at"; + default = "/home/jellyfin"; + }; + mediaDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the media in"; + default = "media"; + }; + mediaDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its media in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.mediaDirectoryName}"; + }; + dataDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the config in"; + default = "data"; + }; + dataDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its config in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.dataDirectoryName}"; + }; + cacheDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the cache in"; + default = "cache"; + }; + cacheDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its cache in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.cacheDirectoryName}"; + }; + }; }; forgejo = { subdomain = lib.mkOption { @@ -151,10 +199,10 @@ systemd = { tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server - "d /home/jellyfin/config 750 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" # is /home/docker/jellyfin/cache on existing server + "d ${config.apps.jellyfin.directory.root} 755 jellyfin jellyfin -" + "d ${config.apps.jellyfin.directory.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d ${config.apps.jellyfin.directory.dataDirectory} 2770 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server + "d ${config.apps.jellyfin.directory.cacheDirectory} 2750 jellyfin jellyfin -" # is /home/docker/jellyfin/cache on existing server "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system @@ -230,28 +278,57 @@ postgresql = { enable = true; - ensureDatabases = ["forgejo"]; + ensureDatabases = ["forgejo" "headscale"]; + ensureUsers = [ + { + name = "postgres"; + } + { + name = "forgejo"; + } + { + name = "headscale"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser - superuser_map root postgres + + # Administration Users superuser_map postgres postgres + superuser_map root postgres + superuser_map leyla postgres + + # Client Users superuser_map forgejo forgejo + # superuser_map headscale headscale ''; # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser auth-method optional_ident_map - local sameuser all peer map=superuser_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map ''; }; headscale = { enable = true; + user = "headscale"; + group = "headscale"; address = "0.0.0.0"; port = 8080; settings = { - # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns.base_domain = config.apps.base_domain; - logtail.enabled = false; + server_url = "https://${config.apps.headscale.hostname}"; + dns.base_domain = "clients.${config.apps.headscale.hostname}"; + logtail.enabled = true; + # database = { + # type = "postgres"; + # postgres = { + # host = "localhost"; + # port = 5432; + # user = "headscale"; + # name = "headscale"; + # }; + # }; }; }; @@ -259,13 +336,19 @@ enable = true; user = "jellyfin"; group = "jellyfin"; - dataDir = "/home/jellyfin/config"; - cacheDir = "/home/jellyfin/cache"; + dataDir = config.apps.jellyfin.directory.dataDirectory; + cacheDir = config.apps.jellyfin.directory.cacheDirectory; }; forgejo = { enable = true; - database.type = "postgres"; + database = { + type = "postgres"; + host = "localhost"; + port = 5432; + user = "forgejo"; + name = "forgejo"; + }; lfs.enable = true; settings = { server = { @@ -278,7 +361,7 @@ }; home-assistant = { - enable = true; + enable = false; configDir = "/home/hass"; config.http = { server_port = 8082; @@ -295,42 +378,41 @@ settings = { server = { port = 8083; - base_url = config.apps.searx.hostname; secret_key = "@SEARXNG_SECRET@"; }; }; }; nginx = { - enable = false; # TODO: enable this when you want to test all the configs + enable = true; virtualHosts = { ${config.apps.headscale.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/" = { proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; ${config.apps.jellyfin.hostname} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; + # forceSSL = true; + # enableACME = true; + locations."/".proxyPass = "http://localhost:${toString jellyfinPort}"; }; ${config.apps.forgejo.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; ${config.apps.home-assistant.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; ${config.apps.searx.hostname} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + # forceSSL = true; + # enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; }; @@ -341,8 +423,17 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081, 8082, 8083 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + dnsPort + nfsPort + jellyfinPort + config.services.headscale.port + config.services.forgejo.settings.server.HTTP_PORT + # config.services.home-assistant.config.http.server_port + config.services.searx.settings.server.port + ]; environment.systemPackages = [ config.services.headscale.package From 4e08a8ecf721e2f347dffe211694aab2fef1b1c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:15:48 -0600 Subject: [PATCH 319/695] removed rev number from install script --- install.sh | 2 +- secrets | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 882a935..bed56a9 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/secrets b/secrets index 73b4f30..ef623d6 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb +Subproject commit ef623d6a9e25c1f0ec9d282ab5ed5dff54674816 From 87895e29b592cf4c881f95604ea3a1fc57ad99ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:47:09 -0600 Subject: [PATCH 320/695] fixed database and permissions on service directories --- README.md | 3 - enviroments/common/default.nix | 11 ++ enviroments/server/default.nix | 176 +++++++++++++++++--------------- flake.lock | 48 +++++---- hosts/defiant/configuration.nix | 4 +- 5 files changed, 130 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index 94476a5..5f4848e 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- searxng -- nextcloud ??? - samba mounts - firefox declarative??? - figure out steam vr things? @@ -59,7 +57,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- headscale server (just needs to be tested) - mastodon server - tail scale clients - wake on LAN diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index c07382f..8df4c0e 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -92,6 +92,12 @@ group = "headscale"; isSystemUser = true; }; + + nextcloud = { + uid = 2006; + group = "nextcloud"; + isSystemUser = true; + }; }; groups = { @@ -144,6 +150,11 @@ gid = 2005; members = ["headscale"]; }; + + nextcloud = { + gid = 2006; + members = ["nextcloud"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index fee58c6..4cd45ff 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -10,6 +10,7 @@ dnsPort = 53; httpPort = 80; httpsPort = 443; + isDebug = false; in { imports = [ ../common @@ -46,6 +47,18 @@ in { type = lib.types.str; description = "ip address to use for pi-hole"; }; + directory = { + root = lib.mkOption { + type = lib.types.str; + description = "directory that piholes will be hosted at"; + default = "/var/lib/pihole"; + }; + data = lib.mkOption { + type = lib.types.str; + description = "directory that piholes data will be hosted at"; + default = "${config.apps.pihole.directory.root}/data"; + }; + }; }; headscale = { subdomain = lib.mkOption { @@ -70,48 +83,16 @@ in { description = "hosname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; - directory = { - root = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will be at"; - default = "/home/jellyfin"; - }; - mediaDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the media in"; - default = "media"; - }; - mediaDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its media in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.mediaDirectoryName}"; - }; - dataDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the config in"; - default = "data"; - }; - dataDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its config in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.dataDirectoryName}"; - }; - cacheDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the cache in"; - default = "cache"; - }; - cacheDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its cache in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.cacheDirectoryName}"; - }; + mediaDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will be at"; + default = "/home/jellyfin"; }; }; forgejo = { subdomain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that foregjo will be hosted at"; + description = "subdomain of base domain that forgejo will be hosted at"; default = "forgejo"; }; hostname = lib.mkOption { @@ -144,6 +125,18 @@ in { default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; }; }; + nextcloud = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that nextcloud will be hosted at"; + default = "nextcloud"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that nextcloud will be hosted at"; + default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -155,6 +148,10 @@ in { "services/searx" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/nextcloud_adminpass" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + owner = config.users.users.nextcloud.name; + }; }; virtualisation = { @@ -178,7 +175,7 @@ in { in { image = config.apps.pihole.image; volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.apps.pihole.directory.data}:/etc/pihole:rw" "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" ]; environment = { @@ -197,16 +194,12 @@ in { }; }; + # TODO: dynamic users systemd = { tmpfiles.rules = [ - "d ${config.apps.jellyfin.directory.root} 755 jellyfin jellyfin -" - "d ${config.apps.jellyfin.directory.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server - "d ${config.apps.jellyfin.directory.dataDirectory} 2770 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server - "d ${config.apps.jellyfin.directory.cacheDirectory} 2750 jellyfin jellyfin -" # is /home/docker/jellyfin/cache on existing server - "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server - "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system - "d /home/hass 750 hass hass -" # is /home/docker/hass on old system + "d ${config.apps.jellyfin.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system + "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system ]; services = { @@ -241,6 +234,13 @@ in { partOf = ["podman-compose-root.target"]; wantedBy = ["podman-compose-root.target"]; }; + # nextcloud-setup = { + # after = ["network.target"]; + # }; + headscale = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; }; # disable computer sleeping @@ -278,18 +278,24 @@ in { postgresql = { enable = true; - ensureDatabases = ["forgejo" "headscale"]; ensureUsers = [ { name = "postgres"; } { name = "forgejo"; + ensureDBOwnership = true; } { name = "headscale"; + ensureDBOwnership = true; } ]; + ensureDatabases = [ + "forgejo" + "headscale" + # "nextcloud" + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -300,13 +306,13 @@ in { # Client Users superuser_map forgejo forgejo - # superuser_map headscale headscale + superuser_map headscale headscale ''; # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map ''; }; @@ -320,34 +326,27 @@ in { server_url = "https://${config.apps.headscale.hostname}"; dns.base_domain = "clients.${config.apps.headscale.hostname}"; logtail.enabled = true; - # database = { - # type = "postgres"; - # postgres = { - # host = "localhost"; - # port = 5432; - # user = "headscale"; - # name = "headscale"; - # }; - # }; + database = { + type = "postgres"; + postgres = { + host = "/run/postgresql"; + port = config.services.postgresql.settings.port; + user = "headscale"; + name = "headscale"; + }; + }; }; }; jellyfin = { enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = config.apps.jellyfin.directory.dataDirectory; - cacheDir = config.apps.jellyfin.directory.cacheDirectory; }; forgejo = { enable = true; database = { type = "postgres"; - host = "localhost"; - port = 5432; - user = "forgejo"; - name = "forgejo"; + socket = "/run/postgresql"; }; lfs.enable = true; settings = { @@ -355,14 +354,11 @@ in { DOMAIN = config.apps.forgejo.hostname; HTTP_PORT = 8081; }; - service.DISABLE_REGISTRATION = true; }; - stateDir = "/home/forgejo/data"; }; home-assistant = { - enable = false; - configDir = "/home/hass"; + enable = true; config.http = { server_port = 8082; use_x_forwarded_for = true; @@ -383,6 +379,16 @@ in { }; }; + # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = config.apps.nextcloud.hostname; + config = { + adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + }; + }; + nginx = { enable = true; virtualHosts = { @@ -423,17 +429,21 @@ in { defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - dnsPort - nfsPort - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - # config.services.home-assistant.config.http.server_port - config.services.searx.settings.server.port - ]; + networking.firewall.allowedTCPPorts = + [ + httpPort + httpsPort + dnsPort + nfsPort + ] + ++ (lib.optional isDebug [ + jellyfinPort + config.services.headscale.port + config.services.forgejo.settings.server.HTTP_PORT + config.services.home-assistant.config.http.server_port + config.services.postgresql.settings.port + config.services.searx.settings.server.port + ]); environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 7fc8f4b..4d181fa 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1729281548, - "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", + "lastModified": 1730751873, + "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", "owner": "nix-community", "repo": "disko", - "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", + "rev": "856a2902156ba304efebd4c1096dbf7465569454", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1729551526, - "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", + "lastModified": 1730633670, + "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", + "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1729475384, - "narHash": "sha256-x7ODafOKfxXMdgs/wPXVpmf04vOr7cJLEDWYT/TBjY0=", + "lastModified": 1730685024, + "narHash": "sha256-w0cQSTjLBaUSziPGwyI0nbWVD64+N3ByoSxC0CEZmeI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "77a421d6c7ea09381c7e33d90c3017c9727dfbc3", + "rev": "16ca007ec37c29a8b97e4899f33c013defbdb2f9", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729509737, - "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", + "lastModified": 1730537918, + "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", + "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", "type": "github" }, "original": { @@ -114,11 +114,9 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729256560, - "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", + "rev": "6eef3d72452247a6d9baafe05cffc1c9bc93f1c4", "type": "github" }, "original": { @@ -130,11 +128,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1729357638, - "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -158,11 +156,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1729353554, - "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", + "lastModified": 1730665670, + "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", "ref": "main", - "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", - "revCount": 3, + "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", + "revCount": 6, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, @@ -180,11 +178,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1729394972, - "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", + "lastModified": 1730746162, + "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", + "rev": "59d6988329626132eaf107761643f55eb979eef1", "type": "github" }, "original": { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 07017bd..76dba60 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,6 +1,5 @@ # server nas { - config, pkgs, inputs, ... @@ -47,6 +46,9 @@ forgejo = { subdomain = "git"; }; + nextcloud = { + subdomain = "drive"; + }; }; services = { From c4cf83298f0a687913e5e7ba905d62bbfa74f757 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:49:44 -0600 Subject: [PATCH 321/695] added tail scale to clients --- enviroments/client/default.nix | 4 ++++ hosts/horizon/configuration.nix | 7 +------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 0e07090..921d7b5 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -48,6 +48,10 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; + + tailscale = { + enable = true; + }; }; # Enable sound with pipewire. diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index f49e83d..15a52e9 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,10 +1,5 @@ # leyla laptop -{ - config, - pkgs, - inputs, - ... -}: { +{inputs, ...}: { imports = [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops From 89bbccb9db7a5a28e55fb79cd2e48c3e9c86f3f2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 22:25:10 -0600 Subject: [PATCH 322/695] added user dirs to leyla home manager --- users/leyla/home.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 14f4e8b..342be5e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,5 +1,4 @@ { - lib, pkgs, osConfig, ... @@ -37,6 +36,25 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; + ".config/user-dirs.dirs" = { + force = true; + text = '' + # This file is written by xdg-user-dirs-update + # If you want to change or add directories, just edit the line you're + # interested in. All local changes will be retained on the next run. + # Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped + # homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an + # absolute path. No other format is supported. + # + XDG_DESKTOP_DIR="$HOME/desktop" + XDG_DOWNLOAD_DIR="$HOME/downloads" + XDG_DOCUMENTS_DIR="$HOME/documents" + XDG_TEMPLATES_DIR="$HOME/documents/templates" + XDG_MUSIC_DIR="$HOME/documents/music" + XDG_PICTURES_DIR="$HOME/documents/photos" + XDG_VIDEOS_DIR="$HOME/documents/videos" + ''; + }; }; # Home Manager can also manage your environment variables through From 8553f6fcd8ec55a8be748f2cc74b3b6d130ae351 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:12:31 -0600 Subject: [PATCH 323/695] disabled tails scale on clients --- enviroments/client/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 921d7b5..16e3263 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -49,9 +49,9 @@ #media-session.enable = true; }; - tailscale = { - enable = true; - }; + # tailscale = { + # enable = true; + # }; }; # Enable sound with pipewire. From 818110419ef458fa8a5487ce2a49c9ee0f103385 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:16:09 -0600 Subject: [PATCH 324/695] added public share to leyla home --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 342be5e..c74037a 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -53,6 +53,7 @@ XDG_MUSIC_DIR="$HOME/documents/music" XDG_PICTURES_DIR="$HOME/documents/photos" XDG_VIDEOS_DIR="$HOME/documents/videos" + XDG_PUBLICSHARE_DIR="$HOME/documents/public" ''; }; }; From 22f6a37ea89f7247008e9afccfcc8ecf277a8fc0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:17:50 -0600 Subject: [PATCH 325/695] drafted out impermanence for defiant --- README.md | 2 +- flake.lock | 16 ++++ flake.nix | 6 ++ hosts/defiant/disko-config.nix | 91 +++++++++--------- hosts/defiant/hardware-configuration.nix | 113 ++++++++++++++++++++++- 5 files changed, 182 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 5f4848e..e94d8b3 100644 --- a/README.md +++ b/README.md @@ -60,4 +60,4 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - mastodon server - tail scale clients - wake on LAN -- ISO target that contains authorized keys for nixos-anywhere \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file diff --git a/flake.lock b/flake.lock index 4d181fa..ed31d1e 100644 --- a/flake.lock +++ b/flake.lock @@ -74,6 +74,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1730403150, + "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat", @@ -146,6 +161,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index aaf2266..7e716ec 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + impermanence = { + url = "github:nix-community/impermanence"; + }; + # users home directories home-manager = { url = "github:nix-community/home-manager"; @@ -49,6 +53,7 @@ outputs = { nixpkgs, disko, + impermanence, nixos-hardware, home-manager, ... @@ -102,6 +107,7 @@ specialArgs = {inherit inputs lib;}; modules = [ ./overlays + impermanence.nixosModules.impermanence disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index a913aeb..0be19c4 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -1,10 +1,9 @@ -{lib, ...}: let +{...}: let bootDisk = devicePath: { type = "disk"; device = devicePath; content = { type = "gpt"; - partitions = { boot = { size = "1M"; @@ -32,37 +31,37 @@ size = "100%"; content = { type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - cacheDisk = devicePath: swapSize: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - encryptedSwap = { - size = swapSize; - content = { - type = "swap"; - randomEncryption = true; - discardPolicy = "both"; - resumeDevice = true; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; + pool = "rpool"; }; }; }; }; }; + # cacheDisk = devicePath: swapSize: { + # type = "disk"; + # device = devicePath; + # content = { + # type = "gpt"; + # partitions = { + # encryptedSwap = { + # size = swapSize; + # content = { + # type = "swap"; + # randomEncryption = true; + # discardPolicy = "both"; + # resumeDevice = true; + # }; + # }; + # zfs = { + # size = "100%"; + # content = { + # type = "zfs"; + # pool = "rpool"; + # }; + # }; + # }; + # }; + # }; in { disko.devices = { disk = { @@ -75,7 +74,7 @@ in { # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zroot = { + rpool = { type = "zpool"; mode = { topology = { @@ -92,7 +91,7 @@ in { } ]; cache = []; - # cache = [ "ssd_2_tb_a" ]; + # cache = [ "ssd_2_tb_a" ];z }; }; @@ -101,34 +100,40 @@ in { }; rootFsOptions = { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; compression = "lz4"; xattr = "sa"; acltype = "posixacl"; + canmount = "off"; "com.sun:auto-snapshot" = "false"; }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - datasets = { - "nix" = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + options.mountpoint = "legacy"; + postCreateHook = "zfs snapshot rpool/root@blank"; + }; + home = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + postCreateHook = "zfs snapshot rpool/home@blank"; + }; + nix = { type = "zfs_fs"; mountpoint = "/nix"; }; - "home" = { + persistent = { type = "zfs_fs"; - mountpoint = "/mnt/home"; + mountpoint = "/persistent"; options = { "com.sun:auto-snapshot" = "true"; }; }; - "var" = { - type = "zfs_fs"; - mountpoint = "/var"; - }; }; }; }; diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index edfaeee..0d345f2 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -2,9 +2,9 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { + pkgs, config, lib, - pkgs, modulesPath, ... }: { @@ -13,27 +13,136 @@ ../hardware-common.nix ]; + security.sudo.extraConfig = "Defaults lecture=never"; + boot = { initrd = { availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; kernelModules = []; + # TODO: figure out some kind of snapshotting before rolebacks + # postDeviceCommands = lib.mkAfter '' + # zfs rollback -r rpool/root@blank + # zfs rollback -r rpool/home@blank + # ''; + systemd = { + enable = lib.mkDefault true; + services.rollback = { + description = "Rollback root filesystem to a pristine state on boot"; + wantedBy = [ + "zfs.target" + "initrd.target" + ]; + after = [ + "zfs-import-rpool.service" + ]; + before = [ + "sysroot.mount" + "fs.target" + ]; + path = with pkgs; [ + zfs + ]; + unitConfig.DefaultDependencies = "no"; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = + # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; + # }; + serviceConfig.Type = "oneshot"; + script = '' + zfs list -t snapshot || echo + zfs rollback -r rpool/root@blank + zfs rollback -r rpool/home@blank + ''; + }; + }; }; kernelModules = ["kvm-amd"]; + kernelParams = ["quiet"]; extraModulePackages = []; supportedFilesystems = ["zfs"]; - zfs.extraPools = ["zroot"]; + zfs.extraPools = ["rpool"]; }; swapDevices = []; + fileSystems = { + "/" = { + neededForBoot = true; + }; + + "/home" = { + neededForBoot = true; + }; + + "/persistent" = { + neededForBoot = true; + }; + }; + networking = { hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. useNetworkd = true; }; + environment.persistence."/persistent" = { + enable = true; + hideMounts = true; + directories = [ + # "/run/secrets" + + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + # config.environment.sessionVariables.SOPS_AGE_KEY_FILE + ]; + users.leyla = { + directories = [ + "documents" + ".ssh" + ]; + files = []; + }; + }; + + # systemd.services = { + # # https://github.com/openzfs/zfs/issues/10891 + # systemd-udev-settle.enable = false; + # # Snapshots are not accessable on boot for some reason this should fix it + # # https://github.com/NixOS/nixpkgs/issues/257505 + # zfs-mount = { + # serviceConfig = { + # # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ]; + # ExecStart = [ + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount" + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount" + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" + # ]; + # }; + # }; + # }; + systemd.network = { enable = true; From 64d547aa16f52f757a7e1cdc459ba69f6a87eea7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 18:38:44 -0600 Subject: [PATCH 326/695] switched to using dev shells for local development environment --- .envrc | 1 + .gitignore | 3 ++- .hooks/post-commit | 3 ++- .hooks/pre-commit | 5 +++-- README.md | 14 ++++++-------- const/sops_age_key_directory.nix | 1 + enviroments/common/default.nix | 2 +- flake.lock | 17 ++++++++++++++++- flake.nix | 18 +++++++++++++++++- install.sh | 2 +- lint.sh | 3 --- shell.nix | 14 ++++++++++++++ 12 files changed, 64 insertions(+), 19 deletions(-) create mode 100644 .envrc create mode 100644 const/sops_age_key_directory.nix delete mode 100755 lint.sh create mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..8392d15 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake \ No newline at end of file diff --git a/.gitignore b/.gitignore index e2f5dd2..d1da3a8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -result \ No newline at end of file +result +.direnv \ No newline at end of file diff --git a/.hooks/post-commit b/.hooks/post-commit index 93d7f15..56c439d 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix echo "restoring stashed changes" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 6687ec0..f98c64f 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix echo "stashing all uncommitted changes" git stash -q --keep-index @@ -11,7 +12,7 @@ if [ ! $? -eq 0 ]; then fi echo "running linter" -./lint.sh +alejandra -q . RESULT=$? diff --git a/README.md b/README.md index e94d8b3..afd4f90 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | | `defiant` | NAS Server | Leyla | Service | -| `emergent` | Desktop Computer | Eve | Laptop | -| `threshold` | Laptop | Eve | Desktop | +| `emergent` | Desktop Computer | Eve | Desktop | +| `threshold` | Laptop | Eve | Laptop | # Tooling ## Lint @@ -22,10 +22,13 @@ ## New host setup `./install.sh --target 192.168.1.130 --flake hostname` +## Updating Secrets +`sops -c sops secrets/secrets_file_here.yaml` + # Notes: ## Research topics -- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ @@ -33,11 +36,6 @@ - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ - https://nixos-and-flakes.thiscute.world/ -## Configuration -set up git configuration for local development: `git config core.hooksPath .hooks` - -to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) - # Tasks: ## Tech Debt diff --git a/const/sops_age_key_directory.nix b/const/sops_age_key_directory.nix new file mode 100644 index 0000000..cf948df --- /dev/null +++ b/const/sops_age_key_directory.nix @@ -0,0 +1 @@ +"/var/lib/sops-nix" diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8df4c0e..36b86ac 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -196,7 +196,7 @@ ]; sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; }; }; diff --git a/flake.lock b/flake.lock index ed31d1e..f77c46a 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,20 @@ } }, "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -91,7 +105,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -160,6 +174,7 @@ "root": { "inputs": { "disko": "disko", + "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", diff --git a/flake.nix b/flake.nix index 7e716ec..1d10485 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,10 @@ nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; + + flake-compat = { + url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + }; }; outputs = { @@ -78,7 +82,19 @@ in { packages = forEachPkgs (import ./pkgs); - formatter = forEachPkgs (system: system.alejandra); + formatter = forEachPkgs (pkgs: pkgs.alejandra); + + devShells = forEachPkgs (pkgs: { + default = pkgs.mkShell { + packages = with pkgs; [git sops alejandra nixos-anywhere]; + + SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; + + shellHook = '' + git config core.hooksPath .hooks + ''; + }; + }); nixosConfigurations = { # Leyla Laptop diff --git a/install.sh b/install.sh index bed56a9..0ed7cb8 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/lint.sh b/lint.sh deleted file mode 100755 index 3fc29e9..0000000 --- a/lint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -nix run git+https://github.com/kamadorueda/alejandra -- -q . diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d7c46b9 --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +( + import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + {src = ./.;} +) +.shellNix From 0bea01b6ba4e9c254c1363f02f332f8ddb5c038c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 19:01:56 -0600 Subject: [PATCH 327/695] installed lix on horizon --- flake.lock | 142 +++++++++++++++++++++++++++++++++++++++++++---------- flake.nix | 11 ++++- 2 files changed, 126 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f77c46a..4854b9d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1730751873, - "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "owner": "nix-community", "repo": "disko", - "rev": "856a2902156ba304efebd4c1096dbf7465569454", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "type": "github" }, "original": { @@ -24,14 +24,15 @@ "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" } }, "flake-compat_2": { @@ -54,6 +55,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -68,6 +87,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -75,11 +109,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -90,11 +124,11 @@ }, "impermanence": { "locked": { - "lastModified": 1730403150, - "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", "type": "github" }, "original": { @@ -103,20 +137,58 @@ "type": "github" } }, - "nix-vscode-extensions": { + "lix": { + "flake": false, + "locked": { + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + } + }, + "lix-module": { "inputs": { - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1730685024, - "narHash": "sha256-w0cQSTjLBaUSziPGwyI0nbWVD64+N3ByoSxC0CEZmeI=", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "ref": "stable", + "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", + "revCount": 110, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "ref": "stable", + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731289628, + "narHash": "sha256-bMqsWKoGMe4phm6xk2skjlGCCVv44AOom7Wb0eWv5Ic=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "16ca007ec37c29a8b97e4899f33c013defbdb2f9", + "rev": "91665308e59ce26cdcefa73dc85dfd9b39be725c", "type": "github" }, "original": { @@ -127,11 +199,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730537918, - "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", + "lastModified": 1731332224, + "narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", + "rev": "184687ae1a3139faa4746168baf071f60d0310c8", "type": "github" }, "original": { @@ -143,9 +215,11 @@ }, "nixpkgs": { "locked": { + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6eef3d72452247a6d9baafe05cffc1c9bc93f1c4", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -177,6 +251,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", @@ -209,11 +284,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730746162, - "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", + "lastModified": 1731364708, + "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "59d6988329626132eaf107761643f55eb979eef1", + "rev": "4c91d52db103e757fc25b58998b0576ae702d659", "type": "github" }, "original": { @@ -236,6 +311,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1d10485..02d86d7 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,12 @@ }; flake-compat = { - url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + url = "github:edolstra/flake-compat"; + }; + + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -60,6 +65,7 @@ impermanence, nixos-hardware, home-manager, + lix-module, ... } @ inputs: let home-manager-config = { @@ -101,6 +107,7 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays home-manager.nixosModules.home-manager home-manager-config @@ -112,6 +119,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays home-manager.nixosModules.home-manager home-manager-config @@ -122,6 +130,7 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays impermanence.nixosModules.impermanence disko.nixosModules.disko From 5ba3a082e6cc081f347f9c1830858f30741c1571 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 19:06:51 -0600 Subject: [PATCH 328/695] disabled impermanence --- enviroments/common/default.nix | 7 -- flake.lock | 16 --- flake.nix | 10 +- hosts/defiant/hardware-configuration.nix | 151 +++++++++++------------ 4 files changed, 80 insertions(+), 104 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 36b86ac..8b18f78 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -178,13 +178,6 @@ environment = { # List packages installed in system profile. systemPackages = with pkgs; [ - qemu - (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' - qemu-system-x86_64 \ - -bios ${OVMF.fd}/FV/OVMF.fd \ - "$@" - '') - wget # version control diff --git a/flake.lock b/flake.lock index 4854b9d..b092a6d 100644 --- a/flake.lock +++ b/flake.lock @@ -122,21 +122,6 @@ "type": "github" } }, - "impermanence": { - "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -250,7 +235,6 @@ "disko": "disko", "flake-compat": "flake-compat", "home-manager": "home-manager", - "impermanence": "impermanence", "lix-module": "lix-module", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 02d86d7..7d24c4c 100644 --- a/flake.nix +++ b/flake.nix @@ -23,9 +23,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - impermanence = { - url = "github:nix-community/impermanence"; - }; + # impermanence = { + # url = "github:nix-community/impermanence"; + # }; # users home directories home-manager = { @@ -62,7 +62,7 @@ outputs = { nixpkgs, disko, - impermanence, + # impermanence, nixos-hardware, home-manager, lix-module, @@ -132,7 +132,7 @@ modules = [ lix-module.nixosModules.default ./overlays - impermanence.nixosModules.impermanence + # impermanence.nixosModules.impermanence disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 0d345f2..13e4d5e 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -2,7 +2,6 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - pkgs, config, lib, modulesPath, @@ -24,38 +23,38 @@ # zfs rollback -r rpool/root@blank # zfs rollback -r rpool/home@blank # ''; - systemd = { - enable = lib.mkDefault true; - services.rollback = { - description = "Rollback root filesystem to a pristine state on boot"; - wantedBy = [ - "zfs.target" - "initrd.target" - ]; - after = [ - "zfs-import-rpool.service" - ]; - before = [ - "sysroot.mount" - "fs.target" - ]; - path = with pkgs; [ - zfs - ]; - unitConfig.DefaultDependencies = "no"; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = - # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; - # }; - serviceConfig.Type = "oneshot"; - script = '' - zfs list -t snapshot || echo - zfs rollback -r rpool/root@blank - zfs rollback -r rpool/home@blank - ''; - }; - }; + # systemd = { + # enable = lib.mkDefault true; + # services.rollback = { + # description = "Rollback root filesystem to a pristine state on boot"; + # wantedBy = [ + # "zfs.target" + # "initrd.target" + # ]; + # after = [ + # "zfs-import-rpool.service" + # ]; + # before = [ + # "sysroot.mount" + # "fs.target" + # ]; + # path = with pkgs; [ + # zfs + # ]; + # unitConfig.DefaultDependencies = "no"; + # # serviceConfig = { + # # Type = "oneshot"; + # # ExecStart = + # # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; + # # }; + # serviceConfig.Type = "oneshot"; + # script = '' + # zfs list -t snapshot || echo + # zfs rollback -r rpool/root@blank + # zfs rollback -r rpool/home@blank + # ''; + # }; + # }; }; kernelModules = ["kvm-amd"]; kernelParams = ["quiet"]; @@ -68,19 +67,19 @@ swapDevices = []; - fileSystems = { - "/" = { - neededForBoot = true; - }; + # fileSystems = { + # "/" = { + # neededForBoot = true; + # }; - "/home" = { - neededForBoot = true; - }; + # "/home" = { + # neededForBoot = true; + # }; - "/persistent" = { - neededForBoot = true; - }; - }; + # "/persistent" = { + # neededForBoot = true; + # }; + # }; networking = { hostId = "c51763d6"; @@ -88,43 +87,43 @@ useNetworkd = true; }; - environment.persistence."/persistent" = { - enable = true; - hideMounts = true; - directories = [ - # "/run/secrets" + # environment.persistence."/persistent" = { + # enable = true; + # hideMounts = true; + # directories = [ + # # "/run/secrets" - "/etc/ssh" + # "/etc/ssh" - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" + # "/var/log" + # "/var/lib/nixos" + # "/var/lib/systemd/coredump" - # config.apps.pihole.directory.root + # # config.apps.pihole.directory.root - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir + # # config.apps.jellyfin.mediaDirectory + # # config.services.jellyfin.configDir + # # config.services.jellyfin.cacheDir + # # config.services.jellyfin.dataDir - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home - ]; - files = [ - "/etc/machine-id" - # config.environment.sessionVariables.SOPS_AGE_KEY_FILE - ]; - users.leyla = { - directories = [ - "documents" - ".ssh" - ]; - files = []; - }; - }; + # # "/var/hass" # config.users.users.hass.home + # # "/var/postgresql" # config.users.users.postgresql.home + # # "/var/forgejo" # config.users.users.forgejo.home + # # "/var/nextcloud" # config.users.users.nextcloud.home + # # "/var/headscale" # config.users.users.headscale.home + # ]; + # files = [ + # "/etc/machine-id" + # # config.environment.sessionVariables.SOPS_AGE_KEY_FILE + # ]; + # users.leyla = { + # directories = [ + # "documents" + # ".ssh" + # ]; + # files = []; + # }; + # }; # systemd.services = { # # https://github.com/openzfs/zfs/issues/10891 From 47c8a79178bb08260c66782fb81eba8f03b0d1a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 20:18:24 -0600 Subject: [PATCH 329/695] installed nix-inspect in dev shell --- README.md | 3 +++ flake.nix | 8 +++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index afd4f90..d04a328 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,9 @@ ## Updating Secrets `sops -c sops secrets/secrets_file_here.yaml` +## Inspecting a configuration +`nix-inspect -p .` + # Notes: ## Research topics diff --git a/flake.nix b/flake.nix index 7d24c4c..4485df3 100644 --- a/flake.nix +++ b/flake.nix @@ -92,7 +92,13 @@ devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { - packages = with pkgs; [git sops alejandra nixos-anywhere]; + packages = with pkgs; [ + git + sops + alejandra + nix-inspect + nixos-anywhere + ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; From db36e48564fb14abe2eef7fd7ef571f20b18f472 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 13 Nov 2024 18:49:06 -0600 Subject: [PATCH 330/695] added hide env diff to direnv config --- users/leyla/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c74037a..1cb93f5 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -95,6 +95,9 @@ enable = true; enableBashIntegration = true; nix-direnv.enable = true; + config = { + hide_env_diff = true; + }; }; bash.enable = true; From 1179b3a6057e8e5e1c43fb4ec4c78a1308824f86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 16 Nov 2024 23:35:02 +0000 Subject: [PATCH 331/695] added nix-config to direnv whitelist --- users/leyla/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1cb93f5..f87768e 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -96,7 +96,8 @@ enableBashIntegration = true; nix-direnv.enable = true; config = { - hide_env_diff = true; + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; }; }; bash.enable = true; From da8f80584fc79521fe1dbb9e48d58a8d386c80be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 17 Nov 2024 19:18:14 -0600 Subject: [PATCH 332/695] installed plugins for astro blog development --- users/leyla/vscode.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index 2da1844..1a118db 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -73,6 +73,10 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + # misc extensions bungcip.better-toml From c8e7944da51575860e7b8396cf1b64a0bf95042f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Nov 2024 22:02:11 -0600 Subject: [PATCH 333/695] added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d04a328..1c3dac4 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates +- default open file types - samba mounts - firefox declarative??? - figure out steam vr things? From 18f51a65c267eff00cfb55c29701f57f505827eb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 00:51:10 -0600 Subject: [PATCH 334/695] restructured project to split out home manager --- enviroments/common/default.nix | 2 +- enviroments/common/users/default.nix | 9 + .../common/users}/ester/default.nix | 1 - .../common/users}/eve/default.nix | 1 - .../common/users}/leyla/default.nix | 0 flake.nix | 78 +---- homes/default.nix | 5 + .../ester/home.nix => homes/ester/default.nix | 1 - users/eve/home.nix => homes/eve/default.nix | 0 .../leyla/home.nix => homes/leyla/default.nix | 0 homes/leyla/firefox.nix | 304 ++++++++++++++++++ {users => homes}/leyla/packages.nix | 0 {users => homes}/leyla/vscode.nix | 2 +- hosts/defiant/configuration.nix | 8 +- hosts/defiant/default.nix | 8 + hosts/horizon/configuration.nix | 18 +- hosts/horizon/default.nix | 7 + hosts/twilight/configuration.nix | 13 +- hosts/twilight/default.nix | 7 + secrets | 1 - users/default.nix | 14 - users/home.nix | 9 - users/leyla/firefox.nix | 132 -------- util/default.nix | 55 +++- 24 files changed, 421 insertions(+), 254 deletions(-) create mode 100644 enviroments/common/users/default.nix rename {users => enviroments/common/users}/ester/default.nix (98%) rename {users => enviroments/common/users}/eve/default.nix (98%) rename {users => enviroments/common/users}/leyla/default.nix (100%) create mode 100644 homes/default.nix rename users/ester/home.nix => homes/ester/default.nix (99%) rename users/eve/home.nix => homes/eve/default.nix (100%) rename users/leyla/home.nix => homes/leyla/default.nix (100%) create mode 100644 homes/leyla/firefox.nix rename {users => homes}/leyla/packages.nix (100%) rename {users => homes}/leyla/vscode.nix (98%) create mode 100644 hosts/defiant/default.nix create mode 100644 hosts/horizon/default.nix create mode 100644 hosts/twilight/default.nix delete mode 160000 secrets delete mode 100644 users/default.nix delete mode 100644 users/home.nix delete mode 100644 users/leyla/firefox.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8b18f78..cd8d588 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -4,7 +4,7 @@ ... }: { imports = [ - ../../users + ./users ]; nix = { diff --git a/enviroments/common/users/default.nix b/enviroments/common/users/default.nix new file mode 100644 index 0000000..ab0baa9 --- /dev/null +++ b/enviroments/common/users/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + ./leyla + ./ester + ./eve + ]; + + users.mutableUsers = false; +} diff --git a/users/ester/default.nix b/enviroments/common/users/ester/default.nix similarity index 98% rename from users/ester/default.nix rename to enviroments/common/users/ester/default.nix index ec5449c..0ebd7d1 100644 --- a/users/ester/default.nix +++ b/enviroments/common/users/ester/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: let diff --git a/users/eve/default.nix b/enviroments/common/users/eve/default.nix similarity index 98% rename from users/eve/default.nix rename to enviroments/common/users/eve/default.nix index 46c9a8a..fa40112 100644 --- a/users/eve/default.nix +++ b/enviroments/common/users/eve/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: let diff --git a/users/leyla/default.nix b/enviroments/common/users/leyla/default.nix similarity index 100% rename from users/leyla/default.nix rename to enviroments/common/users/leyla/default.nix diff --git a/flake.nix b/flake.nix index 4485df3..4ebc7ec 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,7 @@ }; # firefox-addons = { - # url = "gitlab.com:rycee/nur-expressions?dir=pkgs/firefox-addons"; + # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; # inputs.nixpkgs.follows = "nixpkgs"; # }; @@ -59,32 +59,13 @@ }; }; - outputs = { - nixpkgs, - disko, - # impermanence, - nixos-hardware, - home-manager, - lix-module, - ... - } @ inputs: let - home-manager-config = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - }; - systems = [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachSystem = nixpkgs.lib.genAttrs systems; - forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - - callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); - lib = callPackage ./util {} // nixpkgs.lib; + outputs = {...} @ inputs: let + util = import ./util {inherit inputs;}; + forEachPkgs = util.forEachPkgs; + mkSystem = util.mkSystem; + # mkHome = util.mkHome; + # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); + # lib = callPackage ./lib {} // nixpkgs.lib; in { packages = forEachPkgs (import ./pkgs); @@ -108,44 +89,15 @@ }; }); + # homeConfigurations = { + # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; + # }; + nixosConfigurations = { # Leyla Laptop - horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/horizon/configuration.nix - nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - }; - # Leyla Desktop - twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/twilight/configuration.nix - ]; - }; - # NAS Service - defiant = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - # impermanence.nixosModules.impermanence - disko.nixosModules.disko - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/defiant/disko-config.nix - ./hosts/defiant/configuration.nix - ]; - }; + horizon = mkSystem "horizon"; + twilight = mkSystem "twilight"; + defiant = mkSystem "defiant"; }; }; } diff --git a/homes/default.nix b/homes/default.nix new file mode 100644 index 0000000..8b44126 --- /dev/null +++ b/homes/default.nix @@ -0,0 +1,5 @@ +{ + leyla = import ./leyla; + ester = import ./ester; + eve = import ./eve; +} diff --git a/users/ester/home.nix b/homes/ester/default.nix similarity index 99% rename from users/ester/home.nix rename to homes/ester/default.nix index 773c13c..3edfca4 100644 --- a/users/ester/home.nix +++ b/homes/ester/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - config, osConfig, ... }: let diff --git a/users/eve/home.nix b/homes/eve/default.nix similarity index 100% rename from users/eve/home.nix rename to homes/eve/default.nix diff --git a/users/leyla/home.nix b/homes/leyla/default.nix similarity index 100% rename from users/leyla/home.nix rename to homes/leyla/default.nix diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix new file mode 100644 index 0000000..b9c2153 --- /dev/null +++ b/homes/leyla/firefox.nix @@ -0,0 +1,304 @@ +{ + lib, + osConfig, + # buildFirefoxXpiAddon, + pkgs, + inputs, + ... +}: let + cfg = osConfig.nixos.users.leyla; +in { + # programs.firefox = { + # enable = cfg.isDesktopUser; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with inputs.firefox-addons.packages."x86_64-linux"; [ + # bitwarden + # terms-of-service-didnt-read + # multi-account-containers + # shinigami-eyes + + # ublock-origin + # sponsorblock + # dearrow + # df-youtube + # return-youtube-dislikes + + # privacy-badger + # decentraleyes + # clearurls + # localcdn + + # snowflake + + # deutsch-de-language-pack + # dictionary-german + + # # ( + # # buildFirefoxXpiAddon rec { + # # pname = "italiano-it-language-pack"; + # # version = "132.0.20241110.231641"; + # # addonId = "langpack-it@firefox.mozilla.org"; + # # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # # sha256 = ""; + # # meta = with lib; + # # { + # # description = "Firefox Language Pack for Italiano (it) – Italian"; + # # license = licenses.mpl20; + # # mozPermissions = []; + # # platforms = platforms.all; + # # }; + # # } + # # ) + # # ( + # # buildFirefoxXpiAddon rec { + # # pname = "dizionario-italiano"; + # # version = "5.1"; + # # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # # sha256 = ""; + # # meta = with lib; + # # { + # # description = "Add support for Italian to spellchecking"; + # # license = licenses.gpl3; + # # mozPermissions = []; + # # platforms = platforms.all; + # # }; + # # } + # # ) + # ]; + + # settings = { + # # Disable irritating first-run stuff + # "browser.disableResetPrompt" = true; + # "browser.download.panel.shown" = true; + # "browser.feeds.showFirstRunUI" = false; + # "browser.messaging-system.whatsNewPanel.enabled" = false; + # "browser.rights.3.shown" = true; + # "browser.shell.checkDefaultBrowser" = false; + # "browser.shell.defaultBrowserCheckCount" = 1; + # "browser.startup.homepage_override.mstone" = "ignore"; + # "browser.uitour.enabled" = false; + # "startup.homepage_override_url" = ""; + # "trailhead.firstrun.didSeeAboutWelcome" = true; + # "browser.bookmarks.restore_default_bookmarks" = false; + # "browser.bookmarks.addedImportButton" = true; + + # # Usage Experiance + # "browser.startup.homepage" = "about:home"; + # "browser.download.useDownloadDir" = false; + # "browser.uiCustomization.state" = builtins.toJSON { + # "currentVersion" = 20; + # "newElementCount" = 6; + # "dirtyAreaCache" = [ + # "nav-bar" + # "PersonalToolbar" + # "toolbar-menubar" + # "TabsToolbar" + # "unified-extensions-area" + # "vertical-tabs" + # ]; + # "placements" = { + # "widget-overflow-fixed-list" = []; + # "unified-extensions-area"= [ + # "ublock0_raymondhill_net-browser-action" + # "sponsorblocker_ajay_app-browser-action" + # "dearrow_ajay_app-browser-action" + # "privacy_privacy_com-browser-action" + # "addon_simplelogin-browser-action" + # ]; + # "nav-bar" = [ + # "back-button" + # "forward-button" + # "stop-reload-button" + # "urlbar-container" + # "downloads-button" + # "unified-extensions-button" + # "reset-pbm-toolbar-button" + # ]; + # "toolbar-menubar" = [ + # "menubar-items" + # ]; + # "TabsToolbar" = [ + # "firefox-view-button" + # "tabbrowser-tabs" + # "new-tab-button" + # "alltabs-button" + # ]; + # "vertical-tabs" = []; + # "PersonalToolbar" = [ + # "import-button" + # "personal-bookmarks" + # ]; + # }; + # "seen" = [ + # "save-to-pocket-button" + # "developer-button" + # "privacy_privacy_com-browser-action" + # "sponsorblocker_ajay_app-browser-action" + # "ublock0_raymondhill_net-browser-action" + # "addon_simplelogin-browser-action" + # "dearrow_ajay_app-browser-action" + # ]; + # }; + # "browser.newtabpage.activity-stream.feeds.topsites" = false; + # "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + # "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + # "browser.newtabpage.blocked" = lib.genAttrs [ + # # Facebook + # "4gPpjkxgZzXPVtuEoAL9Ig==" + # # Reddit + # "gLv0ja2RYVgxKdp0I5qwvA==" + # # Amazon + # "K00ILysCaEq8+bEqV/3nuw==" + # # Twitter + # "T9nJot5PurhJSy8n038xGA==" + # ] (_: 1); + # "signon.rememberSignons" = false; + # "identity.fxaccounts.enabled" = false; + + # # Security + # "privacy.trackingprotection.enabled" = true; + # "dom.security.https_only_mode" = true; + + # # Disable telemetry + # "app.shield.optoutstudies.enabled" = false; + # "browser.discovery.enabled" = false; + # "browser.newtabpage.activity-stream.feeds.telemetry" = false; + # "browser.newtabpage.activity-stream.telemetry" = false; + # "browser.ping-centre.telemetry" = false; + # "datareporting.healthreport.service.enabled" = false; + # "datareporting.healthreport.uploadEnabled" = false; + # "datareporting.policy.dataSubmissionEnabled" = false; + # "datareporting.sessions.current.clean" = true; + # "devtools.onboarding.telemetry.logged" = false; + # "toolkit.telemetry.archive.enabled" = false; + # "toolkit.telemetry.bhrPing.enabled" = false; + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.firstShutdownPing.enabled" = false; + # "toolkit.telemetry.hybridContent.enabled" = false; + # "toolkit.telemetry.newProfilePing.enabled" = false; + # "toolkit.telemetry.prompted" = 2; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.reportingpolicy.firstRun" = false; + # "toolkit.telemetry.server" = ""; + # "toolkit.telemetry.shutdownPingSender.enabled" = false; + # "toolkit.telemetry.unified" = false; + # "toolkit.telemetry.unifiedIsOptIn" = false; + # "toolkit.telemetry.updatePing.enabled" = false; + # }; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # # url = "https://media.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://mspsocial.net"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # }; +} diff --git a/users/leyla/packages.nix b/homes/leyla/packages.nix similarity index 100% rename from users/leyla/packages.nix rename to homes/leyla/packages.nix diff --git a/users/leyla/vscode.nix b/homes/leyla/vscode.nix similarity index 98% rename from users/leyla/vscode.nix rename to homes/leyla/vscode.nix index 1a118db..02411ad 100644 --- a/users/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -23,7 +23,7 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = true; + enable = cfg.isDesktopUser; package = pkgs.vscodium; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 76dba60..06724b4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,15 +1,11 @@ # server nas { - pkgs, inputs, + pkgs, ... }: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix - + inputs.disko.nixosModules.disko ../../enviroments/server ]; diff --git a/hosts/defiant/default.nix b/hosts/defiant/default.nix new file mode 100644 index 0000000..36e1b6f --- /dev/null +++ b/hosts/defiant/default.nix @@ -0,0 +1,8 @@ +# server nas +{...}: { + imports = [ + ./configuration.nix + ./disko-config.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 15a52e9..d176522 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,10 +1,6 @@ -# leyla laptop {inputs, ...}: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix + inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client ]; @@ -13,12 +9,12 @@ leyla = { isDesktopUser = true; }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; - }; + # ester = { + # isDesktopUser = true; + # }; + # eve = { + # isDesktopUser = true; + # }; }; # enabled virtualisation for docker diff --git a/hosts/horizon/default.nix b/hosts/horizon/default.nix new file mode 100644 index 0000000..1263215 --- /dev/null +++ b/hosts/horizon/default.nix @@ -0,0 +1,7 @@ +# leyla laptop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 0ed47c8..264ea40 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,16 +1,5 @@ -# leyla laptop -{ - config, - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix - ../../enviroments/client ]; nixos.users = { diff --git a/hosts/twilight/default.nix b/hosts/twilight/default.nix new file mode 100644 index 0000000..edfb3f6 --- /dev/null +++ b/hosts/twilight/default.nix @@ -0,0 +1,7 @@ +# leyla desktop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/secrets b/secrets deleted file mode 160000 index ef623d6..0000000 --- a/secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ef623d6a9e25c1f0ec9d282ab5ed5dff54674816 diff --git a/users/default.nix b/users/default.nix deleted file mode 100644 index fd1f6a4..0000000 --- a/users/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - lib, - config, - ... -}: { - imports = [./leyla ./ester ./eve]; - - users.mutableUsers = false; - - home-manager.users = import ./home.nix { - lib = lib; - config = config; - }; -} diff --git a/users/home.nix b/users/home.nix deleted file mode 100644 index d32f2df..0000000 --- a/users/home.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: { - leyla = lib.mkIf (config.nixos.users.leyla.isDesktopUser || config.nixos.users.leyla.isTerminalUser) (import ./leyla/home.nix); - ester = lib.mkIf config.nixos.users.ester.isDesktopUser (import ./ester/home.nix); - eve = lib.mkIf config.nixos.users.eve.isDesktopUser (import ./eve/home.nix); -} diff --git a/users/leyla/firefox.nix b/users/leyla/firefox.nix deleted file mode 100644 index 615b3e3..0000000 --- a/users/leyla/firefox.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: { - programs = { - # firefox = { - # enable = true; - # profiles.leyla = { - - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; - - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; - - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden - - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } - }; -} diff --git a/util/default.nix b/util/default.nix index a06ac29..e091d80 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,61 @@ -{lib, ...}: { +{inputs}: let + util = (import ./default.nix) {inherit inputs;}; + outputs = inputs.self.outputs; + + lib = inputs.lib; + lix-module = inputs.lix-module; + nixpkgs = inputs.nixpkgs; + home-manager = inputs.home-manager; + sops-nix = inputs.sops-nix; + + systems = [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachSystem = nixpkgs.lib.genAttrs systems; + pkgsFor = system: nixpkgs.legacyPackages.${system}; + + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.users = import ../homes; + }; +in { + forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: lib.mkMerge [ (lib.mkIf condition yes) (lib.mkUnless condition no) ]; + + mkSystem = host: + inputs.nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs util;}; + modules = [ + lix-module.nixosModules.default + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + home-manager-config + ../overlays + ../hosts/${host} + ]; + }; + + # mkHome = user: host: + # home-manager.lib.homeManagerConfiguration { + # # pkgs = pkgsFor system; + # extraSpecialArgs = { + # inherit inputs util outputs; + # }; + # modules = [ + # # config + # outputs.homeManagerModules.default + # ]; + # }; } From bf8d87600d8ded556a3e1d29b4643aeb1bc9723e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 00:53:37 -0600 Subject: [PATCH 335/695] commented out temporary unused imports in firefox --- homes/leyla/firefox.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index b9c2153..49796a0 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,12 +1,12 @@ { - lib, - osConfig, + # lib, + # osConfig, # buildFirefoxXpiAddon, - pkgs, - inputs, + # pkgs, + # inputs, ... }: let - cfg = osConfig.nixos.users.leyla; + # cfg = osConfig.nixos.users.leyla; in { # programs.firefox = { # enable = cfg.isDesktopUser; From 7d71802ba16605490f9cb30d6c221fe0358fd1f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 01:06:02 -0600 Subject: [PATCH 336/695] managed firefox though home manager --- README.md | 2 +- flake.lock | 45 ++- flake.nix | 8 +- homes/leyla/firefox.nix | 579 ++++++++++++++++++++------------------- homes/leyla/packages.nix | 1 - 5 files changed, 340 insertions(+), 295 deletions(-) diff --git a/README.md b/README.md index 1c3dac4..72c77cf 100644 --- a/README.md +++ b/README.md @@ -36,8 +36,8 @@ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html -- This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ - https://nixos-and-flakes.thiscute.world/ +- `homeConfigurations` https://github.com/diego-vicente/dotfiles/blob/6c47284868f9e99483da34257144bd03ae5edbbe/flake.nix # Tasks: diff --git a/flake.lock b/flake.lock index b092a6d..d107388 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,29 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1732248209, + "narHash": "sha256-Mv8k0VuGdb6YhhKt+8SIvhMdmI4xZhw/3ycSvlAq19Q=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "4a8ba00d1be3f3745428ed56efbb32155c548192", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-compat": { "locked": { "lastModified": 1696426674, @@ -52,6 +75,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -69,7 +107,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -138,7 +176,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -163,7 +201,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -233,6 +271,7 @@ "root": { "inputs": { "disko": "disko", + "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index 4ebc7ec..6302960 100644 --- a/flake.nix +++ b/flake.nix @@ -33,10 +33,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # firefox-addons = { - # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # vscode extensions nix-vscode-extensions = { diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index 49796a0..f69af0e 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,304 +1,311 @@ { - # lib, - # osConfig, + lib, + osConfig, # buildFirefoxXpiAddon, - # pkgs, - # inputs, + pkgs, + inputs, ... }: let - # cfg = osConfig.nixos.users.leyla; + cfg = osConfig.nixos.users.leyla; in { - # programs.firefox = { - # enable = cfg.isDesktopUser; - # profiles.leyla = { + programs.firefox = { + enable = cfg.isDesktopUser; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; + extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - # extentions = with inputs.firefox-addons.packages."x86_64-linux"; [ - # bitwarden - # terms-of-service-didnt-read - # multi-account-containers - # shinigami-eyes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - # ublock-origin - # sponsorblock - # dearrow - # df-youtube - # return-youtube-dislikes + privacy-badger + decentraleyes + clearurls + localcdn - # privacy-badger - # decentraleyes - # clearurls - # localcdn + snowflake - # snowflake + deutsch-de-language-pack + dictionary-german - # deutsch-de-language-pack - # dictionary-german + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - # # ( - # # buildFirefoxXpiAddon rec { - # # pname = "italiano-it-language-pack"; - # # version = "132.0.20241110.231641"; - # # addonId = "langpack-it@firefox.mozilla.org"; - # # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # # sha256 = ""; - # # meta = with lib; - # # { - # # description = "Firefox Language Pack for Italiano (it) – Italian"; - # # license = licenses.mpl20; - # # mozPermissions = []; - # # platforms = platforms.all; - # # }; - # # } - # # ) - # # ( - # # buildFirefoxXpiAddon rec { - # # pname = "dizionario-italiano"; - # # version = "5.1"; - # # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # # sha256 = ""; - # # meta = with lib; - # # { - # # description = "Add support for Italian to spellchecking"; - # # license = licenses.gpl3; - # # mozPermissions = []; - # # platforms = platforms.all; - # # }; - # # } - # # ) - # ]; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; - # settings = { - # # Disable irritating first-run stuff - # "browser.disableResetPrompt" = true; - # "browser.download.panel.shown" = true; - # "browser.feeds.showFirstRunUI" = false; - # "browser.messaging-system.whatsNewPanel.enabled" = false; - # "browser.rights.3.shown" = true; - # "browser.shell.checkDefaultBrowser" = false; - # "browser.shell.defaultBrowserCheckCount" = 1; - # "browser.startup.homepage_override.mstone" = "ignore"; - # "browser.uitour.enabled" = false; - # "startup.homepage_override_url" = ""; - # "trailhead.firstrun.didSeeAboutWelcome" = true; - # "browser.bookmarks.restore_default_bookmarks" = false; - # "browser.bookmarks.addedImportButton" = true; + # Usage Experiance + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "privacy_privacy_com-browser-action" + "addon_simplelogin-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "signon.rememberSignons" = false; + "identity.fxaccounts.enabled" = false; - # # Usage Experiance - # "browser.startup.homepage" = "about:home"; - # "browser.download.useDownloadDir" = false; - # "browser.uiCustomization.state" = builtins.toJSON { - # "currentVersion" = 20; - # "newElementCount" = 6; - # "dirtyAreaCache" = [ - # "nav-bar" - # "PersonalToolbar" - # "toolbar-menubar" - # "TabsToolbar" - # "unified-extensions-area" - # "vertical-tabs" - # ]; - # "placements" = { - # "widget-overflow-fixed-list" = []; - # "unified-extensions-area"= [ - # "ublock0_raymondhill_net-browser-action" - # "sponsorblocker_ajay_app-browser-action" - # "dearrow_ajay_app-browser-action" - # "privacy_privacy_com-browser-action" - # "addon_simplelogin-browser-action" - # ]; - # "nav-bar" = [ - # "back-button" - # "forward-button" - # "stop-reload-button" - # "urlbar-container" - # "downloads-button" - # "unified-extensions-button" - # "reset-pbm-toolbar-button" - # ]; - # "toolbar-menubar" = [ - # "menubar-items" - # ]; - # "TabsToolbar" = [ - # "firefox-view-button" - # "tabbrowser-tabs" - # "new-tab-button" - # "alltabs-button" - # ]; - # "vertical-tabs" = []; - # "PersonalToolbar" = [ - # "import-button" - # "personal-bookmarks" - # ]; - # }; - # "seen" = [ - # "save-to-pocket-button" - # "developer-button" - # "privacy_privacy_com-browser-action" - # "sponsorblocker_ajay_app-browser-action" - # "ublock0_raymondhill_net-browser-action" - # "addon_simplelogin-browser-action" - # "dearrow_ajay_app-browser-action" - # ]; - # }; - # "browser.newtabpage.activity-stream.feeds.topsites" = false; - # "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - # "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - # "browser.newtabpage.blocked" = lib.genAttrs [ - # # Facebook - # "4gPpjkxgZzXPVtuEoAL9Ig==" - # # Reddit - # "gLv0ja2RYVgxKdp0I5qwvA==" - # # Amazon - # "K00ILysCaEq8+bEqV/3nuw==" - # # Twitter - # "T9nJot5PurhJSy8n038xGA==" - # ] (_: 1); - # "signon.rememberSignons" = false; - # "identity.fxaccounts.enabled" = false; + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; - # # Security - # "privacy.trackingprotection.enabled" = true; - # "dom.security.https_only_mode" = true; + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; - # # Disable telemetry - # "app.shield.optoutstudies.enabled" = false; - # "browser.discovery.enabled" = false; - # "browser.newtabpage.activity-stream.feeds.telemetry" = false; - # "browser.newtabpage.activity-stream.telemetry" = false; - # "browser.ping-centre.telemetry" = false; - # "datareporting.healthreport.service.enabled" = false; - # "datareporting.healthreport.uploadEnabled" = false; - # "datareporting.policy.dataSubmissionEnabled" = false; - # "datareporting.sessions.current.clean" = true; - # "devtools.onboarding.telemetry.logged" = false; - # "toolkit.telemetry.archive.enabled" = false; - # "toolkit.telemetry.bhrPing.enabled" = false; - # "toolkit.telemetry.enabled" = false; - # "toolkit.telemetry.firstShutdownPing.enabled" = false; - # "toolkit.telemetry.hybridContent.enabled" = false; - # "toolkit.telemetry.newProfilePing.enabled" = false; - # "toolkit.telemetry.prompted" = 2; - # "toolkit.telemetry.rejected" = true; - # "toolkit.telemetry.reportingpolicy.firstRun" = false; - # "toolkit.telemetry.server" = ""; - # "toolkit.telemetry.shutdownPingSender.enabled" = false; - # "toolkit.telemetry.unified" = false; - # "toolkit.telemetry.unifiedIsOptIn" = false; - # "toolkit.telemetry.updatePing.enabled" = false; - # }; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # # url = "https://media.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://mspsocial.net"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # }; + bookmarks = [ + { + name = "Media"; + url = "https://jellyfin.jan-leila.com/"; + # url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Drive"; + url = "https://drive.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home-assistant.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; } diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 8aa3a72..bfa9f18 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -28,7 +28,6 @@ in { #foss platforms signal-desktop bitwarden - firefox ungoogled-chromium libreoffice inkscape From 962aae64433db92d27512d042e57001fb490319e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 01:10:02 -0600 Subject: [PATCH 337/695] removed unused templates folder --- templates/default.nix | 1 - 1 file changed, 1 deletion(-) delete mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix deleted file mode 100644 index eed7124..0000000 --- a/templates/default.nix +++ /dev/null @@ -1 +0,0 @@ -_: {} From d74342427bf158acdb3f2d929f01d0353fcae538 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:09:58 -0600 Subject: [PATCH 338/695] tightened up firefox extensions configuration --- homes/leyla/firefox.nix | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index f69af0e..c325495 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -143,11 +143,22 @@ in { "placements" = { "widget-overflow-fixed-list" = []; "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" "dearrow_ajay_app-browser-action" - "privacy_privacy_com-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; "nav-bar" = [ "back-button" @@ -181,6 +192,16 @@ in { "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; }; "browser.newtabpage.activity-stream.feeds.topsites" = false; @@ -196,13 +217,24 @@ in { # Twitter "T9nJot5PurhJSy8n038xGA==" ] (_: 1); - "signon.rememberSignons" = false; "identity.fxaccounts.enabled" = false; # Security "privacy.trackingprotection.enabled" = true; "dom.security.https_only_mode" = true; + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + # Disable telemetry "app.shield.optoutstudies.enabled" = false; "browser.discovery.enabled" = false; From 747119936bef06812bb8f583327636c6eff134ae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:11:09 -0600 Subject: [PATCH 339/695] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 72c77cf..593444e 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,6 @@ - Flake templates - default open file types - samba mounts -- firefox declarative??? - figure out steam vr things? - Open GL? - util functions From a71ddaf5bd21c60f576938e7c9891c4a2e632b44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:19:41 -0600 Subject: [PATCH 340/695] re enabled ester and eve users on horizon --- hosts/horizon/configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d176522..7b85581 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -9,12 +9,12 @@ leyla = { isDesktopUser = true; }; - # ester = { - # isDesktopUser = true; - # }; - # eve = { - # isDesktopUser = true; - # }; + ester = { + isDesktopUser = true; + }; + eve = { + isDesktopUser = true; + }; }; # enabled virtualisation for docker From 131f04d901a9c102ef1b81b0e7f6de1840d79716 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 23:47:06 -0600 Subject: [PATCH 341/695] added comments to flake inputs --- README.md | 1 + flake.nix | 3 +++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 593444e..8a34032 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ - move applications in server environment into their own flakes - get rid of disko config and import it in hardware-configuration.nix - why does users.users..home conflict with home-manager.users..home.homeDirectory +- get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates diff --git a/flake.nix b/flake.nix index 6302960..13f7b9a 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # firefox extensions firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; @@ -49,10 +50,12 @@ url = "github:NixOS/nixos-hardware/master"; }; + # this is just here so that we have a lock on it for our dev shells flake-compat = { url = "github:edolstra/flake-compat"; }; + # lix in nice ig lix-module = { url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; inputs.nixpkgs.follows = "nixpkgs"; From ab7d031045232ffbb0e2263b8bb6c6793a3ce6e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Nov 2024 00:05:55 -0600 Subject: [PATCH 342/695] added another description to a flake input --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 13f7b9a..e895b5b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # delete your darlings # impermanence = { # url = "github:nix-community/impermanence"; # }; From d6cccdc41b2a21001180de76fe0adba8ac457a31 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Nov 2024 16:08:31 -0600 Subject: [PATCH 343/695] installed godot_4-mono --- homes/leyla/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index bfa9f18..86da04a 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -45,6 +45,7 @@ in { # wireshark # rpi-imager # fritzing + mfoc # proprietary platforms discord @@ -61,7 +62,7 @@ in { bruno qFlipper proxmark3 - mfoc + godot_4-mono # system tools protonvpn-gui From ddc087a5480811c1644ab6c380ea882d3a721c5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 00:47:36 -0600 Subject: [PATCH 344/695] removed users from common removed common hardware --- enviroments/common/default.nix | 128 +---------- enviroments/common/users/default.nix | 9 - enviroments/common/users/ester/default.nix | 36 --- enviroments/common/users/eve/default.nix | 36 --- enviroments/common/users/leyla/default.nix | 78 ------- homes/default.nix | 12 +- homes/ester/default.nix | 4 +- homes/eve/default.nix | 4 +- homes/leyla/default.nix | 2 +- homes/leyla/firefox.nix | 6 +- homes/leyla/packages.nix | 128 ++++++----- homes/leyla/vscode.nix | 8 +- hosts/defiant/configuration.nix | 16 +- hosts/defiant/hardware-configuration.nix | 1 - hosts/hardware-common.nix | 15 -- hosts/horizon/configuration.nix | 37 +-- hosts/horizon/hardware-configuration.nix | 1 - hosts/twilight/configuration.nix | 25 ++- hosts/twilight/hardware-configuration.nix | 5 - modules/hardware.nix | 16 ++ modules/users.nix | 249 +++++++++++++++++++++ util/default.nix | 4 +- 22 files changed, 400 insertions(+), 420 deletions(-) delete mode 100644 enviroments/common/users/default.nix delete mode 100644 enviroments/common/users/ester/default.nix delete mode 100644 enviroments/common/users/eve/default.nix delete mode 100644 enviroments/common/users/leyla/default.nix delete mode 100644 hosts/hardware-common.nix create mode 100644 modules/hardware.nix create mode 100644 modules/users.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index cd8d588..e2c9e40 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,11 +1,5 @@ -{ - pkgs, - lib, - ... -}: { - imports = [ - ./users - ]; +{pkgs, ...}: { + imports = []; nix = { settings = { @@ -40,124 +34,6 @@ LC_TIME = "en_US.UTF-8"; }; - users = { - users = { - leyla = { - uid = 1000; - description = "Leyla"; - group = "leyla"; - home = "/home/leyla"; - }; - - ester = { - uid = 1001; - description = "Ester"; - group = "ester"; - home = "/home/ester"; - }; - - eve = { - uid = 1002; - description = "Eve"; - group = "eve"; - home = "/home/eve"; - }; - - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; - }; - - forgejo = { - uid = 2002; - group = "forgejo"; - isSystemUser = true; - }; - - pihole = { - uid = 2003; - group = "pihole"; - isSystemUser = true; - }; - - hass = { - uid = lib.mkForce 2004; - group = "hass"; - isSystemUser = true; - }; - - headscale = { - uid = 2005; - group = "headscale"; - isSystemUser = true; - }; - - nextcloud = { - uid = 2006; - group = "nextcloud"; - isSystemUser = true; - }; - }; - - groups = { - leyla = { - gid = 1000; - members = ["lelya"]; - }; - - ester = { - gid = 1001; - members = ["ester"]; - }; - - eve = { - gid = 1002; - members = ["eve"]; - }; - - users = { - gid = 100; - members = ["leyla" "ester" "eve"]; - }; - - jellyfin = { - gid = 2000; - members = ["jellyfin" "leyla"]; - }; - - jellyfin_media = { - gid = 2001; - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - - forgejo = { - gid = 2002; - members = ["forgejo" "leyla"]; - }; - - pihole = { - gid = 2003; - members = ["pihole" "leyla"]; - }; - - hass = { - gid = lib.mkForce 2004; - members = ["hass" "leyla"]; - }; - - headscale = { - gid = 2005; - members = ["headscale"]; - }; - - nextcloud = { - gid = 2006; - members = ["nextcloud"]; - }; - }; - }; - services = { automatic-timezoned = { enable = true; diff --git a/enviroments/common/users/default.nix b/enviroments/common/users/default.nix deleted file mode 100644 index ab0baa9..0000000 --- a/enviroments/common/users/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - ./leyla - ./ester - ./eve - ]; - - users.mutableUsers = false; -} diff --git a/enviroments/common/users/ester/default.nix b/enviroments/common/users/ester/default.nix deleted file mode 100644 index 0ebd7d1..0000000 --- a/enviroments/common/users/ester/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.ester; -in { - options.nixos.users.ester = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf cfg.isDesktopUser { - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.ester = ( - if cfg.isDesktopUser - then { - isNormalUser = true; - extraGroups = ["networkmanager"]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - } - else { - isSystemUser = true; - } - ); - }; -} diff --git a/enviroments/common/users/eve/default.nix b/enviroments/common/users/eve/default.nix deleted file mode 100644 index fa40112..0000000 --- a/enviroments/common/users/eve/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.eve; -in { - options.nixos.users.eve = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf cfg.isDesktopUser { - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.eve = ( - if cfg.isDesktopUser - then { - isNormalUser = true; - extraGroups = ["networkmanager"]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - } - else { - isSystemUser = true; - } - ); - }; -} diff --git a/enviroments/common/users/leyla/default.nix b/enviroments/common/users/leyla/default.nix deleted file mode 100644 index 2c1f87b..0000000 --- a/enviroments/common/users/leyla/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.leyla; -in { - options.nixos.users.leyla = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.leyla = ( - if (cfg.isDesktopUser || cfg.isTerminalUser) - then { - isNormalUser = true; - extraGroups = ( - ["networkmanager" "wheel" "dialout"] - ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" - ); - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - }; - } - else { - isSystemUser = true; - } - ); - - services = { - # ollama = { - # enable = cfg.hasGPU; - # acceleration = "cuda"; - # }; - - # TODO: this should reference the home directory from the user config - openssh.hostKeys = [ - { - comment = "leyla@" + config.networking.hostName; - path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; - rounds = 100; - type = "ed25519"; - } - ]; - }; - - programs = { - steam = lib.mkIf cfg.isDesktopUser { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; - - noisetorch.enable = cfg.isDesktopUser; - - adb.enable = cfg.isDesktopUser; - }; - }; -} diff --git a/homes/default.nix b/homes/default.nix index 8b44126..587d1c2 100644 --- a/homes/default.nix +++ b/homes/default.nix @@ -1,5 +1,11 @@ { - leyla = import ./leyla; - ester = import ./ester; - eve = import ./eve; + lib, + config, + ... +}: let + users = config.host.users; +in { + leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); + ester = lib.mkIf users.ester.isNormalUser (import ./ester); + eve = lib.mkIf users.eve.isNormalUser (import ./eve); } diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 3edfca4..1e5d579 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.nixos.users.ester; + cfg = osConfig.host.users.ester; in { config = { home = { @@ -54,7 +54,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.mkIf cfg.isDesktopUser ( + packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 0b1d25c..d358b0d 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.nixos.users.eve; + cfg = osConfig.host.users.eve; in { config = { home = { @@ -54,7 +54,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.mkIf cfg.isDesktopUser ( + packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index f87768e..fe90ccd 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -12,7 +12,7 @@ # manage. home = { username = "leyla"; - homeDirectory = osConfig.users.users.leyla.home; + # homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index c325495..32a3c6b 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -5,11 +5,9 @@ pkgs, inputs, ... -}: let - cfg = osConfig.nixos.users.leyla; -in { +}: { programs.firefox = { - enable = cfg.isDesktopUser; + enable = true; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 86da04a..97327ce 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,8 @@ pkgs, ... }: let - cfg = osConfig.nixos.users.leyla; + cfg = osConfig.host.users.leyla; + hardware = osConfig.host.hardware; in { imports = [ ./vscode.nix @@ -12,72 +13,69 @@ in { ]; home = { - packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( - lib.mkMerge [ - ( + packages = + lib.lists.optionals cfg.isTerminalUser ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ++ ( + lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ - # comand line tools - yt-dlp - ffmpeg - imagemagick + #foss platforms + signal-desktop + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + anki-bin + + # development tools + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + qFlipper + proxmark3 + godot_4-mono + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) ] ) - ( - lib.mkIf (!cfg.isTerminalUser) ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - anki-bin - - # development tools - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno - qFlipper - proxmark3 - godot_4-mono - - # system tools - protonvpn-gui - openvpn - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf osConfig.hardware.piperMouse.enable piper) - (lib.mkIf osConfig.hardware.openRGB.enable openrgb) - (lib.mkIf osConfig.hardware.viaKeyboard.enable via) - ] - ) - ) - ] - ); + ); }; } diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 02411ad..37127f4 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -4,9 +4,7 @@ pkgs, inputs, ... -}: let - cfg = osConfig.nixos.users.leyla; -in { +}: { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -14,7 +12,7 @@ in { }; programs = { - bash.shellAliases = lib.mkIf cfg.isDesktopUser { + bash.shellAliases = { code = "codium"; }; @@ -23,7 +21,7 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = cfg.isDesktopUser; + enable = true; package = pkgs.vscodium; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 06724b4..78c4ab5 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -7,11 +7,21 @@ imports = [ inputs.disko.nixosModules.disko ../../enviroments/server + + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isTerminalUser = true; + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla = { + isTerminalUser = true; + isDesktopUser = true; + }; + ester.isNormalUser = false; + eve.isNormalUser = false; }; }; diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 13e4d5e..c84a9b4 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -9,7 +9,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; security.sudo.extraConfig = "Defaults lecture=never"; diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix deleted file mode 100644 index 920d609..0000000 --- a/hosts/hardware-common.nix +++ /dev/null @@ -1,15 +0,0 @@ -{lib, ...}: { - options = { - hardware = { - piperMouse = { - enable = lib.mkEnableOption "host has a piper mouse"; - }; - viaKeyboard = { - enable = lib.mkEnableOption "host has a via keyboard"; - }; - openRGB = { - enable = lib.mkEnableOption "host has open rgb hardware"; - }; - }; - }; -} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 7b85581..53d04e9 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,29 +3,32 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isDesktopUser = true; - }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + }; + ester.isDesktopUser = true; + eve.isDesktopUser = true; }; }; # enabled virtualisation for docker - virtualisation.docker = { - enable = true; - rootless = { - enable = true; - setSocketVariable = true; - }; - }; - users.extraGroups.docker.members = ["leyla"]; + # virtualisation.docker = { + # enable = true; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; + # }; + # users.extraGroups.docker.members = ["leyla"]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 3645905..e333702 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; boot = { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 264ea40..17d7a9e 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,17 +1,24 @@ {pkgs, ...}: { imports = [ ../../enviroments/client + + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isDesktopUser = true; - hasGPU = true; + + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla.isDesktopUser = true; + ester.isDesktopUser = true; + eve.isDesktopUser = true; }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; + hardware = { + piperMouse.enable = true; + viaKeyboard.enable = true; + openRGB.enable = true; + graphicsAcceleration.enable = true; }; }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index b2f11ee..fe2353b 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; boot = { @@ -81,10 +80,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { - piperMouse.enable = true; - viaKeyboard.enable = true; - openRGB.enable = true; - # Enable OpenGL graphics.enable = true; diff --git a/modules/hardware.nix b/modules/hardware.nix new file mode 100644 index 0000000..b002658 --- /dev/null +++ b/modules/hardware.nix @@ -0,0 +1,16 @@ +{lib, ...}: { + options.host.hardware = { + piperMouse = { + enable = lib.mkEnableOption "host has a piper mouse"; + }; + viaKeyboard = { + enable = lib.mkEnableOption "host has a via keyboard"; + }; + openRGB = { + enable = lib.mkEnableOption "host has open rgb hardware"; + }; + graphicsAcceleration = { + enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; + }; + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..849fd68 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,249 @@ +{ + lib, + config, + inputs, + ... +}: let + uids = { + leyla = 1000; + ester = 1001; + eve = 1002; + jellyfin = 2000; + forgejo = 2002; + pihole = 2003; + hass = 2004; + headscale = 2005; + nextcloud = 2006; + }; + + gids = { + leyla = 1000; + ester = 1001; + eve = 1002; + users = 100; + jellyfin_media = 2001; + jellyfin = 2000; + forgejo = 2002; + pihole = 2003; + hass = 2004; + headscale = 2005; + nextcloud = 2006; + }; + + users = config.users.users; + leyla = users.leyla.name; + ester = users.ester.name; + eve = users.eve.name; +in { + options.host.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + + config = { + # set up user passwords + sops.secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + }; + + users = { + mutableUsers = false; + users = { + leyla = { + uid = lib.mkForce uids.leyla; + description = "Leyla"; + extraGroups = + (lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"]) + ++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]); + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + isNormalUser = config.host.users.leyla.isNormalUser; + isSystemUser = !config.host.users.leyla.isNormalUser; + group = config.users.users.leyla.name; + }; + + ester = { + uid = lib.mkForce uids.ester; + description = "Ester"; + extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + isNormalUser = config.host.users.ester.isNormalUser; + isSystemUser = !config.host.users.ester.isNormalUser; + group = config.users.users.ester.name; + }; + + eve = { + uid = lib.mkForce uids.eve; + description = "Eve"; + extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + isNormalUser = config.host.users.eve.isNormalUser; + isSystemUser = !config.host.users.eve.isNormalUser; + group = config.users.users.eve.name; + }; + + jellyfin = { + uid = lib.mkForce uids.jellyfin; + isSystemUser = true; + group = config.users.users.jellyfin.name; + }; + + forgejo = { + uid = lib.mkForce uids.forgejo; + isSystemUser = true; + group = config.users.users.forgejo.name; + }; + + pihole = { + uid = lib.mkForce uids.pihole; + isSystemUser = true; + group = config.users.users.pihole.name; + }; + + hass = { + uid = lib.mkForce uids.hass; + isSystemUser = true; + group = config.users.users.hass.name; + }; + + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + + nextcloud = { + uid = lib.mkForce uids.nextcloud; + isSystemUser = true; + group = config.users.users.nextcloud.name; + }; + }; + + groups = { + leyla = { + gid = lib.mkForce gids.leyla; + members = [ + leyla + ]; + }; + + ester = { + gid = lib.mkForce gids.ester; + members = [ + ester + ]; + }; + + eve = { + gid = lib.mkForce gids.eve; + members = [ + eve + ]; + }; + + users = { + gid = lib.mkForce gids.users; + members = [ + leyla + ester + eve + ]; + }; + + jellyfin_media = { + gid = lib.mkForce gids.jellyfin_media; + members = [ + users.jellyfin.name + leyla + ester + eve + ]; + }; + + jellyfin = { + gid = lib.mkForce gids.jellyfin; + members = [ + users.jellyfin.name + # leyla + ]; + }; + + forgejo = { + gid = lib.mkForce gids.forgejo; + members = [ + users.forgejo.name + # leyla + ]; + }; + + pihole = { + gid = lib.mkForce gids.pihole; + members = [ + users.pihole.name + # leyla + ]; + }; + + hass = { + gid = lib.mkForce gids.hass; + members = [ + users.hass.name + # leyla + ]; + }; + + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + + nextcloud = { + gid = lib.mkForce gids.nextcloud; + members = [ + users.nextcloud.name + # leyla + ]; + }; + }; + }; + }; +} diff --git a/util/default.nix b/util/default.nix index e091d80..6146610 100644 --- a/util/default.nix +++ b/util/default.nix @@ -17,12 +17,12 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; - home-manager-config = { + home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; - home-manager.users = import ../homes; + home-manager.users = import ../homes nixpkgs; }; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); From aa7c2a2a15d88797574e58adb1f8107bab78df43 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 12:43:12 -0600 Subject: [PATCH 345/695] added isPrincipleUser to users --- enviroments/common/default.nix | 32 ------ hosts/defiant/configuration.nix | 3 +- hosts/horizon/configuration.nix | 1 + hosts/twilight/configuration.nix | 6 +- modules/users.nix | 189 +++++++++++++++++++++++-------- 5 files changed, 148 insertions(+), 83 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index e2c9e40..e79a47a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -4,7 +4,6 @@ nix = { settings = { experimental-features = ["nix-command" "flakes"]; - trusted-users = ["leyla"]; }; gc = { automatic = true; @@ -44,40 +43,9 @@ ports = [22]; settings = { PasswordAuthentication = false; - AllowUsers = ["leyla"]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; }; }; }; - - environment = { - # List packages installed in system profile. - systemPackages = with pkgs; [ - wget - - # version control - git - - # system debuging tools - iputils - dnsutils - ]; - - sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 78c4ab5..c52fd74 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,8 +17,9 @@ host = { users = { leyla = { - isTerminalUser = true; isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; }; ester.isNormalUser = false; eve.isNormalUser = false; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 53d04e9..529417d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,6 +14,7 @@ leyla = { isDesktopUser = true; isTerminalUser = true; + isPrincipleUser = true; }; ester.isDesktopUser = true; eve.isDesktopUser = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 17d7a9e..a958cca 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -10,7 +10,11 @@ host = { users = { - leyla.isDesktopUser = true; + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; ester.isDesktopUser = true; eve.isDesktopUser = true; }; diff --git a/modules/users.nix b/modules/users.nix index 849fd68..b85f408 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -4,6 +4,15 @@ inputs, ... }: let + SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix; + + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; + terminalUsers = host.terminalUsers; + normalUsers = host.normalUsers; + uids = { leyla = 1000; ester = 1001; @@ -35,51 +44,129 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + options.host = { + users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.string; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; }; config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + + # principle users are by definition trusted + nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; + + # we should only be able to ssh into principle users of a computer who are also set up for terminal access + services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); + + # we need to set up env variables to nix can find keys to decrypt passwords on rebuild + environment = { + sessionVariables = { + SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; + }; + # set up user passwords - sops.secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + sops = { + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + + secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; @@ -88,33 +175,37 @@ in { users = { leyla = { uid = lib.mkForce uids.leyla; + name = lib.mkForce host.users.leyla.name; description = "Leyla"; extraGroups = - (lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"]) - ++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]); + (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = config.host.users.leyla.isNormalUser; - isSystemUser = !config.host.users.leyla.isNormalUser; + isNormalUser = host.users.leyla.isNormalUser; + isSystemUser = !host.users.leyla.isNormalUser; group = config.users.users.leyla.name; }; ester = { uid = lib.mkForce uids.ester; + name = lib.mkForce host.users.ester.name; description = "Ester"; - extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"]; + extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = config.host.users.ester.isNormalUser; - isSystemUser = !config.host.users.ester.isNormalUser; + isNormalUser = host.users.ester.isNormalUser; + isSystemUser = !host.users.ester.isNormalUser; group = config.users.users.ester.name; }; eve = { uid = lib.mkForce uids.eve; + name = lib.mkForce host.users.eve.name; description = "Eve"; - extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"]; + extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = config.host.users.eve.isNormalUser; - isSystemUser = !config.host.users.eve.isNormalUser; + isNormalUser = host.users.eve.isNormalUser; + isSystemUser = !host.users.eve.isNormalUser; group = config.users.users.eve.name; }; From fa3cb19c0bdd752d158454f82dcec7fe9d75269f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:07:15 -0600 Subject: [PATCH 346/695] moved more out of common config --- enviroments/client/default.nix | 51 ------------- homes/leyla/default.nix | 125 +------------------------------ hosts/defiant/configuration.nix | 2 + hosts/horizon/configuration.nix | 2 + hosts/twilight/configuration.nix | 2 + modules/desktop.nix | 38 ++++++++++ modules/nix-development.nix | 14 ++++ 7 files changed, 60 insertions(+), 174 deletions(-) create mode 100644 modules/desktop.nix create mode 100644 modules/nix-development.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 16e3263..8f3c2cf 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,55 +7,7 @@ ../common ]; - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; - - services = { - # Enable CUPS to print documents. - printing.enable = true; - - xserver = { - # Enable the X11 windowing system. - enable = true; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - xterm.enable = false; - }; - - # Get rid of xTerm - excludePackages = [pkgs.xterm]; - - # Configure keymap in X11 - xkb = { - layout = "us,it,de"; - variant = ""; - }; - }; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # tailscale = { - # enable = true; - # }; - }; - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; hardware.flipperzero.enable = true; security.rtkit.enable = true; @@ -63,9 +15,6 @@ # helvetica font aileron - # nix langauge server - nixd - cachefilesd gnomeExtensions.dash-to-dock diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index fe90ccd..9886335 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -58,6 +58,8 @@ }; }; + keyboard.layout = "us,it,de"; + # Home Manager can also manage your environment variables through # 'home.sessionVariables'. If you don't want to manage your shell through Home # Manager then you have to manually source 'hm-session-vars.sh' located at @@ -101,129 +103,6 @@ }; }; bash.enable = true; - - # firefox = { - # enable = true; - # profiles.leyla = { - - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; - - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; - - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden - - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } }; dconf = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c52fd74..cd76cdf 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -10,6 +10,8 @@ ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 529417d..a656840 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -5,6 +5,8 @@ ../../enviroments/client ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index a958cca..b49baa5 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -4,6 +4,8 @@ ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..f67407d --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,38 @@ +{pkgs, ...}: { + services = { + # Enable CUPS to print documents. + printing.enable = true; + + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + + # Get rid of xTerm + desktopManager.xterm.enable = false; + excludePackages = [pkgs.xterm]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + }; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; +} diff --git a/modules/nix-development.nix b/modules/nix-development.nix new file mode 100644 index 0000000..c4eacac --- /dev/null +++ b/modules/nix-development.nix @@ -0,0 +1,14 @@ +{ + inputs, + pkgs, + ... +}: { + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + + environment.systemPackages = with pkgs; [ + # nix langauge server + nixd + ]; +} From 9215e04043c94f28439167550724c83baea87838 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:13:33 -0600 Subject: [PATCH 347/695] moved some system packages to home manager --- enviroments/client/default.nix | 5 ----- homes/ester/default.nix | 3 +++ homes/leyla/packages.nix | 5 +++++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 8f3c2cf..2bf0b75 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -12,11 +12,6 @@ security.rtkit.enable = true; environment.systemPackages = with pkgs; [ - # helvetica font - aileron - cachefilesd - - gnomeExtensions.dash-to-dock ]; } diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 1e5d579..e0d5e86 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -56,6 +56,9 @@ in { packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ + # helvetica font + aileron + firefox bitwarden discord diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 97327ce..a64909f 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -25,6 +25,11 @@ in { ++ ( lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + #foss platforms signal-desktop bitwarden From eaa19be74115c877915480ed60257f4cb15d6a8d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:15:40 -0600 Subject: [PATCH 348/695] moved another config to desktop module --- enviroments/client/default.nix | 1 - modules/desktop.nix | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 2bf0b75..bf2b35e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -9,7 +9,6 @@ # Enable sound with pipewire. hardware.flipperzero.enable = true; - security.rtkit.enable = true; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/modules/desktop.nix b/modules/desktop.nix index f67407d..14580ba 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -35,4 +35,7 @@ # Enable sound with pipewire. hardware.pulseaudio.enable = false; + + # enable RealtimeKit for pulse audio + security.rtkit.enable = true; } From bf0686a14bf0adac1423a979e5174ce197f28b63 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:17:32 -0600 Subject: [PATCH 349/695] added enables to modules and made base module that imports all other modules --- enviroments/common/default.nix | 2 +- hosts/defiant/configuration.nix | 5 +- hosts/horizon/configuration.nix | 5 +- hosts/twilight/configuration.nix | 5 +- modules/default.nix | 8 +++ modules/desktop.nix | 84 +++++++++++++++++++------------- modules/nix-development.nix | 25 +++++++--- 7 files changed, 79 insertions(+), 55 deletions(-) create mode 100644 modules/default.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index e79a47a..691acc7 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{...}: { imports = []; nix = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index cd76cdf..2063579 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -8,10 +8,7 @@ inputs.disko.nixosModules.disko ../../enviroments/server - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a656840..6940726 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,7 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index b49baa5..4a99069 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -2,10 +2,7 @@ imports = [ ../../enviroments/client - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..58b93a0 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,8 @@ +{...}: { + imports = [ + ./hardware.nix + ./users.nix + ./desktop.nix + ./nix-development.nix + ]; +} diff --git a/modules/desktop.nix b/modules/desktop.nix index 14580ba..e349abe 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -1,41 +1,55 @@ -{pkgs, ...}: { - services = { - # Enable CUPS to print documents. - printing.enable = true; +{ + lib, + pkgs, + config, + ... +}: { + options.host.desktop.enable = lib.mkEnableOption "should desktop configuration be enabled"; - xserver = { - # Enable the X11 windowing system. - enable = true; + config = lib.mkMerge [ + { + host.desktop.enable = lib.mkDefault true; + } + (lib.mkIf config.host.desktop.enable { + services = { + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + + # Get rid of xTerm + desktopManager.xterm.enable = false; + excludePackages = [pkgs.xterm]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; }; - # Get rid of xTerm - desktopManager.xterm.enable = false; - excludePackages = [pkgs.xterm]; - }; + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - }; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - - # enable RealtimeKit for pulse audio - security.rtkit.enable = true; + # enable RealtimeKit for pulse audio + security.rtkit.enable = true; + }) + ]; } diff --git a/modules/nix-development.nix b/modules/nix-development.nix index c4eacac..d670418 100644 --- a/modules/nix-development.nix +++ b/modules/nix-development.nix @@ -1,14 +1,25 @@ { - inputs, + lib, + config, pkgs, + inputs, ... }: { - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; + options.host.nix-development.enable = lib.mkEnableOption "should desktop configuration be enabled"; - environment.systemPackages = with pkgs; [ - # nix langauge server - nixd + config = lib.mkMerge [ + { + host.nix-development.enable = lib.mkDefault true; + } + (lib.mkIf config.host.nix-development.enable { + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + + environment.systemPackages = with pkgs; [ + # nix langauge server + nixd + ]; + }) ]; } From c039e60c4ed24cd16980e38886d5a0763d813d25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:29:37 -0600 Subject: [PATCH 350/695] created system module --- enviroments/client/default.nix | 6 +----- enviroments/common/default.nix | 33 --------------------------------- modules/default.nix | 1 + modules/desktop.nix | 4 ++++ modules/system.nix | 28 ++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 38 deletions(-) create mode 100644 modules/system.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index bf2b35e..75265b8 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,8 +1,4 @@ -{ - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { imports = [ ../common ]; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 691acc7..83201c4 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,21 +1,4 @@ {...}: { - imports = []; - - nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - optimise = { - automatic = true; - dates = ["weekly"]; - }; - }; - # Enable networking networking.networkmanager.enable = true; @@ -32,20 +15,4 @@ LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; - - services = { - automatic-timezoned = { - enable = true; - }; - - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/default.nix b/modules/default.nix index 58b93a0..2087f1a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./system.nix ./hardware.nix ./users.nix ./desktop.nix diff --git a/modules/desktop.nix b/modules/desktop.nix index e349abe..6f119af 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -43,6 +43,10 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; + + automatic-timezoned = { + enable = true; + }; }; # Enable sound with pipewire. diff --git a/modules/system.nix b/modules/system.nix new file mode 100644 index 0000000..918c219 --- /dev/null +++ b/modules/system.nix @@ -0,0 +1,28 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + dates = ["weekly"]; + }; + }; + + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} From d46cdc8b1b0dc6abe78c1fb953ef0acbb48bddd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:31:11 -0600 Subject: [PATCH 351/695] ran linted --- modules/desktop.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/desktop.nix b/modules/desktop.nix index 6f119af..d1b0517 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -43,7 +43,6 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; - automatic-timezoned = { enable = true; }; From 755c7f0e3a216390fd385cedf1b8974d1c35c59f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:32:27 -0600 Subject: [PATCH 352/695] commented out unused variable --- modules/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users.nix b/modules/users.nix index b85f408..3f75a4b 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -11,7 +11,7 @@ hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; - normalUsers = host.normalUsers; + # normalUsers = host.normalUsers; uids = { leyla = 1000; From a755b9ff48a0202014a2ddac82b17a48a208921d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:55:19 -0600 Subject: [PATCH 353/695] moved modules into host-modules --- enviroments/client/default.nix | 4 ++-- {modules => host-modules}/default.nix | 0 {modules => host-modules}/desktop.nix | 0 {modules => host-modules}/hardware.nix | 0 {modules => host-modules}/nix-development.nix | 0 {modules => host-modules}/system.nix | 0 {modules => host-modules}/users.nix | 0 hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 2 +- hosts/twilight/configuration.nix | 2 +- 10 files changed, 5 insertions(+), 5 deletions(-) rename {modules => host-modules}/default.nix (100%) rename {modules => host-modules}/desktop.nix (100%) rename {modules => host-modules}/hardware.nix (100%) rename {modules => host-modules}/nix-development.nix (100%) rename {modules => host-modules}/system.nix (100%) rename {modules => host-modules}/users.nix (100%) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 75265b8..052651e 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -3,8 +3,8 @@ ../common ]; - # Enable sound with pipewire. - hardware.flipperzero.enable = true; + # # Enable sound with pipewire. + # hardware.flipperzero.enable = true; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/modules/default.nix b/host-modules/default.nix similarity index 100% rename from modules/default.nix rename to host-modules/default.nix diff --git a/modules/desktop.nix b/host-modules/desktop.nix similarity index 100% rename from modules/desktop.nix rename to host-modules/desktop.nix diff --git a/modules/hardware.nix b/host-modules/hardware.nix similarity index 100% rename from modules/hardware.nix rename to host-modules/hardware.nix diff --git a/modules/nix-development.nix b/host-modules/nix-development.nix similarity index 100% rename from modules/nix-development.nix rename to host-modules/nix-development.nix diff --git a/modules/system.nix b/host-modules/system.nix similarity index 100% rename from modules/system.nix rename to host-modules/system.nix diff --git a/modules/users.nix b/host-modules/users.nix similarity index 100% rename from modules/users.nix rename to host-modules/users.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2063579..2068b6f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -8,7 +8,7 @@ inputs.disko.nixosModules.disko ../../enviroments/server - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 6940726..c784ef6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,7 +3,7 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 4a99069..182c867 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -2,7 +2,7 @@ imports = [ ../../enviroments/client - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; From 90f0c114b3ad3b00149b05122205ae9999465bb4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 15:23:04 -0600 Subject: [PATCH 354/695] created home manager nixos adapter modules --- enviroments/client/default.nix | 3 --- home-modules/default.nix | 5 +++++ home-modules/flipperzero.nix | 3 +++ homes/ester/default.nix | 4 ++++ homes/eve/default.nix | 4 ++++ homes/leyla/default.nix | 7 ++----- host-modules/default.nix | 1 + host-modules/home-manager/default.nix | 6 ++++++ host-modules/home-manager/flipperzero.nix | 9 +++++++++ 9 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 home-modules/default.nix create mode 100644 home-modules/flipperzero.nix create mode 100644 host-modules/home-manager/default.nix create mode 100644 host-modules/home-manager/flipperzero.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 052651e..f1de375 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -3,9 +3,6 @@ ../common ]; - # # Enable sound with pipewire. - # hardware.flipperzero.enable = true; - environment.systemPackages = with pkgs; [ cachefilesd ]; diff --git a/home-modules/default.nix b/home-modules/default.nix new file mode 100644 index 0000000..1fb9724 --- /dev/null +++ b/home-modules/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./flipperzero.nix + ]; +} diff --git a/home-modules/flipperzero.nix b/home-modules/flipperzero.nix new file mode 100644 index 0000000..6354bc0 --- /dev/null +++ b/home-modules/flipperzero.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + options.hardware.flipperzero.enable = lib.mkEnableOption "enable flipperzero hardware"; +} diff --git a/homes/ester/default.nix b/homes/ester/default.nix index e0d5e86..dfe8175 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -6,6 +6,10 @@ }: let cfg = osConfig.host.users.ester; in { + imports = [ + ../../home-modules + ]; + config = { home = { username = "ester"; diff --git a/homes/eve/default.nix b/homes/eve/default.nix index d358b0d..3d7d7c3 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -6,6 +6,10 @@ }: let cfg = osConfig.host.users.eve; in { + imports = [ + ../../home-modules + ]; + config = { home = { username = "eve"; diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 9886335..84eb5bf 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -1,10 +1,7 @@ -{ - pkgs, - osConfig, - ... -}: { +{pkgs, ...}: { imports = [ ./packages.nix + ../../home-modules ]; config = { diff --git a/host-modules/default.nix b/host-modules/default.nix index 2087f1a..a90caf1 100644 --- a/host-modules/default.nix +++ b/host-modules/default.nix @@ -5,5 +5,6 @@ ./users.nix ./desktop.nix ./nix-development.nix + ./home-manager ]; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix new file mode 100644 index 0000000..885e035 --- /dev/null +++ b/host-modules/home-manager/default.nix @@ -0,0 +1,6 @@ +# modules in this folder are to adapt home manager modules defined in `home-modules` to any nix module configs that they need to set +{...}: { + imports = [ + ./flipperzero.nix + ]; +} diff --git a/host-modules/home-manager/flipperzero.nix b/host-modules/home-manager/flipperzero.nix new file mode 100644 index 0000000..6c94773 --- /dev/null +++ b/host-modules/home-manager/flipperzero.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: let + home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; +in { + hardware.flipperzero.enable = lib.lists.any (home-user: home-user.hardware.flipperzero.enable) home-users; +} From 3fdee879c712002e790a682ea19c1d417621adcd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 21:51:42 -0600 Subject: [PATCH 355/695] added home manager configurations to output --- flake.nix | 19 +++++++++++++++++-- homes/ester/default.nix | 6 +++--- homes/eve/default.nix | 6 +++--- homes/leyla/default.nix | 10 +++++++--- homes/leyla/firefox.nix | 2 -- homes/leyla/packages.nix | 6 +++--- homes/leyla/vscode.nix | 4 ---- host-modules/users.nix | 2 +- util/default.nix | 22 +++++++++++----------- 9 files changed, 45 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index e895b5b..1d95a4f 100644 --- a/flake.nix +++ b/flake.nix @@ -63,11 +63,15 @@ }; }; - outputs = {...} @ inputs: let + outputs = { + self, + nixpkgs, + ... + } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; mkSystem = util.mkSystem; - # mkHome = util.mkHome; + mkHome = util.mkHome; # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); # lib = callPackage ./lib {} // nixpkgs.lib; in { @@ -93,6 +97,17 @@ }; }); + homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( + nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( + nixpkgs.lib.attrsets.mapAttrs' (user: _: { + name = "${user}@${hostname}"; + value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + }) + system.config.home-manager.users + )) + self.nixosConfigurations + ); + # homeConfigurations = { # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; # }; diff --git a/homes/ester/default.nix b/homes/ester/default.nix index dfe8175..bf37a9d 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.host.users.ester; + userConfig = osConfig.host.users.ester; in { imports = [ ../../home-modules @@ -12,7 +12,7 @@ in { config = { home = { - username = "ester"; + username = userConfig.name; homeDirectory = osConfig.users.users.ester.home; # This value determines the Home Manager release that your configuration is @@ -58,7 +58,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.lists.optionals cfg.isDesktopUser ( + packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 3d7d7c3..21b4a8a 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.host.users.eve; + userConfig = osConfig.host.users.eve; in { imports = [ ../../home-modules @@ -12,7 +12,7 @@ in { config = { home = { - username = "eve"; + username = userConfig.name; homeDirectory = osConfig.users.users.eve.home; # This value determines the Home Manager release that your configuration is @@ -58,7 +58,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.lists.optionals cfg.isDesktopUser ( + packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 84eb5bf..1a1d284 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + ... +}: { imports = [ ./packages.nix ../../home-modules @@ -8,8 +12,8 @@ # Home Manager needs a bit of information about you and the paths it should # manage. home = { - username = "leyla"; - # homeDirectory = osConfig.users.users.leyla.home; + username = osConfig.host.users.leyla.name; + homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index 32a3c6b..e8e0c6c 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,7 +1,5 @@ { lib, - osConfig, - # buildFirefoxXpiAddon, pkgs, inputs, ... diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index a64909f..12bef3a 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - cfg = osConfig.host.users.leyla; + userConifg = osConfig.host.users.leyla; hardware = osConfig.host.hardware; in { imports = [ @@ -14,7 +14,7 @@ in { home = { packages = - lib.lists.optionals cfg.isTerminalUser ( + lib.lists.optionals userConifg.isTerminalUser ( with pkgs; [ # comand line tools yt-dlp @@ -23,7 +23,7 @@ in { ] ) ++ ( - lib.lists.optionals cfg.isDesktopUser ( + lib.lists.optionals userConifg.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 37127f4..6676546 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -1,6 +1,4 @@ { - lib, - osConfig, pkgs, inputs, ... @@ -77,8 +75,6 @@ # misc extensions bungcip.better-toml - - # lib.mkIf open-vsx."10nates".ollama-autocoder ] ++ ( with vscode-marketplace; [ diff --git a/host-modules/users.nix b/host-modules/users.nix index 3f75a4b..154de89 100644 --- a/host-modules/users.nix +++ b/host-modules/users.nix @@ -88,7 +88,7 @@ in { type = lib.types.bool; default = config.isDesktopUser || config.isTerminalUser; description = '' - User should install their applications + User should install their applications and can log in ''; defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; }; diff --git a/util/default.nix b/util/default.nix index 6146610..7ea1a8c 100644 --- a/util/default.nix +++ b/util/default.nix @@ -47,15 +47,15 @@ in { ]; }; - # mkHome = user: host: - # home-manager.lib.homeManagerConfiguration { - # # pkgs = pkgsFor system; - # extraSpecialArgs = { - # inherit inputs util outputs; - # }; - # modules = [ - # # config - # outputs.homeManagerModules.default - # ]; - # }; + mkHome = user: host: system: osConfig: + home-manager.lib.homeManagerConfiguration { + pkgs = pkgsFor system; + extraSpecialArgs = { + inherit inputs util outputs osConfig; + }; + modules = [ + # outputs.homeManagerModules.default + ../homes/${user} + ]; + }; } From 11092d11b5e35d99d386a0adc3c6844f025399f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:03:23 -0600 Subject: [PATCH 356/695] added overlays to home manager --- overlays/default.nix | 5 ----- overlays/intellij.nix | 18 ------------------ overlays/vscodium.nix | 14 -------------- util/default.nix | 2 +- 4 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 overlays/intellij.nix delete mode 100644 overlays/vscodium.nix diff --git a/overlays/default.nix b/overlays/default.nix index 4957ab8..ea8f50d 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,2 @@ {...}: { - nixpkgs.overlays = [ - ( - self: super: import ../pkgs {pkgs = super;} - ) - ]; } diff --git a/overlays/intellij.nix b/overlays/intellij.nix deleted file mode 100644 index c907588..0000000 --- a/overlays/intellij.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - # nixpkgs.overlays = [ - # (self: super: { - # # idea is too out of date for android gradle things - # jetbrains = { - # jdk = super.jdk17; - # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - # version = "2023.3.3"; - # name = "idea-community-${version}"; - # src = super.fetchurl { - # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - # }; - # }); - # }; - # }) - # ]; -} diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix deleted file mode 100644 index 7c5f863..0000000 --- a/overlays/vscodium.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - # nixpkgs.overlays = [ - # (self: super: { - # # ui is broken on 1.84 - # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - # version = "1.85.2.24019"; - # src = super.fetchurl { - # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - # }; - # }); - # }) - # ]; -} diff --git a/util/default.nix b/util/default.nix index 7ea1a8c..c64bd4d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -54,7 +54,7 @@ in { inherit inputs util outputs osConfig; }; modules = [ - # outputs.homeManagerModules.default + ../overlays ../homes/${user} ]; }; From b1b43bb7f0800b8de9047c69aa069d2b63b5dae8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:29:00 -0600 Subject: [PATCH 357/695] cleaned up configuration structure to have common modules folder --- flake.nix | 2 -- homes/ester/default.nix | 4 +--- homes/eve/default.nix | 4 +--- homes/leyla/default.nix | 1 - hosts/defiant/configuration.nix | 2 -- hosts/horizon/configuration.nix | 1 - hosts/horizon/hardware-configuration.nix | 1 - hosts/twilight/configuration.nix | 2 -- modules/default.nix | 7 +++++++ modules/overlays/default.nix | 3 +++ {pkgs => modules/pkgs}/default.nix | 1 + overlays/default.nix | 2 -- util/default.nix | 17 ++++++++++++----- 13 files changed, 25 insertions(+), 22 deletions(-) create mode 100644 modules/default.nix create mode 100644 modules/overlays/default.nix rename {pkgs => modules/pkgs}/default.nix (60%) delete mode 100644 overlays/default.nix diff --git a/flake.nix b/flake.nix index 1d95a4f..642e031 100644 --- a/flake.nix +++ b/flake.nix @@ -75,8 +75,6 @@ # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); # lib = callPackage ./lib {} // nixpkgs.lib; in { - packages = forEachPkgs (import ./pkgs); - formatter = forEachPkgs (pkgs: pkgs.alejandra); devShells = forEachPkgs (pkgs: { diff --git a/homes/ester/default.nix b/homes/ester/default.nix index bf37a9d..29d668f 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -6,9 +6,7 @@ }: let userConfig = osConfig.host.users.ester; in { - imports = [ - ../../home-modules - ]; + imports = []; config = { home = { diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 21b4a8a..0c6c0b2 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -6,9 +6,7 @@ }: let userConfig = osConfig.host.users.eve; in { - imports = [ - ../../home-modules - ]; + imports = []; config = { home = { diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 1a1d284..a879526 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -5,7 +5,6 @@ }: { imports = [ ./packages.nix - ../../home-modules ]; config = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2068b6f..178aedf 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -7,8 +7,6 @@ imports = [ inputs.disko.nixosModules.disko ../../enviroments/server - - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c784ef6..50b574b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,7 +3,6 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e333702..ed6246a 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 182c867..872e944 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,8 +1,6 @@ {pkgs, ...}: { imports = [ ../../enviroments/client - - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..3dd1923 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,7 @@ +# this folder is for modules that are common between nixos, home-manager, and darwin +{...}: { + imports = [ + ./overlays + ./pkgs + ]; +} diff --git a/modules/overlays/default.nix b/modules/overlays/default.nix new file mode 100644 index 0000000..08085f5 --- /dev/null +++ b/modules/overlays/default.nix @@ -0,0 +1,3 @@ +# this folder is for derivation overlays +{...}: { +} diff --git a/pkgs/default.nix b/modules/pkgs/default.nix similarity index 60% rename from pkgs/default.nix rename to modules/pkgs/default.nix index b02ba6c..3e4456b 100644 --- a/pkgs/default.nix +++ b/modules/pkgs/default.nix @@ -1,3 +1,4 @@ +# this folder is for custom derivations {...}: { # package = pkgs.callPackage ./package.nix {}; } diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index ea8f50d..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{...}: { -} diff --git a/util/default.nix b/util/default.nix index c64bd4d..ae298ad 100644 --- a/util/default.nix +++ b/util/default.nix @@ -17,12 +17,17 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; + home-manager-shared-modules = [ + ../modules + ../home-modules + ]; home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.users = import ../homes nixpkgs; + home-manager.sharedModules = home-manager-shared-modules; }; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -42,7 +47,8 @@ in { sops-nix.nixosModules.sops home-manager.nixosModules.home-manager home-manager-config - ../overlays + ../modules + ../host-modules ../hosts/${host} ]; }; @@ -53,9 +59,10 @@ in { extraSpecialArgs = { inherit inputs util outputs osConfig; }; - modules = [ - ../overlays - ../homes/${user} - ]; + modules = + home-manager-shared-modules + ++ [ + ../homes/${user} + ]; }; } From 41f6d138c45c082c6dfa809ceaf2f96e521e1ed5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:33:05 -0600 Subject: [PATCH 358/695] cleaned up teaks in README.md --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 8a34032..60d00a0 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,6 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ -- `homeConfigurations` https://github.com/diego-vicente/dotfiles/blob/6c47284868f9e99483da34257144bd03ae5edbbe/flake.nix # Tasks: @@ -45,17 +44,13 @@ - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- get rid of disko config and import it in hardware-configuration.nix -- why does users.users..home conflict with home-manager.users..home.homeDirectory - get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- default open file types - samba mounts - figure out steam vr things? - Open GL? -- util functions - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing From 533ad19e7c98c26879d9b2575329fa7e17b5c2fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:51:40 -0600 Subject: [PATCH 359/695] added note to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 60d00a0..9ad4261 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ - get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Flake templates +- Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init - samba mounts - figure out steam vr things? - Open GL? From bc53ae6ee20b69226f2eb3852f01f6dfb438b9e4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 23:04:04 -0600 Subject: [PATCH 360/695] removed unneeded code from flake.nix --- flake.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 642e031..6845fcf 100644 --- a/flake.nix +++ b/flake.nix @@ -72,11 +72,11 @@ forEachPkgs = util.forEachPkgs; mkSystem = util.mkSystem; mkHome = util.mkHome; - # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); - # lib = callPackage ./lib {} // nixpkgs.lib; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); + # templates = import ./templates; + devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ @@ -106,12 +106,7 @@ self.nixosConfigurations ); - # homeConfigurations = { - # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; - # }; - nixosConfigurations = { - # Leyla Laptop horizon = mkSystem "horizon"; twilight = mkSystem "twilight"; defiant = mkSystem "defiant"; From 4d191a27ccff4153428bc2919767b251ea3321d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 00:59:05 -0600 Subject: [PATCH 361/695] moved local to modules --- README.md | 3 -- enviroments/common/default.nix | 14 --------- home-modules/default.nix | 1 + home-modules/i18n.nix | 42 +++++++++++++++++++++++++++ homes/ester/default.nix | 2 ++ homes/leyla/default.nix | 1 + homes/leyla/i18n.nix | 12 ++++++++ host-modules/default.nix | 1 + host-modules/home-manager/default.nix | 1 + host-modules/home-manager/i18n.nix | 26 +++++++++++++++++ host-modules/i18n.nix | 3 ++ host-modules/users.nix | 2 +- 12 files changed, 90 insertions(+), 18 deletions(-) create mode 100644 home-modules/i18n.nix create mode 100644 homes/leyla/i18n.nix create mode 100644 host-modules/home-manager/i18n.nix create mode 100644 host-modules/i18n.nix diff --git a/README.md b/README.md index 9ad4261..1f152e9 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,6 @@ | `threshold` | Laptop | Eve | Laptop | # Tooling -## Lint -`./lint.sh` - ## Rebuilding `./rebuild.sh` diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 83201c4..d6d44ed 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,18 +1,4 @@ {...}: { # Enable networking networking.networkmanager.enable = true; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; } diff --git a/home-modules/default.nix b/home-modules/default.nix index 1fb9724..b3f5c45 100644 --- a/home-modules/default.nix +++ b/home-modules/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./flipperzero.nix + ./i18n.nix ]; } diff --git a/home-modules/i18n.nix b/home-modules/i18n.nix new file mode 100644 index 0000000..2c93e59 --- /dev/null +++ b/home-modules/i18n.nix @@ -0,0 +1,42 @@ +{ + lib, + config, + ... +}: { + options = { + i18n = { + defaultLocale = lib.mkOption { + type = lib.types.str; + default = "en_US.UTF-8"; + example = "nl_NL.UTF-8"; + description = '' + The default locale. It determines the language for program + messages, the format for dates and times, sort order, and so on. + It also determines the character set, such as UTF-8. + ''; + }; + + extraLocaleSettings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + example = { + LC_MESSAGES = "en_US.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + description = '' + A set of additional system-wide locale settings other than + `LANG` which can be configured with + {option}`i18n.defaultLocale`. + ''; + }; + }; + }; + + config = { + home.sessionVariables = + { + LANG = config.i18n.defaultLocale; + } + // config.i18n.extraLocaleSettings; + }; +} diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 29d668f..181a487 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -37,6 +37,8 @@ in { # ''; }; + keyboard.layout = "it,us"; + # Home Manager can also manage your environment variables through # 'home.sessionVariables'. If you don't want to manage your shell through Home # Manager then you have to manually source 'hm-session-vars.sh' located at diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index a879526..ba8535d 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -4,6 +4,7 @@ ... }: { imports = [ + ./i18n.nix ./packages.nix ]; diff --git a/homes/leyla/i18n.nix b/homes/leyla/i18n.nix new file mode 100644 index 0000000..a4f41dd --- /dev/null +++ b/homes/leyla/i18n.nix @@ -0,0 +1,12 @@ +{...}: { + i18n = { + defaultLocale = "en_IE.UTF-8"; + + extraLocaleSettings = { + # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now + # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now + LC_MONETARY = "en_US.UTF-8"; # to be changed once I move + LC_PAPER = "en_US.UTF-8"; # convient for american printers until I move + }; + }; +} diff --git a/host-modules/default.nix b/host-modules/default.nix index a90caf1..4ad79d0 100644 --- a/host-modules/default.nix +++ b/host-modules/default.nix @@ -5,6 +5,7 @@ ./users.nix ./desktop.nix ./nix-development.nix + ./i18n.nix ./home-manager ]; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix index 885e035..5454594 100644 --- a/host-modules/home-manager/default.nix +++ b/host-modules/home-manager/default.nix @@ -2,5 +2,6 @@ {...}: { imports = [ ./flipperzero.nix + ./i18n.nix ]; } diff --git a/host-modules/home-manager/i18n.nix b/host-modules/home-manager/i18n.nix new file mode 100644 index 0000000..78b86fa --- /dev/null +++ b/host-modules/home-manager/i18n.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; +in { + config = { + i18n.supportedLocales = + lib.unique + (builtins.map (l: (lib.replaceStrings ["utf8" "utf-8" "UTF8"] ["UTF-8" "UTF-8" "UTF-8"] l) + "/UTF-8") ( + [ + "C.UTF-8" + "en_US.UTF-8" + config.i18n.defaultLocale + ] + ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) + ++ ( + map (user-config: user-config.i18n.defaultLocale) home-users + ) + ++ (lib.lists.flatten ( + map (user-config: lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") user-config.i18n.extraLocaleSettings)) home-users + )) + )); + }; +} diff --git a/host-modules/i18n.nix b/host-modules/i18n.nix new file mode 100644 index 0000000..eada12c --- /dev/null +++ b/host-modules/i18n.nix @@ -0,0 +1,3 @@ +{...}: { + i18n.defaultLocale = "en_IE.UTF-8"; +} diff --git a/host-modules/users.nix b/host-modules/users.nix index 154de89..23771a3 100644 --- a/host-modules/users.nix +++ b/host-modules/users.nix @@ -53,7 +53,7 @@ in { }: { options = { name = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = name; description = '' What should this users name on the system be From cef6ad71256db5051ee9bcf6b8b246a58b37f158 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:11:22 -0600 Subject: [PATCH 362/695] moved network manager out of environments --- enviroments/client/default.nix | 4 +--- enviroments/common/default.nix | 4 ---- enviroments/server/default.nix | 4 +--- hosts/defiant/hardware-configuration.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 1 + hosts/twilight/hardware-configuration.nix | 1 + 6 files changed, 6 insertions(+), 10 deletions(-) delete mode 100644 enviroments/common/default.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index f1de375..56f5422 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,7 +1,5 @@ {pkgs, ...}: { - imports = [ - ../common - ]; + imports = []; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix deleted file mode 100644 index d6d44ed..0000000 --- a/enviroments/common/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - # Enable networking - networking.networkmanager.enable = true; -} diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 4cd45ff..8614e36 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -12,9 +12,7 @@ httpsPort = 443; isDebug = false; in { - imports = [ - ../common - ]; + imports = []; options = { apps = { diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index c84a9b4..ce994d9 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -184,6 +184,8 @@ }; }; + networking.networkmanager.enable = true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { # TODO: hardware graphics diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index ed6246a..9b4074d 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -87,6 +87,7 @@ ]; networking = { + networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index fe2353b..f1cd73f 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -69,6 +69,7 @@ swapDevices = []; networking = { + networkmanager.enable = true; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction From 047d1e4d8f768204521ac04899792fa524b397da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:13:31 -0600 Subject: [PATCH 363/695] removed client form environments --- enviroments/client/default.nix | 7 ------- hosts/horizon/configuration.nix | 2 -- hosts/horizon/hardware-configuration.nix | 5 +++++ hosts/twilight/configuration.nix | 4 ---- hosts/twilight/hardware-configuration.nix | 4 ++++ 5 files changed, 9 insertions(+), 13 deletions(-) delete mode 100644 enviroments/client/default.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix deleted file mode 100644 index 56f5422..0000000 --- a/enviroments/client/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - imports = []; - - environment.systemPackages = with pkgs; [ - cachefilesd - ]; -} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 50b574b..593274c 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,8 +1,6 @@ {inputs, ...}: { imports = [ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel - - ../../enviroments/client ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 9b4074d..184be7a 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,6 +4,7 @@ { config, lib, + pkgs, modulesPath, ... }: { @@ -80,6 +81,10 @@ }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + services.cachefilesd.enable = true; swapDevices = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 872e944..75c8dc7 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,8 +1,4 @@ {pkgs, ...}: { - imports = [ - ../../enviroments/client - ]; - nixpkgs.config.allowUnfree = true; host = { diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index f1cd73f..d547c9c 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -66,6 +66,10 @@ }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + swapDevices = []; networking = { From 7da7741ea53de2546ee4b61ae1d346dbf3c18149 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:15:06 -0600 Subject: [PATCH 364/695] moved environment/server into defiant config --- hosts/defiant/configuration.nix | 2 +- enviroments/server/default.nix => hosts/defiant/services.nix | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename enviroments/server/default.nix => hosts/defiant/services.nix (100%) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 178aedf..009442e 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -6,7 +6,7 @@ }: { imports = [ inputs.disko.nixosModules.disko - ../../enviroments/server + ./services.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/enviroments/server/default.nix b/hosts/defiant/services.nix similarity index 100% rename from enviroments/server/default.nix rename to hosts/defiant/services.nix From e94f7e6637f9406286633128147190da00c564cd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:35:31 -0600 Subject: [PATCH 365/695] updated flake.lock --- flake.lock | 61 ++++++++++++-------------------- homes/leyla/vscode.nix | 1 - host-modules/nix-development.nix | 5 --- 3 files changed, 22 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index d107388..bf4e9d1 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1732482708, + "narHash": "sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732248209, - "narHash": "sha256-Mv8k0VuGdb6YhhKt+8SIvhMdmI4xZhw/3ycSvlAq19Q=", + "lastModified": 1732479769, + "narHash": "sha256-barZy95JsQt4G9EDZ7RNrjgTneelXXfSzRLJJvokjsI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4a8ba00d1be3f3745428ed56efbb32155c548192", + "rev": "80bf66046d8b8624c5991a0c8e512b211acce2b2", "type": "gitlab" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1731235328, - "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "60bb110917844d354f3c18e05450606a435d2d10", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1731289628, - "narHash": "sha256-bMqsWKoGMe4phm6xk2skjlGCCVv44AOom7Wb0eWv5Ic=", + "lastModified": 1732499683, + "narHash": "sha256-Hw95rpgNiyAL4v9pJF2756PMud6O0p/1XQixs5f/Shk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "91665308e59ce26cdcefa73dc85dfd9b39be725c", + "rev": "b376bfa567fd25f9f22b6f51ffaa4f84d0b7c72f", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731332224, - "narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "184687ae1a3139faa4746168baf071f60d0310c8", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { @@ -238,11 +238,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -252,22 +252,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", @@ -303,15 +287,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1731364708, - "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", + "lastModified": 1732186149, + "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c91d52db103e757fc25b58998b0576ae702d659", + "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", "type": "github" }, "original": { diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 6676546..3772949 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -32,7 +32,6 @@ "cSpell.userWords" = [ "webdav" ]; - "nix.serverPath" = "nixd"; "nix.enableLanguageServer" = true; "nixpkgs" = { "expr" = "import {}"; diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index d670418..e350026 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -15,11 +15,6 @@ nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; }; - - environment.systemPackages = with pkgs; [ - # nix langauge server - nixd - ]; }) ]; } From 814817eb5b2d56b6314617a2fb67b9c95841f868 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:39:22 -0600 Subject: [PATCH 366/695] removed completed task from README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 1f152e9..4381a4c 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,7 @@ ## Tech Debt - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in server environment into their own flakes -- get rid of environments folder +- move applications in `defiant/services.nix` into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 265997fc7f9b82314a7a6064acd0c1c8ee3008d6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:43:49 -0600 Subject: [PATCH 367/695] removed unused parameter in module --- host-modules/nix-development.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index e350026..2608ba3 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: { From 5dd16b04bda9f6a6bff1ae99106df93206fe1e81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:01:00 -0600 Subject: [PATCH 368/695] added nix language server and formatter to vscode --- homes/leyla/vscode.nix | 51 +++++++++++++++++++++----------- host-modules/nix-development.nix | 7 +++++ 2 files changed, 40 insertions(+), 18 deletions(-) diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 3772949..d921604 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -1,8 +1,12 @@ { + lib, pkgs, inputs, + osConfig, ... -}: { +}: let + nix-development-enabled = osConfig.host.nix-development.enable; +in { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -27,19 +31,28 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - "nix.enableLanguageServer" = true; - "nixpkgs" = { - "expr" = "import {}"; - }; - # "fomratting": { - # "command": [ "alejandra" ]; - # }; - }; + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + ]; extensions = ( with open-vsx; @@ -52,10 +65,6 @@ streetsidesoftware.code-spell-checker-italian jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - # html extensions formulahendry.auto-rename-tag ms-vscode.live-server @@ -75,6 +84,12 @@ # misc extensions bungcip.better-toml ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) ++ ( with vscode-marketplace; [ # js extensions diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index 2608ba3..6eeddc4 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, inputs, ... @@ -14,6 +15,12 @@ nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; }; + environment.systemPackages = with pkgs; [ + # nix language server + nil + # nix formatter + alejandra + ]; }) ]; } From c38754530f8efccfc70a5217be5c9a7373921c1d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:01:55 -0600 Subject: [PATCH 369/695] ran linter From db799a8253db07d61be6329dbe6c814b5f3e50e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:14:50 -0600 Subject: [PATCH 370/695] moved spellcheck to separate file --- .gitignore | 4 +- .vscode/settings.json | 19 +++++ homes/leyla/i18n.nix | 2 +- homes/leyla/packages.nix | 8 +- homes/leyla/vscode/default.nix | 101 +++++++++++++++++++++++ homes/leyla/vscode/user-words.nix | 3 + hosts/defiant/hardware-configuration.nix | 4 +- hosts/defiant/services.nix | 16 ++-- 8 files changed, 141 insertions(+), 16 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 homes/leyla/vscode/default.nix create mode 100644 homes/leyla/vscode/user-words.nix diff --git a/.gitignore b/.gitignore index d1da3a8..ce2538f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ result -.direnv \ No newline at end of file +.direnv +.vscode/* +!.vscode/settings.json \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..b152cc4 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,19 @@ +{ + "cSpell.words": [ + "bitwarden", + "forgejo", + "gids", + "headscale", + "jellyfin", + "macvlan", + "nextcloud", + "nixos", + "nixpkgs", + "pihole", + "pkgs", + "rpool", + "searx", + "ublock", + "uids" + ] +} \ No newline at end of file diff --git a/homes/leyla/i18n.nix b/homes/leyla/i18n.nix index a4f41dd..f12cd95 100644 --- a/homes/leyla/i18n.nix +++ b/homes/leyla/i18n.nix @@ -6,7 +6,7 @@ # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now LC_MONETARY = "en_US.UTF-8"; # to be changed once I move - LC_PAPER = "en_US.UTF-8"; # convient for american printers until I move + LC_PAPER = "en_US.UTF-8"; # convenient for american printers until I move }; }; } diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 12bef3a..1845f65 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - userConifg = osConfig.host.users.leyla; + userConfig = osConfig.host.users.leyla; hardware = osConfig.host.hardware; in { imports = [ @@ -14,16 +14,16 @@ in { home = { packages = - lib.lists.optionals userConifg.isTerminalUser ( + lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ - # comand line tools + # command line tools yt-dlp ffmpeg imagemagick ] ) ++ ( - lib.lists.optionals userConifg.isDesktopUser ( + lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/leyla/vscode/default.nix b/homes/leyla/vscode/default.nix new file mode 100644 index 0000000..641fff9 --- /dev/null +++ b/homes/leyla/vscode/default.nix @@ -0,0 +1,101 @@ +{ + lib, + pkgs, + inputs, + osConfig, + ... +}: let + nix-development-enabled = osConfig.host.nix-development.enable; +in { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = { + code = "codium"; + }; + + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.language" = "en,de-DE,it"; + "cSpell.userWords" = import ./user-words.nix; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + ]; + + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + bungcip.better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); + }; + }; +} diff --git a/homes/leyla/vscode/user-words.nix b/homes/leyla/vscode/user-words.nix new file mode 100644 index 0000000..94a85a2 --- /dev/null +++ b/homes/leyla/vscode/user-words.nix @@ -0,0 +1,3 @@ +[ + "leyla" +] diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index ce994d9..b55bcfd 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -17,7 +17,7 @@ initrd = { availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; kernelModules = []; - # TODO: figure out some kind of snapshotting before rolebacks + # TODO: figure out some kind of snapshotting before rollbacks # postDeviceCommands = lib.mkAfter '' # zfs rollback -r rpool/root@blank # zfs rollback -r rpool/home@blank @@ -127,7 +127,7 @@ # systemd.services = { # # https://github.com/openzfs/zfs/issues/10891 # systemd-udev-settle.enable = false; - # # Snapshots are not accessable on boot for some reason this should fix it + # # Snapshots are not accessible on boot for some reason this should fix it # # https://github.com/NixOS/nixpkgs/issues/257505 # zfs-mount = { # serviceConfig = { diff --git a/hosts/defiant/services.nix b/hosts/defiant/services.nix index 8614e36..ac1d02b 100644 --- a/hosts/defiant/services.nix +++ b/hosts/defiant/services.nix @@ -48,12 +48,12 @@ in { directory = { root = lib.mkOption { type = lib.types.str; - description = "directory that piholes will be hosted at"; + description = "directory that pihole will be hosted at"; default = "/var/lib/pihole"; }; data = lib.mkOption { type = lib.types.str; - description = "directory that piholes data will be hosted at"; + description = "directory that pihole data will be hosted at"; default = "${config.apps.pihole.directory.root}/data"; }; }; @@ -66,7 +66,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that headscale will be hosted at"; + description = "hostname that headscale will be hosted at"; default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; @@ -78,7 +78,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that jellyfin will be hosted at"; + description = "hostname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; mediaDirectory = lib.mkOption { @@ -95,7 +95,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that forgejo will be hosted at"; + description = "hostname that forgejo will be hosted at"; default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; @@ -107,7 +107,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that home-assistant will be hosted at"; + description = "hostname that home-assistant will be hosted at"; default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; @@ -119,7 +119,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that searx will be hosted at"; + description = "hostname that searx will be hosted at"; default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; }; }; @@ -131,7 +131,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that nextcloud will be hosted at"; + description = "hostname that nextcloud will be hosted at"; default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; }; }; From 4c025e0cca58699c56487a073a114be90894dca6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:56:51 -0600 Subject: [PATCH 371/695] cleaned up default.nix --- util/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/default.nix b/util/default.nix index ae298ad..efd58c8 100644 --- a/util/default.nix +++ b/util/default.nix @@ -25,7 +25,7 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.extraSpecialArgs = {inherit inputs outputs util;}; home-manager.users = import ../homes nixpkgs; home-manager.sharedModules = home-manager-shared-modules; }; @@ -40,7 +40,7 @@ in { ]; mkSystem = host: - inputs.nixpkgs.lib.nixosSystem { + nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; modules = [ lix-module.nixosModules.default From 3924a5aa8d5b62963c6a39bc0f6123f33376707a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 16:03:55 -0600 Subject: [PATCH 372/695] fixed language in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4381a4c..0ff8534 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ ## Tech Debt - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in `defiant/services.nix` into their own flakes +- move applications in `defiant/services.nix` into their own modules ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 0d0443a02a9440fd048d249d3e67611aadbaa066 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 16:58:12 -0600 Subject: [PATCH 373/695] restructured repo to support nix-darwin --- .vscode/settings.json | 2 + configurations/darwin/hesperium/default.nix | 1 + .../home-manager}/default.nix | 0 .../home-manager}/ester/default.nix | 0 .../home-manager}/eve/default.nix | 0 .../home-manager}/leyla/default.nix | 0 .../home-manager}/leyla/firefox.nix | 0 .../home-manager}/leyla/i18n.nix | 0 .../home-manager}/leyla/packages.nix | 0 .../home-manager}/leyla/vscode.nix | 0 .../home-manager}/leyla/vscode/default.nix | 0 .../home-manager}/leyla/vscode/user-words.nix | 0 .../nixos}/defiant/configuration.nix | 0 .../nixos}/defiant/default.nix | 0 .../nixos}/defiant/disko-config.nix | 0 .../nixos}/defiant/hardware-configuration.nix | 0 .../nixos}/defiant/services.nix | 0 .../nixos}/horizon/configuration.nix | 0 .../nixos}/horizon/default.nix | 0 .../nixos}/horizon/hardware-configuration.nix | 0 .../nixos}/twilight/configuration.nix | 0 .../nixos}/twilight/default.nix | 0 .../twilight/hardware-configuration.nix | 0 flake.lock | 21 +++++++ flake.nix | 26 +++++--- host-modules/home-manager/default.nix | 7 --- modules/{ => common-modules}/default.nix | 0 .../{ => common-modules}/overlays/default.nix | 0 modules/{ => common-modules}/pkgs/default.nix | 0 modules/darwin-modules/default.nix | 6 ++ .../darwin-modules/home-manager/default.nix | 2 + .../home-manager-modules}/default.nix | 1 + .../home-manager-modules}/flipperzero.nix | 0 .../home-manager-modules}/i18n.nix | 0 .../nixos-modules}/default.nix | 3 +- .../nixos-modules}/desktop.nix | 0 .../nixos-modules}/hardware.nix | 0 .../nixos-modules/home-manager/default.nix | 7 +++ .../home-manager/flipperzero.nix | 0 .../nixos-modules}/home-manager/i18n.nix | 0 .../nixos-modules}/i18n.nix | 0 .../nixos-modules}/nix-development.nix | 0 .../nixos-modules}/system.nix | 0 .../nixos-modules}/users.nix | 2 +- modules/system-modules/default.nix | 6 ++ .../system-modules/home-manager/default.nix | 2 + util/default.nix | 59 +++++++++++++------ 47 files changed, 111 insertions(+), 34 deletions(-) create mode 100644 configurations/darwin/hesperium/default.nix rename {homes => configurations/home-manager}/default.nix (100%) rename {homes => configurations/home-manager}/ester/default.nix (100%) rename {homes => configurations/home-manager}/eve/default.nix (100%) rename {homes => configurations/home-manager}/leyla/default.nix (100%) rename {homes => configurations/home-manager}/leyla/firefox.nix (100%) rename {homes => configurations/home-manager}/leyla/i18n.nix (100%) rename {homes => configurations/home-manager}/leyla/packages.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode/default.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode/user-words.nix (100%) rename {hosts => configurations/nixos}/defiant/configuration.nix (100%) rename {hosts => configurations/nixos}/defiant/default.nix (100%) rename {hosts => configurations/nixos}/defiant/disko-config.nix (100%) rename {hosts => configurations/nixos}/defiant/hardware-configuration.nix (100%) rename {hosts => configurations/nixos}/defiant/services.nix (100%) rename {hosts => configurations/nixos}/horizon/configuration.nix (100%) rename {hosts => configurations/nixos}/horizon/default.nix (100%) rename {hosts => configurations/nixos}/horizon/hardware-configuration.nix (100%) rename {hosts => configurations/nixos}/twilight/configuration.nix (100%) rename {hosts => configurations/nixos}/twilight/default.nix (100%) rename {hosts => configurations/nixos}/twilight/hardware-configuration.nix (100%) delete mode 100644 host-modules/home-manager/default.nix rename modules/{ => common-modules}/default.nix (100%) rename modules/{ => common-modules}/overlays/default.nix (100%) rename modules/{ => common-modules}/pkgs/default.nix (100%) create mode 100644 modules/darwin-modules/default.nix create mode 100644 modules/darwin-modules/home-manager/default.nix rename {home-modules => modules/home-manager-modules}/default.nix (51%) rename {home-modules => modules/home-manager-modules}/flipperzero.nix (100%) rename {home-modules => modules/home-manager-modules}/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/default.nix (74%) rename {host-modules => modules/nixos-modules}/desktop.nix (100%) rename {host-modules => modules/nixos-modules}/hardware.nix (100%) create mode 100644 modules/nixos-modules/home-manager/default.nix rename {host-modules => modules/nixos-modules}/home-manager/flipperzero.nix (100%) rename {host-modules => modules/nixos-modules}/home-manager/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/nix-development.nix (100%) rename {host-modules => modules/nixos-modules}/system.nix (100%) rename {host-modules => modules/nixos-modules}/users.nix (99%) create mode 100644 modules/system-modules/default.nix create mode 100644 modules/system-modules/home-manager/default.nix diff --git a/.vscode/settings.json b/.vscode/settings.json index b152cc4..8d6717e 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,9 +1,11 @@ { "cSpell.words": [ + "attrsets", "bitwarden", "forgejo", "gids", "headscale", + "hesperium", "jellyfin", "macvlan", "nextcloud", diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix new file mode 100644 index 0000000..6462967 --- /dev/null +++ b/configurations/darwin/hesperium/default.nix @@ -0,0 +1 @@ +{...}: {} diff --git a/homes/default.nix b/configurations/home-manager/default.nix similarity index 100% rename from homes/default.nix rename to configurations/home-manager/default.nix diff --git a/homes/ester/default.nix b/configurations/home-manager/ester/default.nix similarity index 100% rename from homes/ester/default.nix rename to configurations/home-manager/ester/default.nix diff --git a/homes/eve/default.nix b/configurations/home-manager/eve/default.nix similarity index 100% rename from homes/eve/default.nix rename to configurations/home-manager/eve/default.nix diff --git a/homes/leyla/default.nix b/configurations/home-manager/leyla/default.nix similarity index 100% rename from homes/leyla/default.nix rename to configurations/home-manager/leyla/default.nix diff --git a/homes/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix similarity index 100% rename from homes/leyla/firefox.nix rename to configurations/home-manager/leyla/firefox.nix diff --git a/homes/leyla/i18n.nix b/configurations/home-manager/leyla/i18n.nix similarity index 100% rename from homes/leyla/i18n.nix rename to configurations/home-manager/leyla/i18n.nix diff --git a/homes/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix similarity index 100% rename from homes/leyla/packages.nix rename to configurations/home-manager/leyla/packages.nix diff --git a/homes/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix similarity index 100% rename from homes/leyla/vscode.nix rename to configurations/home-manager/leyla/vscode.nix diff --git a/homes/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix similarity index 100% rename from homes/leyla/vscode/default.nix rename to configurations/home-manager/leyla/vscode/default.nix diff --git a/homes/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix similarity index 100% rename from homes/leyla/vscode/user-words.nix rename to configurations/home-manager/leyla/vscode/user-words.nix diff --git a/hosts/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix similarity index 100% rename from hosts/defiant/configuration.nix rename to configurations/nixos/defiant/configuration.nix diff --git a/hosts/defiant/default.nix b/configurations/nixos/defiant/default.nix similarity index 100% rename from hosts/defiant/default.nix rename to configurations/nixos/defiant/default.nix diff --git a/hosts/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix similarity index 100% rename from hosts/defiant/disko-config.nix rename to configurations/nixos/defiant/disko-config.nix diff --git a/hosts/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix similarity index 100% rename from hosts/defiant/hardware-configuration.nix rename to configurations/nixos/defiant/hardware-configuration.nix diff --git a/hosts/defiant/services.nix b/configurations/nixos/defiant/services.nix similarity index 100% rename from hosts/defiant/services.nix rename to configurations/nixos/defiant/services.nix diff --git a/hosts/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix similarity index 100% rename from hosts/horizon/configuration.nix rename to configurations/nixos/horizon/configuration.nix diff --git a/hosts/horizon/default.nix b/configurations/nixos/horizon/default.nix similarity index 100% rename from hosts/horizon/default.nix rename to configurations/nixos/horizon/default.nix diff --git a/hosts/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix similarity index 100% rename from hosts/horizon/hardware-configuration.nix rename to configurations/nixos/horizon/hardware-configuration.nix diff --git a/hosts/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix similarity index 100% rename from hosts/twilight/configuration.nix rename to configurations/nixos/twilight/configuration.nix diff --git a/hosts/twilight/default.nix b/configurations/nixos/twilight/default.nix similarity index 100% rename from hosts/twilight/default.nix rename to configurations/nixos/twilight/default.nix diff --git a/hosts/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix similarity index 100% rename from hosts/twilight/hardware-configuration.nix rename to configurations/nixos/twilight/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index bf4e9d1..90c0c06 100644 --- a/flake.lock +++ b/flake.lock @@ -198,6 +198,26 @@ "url": "https://git.lix.systems/lix-project/nixos-module" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732420287, + "narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", @@ -259,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "lix-module": "lix-module", + "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 6845fcf..566102c 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities + # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities secrets = { url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; flake = false; @@ -28,6 +28,11 @@ # url = "github:nix-community/impermanence"; # }; + nix-darwin = { + url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # users home directories home-manager = { url = "github:nix-community/home-manager"; @@ -70,7 +75,8 @@ } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkSystem = util.mkSystem; + mkNixosSystem = util.mkNixosSystem; + mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -95,6 +101,16 @@ }; }); + nixosConfigurations = { + horizon = mkNixosSystem "horizon"; + twilight = mkNixosSystem "twilight"; + defiant = mkNixosSystem "defiant"; + }; + + darwinConfigurations = { + hesperium = mkDarwinSystem "hesperium"; + }; + homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { @@ -105,11 +121,5 @@ )) self.nixosConfigurations ); - - nixosConfigurations = { - horizon = mkSystem "horizon"; - twilight = mkSystem "twilight"; - defiant = mkSystem "defiant"; - }; }; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix deleted file mode 100644 index 5454594..0000000 --- a/host-modules/home-manager/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -# modules in this folder are to adapt home manager modules defined in `home-modules` to any nix module configs that they need to set -{...}: { - imports = [ - ./flipperzero.nix - ./i18n.nix - ]; -} diff --git a/modules/default.nix b/modules/common-modules/default.nix similarity index 100% rename from modules/default.nix rename to modules/common-modules/default.nix diff --git a/modules/overlays/default.nix b/modules/common-modules/overlays/default.nix similarity index 100% rename from modules/overlays/default.nix rename to modules/common-modules/overlays/default.nix diff --git a/modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix similarity index 100% rename from modules/pkgs/default.nix rename to modules/common-modules/pkgs/default.nix diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix new file mode 100644 index 0000000..ddf2323 --- /dev/null +++ b/modules/darwin-modules/default.nix @@ -0,0 +1,6 @@ +# this folder container modules that are for darwin only +{...}: { + imports = [ + ./home-manager + ]; +} diff --git a/modules/darwin-modules/home-manager/default.nix b/modules/darwin-modules/home-manager/default.nix new file mode 100644 index 0000000..1ebec5f --- /dev/null +++ b/modules/darwin-modules/home-manager/default.nix @@ -0,0 +1,2 @@ +# modules in this folder are to adapt home-manager modules configs to darwin-module configs +{...}: {} diff --git a/home-modules/default.nix b/modules/home-manager-modules/default.nix similarity index 51% rename from home-modules/default.nix rename to modules/home-manager-modules/default.nix index b3f5c45..9fb37f2 100644 --- a/home-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,3 +1,4 @@ +# this folder container modules that are for home manager only {...}: { imports = [ ./flipperzero.nix diff --git a/home-modules/flipperzero.nix b/modules/home-manager-modules/flipperzero.nix similarity index 100% rename from home-modules/flipperzero.nix rename to modules/home-manager-modules/flipperzero.nix diff --git a/home-modules/i18n.nix b/modules/home-manager-modules/i18n.nix similarity index 100% rename from home-modules/i18n.nix rename to modules/home-manager-modules/i18n.nix diff --git a/host-modules/default.nix b/modules/nixos-modules/default.nix similarity index 74% rename from host-modules/default.nix rename to modules/nixos-modules/default.nix index 4ad79d0..1414cf2 100644 --- a/host-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -1,11 +1,12 @@ +# this folder container modules that are for nixos only {...}: { imports = [ + ./home-manager ./system.nix ./hardware.nix ./users.nix ./desktop.nix ./nix-development.nix ./i18n.nix - ./home-manager ]; } diff --git a/host-modules/desktop.nix b/modules/nixos-modules/desktop.nix similarity index 100% rename from host-modules/desktop.nix rename to modules/nixos-modules/desktop.nix diff --git a/host-modules/hardware.nix b/modules/nixos-modules/hardware.nix similarity index 100% rename from host-modules/hardware.nix rename to modules/nixos-modules/hardware.nix diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix new file mode 100644 index 0000000..3848e1b --- /dev/null +++ b/modules/nixos-modules/home-manager/default.nix @@ -0,0 +1,7 @@ +# modules in this folder are to adapt home-manager modules configs to nixos-module configs +{...}: { + imports = [ + ./flipperzero.nix + ./i18n.nix + ]; +} diff --git a/host-modules/home-manager/flipperzero.nix b/modules/nixos-modules/home-manager/flipperzero.nix similarity index 100% rename from host-modules/home-manager/flipperzero.nix rename to modules/nixos-modules/home-manager/flipperzero.nix diff --git a/host-modules/home-manager/i18n.nix b/modules/nixos-modules/home-manager/i18n.nix similarity index 100% rename from host-modules/home-manager/i18n.nix rename to modules/nixos-modules/home-manager/i18n.nix diff --git a/host-modules/i18n.nix b/modules/nixos-modules/i18n.nix similarity index 100% rename from host-modules/i18n.nix rename to modules/nixos-modules/i18n.nix diff --git a/host-modules/nix-development.nix b/modules/nixos-modules/nix-development.nix similarity index 100% rename from host-modules/nix-development.nix rename to modules/nixos-modules/nix-development.nix diff --git a/host-modules/system.nix b/modules/nixos-modules/system.nix similarity index 100% rename from host-modules/system.nix rename to modules/nixos-modules/system.nix diff --git a/host-modules/users.nix b/modules/nixos-modules/users.nix similarity index 99% rename from host-modules/users.nix rename to modules/nixos-modules/users.nix index 23771a3..e5a8a91 100644 --- a/host-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -4,7 +4,7 @@ inputs, ... }: let - SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix; + SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; host = config.host; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix new file mode 100644 index 0000000..f6605ce --- /dev/null +++ b/modules/system-modules/default.nix @@ -0,0 +1,6 @@ +# this folder container modules that are for nixos and darwin +{...}: { + imports = [ + ./home-manager + ]; +} diff --git a/modules/system-modules/home-manager/default.nix b/modules/system-modules/home-manager/default.nix new file mode 100644 index 0000000..3745b8f --- /dev/null +++ b/modules/system-modules/home-manager/default.nix @@ -0,0 +1,2 @@ +# modules in this folder are to adapt home-manager modules configs to system-module configs +{...}: {} diff --git a/util/default.nix b/util/default.nix index efd58c8..32acca1 100644 --- a/util/default.nix +++ b/util/default.nix @@ -6,6 +6,7 @@ lix-module = inputs.lix-module; nixpkgs = inputs.nixpkgs; home-manager = inputs.home-manager; + nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; systems = [ @@ -17,18 +18,34 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; - home-manager-shared-modules = [ - ../modules - ../home-modules + common-modules = [ + lix-module.nixosModules.default + ../modules/common-modules ]; + + home-manager-modules = + common-modules + ++ [ + ../modules/home-manager-modules + ]; + home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs outputs util;}; - home-manager.users = import ../homes nixpkgs; - home-manager.sharedModules = home-manager-shared-modules; + home-manager.users = import ../configurations/home-manager nixpkgs; + home-manager.sharedModules = home-manager-modules; }; + + system-modules = + common-modules + ++ [ + ../modules/system-modules + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + home-manager-config + ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -39,18 +56,26 @@ in { (lib.mkUnless condition no) ]; - mkSystem = host: + mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; - modules = [ - lix-module.nixosModules.default - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager - home-manager-config - ../modules - ../host-modules - ../hosts/${host} - ]; + modules = + system-modules + ++ [ + ../modules/nixos-modules + ../configurations/nixos/${host} + ]; + }; + + mkDarwinSystem = host: + nix-darwin.lib.darwinSystem { + specialArgs = {inherit inputs outputs util;}; + modules = + system-modules + ++ [ + ../modules/darwin-modules + ../configurations/darwin/${host} + ]; }; mkHome = user: host: system: osConfig: @@ -60,9 +85,9 @@ in { inherit inputs util outputs osConfig; }; modules = - home-manager-shared-modules + home-manager-modules ++ [ - ../homes/${user} + ../configurations/home-manager/${user} ]; }; } From 5f21fd43ff6eb643762c81e6380eb878f9b6d8ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 18:28:55 -0600 Subject: [PATCH 374/695] fixed nix-darwin building --- .../darwin/hesperium/configuration.nix | 20 ++++ configurations/darwin/hesperium/default.nix | 6 +- modules/darwin-modules/default.nix | 2 + modules/darwin-modules/system.nix | 27 ++++++ modules/darwin-modules/users.nix | 20 ++++ modules/nixos-modules/default.nix | 2 +- modules/nixos-modules/ssh.nix | 13 +++ modules/nixos-modules/system.nix | 15 --- modules/nixos-modules/users.nix | 85 ---------------- modules/system-modules/default.nix | 3 + .../nix-development.nix | 0 modules/system-modules/system.nix | 7 ++ modules/system-modules/users.nix | 97 +++++++++++++++++++ util/default.nix | 9 +- 14 files changed, 201 insertions(+), 105 deletions(-) create mode 100644 configurations/darwin/hesperium/configuration.nix create mode 100644 modules/darwin-modules/system.nix create mode 100644 modules/darwin-modules/users.nix create mode 100644 modules/nixos-modules/ssh.nix rename modules/{nixos-modules => system-modules}/nix-development.nix (100%) create mode 100644 modules/system-modules/system.nix create mode 100644 modules/system-modules/users.nix diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix new file mode 100644 index 0000000..08fc59f --- /dev/null +++ b/configurations/darwin/hesperium/configuration.nix @@ -0,0 +1,20 @@ +{...}: { + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + ester = { + isPrincipleUser = true; + isNormalUser = true; + }; + eve.isNormalUser = false; + }; + }; + + system.stateVersion = 5; + + nixpkgs.hostPlatform = "aarch64-darwin"; +} diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix index 6462967..220a6fb 100644 --- a/configurations/darwin/hesperium/default.nix +++ b/configurations/darwin/hesperium/default.nix @@ -1 +1,5 @@ -{...}: {} +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix index ddf2323..5f4447b 100644 --- a/modules/darwin-modules/default.nix +++ b/modules/darwin-modules/default.nix @@ -2,5 +2,7 @@ {...}: { imports = [ ./home-manager + ./users.nix + ./system.nix ]; } diff --git a/modules/darwin-modules/system.nix b/modules/darwin-modules/system.nix new file mode 100644 index 0000000..ee56162 --- /dev/null +++ b/modules/darwin-modules/system.nix @@ -0,0 +1,27 @@ +{self, ...}: { + system.configurationRevision = self.rev or self.dirtyRev or null; + + nix = { + gc = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + }; + }; +} diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix new file mode 100644 index 0000000..f0b55c0 --- /dev/null +++ b/modules/darwin-modules/users.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + host = config.host; +in { + users = { + users = { + leyla = { + name = lib.mkForce host.users.leyla.name; + home = lib.mkForce "/home/${host.users.leyla.name}"; + }; + ester = { + name = lib.mkForce host.users.ester.name; + home = lib.mkForce "/home/${host.users.ester.name}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 1414cf2..85e6c5a 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -6,7 +6,7 @@ ./hardware.nix ./users.nix ./desktop.nix - ./nix-development.nix + ./ssh.nix ./i18n.nix ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix new file mode 100644 index 0000000..0360cfc --- /dev/null +++ b/modules/nixos-modules/ssh.nix @@ -0,0 +1,13 @@ +{...}: { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 918c219..b839067 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,8 +1,5 @@ {...}: { nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; gc = { automatic = true; dates = "weekly"; @@ -13,16 +10,4 @@ dates = ["weekly"]; }; }; - - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e5a8a91..214ccd6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -8,7 +8,6 @@ host = config.host; - hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; # normalUsers = host.normalUsers; @@ -44,91 +43,7 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host = { - users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - config, - name, - ... - }: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - isPrincipleUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should be configured as root and have ssh access - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; - }; - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications and can log in - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); - }; - hostUsers = lib.mkOption { - default = lib.attrsets.mapAttrsToList (_: user: user) host.users; - }; - principleUsers = lib.mkOption { - default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; - }; - normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; - }; - terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; - }; - }; - config = { - assertions = - ( - builtins.map (user: { - assertion = !(user.isPrincipleUser && !user.isNormalUser); - message = '' - Non normal user ${user.name} can not be a principle user. - ''; - }) - hostUsers - ) - ++ [ - { - assertion = (builtins.length principleUsers) > 0; - message = '' - At least one user must be a principle user. - ''; - } - ]; - # principle users are by definition trusted nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix index f6605ce..637b6b5 100644 --- a/modules/system-modules/default.nix +++ b/modules/system-modules/default.nix @@ -2,5 +2,8 @@ {...}: { imports = [ ./home-manager + ./system.nix + ./nix-development.nix + ./users.nix ]; } diff --git a/modules/nixos-modules/nix-development.nix b/modules/system-modules/nix-development.nix similarity index 100% rename from modules/nixos-modules/nix-development.nix rename to modules/system-modules/nix-development.nix diff --git a/modules/system-modules/system.nix b/modules/system-modules/system.nix new file mode 100644 index 0000000..f464835 --- /dev/null +++ b/modules/system-modules/system.nix @@ -0,0 +1,7 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + }; +} diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix new file mode 100644 index 0000000..33df3d1 --- /dev/null +++ b/modules/system-modules/users.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + ... +}: let + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; +in { + options.host = { + users = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications and can log in + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + }; + + config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + }; +} diff --git a/util/default.nix b/util/default.nix index 32acca1..f04f9c9 100644 --- a/util/default.nix +++ b/util/default.nix @@ -26,6 +26,7 @@ home-manager-modules = common-modules ++ [ + sops-nix.homeManagerModules.sops ../modules/home-manager-modules ]; @@ -41,10 +42,8 @@ system-modules = common-modules ++ [ - ../modules/system-modules - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager home-manager-config + ../modules/system-modules ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -62,6 +61,8 @@ in { modules = system-modules ++ [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} ]; @@ -73,6 +74,8 @@ in { modules = system-modules ++ [ + sops-nix.darwinModules.sops + home-manager.darwinModules.home-manager ../modules/darwin-modules ../configurations/darwin/${host} ]; From 25838886153aac3477c22f04ddcc621ca3df9086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 19:05:13 -0600 Subject: [PATCH 375/695] added darwinConfigurations to homeConfigurations outputs --- flake.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 566102c..152ea63 100644 --- a/flake.nix +++ b/flake.nix @@ -75,9 +75,21 @@ } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; + mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + + systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( + nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( + nixpkgs.lib.attrsets.mapAttrs' (user: _: { + name = "${user}@${hostname}"; + value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + }) + system.config.home-manager.users + )) + (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations) + ); in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -111,15 +123,11 @@ hesperium = mkDarwinSystem "hesperium"; }; - homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( - nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( - nixpkgs.lib.attrsets.mapAttrs' (user: _: { - name = "${user}@${hostname}"; - value = mkHome user hostname system.pkgs.hostPlatform.system system.config; - }) - system.config.home-manager.users - )) - self.nixosConfigurations - ); + homeConfigurations = + systemsHomes + // { + # stand alone configurations here: + # name = mkHome "name" + }; }; } From c487b261125b1c3c92fdabfac6362b120fcb36b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 20:32:25 -0600 Subject: [PATCH 376/695] added entry to host map --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ff8534..f1f554f 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | NAS Server | Leyla | Service | +| `defiant` | NAS Server | Leyla | Server | +| `hesperium` | Mac | ????? | ??? | | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | From 9d888222669e6f2ebd4e875d5f6dab7dcdb97f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 22:37:08 -0600 Subject: [PATCH 377/695] started draft for installer --- build-installer.sh | 30 +++++++++++++ .../installer/basic/configuration.nix | 19 ++++++++ configurations/installer/basic/default.nix | 5 +++ flake.nix | 45 ++++++++++++------- util/default.nix | 10 +++++ 5 files changed, 94 insertions(+), 15 deletions(-) create mode 100644 build-installer.sh create mode 100644 configurations/installer/basic/configuration.nix create mode 100644 configurations/installer/basic/default.nix diff --git a/build-installer.sh b/build-installer.sh new file mode 100644 index 0000000..e124091 --- /dev/null +++ b/build-installer.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + # --user*|-u*) + # if [[ "$1" != *=* ]]; then shift; fi + # user="${1#*=}" + # ;; + --help|-h) + echo "--help -h: print this message" + echo "--flake -f: set the flake to build an installer for" + # echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +flake=${flake:-"basic"} +user=${user:-$USER} + +nix build .#installerConfigurations.$flake.config.system.build.isoImage \ No newline at end of file diff --git a/configurations/installer/basic/configuration.nix b/configurations/installer/basic/configuration.nix new file mode 100644 index 0000000..4e63727 --- /dev/null +++ b/configurations/installer/basic/configuration.nix @@ -0,0 +1,19 @@ +{ + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")]; + + systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host" + ]; + + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + + networking.hostName = "installer"; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/configurations/installer/basic/default.nix b/configurations/installer/basic/default.nix new file mode 100644 index 0000000..220a6fb --- /dev/null +++ b/configurations/installer/basic/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/flake.nix b/flake.nix index 152ea63..e90e17c 100644 --- a/flake.nix +++ b/flake.nix @@ -76,10 +76,30 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; + mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + installerSystems = { + basic = mkNixosInstaller "basic" []; + }; + + nixosSystems = { + horizon = mkNixosSystem "horizon"; + twilight = mkNixosSystem "twilight"; + defiant = mkNixosSystem "defiant"; + }; + + darwinSystems = { + hesperium = mkDarwinSystem "hesperium"; + }; + + homeSystems = { + # stand alone home manager configurations here: + # name = mkHome "name" + }; + systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { @@ -88,8 +108,12 @@ }) system.config.home-manager.users )) - (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations) + (nixosSystems // darwinSystems) ); + + homeConfigurations = + systemsHomes + // homeSystems; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -113,21 +137,12 @@ }; }); - nixosConfigurations = { - horizon = mkNixosSystem "horizon"; - twilight = mkNixosSystem "twilight"; - defiant = mkNixosSystem "defiant"; - }; + installerConfigurations = installerSystems; - darwinConfigurations = { - hesperium = mkDarwinSystem "hesperium"; - }; + nixosConfigurations = nixosSystems; - homeConfigurations = - systemsHomes - // { - # stand alone configurations here: - # name = mkHome "name" - }; + darwinConfigurations = darwinSystems; + + homeConfigurations = homeConfigurations; }; } diff --git a/util/default.nix b/util/default.nix index f04f9c9..41d985a 100644 --- a/util/default.nix +++ b/util/default.nix @@ -55,6 +55,16 @@ in { (lib.mkUnless condition no) ]; + mkNixosInstaller = host: userKeys: + nixpkgs.lib.nixosSystem { + modules = [ + { + # TODO: authorized keys for all users + } + ../configurations/nixos/${host} + ]; + }; + mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; From aa5ac89d24d874b32d2b04ac9bada9a64a2ac85c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 29 Nov 2024 15:24:04 -0600 Subject: [PATCH 378/695] updated flake.lock --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 90c0c06..b87338f 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732482708, - "narHash": "sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk=", + "lastModified": 1732894783, + "narHash": "sha256-7hBU7L07hYPNjamlm/v5scUUwsHQJvyb1a4flozHNt0=", "owner": "nix-community", "repo": "disko", - "rev": "47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a", + "rev": "a75ba3b87b7ff230ca8b3a1fbfd4ad907a1a5fa2", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732479769, - "narHash": "sha256-barZy95JsQt4G9EDZ7RNrjgTneelXXfSzRLJJvokjsI=", + "lastModified": 1732885410, + "narHash": "sha256-2j7D78uvwmlK8pjrMlgLQ8TaeBanDh+XelecDIhYBuY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "80bf66046d8b8624c5991a0c8e512b211acce2b2", + "rev": "9eee63f59ec8d181539d1920a0540094769706ac", "type": "gitlab" }, "original": { @@ -45,11 +45,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1732722421, + "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", "ref": "stable", - "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", - "revCount": 110, + "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", + "revCount": 113, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -205,11 +205,11 @@ ] }, "locked": { - "lastModified": 1732420287, - "narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=", + "lastModified": 1732603785, + "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a", + "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1732499683, - "narHash": "sha256-Hw95rpgNiyAL4v9pJF2756PMud6O0p/1XQixs5f/Shk=", + "lastModified": 1732845259, + "narHash": "sha256-9TCmYZDamS853/KYtIESi8sAKomQWZXSxI1MaB3rGJ8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b376bfa567fd25f9f22b6f51ffaa4f84d0b7c72f", + "rev": "06e54246d3c91e3d5015027516100b58fc3ec986", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -311,11 +311,11 @@ ] }, "locked": { - "lastModified": 1732186149, - "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", + "lastModified": 1732575825, + "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", + "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "type": "github" }, "original": { From 7c296ffb6aba1c6d4bdb24f7e9e8b46631822a25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Dec 2024 06:56:44 -0600 Subject: [PATCH 379/695] added task to README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f1f554f..b503706 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ +- this guy might have a working zfs disko impermanence system - https://github.com/djacu/nixos-config/blob/main/hosts/adalon/disko-config.nix # Tasks: @@ -54,4 +55,5 @@ - mastodon server - tail scale clients - wake on LAN -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- Immich \ No newline at end of file From c016efc0ee79e04a02b3d444c8be49aee9dcd10e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Dec 2024 18:37:36 -0600 Subject: [PATCH 380/695] added note to install script --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 0ed7cb8..c77d748 100755 --- a/install.sh +++ b/install.sh @@ -39,6 +39,7 @@ if [ -z ${flake} ]; then exit 1; fi +# TODO: we might not need to copy the key over here anymore? temp=$(mktemp -d) # Function to cleanup temporary directory on exit cleanup() { From d2b3f0116e7e50907cb4e64988b1e5318c70456e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Dec 2024 20:06:57 -0600 Subject: [PATCH 381/695] updated flake lock and removed lix --- flake.lock | 143 ++++++++++------------------------------------- flake.nix | 6 -- util/default.nix | 2 - 3 files changed, 28 insertions(+), 123 deletions(-) diff --git a/flake.lock b/flake.lock index b87338f..7d882de 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732894783, - "narHash": "sha256-7hBU7L07hYPNjamlm/v5scUUwsHQJvyb1a4flozHNt0=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "a75ba3b87b7ff230ca8b3a1fbfd4ad907a1a5fa2", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732885410, - "narHash": "sha256-2j7D78uvwmlK8pjrMlgLQ8TaeBanDh+XelecDIhYBuY=", + "lastModified": 1733354814, + "narHash": "sha256-GNtstc88gUJllOun6UFQzg7P+fDtWkajxN4kUKPLFsw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9eee63f59ec8d181539d1920a0540094769706ac", + "rev": "fd1cc13f297bb18b85a776060edca35b18c7a324", "type": "gitlab" }, "original": { @@ -45,11 +45,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -93,24 +93,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -125,21 +107,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -147,11 +114,11 @@ ] }, "locked": { - "lastModified": 1732884235, - "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", + "lastModified": 1733354384, + "narHash": "sha256-foZG2PLwumxYZkpXq7ajHDhuQlXaUeKfOpFfQpMviLM=", "owner": "nix-community", "repo": "home-manager", - "rev": "819f682269f4e002884702b87e445c82840c68f2", + "rev": "0daaded612b0e6eaed0a63fc9d0778d8f05940fe", "type": "github" }, "original": { @@ -160,44 +127,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "ref": "stable", - "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", - "revCount": 113, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "stable", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -205,11 +134,11 @@ ] }, "locked": { - "lastModified": 1732603785, - "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", + "lastModified": 1733351379, + "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", + "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", "type": "github" }, "original": { @@ -221,17 +150,17 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1732845259, - "narHash": "sha256-9TCmYZDamS853/KYtIESi8sAKomQWZXSxI1MaB3rGJ8=", + "lastModified": 1733277416, + "narHash": "sha256-+r1bhEqW0ACV+E8TID6FvW0/YJ+46SQ9yk6DpyHtRWg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "06e54246d3c91e3d5015027516100b58fc3ec986", + "rev": "3ea774bace6ac2f8db48a1c1d59271e0209e4b96", "type": "github" }, "original": { @@ -242,11 +171,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733217105, + "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", "type": "github" }, "original": { @@ -258,11 +187,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -278,7 +207,6 @@ "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -311,11 +239,11 @@ ] }, "locked": { - "lastModified": 1732575825, - "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { @@ -338,21 +266,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e90e17c..bcc31d7 100644 --- a/flake.nix +++ b/flake.nix @@ -60,12 +60,6 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; - - # lix in nice ig - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { diff --git a/util/default.nix b/util/default.nix index 41d985a..ce85a7f 100644 --- a/util/default.nix +++ b/util/default.nix @@ -3,7 +3,6 @@ outputs = inputs.self.outputs; lib = inputs.lib; - lix-module = inputs.lix-module; nixpkgs = inputs.nixpkgs; home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; @@ -19,7 +18,6 @@ pkgsFor = system: nixpkgs.legacyPackages.${system}; common-modules = [ - lix-module.nixosModules.default ../modules/common-modules ]; From 848c57caa04b2c6b103144b552c4cad8a555a511 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Dec 2024 21:58:11 -0600 Subject: [PATCH 382/695] got impermanence to wipe drive --- configurations/home-manager/leyla/default.nix | 1 + .../home-manager/leyla/impermanence.nix | 21 ++ .../nixos/defiant/configuration.nix | 57 +++-- configurations/nixos/defiant/default.nix | 3 +- configurations/nixos/defiant/disko-config.nix | 196 ++++++++++-------- .../nixos/defiant/hardware-configuration.nix | 122 +---------- configurations/nixos/defiant/impermanence.nix | 87 ++++++++ flake.lock | 16 ++ flake.nix | 9 +- util/default.nix | 3 + 10 files changed, 281 insertions(+), 234 deletions(-) create mode 100644 configurations/home-manager/leyla/impermanence.nix create mode 100644 configurations/nixos/defiant/impermanence.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index ba8535d..48d38db 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -6,6 +6,7 @@ imports = [ ./i18n.nix ./packages.nix + ./impermanence.nix ]; config = { diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix new file mode 100644 index 0000000..c5f228f --- /dev/null +++ b/configurations/home-manager/leyla/impermanence.nix @@ -0,0 +1,21 @@ +{...}: { + home.persistence."/persistent/home/leyla" = { + directories = [ + "desktop" + "downloads" + "documents" + ".ssh" + ".nixops" + ".local/share/keyrings" + ".local/share/direnv" + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; + # files = [ + # ".screenrc" + # ]; + allowOther = true; + }; +} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 009442e..ec728ca 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -6,7 +6,7 @@ }: { imports = [ inputs.disko.nixosModules.disko - ./services.nix + # ./services.nix ]; nixpkgs.config.allowUnfree = true; @@ -23,37 +23,30 @@ }; }; - boot.loader.grub = { - enable = true; - zfsSupport = true; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - apps = { - base_domain = "jan-leila.com"; - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - pihole = { - image = "pihole/pihole:2024.07.0"; - ip = "192.168.1.201"; - }; - headscale = { - subdomain = "vpn"; - }; - jellyfin = { - subdomain = "media"; - }; - forgejo = { - subdomain = "git"; - }; - nextcloud = { - subdomain = "drive"; - }; - }; + # apps = { + # base_domain = "jan-leila.com"; + # macvlan = { + # subnet = "192.168.1.0/24"; + # gateway = "192.168.1.1"; + # networkInterface = "bond0"; + # }; + # pihole = { + # image = "pihole/pihole:2024.07.0"; + # ip = "192.168.1.201"; + # }; + # headscale = { + # subdomain = "vpn"; + # }; + # jellyfin = { + # subdomain = "media"; + # }; + # forgejo = { + # subdomain = "git"; + # }; + # nextcloud = { + # subdomain = "drive"; + # }; + # }; services = { zfs = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 36e1b6f..d5ea594 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -1,8 +1,9 @@ # server nas {...}: { imports = [ - ./configuration.nix ./disko-config.nix ./hardware-configuration.nix + ./impermanence.nix + ./configuration.nix ]; } diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix index 0be19c4..82fd480 100644 --- a/configurations/nixos/defiant/disko-config.nix +++ b/configurations/nixos/defiant/disko-config.nix @@ -1,26 +1,4 @@ -{...}: let - bootDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - }; - }; - }; +{lib, ...}: let zfsDisk = devicePath: { type = "disk"; device = devicePath; @@ -37,41 +15,41 @@ }; }; }; - # cacheDisk = devicePath: swapSize: { - # type = "disk"; - # device = devicePath; - # content = { - # type = "gpt"; - # partitions = { - # encryptedSwap = { - # size = swapSize; - # content = { - # type = "swap"; - # randomEncryption = true; - # discardPolicy = "both"; - # resumeDevice = true; - # }; - # }; - # zfs = { - # size = "100%"; - # content = { - # type = "zfs"; - # pool = "rpool"; - # }; - # }; - # }; - # }; - # }; + cacheDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; in { disko.devices = { disk = { - boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - - # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; + ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; }; zpool = { rpool = { @@ -84,58 +62,106 @@ in { # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? mode = "mirror"; members = [ - "hd_13_tb_a" - "hd_13_tb_b" - "hd_13_tb_c" + "hd_18_tb_a" + "hd_18_tb_b" + "hd_18_tb_c" ]; } ]; - cache = []; - # cache = [ "ssd_2_tb_a" ];z + cache = ["ssd_4_tb_a"]; }; }; options = { ashift = "12"; + autotrim = "on"; }; - rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - compression = "lz4"; - xattr = "sa"; - acltype = "posixacl"; - canmount = "off"; - "com.sun:auto-snapshot" = "false"; - }; + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + + compression = "lz4"; + + "com.sun:auto-snapshot" = "false"; + } + # TODO: have an option to enable encryption + // lib.attrsets.optionalAttrs false { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + }; datasets = { - root = { + # local datasets are for data that should be considered ephemeral + "local" = { type = "zfs_fs"; - mountpoint = "/"; - options.mountpoint = "legacy"; - postCreateHook = "zfs snapshot rpool/root@blank"; + options.canmount = "off"; }; - home = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/home"; - postCreateHook = "zfs snapshot rpool/home@blank"; - }; - nix = { + # the nix directory is local because its all generable from our configuration + "local/system/nix" = { type = "zfs_fs"; mountpoint = "/nix"; - }; - persistent = { - type = "zfs_fs"; - mountpoint = "/persistent"; options = { - "com.sun:auto-snapshot" = "true"; + atime = "off"; + relatime = "off"; + canmount = "on"; }; }; + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + "local/home/leyla" = { + type = "zfs_fs"; + mountpoint = "/home/leyla"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/home/leyla@blank + ''; + }; + + # persist datasets are datasets that contain information that we would like to keep around + "persist" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/persist/system/root"; + options = { + "com.sun:auto-snapshot" = "true"; + mountpoint = "/persist/system/root"; + }; + }; + "persist/home/leyla" = { + type = "zfs_fs"; + mountpoint = "/persist/home/leyla"; + options = { + "com.sun:auto-snapshot" = "true"; + mountpoint = "/persist/home/leyla"; + }; + }; + + # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system }; }; }; }; + networking = { + hostId = "c51763d6"; + }; } diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index b55bcfd..425cbc2 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -11,136 +11,32 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - security.sudo.extraConfig = "Defaults lecture=never"; - boot = { initrd = { - availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; + availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod"]; kernelModules = []; - # TODO: figure out some kind of snapshotting before rollbacks - # postDeviceCommands = lib.mkAfter '' - # zfs rollback -r rpool/root@blank - # zfs rollback -r rpool/home@blank - # ''; - # systemd = { - # enable = lib.mkDefault true; - # services.rollback = { - # description = "Rollback root filesystem to a pristine state on boot"; - # wantedBy = [ - # "zfs.target" - # "initrd.target" - # ]; - # after = [ - # "zfs-import-rpool.service" - # ]; - # before = [ - # "sysroot.mount" - # "fs.target" - # ]; - # path = with pkgs; [ - # zfs - # ]; - # unitConfig.DefaultDependencies = "no"; - # # serviceConfig = { - # # Type = "oneshot"; - # # ExecStart = - # # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; - # # }; - # serviceConfig.Type = "oneshot"; - # script = '' - # zfs list -t snapshot || echo - # zfs rollback -r rpool/root@blank - # zfs rollback -r rpool/home@blank - # ''; - # }; - # }; }; kernelModules = ["kvm-amd"]; - kernelParams = ["quiet"]; extraModulePackages = []; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; supportedFilesystems = ["zfs"]; zfs.extraPools = ["rpool"]; }; - swapDevices = []; - - # fileSystems = { - # "/" = { - # neededForBoot = true; - # }; - - # "/home" = { - # neededForBoot = true; - # }; - - # "/persistent" = { - # neededForBoot = true; - # }; - # }; - networking = { - hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. useNetworkd = true; }; - # environment.persistence."/persistent" = { - # enable = true; - # hideMounts = true; - # directories = [ - # # "/run/secrets" - - # "/etc/ssh" - - # "/var/log" - # "/var/lib/nixos" - # "/var/lib/systemd/coredump" - - # # config.apps.pihole.directory.root - - # # config.apps.jellyfin.mediaDirectory - # # config.services.jellyfin.configDir - # # config.services.jellyfin.cacheDir - # # config.services.jellyfin.dataDir - - # # "/var/hass" # config.users.users.hass.home - # # "/var/postgresql" # config.users.users.postgresql.home - # # "/var/forgejo" # config.users.users.forgejo.home - # # "/var/nextcloud" # config.users.users.nextcloud.home - # # "/var/headscale" # config.users.users.headscale.home - # ]; - # files = [ - # "/etc/machine-id" - # # config.environment.sessionVariables.SOPS_AGE_KEY_FILE - # ]; - # users.leyla = { - # directories = [ - # "documents" - # ".ssh" - # ]; - # files = []; - # }; - # }; - - # systemd.services = { - # # https://github.com/openzfs/zfs/issues/10891 - # systemd-udev-settle.enable = false; - # # Snapshots are not accessible on boot for some reason this should fix it - # # https://github.com/NixOS/nixpkgs/issues/257505 - # zfs-mount = { - # serviceConfig = { - # # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ]; - # ExecStart = [ - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount" - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount" - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" - # ]; - # }; - # }; - # }; - systemd.network = { enable = true; diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix new file mode 100644 index 0000000..9d8b2af --- /dev/null +++ b/configurations/nixos/defiant/impermanence.nix @@ -0,0 +1,87 @@ +{ + lib, + config, + ... +}: { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/local/home/leyla@blank + ''; + + # systemd.services = { + # # https://github.com/openzfs/zfs/issues/10891 + # systemd-udev-settle.enable = false; + # # Snapshots are not accessible on boot for some reason this should fix it + # # https://github.com/NixOS/nixpkgs/issues/257505 + # zfs-mount = { + # serviceConfig = { + # ExecStart = ["zfs mount -a -o remount"]; + # # ExecStart = [ + # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount" + # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" + # # ]; + # }; + # }; + # }; + + # boot.initrd.systemd.services.rollback = { + # description = "Rollback filesystem to a pristine state on boot"; + # wantedBy = [ + # "initrd.target" + # ]; + # after = [ + # "zfs-import-rpool.service" + # ]; + # before = [ + # "sysroot.mount" + # ]; + # requiredBy = [ + # "sysroot.mount" + # ]; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = '' + # zfs rollback -r rpool/local/system/root@blank + # zfs rollback -r rpool/local/home@blank + # ''; + # }; + # }; + + fileSystems."/".neededForBoot = true; + fileSystems."/home/leyla".neededForBoot = true; + fileSystems."/persist/system/root".neededForBoot = true; + fileSystems."/persist/home/leyla".neededForBoot = true; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/run/secrets" + + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + config.environment.sessionVariables.SOPS_AGE_KEY_FILE + ]; + }; + + security.sudo.extraConfig = "Defaults lecture=never"; +} diff --git a/flake.lock b/flake.lock index 7d882de..83f85f8 100644 --- a/flake.lock +++ b/flake.lock @@ -127,6 +127,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -207,6 +222,7 @@ "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index bcc31d7..54d1f7d 100644 --- a/flake.nix +++ b/flake.nix @@ -24,9 +24,9 @@ }; # delete your darlings - # impermanence = { - # url = "github:nix-community/impermanence"; - # }; + impermanence = { + url = "github:nix-community/impermanence"; + }; nix-darwin = { url = "github:LnL7/nix-darwin"; @@ -65,6 +65,9 @@ outputs = { self, nixpkgs, + sops-nix, + home-manager, + impermanence, ... } @ inputs: let util = import ./util {inherit inputs;}; diff --git a/util/default.nix b/util/default.nix index ce85a7f..9ddb5e8 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + impermanence = inputs.impermanence; systems = [ "aarch64-darwin" @@ -25,6 +26,7 @@ common-modules ++ [ sops-nix.homeManagerModules.sops + impermanence.homeManagerModules.impermanence ../modules/home-manager-modules ]; @@ -70,6 +72,7 @@ in { system-modules ++ [ sops-nix.nixosModules.sops + impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} From 131f730caf2acd8bdaa2683c2fa85ffb4e3b0fcb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 9 Dec 2024 10:52:59 -0600 Subject: [PATCH 383/695] added webtoons dl --- configurations/nixos/horizon/configuration.nix | 12 +++++++++++- configurations/nixos/horizon/webtoon-dl.nix | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 configurations/nixos/horizon/webtoon-dl.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 593274c..2d16c74 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + pkgs, + ... +}: { imports = [ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -17,6 +21,12 @@ }; }; + environment.systemPackages = [ + (pkgs.callPackage + ./webtoon-dl.nix + {}) + ]; + # enabled virtualisation for docker # virtualisation.docker = { # enable = true; diff --git a/configurations/nixos/horizon/webtoon-dl.nix b/configurations/nixos/horizon/webtoon-dl.nix new file mode 100644 index 0000000..4341098 --- /dev/null +++ b/configurations/nixos/horizon/webtoon-dl.nix @@ -0,0 +1,18 @@ +{ + buildGoModule, + fetchFromGitHub, + ... +}: +buildGoModule rec { + pname = "webtoon-dl"; + version = "0.0.10"; + + src = fetchFromGitHub { + owner = "robinovitch61"; + repo = "webtoon-dl"; + rev = "v${version}"; + hash = "sha256-geVb3LFPZxPQYARZnaqOr5sgaN6mqkEX5ZiLvg8mF5k="; + }; + + vendorHash = "sha256-NTqUygJ6b6kTnLUnJqxCo/URzaRouPLACEPi2Ob1s9w="; +} From c28731a1a7a26393c854992c4b1914cf0b640ddf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 9 Dec 2024 16:57:13 -0600 Subject: [PATCH 384/695] made impermanence work --- configurations/nixos/defiant/disko-config.nix | 18 ++++++++++++++++-- configurations/nixos/defiant/impermanence.nix | 8 ++------ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix index 82fd480..677a646 100644 --- a/configurations/nixos/defiant/disko-config.nix +++ b/configurations/nixos/defiant/disko-config.nix @@ -48,6 +48,9 @@ in { hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q"; + hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J"; + hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV"; ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; }; @@ -59,12 +62,14 @@ in { type = "topology"; vdev = [ { - # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - mode = "mirror"; + mode = "raidz2"; members = [ "hd_18_tb_a" "hd_18_tb_b" "hd_18_tb_c" + "hd_18_tb_d" + "hd_18_tb_e" + "hd_18_tb_f" ]; } ]; @@ -113,6 +118,15 @@ in { canmount = "on"; }; }; + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = import ../../../const/sops_age_key_directory.nix; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; "local/system/root" = { type = "zfs_fs"; mountpoint = "/"; diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix index 9d8b2af..13a380e 100644 --- a/configurations/nixos/defiant/impermanence.nix +++ b/configurations/nixos/defiant/impermanence.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{lib, ...}: { boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank zfs rollback -r rpool/local/home/leyla@blank @@ -51,6 +47,7 @@ fileSystems."/home/leyla".neededForBoot = true; fileSystems."/persist/system/root".neededForBoot = true; fileSystems."/persist/home/leyla".neededForBoot = true; + fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true; environment.persistence."/persist/system/root" = { enable = true; @@ -79,7 +76,6 @@ ]; files = [ "/etc/machine-id" - config.environment.sessionVariables.SOPS_AGE_KEY_FILE ]; }; From 30ad3c91b9951535cb5f9ce69f6391ffa2bc5b48 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Dec 2024 23:43:53 -0600 Subject: [PATCH 385/695] made disko/impermanence config into a module --- .../nixos/defiant/configuration.nix | 34 +- configurations/nixos/defiant/default.nix | 2 - configurations/nixos/defiant/disko-config.nix | 181 ------- configurations/nixos/defiant/impermanence.nix | 85 +--- modules/nixos-modules/default.nix | 2 + modules/nixos-modules/disko.nix | 168 +++++++ modules/nixos-modules/impermanence.nix | 110 +++++ modules/nixos-modules/users.nix | 446 ++++++++++-------- modules/system-modules/users.nix | 7 +- util/default.nix | 2 + 10 files changed, 571 insertions(+), 466 deletions(-) delete mode 100644 configurations/nixos/defiant/disko-config.nix create mode 100644 modules/nixos-modules/disko.nix create mode 100644 modules/nixos-modules/impermanence.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ec728ca..c7aec9b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,11 +1,6 @@ # server nas -{ - inputs, - pkgs, - ... -}: { +{pkgs, ...}: { imports = [ - inputs.disko.nixosModules.disko # ./services.nix ]; @@ -21,6 +16,33 @@ ester.isNormalUser = false; eve.isNormalUser = false; }; + impermanence.enable = true; + storage = { + enable = true; + encryption = true; + pool = { + drives = [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NT001-3NF101_ZVTEZACV" + ]; + cache = [ + "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" + ]; + # extraDatasets = { + # "persist/system/var/lib/jellyfin/media" = { + # type = "zfs_fs"; + # mountpoint = "/persist/system/var/lib/jellyfin/media"; + # }; + # }; + }; + }; + }; + networking = { + hostId = "c51763d6"; }; # apps = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index d5ea594..fe850af 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -1,9 +1,7 @@ # server nas {...}: { imports = [ - ./disko-config.nix ./hardware-configuration.nix - ./impermanence.nix ./configuration.nix ]; } diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix deleted file mode 100644 index 677a646..0000000 --- a/configurations/nixos/defiant/disko-config.nix +++ /dev/null @@ -1,181 +0,0 @@ -{lib, ...}: let - zfsDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; - cacheDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - size = "64M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; -in { - disko.devices = { - disk = { - hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q"; - hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J"; - hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV"; - - ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; - }; - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = [ - { - mode = "raidz2"; - members = [ - "hd_18_tb_a" - "hd_18_tb_b" - "hd_18_tb_c" - "hd_18_tb_d" - "hd_18_tb_e" - "hd_18_tb_f" - ]; - } - ]; - cache = ["ssd_4_tb_a"]; - }; - }; - - options = { - ashift = "12"; - autotrim = "on"; - }; - - rootFsOptions = - { - canmount = "off"; - mountpoint = "none"; - - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - - compression = "lz4"; - - "com.sun:auto-snapshot" = "false"; - } - # TODO: have an option to enable encryption - // lib.attrsets.optionalAttrs false { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; - }; - - datasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # the nix directory is local because its all generable from our configuration - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = import ../../../const/sops_age_key_directory.nix; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - "local/home/leyla" = { - type = "zfs_fs"; - mountpoint = "/home/leyla"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/leyla@blank - ''; - }; - - # persist datasets are datasets that contain information that we would like to keep around - "persist" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - "persist/system/root" = { - type = "zfs_fs"; - mountpoint = "/persist/system/root"; - options = { - "com.sun:auto-snapshot" = "true"; - mountpoint = "/persist/system/root"; - }; - }; - "persist/home/leyla" = { - type = "zfs_fs"; - mountpoint = "/persist/home/leyla"; - options = { - "com.sun:auto-snapshot" = "true"; - mountpoint = "/persist/home/leyla"; - }; - }; - - # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system - }; - }; - }; - }; - networking = { - hostId = "c51763d6"; - }; -} diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix index 13a380e..9339d40 100644 --- a/configurations/nixos/defiant/impermanence.nix +++ b/configurations/nixos/defiant/impermanence.nix @@ -1,83 +1,4 @@ -{lib, ...}: { - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - zfs rollback -r rpool/local/home/leyla@blank - ''; - - # systemd.services = { - # # https://github.com/openzfs/zfs/issues/10891 - # systemd-udev-settle.enable = false; - # # Snapshots are not accessible on boot for some reason this should fix it - # # https://github.com/NixOS/nixpkgs/issues/257505 - # zfs-mount = { - # serviceConfig = { - # ExecStart = ["zfs mount -a -o remount"]; - # # ExecStart = [ - # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount" - # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" - # # ]; - # }; - # }; - # }; - - # boot.initrd.systemd.services.rollback = { - # description = "Rollback filesystem to a pristine state on boot"; - # wantedBy = [ - # "initrd.target" - # ]; - # after = [ - # "zfs-import-rpool.service" - # ]; - # before = [ - # "sysroot.mount" - # ]; - # requiredBy = [ - # "sysroot.mount" - # ]; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = '' - # zfs rollback -r rpool/local/system/root@blank - # zfs rollback -r rpool/local/home@blank - # ''; - # }; - # }; - - fileSystems."/".neededForBoot = true; - fileSystems."/home/leyla".neededForBoot = true; - fileSystems."/persist/system/root".neededForBoot = true; - fileSystems."/persist/home/leyla".neededForBoot = true; - fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/run/secrets" - - "/etc/ssh" - - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - - # config.apps.pihole.directory.root - - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir - - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home - ]; - files = [ - "/etc/machine-id" - ]; - }; - - security.sudo.extraConfig = "Defaults lecture=never"; +{...}: { + # fileSystems."/home/leyla".neededForBoot = true; + # fileSystems."/persist/home/leyla".neededForBoot = true; } diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 85e6c5a..9461612 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,5 +8,7 @@ ./desktop.nix ./ssh.nix ./i18n.nix + ./impermanence.nix + ./disko.nix ]; } diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix new file mode 100644 index 0000000..b65538d --- /dev/null +++ b/modules/nixos-modules/disko.nix @@ -0,0 +1,168 @@ +{ + lib, + config, + inputs, + ... +}: let + # there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to + # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + vdevs = + builtins.map ( + disks: + builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks + ) + config.host.storage.pool.vdevs; + cache = + builtins.map ( + disk: lib.attrsets.nameValuePair (hashDisk disk) disk + ) + config.host.storage.pool.cache; +in { + options.host.storage = { + enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; + encryption = lib.mkEnableOption "is the vdev going to be encrypted"; + pool = { + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + drives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be in the vdev"; + default = []; + }; + cache = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be used as cache"; + default = []; + }; + extraDatasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + description = "List of datasets to define"; + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.storage.enable { + disko.devices = { + disk = ( + builtins.listToAttrs ( + ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + (lib.lists.flatten vdevs) + ) + ++ ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + cache + ) + ) + ); + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = ( + builtins.map (disks: { + mode = "raidz2"; + members = + builtins.map (disk: disk.name) disks; + }) + vdevs + ); + cache = builtins.map (disk: disk.name) cache; + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + + compression = "lz4"; + + "com.sun:auto-snapshot" = "false"; + } + // ( + lib.attrsets.optionalAttrs config.host.storage.encryption { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + } + ); + + datasets = lib.mkMerge [ + (lib.attrsets.mapAttrs (name: value: { + type = value.type; + options = value.options; + mountpoint = value.mountpoint; + postCreateHook = value.postCreateHook; + }) + config.host.storage.pool.extraDatasets) + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix new file mode 100644 index 0000000..a923b82 --- /dev/null +++ b/modules/nixos-modules/impermanence.nix @@ -0,0 +1,110 @@ +{ + config, + lib, + ... +}: { + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; + + # TODO: validate that config.host.storage.enable is enabled + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.impermanence.enable && !config.host.storage.enable); + message = '' + Disko storage must be enabled to use impermanence. + ''; + } + ]; + } + ( + lib.mkIf config.host.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + 1 ''; + + fileSystems = { + "/".neededForBoot = true; + "/persist/system/root".neededForBoot = true; + }; + + host.storage.pool.extraDatasets = { + # local datasets are for data that should be considered ephemeral + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + + # persist datasets are datasets that contain information that we would like to keep around + "persist" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # this is where root data actually lives + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/persist/system/root"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mountpoint = "/persist/system/var/log"; + }; + }; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + ]; + }; + + security.sudo.extraConfig = "Defaults lecture=never"; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 214ccd6..6fe37fd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -10,7 +10,7 @@ principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; - # normalUsers = host.normalUsers; + normalUsers = host.normalUsers; uids = { leyla = 1000; @@ -43,213 +43,273 @@ ester = users.ester.name; eve = users.eve.name; in { - config = { - # principle users are by definition trusted - nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; + config = lib.mkMerge [ + { + # principle users are by definition trusted + nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; - # we should only be able to ssh into principle users of a computer who are also set up for terminal access - services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); + # we should only be able to ssh into principle users of a computer who are also set up for terminal access + services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); - # we need to set up env variables to nix can find keys to decrypt passwords on rebuild - environment = { - sessionVariables = { - SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - # set up user passwords - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - - secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + # we need to set up env variables to nix can find keys to decrypt passwords on rebuild + environment = { + sessionVariables = { + SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; + }; + + # set up user passwords + sops = { + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; + }; + + secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; - }; - users = { - mutableUsers = false; users = { - leyla = { - uid = lib.mkForce uids.leyla; - name = lib.mkForce host.users.leyla.name; - description = "Leyla"; - extraGroups = - (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) - ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) - ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = host.users.leyla.isNormalUser; - isSystemUser = !host.users.leyla.isNormalUser; - group = config.users.users.leyla.name; - }; - - ester = { - uid = lib.mkForce uids.ester; - name = lib.mkForce host.users.ester.name; - description = "Ester"; - extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = host.users.ester.isNormalUser; - isSystemUser = !host.users.ester.isNormalUser; - group = config.users.users.ester.name; - }; - - eve = { - uid = lib.mkForce uids.eve; - name = lib.mkForce host.users.eve.name; - description = "Eve"; - extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = host.users.eve.isNormalUser; - isSystemUser = !host.users.eve.isNormalUser; - group = config.users.users.eve.name; - }; - - jellyfin = { - uid = lib.mkForce uids.jellyfin; - isSystemUser = true; - group = config.users.users.jellyfin.name; - }; - - forgejo = { - uid = lib.mkForce uids.forgejo; - isSystemUser = true; - group = config.users.users.forgejo.name; - }; - - pihole = { - uid = lib.mkForce uids.pihole; - isSystemUser = true; - group = config.users.users.pihole.name; - }; - - hass = { - uid = lib.mkForce uids.hass; - isSystemUser = true; - group = config.users.users.hass.name; - }; - - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - - nextcloud = { - uid = lib.mkForce uids.nextcloud; - isSystemUser = true; - group = config.users.users.nextcloud.name; - }; - }; - - groups = { - leyla = { - gid = lib.mkForce gids.leyla; - members = [ - leyla - ]; - }; - - ester = { - gid = lib.mkForce gids.ester; - members = [ - ester - ]; - }; - - eve = { - gid = lib.mkForce gids.eve; - members = [ - eve - ]; - }; - + mutableUsers = false; users = { - gid = lib.mkForce gids.users; - members = [ - leyla - ester - eve - ]; + leyla = { + uid = lib.mkForce uids.leyla; + name = lib.mkForce host.users.leyla.name; + description = "Leyla"; + extraGroups = + (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + isNormalUser = host.users.leyla.isNormalUser; + isSystemUser = !host.users.leyla.isNormalUser; + group = config.users.users.leyla.name; + }; + + ester = { + uid = lib.mkForce uids.ester; + name = lib.mkForce host.users.ester.name; + description = "Ester"; + extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + isNormalUser = host.users.ester.isNormalUser; + isSystemUser = !host.users.ester.isNormalUser; + group = config.users.users.ester.name; + }; + + eve = { + uid = lib.mkForce uids.eve; + name = lib.mkForce host.users.eve.name; + description = "Eve"; + extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + isNormalUser = host.users.eve.isNormalUser; + isSystemUser = !host.users.eve.isNormalUser; + group = config.users.users.eve.name; + }; + + jellyfin = { + uid = lib.mkForce uids.jellyfin; + isSystemUser = true; + group = config.users.users.jellyfin.name; + }; + + forgejo = { + uid = lib.mkForce uids.forgejo; + isSystemUser = true; + group = config.users.users.forgejo.name; + }; + + pihole = { + uid = lib.mkForce uids.pihole; + isSystemUser = true; + group = config.users.users.pihole.name; + }; + + hass = { + uid = lib.mkForce uids.hass; + isSystemUser = true; + group = config.users.users.hass.name; + }; + + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + + nextcloud = { + uid = lib.mkForce uids.nextcloud; + isSystemUser = true; + group = config.users.users.nextcloud.name; + }; }; - jellyfin_media = { - gid = lib.mkForce gids.jellyfin_media; - members = [ - users.jellyfin.name - leyla - ester - eve - ]; - }; + groups = { + leyla = { + gid = lib.mkForce gids.leyla; + members = [ + leyla + ]; + }; - jellyfin = { - gid = lib.mkForce gids.jellyfin; - members = [ - users.jellyfin.name - # leyla - ]; - }; + ester = { + gid = lib.mkForce gids.ester; + members = [ + ester + ]; + }; - forgejo = { - gid = lib.mkForce gids.forgejo; - members = [ - users.forgejo.name - # leyla - ]; - }; + eve = { + gid = lib.mkForce gids.eve; + members = [ + eve + ]; + }; - pihole = { - gid = lib.mkForce gids.pihole; - members = [ - users.pihole.name - # leyla - ]; - }; + users = { + gid = lib.mkForce gids.users; + members = [ + leyla + ester + eve + ]; + }; - hass = { - gid = lib.mkForce gids.hass; - members = [ - users.hass.name - # leyla - ]; - }; + jellyfin_media = { + gid = lib.mkForce gids.jellyfin_media; + members = [ + users.jellyfin.name + leyla + ester + eve + ]; + }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; + jellyfin = { + gid = lib.mkForce gids.jellyfin; + members = [ + users.jellyfin.name + # leyla + ]; + }; - nextcloud = { - gid = lib.mkForce gids.nextcloud; - members = [ - users.nextcloud.name - # leyla - ]; + forgejo = { + gid = lib.mkForce gids.forgejo; + members = [ + users.forgejo.name + # leyla + ]; + }; + + pihole = { + gid = lib.mkForce gids.pihole; + members = [ + users.pihole.name + # leyla + ]; + }; + + hass = { + gid = lib.mkForce gids.hass; + members = [ + users.hass.name + # leyla + ]; + }; + + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + + nextcloud = { + gid = lib.mkForce gids.nextcloud; + members = [ + users.nextcloud.name + # leyla + ]; + }; }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatStrings (builtins.map (user: '' + zfs rollback -r rpool/local/home/${user.name}@blank + '') + normalUsers) + ); + + fileSystems.${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/run/secrets" + ]; + }; + + host.storage.pool.extraDatasets = lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = SOPS_AGE_KEY_DIRECTORY; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + } + ( + lib.mkMerge + ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/home/${user.name}"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/home/${user.name}@blank + ''; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/persist/home/${user.name}"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + }) + normalUsers + ) + ) + ]; + }) + ]; } diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index 33df3d1..afda7d4 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -67,10 +67,13 @@ in { default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; }; normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + desktopUsers = lib.mkOption { + default = lib.lists.filter (user: user.isDesktopUser) hostUsers; }; terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; }; }; diff --git a/util/default.nix b/util/default.nix index 9ddb5e8..33942a8 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + disko = inputs.disko; impermanence = inputs.impermanence; systems = [ @@ -74,6 +75,7 @@ in { sops-nix.nixosModules.sops impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager + disko.nixosModules.disko ../modules/nixos-modules ../configurations/nixos/${host} ]; From 5eea6cdb04db4bdf80e88d578d2fb2a7f6ba04a7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 17:33:50 -0600 Subject: [PATCH 386/695] made users not need to be disabled --- configurations/nixos/defiant/configuration.nix | 2 -- modules/system-modules/users.nix | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c7aec9b..3f7bcdd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -13,8 +13,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isNormalUser = false; - eve.isNormalUser = false; }; impermanence.enable = true; storage = { diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index afda7d4..fe88850 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -78,6 +78,24 @@ in { }; config = { + host.users = { + leyla = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + ester = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + eve = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + }; + assertions = ( builtins.map (user: { From 835945c925f8f3af8162976e3cd7ed3192b4f5c2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 20:06:26 -0600 Subject: [PATCH 387/695] created nfs exports --- .../nixos/defiant/configuration.nix | 29 ++++++ modules/nixos-modules/default.nix | 1 + modules/nixos-modules/server/default.nix | 5 ++ .../server/network_storage/default.nix | 90 +++++++++++++++++++ .../server/network_storage/nfs.nix | 50 +++++++++++ modules/nixos-modules/users.nix | 4 +- 6 files changed, 176 insertions(+), 3 deletions(-) create mode 100644 modules/nixos-modules/server/default.nix create mode 100644 modules/nixos-modules/server/network_storage/default.nix create mode 100644 modules/nixos-modules/server/network_storage/nfs.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3f7bcdd..3a37cbb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -38,6 +38,35 @@ # }; }; }; + network_storage = { + enable = true; + directories = [ + { + folder = "leyla"; + user = "leyla"; + group = "leyla"; + } + { + folder = "eve"; + user = "eve"; + group = "eve"; + } + { + folder = "ester"; + user = "ester"; + group = "ester"; + } + { + folder = "users"; + user = "users"; + group = "users"; + } + ]; + nfs = { + enable = true; + directories = ["leyla" "eve"]; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 9461612..4ac744a 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -10,5 +10,6 @@ ./i18n.nix ./impermanence.nix ./disko.nix + ./server ]; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix new file mode 100644 index 0000000..8fc94e5 --- /dev/null +++ b/modules/nixos-modules/server/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./network_storage + ]; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix new file mode 100644 index 0000000..11019cb --- /dev/null +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + imports = [ + ./nfs.nix + ]; + + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.string; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.string; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.string; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 root root -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + config.host.network_storage.export_directory + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix new file mode 100644 index 0000000..5ed217e --- /dev/null +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: { + options = { + host.network_storage.nfs = { + enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + directories = lib.mkOption { + type = lib.types.listOf ( + lib.types.enum ( + builtins.map ( + directory: directory.folder + ) + config.host.network_storage.directories + ) + ); + description = "list of exported directories to be exported via nfs"; + }; + }; + }; + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable); + message = "nfs cant be enabled with network storage disabled"; + } + ]; + } + ( + lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { + services.nfs.server = { + enable = true; + exports = lib.strings.concatLines ( + builtins.map ( + directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) + ); + }; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 6fe37fd..0c1e1d6 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -255,9 +255,7 @@ in { } (lib.mkIf config.host.impermanence.enable { boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatStrings (builtins.map (user: '' - zfs rollback -r rpool/local/home/${user.name}@blank - '') + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") normalUsers) ); From 3d5aad50c40728b101452e00317e02e8d14b5edb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 20:52:34 -0600 Subject: [PATCH 388/695] added port to nfs --- configurations/nixos/defiant/services.nix | 12 ------------ modules/nixos-modules/server/network_storage/nfs.nix | 8 ++++++++ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index ac1d02b..97a6711 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -6,7 +6,6 @@ ... }: let jellyfinPort = 8096; - nfsPort = 2049; dnsPort = 53; httpPort = 80; httpsPort = 443; @@ -264,16 +263,6 @@ in { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; - postgresql = { enable = true; ensureUsers = [ @@ -432,7 +421,6 @@ in { httpPort httpsPort dnsPort - nfsPort ] ++ (lib.optional isDebug [ jellyfinPort diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 5ed217e..5881310 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -6,6 +6,11 @@ options = { host.network_storage.nfs = { enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + port = lib.mkOption { + type = lib.types.int; + default = 2049; + description = "port that nfs will run on"; + }; directories = lib.mkOption { type = lib.types.listOf ( lib.types.enum ( @@ -44,6 +49,9 @@ ) ); }; + networking.firewall.allowedTCPPorts = [ + config.host.network_storage.nfs.port + ]; } ) ]; From 12658718a7df77fad3677ef04bc81385286b3d6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 21:07:46 -0600 Subject: [PATCH 389/695] removed unused file --- configurations/nixos/defiant/impermanence.nix | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 configurations/nixos/defiant/impermanence.nix diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix deleted file mode 100644 index 9339d40..0000000 --- a/configurations/nixos/defiant/impermanence.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - # fileSystems."/home/leyla".neededForBoot = true; - # fileSystems."/persist/home/leyla".neededForBoot = true; -} From 86a690a3218dd23075215f387464a0a0ec54f9e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:00:42 -0600 Subject: [PATCH 390/695] created reverse_proxy.nix --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/reverse_proxy.nix | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 modules/nixos-modules/server/reverse_proxy.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8fc94e5..3c5c55f 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./network_storage + ./reverse_proxy.nix ]; } diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix new file mode 100644 index 0000000..86db3a2 --- /dev/null +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.host.reverse_proxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + hostname = lib.mkOption { + type = lib.type.string; + description = "what host name are we going to be proxying from"; + }; + forceSSL = lib.mkOption { + type = lib.type.boolean; + description = "force connections to use https"; + default = true; + }; + enableACME = lib.mkOption { + type = lib.type.boolean; + description = "auto renew certificates"; + default = true; + }; + subdomains = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + target = lib.mkOption { + type = lib.types.string; + description = "where should this host point to"; + }; + websockets = lib.mkEnableOption "should websockets be proxied"; + }; + })); + }; + }; + + config = { + services.nginx = { + enable = config.host.reverse_proxy.enable; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { + forceSSL = config.home.reverse_proxy.forceSSL; + enableACME = config.home.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + }; +} From 4420ab6b43758e38a2f5c7bf5728630c09b5cb45 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:17:18 -0600 Subject: [PATCH 391/695] added note to reverse proxy --- modules/nixos-modules/server/reverse_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 86db3a2..664b3c3 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -32,6 +32,7 @@ }; }; + # TODO: impermanence for ACME keys config = { services.nginx = { enable = config.host.reverse_proxy.enable; From 72322b0544e280c7502f54f0f0ad81c0236d493e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:44:26 -0600 Subject: [PATCH 392/695] created jellyfin service --- configurations/nixos/defiant/services.nix | 30 ------------ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/jellyfin.nix | 60 +++++++++++++++++++++++ 3 files changed, 61 insertions(+), 30 deletions(-) create mode 100644 modules/nixos-modules/server/jellyfin.nix diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 97a6711..7ef6cde 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -69,23 +69,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that jellyfin will be hosted at"; - default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; - }; - mediaDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will be at"; - default = "/home/jellyfin"; - }; - }; forgejo = { subdomain = lib.mkOption { type = lib.types.str; @@ -194,7 +177,6 @@ in { # TODO: dynamic users systemd = { tmpfiles.rules = [ - "d ${config.apps.jellyfin.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system ]; @@ -325,10 +307,6 @@ in { }; }; - jellyfin = { - enable = true; - }; - forgejo = { enable = true; database = { @@ -387,11 +365,6 @@ in { proxyWebsockets = true; }; }; - ${config.apps.jellyfin.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString jellyfinPort}"; - }; ${config.apps.forgejo.hostname} = { # forceSSL = true; # enableACME = true; @@ -433,9 +406,6 @@ in { environment.systemPackages = [ config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg ]; }; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 3c5c55f..7e4d36b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,5 +2,6 @@ imports = [ ./network_storage ./reverse_proxy.nix + ./jellyfin.nix ]; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix new file mode 100644 index 0000000..81ad91a --- /dev/null +++ b/modules/nixos-modules/server/jellyfin.nix @@ -0,0 +1,60 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; +in { + options.host.jellyfin = { + enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + }; + + config = lib.mkIf config.host.jellyfin.enable ( + lib.mkMerge [ + { + services.jellyfin.enable = true; + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + } + (lib.mkIf config.host.impermanence.enable { + # TODO: add an assertion here that directories matches jellyfin directories + + environment.persistence."/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + "/var/lib/jellyfin" + "/var/cache/jellyfin" + ]; + }; + + host.storage.pool.extraDatasets = [ + { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + } + ]; + }) + ] + ); +} From 194287e22ab9eeebd3d45ff306f71b00e061dac8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:02:09 -0600 Subject: [PATCH 393/695] added assertion for jellyfin persistence --- modules/nixos-modules/server/jellyfin.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 81ad91a..a582eda 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -5,6 +5,8 @@ ... }: let jellyfinPort = 8096; + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -29,14 +31,23 @@ in { ]; } (lib.mkIf config.host.impermanence.enable { - # TODO: add an assertion here that directories matches jellyfin directories + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + description = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + description = "jellyfin cache directory does not match persistence"; + } + ]; environment.persistence."/persist/system/jellyfin" = { enable = true; hideMounts = true; directories = [ - "/var/lib/jellyfin" - "/var/cache/jellyfin" + jellyfin_data_directory + jellyfin_cache_directory ]; }; From 2a3501fea4f8a181066b84c636447fae7f5805ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:20:23 -0600 Subject: [PATCH 394/695] enabled jellyfin for defiant --- .../nixos/defiant/configuration.nix | 8 ++++++ modules/nixos-modules/server/jellyfin.nix | 26 +++++++++---------- .../nixos-modules/server/reverse_proxy.nix | 17 +++++++----- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3a37cbb..00100be 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,6 +67,14 @@ directories = ["leyla" "eve"]; }; }; + reverse_proxy = { + enable = true; + hostname = "jan-leila.com"; + }; + jellyfin = { + enable = true; + subdomain = "media"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a582eda..57a9cde 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -51,20 +51,20 @@ in { ]; }; - host.storage.pool.extraDatasets = [ - { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; + fileSystems."/persist/system/jellyfin".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; }; - } - ]; + }; + }; }) ] ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 664b3c3..311724b 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,16 +6,16 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.type.string; + type = lib.types.string; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { - type = lib.type.boolean; + type = lib.types.bool; description = "force connections to use https"; default = true; }; enableACME = lib.mkOption { - type = lib.type.boolean; + type = lib.types.bool; description = "auto renew certificates"; default = true; }; @@ -34,12 +34,17 @@ # TODO: impermanence for ACME keys config = { + security.acme = lib.mkIf config.host.reverse_proxy.enableACME { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + services.nginx = { enable = config.host.reverse_proxy.enable; virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { - forceSSL = config.home.reverse_proxy.forceSSL; - enableACME = config.home.reverse_proxy.enableACME; + lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; locations."/" = { proxyPass = value.target; proxyWebsockets = value.websockets; From cd60afa05452dfc214420777d5b20cfae6b1647a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:24:31 -0600 Subject: [PATCH 395/695] switched hostname --- configurations/nixos/defiant/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 00100be..d4306af 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -68,8 +68,8 @@ }; }; reverse_proxy = { - enable = true; - hostname = "jan-leila.com"; + enable = false; + hostname = "volpe.social"; }; jellyfin = { enable = true; From b0e6a17fe6d2cd67985d4cc268e76aee9aaca422 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:30:21 -0600 Subject: [PATCH 396/695] removed outdated comment --- configurations/nixos/defiant/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d4306af..1a7571f 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -30,12 +30,6 @@ cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" ]; - # extraDatasets = { - # "persist/system/var/lib/jellyfin/media" = { - # type = "zfs_fs"; - # mountpoint = "/persist/system/var/lib/jellyfin/media"; - # }; - # }; }; }; network_storage = { From 6b1eaa730850b4e166820324ce68077e3bdae93c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:53:15 -0600 Subject: [PATCH 397/695] added authorized ssh key --- modules/nixos-modules/ssh.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc..bda4e81 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,4 +1,12 @@ -{...}: { +{ + lib, + config, + ... +}: { + users.users.leyla.openssh.authorizedKeys.keys = lib.mkIf config.host.users.leyla.isTerminalUser [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + services = { openssh = { enable = true; From b6f1704af3ae8a8026b6d9b0f7f182a03cbbf8c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:40:47 -0600 Subject: [PATCH 398/695] added assertion --- modules/nixos-modules/impermanence.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index a923b82..e6e1ecc 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -5,7 +5,6 @@ }: { options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; - # TODO: validate that config.host.storage.enable is enabled config = lib.mkMerge [ { assertions = [ @@ -19,6 +18,13 @@ } ( lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.host.impermanence.enable && config.host.storage.enable; + message = "Impermanence can not be used without managed host storage."; + } + ]; + boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank 1 ''; From e54981fffc689aad3344628eeabf1d93c6e8a355 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:48:43 -0600 Subject: [PATCH 399/695] added needed for boot to user persist directories --- modules/nixos-modules/users.nix | 84 +++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 0c1e1d6..1799f81 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -259,7 +259,20 @@ in { normalUsers) ); - fileSystems.${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + fileSystems = lib.mkMerge [ + { + ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + } + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/persist/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) + ]; environment.persistence."/persist/system/root" = { enable = true; @@ -269,45 +282,44 @@ in { ]; }; - host.storage.pool.extraDatasets = lib.mkMerge [ - { - # sops age key needs to be available to pre persist for user generation - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = SOPS_AGE_KEY_DIRECTORY; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; + host.storage.pool.extraDatasets = lib.mkMerge ( + [ + { + # sops age key needs to be available to pre persist for user generation + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = SOPS_AGE_KEY_DIRECTORY; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; }; - }; - } - ( - lib.mkMerge - ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/home/${user.name}"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/${user.name}@blank - ''; + } + ] + ++ ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/home/${user.name}"; + options = { + canmount = "on"; }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/persist/home/${user.name}"; - options = { - "com.sun:auto-snapshot" = "true"; - }; + postCreateHook = '' + zfs snapshot rpool/local/home/${user.name}@blank + ''; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/persist/home/${user.name}"; + options = { + "com.sun:auto-snapshot" = "true"; }; - }) - normalUsers - ) + }; + }) + normalUsers ) - ]; + ); }) ]; } From 431efa448e48658279974b16c127377a6206c27b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:55:28 -0600 Subject: [PATCH 400/695] added host to map --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b503706..7857f3e 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ | `hesperium` | Mac | ????? | ??? | | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | +| `wolfram` | Steam Deck | House | Handheld | # Tooling ## Rebuilding From 1f19f9bf149e213fac70ea0d40b2f382fee50b9c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:59:50 -0600 Subject: [PATCH 401/695] added TODO --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1a7571f..011f00d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -100,6 +100,7 @@ # }; services = { + # TODO: move zfs scrubbing into module zfs = { autoScrub.enable = true; autoSnapshot.enable = true; From f9947cd93df4314c3f069d8c250639f041655d59 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Dec 2024 15:24:28 -0600 Subject: [PATCH 402/695] updated flake --- flake.lock | 61 +++++++++++++++---------------- flake.nix | 2 +- modules/nixos-modules/default.nix | 4 ++ 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index 83f85f8..2bf12ba 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1733354814, - "narHash": "sha256-GNtstc88gUJllOun6UFQzg7P+fDtWkajxN4kUKPLFsw=", + "lastModified": 1734895221, + "narHash": "sha256-2xcBQH/SJPeMOaGo2n5+7sylwxOHAZl3WBCpKTxYVHI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fd1cc13f297bb18b85a776060edca35b18c7a324", + "rev": "f1c1ba5caba14503c50955489564b38410ce05e2", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1733354384, - "narHash": "sha256-foZG2PLwumxYZkpXq7ajHDhuQlXaUeKfOpFfQpMviLM=", + "lastModified": 1734893333, + "narHash": "sha256-0Ft7iTkl3UWAix72teY5nflYQD7GE0KvIiT+ox4wkB8=", "owner": "nix-community", "repo": "home-manager", - "rev": "0daaded612b0e6eaed0a63fc9d0778d8f05940fe", + "rev": "1f74238a4c8e534a1b6be72cb5153043071ffd17", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734772301, + "narHash": "sha256-mQEQQzCTUlDiEw/EbblB510P/GQOmIPtKoJrqDqeGVc=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "0ab2f858dfefe73402eb53fbe6a3bad4f6702d5f", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1733351379, - "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1733277416, - "narHash": "sha256-+r1bhEqW0ACV+E8TID6FvW0/YJ+46SQ9yk6DpyHtRWg=", + "lastModified": 1734832456, + "narHash": "sha256-gyp5aVMSA83OV8kP/a1FBA6KGJqNkswUK9VdAh1hLS4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3ea774bace6ac2f8db48a1c1d59271e0209e4b96", + "rev": "c567c5f3bc53723d726f286ea94d5aebac55d4c5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1734862644, + "narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -236,16 +236,15 @@ "locked": { "lastModified": 1730665670, "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", - "ref": "main", + "ref": "refs/heads/main", "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", "revCount": 6, "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, "original": { - "ref": "main", "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" } }, "sops-nix": { @@ -255,11 +254,11 @@ ] }, "locked": { - "lastModified": 1733128155, - "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 54d1f7d..1849afc 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities secrets = { - url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; + url = "git+ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"; flake = false; }; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 4ac744a..41e0619 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,4 +12,8 @@ ./disko.nix ./server ]; + + nixpkgs.config.permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + ]; } From 14fcd3b13bf3299878f76ffda98f095612b301da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Dec 2024 14:45:51 -0600 Subject: [PATCH 403/695] remove idea community and android studio temporally --- configurations/home-manager/leyla/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 1845f65..92e29f4 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -61,8 +61,8 @@ in { anki-bin # development tools - androidStudioPackages.canary - jetbrains.idea-community + # androidStudioPackages.canary + # jetbrains.idea-community dbeaver-bin bruno qFlipper From 5139d41d176536d9e804a93ea4dbe0ae67d8d640 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Dec 2024 14:47:55 -0600 Subject: [PATCH 404/695] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 2bf12ba..4920a27 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1734895221, - "narHash": "sha256-2xcBQH/SJPeMOaGo2n5+7sylwxOHAZl3WBCpKTxYVHI=", + "lastModified": 1734943800, + "narHash": "sha256-T6tJ1fGRcVksmRqbDRsvYD3Qnw8AU3e2j0Im01twFcI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f1c1ba5caba14503c50955489564b38410ce05e2", + "rev": "2c702b4a038306dce64a90fc011c92ebabb82f63", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1734893333, - "narHash": "sha256-0Ft7iTkl3UWAix72teY5nflYQD7GE0KvIiT+ox4wkB8=", + "lastModified": 1734944412, + "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1f74238a4c8e534a1b6be72cb5153043071ffd17", + "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734772301, - "narHash": "sha256-mQEQQzCTUlDiEw/EbblB510P/GQOmIPtKoJrqDqeGVc=", + "lastModified": 1734945620, + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "owner": "nix-community", "repo": "impermanence", - "rev": "0ab2f858dfefe73402eb53fbe6a3bad4f6702d5f", + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1734832456, - "narHash": "sha256-gyp5aVMSA83OV8kP/a1FBA6KGJqNkswUK9VdAh1hLS4=", + "lastModified": 1734918633, + "narHash": "sha256-9lveBNV+g9UKBY8POH+53cRaslqnjmF2WePg/f2ojBY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c567c5f3bc53723d726f286ea94d5aebac55d4c5", + "rev": "c21a6eceed82873917324144895491603cf6d457", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734862644, - "narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { From 46c6ffce547dc687b3a55b9d788e0fc1a7786a55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 13:52:29 -0600 Subject: [PATCH 405/695] updated flake --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 4920a27..4500044 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1734701201, - "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", + "lastModified": 1735048446, + "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", "owner": "nix-community", "repo": "disko", - "rev": "2ee76c861af3b895b3b104bae04777b61397485b", + "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1734943800, - "narHash": "sha256-T6tJ1fGRcVksmRqbDRsvYD3Qnw8AU3e2j0Im01twFcI=", + "lastModified": 1735054826, + "narHash": "sha256-n1x41VFZFeG144KS1tu7R2qpXlS3kk7iguGO8B1uIuE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "2c702b4a038306dce64a90fc011c92ebabb82f63", + "rev": "d558686ba23132b3e98329952023d31bb5f7289c", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1734944412, - "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", + "lastModified": 1735053786, + "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", "owner": "nix-community", "repo": "home-manager", - "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", + "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1734918633, - "narHash": "sha256-9lveBNV+g9UKBY8POH+53cRaslqnjmF2WePg/f2ojBY=", + "lastModified": 1735004869, + "narHash": "sha256-b92HYukQ0xnCvtfygUh7TMqzBj/mSvfYlQ4Px+V3y5I=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c21a6eceed82873917324144895491603cf6d457", + "rev": "86abacab7bbf83c0179e0a9b9274be762ef0fc1a", "type": "github" }, "original": { From 4eacddfce17405078e1c897e4726cf1b55d87237 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:00:08 -0600 Subject: [PATCH 406/695] fixed home manager on horizon --- configurations/home-manager/leyla/impermanence.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index c5f228f..4a24310 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,5 +1,9 @@ -{...}: { - home.persistence."/persistent/home/leyla" = { +{ + lib, + osConfig, + ... +}: { + home.persistence."/persist/home/leyla" = lib.mkIf osConfig.host.impermanence.enable { directories = [ "desktop" "downloads" From e8a1562eae022a9b357fe2262ee0a49db01a2439 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:05:17 -0600 Subject: [PATCH 407/695] installed tor --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 92e29f4..ebe9787 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -51,6 +51,7 @@ in { # rpi-imager # fritzing mfoc + tor # proprietary platforms discord From d760992a06fc9c756a533c8566cf1e14892d09b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:55:49 -0600 Subject: [PATCH 408/695] switched to tor-browser package --- configurations/home-manager/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index ebe9787..2c2ae4b 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -51,7 +51,7 @@ in { # rpi-imager # fritzing mfoc - tor + tor-browser # proprietary platforms discord From 2d5e37b1eb9fc72e0c13f2b0c14fca42c433514e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 16:01:37 -0600 Subject: [PATCH 409/695] moved openssh config into home manager configs --- configurations/home-manager/leyla/default.nix | 4 ++++ modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/openssh.nix | 8 ++++++++ modules/nixos-modules/home-manager/default.nix | 1 + modules/nixos-modules/home-manager/openssh.nix | 11 +++++++++++ modules/nixos-modules/ssh.nix | 10 +--------- 6 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 modules/home-manager-modules/openssh.nix create mode 100644 modules/nixos-modules/home-manager/openssh.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 48d38db..8b41e3a 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -105,6 +105,10 @@ }; }; bash.enable = true; + + openssh.authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; }; dconf = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 9fb37f2..ef9bf0a 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -3,5 +3,6 @@ imports = [ ./flipperzero.nix ./i18n.nix + ./openssh.nix ]; } diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix new file mode 100644 index 0000000..ef4f11f --- /dev/null +++ b/modules/home-manager-modules/openssh.nix @@ -0,0 +1,8 @@ +{lib, ...}: { + options.programs = { + openssh.authorizedKeys = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; + }; +} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index 3848e1b..cab004b 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -3,5 +3,6 @@ imports = [ ./flipperzero.nix ./i18n.nix + ./openssh.nix ]; } diff --git a/modules/nixos-modules/home-manager/openssh.nix b/modules/nixos-modules/home-manager/openssh.nix new file mode 100644 index 0000000..31a785f --- /dev/null +++ b/modules/nixos-modules/home-manager/openssh.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + ... +}: { + users.users = + lib.attrsets.mapAttrs (name: value: { + openssh.authorizedKeys.keys = value.programs.openssh.authorizedKeys; + }) + config.home-manager.users; +} diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index bda4e81..0360cfc 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,12 +1,4 @@ -{ - lib, - config, - ... -}: { - users.users.leyla.openssh.authorizedKeys.keys = lib.mkIf config.host.users.leyla.isTerminalUser [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - ]; - +{...}: { services = { openssh = { enable = true; From 48dc0b11509af39e020e7f1a155049d287c8d2a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Dec 2024 18:21:10 -0600 Subject: [PATCH 410/695] made impermanence config work slightly better --- .../nixos/defiant/configuration.nix | 4 +- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/impermanence.nix | 10 +++++ modules/nixos-modules/impermanence.nix | 16 +++++--- .../server/network_storage/default.nix | 10 ++--- .../nixos-modules/server/reverse_proxy.nix | 4 +- modules/nixos-modules/ssh.nix | 37 +++++++++++++------ modules/nixos-modules/users.nix | 9 +++++ 8 files changed, 66 insertions(+), 25 deletions(-) create mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 011f00d..bb5f450 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -52,13 +52,13 @@ } { folder = "users"; - user = "users"; + user = "root"; group = "users"; } ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla" "eve" "ester"]; }; }; reverse_proxy = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a..22736d2 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 0000000..4768b7e --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,10 @@ +{config, ...}: { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e6e1ecc..a187226 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -26,12 +26,13 @@ ]; boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - 1 ''; + zfs rollback -r rpool/local/system/root@blank + ''; fileSystems = { "/".neededForBoot = true; "/persist/system/root".neededForBoot = true; + "/persist/system/var/log".neededForBoot = true; }; host.storage.pool.extraDatasets = { @@ -81,13 +82,18 @@ }; }; + environment.persistence."/persist/system/var/log" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + ]; + }; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - "/etc/ssh" - - "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 11019cb..fecc05f 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -21,7 +21,7 @@ in { type = lib.types.listOf (lib.types.submodule ({config, ...}: { options = { folder = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what is the name of this export directory"; }; bind = lib.mkOption { @@ -30,12 +30,12 @@ in { default = null; }; user = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what user owns this directory"; default = "nouser"; }; group = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what group owns this directory"; default = "nogroup"; }; @@ -57,11 +57,11 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2770 root root -" ] ++ ( builtins.map ( - directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" ) config.host.network_storage.directories ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 311724b..7eecdd0 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,7 +6,7 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { @@ -23,7 +23,7 @@ type = lib.types.attrsOf (lib.types.submodule ({...}: { options = { target = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc..17593aa 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,13 +1,28 @@ -{...}: { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; +{ + lib, + config, + ... +}: { + config = lib.mkMerge [ + { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + directories = [ + "/etc/ssh" + ]; + }; + }) + ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 1799f81..e2a8074 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -272,6 +272,15 @@ in { normalUsers ) ) + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) ]; environment.persistence."/persist/system/root" = { From 7127b9f9e8815100af86b00fe2126313b35beb28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 26 Dec 2024 23:05:23 -0600 Subject: [PATCH 411/695] updated packages --- flake.lock | 18 +++++++-------- modules/home-manager-modules/impermanence.nix | 23 ++++++++++++------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 4500044..44359f8 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735054826, - "narHash": "sha256-n1x41VFZFeG144KS1tu7R2qpXlS3kk7iguGO8B1uIuE=", + "lastModified": 1735202720, + "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", "owner": "rycee", "repo": "nur-expressions", - "rev": "d558686ba23132b3e98329952023d31bb5f7289c", + "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", "type": "gitlab" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1733570843, - "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", + "lastModified": 1735218083, + "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a35b08d09efda83625bef267eb24347b446c80b8", + "rev": "bc03f7818771a75716966ce8c23110b715eff2aa", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735004869, - "narHash": "sha256-b92HYukQ0xnCvtfygUh7TMqzBj/mSvfYlQ4Px+V3y5I=", + "lastModified": 1735264033, + "narHash": "sha256-ss9vVSK9M2o8hW4nFs+GuVxsrIZ8X3zxQfeWhEKgMT0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "86abacab7bbf83c0179e0a9b9274be762ef0fc1a", + "rev": "b5223dca0334d671787531a204bdba7717b48a72", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 4768b7e..a48fe9d 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -1,10 +1,17 @@ -{config, ...}: { - home.persistence."/persistent/home/${config.home.username}" = { - directories = [ - ".ssh" - "desktop" - "downloads" - "documents" - ]; +{ + lib, + config, + osConfig, + ... +}: { + config = lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; }; } From a43b14a9fa171894e7e6437c2fcd7e813d08f83f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 27 Dec 2024 17:29:51 -0600 Subject: [PATCH 412/695] installed adb on horizon --- configurations/nixos/horizon/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 2d16c74..787df3d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -27,6 +27,8 @@ {}) ]; + programs.adb.enable = true; + # enabled virtualisation for docker # virtualisation.docker = { # enable = true; From 21eea779db5d3ace7129bba078df0bae2aedc90e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Dec 2024 15:57:07 -0600 Subject: [PATCH 413/695] added task to README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7857f3e..2097d8c 100644 --- a/README.md +++ b/README.md @@ -57,4 +57,5 @@ - tail scale clients - wake on LAN - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich \ No newline at end of file +- Immich +- Syncthing declarative set up for devices https://nixos.wiki/wiki/Syncthing \ No newline at end of file From 905c4e73b244b3afa563078edef8631ce6f588a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 20:05:52 -0600 Subject: [PATCH 414/695] added syncthing --- README.md | 5 +- .../nixos/horizon/configuration.nix | 10 +++ modules/nixos-modules/default.nix | 1 + modules/nixos-modules/sync.nix | 87 +++++++++++++++++++ modules/nixos-modules/users.nix | 18 ++++ 5 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/sync.nix diff --git a/README.md b/README.md index 2097d8c..2f7b5df 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | | `wolfram` | Steam Deck | House | Handheld | +| `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | +| `skate` | A4 Tablet (not using nix) | Leyla | Tablet | # Tooling ## Rebuilding @@ -57,5 +59,4 @@ - tail scale clients - wake on LAN - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich -- Syncthing declarative set up for devices https://nixos.wiki/wiki/Syncthing \ No newline at end of file +- Immich \ No newline at end of file diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 787df3d..bc96142 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,6 +19,16 @@ ester.isDesktopUser = true; eve.isDesktopUser = true; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; environment.systemPackages = [ diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 41e0619..63b2757 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,6 +8,7 @@ ./desktop.nix ./ssh.nix ./i18n.nix + ./sync.nix ./impermanence.nix ./disko.nix ./server diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix new file mode 100644 index 0000000..532038e --- /dev/null +++ b/modules/nixos-modules/sync.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + ... +}: let + mountDir = "/mnt/sync"; +in { + options.host.sync = { + enable = lib.mkEnableOption "should sync thing be enabled on this device"; + folders = { + leyla = { + documents = { + enable = lib.mkEnableOption "should the documents folder be synced"; + }; + calendar = { + enable = lib.mkEnableOption "should the calendar folder be synced"; + }; + notes = { + enable = lib.mkEnableOption "should the notes folder by synced"; + }; + }; + extraFolders = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + path = lib.mkOption { + type = lib.types.str; + }; + devices = lib.mkOption { + type = lib.types.listof lib.types.str; + }; + }; + })); + default = {}; + }; + }; + }; + + config = { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "d ${mountDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" + ]; + }; + services.syncthing = { + enable = config.host.sync.enable; + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = "/etc/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + }; + }; + folders = lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "/mnt/sync/leyla/documents"; + devices = ["ceder"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "/mnt/sync/leyla/calendar"; + devices = ["ceder"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "/mnt/sync/leyla/notes"; + devices = ["ceder"]; + }; + }) + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e2a8074..af7dcb2 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -22,6 +22,7 @@ hass = 2004; headscale = 2005; nextcloud = 2006; + syncthing = 2007; }; gids = { @@ -36,6 +37,7 @@ hass = 2004; headscale = 2005; nextcloud = 2006; + syncthing = 2007; }; users = config.users.users; @@ -160,6 +162,12 @@ in { isSystemUser = true; group = config.users.users.nextcloud.name; }; + + syncthing = { + uid = lib.mkForce uids.syncthing; + isSystemUser = true; + group = config.users.users.syncthing.name; + }; }; groups = { @@ -250,6 +258,16 @@ in { # leyla ]; }; + + syncthing = { + gid = lib.mkForce gids.syncthing; + members = [ + users.syncthing.name + leyla + ester + eve + ]; + }; }; }; } From dd9ca10ae44e9ca8eefdcf70c51cbc72476f11ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 20:08:44 -0600 Subject: [PATCH 415/695] updated README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f7b5df..c39c360 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,8 @@ | `threshold` | Laptop | Eve | Laptop | | `wolfram` | Steam Deck | House | Handheld | | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | -| `skate` | A4 Tablet (not using nix) | Leyla | Tablet | +| `skate` | A6 Tablet (not using nix) | Leyla | Tablet | +| `shale` | A6 Tablet (not using nix) | Eve | Tablet | # Tooling ## Rebuilding From 15e0c1b6c4277ccfe33af1a9be716d6142a1f159 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 22:05:58 -0600 Subject: [PATCH 416/695] switched to anki from anki-bin --- configurations/home-manager/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 2c2ae4b..836a22b 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -59,7 +59,7 @@ in { steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - anki-bin + anki # development tools # androidStudioPackages.canary From 22b40edb241063ce182629b4aa1f9ef34168c185 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 17:02:46 -0600 Subject: [PATCH 417/695] fixed SSH on defiant --- modules/nixos-modules/ssh.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 17593aa..69bd185 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -19,8 +19,11 @@ } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { - directories = [ - "/etc/ssh" + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" ]; }; }) From 5abc647d98421d3bb2338e22adbf6ee01e75cf0c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:19:32 -0600 Subject: [PATCH 418/695] fixed home manager with impermanence --- .../home-manager/leyla/impermanence.nix | 32 ++++++++----------- modules/home-manager-modules/default.nix | 1 - modules/home-manager-modules/impermanence.nix | 17 ---------- modules/nixos-modules/users.nix | 8 +++++ 4 files changed, 22 insertions(+), 36 deletions(-) delete mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 4a24310..ddb2f42 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -3,23 +3,19 @@ osConfig, ... }: { - home.persistence."/persist/home/leyla" = lib.mkIf osConfig.host.impermanence.enable { - directories = [ - "desktop" - "downloads" - "documents" - ".ssh" - ".nixops" - ".local/share/keyrings" - ".local/share/direnv" - { - directory = ".local/share/Steam"; - method = "symlink"; - } - ]; - # files = [ - # ".screenrc" - # ]; - allowOther = true; + config = lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist/home/leyla" = { + directories = [ + "desktop" + "downloads" + "documents" + ".ssh" + ".config/gnome-initial-setup-done" + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; + }; }; } diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 22736d2..ef9bf0a 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,6 +4,5 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix deleted file mode 100644 index a48fe9d..0000000 --- a/modules/home-manager-modules/impermanence.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - config = lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persistent/home/${config.home.username}" = { - directories = [ - ".ssh" - "desktop" - "downloads" - "documents" - ]; - }; - }; -} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index af7dcb2..efd39f3 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -277,6 +277,14 @@ in { normalUsers) ); + systemd = { + tmpfiles.rules = + builtins.map ( + user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + ) + normalUsers; + }; + fileSystems = lib.mkMerge [ { ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; From 7a4c2a2b8d73e857fe2aa996929f54792a6c5347 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:23:13 -0600 Subject: [PATCH 419/695] updated README.md --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index c39c360..3ba68b2 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ # Tasks: ## Tech Debt -- join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in `defiant/services.nix` into their own modules ## New Features @@ -56,8 +55,7 @@ - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- mastodon server - tail scale clients -- wake on LAN +- wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich \ No newline at end of file From 8e946972246aa78e9897afba938ea7cd2f5bfc7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:24:08 -0600 Subject: [PATCH 420/695] added task to README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba68b2..1111fe8 100644 --- a/README.md +++ b/README.md @@ -58,4 +58,5 @@ - tail scale clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich \ No newline at end of file +- Immich +- zfs encryption FIDO2 2fa \ No newline at end of file From ee5b794113d36bbd0ea0d18db05167d91d207e6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:25:27 -0600 Subject: [PATCH 421/695] removed sections from research topics --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 1111fe8..3f47f61 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ `sops -c sops secrets/secrets_file_here.yaml` ## Inspecting a configuration -`nix-inspect -p .` +`./inspect.sh` # Notes: @@ -37,9 +37,7 @@ - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -- Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ -- this guy might have a working zfs disko impermanence system - https://github.com/djacu/nixos-config/blob/main/hosts/adalon/disko-config.nix # Tasks: From 1ee9b9a87d461af9c89bba6d78811e1d1a4b87c5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:26:38 -0600 Subject: [PATCH 422/695] added back inspect command --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3f47f61..6843275 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ `sops -c sops secrets/secrets_file_here.yaml` ## Inspecting a configuration -`./inspect.sh` +`nix-inspect -p .` # Notes: From 46edb7363d64c5dfe8c2c1daf646312c23e03bcb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 20:01:44 -0600 Subject: [PATCH 423/695] disabled sleeping on defiant --- configurations/nixos/defiant/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index bb5f450..c1a18c7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -125,6 +125,14 @@ }; }; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave From c523e6075b1778243952126dc25dbc6d2a9f7067 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 20:03:01 -0600 Subject: [PATCH 424/695] added scrubbing and aut snapshot to defiant --- modules/nixos-modules/disko.nix | 5 +++++ modules/nixos-modules/impermanence.nix | 10 +++++++--- modules/nixos-modules/users.nix | 3 --- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index b65538d..f95edcf 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; config = lib.mkIf config.host.storage.enable { + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + disko.devices = { disk = ( builtins.listToAttrs ( diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index a187226..66139ce 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -67,18 +67,22 @@ "persist" = { type = "zfs_fs"; options.canmount = "off"; + options = { + "com.sun:auto-snapshot" = "true"; + }; }; # this is where root data actually lives "persist/system/root" = { type = "zfs_fs"; mountpoint = "/persist/system/root"; - options = { - "com.sun:auto-snapshot" = "true"; - }; }; "persist/system/var/log" = { type = "zfs_fs"; mountpoint = "/persist/system/var/log"; + # logs should be append only so we shouldn't need to snapshot them + options = { + "com.sun:auto-snapshot" = "false"; + }; }; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index efd39f3..704413a 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -347,9 +347,6 @@ in { "persist/home/${user.name}" = { type = "zfs_fs"; mountpoint = "/persist/home/${user.name}"; - options = { - "com.sun:auto-snapshot" = "true"; - }; }; }) normalUsers From 1a072188c9efdb10082bc14dd239fd80ee16fc00 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:41:39 -0600 Subject: [PATCH 425/695] added device to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6843275..b348b03 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | | `skate` | A6 Tablet (not using nix) | Leyla | Tablet | | `shale` | A6 Tablet (not using nix) | Eve | Tablet | +| `coven` | Pixel 8 (not using nix) | Leyla | Android | # Tooling ## Rebuilding From afa04e1080e6d63be91f9e60495f612847120add Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:43:17 -0600 Subject: [PATCH 426/695] disabled gdm auto suspend --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c1a18c7..724f86e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -132,6 +132,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; + services.xserver.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 6d2850e78f93b93d110d4804afdcf94f4c9e4be9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:46:50 -0600 Subject: [PATCH 427/695] added postgres service --- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/postgres.nix | 86 +++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 modules/nixos-modules/server/postgres.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7e4d36b..9f06565 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -3,5 +3,6 @@ ./network_storage ./reverse_proxy.nix ./jellyfin.nix + ./postgres.nix ]; } diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix new file mode 100644 index 0000000..2aae5fa --- /dev/null +++ b/modules/nixos-modules/server/postgres.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + ... +}: { + options = { + host.postgres = { + enable = lib.mkEnableOption "enable postgres"; + extraAdminUsers = lib.mkOption { + type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + }; + }); + default = {}; + }; + extraDatabaseUsers = lib.mkOption { + type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + }; + }); + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.postgres.enable { + services = { + postgresql = { + enable = true; + ensureUsers = + [ + { + name = "postgres"; + } + ] + + (lib.attrsets.mapAttrsToList (user: { + name = user.name; + ensureDBOwnership = true; + }) + config.host.postgres.extraDatabaseUsers); + ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map + ''; + }; + }; + }; +} From 6a5c7773fd4bb734d429b7919c92bc7f8f93ec0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:55:07 -0600 Subject: [PATCH 428/695] added taask to TODO --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b348b03..6d5119d 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in `defiant/services.nix` into their own modules +- syncthing password ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From fe1f2adf9f1aedc9d9b54ff4d3b4621e7be1e28d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 16:09:43 -0600 Subject: [PATCH 429/695] added files to persistence --- configurations/home-manager/leyla/impermanence.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ddb2f42..3f85d14 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -10,12 +10,15 @@ "downloads" "documents" ".ssh" - ".config/gnome-initial-setup-done" { directory = ".local/share/Steam"; method = "symlink"; } ]; + files = [ + ".config/gnome-initial-setup-done" # gnome welcome message + ".local/share/recently-used.xbel" # gnome recently viewed files + ]; }; }; } From 9ecba48dcf302a1e564165bb731fd1dd1c916e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 16:21:44 -0600 Subject: [PATCH 430/695] created forgejo service --- modules/nixos-modules/server/forgejo.nix | 36 ++++++++ modules/nixos-modules/server/postgres.nix | 102 +++++++++++++--------- 2 files changed, 97 insertions(+), 41 deletions(-) create mode 100644 modules/nixos-modules/server/forgejo.nix diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix new file mode 100644 index 0000000..96b9aeb --- /dev/null +++ b/modules/nixos-modules/server/forgejo.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + forgejoPort = 8081; +in { + options.host.forgejo = { + enable = lib.mkEnableOption "should forgejo be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + + config = + lib.mkIf config.host.forgejo.enable + { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 2aae5fa..d22be17 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -3,7 +3,9 @@ lib, pkgs, ... -}: { +}: let + dataDir = "/var/lib/postgresql/15"; +in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; @@ -40,47 +42,65 @@ }; }; - config = lib.mkIf config.host.postgres.enable { - services = { - postgresql = { - enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; - identMap = - '' - # ArbitraryMapName systemUser DBUser + config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ + { + services = { + postgresql = { + enable = true; + ensureUsers = + [ + { + name = "postgres"; + } + ] + + (lib.attrsets.mapAttrsToList (user: { + name = user.name; + ensureDBOwnership = true; + }) + config.host.postgres.extraDatabaseUsers); + ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + identMap = + '' + # ArbitraryMapName systemUser DBUser - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) - ) - + '' + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + ) + + '' - # Client Users - '' - + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map - ''; + # Client Users + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map + ''; + }; }; - }; - }; + } + + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + description = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + dataDir + ]; + }; + }) + ]); } From 8f59f8aecaf9452c950ebc98d7c1099db2c9b22c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:22:05 -0600 Subject: [PATCH 431/695] fixed postgres config for forgejo --- .../nixos/defiant/configuration.nix | 4 ++ modules/nixos-modules/server/default.nix | 3 +- modules/nixos-modules/server/forgejo.nix | 37 ++++++++---- modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/postgres.nix | 59 +++++++------------ 5 files changed, 55 insertions(+), 52 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 724f86e..668e10a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -69,6 +69,10 @@ enable = true; subdomain = "media"; }; + forgejo = { + enable = true; + subdomain = "git"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9f06565..65d79d9 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,7 +2,8 @@ imports = [ ./network_storage ./reverse_proxy.nix - ./jellyfin.nix ./postgres.nix + ./jellyfin.nix + ./forgejo.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 96b9aeb..7ed3312 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -17,20 +17,33 @@ in { config = lib.mkIf config.host.forgejo.enable { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; + host = { + reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + postgres = { + enable = true; + extraUsers = { + forgejo = { + isClient = true; + }; + }; }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; + + services.forgejo = { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 57a9cde..d6e3fe8 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -34,11 +34,11 @@ in { assertions = [ { assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - description = "jellyfin data directory does not match persistence"; + message = "jellyfin data directory does not match persistence"; } { assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - description = "jellyfin cache directory does not match persistence"; + message = "jellyfin cache directory does not match persistence"; } ]; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index d22be17..fde5c97 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -5,38 +5,29 @@ ... }: let dataDir = "/var/lib/postgresql/15"; + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; - extraAdminUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { name = lib.mkOption { type = lib.types.str; default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; }; }; - }); - default = {}; - }; - extraDatabaseUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - }; - }); + })); default = {}; }; }; @@ -47,18 +38,12 @@ in { services = { postgresql = { enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + package = pkgs.postgresql_15; + ensureUsers = [ + { + name = "postgres"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -68,14 +53,14 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' @@ -91,7 +76,7 @@ in { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; - description = "postgres data directory does not match persistence"; + message = "postgres data directory does not match persistence"; } ]; environment.persistence."/persist/system/root" = { From 2742eea9c536f3a7b95353206ea61660b07f5d27 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:25:39 -0600 Subject: [PATCH 432/695] added forgejo state dir to persist --- modules/nixos-modules/server/forgejo.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 7ed3312..3c5b5fa 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -4,6 +4,7 @@ ... }: let forgejoPort = 8081; + stateDir = "/var/lib/forgejo"; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; @@ -14,8 +15,7 @@ in { }; }; - config = - lib.mkIf config.host.forgejo.enable + config = lib.mkIf config.host.forgejo.enable (lib.mkMerge [ { host = { reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { @@ -45,5 +45,21 @@ in { }; }; }; - }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + stateDir + ]; + }; + }) + ]); } From 5a04603c85d3f85c01b065d2a37d0c7f5ea69778 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:58:13 -0600 Subject: [PATCH 433/695] removed replaced code from service.nix --- configurations/nixos/defiant/services.nix | 68 ----------------------- 1 file changed, 68 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 7ef6cde..6b42717 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -69,18 +69,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that forgejo will be hosted at"; - default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; - }; - }; home-assistant = { subdomain = lib.mkOption { type = lib.types.str; @@ -244,47 +232,6 @@ in { services = { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; - - postgresql = { - enable = true; - ensureUsers = [ - { - name = "postgres"; - } - { - name = "forgejo"; - ensureDBOwnership = true; - } - { - name = "headscale"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ - "forgejo" - "headscale" - # "nextcloud" - ]; - identMap = '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map postgres postgres - superuser_map root postgres - superuser_map leyla postgres - - # Client Users - superuser_map forgejo forgejo - superuser_map headscale headscale - ''; - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map - ''; - }; - headscale = { enable = true; user = "headscale"; @@ -307,21 +254,6 @@ in { }; }; - forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.apps.forgejo.hostname; - HTTP_PORT = 8081; - }; - }; - }; - home-assistant = { enable = true; config.http = { From 1824bc8cc9a3d4fc549a0f7eec94632f6e6754fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:13:10 -0600 Subject: [PATCH 434/695] added searx service --- .../nixos/defiant/configuration.nix | 4 ++ configurations/nixos/defiant/services.nix | 32 --------------- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/searx.nix | 40 +++++++++++++++++++ 4 files changed, 45 insertions(+), 32 deletions(-) create mode 100644 modules/nixos-modules/server/searx.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 668e10a..5ebea98 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -73,6 +73,10 @@ enable = true; subdomain = "git"; }; + searx = { + enable = true; + subdomain = "search"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 6b42717..f98e680 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -81,18 +81,6 @@ in { default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; - searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "search"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that searx will be hosted at"; - default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -113,9 +101,6 @@ in { "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; "services/nextcloud_adminpass" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; owner = config.users.users.nextcloud.name; @@ -265,17 +250,6 @@ in { }; }; - searx = { - enable = true; - environmentFile = config.sops.secrets."services/searx".path; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - }; - }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres nextcloud = { enable = true; @@ -307,11 +281,6 @@ in { # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; - ${config.apps.searx.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; }; }; }; @@ -333,7 +302,6 @@ in { config.services.forgejo.settings.server.HTTP_PORT config.services.home-assistant.config.http.server_port config.services.postgresql.settings.port - config.services.searx.settings.server.port ]); environment.systemPackages = [ diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 65d79d9..c38d60c 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -5,5 +5,6 @@ ./postgres.nix ./jellyfin.nix ./forgejo.nix + ./searx.nix ]; } diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix new file mode 100644 index 0000000..5af4c57 --- /dev/null +++ b/modules/nixos-modules/server/searx.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + inputs, + ... +}: { + options.host.searx = { + enable = lib.mkEnableOption "should searx be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + + config = lib.mkIf config.host.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + host = { + reverse_proxy.subdomains.${config.host.searx.subdomain} = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; + }; + services = { + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + }; + }; +} From a4e308650fe81c2197aa2718102ab91efb71bc04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:22:05 -0600 Subject: [PATCH 435/695] created home assistant service --- .../nixos/defiant/configuration.nix | 4 ++ configurations/nixos/defiant/services.nix | 21 -------- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 51 +++++++++++++++++++ 4 files changed, 56 insertions(+), 21 deletions(-) create mode 100644 modules/nixos-modules/server/home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5ebea98..f366a60 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -77,6 +77,10 @@ enable = true; subdomain = "search"; }; + home-assistant = { + enable = true; + subdomain = "home"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index f98e680..0a6bb46 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -239,17 +239,6 @@ in { }; }; - home-assistant = { - enable = true; - config.http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres nextcloud = { enable = true; @@ -271,16 +260,6 @@ in { proxyWebsockets = true; }; }; - ${config.apps.forgejo.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - }; - ${config.apps.home-assistant.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - }; }; }; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index c38d60c..38516d8 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -6,5 +6,6 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix + ./home-assistant.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix new file mode 100644 index 0000000..27b6a55 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant.nix @@ -0,0 +1,51 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in { + options.host.home-assistant = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; + + config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + enable = true; + config.http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + }; + host = { + reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + configDir + ]; + }; + }) + ]); +} From e97061ab64d8996a5e5622f65f72dcc01a4a6774 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:34:53 -0600 Subject: [PATCH 436/695] added groups and users to impermanence directories --- modules/nixos-modules/server/forgejo.nix | 6 +++++- modules/nixos-modules/server/home-assistant.nix | 6 +++++- modules/nixos-modules/server/jellyfin.nix | 12 ++++++++++-- modules/nixos-modules/server/postgres.nix | 6 +++++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 3c5b5fa..fa8ebb6 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -57,7 +57,11 @@ in { enable = true; hideMounts = true; directories = [ - stateDir + { + directory = stateDir; + user = "forgejo"; + group = "forgejo"; + } ]; }; }) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 27b6a55..ba6d81f 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -43,7 +43,11 @@ in { enable = true; hideMounts = true; directories = [ - configDir + { + directory = configDir; + user = "hass"; + group = "hass"; + } ]; }; }) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index d6e3fe8..6d6874a 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -46,8 +46,16 @@ in { enable = true; hideMounts = true; directories = [ - jellyfin_data_directory - jellyfin_cache_directory + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } ]; }; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index fde5c97..252e488 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -83,7 +83,11 @@ in { enable = true; hideMounts = true; directories = [ - dataDir + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } ]; }; }) From e6852cc537fd2905b0768d9c07588edd4204e973 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 19:31:39 -0600 Subject: [PATCH 437/695] fixed searx secrets not loading --- modules/nixos-modules/users.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 704413a..c3a316e 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -309,14 +309,6 @@ in { ) ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/run/secrets" - ]; - }; - host.storage.pool.extraDatasets = lib.mkMerge ( [ { From b02bd1a5e2d89e219174fcd13c8ca5e325e31bbb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 21:39:39 -0600 Subject: [PATCH 438/695] created config for pihole --- .../nixos/defiant/configuration.nix | 11 ++ configurations/nixos/defiant/services.nix | 129 ------------------ modules/nixos-modules/server/default.nix | 2 + modules/nixos-modules/server/pihole.nix | 98 +++++++++++++ modules/nixos-modules/server/podman.nix | 74 ++++++++++ 5 files changed, 185 insertions(+), 129 deletions(-) create mode 100644 modules/nixos-modules/server/pihole.nix create mode 100644 modules/nixos-modules/server/podman.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f366a60..e86dbc4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -81,6 +81,17 @@ enable = true; subdomain = "home"; }; + pihole = { + enable = true; + ip = "192.168.1.201"; + }; + podman = { + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 0a6bb46..2774a1d 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -18,45 +18,6 @@ in { base_domain = lib.mkOption { type = lib.types.str; }; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - pihole = { - image = lib.mkOption { - type = lib.types.str; - description = "container image to use for pi-hole"; - }; - # TODO: check against subnet for macvlan - ip = lib.mkOption { - type = lib.types.str; - description = "ip address to use for pi-hole"; - }; - directory = { - root = lib.mkOption { - type = lib.types.str; - description = "directory that pihole will be hosted at"; - default = "/var/lib/pihole"; - }; - data = lib.mkOption { - type = lib.types.str; - description = "directory that pihole data will be hosted at"; - default = "${config.apps.pihole.directory.root}/data"; - }; - }; - }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -98,94 +59,14 @@ in { config = { sops.secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; "services/nextcloud_adminpass" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; owner = config.users.users.nextcloud.name; }; }; - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; - }; - - oci-containers = { - backend = "podman"; - - containers = { - pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.apps.pihole.image; - volumes = [ - "${config.apps.pihole.directory.data}:/etc/pihole:rw" - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = "America/Chicago"; - WEBPASSWORD_FILE = passwordFileLocation; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; - }; - log-driver = "journald"; - extraOptions = [ - "--ip=${config.apps.pihole.ip}" - "--network=macvlan" - ]; - }; - }; - }; - }; - - # TODO: dynamic users systemd = { - tmpfiles.rules = [ - "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system - "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system - ]; - services = { - "podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - after = [ - "podman-network-macvlan.service" - ]; - requires = [ - "podman-network-macvlan.service" - ]; - partOf = [ - "podman-compose-root.target" - ]; - wantedBy = [ - "podman-compose-root.target" - ]; - }; - - "podman-network-macvlan" = { - path = [pkgs.podman]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f macvlan"; - }; - script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan - ''; - partOf = ["podman-compose-root.target"]; - wantedBy = ["podman-compose-root.target"]; - }; # nextcloud-setup = { # after = ["network.target"]; # }; @@ -201,16 +82,6 @@ in { suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; }; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 38516d8..dd19cfd 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -3,9 +3,11 @@ ./network_storage ./reverse_proxy.nix ./postgres.nix + ./podman.nix ./jellyfin.nix ./forgejo.nix ./searx.nix ./home-assistant.nix + ./pihole.nix ]; } diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix new file mode 100644 index 0000000..df86b97 --- /dev/null +++ b/modules/nixos-modules/server/pihole.nix @@ -0,0 +1,98 @@ +{ + lib, + config, + inputs, + ... +}: { + options.host.pihole = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + directory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/pihole"; + }; + image = lib.mkOption { + type = lib.types.str; + default = "pihole/pihole:2024.07.0"; + description = "container image to use for pi-hole"; + }; + ip = lib.mkOption { + type = lib.types.str; + description = "ip address to use for pi-hole"; + }; + }; + config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ + { + host.podman.enable = true; + sops.secrets = { + "services/pi-hole" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + systemd = { + tmpfiles.rules = [ + "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system + ]; + + services = { + "podman-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-macvlan.service" + ]; + requires = [ + "podman-network-macvlan.service" + ]; + partOf = [ + "podman-compose-root.target" + ]; + wantedBy = [ + "podman-compose-root.target" + ]; + }; + }; + }; + + virtualisation = { + oci-containers = { + containers = { + pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.host.pihole.image; + volumes = [ + "${config.host.pihole.directory}:/etc/pihole:rw" + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = "America/Chicago"; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.host.pihole.ip}" + "--network=macvlan" + ]; + }; + }; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.host.pihole.directory; + user = "pihole"; + group = "pihole"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix new file mode 100644 index 0000000..0f48ac9 --- /dev/null +++ b/modules/nixos-modules/server/podman.nix @@ -0,0 +1,74 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.host.podman = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + macvlan = { + subnet = lib.mkOption { + type = lib.types.str; + description = "Subnet for macvlan address range"; + }; + gateway = lib.mkOption { + type = lib.types.str; + description = "Gateway for macvlan"; + # TODO: see if we can default this to systemd network gateway + }; + networkInterface = lib.mkOption { + type = lib.types.str; + description = "Parent network interface for macvlan"; + # TODO: see if we can default this some interface? + }; + }; + }; + config = lib.mkIf config.host.podman.enable { + systemd = { + services = { + "podman-network-macvlan" = { + path = [pkgs.podman]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f macvlan"; + }; + script = '' + podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan + ''; + partOf = ["podman-compose-root.target"]; + wantedBy = ["podman-compose-root.target"]; + }; + }; + # disable computer sleeping + targets = { + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "podman-compose-root" = { + unitConfig = { + Description = "Root target for podman targets."; + }; + wantedBy = ["multi-user.target"]; + }; + }; + }; + + virtualisation = { + # Runtime + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + + oci-containers = { + backend = "podman"; + }; + }; + }; +} From 6ab64fafe1d6a57c2e9256812d824b3b02ddfab5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:07:52 -0600 Subject: [PATCH 439/695] added acme to impermanence --- configurations/nixos/defiant/services.nix | 5 -- .../nixos-modules/server/reverse_proxy.nix | 65 +++++++++++++------ 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 2774a1d..73c7024 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -135,11 +135,6 @@ in { }; }; - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - networking.firewall.allowedTCPPorts = [ httpPort diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 7eecdd0..bd39d4c 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -2,7 +2,9 @@ lib, config, ... -}: { +}: let + dataDir = "/var/lib/acme"; +in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { @@ -32,25 +34,46 @@ }; }; - # TODO: impermanence for ACME keys - config = { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; + config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ + { + security.acme = lib.mkIf config.host.reverse_proxy.enableACME { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; - services.nginx = { - enable = config.host.reverse_proxy.enable; - virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations."/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets; - }; - }) - config.host.reverse_proxy.subdomains; - }; - }; + services.nginx = { + enable = true; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + } + (lib.mkIf config.host.impermanence.enable { + # TODO: figure out how to write an assertion for this + # assertions = [ + # { + # assertion = security.acme.certs..directory == dataDir; + # message = "postgres data directory does not match persistence"; + # } + # ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }) + ]); } From 12e1f8067b7e4938728397ab4505a9f340cc4124 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:23:06 -0600 Subject: [PATCH 440/695] added port forwards to services --- configurations/nixos/defiant/services.nix | 34 +------------------ modules/nixos-modules/server/pihole.nix | 7 +++- .../nixos-modules/server/reverse_proxy.nix | 7 ++++ 3 files changed, 14 insertions(+), 34 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 73c7024..fdb0383 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -4,13 +4,7 @@ pkgs, inputs, ... -}: let - jellyfinPort = 8096; - dnsPort = 53; - httpPort = 80; - httpsPort = 443; - isDebug = false; -in { +}: { imports = []; options = { @@ -30,18 +24,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that home-assistant will be hosted at"; - default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -135,20 +117,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = - [ - httpPort - httpsPort - dnsPort - ] - ++ (lib.optional isDebug [ - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - config.services.home-assistant.config.http.server_port - config.services.postgresql.settings.port - ]); - environment.systemPackages = [ config.services.headscale.package ]; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index df86b97..6ec7628 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -3,7 +3,9 @@ config, inputs, ... -}: { +}: let + dnsPort = 53; +in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; directory = lib.mkOption { @@ -80,6 +82,9 @@ }; }; }; + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index bd39d4c..12fe757 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -4,6 +4,8 @@ ... }: let dataDir = "/var/lib/acme"; + httpPort = 80; + httpsPort = 443; in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; @@ -54,6 +56,11 @@ in { }) config.host.reverse_proxy.subdomains; }; + + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + ]; } (lib.mkIf config.host.impermanence.enable { # TODO: figure out how to write an assertion for this From 7dfb67f1f4e5418f244cab887e8f9dd734476eb9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:39:08 -0600 Subject: [PATCH 441/695] created nextcloud service --- configurations/nixos/defiant/services.nix | 30 ------------ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/nextcloud.nix | 55 ++++++++++++++++++++++ 3 files changed, 56 insertions(+), 30 deletions(-) create mode 100644 modules/nixos-modules/server/nextcloud.nix diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index fdb0383..958bc08 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -1,8 +1,6 @@ { lib, config, - pkgs, - inputs, ... }: { imports = []; @@ -40,31 +38,13 @@ }; config = { - sops.secrets = { - "services/nextcloud_adminpass" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - owner = config.users.users.nextcloud.name; - }; - }; - systemd = { services = { - # nextcloud-setup = { - # after = ["network.target"]; - # }; headscale = { after = ["postgresql.service"]; requires = ["postgresql.service"]; }; }; - - # disable computer sleeping - targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; }; services = { @@ -92,16 +72,6 @@ }; }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres - nextcloud = { - enable = true; - package = pkgs.nextcloud30; - hostName = config.apps.nextcloud.hostname; - config = { - adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; - }; - }; - nginx = { enable = true; virtualHosts = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index dd19cfd..b44eec7 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,5 +9,6 @@ ./searx.nix ./home-assistant.nix ./pihole.nix + ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix new file mode 100644 index 0000000..126ddd5 --- /dev/null +++ b/modules/nixos-modules/server/nextcloud.nix @@ -0,0 +1,55 @@ +{ + lib, + pkgs, + config, + inputs, + ... +}: let + dataDir = "/var/lib/nextcloud"; +in { + options.host.nextcloud = { + enable = lib.mkEnableOption "should nextcloud be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that nextcloud will be hosted at"; + default = "nextcloud"; + }; + }; + + config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [ + { + sops.secrets = { + "services/nextcloud_adminpass" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + owner = config.users.users.nextcloud.name; + }; + }; + + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {}; + + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; + config = { + adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + }; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "nextcloud"; + group = "nextcloud"; + } + ]; + }; + }) + ]); +} From 0e5cf348098f549c85ee684f57ef26aad11e13d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:48:03 -0600 Subject: [PATCH 442/695] added headscale service --- .../nixos/defiant/configuration.nix | 8 ++ configurations/nixos/defiant/services.nix | 94 ------------------- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/headscale.nix | 61 ++++++++++++ 4 files changed, 70 insertions(+), 94 deletions(-) delete mode 100644 configurations/nixos/defiant/services.nix create mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e86dbc4..c6a9e01 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -92,6 +92,14 @@ networkInterface = "bond0"; }; }; + nextcloud = { + enable = true; + subdomain = "drive"; + }; + headscale = { + enable = true; + subdomain = "vpn"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix deleted file mode 100644 index 958bc08..0000000 --- a/configurations/nixos/defiant/services.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ - lib, - config, - ... -}: { - imports = []; - - options = { - apps = { - base_domain = lib.mkOption { - type = lib.types.str; - }; - headscale = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that headscale will be hosted at"; - default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - }; - }; - nextcloud = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that nextcloud will be hosted at"; - default = "nextcloud"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that nextcloud will be hosted at"; - default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; - }; - }; - }; - }; - - config = { - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${config.apps.headscale.hostname}"; - dns.base_domain = "clients.${config.apps.headscale.hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - - nginx = { - enable = true; - virtualHosts = { - ${config.apps.headscale.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index b44eec7..9696617 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix + ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix new file mode 100644 index 0000000..4495a4a --- /dev/null +++ b/modules/nixos-modules/server/headscale.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; +in { + options.host.headscale = { + enable = lib.mkEnableOption "should headscale be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; + }; + + config = lib.mkIf config.host.headscale.enable { + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString config.services.headscale.port}"; + }; + + systemd = { + services = { + headscale = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + }; + }; + + services = { + # DNS stub needs to be disabled so pi hole can bind + # resolved.extraConfig = "DNSStubListener=no"; + headscale = { + enable = true; + user = "headscale"; + group = "headscale"; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${hostname}"; + dns.base_domain = "clients.${hostname}"; + logtail.enabled = true; + database = { + type = "postgres"; + postgres = { + host = "/run/postgresql"; + port = config.services.postgresql.settings.port; + user = "headscale"; + name = "headscale"; + }; + }; + }; + }; + }; + + environment.systemPackages = [ + config.services.headscale.package + ]; + }; +} From da8919b999024424f68becfbdecca47c1e6bbae7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 16:34:15 -0600 Subject: [PATCH 443/695] removed headscale --- .../nixos/defiant/configuration.nix | 40 +++--------- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/headscale.nix | 61 ------------------- modules/nixos-modules/server/postgres.nix | 39 +++++++++--- 4 files changed, 39 insertions(+), 102 deletions(-) delete mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c6a9e01..c32b6b3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,9 +1,5 @@ # server nas {pkgs, ...}: { - imports = [ - # ./services.nix - ]; - nixpkgs.config.allowUnfree = true; host = { @@ -65,6 +61,13 @@ enable = false; hostname = "volpe.social"; }; + postgres = { + extraUsers = { + leyla = { + isAdmin = true; + }; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -96,40 +99,11 @@ enable = true; subdomain = "drive"; }; - headscale = { - enable = true; - subdomain = "vpn"; - }; }; networking = { hostId = "c51763d6"; }; - # apps = { - # base_domain = "jan-leila.com"; - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # pihole = { - # image = "pihole/pihole:2024.07.0"; - # ip = "192.168.1.201"; - # }; - # headscale = { - # subdomain = "vpn"; - # }; - # jellyfin = { - # subdomain = "media"; - # }; - # forgejo = { - # subdomain = "git"; - # }; - # nextcloud = { - # subdomain = "drive"; - # }; - # }; - services = { # TODO: move zfs scrubbing into module zfs = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9696617..b44eec7 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix - ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix deleted file mode 100644 index 4495a4a..0000000 --- a/modules/nixos-modules/server/headscale.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; -in { - options.host.headscale = { - enable = lib.mkEnableOption "should headscale be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - }; - - config = lib.mkIf config.host.headscale.enable { - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString config.services.headscale.port}"; - }; - - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${hostname}"; - dns.base_domain = "clients.${hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 252e488..450fafa 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -7,6 +7,8 @@ dataDir = "/var/lib/postgresql/15"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; in { options = { host.postgres = { @@ -26,6 +28,21 @@ in { type = lib.types.bool; default = false; }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; }; })); default = {}; @@ -39,11 +56,19 @@ in { postgresql = { enable = true; package = pkgs.postgresql_15; - ensureUsers = [ - { - name = "postgres"; - } - ]; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; identMap = '' # ArbitraryMapName systemUser DBUser @@ -60,13 +85,13 @@ in { # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + local sameuser all peer map=user_map ''; }; }; From 4c7d6bf8374b22d526b3207d1d389d491cc02533 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 17:09:10 -0600 Subject: [PATCH 444/695] enabled reverse proxy --- configurations/nixos/defiant/configuration.nix | 4 ++-- modules/nixos-modules/server/reverse_proxy.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c32b6b3..a619c03 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -58,8 +58,8 @@ }; }; reverse_proxy = { - enable = false; - hostname = "volpe.social"; + enable = true; + hostname = "jan-leila.com"; }; postgres = { extraUsers = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 12fe757..acadbe8 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -16,7 +16,7 @@ in { forceSSL = lib.mkOption { type = lib.types.bool; description = "force connections to use https"; - default = true; + default = config.host.reverse_proxy.enableACME; }; enableACME = lib.mkOption { type = lib.types.bool; From a379f146d6c6ae43e8068abf6ac09ca0a35c07c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 17:51:08 -0600 Subject: [PATCH 445/695] updated flake.lock --- .../home-manager/leyla/packages.nix | 1 - flake.lock | 48 +++++++++---------- modules/nixos-modules/desktop.nix | 6 +-- 3 files changed, 27 insertions(+), 28 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 836a22b..9593ba0 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -68,7 +68,6 @@ in { bruno qFlipper proxmark3 - godot_4-mono # system tools protonvpn-gui diff --git a/flake.lock b/flake.lock index 44359f8..9fe7962 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735048446, - "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735202720, - "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", + "lastModified": 1735926627, + "narHash": "sha256-L8uuPK8ieuNJLbYsZ3nhBZ0+6btvbCqRm9wG51tbOdE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", + "rev": "a3943ec69fff6fb80227e62acca22adc016ada63", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1735053786, - "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", + "lastModified": 1735947440, + "narHash": "sha256-jnEcfmOhWntmVEcqlvs+j532+mvmgsKtQSSfukgkn+A=", "owner": "nix-community", "repo": "home-manager", - "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", + "rev": "a9987622b7b93c82e147f198574e8e6ffbf5e327", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1735218083, - "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=", + "lastModified": 1735685839, + "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bc03f7818771a75716966ce8c23110b715eff2aa", + "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735264033, - "narHash": "sha256-ss9vVSK9M2o8hW4nFs+GuVxsrIZ8X3zxQfeWhEKgMT0=", + "lastModified": 1735868868, + "narHash": "sha256-U4Oy2o/CmBg6gexAHamH++52oAgvvEwcq9fkEmcvjyw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b5223dca0334d671787531a204bdba7717b48a72", + "rev": "b0f7a59cee0ca77c157ab4e0c60d4a9df6bccb86", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1735388221, + "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1734546875, - "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", + "lastModified": 1735844895, + "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", + "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index d1b0517..c6d3dfa 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -46,10 +46,10 @@ automatic-timezoned = { enable = true; }; - }; - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; + # Enable sound with pipewire. + pulseaudio.enable = false; + }; # enable RealtimeKit for pulse audio security.rtkit.enable = true; From c9a7ce7150b60f8b641aefce46abfbe7c3fed929 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 18:27:49 -0600 Subject: [PATCH 446/695] reorganized configs in configuration.nix --- configurations/nixos/defiant/configuration.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a619c03..a5e9c7d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -68,6 +68,13 @@ }; }; }; + podman = { + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -88,13 +95,6 @@ enable = true; ip = "192.168.1.201"; }; - podman = { - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - }; nextcloud = { enable = true; subdomain = "drive"; From 31a9d201581350a4118369a27dce4549a3b84a91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:46:43 -0600 Subject: [PATCH 447/695] fixed mount points for new nfs server --- configurations/nixos/horizon/hardware-configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 184be7a..a30decb 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -39,25 +39,25 @@ }; "/mnt/leyla_home" = { - device = "defiant:/home/leyla"; + device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/eve_home" = { - device = "defiant:/home/eve"; + device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/ester_home" = { - device = "defiant:/home/ester"; + device = "defiant:/exports/ester"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/users_home" = { - device = "defiant:/home/users"; + device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; From dc6d05a0b05d7c4216f1549d70ed4968fdc0db50 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:47:43 -0600 Subject: [PATCH 448/695] added default to subdomains --- modules/nixos-modules/server/reverse_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index acadbe8..a218b3f 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -33,6 +33,7 @@ in { websockets = lib.mkEnableOption "should websockets be proxied"; }; })); + default = {}; }; }; From 1374696401d2ff6f41d74af004f34f0d410484af Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:48:55 -0600 Subject: [PATCH 449/695] removed un needed comment --- configurations/nixos/horizon/configuration.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index bc96142..0c48bb3 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -39,16 +39,6 @@ programs.adb.enable = true; - # enabled virtualisation for docker - # virtualisation.docker = { - # enable = true; - # rootless = { - # enable = true; - # setSocketVariable = true; - # }; - # }; - # users.extraGroups.docker.members = ["leyla"]; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From 994234c18b73292a4e45c203b36fdce8657353f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:58:22 -0600 Subject: [PATCH 450/695] increased side of boot partition --- modules/nixos-modules/disko.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index f95edcf..b2685af 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -90,7 +90,8 @@ in { partitions = { # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA ESP = { - size = "64M"; + # 2G here because its not much relative to how much storage we have for caching + size = "2G"; type = "EF00"; content = { type = "filesystem"; From e2d3bb5d01e54221b2989e8ab483967b05f258f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 15:20:51 -0600 Subject: [PATCH 451/695] added auto key generation to ssh --- README.md | 4 + .../home-manager/leyla/impermanence.nix | 1 - modules/home-manager-modules/openssh.nix | 100 +++++++++++++++++- modules/nixos-modules/ssh.nix | 9 +- 4 files changed, 104 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 6d5119d..626e3f2 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ +# nix-config + + + # Hosts ## Host Map diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 3f85d14..b3d058d 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -9,7 +9,6 @@ "desktop" "downloads" "documents" - ".ssh" { directory = ".local/share/Steam"; method = "symlink"; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index ef4f11f..4710cd9 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -1,8 +1,102 @@ -{lib, ...}: { - options.programs = { - openssh.authorizedKeys = lib.mkOption { +{ + pkgs, + config, + osConfig, + lib, + ... +}: { + options.programs.openssh = { + authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; }; + hostKeys = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + default = [ + { + type = "rsa"; + bits = 4096; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + } + { + type = "ed25519"; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + example = [ + { + type = "rsa"; + bits = 4096; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + rounds = 100; + openSSHFormat = true; + } + { + type = "ed25519"; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + rounds = 100; + comment = "key comment"; + } + ]; + description = '' + NixOS can automatically generate SSH host keys. This option + specifies the path, type and size of each key. See + {manpage}`ssh-keygen(1)` for supported types + and sizes. Paths are relative to home directory + ''; + }; }; + + config = lib.mkMerge [ + { + systemd.user.services."${config.home.username}-ssh-keygen" = { + Unit = { + description = "Generate SSH keys for user"; + }; + Install = { + wantedBy = ["sshd.target" "multi-user.target" "default.target"]; + }; + Service = { + ExecStart = "${ + pkgs.writeShellScript "ssh-keygen" + '' + # Make sure we don't write to stdout, since in case of + # socket activation, it goes to the remote side (#19589). + exec >&2 + + ${lib.flip lib.concatMapStrings config.programs.openssh.hostKeys (k: let + path = "${config.home.homeDirectory}/${k.path}"; + in '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ssh-keygen \ + -t "${k.type}" \ + ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \ + ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \ + ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \ + ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + fi + '')} + '' + }"; + KillMode = "process"; + Restart = "always"; + Type = "simple"; + }; + }; + } + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.programs.openssh.hostKeys + ); + }; + }) + ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 69bd185..6f5fac1 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -19,12 +19,9 @@ } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; + files = lib.lists.flatten ( + builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys + ); }; }) ]; From 19a9b06c4e7ba08e13bfa8c92c373d7fa83d6769 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 15:23:33 -0600 Subject: [PATCH 452/695] added header to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 626e3f2..bed915f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # nix-config +https://git.jan-leila.com/jan-leila/nix-config +nix multi user, multi system, configuration with `sops` secret management, `home-manager`, and `nixos-anywhere` setup via `disko` with `zfs` + `impermanence` # Hosts From caa08f1c1823816a9ec4426263bf14259e2d956b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 17:48:02 -0600 Subject: [PATCH 453/695] removed rsa from default hostKeys --- modules/home-manager-modules/openssh.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 4710cd9..ae81bd1 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -13,11 +13,6 @@ hostKeys = lib.mkOption { type = lib.types.listOf lib.types.attrs; default = [ - { - type = "rsa"; - bits = 4096; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; - } { type = "ed25519"; path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; From 0c5b21d60a6628dfc4cff3853e7222d62877a8a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:29:29 -0600 Subject: [PATCH 454/695] fixed ssh key generation --- configurations/home-manager/leyla/default.nix | 16 +++- modules/home-manager-modules/openssh.nix | 94 +++++++++---------- 2 files changed, 58 insertions(+), 52 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 8b41e3a..bb65a35 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,6 +1,7 @@ { pkgs, osConfig, + config, ... }: { imports = [ @@ -106,9 +107,18 @@ }; bash.enable = true; - openssh.authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - ]; + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; }; dconf = { diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index ae81bd1..652b0fb 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -12,23 +12,18 @@ }; hostKeys = lib.mkOption { type = lib.types.listOf lib.types.attrs; - default = [ - { - type = "ed25519"; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; + default = []; example = [ { type = "rsa"; bits = 4096; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + path = "${config.home.username}_${osConfig.networking.hostName}_rsa"; rounds = 100; openSSHFormat = true; } { type = "ed25519"; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; rounds = 100; comment = "key comment"; } @@ -43,53 +38,54 @@ }; config = lib.mkMerge [ - { - systemd.user.services."${config.home.username}-ssh-keygen" = { - Unit = { - description = "Generate SSH keys for user"; + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + addKeysToAgent = "yes"; }; - Install = { - wantedBy = ["sshd.target" "multi-user.target" "default.target"]; - }; - Service = { - ExecStart = "${ - pkgs.writeShellScript "ssh-keygen" - '' - # Make sure we don't write to stdout, since in case of - # socket activation, it goes to the remote side (#19589). - exec >&2 - ${lib.flip lib.concatMapStrings config.programs.openssh.hostKeys (k: let - path = "${config.home.homeDirectory}/${k.path}"; - in '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ssh-keygen \ - -t "${k.type}" \ - ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \ - ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \ - ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \ - ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - fi - '')} - '' - }"; - KillMode = "process"; - Restart = "always"; - Type = "simple"; - }; - }; - } + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) (lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( - builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.programs.openssh.hostKeys + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); }; }) From c557523bd6fb893fb7cbf6456fffe1f1df5fc815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:42:14 -0600 Subject: [PATCH 455/695] configured ssh options --- modules/home-manager-modules/openssh.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 652b0fb..12107c8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -43,7 +43,8 @@ services.ssh-agent.enable = true; programs.ssh = { enable = true; - addKeysToAgent = "yes"; + compression = true; + addKeysToAgent = "prompt"; }; systemd.user.services = builtins.listToAttrs ( From 445df7eb5baaca3e1cb78e01c3127a1c80734a04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:50:24 -0600 Subject: [PATCH 456/695] fixed identities not being found automatically --- modules/home-manager-modules/openssh.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 12107c8..df78828 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -44,7 +44,10 @@ programs.ssh = { enable = true; compression = true; - addKeysToAgent = "prompt"; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); }; systemd.user.services = builtins.listToAttrs ( From 89f2ada23336621024dfafa15d580ad3997756f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:56:01 -0600 Subject: [PATCH 457/695] added coven to sync --- modules/nixos-modules/sync.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 532038e..ce9a247 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -56,6 +56,9 @@ in { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; }; + coven = { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + }; }; folders = lib.mkMerge [ config.host.sync.folders.extraFolders @@ -63,21 +66,21 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "/mnt/sync/leyla/documents"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) (lib.mkIf config.host.sync.folders.leyla.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; path = "/mnt/sync/leyla/calendar"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "/mnt/sync/leyla/notes"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) ]; From 81a1c9cc3f5f1c81eb559093182f8d4c80ae1c59 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 Jan 2025 10:46:43 -0600 Subject: [PATCH 458/695] removed completed tasks from README.md --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index bed915f..ff08fb8 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - https://nixos-and-flakes.thiscute.world/ @@ -50,7 +49,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in `defiant/services.nix` into their own modules - syncthing password ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -58,7 +56,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - samba mounts - figure out steam vr things? - Open GL? -- openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing - tail scale clients From 84698ba68b22c8e5a9b4d4556ca9c1f452e19324 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 11:57:01 -0600 Subject: [PATCH 459/695] fixed coven id for sync --- modules/nixos-modules/sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index ce9a247..00036f4 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -57,7 +57,7 @@ in { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; }; coven = { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; }; }; folders = lib.mkMerge [ From 46fd27f76892b5ae02c3993e508d70042001be12 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:06:26 -0600 Subject: [PATCH 460/695] added fail2ban --- .../nixos/defiant/configuration.nix | 3 + modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/fail2ban.nix | 90 +++++++++++++++++++ modules/nixos-modules/server/nextcloud.nix | 8 ++ 4 files changed, 102 insertions(+) create mode 100644 modules/nixos-modules/server/fail2ban.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a5e9c7d..f65421c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -28,6 +28,9 @@ ]; }; }; + fail2ban = { + enable = true; + }; network_storage = { enable = true; directories = [ diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index b44eec7..c8e17a9 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./fail2ban.nix ./network_storage ./reverse_proxy.nix ./postgres.nix diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix new file mode 100644 index 0000000..f68ef9d --- /dev/null +++ b/modules/nixos-modules/server/fail2ban.nix @@ -0,0 +1,90 @@ +{ + lib, + config, + ... +}: { + options.host.fail2ban = { + enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; + }; + + config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ + { + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + failregex = "limiting requests, excess:.* by zone.*client: "; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\."; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable { + filter = "nextcloud"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.nextcloud.datadir}/*.log"; + backend = "auto"; + failregex = '' + ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ + ''; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.stateDir}/log/*.log"; + backend = "auto"; + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from "; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + filter = "home-assistant"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + }) + ]); +} diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index 126ddd5..a1ad0cf 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -32,6 +32,7 @@ in { enable = true; package = pkgs.nextcloud30; hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; + settings.log_type = "file"; config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; }; @@ -39,6 +40,13 @@ in { }; } (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.nextcloud.datadir == dataDir; + message = "nextcloud data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 6a8daadb4e256f439b8cd6bdb4e9901808544815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:07:19 -0600 Subject: [PATCH 461/695] fixed gnome tour showing on reboot --- configurations/home-manager/leyla/impermanence.nix | 2 +- configurations/nixos/defiant/configuration.nix | 1 + modules/nixos-modules/desktop.nix | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index b3d058d..8cbc254 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -15,7 +15,7 @@ } ]; files = [ - ".config/gnome-initial-setup-done" # gnome welcome message + ".bash_history" # keep shell history around ".local/share/recently-used.xbel" # gnome recently viewed files ]; }; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f65421c..f60e146 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -62,6 +62,7 @@ }; reverse_proxy = { enable = true; + enableACME = false; hostname = "jan-leila.com"; }; postgres = { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index c6d3dfa..22a7b65 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -53,6 +53,8 @@ # enable RealtimeKit for pulse audio security.rtkit.enable = true; + # disable welcome tour + environment.gnome.excludePackages = [pkgs.gnome-tour]; }) ]; } From b9b5c1b2e3985d6f75c85afde60354b27d9027b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:11:29 -0600 Subject: [PATCH 462/695] added impermanence to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f68ef9d..e59d8a5 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -2,7 +2,9 @@ lib, config, ... -}: { +}: let + dataFile = "/var/lib/fail2ban/fail2ban.sqlite3"; +in { options.host.fail2ban = { enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; }; @@ -85,6 +87,20 @@ }; } (lib.mkIf config.host.impermanence.enable { - }) + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == dataFile; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + files = [ + dataFile + ]; + }; + }) ]); } From b18cd526d7991eb541c39c0a1951e682943350b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 20:03:32 -0600 Subject: [PATCH 463/695] added tasks to README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ff08fb8..4798a5d 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich -- zfs encryption FIDO2 2fa \ No newline at end of file +- zfs encryption FIDO2 2fa +- ISO installer - https://github.com/nix-community/nixos-generators +- Secure Boot - https://github.com/nix-community/lanzaboote From 8b1551266b387a8ec507c9f8334d72f34c63b6f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 7 Jan 2025 15:59:31 -0600 Subject: [PATCH 464/695] added host option to rebuild script --- rebuild.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index a4b7fdc..45dae64 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -15,7 +15,7 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` target="${1#*=}" ;; - --flake*|-h*) + --flake*|-f*) if [[ "$1" != *=* ]]; then shift; fi flake="${1#*=}" ;; @@ -27,6 +27,10 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; + --host*) + if [[ "$1" != *=* ]]; then shift; fi + host="${1#*=}" + ;; --preserve-result) preserve_result=true ;; @@ -42,6 +46,7 @@ while [ $# -gt 0 ]; do echo "--flake -f: set the flake to rebuild on the target system" echo "--mode -m: set the mode to rebuild flake as on the target system" echo "--user -u: set the user to rebuild flake as on the target system" + echo "--host: set the host that the flake will be rebuilt on (unset for current machine)" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" @@ -62,6 +67,11 @@ user=${user:-$USER} command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" +if [[ $host ]]; +then + command="$command --build-host $host" +fi + if [[ "$target" != "$(hostname)" ]]; then command="$command --target-host $user@$target" @@ -72,6 +82,7 @@ then command="$command --show-trace" fi +echo $command $command if [ -d "result" ]; From 0d952467cc3a92f8641b9f8311f406afa6fb0718 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 7 Jan 2025 21:42:14 -0600 Subject: [PATCH 465/695] moved monitors to separate file --- .../nixos/twilight/configuration.nix | 204 +----------------- configurations/nixos/twilight/monitors.nix | 199 +++++++++++++++++ 2 files changed, 204 insertions(+), 199 deletions(-) create mode 100644 configurations/nixos/twilight/monitors.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 75c8dc7..18e9972 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{...}: { + imports = [ + ./monitors.nix + ]; + nixpkgs.config.allowUnfree = true; host = { @@ -19,204 +23,6 @@ }; }; - systemd.tmpfiles.rules = [ - "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' - - - - 0 - 156 - 1 - - - DP-4 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 2560 - 324 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 0 - 1 - - left - no - - - - HDMI-0 - HWP - HP w2207 - CND7332S88 - - - 1600 - 1000 - 59.999 - - - - - - - 0 - 0 - 1 - yes - - - DP-1 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 4480 - 226 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 2560 - 226 - 1 - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - - - 2560 - 228 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 69 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 0 - 0 - 1 - - - DP-3 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - - None-1 - unknown - unknown - unknown - - - - - ''}" - ]; - # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/monitors.nix b/configurations/nixos/twilight/monitors.nix new file mode 100644 index 0000000..1308f50 --- /dev/null +++ b/configurations/nixos/twilight/monitors.nix @@ -0,0 +1,199 @@ +{pkgs, ...}: { + systemd.tmpfiles.rules = [ + "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' + + + + 0 + 156 + 1 + + + DP-4 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 2560 + 324 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 0 + 1 + + left + no + + + + HDMI-0 + HWP + HP w2207 + CND7332S88 + + + 1600 + 1000 + 59.999 + + + + + + + 0 + 0 + 1 + yes + + + DP-1 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 4480 + 226 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 2560 + 226 + 1 + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + + + 2560 + 228 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 69 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 0 + 0 + 1 + + + DP-3 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + + None-1 + unknown + unknown + unknown + + + + + ''}" + ]; +} From e7a53a5df01b866d9001a21754ba32dceeb72ec8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Jan 2025 13:04:23 -0600 Subject: [PATCH 466/695] updated jellyfin persist folders --- modules/nixos-modules/server/jellyfin.nix | 72 ++++++++++++++--------- 1 file changed, 44 insertions(+), 28 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 6d6874a..a10470a 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -7,6 +7,7 @@ jellyfinPort = 8096; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; + jellyfin_media_directory = "/srv/jellyfin/media"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -31,34 +32,6 @@ in { ]; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { @@ -73,6 +46,49 @@ in { }; }; }; + + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + + "/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = jellyfin_media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + }; }) ] ); From f55abeb587c81f48f8692d694ad4141ade5e2e13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Jan 2025 15:06:50 -0600 Subject: [PATCH 467/695] added target to nextcloud proxy --- modules/nixos-modules/server/nextcloud.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index a1ad0cf..fcc612b 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -25,7 +25,11 @@ in { }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {}; + host = { + reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = { + target = "http://localhost:${toString 8009}"; + }; + }; services = { nextcloud = { @@ -35,6 +39,7 @@ in { settings.log_type = "file"; config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + adminuser = "admin"; }; }; }; From 266d0f9ec157027401f61257b2e9301325d87833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 12 Jan 2025 11:31:54 -0600 Subject: [PATCH 468/695] updated flake.lock --- .../home-manager/leyla/packages.nix | 2 +- flake.lock | 48 +++++++++---------- modules/nixos-modules/server/nextcloud.nix | 1 + 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 9593ba0..597fe2f 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -63,7 +63,7 @@ in { # development tools # androidStudioPackages.canary - # jetbrains.idea-community + jetbrains.idea-community dbeaver-bin bruno qFlipper diff --git a/flake.lock b/flake.lock index 9fe7962..781f077 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735468753, - "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", + "lastModified": 1736591904, + "narHash": "sha256-LFO8pSrPKrH8OPq2HaAuBG5skk8/MNJ/9YmK3KsnSks=", "owner": "nix-community", "repo": "disko", - "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", + "rev": "33827d2bd16bfe2e21b62956526c72d313595dfd", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735926627, - "narHash": "sha256-L8uuPK8ieuNJLbYsZ3nhBZ0+6btvbCqRm9wG51tbOdE=", + "lastModified": 1736568198, + "narHash": "sha256-RBTk5KavYsPZ56m9C2evS4pDkEu3+NdxY6mFNbo8DH8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a3943ec69fff6fb80227e62acca22adc016ada63", + "rev": "7f8746a7ef2d15b8fb4acc63cb0d7e3a407739bf", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1735947440, - "narHash": "sha256-jnEcfmOhWntmVEcqlvs+j532+mvmgsKtQSSfukgkn+A=", + "lastModified": 1736508663, + "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9987622b7b93c82e147f198574e8e6ffbf5e327", + "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1735685839, - "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", + "lastModified": 1736631212, + "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", + "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735868868, - "narHash": "sha256-U4Oy2o/CmBg6gexAHamH++52oAgvvEwcq9fkEmcvjyw=", + "lastModified": 1736560114, + "narHash": "sha256-+kL+Nw3eEToKDalXJqa6fjLQqgTftTWLypr4Hj7tFKw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0f7a59cee0ca77c157ab4e0c60d4a9df6bccb86", + "rev": "e26efb7bac0fcdc28b92596c5c2acaaf4713124f", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1735388221, - "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736344531, + "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1735844895, - "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=", + "lastModified": 1736515725, + "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32", + "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index fcc612b..6acd01d 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -40,6 +40,7 @@ in { config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; adminuser = "admin"; + dbtype = "sqlite"; }; }; }; From 2ecb7e29931883df11e17ba9dc3219048939f992 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Jan 2025 12:02:10 -0600 Subject: [PATCH 469/695] update postgres --- configurations/home-manager/leyla/impermanence.nix | 1 + modules/nixos-modules/server/postgres.nix | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 8cbc254..29936b5 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -18,6 +18,7 @@ ".bash_history" # keep shell history around ".local/share/recently-used.xbel" # gnome recently viewed files ]; + allowOther = true; }; }; } diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 450fafa..8d57d42 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - dataDir = "/var/lib/postgresql/15"; + dataDir = "/var/lib/postgresql/16"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); @@ -55,7 +55,7 @@ in { services = { postgresql = { enable = true; - package = pkgs.postgresql_15; + package = pkgs.postgresql_16; ensureUsers = [ { From cd825313dcd0cecae826e37cc4c55b6a7c146314 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Jan 2025 13:00:53 -0600 Subject: [PATCH 470/695] added programs.fuse.userAllowOther to impermanence module --- modules/nixos-modules/impermanence.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 66139ce..008f060 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,8 @@ } ]; + programs.fuse.userAllowOther = true; + boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank ''; From 4d0aa119b07b37b8a1b7606693b465f6966ac42d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Jan 2025 15:56:40 -0600 Subject: [PATCH 471/695] removed ester user --- .../darwin/hesperium/configuration.nix | 4 - configurations/home-manager/default.nix | 1 - configurations/home-manager/ester/default.nix | 78 ------------------- .../nixos/defiant/configuration.nix | 7 +- .../nixos/horizon/configuration.nix | 1 - .../nixos/horizon/hardware-configuration.nix | 6 -- .../nixos/twilight/configuration.nix | 1 - modules/darwin-modules/users.nix | 4 - modules/nixos-modules/users.nix | 28 ------- modules/system-modules/users.nix | 5 -- 10 files changed, 1 insertion(+), 134 deletions(-) delete mode 100644 configurations/home-manager/ester/default.nix diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix index 08fc59f..f8af5c8 100644 --- a/configurations/darwin/hesperium/configuration.nix +++ b/configurations/darwin/hesperium/configuration.nix @@ -6,10 +6,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester = { - isPrincipleUser = true; - isNormalUser = true; - }; eve.isNormalUser = false; }; }; diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 587d1c2..3aa4c0e 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -6,6 +6,5 @@ users = config.host.users; in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); - ester = lib.mkIf users.ester.isNormalUser (import ./ester); eve = lib.mkIf users.eve.isNormalUser (import ./eve); } diff --git a/configurations/home-manager/ester/default.nix b/configurations/home-manager/ester/default.nix deleted file mode 100644 index 181a487..0000000 --- a/configurations/home-manager/ester/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - pkgs, - lib, - osConfig, - ... -}: let - userConfig = osConfig.host.users.ester; -in { - imports = []; - - config = { - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.ester.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - keyboard.layout = "it,us"; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/ester/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - # helvetica font - aileron - - firefox - bitwarden - discord - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - }; - }; -} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f60e146..ca24db1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -44,11 +44,6 @@ user = "eve"; group = "eve"; } - { - folder = "ester"; - user = "ester"; - group = "ester"; - } { folder = "users"; user = "root"; @@ -57,7 +52,7 @@ ]; nfs = { enable = true; - directories = ["leyla" "eve" "ester"]; + directories = ["leyla" "eve"]; }; }; reverse_proxy = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0c48bb3..232456c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -16,7 +16,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isDesktopUser = true; eve.isDesktopUser = true; }; sync = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index a30decb..ca6bf4b 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -50,12 +50,6 @@ options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/ester_home" = { - device = "defiant:/exports/ester"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - "/mnt/users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 18e9972..c288149 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -12,7 +12,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isDesktopUser = true; eve.isDesktopUser = true; }; hardware = { diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix index f0b55c0..72fd1b1 100644 --- a/modules/darwin-modules/users.nix +++ b/modules/darwin-modules/users.nix @@ -11,10 +11,6 @@ in { name = lib.mkForce host.users.leyla.name; home = lib.mkForce "/home/${host.users.leyla.name}"; }; - ester = { - name = lib.mkForce host.users.ester.name; - home = lib.mkForce "/home/${host.users.ester.name}"; - }; }; }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index c3a316e..5cfa7fb 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -14,7 +14,6 @@ uids = { leyla = 1000; - ester = 1001; eve = 1002; jellyfin = 2000; forgejo = 2002; @@ -27,7 +26,6 @@ gids = { leyla = 1000; - ester = 1001; eve = 1002; users = 100; jellyfin_media = 2001; @@ -42,7 +40,6 @@ users = config.users.users; leyla = users.leyla.name; - ester = users.ester.name; eve = users.eve.name; in { config = lib.mkMerge [ @@ -77,10 +74,6 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; "passwords/eve" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -105,17 +98,6 @@ in { group = config.users.users.leyla.name; }; - ester = { - uid = lib.mkForce uids.ester; - name = lib.mkForce host.users.ester.name; - description = "Ester"; - extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = host.users.ester.isNormalUser; - isSystemUser = !host.users.ester.isNormalUser; - group = config.users.users.ester.name; - }; - eve = { uid = lib.mkForce uids.eve; name = lib.mkForce host.users.eve.name; @@ -178,13 +160,6 @@ in { ]; }; - ester = { - gid = lib.mkForce gids.ester; - members = [ - ester - ]; - }; - eve = { gid = lib.mkForce gids.eve; members = [ @@ -196,7 +171,6 @@ in { gid = lib.mkForce gids.users; members = [ leyla - ester eve ]; }; @@ -206,7 +180,6 @@ in { members = [ users.jellyfin.name leyla - ester eve ]; }; @@ -264,7 +237,6 @@ in { members = [ users.syncthing.name leyla - ester eve ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index fe88850..cd9c900 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -84,11 +84,6 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; - ester = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; eve = { isPrincipleUser = lib.mkDefault false; isDesktopUser = lib.mkDefault false; From b6605dff271f803e4f0cfc2b430e44ab6c2d25b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Jan 2025 13:59:22 -0600 Subject: [PATCH 472/695] fixed permissions on fail2ban database file --- modules/nixos-modules/server/fail2ban.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index e59d8a5..39a8fd2 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -3,7 +3,8 @@ config, ... }: let - dataFile = "/var/lib/fail2ban/fail2ban.sqlite3"; + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; in { options.host.fail2ban = { enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; @@ -89,7 +90,7 @@ in { (lib.mkIf config.host.impermanence.enable { assertions = [ { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == dataFile; + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; message = "fail2ban data file does not match persistence"; } ]; @@ -97,8 +98,12 @@ in { environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; - files = [ - dataFile + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } ]; }; }) From 95c84185914453d3cfaa7e5ca2cb9f70240dfdba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 29 Jan 2025 19:07:49 -0600 Subject: [PATCH 473/695] installed ollama --- configurations/home-manager/leyla/vscode.nix | 12 ++++++++++++ configurations/nixos/horizon/configuration.nix | 9 +++++++++ configurations/nixos/twilight/configuration.nix | 10 ++++++++++ 3 files changed, 31 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index d921604..c9d779d 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -52,6 +52,13 @@ in { "expr" = "import {}"; }; }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; + + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) ]; extensions = ( @@ -84,6 +91,11 @@ in { # misc extensions bungcip.better-toml ] + ++ ( + lib.lists.optionals osConfig.services.ollama.enable [ + rjmacarthy.twinny + ] + ) ++ (lib.lists.optionals nix-development-enabled [ # nix extensions pinage404.nix-extension-pack diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 232456c..73b0fef 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -38,6 +38,15 @@ programs.adb.enable = true; + services.ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:1.3b" + "deepseek-r1:1.5b" + ]; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index c288149..4667ee4 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -22,6 +22,16 @@ }; }; + services.ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:70b" + ]; + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; From f623a33863a1d2c59266df466287670e0c88d2f0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 29 Jan 2025 19:43:02 -0600 Subject: [PATCH 474/695] updated models listed for different configurations --- configurations/nixos/defiant/configuration.nix | 11 +++++++++++ configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca24db1..7363772 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -127,6 +127,17 @@ # Get rid of xTerm excludePackages = [pkgs.xterm]; }; + + ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" + "deepseek-r1:70b" + ]; + }; }; # disable computer sleeping diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4667ee4..bf42209 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -28,7 +28,7 @@ loadModels = [ "deepseek-coder:6.7b" "deepseek-r1:8b" - "deepseek-r1:70b" + "deepseek-r1:32b" ]; }; From aaaf7514357ffe90626042d41697f7cca8f95e8a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Feb 2025 19:48:53 -0600 Subject: [PATCH 475/695] added ollama configs --- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/ollama.nix | 27 +++++++++++++++++++++++++++ modules/nixos-modules/users.nix | 15 +++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 modules/nixos-modules/ollama.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 63b2757..371a156 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -11,6 +11,7 @@ ./sync.nix ./impermanence.nix ./disko.nix + ./ollama.nix ./server ]; diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix new file mode 100644 index 0000000..5cdc041 --- /dev/null +++ b/modules/nixos-modules/ollama.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + config = lib.mkMerge [ + { + services.ollama = { + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + })) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 5cfa7fb..15631a9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -22,6 +22,7 @@ headscale = 2005; nextcloud = 2006; syncthing = 2007; + ollama = 2008; }; gids = { @@ -36,6 +37,7 @@ headscale = 2005; nextcloud = 2006; syncthing = 2007; + ollama = 2008; }; users = config.users.users; @@ -150,6 +152,12 @@ in { isSystemUser = true; group = config.users.users.syncthing.name; }; + + ollama = { + uid = lib.mkForce uids.ollama; + isSystemUser = true; + group = config.users.users.ollama.name; + }; }; groups = { @@ -240,6 +248,13 @@ in { eve ]; }; + + ollama = { + gid = lib.mkForce gids.ollama; + members = [ + users.ollama.name + ]; + }; }; }; } From 561766c67671a2553161e6e4be2c88dd3edf2092 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Feb 2025 19:51:33 -0600 Subject: [PATCH 476/695] added more network card configuration --- .../nixos/defiant/hardware-configuration.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 425cbc2..f312f88 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -35,6 +35,12 @@ networking = { hostName = "defiant"; # Define your hostname. useNetworkd = true; + interfaces = { + bond0.useDHCP = lib.mkDefault true; + bonding_masters.useDHCP = lib.mkDefault true; + enol.useDHCP = lib.mkDefault true; + eno2.useDHCP = lib.mkDefault true; + }; }; systemd.network = { @@ -57,12 +63,20 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; - DHCP = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.2.1/24" + ]; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; - DHCP = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.2.2/24" + ]; }; "40-bond0" = { @@ -74,7 +88,6 @@ address = [ # configure addresses including subnet mask "192.168.1.10/24" - # TODO: ipv6 address configuration ]; }; }; From 07514ed043d473e9a7eb5400bffcf861abe48833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Feb 2025 18:23:36 -0600 Subject: [PATCH 477/695] added fprintd to horizon --- configurations/nixos/horizon/configuration.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 73b0fef..ee32059 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -38,13 +38,19 @@ programs.adb.enable = true; - services.ollama = { - enable = true; + services = { + # sudo fprintd-enroll + fprintd = { + enable = true; + }; + ollama = { + enable = true; - loadModels = [ - "deepseek-coder:1.3b" - "deepseek-r1:1.5b" - ]; + loadModels = [ + "deepseek-coder:1.3b" + "deepseek-r1:1.5b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From e6a738f3f6e632513e474881b140f858cc8bb927 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Feb 2025 13:32:11 -0600 Subject: [PATCH 478/695] added cuda acceleration to twilight --- configurations/nixos/twilight/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bf42209..985f9ce 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,6 +30,8 @@ "deepseek-r1:8b" "deepseek-r1:32b" ]; + + acceleration = "cuda"; }; # enabled virtualisation for docker From c7766de8bb6ffe62eb6003af68c232e532685301 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 19:55:02 -0600 Subject: [PATCH 479/695] added back lix --- flake.lock | 86 +++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++ util/default.nix | 2 ++ 3 files changed, 92 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 781f077..5707998 100644 --- a/flake.lock +++ b/flake.lock @@ -93,6 +93,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -107,6 +125,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -142,6 +175,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -165,7 +233,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -223,6 +291,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -281,6 +350,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1849afc..a4e97a8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,11 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # secret encryption sops-nix = { url = "github:Mic92/sops-nix"; diff --git a/util/default.nix b/util/default.nix index 33942a8..6f9e08a 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,6 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -76,6 +77,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From a99b35d1b18ae88b6410b2b0dd41168d77f15f5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 20:41:39 -0600 Subject: [PATCH 480/695] temp disabled lix --- flake.lock | 86 +----------------------------------------------- flake.nix | 9 ++--- util/default.nix | 4 +-- 3 files changed, 8 insertions(+), 91 deletions(-) diff --git a/flake.lock b/flake.lock index 5707998..781f077 100644 --- a/flake.lock +++ b/flake.lock @@ -93,24 +93,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -125,21 +107,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -175,41 +142,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -233,7 +165,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -291,7 +223,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -350,21 +281,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a4e97a8..96cc582 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,11 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # TODO: figure out why things fail to build with lix + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 6f9e08a..3c35b0e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,7 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -77,7 +77,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9895ae6899adf2eebb734ee9110a157fd0e35a81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 20:52:00 -0600 Subject: [PATCH 481/695] updated flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 781f077..b3babe3 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736591904, - "narHash": "sha256-LFO8pSrPKrH8OPq2HaAuBG5skk8/MNJ/9YmK3KsnSks=", + "lastModified": 1739353546, + "narHash": "sha256-YTqXhBZvCdZLMBupWlCDvRFaTEhaHa2/Xc/p1sUdSZU=", "owner": "nix-community", "repo": "disko", - "rev": "33827d2bd16bfe2e21b62956526c72d313595dfd", + "rev": "26ade1005191e0602a78b0f141970648445bafd9", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1736568198, - "narHash": "sha256-RBTk5KavYsPZ56m9C2evS4pDkEu3+NdxY6mFNbo8DH8=", + "lastModified": 1739399387, + "narHash": "sha256-7oXm3SXUZLwLG9ks5SWOZJTmogocrTXM1SVTFZ9xrno=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7f8746a7ef2d15b8fb4acc63cb0d7e3a407739bf", + "rev": "4d32808bd51c7349ce036b7a037fb56d5e7c06ae", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1736508663, - "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", + "lastModified": 1739381933, + "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", + "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734945620, - "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1736631212, - "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", + "lastModified": 1739302241, + "narHash": "sha256-NXQXFU6HOschZ+8ZKrNOlwlHelez8vPl+dCiUaJ82/U=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", + "rev": "a6746213b138fe7add88b19bafacd446de574ca7", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1736560114, - "narHash": "sha256-+kL+Nw3eEToKDalXJqa6fjLQqgTftTWLypr4Hj7tFKw=", + "lastModified": 1739411363, + "narHash": "sha256-QAXvfAXyBtMOdBAz+ivmVVk9V7/d3nSgFprH4C0XOr0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e26efb7bac0fcdc28b92596c5c2acaaf4713124f", + "rev": "142aabf9bb589535f150afff4a439f39bd04c21e", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1738816619, + "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736344531, - "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1736515725, - "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { From a3d065d674b0ba31a658812a6f56d37a66662976 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 21:34:48 -0600 Subject: [PATCH 482/695] renamed mounts on horizon --- .../nixos/horizon/hardware-configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ca6bf4b..48a4680 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,37 +38,37 @@ fsType = "vfat"; }; - "/mnt/leyla_home" = { + "/mnt/new_leyla_home" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/eve_home" = { + "/mnt/new_eve_home" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/new_users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_leyla_home" = { + "/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_share_home" = { + "/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_docker_home" = { + "/mnt/docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; From 4c1d84928d3b63f1f4242db2e39c2d77fc571472 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Feb 2025 15:14:44 -0600 Subject: [PATCH 483/695] installed ungoogled-chromium on eve user --- configurations/home-manager/eve/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0c6c0b2..97b72e3 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -63,6 +63,7 @@ in { discord makemkv signal-desktop + ungoogled-chromium ] ); }; From 9aa469779068c1fed14caea3746362959b8349ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 18:23:34 -0600 Subject: [PATCH 484/695] added leyla@twilight to authorizedKeys --- configurations/home-manager/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index bb65a35..20fc7eb 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -111,6 +111,7 @@ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; hostKeys = [ { From 64856bd72687748b4579ea102388fbb4d6b2e6e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:26:24 -0600 Subject: [PATCH 485/695] moved dconf.nix to own file --- configurations/home-manager/leyla/dconf.nix | 106 ++++++++++++++++++ configurations/home-manager/leyla/default.nix | 42 +------ 2 files changed, 107 insertions(+), 41 deletions(-) create mode 100644 configurations/home-manager/leyla/dconf.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix new file mode 100644 index 0000000..19a60c7 --- /dev/null +++ b/configurations/home-manager/leyla/dconf.nix @@ -0,0 +1,106 @@ +{ + lib, + pkgs, + ... +}: { + config = { + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + + "org/gnome/shell" = { + favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; + # app-picker-layout = + # builtins.map ( + # applications: + # lib.hm.gvariant (builtins.listToAttrs (lib.lists.imap0 (i: v: lib.attrsets.nameValuePair v (lib.hm.gvariant.mkVariant "{'position': <${i}>}")) applications)) + # ) [ + # [ + # "org.gnome.Nautilus.desktop" + # "bitwarden.desktop" + # "firefox.desktop" + # "torbrowser.desktop" + # "chromium-browser.desktop" + # "codium.desktop" + # "idea-community.desktop" + # "org.gnome.TextEditor.desktop" + # "dbeaver.desktop" + # "bruno.desktop" + # "anki.desktop" + # "obsidian.desktop" + # "signal-desktop.desktop" + # "discord.desktop" + # "gimp.desktop" + # "org.inkscape.Inkscape.desktop" + # "org.kde.krita.desktop" + # "davinci-resolve.desktop" + # "com.obsproject.Studio.desktop" + # "org.freecad.FreeCAD.desktop" + # "makemkv.desktop" + # "easytag.desktop" + # "transmission-gtk.desktop" + # ] + # [ + # "SteamVR.desktop" + # "Beat Saber.desktop" + # "Noun Town.desktop" + # "WEBFISHING.desktop" + # "Factorio.desktop" + # ] + # [ + # "org.gnome.Settings.desktop" + # "org.gnome.SystemMonitor.desktop" + # "org.gnome.Snapshot.desktop" + # "org.gnome.Usage.desktop" + # "org.gnome.DiskUtility.desktop" + # "org.gnome.Evince.desktop" + # "org.gnome.fonts.desktop" + # "noisetorch.desktop" + # "nvidia-settings.desktop" + # "OpnRGB.desktop" + # "org.freedesktop.Piper.desktop" + # "via-nativia.desktop" + # "protonvpn-app.desktop" + # "simple-scan.desktop" + # ] + # ]; + }; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 20fc7eb..f2c14e1 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,5 +1,4 @@ { - pkgs, osConfig, config, ... @@ -8,6 +7,7 @@ ./i18n.nix ./packages.nix ./impermanence.nix + ./dconf.nix ]; config = { @@ -121,45 +121,5 @@ ]; }; }; - - dconf = { - enable = true; - settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - }; - }; }; } From 2dccc10b4429892d47712e81e00e5c0139f8a631 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:28:15 -0600 Subject: [PATCH 486/695] removed cuda from twilight ollama --- configurations/nixos/twilight/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 985f9ce..bf42209 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,8 +30,6 @@ "deepseek-r1:8b" "deepseek-r1:32b" ]; - - acceleration = "cuda"; }; # enabled virtualisation for docker From 3dc579073d18dee1f9218e60746a466c1fb7c369 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:30:05 -0600 Subject: [PATCH 487/695] added reasons for every package in dev shell --- flake.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 96cc582..fd46f2f 100644 --- a/flake.nix +++ b/flake.nix @@ -125,10 +125,15 @@ devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ + # for version controlling this repo git - sops + # for formatting code in this repo alejandra + # for editing secrets in the secrets repo + sops + # for viewing configuration options defined in this repo nix-inspect + # for installing flakes from this repo onto other systems nixos-anywhere ]; From 6d776eabcb7ddb6141c471eedb3ea33c46ca12ce Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Feb 2025 19:12:36 -0600 Subject: [PATCH 488/695] fixed steam in twilight --- .../home-manager/leyla/packages.nix | 2 +- .../nixos/twilight/configuration.nix | 6 ++++ flake.lock | 36 +++++++++---------- 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 597fe2f..0667260 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,7 +56,7 @@ in { # proprietary platforms discord obsidian - steam + # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) anki diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bf42209..2735f20 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -32,6 +32,12 @@ ]; }; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/flake.lock b/flake.lock index b3babe3..2b76fbf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739353546, - "narHash": "sha256-YTqXhBZvCdZLMBupWlCDvRFaTEhaHa2/Xc/p1sUdSZU=", + "lastModified": 1739634831, + "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", "owner": "nix-community", "repo": "disko", - "rev": "26ade1005191e0602a78b0f141970648445bafd9", + "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1739399387, - "narHash": "sha256-7oXm3SXUZLwLG9ks5SWOZJTmogocrTXM1SVTFZ9xrno=", + "lastModified": 1739658907, + "narHash": "sha256-1FjsTgkNpgKUBRiXFbUXXSIw4W4/b11tpj2/F2+8C2A=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4d32808bd51c7349ce036b7a037fb56d5e7c06ae", + "rev": "1da2d9b1c5a10f43a0000ebe3d22ea924ee98ecb", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1739381933, - "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", + "lastModified": 1739658904, + "narHash": "sha256-2o/JuD6qD0CtPNVvdPNL3bEDFITaSfSLceajHcIzmw4=", "owner": "nix-community", "repo": "home-manager", - "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", + "rev": "45c07fcf7d28b5fb3ee189c260dee0a2e4d14317", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1739302241, - "narHash": "sha256-NXQXFU6HOschZ+8ZKrNOlwlHelez8vPl+dCiUaJ82/U=", + "lastModified": 1739548217, + "narHash": "sha256-rlv64erpr36xdmMDPgf9rhRXBYZ0BZb5nrw2ZPSk1sQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a6746213b138fe7add88b19bafacd446de574ca7", + "rev": "678b22642abde2ee77ae2218ab41d802f010e5b0", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1739411363, - "narHash": "sha256-QAXvfAXyBtMOdBAz+ivmVVk9V7/d3nSgFprH4C0XOr0=", + "lastModified": 1739584108, + "narHash": "sha256-vnZZZNPDYofQOuSQODd0uz3ToZnZIYV5snQH37tCEOA=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "142aabf9bb589535f150afff4a439f39bd04c21e", + "rev": "80eb37310c3d73b93d3b2e1005a2b742192f514e", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739446958, + "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", "type": "github" }, "original": { From 4ed1972ffa5f8e5dfba4e58db68ecd6955e12b9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Feb 2025 20:49:50 -0600 Subject: [PATCH 489/695] set owner of generated ssh keys --- modules/home-manager-modules/openssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index df78828..7b646b8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -77,6 +77,8 @@ ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ -f "${path}" \ -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* fi '' }"; From 00a169a1309816f77b6d77b16c6c98631377b91d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Feb 2025 19:32:01 -0600 Subject: [PATCH 490/695] disabled registration on forgejo --- modules/nixos-modules/server/forgejo.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index fa8ebb6..cba5313 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -43,6 +43,9 @@ in { DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; HTTP_PORT = forgejoPort; }; + service = { + DISABLE_REGISTRATION = true; + }; }; }; } From ca20590d140b4d41b82a16029d7fbd3403f4ac55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Feb 2025 18:33:35 -0600 Subject: [PATCH 491/695] removed unused value --- configurations/home-manager/leyla/dconf.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 19a60c7..a960d75 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,8 +1,4 @@ -{ - lib, - pkgs, - ... -}: { +{pkgs, ...}: { config = { dconf = { enable = true; From c6bdff8603e3beaf17fd87a3e3261ab68a12e0dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 20 Feb 2025 19:48:52 -0600 Subject: [PATCH 492/695] drafted up ssh config for forgejo --- configurations/nixos/horizon/configuration.nix | 8 ++++++++ modules/nixos-modules/server/forgejo.nix | 18 +++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index ee32059..8638145 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -53,6 +53,14 @@ }; }; + # networking.extraHosts = '' + # # 192.168.1.204 jan-leila.com + # 192.168.1.204 media.jan-leila.com + # # 192.168.1.204 drive.jan-leila.com + # 192.168.1.204 git.jan-leila.com + # # 192.168.1.204 search.jan-leila.com + # ''; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index cba5313..db1549d6 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -5,6 +5,8 @@ }: let forgejoPort = 8081; stateDir = "/var/lib/forgejo"; + db_user = "forgejo"; + sshPort = 2222; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; @@ -24,7 +26,7 @@ in { postgres = { enable = true; extraUsers = { - forgejo = { + ${db_user} = { isClient = true; }; }; @@ -42,12 +44,26 @@ in { server = { DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys + BUILTIN_SSH_SERVER_USER = "git"; }; service = { DISABLE_REGISTRATION = true; }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; }; }; + + networking.firewall.allowedTCPPorts = [ + config.services.forgejo.settings.server.SSH_LISTEN_PORT + ]; } (lib.mkIf config.host.impermanence.enable { assertions = [ From bc71cc2a63d666eda4b6774c42c9369be661caff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Feb 2025 17:00:33 -0600 Subject: [PATCH 493/695] updated firefox flake --- configurations/home-manager/leyla/firefox.nix | 2 +- flake.lock | 42 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index e8e0c6c..3f6a09c 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -50,7 +50,7 @@ }; }; - extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers diff --git a/flake.lock b/flake.lock index 2b76fbf..25eef18 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739634831, - "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", + "lastModified": 1739841949, + "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", "owner": "nix-community", "repo": "disko", - "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", + "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1739658907, - "narHash": "sha256-1FjsTgkNpgKUBRiXFbUXXSIw4W4/b11tpj2/F2+8C2A=", + "lastModified": 1740164177, + "narHash": "sha256-hNEgYjKKkSICKrmyLBK+Ght7KGxOryiSGiTRViUrKWw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1da2d9b1c5a10f43a0000ebe3d22ea924ee98ecb", + "rev": "16c8c7e376b09119913bbc4d8e6852b7918ca7cc", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1739658904, - "narHash": "sha256-2o/JuD6qD0CtPNVvdPNL3bEDFITaSfSLceajHcIzmw4=", + "lastModified": 1740177427, + "narHash": "sha256-1xUiN0Yvvl/r+XyyXiJHxw64FwUGBfKF+XA7Ugm8ElU=", "owner": "nix-community", "repo": "home-manager", - "rev": "45c07fcf7d28b5fb3ee189c260dee0a2e4d14317", + "rev": "9f74e14a2d9af4c6f2024cca7813b830b020f45e", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1739548217, - "narHash": "sha256-rlv64erpr36xdmMDPgf9rhRXBYZ0BZb5nrw2ZPSk1sQ=", + "lastModified": 1739933872, + "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "678b22642abde2ee77ae2218ab41d802f010e5b0", + "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1739584108, - "narHash": "sha256-vnZZZNPDYofQOuSQODd0uz3ToZnZIYV5snQH37tCEOA=", + "lastModified": 1740102704, + "narHash": "sha256-Gs3BREQKsFcfkFyes2PTq1tNAkMHq8Tq0bYME7ZhyjY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "80eb37310c3d73b93d3b2e1005a2b742192f514e", + "rev": "1262db8fa5e165ed5da3d91ec8202bfe640264ef", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738816619, - "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", + "lastModified": 1740089251, + "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", + "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1739866667, + "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", "type": "github" }, "original": { From c851a1baeb80eb2360186f49ca2e993d5997d553 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Feb 2025 17:13:50 -0600 Subject: [PATCH 494/695] removed home-manager.useGlobalPkgs --- configurations/home-manager/eve/default.nix | 118 +++++++++--------- .../home-manager/leyla/packages.nix | 4 + .../nixos/defiant/configuration.nix | 2 - .../nixos/horizon/configuration.nix | 2 - util/default.nix | 1 - 5 files changed, 63 insertions(+), 64 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 97b72e3..3042382 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -6,71 +6,71 @@ }: let userConfig = osConfig.host.users.eve; in { - imports = []; + nixpkgs.config = { + allowUnfree = true; + }; - config = { - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.eve.home; + home = { + username = userConfig.name; + homeDirectory = osConfig.users.users.eve.home; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ungoogled-chromium - ] - ); + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; }; - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; }; + + packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ungoogled-chromium + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; }; } diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 0667260..11c7af1 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -12,6 +12,10 @@ in { ./firefox.nix ]; + nixpkgs.config = { + allowUnfree = true; + }; + home = { packages = lib.lists.optionals userConfig.isTerminalUser ( diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7363772..155b35b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,7 +1,5 @@ # server nas {pkgs, ...}: { - nixpkgs.config.allowUnfree = true; - host = { users = { leyla = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8638145..75657d2 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -7,8 +7,6 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; - nixpkgs.config.allowUnfree = true; - host = { users = { leyla = { diff --git a/util/default.nix b/util/default.nix index 3c35b0e..02e7155 100644 --- a/util/default.nix +++ b/util/default.nix @@ -33,7 +33,6 @@ ]; home-manager-config = nixpkgs: { - home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs outputs util;}; From 489106956b7749431c35c35f3d1d230f8f1c6e5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 17:00:05 -0600 Subject: [PATCH 495/695] added wireguard sops config --- .sops.yaml | 4 +++ README.md | 2 +- .../nixos/horizon/hardware-configuration.nix | 5 ++++ flake.lock | 26 +++++++++---------- 4 files changed, 23 insertions(+), 14 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index e9ddb56..3f54dcc 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,3 +9,7 @@ creation_rules: key_groups: - age: - *leyla + - path_regex: secrets/wireguard-keys.yaml$ + key_groups: + - age: + - *leyla diff --git a/README.md b/README.md index 4798a5d..c59d815 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home `./install.sh --target 192.168.1.130 --flake hostname` ## Updating Secrets -`sops -c sops secrets/secrets_file_here.yaml` +`sops secrets/secrets_file_here.yaml` ## Inspecting a configuration `nix-inspect -p .` diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 48a4680..c94d150 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -89,6 +89,11 @@ networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. + + wireguard.interfaces = { + proton = { + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/flake.lock b/flake.lock index 25eef18..e563eb0 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740164177, - "narHash": "sha256-hNEgYjKKkSICKrmyLBK+Ght7KGxOryiSGiTRViUrKWw=", + "lastModified": 1740212040, + "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "16c8c7e376b09119913bbc4d8e6852b7918ca7cc", + "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740177427, - "narHash": "sha256-1xUiN0Yvvl/r+XyyXiJHxw64FwUGBfKF+XA7Ugm8ElU=", + "lastModified": 1740254115, + "narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "9f74e14a2d9af4c6f2024cca7813b830b020f45e", + "rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1740102704, - "narHash": "sha256-Gs3BREQKsFcfkFyes2PTq1tNAkMHq8Tq0bYME7ZhyjY=", + "lastModified": 1740188781, + "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1262db8fa5e165ed5da3d91ec8202bfe640264ef", + "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1730665670, - "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", + "lastModified": 1740265180, + "narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", "ref": "refs/heads/main", - "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", - "revCount": 6, + "rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", + "revCount": 7, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From 9471b1f393f50a890064800fdc70dbe770e84df9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 17:38:02 -0600 Subject: [PATCH 496/695] added wireguard config --- README.md | 3 ++- .../nixos/horizon/hardware-configuration.nix | 24 ++++++++++++++++++- flake.lock | 14 +++++------ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c59d815..69f4e26 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale clients +- common wireguard config +- configure wireguard on all clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index c94d150..94f902c 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -6,12 +6,19 @@ lib, pkgs, modulesPath, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + sops.secrets = { + "wireguard-keys/proton/horizon" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; + boot = { initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; @@ -90,8 +97,23 @@ useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - wireguard.interfaces = { + wg-quick.interfaces = { proton = { + # IP address of this machine in the *tunnel network* + address = ["10.2.0.1/32"]; + + listenPort = 51820; + + privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + + peers = [ + { + publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "84.17.63.8:51820"; + persistentKeepalive = 25; + } + ]; }; }; }; diff --git a/flake.lock b/flake.lock index e563eb0..73eac0e 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740254115, - "narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", + "lastModified": 1740265252, + "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=", "owner": "nix-community", "repo": "home-manager", - "rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", + "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740265180, - "narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", + "lastModified": 1740267388, + "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=", "ref": "refs/heads/main", - "rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", - "revCount": 7, + "rev": "f5af565aee98df0a78056c49c85cda640ce290fd", + "revCount": 10, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From 9bfa5c9e8d8978daebb893653b09413164720c94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 22:46:31 -0600 Subject: [PATCH 497/695] disabled wireguard interface on horizon --- .../nixos/horizon/hardware-configuration.nix | 42 ++++++++++++------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 94f902c..1c84e97 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -97,25 +97,35 @@ useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - wg-quick.interfaces = { - proton = { - # IP address of this machine in the *tunnel network* - address = ["10.2.0.1/32"]; + # wg-quick.interfaces = { + # proton = { + # # IP address of this machine in the *tunnel network* + # address = ["10.2.0.1/32"]; - listenPort = 51820; + # listenPort = 51820; - privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - peers = [ - { - publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "84.17.63.8:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; + # peers = [ + # { + # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "84.17.63.8:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "68.169.42.242:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; + # allowedIPs = ["0.0.0.0/0"]; + # } + # ]; + # }; + # }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From 2e0f71a6fa2da47fae321660bd86919ef052cec9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 11:10:16 -0600 Subject: [PATCH 498/695] installed tailscale on all machines --- README.md | 2 - .../nixos/defiant/configuration.nix | 17 ++++++- .../nixos/horizon/configuration.nix | 46 +++++++++++++++++++ .../nixos/horizon/hardware-configuration.nix | 37 --------------- .../nixos/twilight/configuration.nix | 33 +++++++++---- flake.lock | 26 +++++------ modules/nixos-modules/tailscale.nix | 34 ++++++++++++++ 7 files changed, 133 insertions(+), 62 deletions(-) create mode 100644 modules/nixos-modules/tailscale.nix diff --git a/README.md b/README.md index 69f4e26..0e8ff07 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- common wireguard config -- configure wireguard on all clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 155b35b..19b8f65 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,5 +1,16 @@ # server nas -{pkgs, ...}: { +{ + inputs, + config, + pkgs, + ... +}: { + sops.secrets = { + "wireguard-keys/tailscale-authkey/defiant" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; + host = { users = { leyla = { @@ -136,6 +147,10 @@ "deepseek-r1:70b" ]; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + }; }; # disable computer sleeping diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 75657d2..a4f4f77 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,4 +1,5 @@ { + config, inputs, pkgs, ... @@ -36,6 +37,15 @@ programs.adb.enable = true; + sops.secrets = { + "wireguard-keys/tailscale-authkey/horizon" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + # "wireguard-keys/proton/horizon" = { + # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + # }; + }; + services = { # sudo fprintd-enroll fprintd = { @@ -49,6 +59,42 @@ "deepseek-r1:1.5b" ]; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + }; + }; + + networking = { + # wg-quick.interfaces = { + # proton = { + # # IP address of this machine in the *tunnel network* + # address = ["10.2.0.1/32"]; + + # listenPort = 51820; + + # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + + # peers = [ + # { + # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "84.17.63.8:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "68.169.42.242:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; + # allowedIPs = ["0.0.0.0/0"]; + # } + # ]; + # }; + # }; }; # networking.extraHosts = '' diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 1c84e97..48a4680 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -6,19 +6,12 @@ lib, pkgs, modulesPath, - inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - sops.secrets = { - "wireguard-keys/proton/horizon" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - }; - }; - boot = { initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; @@ -96,36 +89,6 @@ networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - - # wg-quick.interfaces = { - # proton = { - # # IP address of this machine in the *tunnel network* - # address = ["10.2.0.1/32"]; - - # listenPort = 51820; - - # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - - # peers = [ - # { - # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "84.17.63.8:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "68.169.42.242:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; - # allowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; - # }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 2735f20..4f4b355 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,10 +1,19 @@ -{...}: { +{ + inputs, + config, + ... +}: { imports = [ ./monitors.nix ]; nixpkgs.config.allowUnfree = true; + sops.secrets = { + "wireguard-keys/tailscale-authkey/twilight" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; host = { users = { leyla = { @@ -22,16 +31,22 @@ }; }; - services.ollama = { - enable = true; + services = { + ollama = { + enable = true; - loadModels = [ - "deepseek-coder:6.7b" - "deepseek-r1:8b" - "deepseek-r1:32b" - ]; + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" + ]; + }; + + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + }; }; - programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play diff --git a/flake.lock b/flake.lock index 73eac0e..ffdbb04 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740265252, - "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=", + "lastModified": 1740318342, + "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16", + "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1740188781, - "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", + "lastModified": 1740275623, + "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", + "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739866667, - "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", + "lastModified": 1740126099, + "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", + "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740267388, - "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=", + "lastModified": 1740328351, + "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", "ref": "refs/heads/main", - "rev": "f5af565aee98df0a78056c49c85cda640ce290fd", - "revCount": 10, + "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", + "revCount": 11, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix new file mode 100644 index 0000000..a998f49 --- /dev/null +++ b/modules/nixos-modules/tailscale.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: let + tailscale_data_directory = "/var/lib/tailscale"; +in { + options.host.tailscale = { + enable = lib.mkEnableOption "should tailscale be enabled on this computer"; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + { + # any configs we want shared between all machines + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = tailscale_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + }; + }) + ] + ); +} From af568c7b7075b766bf18f69cc85a00c081b141e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 11:13:18 -0600 Subject: [PATCH 499/695] fixed deprecation warnings for vscode configs --- configurations/home-manager/leyla/vscode.nix | 149 ++++++++++--------- 1 file changed, 76 insertions(+), 73 deletions(-) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index c9d779d..c6f8586 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -28,87 +28,90 @@ in { package = pkgs.vscodium; mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - # builtins.elemAt osConfig.services.ollama.loadModels 0; - }) - ]; + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - bungcip.better-toml - ] - ++ ( - lib.lists.optionals osConfig.services.ollama.enable [ - rjmacarthy.twinny - ] - ) - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; [ # js extensions - karyfoundation.nearley + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + bungcip.better-toml ] - ) - ); + ++ ( + lib.lists.optionals osConfig.services.ollama.enable [ + rjmacarthy.twinny + ] + ) + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); + }; }; }; } From 0a00be96515f767ef66312956e096725ea3df5da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 13:56:22 -0600 Subject: [PATCH 500/695] added email config to disko zfs config --- README.md | 2 +- .../nixos/defiant/configuration.nix | 11 ++++ flake.lock | 8 +-- modules/nixos-modules/disko.nix | 60 +++++++++++++++++++ 4 files changed, 76 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0e8ff07..6b3441d 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - figure out steam vr things? - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing +- zfs email after scrubbing # TODO: test this - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 19b8f65..c8edcba 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,6 +9,9 @@ "wireguard-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; }; + "services/zfs_smtp_token" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; host = { @@ -23,6 +26,14 @@ storage = { enable = true; encryption = true; + notifications = { + enable = true; + host = "smtp.protonmail.ch"; + port = 587; + to = "leyla@jan-leila.com"; + user = "leyla@jan-leila.com"; + tokenFile = config.sops.secrets."services/zfs_smtp_token".path; + }; pool = { drives = [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/flake.lock b/flake.lock index ffdbb04..56057f2 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740328351, - "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", + "lastModified": 1740340309, + "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=", "ref": "refs/heads/main", - "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", - "revCount": 11, + "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6", + "revCount": 12, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index b2685af..28afab1 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, inputs, ... @@ -23,6 +24,26 @@ in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; encryption = lib.mkEnableOption "is the vdev going to be encrypted"; + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption {}; # TODO: make this a secrets file + }; pool = { vdevs = lib.mkOption { type = lib.types.listOf (lib.types.listOf lib.types.str); @@ -50,9 +71,48 @@ in { }; config = lib.mkIf config.host.storage.enable { + programs.msmtp = lib.mkIf config.host.storage.notifications.enable { + enable = true; + setSendmail = true; + defaults = { + aliases = "/etc/aliases"; + port = config.host.storage.notifications.port; + tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + accounts = { + zfs_notifications = { + host = config.host.storage.notifications.host; + passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; + user = config.host.storage.notifications.user; + from = config.host.storage.notifications.user; + }; + }; + }; + services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; + + zed = lib.mkIf config.host.storage.notifications.enable { + # this option is broken we are just going to disable it + enableMail = false; + + settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = "@ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; }; disko.devices = { From 5be14739d82f4b3c82db05744615adb591544ae1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:10:04 -0600 Subject: [PATCH 501/695] fixed permissions on tailscale persist --- modules/nixos-modules/tailscale.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix index a998f49..db664e8 100644 --- a/modules/nixos-modules/tailscale.nix +++ b/modules/nixos-modules/tailscale.nix @@ -22,8 +22,8 @@ in { directories = [ { directory = tailscale_data_directory; - user = "jellyfin"; - group = "jellyfin"; + user = "root"; + group = "root"; } ]; }; From b7bf91727496bdf99ceddea31f2d917ac881b3bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:50:40 -0600 Subject: [PATCH 502/695] imported tailscale config in default.nix --- modules/nixos-modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 371a156..fdbdc7e 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,6 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix + ./tailscale.nix ./server ]; From 21d09b469d45c6778e2437317e149729656aeab5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:52:25 -0600 Subject: [PATCH 503/695] updated secrets --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 56057f2..67e9794 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740318342, - "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", + "lastModified": 1740347597, + "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", + "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740340309, - "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=", + "lastModified": 1740354712, + "narHash": "sha256-1PMVP2txoD4lhW7k3fbYa7CZ+hLBJO5f91EWtegrqEg=", "ref": "refs/heads/main", - "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6", - "revCount": 12, + "rev": "db6d65e814bc0c99f6e9b95308184b004038243e", + "revCount": 13, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From ff3ef808434f4f9d1206d39575e47f1a7e530ac4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 18:04:56 -0600 Subject: [PATCH 504/695] added task to new features --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6b3441d..20abdf2 100644 --- a/README.md +++ b/README.md @@ -64,3 +64,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs encryption FIDO2 2fa - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote +- SMART test with email results \ No newline at end of file From d4f3820e25fa06e9e09f909fce622fa67d0846ed Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 18:56:10 -0600 Subject: [PATCH 505/695] added note to task for readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 20abdf2..6914691 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init -- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - https://nixos-and-flakes.thiscute.world/ # Tasks: @@ -61,7 +60,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich -- zfs encryption FIDO2 2fa +- zfs encryption FIDO2 2fa (look into shavee) - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results \ No newline at end of file From 70fb2d9be2ef24448d1a7dbae88c385d782ee5f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:06:38 -0600 Subject: [PATCH 506/695] set use routing features for tailscale --- configurations/nixos/defiant/configuration.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c8edcba..18ef99e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -161,6 +161,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + useRoutingFeatures = "server"; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index a4f4f77..1dc88b7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -62,6 +62,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + useRoutingFeatures = "client"; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4f4b355..00facbe 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -45,6 +45,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + useRoutingFeatures = "both"; }; }; programs.steam = { From 79c130dc4bd542d3d346fad0ba087a643586bdb3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:10:01 -0600 Subject: [PATCH 507/695] disabled ollama on defiant --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 18ef99e..1ba8127 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -149,7 +149,7 @@ }; ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:6.7b" From 500cbc213c9916b72d1154b29d86b2b8740cbdea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:23:12 -0600 Subject: [PATCH 508/695] added advertise-exit-node flags to tailscale --- configurations/nixos/defiant/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1ba8127..e8674a2 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -162,6 +162,7 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; + extraUpFlags = ["--advertise-exit-node"]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 00facbe..488c748 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -46,6 +46,7 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; + extraUpFlags = ["--advertise-exit-node"]; }; }; programs.steam = { From ab94cb1dae10631b87f37d603aaa5d00fe9b1c11 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:27:29 -0600 Subject: [PATCH 509/695] added advertise-routes to defiant tailscale config --- configurations/nixos/defiant/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e8674a2..189ee9e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -162,7 +162,10 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; - extraUpFlags = ["--advertise-exit-node"]; + extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.1.0/24" + ]; }; }; From 6d6e34e06a6a103ad06cb15afc4d45f0e120d335 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:38:42 -0600 Subject: [PATCH 510/695] added extra set flags to configs --- configurations/nixos/defiant/configuration.nix | 4 ++++ configurations/nixos/twilight/configuration.nix | 3 +++ 2 files changed, 7 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 189ee9e..80308ed 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -166,6 +166,10 @@ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" ]; + extraSetFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.1.0/24" + ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 488c748..27b47ac 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -47,6 +47,9 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; extraUpFlags = ["--advertise-exit-node"]; + extraSetFlags = [ + "--advertise-exit-node" + ]; }; }; programs.steam = { From c9bc06f594901a28df37ed00ad3e5f9aeda55813 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:49:54 -0600 Subject: [PATCH 511/695] added syncthing to other computers --- .../nixos/defiant/configuration.nix | 10 ++ .../nixos/twilight/configuration.nix | 10 ++ modules/nixos-modules/sync.nix | 131 +++++++++++------- 3 files changed, 101 insertions(+), 50 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 80308ed..f300185 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -118,6 +118,16 @@ enable = true; subdomain = "drive"; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 27b47ac..46dfd8a 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -29,6 +29,16 @@ openRGB.enable = true; graphicsAcceleration.enable = true; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; services = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 00036f4..ac399f2 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -35,56 +35,87 @@ in { }; }; - config = { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "d ${mountDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - services.syncthing = { - enable = config.host.sync.enable; - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = "/etc/syncthing"; - overrideDevices = true; - overrideFolders = true; - settings = { - devices = { - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - }; - }; - folders = lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "/mnt/sync/leyla/documents"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "/mnt/sync/leyla/calendar"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "/mnt/sync/leyla/notes"; - devices = ["ceder" "coven"]; - }; - }) + config = lib.mkMerge [ + { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "d ${mountDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" ]; }; - }; - }; + } + (lib.mkIf config.host.sync.enable (lib.mkMerge [ + { + services.syncthing = { + enable = true; + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = "/etc/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + }; + coven = { + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + }; + defiant = lib.mkIf (config.networking.hostName != "defiant") { + id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; + }; + twilight = lib.mkIf (config.networking.hostName != "twilight") { + id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + }; + horizon = lib.mkIf (config.networking.hostName != "horizon") { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + }; + }; + folders = lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "${mountDir}/leyla/documents"; + devices = ["ceder" "coven"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "${mountDir}/leyla/calendar"; + devices = ["ceder" "coven"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "${mountDir}/leyla/notes"; + devices = ["ceder" "coven"]; + }; + }) + ]; + }; + }; + } + + (lib.mkIf config.host.impermanence.enable { + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mountDir; + user = "syncthing"; + group = "syncthing"; + } + ]; + }; + }; + }) + ])) + ]; } From 87beef314926028f5ae1a37a3aabe0746914db29 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:52:34 -0600 Subject: [PATCH 512/695] added notes to pihole for tailscale --- modules/nixos-modules/server/pihole.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index 6ec7628..e877864 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -56,6 +56,13 @@ in { }; }; + # TODO: we need to have a tailscale container here and use that to define the network_mode of pihole container + # TS_ACCEPT_DNS = "false"; + # TS_AUTHKEY = ${something from a secrets file???} + # TS_HOSTNAME = "pihole"; + # TS_USERSPACE = "false"; + # TODO: volumes for tailnet container with impermanence config + # https://tailscale.com/kb/1282/docker virtualisation = { oci-containers = { containers = { From d2b43225ee7e6b4319d6a821bc35071faeed609a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 13:01:34 -0600 Subject: [PATCH 513/695] set devices on folders --- modules/nixos-modules/sync.nix | 57 ++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index ac399f2..0df2a78 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -73,30 +73,39 @@ in { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; }; }; - folders = lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "${mountDir}/leyla/documents"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "${mountDir}/leyla/calendar"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "${mountDir}/leyla/notes"; - devices = ["ceder" "coven"]; - }; - }) - ]; + folders = let + allDevices = [ + "ceder" + "coven" + (lib.mkIf (config.networking.hostName != "defiant") "defiant") + (lib.mkIf (config.networking.hostName != "twilight") "twilight") + (lib.mkIf (config.networking.hostName != "horizon") "horizon") + ]; + in + lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "${mountDir}/leyla/documents"; + devices = allDevices; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "${mountDir}/leyla/calendar"; + devices = allDevices; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "${mountDir}/leyla/notes"; + devices = allDevices; + }; + }) + ]; }; }; } From 98b475e4c888273228ec81f7285fccd1b1135fad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:10:57 -0600 Subject: [PATCH 514/695] updated permission on syncing mnt dir --- modules/nixos-modules/sync.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 0df2a78..402d580 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -39,8 +39,8 @@ in { { systemd = lib.mkIf config.services.syncthing.enable { tmpfiles.rules = [ - "d ${mountDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${mountDir} 2755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" ]; }; From 50d1e8d5ea53df6d4ddc6f40f22b13925c1cc1a4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:35:35 -0600 Subject: [PATCH 515/695] added share folder config --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/sync.nix | 42 +++++++++++++++---- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f300185..788a46b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,6 +121,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; calendar.enable = true; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 402d580..b067bfb 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -8,6 +8,9 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; folders = { + share = { + enable = lib.mkEnableOption "should the share folder by synced"; + }; leyla = { documents = { enable = lib.mkEnableOption "should the documents folder be synced"; @@ -72,14 +75,24 @@ in { horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; }; + shale = { + id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + }; }; folders = let - allDevices = [ - "ceder" - "coven" - (lib.mkIf (config.networking.hostName != "defiant") "defiant") - (lib.mkIf (config.networking.hostName != "twilight") "twilight") - (lib.mkIf (config.networking.hostName != "horizon") "horizon") + ceder = "ceder"; + coven = "coven"; + shale = "shale"; + defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; + twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; + horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; + leylaDevices = [ + ceder + coven + shale + defiant + twilight + horizon ]; in lib.mkMerge [ @@ -88,21 +101,32 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "${mountDir}/leyla/documents"; - devices = allDevices; + devices = leylaDevices; }; }) (lib.mkIf config.host.sync.folders.leyla.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; path = "${mountDir}/leyla/calendar"; - devices = allDevices; + devices = leylaDevices; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = allDevices; + devices = leylaDevices; + }; + }) + (lib.mkIf config.host.sync.folders.share.enable { + "share" = { + id = "73ot0-cxmkx"; + path = "${mountDir}/default/share"; + devices = [ + ceder + shale + defiant + ]; }; }) ]; From d04c5183ca860a739f56a79401c9af15bcdd6988 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:40:52 -0600 Subject: [PATCH 516/695] removed shale from leylas devices --- modules/nixos-modules/sync.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index b067bfb..07d7bb3 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -87,13 +87,17 @@ in { twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; leylaDevices = [ + defiant ceder coven - shale - defiant twilight horizon ]; + superNoteTablets = [ + defiant + ceder + shale + ]; in lib.mkMerge [ config.host.sync.folders.extraFolders From a7888cb1642d9540f7789603ec261459836b03c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:43:09 -0600 Subject: [PATCH 517/695] removed horizon and twilight from notes and calendar share --- modules/nixos-modules/sync.nix | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 07d7bb3..72795aa 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -86,6 +86,14 @@ in { defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; + allDevices = [ + defiant + ceder + coven + twilight + horizon + shale + ]; leylaDevices = [ defiant ceder @@ -112,25 +120,21 @@ in { "calendar" = { id = "8oatl-1rv6w"; path = "${mountDir}/leyla/calendar"; - devices = leylaDevices; + devices = superNoteTablets; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = leylaDevices; + devices = superNoteTablets; }; }) (lib.mkIf config.host.sync.folders.share.enable { "share" = { id = "73ot0-cxmkx"; path = "${mountDir}/default/share"; - devices = [ - ceder - shale - defiant - ]; + devices = allDevices; }; }) ]; From a7c734871b15b2baccc7503cfa07ed5ebf4fc154 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:48:06 -0600 Subject: [PATCH 518/695] fixed shares between devices --- .../nixos/defiant/configuration.nix | 6 +- .../nixos/horizon/configuration.nix | 2 - .../nixos/twilight/configuration.nix | 2 - modules/nixos-modules/sync.nix | 58 +++++++++---------- 4 files changed, 33 insertions(+), 35 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 788a46b..6394e77 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,10 +121,12 @@ sync = { enable = true; folders = { - share.enable = true; + share = { + enable = true; + calendar.enable = true; + }; leyla = { documents.enable = true; - calendar.enable = true; notes.enable = true; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 1dc88b7..822d80a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -22,8 +22,6 @@ folders = { leyla = { documents.enable = true; - calendar.enable = true; - notes.enable = true; }; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 46dfd8a..0a75713 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -34,8 +34,6 @@ folders = { leyla = { documents.enable = true; - calendar.enable = true; - notes.enable = true; }; }; }; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 72795aa..94961e7 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -10,14 +10,14 @@ in { folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; + calendar = { + enable = lib.mkEnableOption "should the calendar folder be synced"; + }; }; leyla = { documents = { enable = lib.mkEnableOption "should the documents folder be synced"; }; - calendar = { - enable = lib.mkEnableOption "should the calendar folder be synced"; - }; notes = { enable = lib.mkEnableOption "should the notes folder by synced"; }; @@ -86,26 +86,6 @@ in { defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; - allDevices = [ - defiant - ceder - coven - twilight - horizon - shale - ]; - leylaDevices = [ - defiant - ceder - coven - twilight - horizon - ]; - superNoteTablets = [ - defiant - ceder - shale - ]; in lib.mkMerge [ config.host.sync.folders.extraFolders @@ -113,28 +93,48 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "${mountDir}/leyla/documents"; - devices = leylaDevices; + devices = [ + defiant + ceder + coven + twilight + horizon + ]; }; }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + (lib.mkIf config.host.sync.folders.share.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; - path = "${mountDir}/leyla/calendar"; - devices = superNoteTablets; + path = "${mountDir}/share/calendar"; + devices = [ + defiant + ceder + shale + ]; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = superNoteTablets; + devices = [ + defiant + ceder + ]; }; }) (lib.mkIf config.host.sync.folders.share.enable { "share" = { id = "73ot0-cxmkx"; path = "${mountDir}/default/share"; - devices = allDevices; + devices = [ + defiant + ceder + coven + twilight + horizon + shale + ]; }; }) ]; From e2bd3d9af690c8e2807ea6fe4969f8a5ecc81af3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:57:28 -0600 Subject: [PATCH 519/695] moved cal dir --- configurations/nixos/horizon/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + modules/nixos-modules/sync.nix | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 822d80a..8a26487 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -20,6 +20,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0a75713..555eb05 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -32,6 +32,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; }; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 94961e7..48fd2c3 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -105,7 +105,7 @@ in { (lib.mkIf config.host.sync.folders.share.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; - path = "${mountDir}/share/calendar"; + path = "${mountDir}/default/calendar"; devices = [ defiant ceder From ac580d8e51f9c1a19fe1754c3ecd90b12d1ec4ae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 19:19:59 -0600 Subject: [PATCH 520/695] added task to tech debt --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6914691..197c292 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing password +- syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations +- syncthing folder passwords ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 53301d0e45e4e6d97cdf40ded57c0ebdc2f1e783 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 22:56:32 -0600 Subject: [PATCH 521/695] fixed pihole config --- .../nixos/defiant/configuration.nix | 18 ++-- modules/nixos-modules/server/pihole.nix | 88 ++++++++++++++----- modules/nixos-modules/server/podman.nix | 27 +++--- 3 files changed, 91 insertions(+), 42 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6394e77..9d61f65 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -87,13 +87,13 @@ }; }; }; - podman = { - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - }; + # podman = { + # macvlan = { + # subnet = "192.168.1.0/24"; + # gateway = "192.168.1.1"; + # networkInterface = "bond0"; + # }; + # }; jellyfin = { enable = true; subdomain = "media"; @@ -112,7 +112,7 @@ }; pihole = { enable = true; - ip = "192.168.1.201"; + # ip = "192.168.1.201"; }; nextcloud = { enable = true; @@ -178,10 +178,12 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" + "--accept-dns=false" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" + "--accept-dns=false" ]; }; }; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index e877864..aee6105 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -5,6 +5,7 @@ ... }: let dnsPort = 53; + webPort = 8090; in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -14,9 +15,27 @@ in { }; image = lib.mkOption { type = lib.types.str; - default = "pihole/pihole:2024.07.0"; + default = "pihole/pihole:latest"; description = "container image to use for pi-hole"; }; + # piholeStateDirectory = { + # type = lib.types.str; + # default = "${config.host.pihole.directory}/pihole"; + # }; + # tailscaleStateDirectory = { + # type = lib.types.str; + # default = "${config.host.pihole.directory}/tailscale"; + # }; + # piholeImage = lib.mkOption { + # type = lib.types.str; + # default = "pihole/pihole:2024.07.0"; + # description = "container image to use for pi-hole"; + # }; + # tailscaleImage = lib.mkOption { + # type = lib.types.str; + # default = "tailscale/tailscale:latest"; + # description = "container image to use for pi-holes tail scale"; + # }; ip = lib.mkOption { type = lib.types.str; description = "ip address to use for pi-hole"; @@ -25,14 +44,24 @@ in { config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ { host.podman.enable = true; - sops.secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; + sops = { + secrets = { + "services/pi-hole" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + # "wireguard-keys/tailscale-authkey/pihole" = { + # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + # }; }; + templates."pihole.env".content = '' + FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"} + ''; }; systemd = { tmpfiles.rules = [ "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system + # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -" + # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -" ]; services = { @@ -40,12 +69,12 @@ in { serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - after = [ - "podman-network-macvlan.service" - ]; - requires = [ - "podman-network-macvlan.service" - ]; + # after = [ + # "podman-network-macvlan.service" + # ]; + # requires = [ + # "podman-network-macvlan.service" + # ]; partOf = [ "podman-compose-root.target" ]; @@ -56,13 +85,8 @@ in { }; }; - # TODO: we need to have a tailscale container here and use that to define the network_mode of pihole container - # TS_ACCEPT_DNS = "false"; - # TS_AUTHKEY = ${something from a secrets file???} - # TS_HOSTNAME = "pihole"; - # TS_USERSPACE = "false"; - # TODO: volumes for tailnet container with impermanence config - # https://tailscale.com/kb/1282/docker + services.resolved.enable = false; + virtualisation = { oci-containers = { containers = { @@ -76,16 +100,40 @@ in { ]; environment = { TZ = "America/Chicago"; - WEBPASSWORD_FILE = passwordFileLocation; + FTLCONF_webserver_port = toString webPort; PIHOLE_UID = toString config.users.users.pihole.uid; PIHOLE_GID = toString config.users.groups.pihole.gid; }; + environmentFiles = [ + config.sops.templates."pihole.env".path + ]; log-driver = "journald"; extraOptions = [ - "--ip=${config.host.pihole.ip}" - "--network=macvlan" + "--network=host" + # "--network=container:${tailscale container id}" ]; }; + # ts-pihole = { + # image = config.host.pihole.tailscaleImage; + # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale"; + # environment = { + # TS_ACCEPT_DNS = "false"; + # TS_HOSTNAME = "pihole"; + # TS_STATE_DIR = "/var/lib/tailscale"; + # TS_USERSPACE = "false"; + # TS_EXTRA_ARGS = "--advertise-tags=tag:container"; + # }; + # environmentFiles = [ + # config.sops.templates."tailscale-pihole.env".path + # ]; + # devices = [ + # "/dev/net/tun:/dev/net/tun" + # ]; + # extraOptions = [ + # "--ip=${config.host.pihole.ip}" + # "--network=macvlan" + # ]; + # }; }; }; }; diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index 0f48ac9..b75c56f 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -1,6 +1,5 @@ { lib, - pkgs, config, ... }: { @@ -26,19 +25,19 @@ config = lib.mkIf config.host.podman.enable { systemd = { services = { - "podman-network-macvlan" = { - path = [pkgs.podman]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f macvlan"; - }; - script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - ''; - partOf = ["podman-compose-root.target"]; - wantedBy = ["podman-compose-root.target"]; - }; + # "podman-network-macvlan" = { + # path = [pkgs.podman]; + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + # ExecStop = "podman network rm -f macvlan"; + # }; + # script = '' + # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan + # ''; + # partOf = ["podman-compose-root.target"]; + # wantedBy = ["podman-compose-root.target"]; + # }; }; # disable computer sleeping targets = { From 8d02ff00fefb9f6740eb0d19a102203543f86802 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:34:40 -0600 Subject: [PATCH 522/695] added tor to tasks --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 197c292..7d9aaf2 100644 --- a/README.md +++ b/README.md @@ -64,4 +64,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs encryption FIDO2 2fa (look into shavee) - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results \ No newline at end of file +- SMART test with email results +- Create Tor guard/relay server From 2b9737b8f2f99a213ebe5654e4cd3c49d9486c87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:39:58 -0600 Subject: [PATCH 523/695] added tailscale network to nfs server exports --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 5881310..92b6591 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -39,7 +39,7 @@ enable = true; exports = lib.strings.concatLines ( builtins.map ( - directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)" ) ( builtins.filter ( From f8966f062f6cf4f201c23f8ffbba681f0a14ce87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:42:53 -0600 Subject: [PATCH 524/695] made nfs only open firewall on tailscale interface --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 92b6591..e793b16 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -49,7 +49,7 @@ ) ); }; - networking.firewall.allowedTCPPorts = [ + networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ config.host.network_storage.nfs.port ]; } From 14f170cdc9ee5d134e6c6efde54e6a3b9dbb7f6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:54:53 -0600 Subject: [PATCH 525/695] added type to tokenFile --- modules/nixos-modules/disko.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 28afab1..13ddb8f 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -42,7 +42,10 @@ in { type = lib.types.str; description = "what user is the email going to be set from"; }; - tokenFile = lib.mkOption {}; # TODO: make this a secrets file + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; }; pool = { vdevs = lib.mkOption { From b2c0efd30540848a08b77fe78079a7031ce7d07a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:28:48 -0600 Subject: [PATCH 526/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7d9aaf2..8ed797d 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords +- move fail2ban configs out of fail2ban.nix and into configs for their respective services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 88fa10a3f45961a43e503dc34616f9457a1139f9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:36:17 -0600 Subject: [PATCH 527/695] added auto accept to syncthing config --- .../nixos/defiant/configuration.nix | 7 ++++++ .../nixos/horizon/configuration.nix | 5 +++++ .../nixos/twilight/configuration.nix | 5 +++++ modules/nixos-modules/sync.nix | 22 +++++++++++++++++++ 4 files changed, 39 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9d61f65..7e46330 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -120,6 +120,13 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + twilight.autoAcceptFolders = true; + horizon.autoAcceptFolders = true; + shale.autoAcceptFolders = true; + }; folders = { share = { enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8a26487..05c1b50 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,6 +19,11 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + twilight.autoAcceptFolders = true; + }; folders = { share.enable = true; leyla = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 555eb05..7f5d01b 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -31,6 +31,11 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + horizon.autoAcceptFolders = true; + }; folders = { share.enable = true; leyla = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 48fd2c3..f4bfbfc 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -7,6 +7,23 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; + devices = { + ceder = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from ceder"; + }; + coven = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from coven"; + }; + twilight = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from twilight"; + }; + horizon = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from horizon"; + }; + shale = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from shale"; + }; + }; folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; @@ -62,21 +79,26 @@ in { devices = { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + autoAcceptFolders = config.host.sync.devices.ceder.autoAcceptFolders; }; coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + autoAcceptFolders = config.host.sync.devices.twilight.autoAcceptFolders; }; horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + autoAcceptFolders = config.host.sync.devices.horizon.autoAcceptFolders; }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + autoAcceptFolders = config.host.sync.devices.shale.autoAcceptFolders; }; }; folders = let From 24d6e9653b104336708dad937ac193a00e9c8cab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:41:16 -0600 Subject: [PATCH 528/695] added task to techdebt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8ed797d..eab1983 100644 --- a/README.md +++ b/README.md @@ -67,3 +67,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results - Create Tor guard/relay server +- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html From b5110878b192a17e013e3badcb30bd21709041b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:50:30 -0600 Subject: [PATCH 529/695] added more config to searx --- modules/nixos-modules/server/searx.nix | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index 5af4c57..b18eb14 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -28,11 +28,46 @@ searx = { enable = true; environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + settings = { server = { port = 8083; secret_key = "@SEARXNG_SECRET@"; }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; }; }; }; From 59743790b02a9f7de4def7af4c8c403af6769a28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Feb 2025 19:07:50 -0600 Subject: [PATCH 530/695] installed go vscode extensions --- configurations/home-manager/leyla/vscode.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index c6f8586..2aa4059 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -86,6 +86,9 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # go extensions + golang.go + # astro blog extensions astro-build.astro-vscode unifiedjs.vscode-mdx From 1347363fb0750314f361b742cf9917f5377fe7d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 14:50:21 -0600 Subject: [PATCH 531/695] added back minimize and maximize buttons to gnome --- configurations/home-manager/leyla/dconf.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index a960d75..7177da6 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,6 +5,8 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + "org/gnome/desktop/wm/preferences".button-layout = "close,maximize,minimize:"; + "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions enabled-extensions = [ From 57806433dc976aaf8049d4ba9ae393b9b87fbf5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 15:03:09 -0600 Subject: [PATCH 532/695] switched order of gnome window buttons --- configurations/home-manager/leyla/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 7177da6..ea1cd5f 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,7 +5,7 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/preferences".button-layout = "close,maximize,minimize:"; + "org/gnome/desktop/wm/preferences".button-layout = ":close,minimize,maximize"; "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions From eb13447136532c5f6389ea35beb61ba740c6851c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 15:23:45 -0600 Subject: [PATCH 533/695] switched order of gnome window buttons --- configurations/home-manager/leyla/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index ea1cd5f..5818641 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,7 +5,7 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/preferences".button-layout = ":close,minimize,maximize"; + "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions From 2a811955633613cc25ec40cc77654549e17c33fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 2 Mar 2025 15:25:48 -0600 Subject: [PATCH 534/695] added syncthing configDir to persistence --- modules/nixos-modules/sync.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index f4bfbfc..a5e81ec 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -4,6 +4,7 @@ ... }: let mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; @@ -72,7 +73,7 @@ in { user = "syncthing"; group = "syncthing"; dataDir = "${mountDir}/default"; - configDir = "/etc/syncthing"; + configDir = configDir; overrideDevices = true; overrideFolders = true; settings = { @@ -165,6 +166,12 @@ in { } (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ]; environment.persistence = { "/persist/system/root" = { enable = true; @@ -175,6 +182,11 @@ in { user = "syncthing"; group = "syncthing"; } + { + directory = configDir; + user = "syncthing"; + group = "syncthing"; + } ]; }; }; From c2d7f1f481f36aaaefa387d539b0c105f7e8c049 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 2 Mar 2025 15:40:28 -0600 Subject: [PATCH 535/695] updated syncthing defiant id --- modules/nixos-modules/sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index a5e81ec..50c4ae3 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -87,7 +87,7 @@ in { autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { - id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; + id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; From 34bc5b19336a086e0c26c5acb633be1fb2ea12e1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Mar 2025 21:30:45 -0600 Subject: [PATCH 536/695] added tailnet devices to fail2ban whitelist --- modules/nixos-modules/server/fail2ban.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 39a8fd2..2f6dc58 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -20,6 +20,10 @@ in { "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" ]; bantime = "24h"; # Ban IPs for one day on the first ban bantime-increment = { From 59bf355353f86a9cfcea1de92d523e8bb1a52458 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Mar 2025 21:39:12 -0600 Subject: [PATCH 537/695] added extra jellyfin domain --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/jellyfin.nix | 21 ++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7e46330..a524e96 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -97,6 +97,7 @@ jellyfin = { enable = true; subdomain = "media"; + extraSubdomains = ["jellyfin"]; }; forgejo = { enable = true; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a10470a..78afbc7 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -16,15 +16,30 @@ in { description = "subdomain of base domain that jellyfin will be hosted at"; default = "jellyfin"; }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; }; config = lib.mkIf config.host.jellyfin.enable ( lib.mkMerge [ { services.jellyfin.enable = true; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - }; + host.reverse_proxy.subdomains = lib.mkMerge ([ + { + ${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + } + ] + ++ (builtins.map (subdomain: { + ${subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + }) + config.host.jellyfin.extraSubdomains)); environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web From b2fbcc0e63ad474abb78332f4ba14a691e2dc48b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 10:23:09 -0600 Subject: [PATCH 538/695] installed lix --- flake.lock | 86 +++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 9 +++-- util/default.nix | 4 +-- 3 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 67e9794..1b96238 100644 --- a/flake.lock +++ b/flake.lock @@ -93,6 +93,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -107,6 +125,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -142,6 +175,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -165,7 +233,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -223,6 +291,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -281,6 +350,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fd46f2f..f36ee44 100644 --- a/flake.nix +++ b/flake.nix @@ -5,11 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # TODO: figure out why things fail to build with lix - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 02e7155..cdc0caa 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,7 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -76,7 +76,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9b5dfa16e29d52efe627de82e074591c1285527e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 11:50:18 -0600 Subject: [PATCH 539/695] updated flake lock --- .../nixos/defiant/configuration.nix | 7 --- .../nixos/horizon/configuration.nix | 5 -- .../nixos/twilight/configuration.nix | 5 -- flake.lock | 50 +++++++++---------- modules/nixos-modules/sync.nix | 22 -------- nix-config-secrets | 1 + 6 files changed, 26 insertions(+), 64 deletions(-) create mode 160000 nix-config-secrets diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a524e96..de267d3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,13 +121,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - twilight.autoAcceptFolders = true; - horizon.autoAcceptFolders = true; - shale.autoAcceptFolders = true; - }; folders = { share = { enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 05c1b50..8a26487 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,11 +19,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - twilight.autoAcceptFolders = true; - }; folders = { share.enable = true; leyla = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 7f5d01b..555eb05 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -31,11 +31,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - horizon.autoAcceptFolders = true; - }; folders = { share.enable = true; leyla = { diff --git a/flake.lock b/flake.lock index 1b96238..ce9b77d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739841949, - "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", "owner": "nix-community", "repo": "disko", - "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740212040, - "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", + "lastModified": 1741233805, + "narHash": "sha256-aNmlbxeKPUfuOynHvIMBPrNgEs1ldHDIz1wbkitKDSs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", + "rev": "a1cc22e90f45f6075a991348e896f1595c4efce9", "type": "gitlab" }, "original": { @@ -112,11 +112,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1740347597, - "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", + "lastModified": 1741217763, + "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", "owner": "nix-community", "repo": "home-manager", - "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", + "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", "type": "github" }, "original": { @@ -203,7 +203,7 @@ "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz?rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba" }, "original": { "type": "tarball", @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1739933872, - "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=", + "lastModified": 1741229100, + "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53", + "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740089251, - "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", + "lastModified": 1740646007, + "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", + "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740126099, - "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", + "lastModified": 1741173522, + "narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", + "rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049", "type": "github" }, "original": { @@ -323,11 +323,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1741043164, + "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", "type": "github" }, "original": { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 50c4ae3..516e141 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -8,23 +8,6 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; - devices = { - ceder = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from ceder"; - }; - coven = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from coven"; - }; - twilight = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from twilight"; - }; - horizon = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from horizon"; - }; - shale = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from shale"; - }; - }; folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; @@ -80,26 +63,21 @@ in { devices = { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - autoAcceptFolders = config.host.sync.devices.ceder.autoAcceptFolders; }; coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - autoAcceptFolders = config.host.sync.devices.twilight.autoAcceptFolders; }; horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - autoAcceptFolders = config.host.sync.devices.horizon.autoAcceptFolders; }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - autoAcceptFolders = config.host.sync.devices.shale.autoAcceptFolders; }; }; folders = let diff --git a/nix-config-secrets b/nix-config-secrets new file mode 160000 index 0000000..db6d65e --- /dev/null +++ b/nix-config-secrets @@ -0,0 +1 @@ +Subproject commit db6d65e814bc0c99f6e9b95308184b004038243e From c6c17935dc3228a73ed49ee25ee8a4581a0c79a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 11:59:11 -0600 Subject: [PATCH 540/695] updated next cloud package --- modules/nixos-modules/server/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index 6acd01d..ada61dd 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -34,7 +34,7 @@ in { services = { nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; settings.log_type = "file"; config = { From 4dc7fa293c961aff99ff28ed4a0f9ad58884d9ce Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 12:04:31 -0600 Subject: [PATCH 541/695] disabled ollama --- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8a26487..c97a892 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -51,7 +51,7 @@ enable = true; }; ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:1.3b" diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 555eb05..5238b84 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -42,7 +42,7 @@ services = { ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:6.7b" From c4a7c711fbb731e6c71852f0f08cad50fab5c7cb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 13:09:38 -0600 Subject: [PATCH 542/695] updated network config for defiant --- .../nixos/defiant/configuration.nix | 8 ----- .../nixos/defiant/hardware-configuration.nix | 33 +++++-------------- 2 files changed, 9 insertions(+), 32 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index de267d3..bfd5a50 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -87,13 +87,6 @@ }; }; }; - # podman = { - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # }; jellyfin = { enable = true; subdomain = "media"; @@ -113,7 +106,6 @@ }; pihole = { enable = true; - # ip = "192.168.1.201"; }; nextcloud = { enable = true; diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index f312f88..da19108 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -35,12 +35,6 @@ networking = { hostName = "defiant"; # Define your hostname. useNetworkd = true; - interfaces = { - bond0.useDHCP = lib.mkDefault true; - bonding_masters.useDHCP = lib.mkDefault true; - enol.useDHCP = lib.mkDefault true; - eno2.useDHCP = lib.mkDefault true; - }; }; systemd.network = { @@ -60,33 +54,24 @@ }; networks = { - "30-enp4s0" = { - matchConfig.Name = "enp4s0"; + "30-eno1" = { + matchConfig.Name = "eno1"; networkConfig.Bond = "bond0"; - - address = [ - # configure addresses including subnet mask - "192.168.2.1/24" - ]; }; - "30-enp5s0" = { - matchConfig.Name = "enp5s0"; + "30-eno2" = { + matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; - - address = [ - # configure addresses including subnet mask - "192.168.2.2/24" - ]; }; "40-bond0" = { matchConfig.Name = "bond0"; - linkConfig.RequiredForOnline = "carrier"; - networkConfig.LinkLocalAddressing = "no"; - DHCP = "ipv4"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; address = [ - # configure addresses including subnet mask "192.168.1.10/24" ]; }; From 591566cc2a499998db353718c34b03e7fcc47d70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 14:23:12 -0600 Subject: [PATCH 543/695] removed pihole started drafting out adguardhome --- .../nixos/defiant/configuration.nix | 4 +- .../nixos/defiant/hardware-configuration.nix | 3 + modules/nixos-modules/impermanence.nix | 13 -- modules/nixos-modules/server/adguardhome.nix | 72 ++++++++ modules/nixos-modules/server/default.nix | 2 +- modules/nixos-modules/server/pihole.nix | 158 ------------------ modules/nixos-modules/server/podman.nix | 8 +- modules/nixos-modules/users.nix | 16 +- 8 files changed, 90 insertions(+), 186 deletions(-) create mode 100644 modules/nixos-modules/server/adguardhome.nix delete mode 100644 modules/nixos-modules/server/pihole.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index bfd5a50..3ea37e9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -104,8 +104,8 @@ enable = true; subdomain = "home"; }; - pihole = { - enable = true; + adguardhome = { + enable = false; }; nextcloud = { enable = true; diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index da19108..85dcd9e 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -74,6 +74,9 @@ address = [ "192.168.1.10/24" ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; }; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 008f060..e969e20 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -102,19 +102,6 @@ directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" - - # config.apps.pihole.directory.root - - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir - - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home ]; files = [ "/etc/machine-id" diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix new file mode 100644 index 0000000..866ad8a --- /dev/null +++ b/modules/nixos-modules/server/adguardhome.nix @@ -0,0 +1,72 @@ +{ + lib, + config, + ... +}: let + dnsPort = 53; +in { + options.host.adguardhome = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + directory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/AdGuardHome/"; + }; + }; + config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ + { + services.adguardhome = { + enable = true; + mutableSettings = false; + settings = { + dns = { + bootstrap_dns = [ + "1.1.1.1" + "9.9.9.9" + ]; + upstream_dns = [ + "dns.quad9.net" + ]; + }; + filtering = { + protection_enabled = true; + filtering_enabled = true; + + parental_enabled = false; # Parental control-based DNS requests filtering. + safe_search = { + enabled = false; # Enforcing "Safe search" option for search engines, when possible. + }; + }; + # The following notation uses map + # to not have to manually create {enabled = true; url = "";} for every filter + # This is, however, fully optional + filters = + map (url: { + enabled = true; + url = url; + }) [ + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.host.adguardhome.directory; + user = "adguardhome"; + group = "adguardhome"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index c8e17a9..a031b0d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./pihole.nix + ./adguardhome.nix ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix deleted file mode 100644 index aee6105..0000000 --- a/modules/nixos-modules/server/pihole.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - dnsPort = 53; - webPort = 8090; -in { - options.host.pihole = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/pihole"; - }; - image = lib.mkOption { - type = lib.types.str; - default = "pihole/pihole:latest"; - description = "container image to use for pi-hole"; - }; - # piholeStateDirectory = { - # type = lib.types.str; - # default = "${config.host.pihole.directory}/pihole"; - # }; - # tailscaleStateDirectory = { - # type = lib.types.str; - # default = "${config.host.pihole.directory}/tailscale"; - # }; - # piholeImage = lib.mkOption { - # type = lib.types.str; - # default = "pihole/pihole:2024.07.0"; - # description = "container image to use for pi-hole"; - # }; - # tailscaleImage = lib.mkOption { - # type = lib.types.str; - # default = "tailscale/tailscale:latest"; - # description = "container image to use for pi-holes tail scale"; - # }; - ip = lib.mkOption { - type = lib.types.str; - description = "ip address to use for pi-hole"; - }; - }; - config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ - { - host.podman.enable = true; - sops = { - secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - # "wireguard-keys/tailscale-authkey/pihole" = { - # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - # }; - }; - templates."pihole.env".content = '' - FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"} - ''; - }; - systemd = { - tmpfiles.rules = [ - "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system - # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -" - # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -" - ]; - - services = { - "podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - # after = [ - # "podman-network-macvlan.service" - # ]; - # requires = [ - # "podman-network-macvlan.service" - # ]; - partOf = [ - "podman-compose-root.target" - ]; - wantedBy = [ - "podman-compose-root.target" - ]; - }; - }; - }; - - services.resolved.enable = false; - - virtualisation = { - oci-containers = { - containers = { - pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.host.pihole.image; - volumes = [ - "${config.host.pihole.directory}:/etc/pihole:rw" - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = "America/Chicago"; - FTLCONF_webserver_port = toString webPort; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; - }; - environmentFiles = [ - config.sops.templates."pihole.env".path - ]; - log-driver = "journald"; - extraOptions = [ - "--network=host" - # "--network=container:${tailscale container id}" - ]; - }; - # ts-pihole = { - # image = config.host.pihole.tailscaleImage; - # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale"; - # environment = { - # TS_ACCEPT_DNS = "false"; - # TS_HOSTNAME = "pihole"; - # TS_STATE_DIR = "/var/lib/tailscale"; - # TS_USERSPACE = "false"; - # TS_EXTRA_ARGS = "--advertise-tags=tag:container"; - # }; - # environmentFiles = [ - # config.sops.templates."tailscale-pihole.env".path - # ]; - # devices = [ - # "/dev/net/tun:/dev/net/tun" - # ]; - # extraOptions = [ - # "--ip=${config.host.pihole.ip}" - # "--network=macvlan" - # ]; - # }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.pihole.directory; - user = "pihole"; - group = "pihole"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index b75c56f..e806e65 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -59,10 +59,10 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; + # defaultNetwork.settings = { + # # Required for container networking to be able to use names. + # dns_enabled = true; + # }; }; oci-containers = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 15631a9..f57e894 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -17,7 +17,7 @@ eve = 1002; jellyfin = 2000; forgejo = 2002; - pihole = 2003; + adguardhome = 2003; hass = 2004; headscale = 2005; nextcloud = 2006; @@ -32,7 +32,7 @@ jellyfin_media = 2001; jellyfin = 2000; forgejo = 2002; - pihole = 2003; + adguardhome = 2003; hass = 2004; headscale = 2005; nextcloud = 2006; @@ -123,10 +123,10 @@ in { group = config.users.users.forgejo.name; }; - pihole = { - uid = lib.mkForce uids.pihole; + adguardhome = { + uid = lib.mkForce uids.adguardhome; isSystemUser = true; - group = config.users.users.pihole.name; + group = config.users.users.adguardhome.name; }; hass = { @@ -208,10 +208,10 @@ in { ]; }; - pihole = { - gid = lib.mkForce gids.pihole; + adguardhome = { + gid = lib.mkForce gids.adguardhome; members = [ - users.pihole.name + users.adguardhome.name # leyla ]; }; From 651a988558bd7b14fe5506e688d7a954c0c30c7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 15:05:04 -0600 Subject: [PATCH 544/695] updated ROOT_URL for forgejo --- modules/nixos-modules/server/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index db1549d6..a6b3ede 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -49,6 +49,7 @@ in { SSH_PORT = 22; # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com:"; }; service = { DISABLE_REGISTRATION = true; From 46615cc36153e04de43274c474582868c91ae6b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 15:10:37 -0600 Subject: [PATCH 545/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index eab1983..448c91d 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords - move fail2ban configs out of fail2ban.nix and into configs for their respective services +- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 62abf65e5af948a5fad393a19587a6d0ab6edd6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:14:42 -0600 Subject: [PATCH 546/695] enabled ACME --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ea37e9..9d6a434 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -77,7 +77,7 @@ }; reverse_proxy = { enable = true; - enableACME = false; + enableACME = true; hostname = "jan-leila.com"; }; postgres = { From 8b39a8084950929f1c4c260f23bead1ccde6f9f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:18:37 -0600 Subject: [PATCH 547/695] added extra config to services --- .../nixos-modules/server/home-assistant.nix | 19 +++++++++++- modules/nixos-modules/server/jellyfin.nix | 30 +++++++++++++++++++ .../nixos-modules/server/reverse_proxy.nix | 8 +++++ 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index ba6d81f..cadb607 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -18,10 +18,15 @@ in { { services.home-assistant = { enable = true; + extraComponents = [ + "esphome" + "met" + "radio_browser" + ]; config.http = { server_port = 8082; use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; + trusted_proxies = ["127.0.0.1" "::1"]; ip_ban_enabled = true; login_attempts_threshold = 10; }; @@ -29,6 +34,18 @@ in { host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + websockets = true; + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 90; + ''; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 78afbc7..4746ad3 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -31,12 +31,42 @@ in { { ${config.host.jellyfin.subdomain} = { target = "http://localhost:${toString jellyfinPort}"; + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + ''; }; } ] ++ (builtins.map (subdomain: { ${subdomain} = { target = "http://localhost:${toString jellyfinPort}"; + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + ''; }; }) config.host.jellyfin.extraSubdomains)); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index a218b3f..a406b14 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -31,6 +31,13 @@ in { description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; + extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + description = '' + These lines go to the end of the upstream verbatim. + ''; + }; }; })); default = {}; @@ -53,6 +60,7 @@ in { locations."/" = { proxyPass = value.target; proxyWebsockets = value.websockets; + extraConfig = value.extraConfig; }; }) config.host.reverse_proxy.subdomains; From 86c585111cf58f3aae11697cdf524d5e591f8f0d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:35:41 -0600 Subject: [PATCH 548/695] added packages for home assistant --- modules/nixos-modules/server/home-assistant.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index cadb607..63f67d2 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -22,6 +22,7 @@ in { "esphome" "met" "radio_browser" + "isal" ]; config.http = { server_port = 8082; @@ -30,6 +31,11 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + extraPackages = python3Packages: + with python3Packages; [ + numpy + gtts + ]; }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { From 99e57603c768e5e75abf8984568178e68592987d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:54:22 -0600 Subject: [PATCH 549/695] added components to home assistant --- modules/nixos-modules/server/home-assistant.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 63f67d2..8ff688f 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -18,11 +18,22 @@ in { { services.home-assistant = { enable = true; + configDir = configDir; extraComponents = [ "esphome" "met" "radio_browser" "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "minecraft_server" + "openweathermap" ]; config.http = { server_port = 8082; @@ -44,12 +55,16 @@ in { extraConfig = '' add_header Upgrade $http_upgrade; add_header Connection \"upgrade\"; + proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_buffering off; + proxy_read_timeout 90; ''; }; From 9715517af68766b21316600c3dbdfd45b662fcdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 19:53:11 -0600 Subject: [PATCH 550/695] added more config to home assistant --- .../nixos-modules/server/home-assistant.nix | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 8ff688f..967846a 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -20,7 +20,6 @@ in { enable = true; configDir = configDir; extraComponents = [ - "esphome" "met" "radio_browser" "isal" @@ -35,12 +34,22 @@ in { "minecraft_server" "openweathermap" ]; - config.http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; + config = { + homeassistant = { + name = "Home"; + latitude = "!secret latitude"; + longitude = "!secret longitude"; + elevation = "!secret elevation"; + unit_system = "metric"; + time_zone = "CDT"; + }; + http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; }; extraPackages = python3Packages: with python3Packages; [ From 0e5d8e3335764f411f4d1d27d2fdff8fd5a8925a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Mar 2025 05:05:32 -0600 Subject: [PATCH 551/695] added postgres config to home assistant --- .../nixos-modules/server/home-assistant.nix | 42 +++++++++++++++---- modules/nixos-modules/server/postgres.nix | 1 + 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 967846a..5c4b81f 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,9 +1,11 @@ { lib, + pkgs, config, ... }: let configDir = "/var/lib/hass"; + db_user = "hass"; in { options.host.home-assistant = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -16,8 +18,18 @@ in { config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ { + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; services.home-assistant = { enable = true; + package = + (pkgs.home-assistant.override { + extraPackages = py: with py; [psycopg2]; + }) + .overrideAttrs (oldAttrs: { + doInstallCheck = false; + }); configDir = configDir; extraComponents = [ "met" @@ -35,14 +47,6 @@ in { "openweathermap" ]; config = { - homeassistant = { - name = "Home"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - unit_system = "metric"; - time_zone = "CDT"; - }; http = { server_port = 8082; use_x_forwarded_for = true; @@ -50,6 +54,9 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + recorder.db_url = "postgresql://@/${db_user}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; }; extraPackages = python3Packages: with python3Packages; [ @@ -57,6 +64,11 @@ in { gtts ]; }; + systemd.services.home-assistant = { + requires = [ + "postgresql.service" + ]; + }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; @@ -77,6 +89,20 @@ in { proxy_read_timeout 90; ''; }; + postgres = { + enable = true; + extraUsers = { + ${db_user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; + }; + }; + }; }; } (lib.mkIf config.host.impermanence.enable { diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 8d57d42..71ce44c 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -65,6 +65,7 @@ in { ++ ( builtins.map (user: { name = user.name; + ensureDBOwnership = true; }) createUsers ); From f5c67b812f7b4d00f8977b6034d2c0141d8f12a4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Mar 2025 16:16:03 -0600 Subject: [PATCH 552/695] updated nfs mounts --- .../nixos/horizon/hardware-configuration.nix | 24 +++---------------- .../nixos/twilight/hardware-configuration.nix | 12 +++------- 2 files changed, 6 insertions(+), 30 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 48a4680..b7e7d84 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,41 +38,23 @@ fsType = "vfat"; }; - "/mnt/new_leyla_home" = { + "/mnt/leyla_home" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/new_eve_home" = { + "/mnt/eve_home" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/new_users_home" = { + "/mnt/users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - - "/mnt/leyla_home" = { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - - "/mnt/share_home" = { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - - "/mnt/docker_home" = { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; - }; }; environment.systemPackages = with pkgs; [ diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index d547c9c..53e8cc2 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -48,22 +48,16 @@ }; "/mnt/leyla_home" = { - device = "server.arpa:/home/leyla"; + device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/share_home" = { - device = "server.arpa:/home/share"; + "/mnt/users_home" = { + device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - - "/mnt/docker_home" = { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; - }; }; environment.systemPackages = with pkgs; [ From 1e98b54454f86dc3963dd1ca6e3522dd2289d6aa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:10:50 -0500 Subject: [PATCH 553/695] added more config for nfs mounts --- configurations/nixos/defiant/configuration.nix | 7 +++++++ .../nixos/horizon/hardware-configuration.nix | 12 +++++++++--- .../nixos/twilight/hardware-configuration.nix | 4 ++-- modules/nixos-modules/server/jellyfin.nix | 8 ++++++-- .../nixos-modules/server/network_storage/default.nix | 2 +- modules/nixos-modules/server/network_storage/nfs.nix | 4 ++-- 6 files changed, 27 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9d6a434..2ec7914 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -58,6 +58,7 @@ folder = "leyla"; user = "leyla"; group = "leyla"; + bind = "/home/leyla/documents"; } { folder = "eve"; @@ -69,6 +70,12 @@ user = "root"; group = "users"; } + { + folder = "media"; + user = "jellyfin"; + group = "jellyfin_media"; + bind = config.host.jellyfin.media_directory; + } ]; nfs = { enable = true; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index b7e7d84..f5342a1 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,23 +38,29 @@ fsType = "vfat"; }; - "/mnt/leyla_home" = { + "/mnt/leyla_documents" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/eve_home" = { + "/mnt/eve_documents" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/users_documents" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; }; environment.systemPackages = with pkgs; [ diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 53e8cc2..c215e02 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -47,13 +47,13 @@ options = ["fmask=0022" "dmask=0022"]; }; - "/mnt/leyla_home" = { + "/mnt/leyla_documents" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/users_documents" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 4746ad3..ba58fe9 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -7,7 +7,6 @@ jellyfinPort = 8096; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; - jellyfin_media_directory = "/srv/jellyfin/media"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -21,6 +20,11 @@ in { description = "ex subdomain of base domain that jellyfin will be hosted at"; default = []; }; + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; }; config = lib.mkIf config.host.jellyfin.enable ( @@ -126,7 +130,7 @@ in { hideMounts = true; directories = [ { - directory = jellyfin_media_directory; + directory = config.host.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index fecc05f..f756738 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2770 root root -" + "d ${config.host.network_storage.export_directory} 2775 root root -" ] ++ ( builtins.map ( diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index e793b16..9aaab39 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -38,8 +38,8 @@ services.nfs.server = { enable = true; exports = lib.strings.concatLines ( - builtins.map ( - directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)" + lib.lists.imap0 ( + i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})" ) ( builtins.filter ( From 7b9b394ad26fa67fe50acdf1cde582f29805c3df Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:24:15 -0500 Subject: [PATCH 554/695] exported export folder from nfs --- configurations/home-manager/leyla/packages.nix | 1 - configurations/nixos/defiant/configuration.nix | 2 +- configurations/nixos/horizon/hardware-configuration.nix | 2 +- configurations/nixos/twilight/hardware-configuration.nix | 6 ++++++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 11c7af1..cceffb6 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -76,7 +76,6 @@ in { # system tools protonvpn-gui openvpn - nextcloud-client noisetorch # hardware managment tools diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2ec7914..f70a15d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -115,7 +115,7 @@ enable = false; }; nextcloud = { - enable = true; + enable = false; subdomain = "drive"; }; sync = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index f5342a1..cb72d55 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -59,7 +59,7 @@ "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; }; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index c215e02..81b32ae 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -58,6 +58,12 @@ fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; }; environment.systemPackages = with pkgs; [ From 06adc798da01e0380de78d07a55e300e5ad695d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:41:01 -0500 Subject: [PATCH 555/695] added more config to media folder --- configurations/nixos/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index cb72d55..f5342a1 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -59,7 +59,7 @@ "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; }; From c4c84503f58a99bee9938b967b9a326ab7368f88 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 21:48:27 -0500 Subject: [PATCH 556/695] added package to home assistant --- modules/nixos-modules/server/home-assistant.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 5c4b81f..0922312 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -60,6 +60,7 @@ in { }; extraPackages = python3Packages: with python3Packages; [ + hassil numpy gtts ]; From 769da44f84dc8ddb2931d38b7eb6c35d4ed6ff20 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 21:50:09 -0500 Subject: [PATCH 557/695] removed next cloud --- .../nixos/defiant/configuration.nix | 4 -- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/fail2ban.nix | 60 +++++++++++----- modules/nixos-modules/server/nextcloud.nix | 69 ------------------- 4 files changed, 41 insertions(+), 93 deletions(-) delete mode 100644 modules/nixos-modules/server/nextcloud.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f70a15d..89d1af5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,10 +114,6 @@ adguardhome = { enable = false; }; - nextcloud = { - enable = false; - subdomain = "drive"; - }; sync = { enable = true; folders = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index a031b0d..8854936 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix - ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 2f6dc58..cd2a978 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -12,6 +13,41 @@ in { config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." + '') + ); + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + services.fail2ban = { enable = true; maxretry = 5; @@ -34,54 +70,40 @@ in { }; jails = { nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; filter = "nginx"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; backend = "auto"; - failregex = "limiting requests, excess:.* by zone.*client: "; findtime = 600; bantime = 600; maxretry = 5; }; jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.jellyfin.dataDir}/log/*.log"; backend = "auto"; - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\."; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable { - filter = "nextcloud"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.nextcloud.datadir}/*.log"; - backend = "auto"; - failregex = '' - ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ - ''; findtime = 600; bantime = 600; maxretry = 5; }; forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; filter = "forgejo"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.forgejo.stateDir}/log/*.log"; backend = "auto"; - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from "; findtime = 600; bantime = 600; maxretry = 5; }; home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - filter = "home-assistant"; + enabled = true; + filter = "hass"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.home-assistant.configDir}/*.log"; backend = "auto"; - failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$"; findtime = 600; bantime = 600; maxretry = 5; diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix deleted file mode 100644 index ada61dd..0000000 --- a/modules/nixos-modules/server/nextcloud.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - dataDir = "/var/lib/nextcloud"; -in { - options.host.nextcloud = { - enable = lib.mkEnableOption "should nextcloud be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that nextcloud will be hosted at"; - default = "nextcloud"; - }; - }; - - config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [ - { - sops.secrets = { - "services/nextcloud_adminpass" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - owner = config.users.users.nextcloud.name; - }; - }; - - host = { - reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = { - target = "http://localhost:${toString 8009}"; - }; - }; - - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; - settings.log_type = "file"; - config = { - adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; - adminuser = "admin"; - dbtype = "sqlite"; - }; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.nextcloud.datadir == dataDir; - message = "nextcloud data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "nextcloud"; - group = "nextcloud"; - } - ]; - }; - }) - ]); -} From 682e911e3cdbe9630757c8e874ed195d75ddfb40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 00:41:56 -0500 Subject: [PATCH 558/695] updated bookmarks in firefox --- configurations/home-manager/leyla/firefox.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 3f6a09c..59450c4 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -261,14 +261,7 @@ bookmarks = [ { name = "Media"; - url = "https://jellyfin.jan-leila.com/"; - # url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Drive"; - url = "https://drive.jan-leila.com/"; + url = "https://media.jan-leila.com/"; keyword = ""; tags = [""]; } @@ -280,7 +273,7 @@ } { name = "Home Automation"; - url = "https://home-assistant.jan-leila.com/"; + url = "https://home.jan-leila.com/"; keyword = ""; tags = [""]; } From 9ef33d0d8be906d3c1ff4f789055546f57b45620 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 17:55:00 -0500 Subject: [PATCH 559/695] fixed nfs shares --- .../nixos/defiant/configuration.nix | 8 ++++---- .../nixos/horizon/hardware-configuration.nix | 6 +++--- .../server/network_storage/nfs.nix | 19 +++++++++++-------- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 89d1af5..3923715 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -55,18 +55,18 @@ enable = true; directories = [ { - folder = "leyla"; + folder = "leyla_documents"; user = "leyla"; group = "leyla"; bind = "/home/leyla/documents"; } { - folder = "eve"; + folder = "eve_documents"; user = "eve"; group = "eve"; } { - folder = "users"; + folder = "users_documents"; user = "root"; group = "users"; } @@ -79,7 +79,7 @@ ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; reverse_proxy = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index f5342a1..65c2aa2 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -39,19 +39,19 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve"; + device = "defiant:/exports/eve_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 9aaab39..b398582 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -38,15 +38,18 @@ services.nfs.server = { enable = true; exports = lib.strings.concatLines ( - lib.lists.imap0 ( - i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + [ + "/export 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + ] + ++ (builtins.map ( + directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" ) - config.host.network_storage.directories - ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + )) ); }; networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ From 596455406003dda4a3842424361efcd156fa191c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 18:00:30 -0500 Subject: [PATCH 560/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 448c91d..9a1c362 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords +- nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services - nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features From 3cd17b36931a0ec8314b56031aef34598dda1c78 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 11 Mar 2025 00:33:23 -0500 Subject: [PATCH 561/695] removed postgres from home-assistant db --- flake.lock | 53 +++++++------------ .../nixos-modules/server/home-assistant.nix | 31 +---------- 2 files changed, 19 insertions(+), 65 deletions(-) diff --git a/flake.lock b/flake.lock index ce9b77d..da1433e 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741233805, - "narHash": "sha256-aNmlbxeKPUfuOynHvIMBPrNgEs1ldHDIz1wbkitKDSs=", + "lastModified": 1741665811, + "narHash": "sha256-yQwFid0LSC2syNBTXCSJTZ1EX1OQjBoGk0fSIaaiC+Q=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a1cc22e90f45f6075a991348e896f1595c4efce9", + "rev": "ba7a019fc6c9ee63e3e1a425e0bbf8dd697f7b16", "type": "gitlab" }, "original": { @@ -58,22 +58,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1629284811, @@ -147,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741217763, - "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", + "lastModified": 1741635347, + "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", "owner": "nix-community", "repo": "home-manager", - "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", + "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", "type": "github" }, "original": { @@ -232,18 +216,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1740275623, - "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", + "lastModified": 1741657825, + "narHash": "sha256-QzO/VwD7OAedSFpDuj7XCQSpiGEy597nrQNii5wPW5Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", + "rev": "c87cf45f4901c86a62fae357a06a6ad84af2a496", "type": "github" }, "original": { @@ -254,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740646007, - "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -270,11 +253,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741173522, - "narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=", + "lastModified": 1741513245, + "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049", + "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", "type": "github" }, "original": { @@ -323,11 +306,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 0922312..01423e6 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,11 +1,9 @@ { lib, - pkgs, config, ... }: let configDir = "/var/lib/hass"; - db_user = "hass"; in { options.host.home-assistant = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -23,13 +21,6 @@ in { ]; services.home-assistant = { enable = true; - package = - (pkgs.home-assistant.override { - extraPackages = py: with py; [psycopg2]; - }) - .overrideAttrs (oldAttrs: { - doInstallCheck = false; - }); configDir = configDir; extraComponents = [ "met" @@ -43,7 +34,6 @@ in { "sonos" "analytics_insights" "unifi" - "minecraft_server" "openweathermap" ]; config = { @@ -54,7 +44,7 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; - recorder.db_url = "postgresql://@/${db_user}"; + # recorder.db_url = "postgresql://@/${db_user}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; }; @@ -65,11 +55,6 @@ in { gtts ]; }; - systemd.services.home-assistant = { - requires = [ - "postgresql.service" - ]; - }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; @@ -90,20 +75,6 @@ in { proxy_read_timeout 90; ''; }; - postgres = { - enable = true; - extraUsers = { - ${db_user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${db_user} = { - name = db_user; - }; - }; - }; }; } (lib.mkIf config.host.impermanence.enable { From 32e00602f0cdda6f2b72cc460ddfa434fa42b30f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 11 Mar 2025 18:48:44 -0500 Subject: [PATCH 562/695] removed some extra config from jellyfin nginx config to fix webos --- modules/nixos-modules/server/jellyfin.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index ba58fe9..e3eb986 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -38,8 +38,6 @@ in { extraConfig = '' client_max_body_size 20M; add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; - add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -59,8 +57,6 @@ in { extraConfig = '' client_max_body_size 20M; add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; - add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; From 80092713e3672756a0e2c55993a503602ff57531 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Mar 2025 01:40:26 -0500 Subject: [PATCH 563/695] updated flake lock --- flake.lock | 36 ++++++++++++++++++------------------ flake.nix | 2 ++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index da1433e..0ef39bc 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1740485968, - "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "lastModified": 1741786315, + "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "owner": "nix-community", "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741665811, - "narHash": "sha256-yQwFid0LSC2syNBTXCSJTZ1EX1OQjBoGk0fSIaaiC+Q=", + "lastModified": 1741786843, + "narHash": "sha256-1m1krwWuROjou56kuILpYZ3imlOgpW2hPqczObinQwQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "ba7a019fc6c9ee63e3e1a425e0bbf8dd697f7b16", + "rev": "51bc10cdd5c2ea8f2cd5adcc587ba0479409312e", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741635347, - "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", + "lastModified": 1741791118, + "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", + "rev": "18780912345970e5b546b1b085385789b6935a83", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741229100, - "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", + "lastModified": 1741794429, + "narHash": "sha256-4J46D8sOZ3UroVyGYKYMU3peq9gv0tjRX0KbZihWhhw=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", + "rev": "2fb6b09b678a1ab258cf88e3ea4a966edceec6a8", "type": "github" }, "original": { @@ -222,11 +222,11 @@ ] }, "locked": { - "lastModified": 1741657825, - "narHash": "sha256-QzO/VwD7OAedSFpDuj7XCQSpiGEy597nrQNii5wPW5Q=", + "lastModified": 1741772639, + "narHash": "sha256-u6jSqRGsfm4Af+tUKJsJ346XwJuomL6Qxiu/BZieowU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c87cf45f4901c86a62fae357a06a6ad84af2a496", + "rev": "2f079586510bc77bac539cf330edaebb9d51e0e0", "type": "github" }, "original": { @@ -237,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1741792691, + "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "e1f12151258b12c567f456d8248e4694e9390613", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f36ee44..bf9976d 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,8 @@ flake = false; }; + # common config for syncthing + # disk configurations disko = { url = "github:nix-community/disko"; From 395a25eff1e6647c2bfe6e2348ab15800b4dc8f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Mar 2025 02:13:11 -0500 Subject: [PATCH 564/695] adopted new syncthing flake --- configurations/syncthing/default.nix | 95 +++++++++++++++++++++++++ flake.lock | 34 +++++++-- flake.nix | 8 +++ modules/nixos-modules/sync.nix | 102 ++++----------------------- util/default.nix | 8 +++ 5 files changed, 154 insertions(+), 93 deletions(-) create mode 100644 configurations/syncthing/default.nix diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix new file mode 100644 index 0000000..bc557eb --- /dev/null +++ b/configurations/syncthing/default.nix @@ -0,0 +1,95 @@ +{config, ...}: { + folders = { + leyla_documents = { + id = "hvrj0-9bm1p"; + }; + leyla_calendar = { + id = "8oatl-1rv6w"; + }; + leyla_notes = { + id = "dwbuv-zffnf"; + }; + share = { + id = "73ot0-cxmkx"; + }; + }; + devices = { + defiant = { + id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + leyla_calendar = { + folder = config.folders.leyla_calendar; + path = "/mnt/sync/leyla/calendar"; + }; + leyla_notes = { + folder = config.folders.leyla_notes; + path = "/mnt/sync/leyla/notes"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + twilight = { + id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + horizon = { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + coven = { + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + folders = { + share = { + folder = config.folders.share; + }; + }; + }; + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + folders = { + share = { + folder = config.folders.share; + }; + leyla_calendar = { + folder = config.folders.leyla_calendar; + }; + leyla_notes = { + folder = config.folders.leyla_notes; + }; + }; + }; + shale = { + id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + folders = { + share = { + folder = config.folders.share; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 0ef39bc..11bbff8 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741786843, - "narHash": "sha256-1m1krwWuROjou56kuILpYZ3imlOgpW2hPqczObinQwQ=", + "lastModified": 1741838604, + "narHash": "sha256-ytHdrfSbbPvla43Ykd61cVkS2JLA8wBEHcnf4yLFP7Y=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51bc10cdd5c2ea8f2cd5adcc587ba0479409312e", + "rev": "e41884886e7798003973f487f37b979ee92f7d99", "type": "gitlab" }, "original": { @@ -214,6 +214,27 @@ "type": "github" } }, + "nix-syncthing": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741849924, + "narHash": "sha256-5vyb1H6HtW24QVqfI56P4QVQP6vHh1jS9ULwnunCO94=", + "ref": "main", + "rev": "86bcb200c83b6a5d13b3583126b9d8dc6770613a", + "revCount": 6, + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils_3", @@ -222,11 +243,11 @@ ] }, "locked": { - "lastModified": 1741772639, - "narHash": "sha256-u6jSqRGsfm4Af+tUKJsJ346XwJuomL6Qxiu/BZieowU=", + "lastModified": 1741830545, + "narHash": "sha256-SzbDILDATgMCYk2SxPYLCBVdT6mHtlyeYZDn2SZaIuU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2f079586510bc77bac539cf330edaebb9d51e0e0", + "rev": "28318c164b39b70a14851aed7ad0ea7f03ca417e", "type": "github" }, "original": { @@ -276,6 +297,7 @@ "impermanence": "impermanence", "lix-module": "lix-module", "nix-darwin": "nix-darwin", + "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index bf9976d..8c64e2b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ }; # common config for syncthing + nix-syncthing = { + url = "git+https://git.jan-leila.com/jan-leila/nix-syncthing?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # disk configurations disko = { @@ -73,6 +77,7 @@ self, nixpkgs, sops-nix, + nix-syncthing, home-manager, impermanence, ... @@ -84,6 +89,7 @@ mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + syncthingConfiguration = util.syncthingConfiguration; installerSystems = { basic = mkNixosInstaller "basic" []; @@ -153,5 +159,7 @@ darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; + + syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 516e141..e185781 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,6 +1,7 @@ { config, lib, + outputs, ... }: let mountDir = "/mnt/sync"; @@ -59,97 +60,24 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - settings = { - devices = { - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - }; - defiant = lib.mkIf (config.networking.hostName != "defiant") { - id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; - }; - twilight = lib.mkIf (config.networking.hostName != "twilight") { - id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - }; - horizon = lib.mkIf (config.networking.hostName != "horizon") { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - }; - shale = { - id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - }; - }; - folders = let - ceder = "ceder"; - coven = "coven"; - shale = "shale"; - defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; - twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; - horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; - in - lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "${mountDir}/leyla/documents"; - devices = [ - defiant - ceder - coven - twilight - horizon - ]; - }; - }) - (lib.mkIf config.host.sync.folders.share.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "${mountDir}/default/calendar"; - devices = [ - defiant - ceder - shale - ]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "${mountDir}/leyla/notes"; - devices = [ - defiant - ceder - ]; - }; - }) - (lib.mkIf config.host.sync.folders.share.enable { - "share" = { - id = "73ot0-cxmkx"; - path = "${mountDir}/default/share"; - devices = [ - defiant - ceder - coven - twilight - horizon - shale - ]; - }; - }) - ]; - }; + configuration = outputs.syncthingConfiguration; + deviceName = config.networking.hostName; }; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ]; + assertions = + [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ] + ++ lib.attrsets.mapAttrsToList (_: folder: { + assertion = lib.strings.hasPrefix mountDir folder.path; + message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; + }) + config.services.syncthing.folders; environment.persistence = { "/persist/system/root" = { enable = true; diff --git a/util/default.nix b/util/default.nix index cdc0caa..028212c 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; lix-module = inputs.lix-module; @@ -73,6 +74,7 @@ in { system-modules ++ [ sops-nix.nixosModules.sops + nix-syncthing.nixosModules.syncthing impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko @@ -107,4 +109,10 @@ in { ../configurations/home-manager/${user} ]; }; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; } From f5bef1ad43c16d8bf4fd6ea9f545166e9acaff01 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 02:04:20 -0500 Subject: [PATCH 565/695] removed completed task from tech debt --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9a1c362..a6b726e 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services From f81878afd71fca857028050ffa143d3dae238a94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 11:32:50 -0500 Subject: [PATCH 566/695] added talk to new features --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a6b726e..095b9c5 100644 --- a/README.md +++ b/README.md @@ -69,3 +69,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html +- migrate away from flakes and move to npins \ No newline at end of file From c1f90f07c972e5166d027689754a763db69de266 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 11:45:07 -0500 Subject: [PATCH 567/695] updated path for fail2ban config --- modules/nixos-modules/server/fail2ban.nix | 2 +- modules/nixos-modules/sync.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index cd2a978..a84b5ad 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -92,7 +92,7 @@ in { enabled = true; filter = "forgejo"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.stateDir}/log/*.log"; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; backend = "auto"; findtime = 600; bantime = 600; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index e185781..de361e6 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -77,7 +77,7 @@ in { assertion = lib.strings.hasPrefix mountDir folder.path; message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; }) - config.services.syncthing.folders; + config.services.syncthing.settings.folders; environment.persistence = { "/persist/system/root" = { enable = true; From a31230fe6728193872fe77178a72febcf9436b6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 12:02:39 -0500 Subject: [PATCH 568/695] added new feature to tasks --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 095b9c5..ad643c2 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init - samba mounts - figure out steam vr things? - Open GL? @@ -69,4 +68,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins \ No newline at end of file +- migrate away from flakes and move to npins +- forgejo dedicated sshd that can only do forgejo things and that the main deamon proxies to when trying to log in with the git user, with the goal of being able to host that deamon on port 22222 and set up a port forward rule on gateway for 22 -> deamon:22222 \ No newline at end of file From 9b857234f4fe62ee3f71d8130d301e1d9ceb1100 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 12:29:42 -0500 Subject: [PATCH 569/695] updated port number for forgejo internal ssh server --- modules/nixos-modules/server/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index a6b3ede..ee98305 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -6,7 +6,7 @@ forgejoPort = 8081; stateDir = "/var/lib/forgejo"; db_user = "forgejo"; - sshPort = 2222; + sshPort = 22222; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; From 34dce8d9d17aeb192b39447452cb7a6e3ca3dcb7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 19:47:02 -0500 Subject: [PATCH 570/695] fixed exports folder on nfs --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index b398582..405ea2c 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -39,7 +39,7 @@ enable = true; exports = lib.strings.concatLines ( [ - "/export 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + "/exports 100.64.0.0/10(rw,fsid=0,no_subtree_check)" ] ++ (builtins.map ( directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" From 44d6b4827db34649ab62294d55af0afeeaf797e6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 19:49:11 -0500 Subject: [PATCH 571/695] fixed forgejo ssh --- modules/nixos-modules/server/forgejo.nix | 49 ++++++++++++------------ modules/nixos-modules/users.nix | 32 ++++++++-------- 2 files changed, 41 insertions(+), 40 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index ee98305..f0c1974 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -33,31 +33,32 @@ in { }; }; - services.forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com:"; - }; - service = { - DISABLE_REGISTRATION = true; - }; + services = { + forgejo = { + enable = true; database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; }; }; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index f57e894..92f4016 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -20,9 +20,9 @@ adguardhome = 2003; hass = 2004; headscale = 2005; - nextcloud = 2006; syncthing = 2007; ollama = 2008; + git = 2009; }; gids = { @@ -35,9 +35,9 @@ adguardhome = 2003; hass = 2004; headscale = 2005; - nextcloud = 2006; syncthing = 2007; ollama = 2008; + git = 2009; }; users = config.users.users; @@ -141,12 +141,6 @@ in { group = config.users.users.headscale.name; }; - nextcloud = { - uid = lib.mkForce uids.nextcloud; - isSystemUser = true; - group = config.users.users.nextcloud.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -158,6 +152,13 @@ in { isSystemUser = true; group = config.users.users.ollama.name; }; + + git = { + uid = lib.mkForce uids.git; + isSystemUser = !config.services.forgejo.enable; + isNormalUser = config.services.forgejo.enable; + group = config.users.users.git.name; + }; }; groups = { @@ -232,14 +233,6 @@ in { ]; }; - nextcloud = { - gid = lib.mkForce gids.nextcloud; - members = [ - users.nextcloud.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +248,13 @@ in { users.ollama.name ]; }; + + git = { + gid = lib.mkForce gids.git; + members = [ + users.git.name + ]; + }; }; }; } From da78b208cdf94f653a7a036f511625ec312ecf6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:21:18 -0500 Subject: [PATCH 572/695] added ssh config for local git pushes --- configurations/home-manager/default.nix | 2 ++ configurations/home-manager/git/default.nix | 20 ++++++++++++++++++++ flake.nix | 7 ++++++- util/default.nix | 18 ++++++++++++++---- 4 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 configurations/home-manager/git/default.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 3aa4c0e..a7fa478 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -1,10 +1,12 @@ { lib, config, + osConfig, ... }: let users = config.host.users; in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); + git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix new file mode 100644 index 0000000..2276e7a --- /dev/null +++ b/configurations/home-manager/git/default.nix @@ -0,0 +1,20 @@ +{osConfig, ...}: { + home = { + username = osConfig.users.users.git.name; + homeDirectory = osConfig.users.users.git.home; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + }; + + programs.ssh.extraConfig = '' + AuthorizedKeysFile + /var/lib/forgejo/.ssh/authorized_keys + ''; +} diff --git a/flake.nix b/flake.nix index 8c64e2b..f9cb9a6 100644 --- a/flake.nix +++ b/flake.nix @@ -114,7 +114,12 @@ nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { name = "${user}@${hostname}"; - value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + value = mkHome { + user = user; + host = hostname; + system = system.pkgs.hostPlatform.system; + osConfig = system.config; + }; }) system.config.home-manager.users )) diff --git a/util/default.nix b/util/default.nix index 028212c..c6e0e06 100644 --- a/util/default.nix +++ b/util/default.nix @@ -36,8 +36,13 @@ home-manager-config = nixpkgs: { home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs outputs util;}; - home-manager.users = import ../configurations/home-manager nixpkgs; + home-manager.extraSpecialArgs = { + inherit inputs outputs util; + }; + home-manager.users = import ../configurations/home-manager (nixpkgs + // { + osConfig = nixpkgs.config; + }); home-manager.sharedModules = home-manager-modules; }; @@ -61,7 +66,7 @@ in { nixpkgs.lib.nixosSystem { modules = [ { - # TODO: authorized keys for all users + # TODO: authorized keys for all users and hosts } ../configurations/nixos/${host} ]; @@ -97,7 +102,12 @@ in { ]; }; - mkHome = user: host: system: osConfig: + mkHome = { + user, + host, + system, + osConfig, + }: home-manager.lib.homeManagerConfiguration { pkgs = pkgsFor system; extraSpecialArgs = { From fc8877ff1050e4cc5539c233511c655ecffadec8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:35:11 -0500 Subject: [PATCH 573/695] added fsid to all nfs mounts --- .../server/network_storage/nfs.nix | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 405ea2c..1b52d26 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -37,20 +37,15 @@ lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { services.nfs.server = { enable = true; - exports = lib.strings.concatLines ( - [ - "/exports 100.64.0.0/10(rw,fsid=0,no_subtree_check)" - ] - ++ (builtins.map ( - directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" + exports = lib.strings.concatLines (lib.lists.imap0 ( + i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories - ) - config.host.network_storage.directories - )) - ); + config.host.network_storage.directories + )); }; networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ config.host.network_storage.nfs.port From ade8d1ec83b689a2143d675167b63d8b465371b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:50:18 -0500 Subject: [PATCH 574/695] removed completed task from new features --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index ad643c2..9b72e49 100644 --- a/README.md +++ b/README.md @@ -68,5 +68,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- forgejo dedicated sshd that can only do forgejo things and that the main deamon proxies to when trying to log in with the git user, with the goal of being able to host that deamon on port 22222 and set up a port forward rule on gateway for 22 -> deamon:22222 \ No newline at end of file +- migrate away from flakes and move to npins \ No newline at end of file From 6d4cfec975c81b2d7a23eb9c2c6355be7a527726 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Mar 2025 12:30:26 -0500 Subject: [PATCH 575/695] added more config to nfs --- .../nixos/horizon/hardware-configuration.nix | 49 ++++++++++++++-- .../server/network_storage/nfs.nix | 56 ++++++++++++++----- 2 files changed, 88 insertions(+), 17 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 65c2aa2..ed743e9 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -25,6 +25,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; + + supportedFilesystems = ["nfs"]; }; fileSystems = { @@ -41,25 +43,64 @@ "/mnt/leyla_documents" = { device = "defiant:/exports/leyla_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/eve_documents" = { device = "defiant:/exports/eve_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/users_documents" = { device = "defiant:/exports/users_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; }; }; diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 1b52d26..138ca93 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -35,21 +35,51 @@ } ( lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { - services.nfs.server = { - enable = true; - exports = lib.strings.concatLines (lib.lists.imap0 ( - i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + services.nfs = { + settings = { + nfsd = { + threads = 32; + port = config.host.network_storage.nfs.port; + }; + }; + server = { + enable = true; + + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + + exports = lib.strings.concatLines ( + [ + "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + ] + ++ ( + lib.lists.imap1 ( + i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) ) - config.host.network_storage.directories - )); + ); + }; + }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + ports = [ + 111 + config.host.network_storage.nfs.port + config.services.nfs.server.lockdPort + config.services.nfs.server.mountdPort + config.services.nfs.server.statdPort + 20048 + ]; + in { + allowedTCPPorts = ports; + allowedUDPPorts = ports; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ - config.host.network_storage.nfs.port - ]; } ) ]; From 2ea0592c647889e3e75f276235e14af8a05daad9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 12:19:23 -0500 Subject: [PATCH 576/695] added local network and loopback addresses to nfs mount --- modules/nixos-modules/server/network_storage/nfs.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 138ca93..6273e59 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -55,7 +55,9 @@ ] ++ ( lib.lists.imap1 ( - i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)" + i: directory: let + options = "(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"; + in "${directory._directory} 100.64.0.0/10${options} 192.168.0.0/24${options} 127.0.0.1${options}" ) ( builtins.filter ( From 16959837423616b4a5f103fc127dd25d95dc5fea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 13:34:06 -0500 Subject: [PATCH 577/695] updated nfs config for twilight --- .../nixos/twilight/hardware-configuration.nix | 43 ++++++++++++++++--- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 81b32ae..1cba7de 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,6 +25,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; + + supportedFilesystems = ["nfs"]; }; services.xserver = { @@ -48,21 +50,52 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; }; }; From 33ea6db98bbbbc816829fe9b618ac14e9b46b4f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 14:30:04 -0500 Subject: [PATCH 578/695] made every address space for nfs use a different fsid --- modules/nixos-modules/server/network_storage/nfs.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 6273e59..26480d6 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -54,10 +54,16 @@ "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" ] ++ ( - lib.lists.imap1 ( + lib.lists.imap0 ( i: directory: let - options = "(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"; - in "${directory._directory} 100.64.0.0/10${options} 192.168.0.0/24${options} 127.0.0.1${options}" + option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + options = lib.strings.concatStrings ( + lib.strings.intersperse " " ( + lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + ) + ); + in "${directory._directory} ${options}" ) ( builtins.filter ( From de6a43a239c5d89889bdc6676f06b9849c5d76e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 15:31:34 -0500 Subject: [PATCH 579/695] added leyla documents to more syncthing devices --- configurations/syncthing/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bc557eb..1934684 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -67,6 +67,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; }; }; ceder = { @@ -75,6 +78,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; leyla_calendar = { folder = config.folders.leyla_calendar; }; From 7c0c94b47a6f325266b941651ad85e1ec8ae3faf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 20:34:09 -0500 Subject: [PATCH 580/695] updated nfs config --- .../server/network_storage/default.nix | 22 +++++++++---------- .../server/network_storage/nfs.nix | 15 ++++++++++--- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index f756738..00ea7ac 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/exports"; + default = "/export"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" ] ++ ( builtins.map ( @@ -77,14 +77,14 @@ in { ) ); } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - config.host.network_storage.export_directory - ]; - }; - }) + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) ]); } diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 26480d6..bad0452 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -56,11 +56,20 @@ ++ ( lib.lists.imap0 ( i: directory: let - option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; - addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = [ + # loopback + "127.0.0.1" + "::1" + # local network + # "192.168.0.0/24" + # tailscale + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; options = lib.strings.concatStrings ( lib.strings.intersperse " " ( - lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses ) ); in "${directory._directory} ${options}" From 4b014ed29ff60adf6934c6f72d12c37c178585cb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 20:56:20 -0500 Subject: [PATCH 581/695] added more options to nfs config on horizon --- .../nixos/horizon/hardware-configuration.nix | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ed743e9..e88d8dc 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -41,65 +41,71 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; + device = "defiant:/export/leyla_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve_documents"; + device = "defiant:/export/eve_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; + device = "defiant:/export/users_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/media" = { - device = "defiant:/exports/media"; + device = "defiant:/export/media"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "noatime" "nodiratime" "relatime" - "rsize=32768" - "wsize=32768" "fsc" + "timeo=600" + "retrans=2" ]; }; }; From 3ec99b599bc3f022249c6a604f3793061f664865 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 21:00:44 -0500 Subject: [PATCH 582/695] created immich config --- .../nixos/defiant/configuration.nix | 4 ++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/immich.nix | 68 +++++++++++++++++++ modules/nixos-modules/users.nix | 32 ++++----- 4 files changed, 89 insertions(+), 16 deletions(-) create mode 100644 modules/nixos-modules/server/immich.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3923715..0b7214b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,6 +114,10 @@ adguardhome = { enable = false; }; + immich = { + enable = true; + subdomain = "photos"; + }; sync = { enable = true; folders = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8854936..956ad9e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix + ./immich.nix ]; } diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix new file mode 100644 index 0000000..7dd3a0f --- /dev/null +++ b/modules/nixos-modules/server/immich.nix @@ -0,0 +1,68 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + options.host.immich = { + enable = lib.mkEnableOption "should immich be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.host.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + + services.immich = { + enable = true; + port = 2283; + # redis.enable = false; + }; + + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + allowedUDPPorts = [ + config.services.immich.port + ]; + allowedTCPPorts = [ + config.services.immich.port + ]; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 92f4016..7bdb3dd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -19,10 +19,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; gids = { @@ -34,10 +34,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; users = config.users.users; @@ -135,12 +135,6 @@ in { group = config.users.users.hass.name; }; - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -159,6 +153,12 @@ in { isNormalUser = config.services.forgejo.enable; group = config.users.users.git.name; }; + + immich = { + uid = lib.mkForce uids.immich; + isSystemUser = true; + group = config.users.users.immich.name; + }; }; groups = { @@ -225,14 +225,6 @@ in { ]; }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +247,14 @@ in { users.git.name ]; }; + + immich = { + gid = lib.mkForce gids.immich; + members = [ + users.immich.name + # leyla + ]; + }; }; }; } From 6614c4a5535505909a3bd85c358f40122854aff6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 14:32:50 -0500 Subject: [PATCH 583/695] added extra config to immich proxy --- modules/nixos-modules/server/immich.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 7dd3a0f..f8ea5e3 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -19,6 +19,27 @@ in { host = { reverse_proxy.subdomains.${config.host.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # Set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # enable websockets: http://nginx.org/en/docs/http/websocket.html + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; }; postgres = { enable = true; From b45fe04a2bc2b3d09a475f5205801d700c4fb13f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 17:13:37 -0500 Subject: [PATCH 584/695] removed duplicate task from tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9b72e49..6d2c56b 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich - zfs encryption FIDO2 2fa (look into shavee) -- ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results - Create Tor guard/relay server From 8e98273fcf40d7946e0af4b08b785b1e3cd0d833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 17:40:35 -0500 Subject: [PATCH 585/695] added photos bookmark to firefox --- configurations/home-manager/leyla/firefox.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 59450c4..5bc49db 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -265,6 +265,12 @@ keyword = ""; tags = [""]; } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } { name = "Git"; url = "https://git.jan-leila.com/"; From 9bc13861b4a54072b25677fde81dcfc3b6f6021c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 18:32:57 -0500 Subject: [PATCH 586/695] added fail2ban filter for immich --- modules/nixos-modules/server/fail2ban.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index a84b5ad..f486d73 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -46,6 +46,16 @@ in { datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S '') ); + "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + '') + ); }; services.fail2ban = { @@ -108,6 +118,11 @@ in { bantime = 600; maxretry = 5; }; + immich-iptables.settings = lib.mkIf config.services.immich.enable { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 68185640aa1209e1973c7557f7ed45e7f2243033 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 18:34:35 -0500 Subject: [PATCH 587/695] updated fail2ban filter --- modules/nixos-modules/server/fail2ban.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f486d73..e3f6280 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -48,9 +48,6 @@ in { ); "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - [Definition] failregex = immich-server.*Failed login attempt for user.+from ip address\s? journalmatch = CONTAINER_TAG=immich-server From 4c430404b3cd33f69b63096fa0cf899c8709a483 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 21:15:23 -0500 Subject: [PATCH 588/695] added tasks to README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d2c56b..6ddb2a9 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins \ No newline at end of file +- migrate away from flakes and move to npins +- fix nfs +- fix home assistant +- create adguard server \ No newline at end of file From 2350eb43ec0c4658a8670276241203230680fb63 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:13:38 -0500 Subject: [PATCH 589/695] simplified nginx config --- README.md | 1 - .../nixos-modules/server/home-assistant.nix | 12 ++-- modules/nixos-modules/server/immich.nix | 17 ++--- modules/nixos-modules/server/jellyfin.nix | 47 ++++---------- .../nixos-modules/server/reverse_proxy.nix | 63 ++++++++++++++----- modules/nixos-modules/server/searx.nix | 3 +- 6 files changed, 71 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 6ddb2a9..6f43733 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services -- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 01423e6..254e183 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -58,18 +58,14 @@ in { host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - websockets = true; + + websockets.enable = true; + forwardHeaders.enable = true; + extraConfig = '' add_header Upgrade $http_upgrade; add_header Connection \"upgrade\"; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; proxy_read_timeout 90; diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index f8ea5e3..2756e5c 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -19,26 +19,19 @@ in { host = { reverse_proxy.subdomains.${config.host.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + extraConfig = '' # allow large file uploads client_max_body_size 50000M; - # Set headers - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # enable websockets: http://nginx.org/en/docs/http/websocket.html - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_redirect off; - # set timeout proxy_read_timeout 600s; proxy_send_timeout 600s; send_timeout 600s; + proxy_redirect off; ''; }; postgres = { diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index e3eb986..77d5744 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -31,45 +31,22 @@ in { lib.mkMerge [ { services.jellyfin.enable = true; - host.reverse_proxy.subdomains = lib.mkMerge ([ - { - ${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; + host.reverse_proxy.subdomains.jellyfin = { + target = "http://localhost:${toString jellyfinPort}"; - proxy_buffering off; - ''; - }; - } - ] - ++ (builtins.map (subdomain: { - ${subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; + subdomain = config.host.jellyfin.subdomain; + extraSubdomains = config.host.jellyfin.extraSubdomains; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; + forwardHeaders.enable = true; - proxy_buffering off; - ''; - }; - }) - config.host.jellyfin.extraSubdomains)); + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + + proxy_buffering off; + ''; + }; environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index a406b14..26b4374 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -24,13 +24,28 @@ in { default = true; }; subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({...}: { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + target = lib.mkOption { type = lib.types.str; - description = "where should this host point to"; + description = "what url will all traffic to this application be forwarded to"; }; - websockets = lib.mkEnableOption "should websockets be proxied"; + + websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + extraConfig = lib.mkOption { type = lib.types.lines; default = ""; @@ -40,7 +55,6 @@ in { }; }; })); - default = {}; }; }; @@ -53,17 +67,36 @@ in { services.nginx = { enable = true; - virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations."/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets; - extraConfig = value.extraConfig; - }; - }) - config.host.reverse_proxy.subdomains; + virtualHosts = lib.mkMerge ( + lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: value: let + hostConfig = { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; + locations = { + "/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets.enable; + recommendedProxySettings = value.forwardHeaders.enable; + extraConfig = + value.extraConfig; + }; + }; + }; + in ( + [ + { + ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; + } + ] + ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) + value.extraSubdomains + ) + ) + config.host.reverse_proxy.subdomains + ) + ); }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index b18eb14..c578b41 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -20,7 +20,8 @@ }; }; host = { - reverse_proxy.subdomains.${config.host.searx.subdomain} = { + reverse_proxy.subdomains.searx = { + subdomain = config.host.searx.subdomain; target = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; From c81622a65cedde239ff5e28b20443cd95175de97 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:21:16 -0500 Subject: [PATCH 590/695] removed completed new feature from tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6f43733..2c46110 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs email after scrubbing # TODO: test this - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results From ae19af996e619251e70b9653173f58b96c60fbc5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:22:53 -0500 Subject: [PATCH 591/695] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2c46110..7c1908e 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services +- move extra custom configuration for services out of host config and instead extend services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts From 24e651205983fbde33e1c421677fc68796a38752 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 19:57:12 -0500 Subject: [PATCH 592/695] updated flake.lock --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 11bbff8..dfdc765 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741838604, - "narHash": "sha256-ytHdrfSbbPvla43Ykd61cVkS2JLA8wBEHcnf4yLFP7Y=", + "lastModified": 1742417054, + "narHash": "sha256-xZrOGER/WjdotrDqHGqz0GGtXKmMw0yzrop6TtZSB7w=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e41884886e7798003973f487f37b979ee92f7d99", + "rev": "9c8d89103be887c38fac9951d4d8900a91fff5d6", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741791118, - "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", + "lastModified": 1742416832, + "narHash": "sha256-ycok0eJJcoknqaibdv/TEEEOUqovC42XCqbfLDYmnoQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "18780912345970e5b546b1b085385789b6935a83", + "rev": "eb0f617aecbaf1eff5bacec789891e775af2f5a3", "type": "github" }, "original": { @@ -163,14 +163,14 @@ "flake": false, "locked": { "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "lastModified": 1741892773, + "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", + "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz?rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" }, "original": { "type": "tarball", @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741794429, - "narHash": "sha256-4J46D8sOZ3UroVyGYKYMU3peq9gv0tjRX0KbZihWhhw=", + "lastModified": 1742373336, + "narHash": "sha256-oEF5dBlq8wGD3mkJ5PmFS1PGb28uYmvuy1IH6roIGkQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2fb6b09b678a1ab258cf88e3ea4a966edceec6a8", + "rev": "2d9b63316926aa130a5a51136d93b9be28808f26", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1741830545, - "narHash": "sha256-SzbDILDATgMCYk2SxPYLCBVdT6mHtlyeYZDn2SZaIuU=", + "lastModified": 1742349195, + "narHash": "sha256-6Jd1bVeDtg1Tx5pfTI2pkVSc5OUsWzlzyRBE6uucvKk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "28318c164b39b70a14851aed7ad0ea7f03ca417e", + "rev": "627c4ca40954a81d52753e2c754863f244cf81ba", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741792691, - "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", + "lastModified": 1742376361, + "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1f12151258b12c567f456d8248e4694e9390613", + "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9", "type": "github" }, "original": { @@ -274,11 +274,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741513245, - "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", + "lastModified": 1742288794, + "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", + "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "type": "github" }, "original": { @@ -328,11 +328,11 @@ ] }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1742406979, + "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", "type": "github" }, "original": { From a821b1ab164d4cab03cd63c40449373d05848f67 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 20:05:25 -0500 Subject: [PATCH 593/695] updated firefox config for leyla home manager --- configurations/home-manager/leyla/firefox.nix | 157 +++++++++--------- 1 file changed, 80 insertions(+), 77 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 5bc49db..eef5d88 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -37,13 +37,13 @@ }; "NixOS Wiki" = { urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = ["@nw"]; }; "Searx" = { urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = ["@searx"]; }; @@ -258,81 +258,84 @@ "toolkit.telemetry.updatePing.enabled" = false; }; - bookmarks = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; }; }; } From 6c6f9a11bc9d29a93d0e32bbbb25705293c20617 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 20 Mar 2025 00:45:49 -0500 Subject: [PATCH 594/695] updated flake lock --- flake.lock | 26 +++++++++++++------------- nix-config-secrets | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index dfdc765..3a40e4c 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742417054, - "narHash": "sha256-xZrOGER/WjdotrDqHGqz0GGtXKmMw0yzrop6TtZSB7w=", + "lastModified": 1742442833, + "narHash": "sha256-fPRAEtERJoDi0wIK3pGUbkpTL4N4AW1gHFJ8LcfjFbI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9c8d89103be887c38fac9951d4d8900a91fff5d6", + "rev": "5b4fc9b4b510ee8b2e26c47261c1262bbd12800d", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742416832, - "narHash": "sha256-ycok0eJJcoknqaibdv/TEEEOUqovC42XCqbfLDYmnoQ=", + "lastModified": 1742442527, + "narHash": "sha256-P3hEYEIryixLQWeKOYjyxv6bIQIDoyNAuvEq+tfJc6k=", "owner": "nix-community", "repo": "home-manager", - "rev": "eb0f617aecbaf1eff5bacec789891e775af2f5a3", + "rev": "97a00e0659b2807454507eb3a593bd09b099bd80", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1742349195, - "narHash": "sha256-6Jd1bVeDtg1Tx5pfTI2pkVSc5OUsWzlzyRBE6uucvKk=", + "lastModified": 1742435492, + "narHash": "sha256-ndzDOuL+HFcWwrHfEy+29b2sAc96DY78xRasLg0ONiI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "627c4ca40954a81d52753e2c754863f244cf81ba", + "rev": "fee770e654c49d69aacbdaf291c8af819a67bb35", "type": "github" }, "original": { @@ -308,11 +308,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740354712, - "narHash": "sha256-1PMVP2txoD4lhW7k3fbYa7CZ+hLBJO5f91EWtegrqEg=", + "lastModified": 1742444385, + "narHash": "sha256-QUcFbv7JG9SqtLmBUEhoFRTaMefQnb/GeY/Ql4LcA6Y=", "ref": "refs/heads/main", - "rev": "db6d65e814bc0c99f6e9b95308184b004038243e", - "revCount": 13, + "rev": "839273dc72d1e82d7941ba2459e5ed228f398573", + "revCount": 14, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index db6d65e..839273d 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit db6d65e814bc0c99f6e9b95308184b004038243e +Subproject commit 839273dc72d1e82d7941ba2459e5ed228f398573 From 186dd689ebcce8fb8e4259136376ea3cd549b87a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 17:34:29 -0500 Subject: [PATCH 595/695] added extra tailscale config --- configurations/nixos/defiant/configuration.nix | 6 ++++-- configurations/nixos/horizon/configuration.nix | 6 ++++++ configurations/nixos/twilight/configuration.nix | 8 +++++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b7214b..87fff9b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -177,13 +177,15 @@ useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" - "--advertise-routes=192.168.1.0/24" + "--advertise-routes=192.168.0.0/24" "--accept-dns=false" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" - "--advertise-routes=192.168.1.0/24" + "--advertise-routes=192.168.0.0/24" "--accept-dns=false" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index c97a892..5ed6d01 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -62,6 +62,12 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; + extraUpFlags = [ + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; + extraSetFlags = [ + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 5238b84..fbfe66d 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -55,9 +55,15 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; - extraUpFlags = ["--advertise-exit-node"]; + extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.0.0/24" + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; extraSetFlags = [ "--advertise-exit-node" + "--advertise-routes=192.168.0.0/24" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; From 0d7da663ed1d9fa20ab482cc962872dc548afd52 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 17:56:26 -0500 Subject: [PATCH 596/695] removed leyla tag from advertise-tags --- .../nixos/defiant/configuration.nix | 3 +- .../nixos/horizon/configuration.nix | 5 +-- .../nixos/twilight/configuration.nix | 3 +- flake.lock | 44 +++++++++---------- nix-config-secrets | 2 +- 5 files changed, 26 insertions(+), 31 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 87fff9b..9de9b38 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -179,13 +179,12 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5ed6d01..2f98cf8 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,10 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:leyla,tag:server,tag:static" - ]; - extraSetFlags = [ - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index fbfe66d..2c1b3d5 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,12 +58,11 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/flake.lock b/flake.lock index 3a40e4c..56a5cd1 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742442833, - "narHash": "sha256-fPRAEtERJoDi0wIK3pGUbkpTL4N4AW1gHFJ8LcfjFbI=", + "lastModified": 1742489760, + "narHash": "sha256-OkYl/wf09cKviSV1R6SshcRmeX1iDNEKCMg5KlmTwK0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5b4fc9b4b510ee8b2e26c47261c1262bbd12800d", + "rev": "10f7b577f5081b30ca6b7fd5f98de8d7dfdb5a27", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742442527, - "narHash": "sha256-P3hEYEIryixLQWeKOYjyxv6bIQIDoyNAuvEq+tfJc6k=", + "lastModified": 1742588233, + "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=", "owner": "nix-community", "repo": "home-manager", - "rev": "97a00e0659b2807454507eb3a593bd09b099bd80", + "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1742373336, - "narHash": "sha256-oEF5dBlq8wGD3mkJ5PmFS1PGb28uYmvuy1IH6roIGkQ=", + "lastModified": 1742595055, + "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2d9b63316926aa130a5a51136d93b9be28808f26", + "rev": "e9f41de2a81f04390afd106959adf352a207628f", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1742435492, - "narHash": "sha256-ndzDOuL+HFcWwrHfEy+29b2sAc96DY78xRasLg0ONiI=", + "lastModified": 1742522036, + "narHash": "sha256-OmIHuzgZt38vn9SkysbS5D+KaAbKadtaKfODh0iWALk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "fee770e654c49d69aacbdaf291c8af819a67bb35", + "rev": "4cff80a994fd6edb6c62ee5439cd587b50871cf3", "type": "github" }, "original": { @@ -274,11 +274,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742422364, + "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", "type": "github" }, "original": { @@ -308,11 +308,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1742444385, - "narHash": "sha256-QUcFbv7JG9SqtLmBUEhoFRTaMefQnb/GeY/Ql4LcA6Y=", + "lastModified": 1742597341, + "narHash": "sha256-r9Tid/fvcxi6LjAtW7YbXGN1HAtz/XEQkWZVPw3pLvk=", "ref": "refs/heads/main", - "rev": "839273dc72d1e82d7941ba2459e5ed228f398573", - "revCount": 14, + "rev": "d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433", + "revCount": 15, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -328,11 +328,11 @@ ] }, "locked": { - "lastModified": 1742406979, - "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", + "lastModified": 1742595978, + "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", + "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d", "type": "github" }, "original": { diff --git a/nix-config-secrets b/nix-config-secrets index 839273d..d022f6b 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 839273dc72d1e82d7941ba2459e5ed228f398573 +Subproject commit d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433 From 2dfdb79f06967d64e0bda75e9fd92c6c8b3ae063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 18:33:57 -0500 Subject: [PATCH 597/695] fixed advertised tags on clients --- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 2f98cf8..c9ad6e8 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,7 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:server,tag:static" + "--advertise-tags=tag:client,tag:mobile" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 2c1b3d5..5da8a77 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,7 +58,7 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:server,tag:static" + "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 4f3064351316e803d23d941c3e1b7ad4ef6c8e86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 18:47:00 -0500 Subject: [PATCH 598/695] removed advertise tags from devices --- configurations/nixos/defiant/configuration.nix | 2 +- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9de9b38..6c2336a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -179,7 +179,7 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:server,tag:static" + # "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index c9ad6e8..b59b7e9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,7 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:client,tag:mobile" + # "--advertise-tags=tag:client,tag:mobile" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 5da8a77..6def768 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,7 +58,7 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:client,tag:static" + # "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 76d68cf146e11b75c86b9c1270d53b38593bf127 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 12:50:17 -0500 Subject: [PATCH 599/695] disabled home assistant --- .../nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/server/fail2ban.nix | 42 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6c2336a..5c3a7ed 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -108,7 +108,7 @@ subdomain = "search"; }; home-assistant = { - enable = true; + enable = false; subdomain = "home"; }; adguardhome = { diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index e3f6280..f410aeb 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -32,20 +32,20 @@ in { failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " '') ); - "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf + # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + # [INCLUDES] + # before = common.conf - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + # [Definition] + # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - ignoreregex = + # ignoreregex = - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); + # [Init] + # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + # '') + # ); "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] @@ -105,16 +105,16 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; + # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + # enabled = true; + # filter = "hass"; + # action = ''iptables-multiport[name=HTTP, port="http,https"]''; + # logpath = "${config.services.home-assistant.configDir}/*.log"; + # backend = "auto"; + # findtime = 600; + # bantime = 600; + # maxretry = 5; + # }; immich-iptables.settings = lib.mkIf config.services.immich.enable { enabled = true; filter = "immich"; From c7938c3fe796a1ca95ec4f05342c52ecab18be6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 13:01:25 -0500 Subject: [PATCH 600/695] moved fail2ban configs into service configs --- modules/nixos-modules/server/fail2ban.nix | 44 ----------------------- modules/nixos-modules/server/forgejo.nix | 26 ++++++++++++++ modules/nixos-modules/server/immich.nix | 22 ++++++++++++ modules/nixos-modules/server/jellyfin.nix | 25 +++++++++++++ 4 files changed, 73 insertions(+), 44 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f410aeb..6fdfd6a 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -20,18 +20,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." - '') - ); - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' # [INCLUDES] @@ -46,13 +34,6 @@ in { # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S # '') # ); - "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - '') - ); }; services.fail2ban = { @@ -85,26 +66,6 @@ in { bantime = 600; maxretry = 5; }; - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { # enabled = true; # filter = "hass"; @@ -115,11 +76,6 @@ in { # bantime = 600; # maxretry = 5; # }; - immich-iptables.settings = lib.mkIf config.services.immich.enable { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index f0c1974..d19e0ae 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: let forgejoPort = 8081; @@ -67,6 +68,31 @@ in { config.services.forgejo.settings.server.SSH_LISTEN_PORT ]; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + }; + + services.fail2ban = { + jails = { + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 2756e5c..5160701 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: let mediaLocation = "/var/lib/immich"; @@ -59,6 +60,27 @@ in { ]; }; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + '') + ); + }; + + services.fail2ban = { + jails = { + immich-iptables.settings = lib.mkIf config.services.immich.enable { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 77d5744..79e0ffa 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -53,6 +53,31 @@ in { pkgs.jellyfin-ffmpeg ]; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." + '') + ); + }; + + services.fail2ban = { + jails = { + jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + enabled = true; + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; From 597c25b49dcaded5ff32864fa42ac99cc8dcff4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 13:27:04 -0500 Subject: [PATCH 601/695] moved service config out of host namespace --- README.md | 1 - .../nixos/defiant/configuration.nix | 45 +++++----- modules/nixos-modules/server/fail2ban.nix | 9 +- modules/nixos-modules/server/forgejo.nix | 54 ++++++------ modules/nixos-modules/server/immich.nix | 15 +--- modules/nixos-modules/server/jellyfin.nix | 15 ++-- modules/nixos-modules/server/searx.nix | 84 +++++++++---------- 7 files changed, 98 insertions(+), 125 deletions(-) diff --git a/README.md b/README.md index 7c1908e..2c46110 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services -- move extra custom configuration for services out of host config and instead extend services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5c3a7ed..78c215d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -48,9 +48,6 @@ ]; }; }; - fail2ban = { - enable = true; - }; network_storage = { enable = true; directories = [ @@ -74,7 +71,7 @@ folder = "media"; user = "jellyfin"; group = "jellyfin_media"; - bind = config.host.jellyfin.media_directory; + bind = config.services.jellyfin.media_directory; } ]; nfs = { @@ -94,19 +91,6 @@ }; }; }; - jellyfin = { - enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; - }; - forgejo = { - enable = true; - subdomain = "git"; - }; - searx = { - enable = true; - subdomain = "search"; - }; home-assistant = { enable = false; subdomain = "home"; @@ -114,10 +98,6 @@ adguardhome = { enable = false; }; - immich = { - enable = true; - subdomain = "photos"; - }; sync = { enable = true; folders = { @@ -187,6 +167,29 @@ "--accept-dns=false" ]; }; + + fail2ban.enable = true; + + jellyfin = { + enable = true; + subdomain = "media"; + extraSubdomains = ["jellyfin"]; + }; + + immich = { + enable = true; + subdomain = "photos"; + }; + + forgejo = { + enable = true; + subdomain = "git"; + }; + + searx = { + enable = true; + subdomain = "search"; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 6fdfd6a..be83e6f 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -7,11 +7,7 @@ dataFolder = "/var/lib/fail2ban"; dataFile = "fail2ban.sqlite3"; in { - options.host.fail2ban = { - enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; - }; - - config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ + config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ { environment.etc = { "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( @@ -37,7 +33,6 @@ in { }; services.fail2ban = { - enable = true; maxretry = 5; ignoreIP = [ # Whitelist local networks @@ -90,8 +85,6 @@ in { ]; environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = dataFolder; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index d19e0ae..40a5303 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -9,8 +9,7 @@ db_user = "forgejo"; sshPort = 22222; in { - options.host.forgejo = { - enable = lib.mkEnableOption "should forgejo be enabled on this computer"; + options.services.forgejo = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that forgejo will be hosted at"; @@ -18,10 +17,10 @@ in { }; }; - config = lib.mkIf config.host.forgejo.enable (lib.mkMerge [ + config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString forgejoPort}"; }; postgres = { @@ -34,32 +33,29 @@ in { }; }; - services = { - forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + ROOT_URL = "https://git.jan-leila.com"; }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = config.users.users.git.name; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; }; }; }; diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 5160701..e7088a9 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -6,8 +6,7 @@ }: let mediaLocation = "/var/lib/immich"; in { - options.host.immich = { - enable = lib.mkEnableOption "should immich be enabled on this computer"; + options.services.immich = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that immich will be hosted at"; @@ -15,10 +14,10 @@ in { }; }; - config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.host.immich.subdomain} = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; websockets.enable = true; @@ -45,12 +44,6 @@ in { }; }; - services.immich = { - enable = true; - port = 2283; - # redis.enable = false; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedUDPPorts = [ config.services.immich.port @@ -89,8 +82,6 @@ in { } ]; environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = mediaLocation; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 79e0ffa..010ea1a 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -8,8 +8,7 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - options.host.jellyfin = { - enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; + options.services.jellyfin = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that jellyfin will be hosted at"; @@ -27,16 +26,14 @@ in { }; }; - config = lib.mkIf config.host.jellyfin.enable ( + config = lib.mkIf config.services.jellyfin.enable ( lib.mkMerge [ { - services.jellyfin.enable = true; - host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; - subdomain = config.host.jellyfin.subdomain; - extraSubdomains = config.host.jellyfin.extraSubdomains; + subdomain = config.services.jellyfin.subdomain; + extraSubdomains = config.services.jellyfin.extraSubdomains; forwardHeaders.enable = true; @@ -107,8 +104,6 @@ in { environment.persistence = { "/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = jellyfin_data_directory; @@ -128,7 +123,7 @@ in { hideMounts = true; directories = [ { - directory = config.host.jellyfin.media_directory; + directory = config.services.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index c578b41..d357308 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -4,8 +4,7 @@ inputs, ... }: { - options.host.searx = { - enable = lib.mkEnableOption "should searx be enabled on this computer"; + options.services.searx = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that searx will be hosted at"; @@ -13,7 +12,7 @@ }; }; - config = lib.mkIf config.host.searx.enable { + config = lib.mkIf config.services.searx.enable { sops.secrets = { "services/searx" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -21,56 +20,53 @@ }; host = { reverse_proxy.subdomains.searx = { - subdomain = config.host.searx.subdomain; + subdomain = config.services.searx.subdomain; target = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; - services = { - searx = { - enable = true; - environmentFile = config.sops.secrets."services/searx".path; + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; }; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; }; }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; }; }; } From 759390af8d4c650055d99c0f872dfb9002f9dd86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 14:35:54 -0500 Subject: [PATCH 602/695] removed unused syncthing config options --- .../nixos/defiant/configuration.nix | 15 ++------ .../nixos/horizon/configuration.nix | 11 ++---- .../nixos/twilight/configuration.nix | 11 ++---- modules/nixos-modules/sync.nix | 36 +------------------ 4 files changed, 7 insertions(+), 66 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 78c215d..e3d59bd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -98,19 +98,6 @@ adguardhome = { enable = false; }; - sync = { - enable = true; - folders = { - share = { - enable = true; - calendar.enable = true; - }; - leyla = { - documents.enable = true; - notes.enable = true; - }; - }; - }; }; networking = { hostId = "c51763d6"; @@ -168,6 +155,8 @@ ]; }; + syncthing.enable = true; + fail2ban.enable = true; jellyfin = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index b59b7e9..6375003 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -17,15 +17,6 @@ }; eve.isDesktopUser = true; }; - sync = { - enable = true; - folders = { - share.enable = true; - leyla = { - documents.enable = true; - }; - }; - }; }; environment.systemPackages = [ @@ -66,6 +57,8 @@ # "--advertise-tags=tag:client,tag:mobile" ]; }; + + syncthing.enable = true; }; networking = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 6def768..8467003 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -29,15 +29,6 @@ openRGB.enable = true; graphicsAcceleration.enable = true; }; - sync = { - enable = true; - folders = { - share.enable = true; - leyla = { - documents.enable = true; - }; - }; - }; }; services = { @@ -65,6 +56,8 @@ "--advertise-routes=192.168.0.0/24" ]; }; + + syncthing.enable = true; }; programs.steam = { enable = true; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index de361e6..8915dc8 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -7,39 +7,6 @@ mountDir = "/mnt/sync"; configDir = "/etc/syncthing"; in { - options.host.sync = { - enable = lib.mkEnableOption "should sync thing be enabled on this device"; - folders = { - share = { - enable = lib.mkEnableOption "should the share folder by synced"; - calendar = { - enable = lib.mkEnableOption "should the calendar folder be synced"; - }; - }; - leyla = { - documents = { - enable = lib.mkEnableOption "should the documents folder be synced"; - }; - notes = { - enable = lib.mkEnableOption "should the notes folder by synced"; - }; - }; - extraFolders = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({...}: { - options = { - path = lib.mkOption { - type = lib.types.str; - }; - devices = lib.mkOption { - type = lib.types.listof lib.types.str; - }; - }; - })); - default = {}; - }; - }; - }; - config = lib.mkMerge [ { systemd = lib.mkIf config.services.syncthing.enable { @@ -50,10 +17,9 @@ in { ]; }; } - (lib.mkIf config.host.sync.enable (lib.mkMerge [ + (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ { services.syncthing = { - enable = true; user = "syncthing"; group = "syncthing"; dataDir = "${mountDir}/default"; From ba5d5a14876d2398b4ca4bf4b7bdb80a84306cca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 14:39:19 -0500 Subject: [PATCH 603/695] removed all advertise tags comments --- configurations/nixos/defiant/configuration.nix | 1 - configurations/nixos/horizon/configuration.nix | 3 --- configurations/nixos/twilight/configuration.nix | 1 - 3 files changed, 5 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e3d59bd..f7131fd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -146,7 +146,6 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - # "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 6375003..082824d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -53,9 +53,6 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; - extraUpFlags = [ - # "--advertise-tags=tag:client,tag:mobile" - ]; }; syncthing.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 8467003..bbd8835 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -49,7 +49,6 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - # "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 77f1aa30b78f5f8fdaee3b23a787da509c105636 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Mar 2025 19:16:02 -0500 Subject: [PATCH 604/695] drafted out virt home assistant --- .../nixos/defiant/configuration.nix | 14 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 174 +++++++++++------- .../server/virt-home-assistant.nix | 155 ++++++++++++++++ 4 files changed, 270 insertions(+), 75 deletions(-) create mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f7131fd..7209aa9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -91,10 +91,10 @@ }; }; }; - home-assistant = { - enable = false; - subdomain = "home"; - }; + # home-assistant = { + # enable = false; + # subdomain = "home"; + # }; adguardhome = { enable = false; }; @@ -178,6 +178,12 @@ enable = true; subdomain = "search"; }; + + virt-home-assistant = { + enable = false; + networkBridge = "bond0"; + hostDevice = "0x10c4:0xea60"; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 956ad9e..6c3ba8e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./home-assistant.nix + ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 254e183..a90bd6d 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: let configDir = "/var/lib/hass"; @@ -16,81 +17,114 @@ in { config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ { - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - services.home-assistant = { - enable = true; - configDir = configDir; - extraComponents = [ - "met" - "radio_browser" - "isal" - "zha" - "jellyfin" - "webostv" - "tailscale" - "syncthing" - "sonos" - "analytics_insights" - "unifi" - "openweathermap" - ]; - config = { - http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - # recorder.db_url = "postgresql://@/${db_user}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts + virtualisation.libvirt = { + swtpm.enable = true; + connections."qemu:///session" = { + networks = [ + { + definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge + { + uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; + subnet_byte = 71; + }); + active = true; + } + ]; + domains = [ + { + definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux + { + name = "Home Assistant"; + uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; + memory = { + count = 4; + unit = "GiB"; + }; + # storage_vol = { + # pool = "MyPool"; + # volume = "Penguin.qcow2"; + # }; + }); + } ]; - }; - host = { - reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; }; }; + + # systemd.tmpfiles.rules = [ + # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + # ]; + # services.home-assistant = { + # enable = true; + # configDir = configDir; + # extraComponents = [ + # "met" + # "radio_browser" + # "isal" + # "zha" + # "jellyfin" + # "webostv" + # "tailscale" + # "syncthing" + # "sonos" + # "analytics_insights" + # "unifi" + # "openweathermap" + # ]; + # config = { + # http = { + # server_port = 8082; + # use_x_forwarded_for = true; + # trusted_proxies = ["127.0.0.1" "::1"]; + # ip_ban_enabled = true; + # login_attempts_threshold = 10; + # }; + # # recorder.db_url = "postgresql://@/${db_user}"; + # "automation manual" = []; + # "automation ui" = "!include automations.yaml"; + # }; + # extraPackages = python3Packages: + # with python3Packages; [ + # hassil + # numpy + # gtts + # ]; + # }; + # host = { + # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { + # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + # websockets.enable = true; + # forwardHeaders.enable = true; + + # extraConfig = '' + # add_header Upgrade $http_upgrade; + # add_header Connection \"upgrade\"; + + # proxy_buffering off; + + # proxy_read_timeout 90; + # ''; + # }; + # }; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; + # assertions = [ + # { + # assertion = config.services.home-assistant.configDir == configDir; + # message = "home assistant config directory does not match persistence"; + # } + # ]; + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # { + # directory = configDir; + # user = "hass"; + # group = "hass"; + # } + # ]; + # }; }) ]); } diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix new file mode 100644 index 0000000..4212668 --- /dev/null +++ b/modules/nixos-modules/server/virt-home-assistant.nix @@ -0,0 +1,155 @@ +{ + config, + lib, + pkgs, + ... +}: { + options.services.virt-home-assistant = { + enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; + networkBridge = lib.mkOption { + type = lib.types.str; + description = "what network bridge should we attach to the image"; + }; + hostDevice = lib.mkOption { + type = lib.types.str; + description = "what host devices should be attached to the image"; + }; + initialVersion = lib.mkOption { + type = lib.types.str; + description = "what home assistant image version should we pull for initial instal"; + default = "15.0"; + }; + imageName = lib.mkOption { + type = lib.types.str; + description = "where should the image be installed to"; + default = "home-assistant.qcow2"; + }; + installLocation = lib.mkOption { + type = lib.types.str; + description = "where should the image be installed to"; + default = "/etc/hass"; + }; + virtualMachineName = lib.mkOption { + type = lib.types.str; + description = "what name should we give the virtual machine"; + default = "home-assistant"; + }; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; + config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ + { + # environment.systemPackages = with pkgs; [ + # virt-manager + # ]; + + # TODO: move this to external module and just have an assertion here that its enabled + # enable virtualization on the system + virtualisation = { + libvirtd = { + enable = true; + qemu.ovmf.enable = true; + }; + }; + + # TODO: deactivation script? + # create service to install and start the container + systemd.services.virt-install-home-assistant = let + # TODO: all of these need to be escaped to be used in commands reliably + bridgedNetwork = config.services.virt-home-assistant.networkBridge; + hostDevice = config.services.virt-home-assistant.hostDevice; + virtualMachineName = config.services.virt-home-assistant.virtualMachineName; + imageName = config.services.virt-home-assistant.imageName; + installLocation = config.services.virt-home-assistant.installLocation; + installImage = "${installLocation}/${imageName}"; + initialVersion = config.services.virt-home-assistant.initialVersion; + + home-assistant-qcow2 = pkgs.fetchurl { + name = "home-assistant.qcow2"; + url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; + hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; + postFetch = '' + cp $out src.xz + rm -r $out + ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} + ''; + }; + + # Write a script to install the Home Assistant OS qcow2 image + virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' + # Copy the initial image out of the package store to the install location if we don't have one yet + if [ ! -f ${installImage} ]; then + cp ${home-assistant-qcow2} ${installLocation} + fi + + # Check if VM already exists, and other pre-conditions + if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then + ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ + --description "Home Assistant OS" \ + --os-variant=generic \ + --boot uefi \ + --ram=2048 \ + --vcpus=2 \ + --import \ + --disk ${installImage},bus=sata \ + --network bridge=${bridgedNetwork} \ + --host-device ${hostDevice} \ + --graphics none + ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} + fi + ''; + in { + description = "Install and start Home Assistant"; + wantedBy = ["multi-user.target"]; + after = ["local-fs.target"]; + requires = ["libvirtd.service"]; + serviceConfig.Type = "oneshot"; + serviceConfig = { + ExecStart = "${virtInstallScript}/bin/virt-install-hass"; + }; + }; + + # TODO: figure out what we need to proxy to the virtual image + # host = { + # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { + # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + # websockets.enable = true; + # forwardHeaders.enable = true; + + # extraConfig = '' + # add_header Upgrade $http_upgrade; + # add_header Connection \"upgrade\"; + + # proxy_buffering off; + + # proxy_read_timeout 90; + # ''; + # }; + # }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: figure out how to write a config for this, prob based on nginx proxy logs? + }) + (lib.mkIf config.host.impermanence.enable { + # assertions = [ + # { + # assertion = config.services.virt-home-assistant.installLocation == configDir; + # message = "home assistant install location does not match persistence"; + # } + # ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.virt-home-assistant.installLocation; + } + ]; + }; + }) + ]); +} From 629357a416f681c9aa72ed4b8eb1f470d358c2c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Mar 2025 17:22:46 -0500 Subject: [PATCH 605/695] port forwarded jellyfin port to stop logs from getting spammed --- .../nixos/defiant/hardware-configuration.nix | 2 +- .../nixos/horizon/configuration.nix | 43 ------------------- modules/nixos-modules/server/jellyfin.nix | 2 + 3 files changed, 3 insertions(+), 44 deletions(-) diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 85dcd9e..3b3ac45 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -72,7 +72,7 @@ networkConfig.DHCP = "yes"; address = [ - "192.168.1.10/24" + "192.168.1.10" ]; gateway = ["192.168.1.1"]; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 082824d..dabb2cf 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -31,9 +31,6 @@ "wireguard-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; }; - # "wireguard-keys/proton/horizon" = { - # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - # }; }; services = { @@ -58,46 +55,6 @@ syncthing.enable = true; }; - networking = { - # wg-quick.interfaces = { - # proton = { - # # IP address of this machine in the *tunnel network* - # address = ["10.2.0.1/32"]; - - # listenPort = 51820; - - # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - - # peers = [ - # { - # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "84.17.63.8:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "68.169.42.242:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; - # allowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; - # }; - }; - - # networking.extraHosts = '' - # # 192.168.1.204 jan-leila.com - # 192.168.1.204 media.jan-leila.com - # # 192.168.1.204 drive.jan-leila.com - # 192.168.1.204 git.jan-leila.com - # # 192.168.1.204 search.jan-leila.com - # ''; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 010ea1a..49d9a9f 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -49,6 +49,8 @@ in { pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From 239ab58b5c728cd132017d7b5b15f5ffac22c6a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 13:09:34 -0500 Subject: [PATCH 606/695] installed paperwork --- configurations/home-manager/leyla/packages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index cceffb6..f015e40 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -48,7 +48,6 @@ in { makemkv transmission_4-gtk onionshare - easytag # rhythmbox (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark @@ -56,6 +55,8 @@ in { # fritzing mfoc tor-browser + anki + paperwork # proprietary platforms discord @@ -63,8 +64,6 @@ in { # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - anki - # development tools # androidStudioPackages.canary jetbrains.idea-community From fd9d764e67aa415fd18438232cee44b872f98c0b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 14:24:43 -0500 Subject: [PATCH 607/695] uninstalled paperwork --- configurations/home-manager/leyla/packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index f015e40..5bc82b7 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,7 +56,6 @@ in { mfoc tor-browser anki - paperwork # proprietary platforms discord From 508e831a2a7b6db5e0d795582db21e6695e4021b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 15:40:12 -0500 Subject: [PATCH 608/695] renamed supernote notes share --- configurations/syncthing/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index 1934684..bd05d9f 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -6,7 +6,7 @@ leyla_calendar = { id = "8oatl-1rv6w"; }; - leyla_notes = { + leyla_supernote_notes = { id = "dwbuv-zffnf"; }; share = { @@ -25,8 +25,8 @@ folder = config.folders.leyla_calendar; path = "/mnt/sync/leyla/calendar"; }; - leyla_notes = { - folder = config.folders.leyla_notes; + leyla_supernote_notes = { + folder = config.folders.leyla_supernote_notes; path = "/mnt/sync/leyla/notes"; }; share = { @@ -64,12 +64,12 @@ coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; folders = { - share = { - folder = config.folders.share; - }; leyla_documents = { folder = config.folders.leyla_documents; }; + share = { + folder = config.folders.share; + }; }; }; ceder = { @@ -85,7 +85,7 @@ folder = config.folders.leyla_calendar; }; leyla_notes = { - folder = config.folders.leyla_notes; + folder = config.folders.leyla_supernote_notes; }; }; }; From bd608563c0a839d8941e3e9e14279323ef8afed4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 15:56:18 -0500 Subject: [PATCH 609/695] added emergent and eves records folders --- configurations/syncthing/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bd05d9f..397f678 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -9,6 +9,9 @@ leyla_supernote_notes = { id = "dwbuv-zffnf"; }; + eve_records = { + id = "by6at-d4h9n"; + }; share = { id = "73ot0-cxmkx"; }; @@ -29,6 +32,10 @@ folder = config.folders.leyla_supernote_notes; path = "/mnt/sync/leyla/notes"; }; + eve_records = { + folder = config.folders.eve_records; + path = "/mnt/sync/eve/records"; + }; share = { folder = config.folders.share; path = "/mnt/sync/default/share"; @@ -89,6 +96,17 @@ }; }; }; + emergent = { + id = "6MIDMKJ-7IFHXVX-FIR3YTB-KVE75LN-PA6IOTN-I257LWR-MMC4K6C-5H4SHQN"; + folders = { + eve_records = { + folder = config.folders.eve_records; + }; + share = { + folder = config.folders.share; + }; + }; + }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; folders = { From 70ed1618b5ad7af115afa97af089f71aad14d876 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 17:11:22 -0500 Subject: [PATCH 610/695] added pdfarranger and calibre to applications --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 5bc82b7..c4bfda2 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,6 +56,7 @@ in { mfoc tor-browser anki + pdfarranger # proprietary platforms discord From 89534b38d36de9cceb7f6576c5cbe632ace6102d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 10:06:31 -0500 Subject: [PATCH 611/695] added calibre to leyla packages --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index c4bfda2..43124a7 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -57,6 +57,7 @@ in { tor-browser anki pdfarranger + calibre # proprietary platforms discord From f77ff8d28422d7bc68c6dbc6184666ccc1b8288d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 11:43:51 -0500 Subject: [PATCH 612/695] updated flake lock and disabled lix again --- flake.lock | 128 ++++++++--------------------------------------- flake.nix | 8 +-- util/default.nix | 4 +- 3 files changed, 28 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 56a5cd1..b9809b3 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742489760, - "narHash": "sha256-OkYl/wf09cKviSV1R6SshcRmeX1iDNEKCMg5KlmTwK0=", + "lastModified": 1743119709, + "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "10f7b577f5081b30ca6b7fd5f98de8d7dfdb5a27", + "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65", "type": "gitlab" }, "original": { @@ -91,39 +91,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -131,11 +98,11 @@ ] }, "locked": { - "lastModified": 1742588233, - "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=", + "lastModified": 1743259333, + "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d", + "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68", "type": "github" }, "original": { @@ -159,41 +126,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -201,11 +133,11 @@ ] }, "locked": { - "lastModified": 1742595055, - "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", + "lastModified": 1743221873, + "narHash": "sha256-i8VPNm4UBsC3Ni6VwjojVJvCpS9GZ4vPrpFRtCGJzBs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e9f41de2a81f04390afd106959adf352a207628f", + "rev": "53d0f0ed11487a4476741fde757d0feabef4cc4e", "type": "github" }, "original": { @@ -237,17 +169,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1742522036, - "narHash": "sha256-OmIHuzgZt38vn9SkysbS5D+KaAbKadtaKfODh0iWALk=", + "lastModified": 1743213162, + "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4cff80a994fd6edb6c62ee5439cd587b50871cf3", + "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742376361, - "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=", + "lastModified": 1743167577, + "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9", + "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42", "type": "github" }, "original": { @@ -274,11 +206,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1743095683, + "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", "type": "github" }, "original": { @@ -295,7 +227,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -328,11 +259,11 @@ ] }, "locked": { - "lastModified": 1742595978, - "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -355,21 +286,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f9cb9a6..c5968db 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index c6e0e06..4b713da 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From c1b52262b686226212ad052e06b740f959cadfca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 14:56:30 -0500 Subject: [PATCH 613/695] removed completed task from tech debt tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2c46110..bc31eca 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folder passwords - nfs export should be backed by the same values for server and client -- move fail2ban configs out of fail2ban.nix and into configs for their respective services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts From 8a3aaba17c4ddf321c0ea5e0a2525c69e27360d4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Mar 2025 13:23:16 -0500 Subject: [PATCH 614/695] added qbittorrent package --- configurations/home-manager/leyla/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 43124a7..449e828 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -58,6 +58,7 @@ in { anki pdfarranger calibre + qbittorrent # proprietary platforms discord @@ -78,7 +79,7 @@ in { openvpn noisetorch - # hardware managment tools + # hardware management tools (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) From 2f6e566acca7919850108eeebe28379a2f7de860 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 15:25:22 -0500 Subject: [PATCH 615/695] updated wireguard keys file to vpn keys file --- .sops.yaml | 2 +- .../nixos/defiant/configuration.nix | 6 +- .../nixos/horizon/configuration.nix | 6 +- .../nixos/twilight/configuration.nix | 6 +- flake.lock | 56 +++++++++---------- nix-config-secrets | 2 +- 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 3f54dcc..b8b0adf 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,7 @@ creation_rules: key_groups: - age: - *leyla - - path_regex: secrets/wireguard-keys.yaml$ + - path_regex: secrets/vpn-keys.yaml$ key_groups: - age: - *leyla diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7209aa9..7455812 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -6,8 +6,8 @@ ... }: { sops.secrets = { - "wireguard-keys/tailscale-authkey/defiant" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/defiant" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -140,7 +140,7 @@ }; tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index dabb2cf..5f1fd3a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -28,8 +28,8 @@ programs.adb.enable = true; sops.secrets = { - "wireguard-keys/tailscale-authkey/horizon" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/horizon" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; }; @@ -48,7 +48,7 @@ }; tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bbd8835..73dd642 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,8 +10,8 @@ nixpkgs.config.allowUnfree = true; sops.secrets = { - "wireguard-keys/tailscale-authkey/twilight" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/twilight" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; }; host = { @@ -44,7 +44,7 @@ tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; extraUpFlags = [ "--advertise-exit-node" diff --git a/flake.lock b/flake.lock index b9809b3..d9ea0b7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1743524395, + "narHash": "sha256-BXVan1TBC2iDJODFvCoz2XrbAOyZ9KWjwyIkOYwO4Mc=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "f6dbc8952df9e40afafbe38449751bfad12d64f2", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1743119709, - "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=", + "lastModified": 1743527765, + "narHash": "sha256-Y7TQ4bseuTjnXu3/Km8ylRIkyiYrZjwp5cqcb/7bJzs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65", + "rev": "d7c0454483cf3644c8e5d3094ad2f1ee2cdcc6b0", "type": "gitlab" }, "original": { @@ -98,11 +98,11 @@ ] }, "locked": { - "lastModified": 1743259333, - "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=", + "lastModified": 1743527271, + "narHash": "sha256-EuanEW1qqXZ2h0zJnq7uz8BoHbsgHgUrqWkCZHwZ9FA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68", + "rev": "f4d9d1e2ad19d544a0a0cf3f8f371c6139c762e9", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1743221873, - "narHash": "sha256-i8VPNm4UBsC3Ni6VwjojVJvCpS9GZ4vPrpFRtCGJzBs=", + "lastModified": 1743496612, + "narHash": "sha256-emPWa5lmKbnyuj8c1mSJUkzJNT+iJoU9GMcXwjp2oVM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "53d0f0ed11487a4476741fde757d0feabef4cc4e", + "rev": "73d59580d01e9b9f957ba749f336a272869c42dd", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1743213162, - "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", + "lastModified": 1743473153, + "narHash": "sha256-RVOgS/5+Nd/Oq3aXhIk8Y3aAILCYwm8nmrvLogy1hI0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", + "rev": "57ed10b9d4395687b38277f422fbb0700f65e632", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743167577, - "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -206,11 +206,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743095683, - "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", "type": "github" }, "original": { @@ -239,11 +239,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1742597341, - "narHash": "sha256-r9Tid/fvcxi6LjAtW7YbXGN1HAtz/XEQkWZVPw3pLvk=", + "lastModified": 1743538790, + "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", "ref": "refs/heads/main", - "rev": "d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433", - "revCount": 15, + "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", + "revCount": 17, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -259,11 +259,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1743502316, + "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", "type": "github" }, "original": { diff --git a/nix-config-secrets b/nix-config-secrets index d022f6b..3d63dff 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433 +Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 From 899617266f486b447a503bf056eb6642b4c03ed4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 16:22:44 -0500 Subject: [PATCH 616/695] created p2p wireguard interface for defiant --- .../nixos/defiant/configuration.nix | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7455812..ae69c26 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,6 +9,9 @@ "vpn-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; + "vpn-keys/proton-wireguard/defiant-p2p" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; @@ -101,6 +104,24 @@ }; networking = { hostId = "c51763d6"; + + wireguard.interfaces = { + p2p = { + ips = ["10.2.0.2/32"]; + listenPort = 51820; + + privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + + peers = [ + { + publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "185.230.126.146:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; }; services = { From 89c8cff8a9e37adde267630a425f658af5259f87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 20:47:32 -0500 Subject: [PATCH 617/695] created qbittorrent config --- flake.nix | 2 + modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/qbittorent.nix | 160 ++++++++++++++++++++ modules/nixos-modules/users.nix | 16 ++ 4 files changed, 179 insertions(+) create mode 100644 modules/nixos-modules/server/qbittorent.nix diff --git a/flake.nix b/flake.nix index c5968db..ba10d20 100644 --- a/flake.nix +++ b/flake.nix @@ -147,6 +147,8 @@ nix-inspect # for installing flakes from this repo onto other systems nixos-anywhere + # for updating disko configurations + disko ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 6c3ba8e..7beee8b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -11,5 +11,6 @@ ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix + ./qbittorent.nix ]; } diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix new file mode 100644 index 0000000..9b7b7e8 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent.nix @@ -0,0 +1,160 @@ +{ + lib, + pkgs, + config, + ... +}: let + qbittorent_data_directory = "/var/lib/qbittorrent"; +in { + options.services.qbittorrent = { + enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/qbittorrent"; + description = lib.mdDoc '' + The directory where qBittorrent stores its data files. + ''; + }; + + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + User account under which qBittorrent runs. + ''; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + Group under which qBittorrent runs. + ''; + }; + + webPort = lib.mkOption { + type = lib.types.port; + default = 8080; + description = lib.mdDoc '' + qBittorrent web UI port. + ''; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open services.qBittorrent.webPort to the outside network."; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.qbittorrent-nox; + defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; + description = "The qbittorrent package to use."; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ + { + networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { + allowedTCPPorts = [config.services.qbittorrent.webPort]; + }; + + systemd.services.qbittorrent = { + # based on the plex.nix service module and + # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in + description = "qBittorrent-nox service"; + documentation = ["man:qbittorrent-nox(1)"]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + Type = "simple"; + User = config.services.qbittorrent.user; + Group = config.services.qbittorrent.group; + + # Run the pre-start script with full permissions (the "!" prefix) so it + # can create the data directory if necessary. + ExecStartPre = let + preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' + #!${pkgs.bash}/bin/bash + + # Create data directory if it doesn't exist + if ! test -d "$QBT_PROFILE"; then + echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" + install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" + fi + ''; + in "!${preStartScript}"; + + #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; + ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; + # To prevent "Quit & shutdown daemon" from working; we want systemd to + # manage it! + #Restart = "on-success"; + #UMask = "0002"; + #LimitNOFILE = cfg.openFilesLimit; + }; + + environment = { + QBT_PROFILE = config.services.qbittorrent.dataDir; + QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_data_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7bdb3dd..18cf06f 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -23,6 +23,7 @@ ollama = 2008; git = 2009; immich = 2010; + qbittorrent = 2011; }; gids = { @@ -38,6 +39,7 @@ ollama = 2008; git = 2009; immich = 2010; + qbittorrent = 2011; }; users = config.users.users; @@ -159,6 +161,12 @@ in { isSystemUser = true; group = config.users.users.immich.name; }; + + qbittorrent = { + uid = lib.mkForce uids.qbittorrent; + isNormalUser = true; + group = config.users.users.qbittorrent.name; + }; }; groups = { @@ -255,6 +263,14 @@ in { # leyla ]; }; + + qbittorrent = { + gid = lib.mkForce gids.qbittorrent; + members = [ + users.qbittorrent.name + leyla + ]; + }; }; }; } From e293c838417da265765183073cf7ced505423122 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 22:33:18 -0500 Subject: [PATCH 618/695] tried to fix wireguard config --- .../nixos/defiant/configuration.nix | 92 ++++++++++++++++--- .../nixos/defiant/hardware-configuration.nix | 30 +----- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae69c26..199c1ba 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -11,6 +11,9 @@ }; "vpn-keys/proton-wireguard/defiant-p2p" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + mode = "0640"; + owner = "root"; + group = "systemd-network"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -102,26 +105,84 @@ enable = false; }; }; - networking = { - hostId = "c51763d6"; - wireguard.interfaces = { - p2p = { - ips = ["10.2.0.2/32"]; - listenPort = 51820; + systemd.network = { + enable = true; - privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + config = { + routeTables = { + p2p = 1; + }; + }; - peers = [ + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + + "15-p2p" = { + netdevConfig = { + Kind = "wireguard"; + Name = "p2p0"; + MTUBytes = "1300"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + # RouteTable = "p2p"; + }; + wireguardPeers = [ { - publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "185.230.126.146:51820"; - persistentKeepalive = 25; + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + AllowedIPs = ["0.0.0.0/0"]; + RouteTable = "off"; } ]; }; }; + networks = { + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; + + address = [ + "192.168.1.10/32" + ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; + }; + + "45-p2p" = { + matchConfig.Name = "p2p0"; + address = [ + "10.2.0.2/32" + ]; + # routingPolicyRules = [ + # { + # From = "10.2.0.2/32"; + # Table = "p2p"; + # } + # { + # To = "10.2.0.2/32"; + # Table = "p2p"; + # } + # ]; + linkConfig.RequiredForOnline = false; + }; + }; }; services = { @@ -205,6 +266,13 @@ networkBridge = "bond0"; hostDevice = "0x10c4:0xea60"; }; + + qbittorrent = { + enable = true; + mediaDir = "/srv/qbittorent"; + openFirewall = true; + webPort = 8084; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 3b3ac45..d4a638b 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -34,25 +34,13 @@ networking = { hostName = "defiant"; # Define your hostname. + hostId = "c51763d6"; useNetworkd = true; }; systemd.network = { enable = true; - netdevs = { - "10-bond0" = { - netdevConfig = { - Kind = "bond"; - Name = "bond0"; - }; - bondConfig = { - Mode = "802.3ad"; - TransmitHashPolicy = "layer3+4"; - }; - }; - }; - networks = { "30-eno1" = { matchConfig.Name = "eno1"; @@ -62,22 +50,6 @@ matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; }; - - "40-bond0" = { - matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "degraded-carrier"; - RequiredFamilyForOnline = "any"; - }; - networkConfig.DHCP = "yes"; - - address = [ - "192.168.1.10" - ]; - - gateway = ["192.168.1.1"]; - dns = ["192.168.1.1"]; - }; }; }; From 669132d67f47b0b8806a56fe1a9990c955e7a089 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 02:59:28 -0500 Subject: [PATCH 619/695] installed sox --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 449e828..d9f1b32 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -21,6 +21,7 @@ in { lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ # command line tools + sox yt-dlp ffmpeg imagemagick From eb738c14770b626f7e1bd367ee24258c0029658f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 03:14:35 -0500 Subject: [PATCH 620/695] cleaned up excluded packages --- .../nixos/defiant/configuration.nix | 25 ++++++------------- modules/nixos-modules/desktop.nix | 20 ++++++++++++++- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 199c1ba..ca9a291 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -127,11 +127,11 @@ }; }; - "15-p2p" = { + "15-p2p0" = { netdevConfig = { Kind = "wireguard"; Name = "p2p0"; - MTUBytes = "1300"; + MTUBytes = "1280"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; @@ -165,21 +165,16 @@ dns = ["192.168.1.1"]; }; - "45-p2p" = { + "45-p2p0" = { matchConfig.Name = "p2p0"; address = [ "10.2.0.2/32" ]; - # routingPolicyRules = [ - # { - # From = "10.2.0.2/32"; - # Table = "p2p"; - # } - # { - # To = "10.2.0.2/32"; - # Table = "p2p"; - # } - # ]; + routes = [ + { + Destination = "0.0.0.0/0"; + } + ]; linkConfig.RequiredForOnline = false; }; }; @@ -203,11 +198,7 @@ }; desktopManager = { gnome.enable = true; - xterm.enable = false; }; - - # Get rid of xTerm - excludePackages = [pkgs.xterm]; }; ollama = { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 22a7b65..2182cb2 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -27,7 +27,25 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = [pkgs.xterm]; + excludePackages = with pkgs; [ + xterm + transmission_4-qt + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + geary # email reader + gedit # text editor + gnome-characters + gnome-music + gnome-photos + gnome-tour + gnome-logs + gnome-maps + hitori # sudoku game + iagno # go game + tali # poker game + yelp # help viewer + ]; }; pipewire = { From 1637a83f846f6e3d7b5f5b5ea5f869cbcc014d40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 03:18:39 -0500 Subject: [PATCH 621/695] removed unused variable --- configurations/nixos/defiant/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca9a291..713eaf9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -2,7 +2,6 @@ { inputs, config, - pkgs, ... }: { sops.secrets = { From 4eea3aa57d7e7b2c51f3cdc2f06a473f1b5b2244 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 17:17:56 -0500 Subject: [PATCH 622/695] exposed jellyfin dlan --- modules/nixos-modules/server/jellyfin.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 49d9a9f..a8bbe71 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -5,6 +5,7 @@ ... }: let jellyfinPort = 8096; + dlanPort = 1900; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { @@ -50,7 +51,7 @@ in { pkgs.jellyfin-ffmpeg ]; - networking.firewall.allowedTCPPorts = [jellyfinPort]; + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From ee0697f4061de60453897e4cc4acc998284f685f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 22:37:31 -0500 Subject: [PATCH 623/695] updated flake --- flake.lock | 66 +++++++++++++++++++++--------------------------------- 1 file changed, 25 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index d9ea0b7..5e946bb 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1743524395, - "narHash": "sha256-BXVan1TBC2iDJODFvCoz2XrbAOyZ9KWjwyIkOYwO4Mc=", + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", "owner": "nix-community", "repo": "disko", - "rev": "f6dbc8952df9e40afafbe38449751bfad12d64f2", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", "type": "github" }, "original": { @@ -22,18 +22,17 @@ }, "firefox-addons": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1743527765, - "narHash": "sha256-Y7TQ4bseuTjnXu3/Km8ylRIkyiYrZjwp5cqcb/7bJzs=", + "lastModified": 1744586538, + "narHash": "sha256-cg6T6QnfIwAino7ruCQdqB4g6mj2aKg8Rbqjo6LiBDs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "d7c0454483cf3644c8e5d3094ad2f1ee2cdcc6b0", + "rev": "a3fe27c14a5cdd64a5319b3f83a1c65e29c9b4e1", "type": "gitlab" }, "original": { @@ -59,21 +58,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1629284811, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -98,11 +82,11 @@ ] }, "locked": { - "lastModified": 1743527271, - "narHash": "sha256-EuanEW1qqXZ2h0zJnq7uz8BoHbsgHgUrqWkCZHwZ9FA=", + "lastModified": 1744600951, + "narHash": "sha256-LNAAfQTDXSwtYYlh/v/tMwnCqeQAEHlBC9PgyQK5b/Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "f4d9d1e2ad19d544a0a0cf3f8f371c6139c762e9", + "rev": "e980d0e0e216f527ea73cfd12c7b019eceffa7f1", "type": "github" }, "original": { @@ -133,11 +117,11 @@ ] }, "locked": { - "lastModified": 1743496612, - "narHash": "sha256-emPWa5lmKbnyuj8c1mSJUkzJNT+iJoU9GMcXwjp2oVM=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "73d59580d01e9b9f957ba749f336a272869c42dd", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -169,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1743473153, - "narHash": "sha256-RVOgS/5+Nd/Oq3aXhIk8Y3aAILCYwm8nmrvLogy1hI0=", + "lastModified": 1744595919, + "narHash": "sha256-lFuezewhTch2FFZfB6Bx31Ls3+ixt2UYp7rJtpOlgFI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "57ed10b9d4395687b38277f422fbb0700f65e632", + "rev": "ea3fe071c83dae7e6a485f7f648b4914eabea683", "type": "github" }, "original": { @@ -190,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -206,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -259,11 +243,11 @@ ] }, "locked": { - "lastModified": 1743502316, - "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", + "lastModified": 1744518500, + "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", + "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", "type": "github" }, "original": { From 7f6f36378ce3f8a0b338c58dedd865aef4ceebdf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 23:07:57 -0500 Subject: [PATCH 624/695] removed many packages from defiant --- .../home-manager/leyla/packages.nix | 94 ++++++++++--------- .../nixos/horizon/configuration.nix | 4 + .../nixos/twilight/configuration.nix | 1 + modules/nixos-modules/desktop.nix | 1 - modules/nixos-modules/hardware.nix | 3 + 5 files changed, 57 insertions(+), 46 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index d9f1b32..460fa1f 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -29,62 +29,66 @@ in { ) ++ ( lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ + (with pkgs; [ # helvetica font aileron gnomeExtensions.dash-to-dock - #foss platforms - signal-desktop - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - transmission_4-gtk - onionshare - # rhythmbox - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - anki - pdfarranger - calibre - qbittorrent - - # proprietary platforms - discord - obsidian - # steam - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - # development tools - # androidStudioPackages.canary - jetbrains.idea-community dbeaver-bin bruno - qFlipper proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent - # system tools - protonvpn-gui - openvpn - noisetorch + # proprietary platforms + discord + obsidian + # steam + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ] + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) ) ); }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5f1fd3a..ae0c8de 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -17,6 +17,10 @@ }; eve.isDesktopUser = true; }; + + hardware = { + directAccess.enable = true; + }; }; environment.systemPackages = [ diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 73dd642..47e41ec 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -28,6 +28,7 @@ viaKeyboard.enable = true; openRGB.enable = true; graphicsAcceleration.enable = true; + directAccess.enable = true; }; }; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 2182cb2..cf59cd9 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -29,7 +29,6 @@ desktopManager.xterm.enable = false; excludePackages = with pkgs; [ xterm - transmission_4-qt atomix # puzzle game cheese # webcam tool epiphany # web browser diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index b002658..1b22ece 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -12,5 +12,8 @@ graphicsAcceleration = { enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; }; + directAccess = { + enable = lib.mkEnableOption "can a host be used on its own"; + }; }; } From 004dd743ed479f078396586d79532d95f158f610 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 15 Apr 2025 20:05:12 -0500 Subject: [PATCH 625/695] added import on file move setting to vs code --- configurations/home-manager/leyla/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index 2aa4059..9ea3898 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -39,6 +39,7 @@ in { "cSpell.userWords" = [ "webdav" ]; + "javascript.updateImportsOnFileMove.enabled" = "always"; } (lib.mkIf nix-development-enabled { "nix.enableLanguageServer" = true; From e20b752d11ddd26eeb3ac4ee76c964cf2fc888e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:05:04 -0500 Subject: [PATCH 626/695] default to tabs with a tab size of 2 --- configurations/home-manager/leyla/vscode.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index 9ea3898..a721c5f 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -40,6 +40,8 @@ in { "webdav" ]; "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; } (lib.mkIf nix-development-enabled { "nix.enableLanguageServer" = true; From af894531cdacc15947dabd7dc7223cb0471246a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:07:36 -0500 Subject: [PATCH 627/695] updated signal package for eve --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 3042382..0ea88ee 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -63,7 +63,7 @@ in { bitwarden discord makemkv - signal-desktop + signal-desktop-bin ungoogled-chromium ] ); From 060dff826adec559f19ce9969c6a82d0b4b388fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:18:27 -0500 Subject: [PATCH 628/695] replaced better toml --- configurations/home-manager/leyla/vscode.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index a721c5f..e42c4cd 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -97,7 +97,7 @@ in { unifiedjs.vscode-mdx # misc extensions - bungcip.better-toml + tamasfe.even-better-toml ] ++ ( lib.lists.optionals osConfig.services.ollama.enable [ From 1f610845c814bb24cc9e4b627c1593c8d5859f60 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:30:32 -0500 Subject: [PATCH 629/695] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5e946bb..f1cb717 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744586538, - "narHash": "sha256-cg6T6QnfIwAino7ruCQdqB4g6mj2aKg8Rbqjo6LiBDs=", + "lastModified": 1744813899, + "narHash": "sha256-5J6kSkPbtuyX0tRggqadwulpqdgWHyQEDwhqVnY0T+g=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a3fe27c14a5cdd64a5319b3f83a1c65e29c9b4e1", + "rev": "f6dff741f9f485b3596a368704ec171d9eb8c7cd", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1744600951, - "narHash": "sha256-LNAAfQTDXSwtYYlh/v/tMwnCqeQAEHlBC9PgyQK5b/Q=", + "lastModified": 1744820898, + "narHash": "sha256-gUldr3LtCm/OfEnbH6sFFlyyxqPMCsfMs2Ha+0fdPDs=", "owner": "nix-community", "repo": "home-manager", - "rev": "e980d0e0e216f527ea73cfd12c7b019eceffa7f1", + "rev": "7ede02c32a729db0d6340bdb41d10e73ec511ca0", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1744595919, - "narHash": "sha256-lFuezewhTch2FFZfB6Bx31Ls3+ixt2UYp7rJtpOlgFI=", + "lastModified": 1744768710, + "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ea3fe071c83dae7e6a485f7f648b4914eabea683", + "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1744518500, - "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { From 3994002e0d60785d0d1d33cd901ed632eeff99e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 17 Apr 2025 00:44:44 -0500 Subject: [PATCH 630/695] installed picard --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 460fa1f..0be9ab5 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -66,6 +66,7 @@ in { pdfarranger calibre qbittorrent + picard # proprietary platforms discord From bc3efbe2cbebdfaa7c2329373116040cf97054c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 19 Apr 2025 11:02:25 -0500 Subject: [PATCH 631/695] disabled vpn on defiant --- .../nixos/defiant/configuration.nix | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 713eaf9..8e1eab8 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" + "ata-ST18000NT001-3NF101_ZVTEZACV" # this one is broken replace with "ata-ST18000NT001-XXXXXX_ZVTJ732N" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" @@ -108,11 +108,11 @@ systemd.network = { enable = true; - config = { - routeTables = { - p2p = 1; - }; - }; + # config = { + # routeTables = { + # p2p = 1; + # }; + # }; netdevs = { "10-bond0" = { @@ -126,26 +126,26 @@ }; }; - "15-p2p0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "p2p0"; - MTUBytes = "1280"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - ListenPort = 51820; - # RouteTable = "p2p"; - }; - wireguardPeers = [ - { - PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - Endpoint = "185.230.126.146:51820"; - AllowedIPs = ["0.0.0.0/0"]; - RouteTable = "off"; - } - ]; - }; + # "15-p2p0" = { + # netdevConfig = { + # Kind = "wireguard"; + # Name = "p2p0"; + # MTUBytes = "1280"; + # }; + # wireguardConfig = { + # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + # ListenPort = 51820; + # # RouteTable = "p2p"; + # }; + # wireguardPeers = [ + # { + # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + # Endpoint = "185.230.126.146:51820"; + # AllowedIPs = ["0.0.0.0/0"]; + # RouteTable = "off"; + # } + # ]; + # }; }; networks = { "40-bond0" = { @@ -164,18 +164,18 @@ dns = ["192.168.1.1"]; }; - "45-p2p0" = { - matchConfig.Name = "p2p0"; - address = [ - "10.2.0.2/32" - ]; - routes = [ - { - Destination = "0.0.0.0/0"; - } - ]; - linkConfig.RequiredForOnline = false; - }; + # "45-p2p0" = { + # matchConfig.Name = "p2p0"; + # address = [ + # "10.2.0.2/32" + # ]; + # routes = [ + # { + # Destination = "0.0.0.0/0"; + # } + # ]; + # linkConfig.RequiredForOnline = false; + # }; }; }; From 3978d58c1a69adeb23257a5fa37dd57b7ef9460f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 24 Apr 2025 19:12:26 -0500 Subject: [PATCH 632/695] installed steam on horizon --- configurations/home-manager/leyla/packages.nix | 1 - configurations/nixos/horizon/configuration.nix | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 0be9ab5..506c2b3 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -71,7 +71,6 @@ in { # proprietary platforms discord obsidian - # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index ae0c8de..63ed59d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -8,6 +8,8 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; + nixpkgs.config.allowUnfree = true; + host = { users = { leyla = { @@ -29,7 +31,14 @@ {}) ]; - programs.adb.enable = true; + programs = { + adb.enable = true; + steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + }; sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { From 3f37eea9a82bf2360144d5a2f288bdd33ba9d228 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 May 2025 22:18:04 -0500 Subject: [PATCH 633/695] enabled ollama on twilight --- configurations/nixos/twilight/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 47e41ec..3d8e6b1 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -34,7 +34,7 @@ services = { ollama = { - enable = false; + enable = true; loadModels = [ "deepseek-coder:6.7b" From 7644c3a4305fb59f0da0e205cc57d2e9650cd5be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 2 May 2025 17:20:35 -0500 Subject: [PATCH 634/695] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f1cb717..cba3bfe 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1745812220, + "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744813899, - "narHash": "sha256-5J6kSkPbtuyX0tRggqadwulpqdgWHyQEDwhqVnY0T+g=", + "lastModified": 1746187242, + "narHash": "sha256-wtfhdDEPsxKYaJHCt0+eYaLm9pFVw594MZzQqP6iIE0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f6dff741f9f485b3596a368704ec171d9eb8c7cd", + "rev": "982ed2da17695d932b695eacaec05c8ca053f8fc", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1744820898, - "narHash": "sha256-gUldr3LtCm/OfEnbH6sFFlyyxqPMCsfMs2Ha+0fdPDs=", + "lastModified": 1746204974, + "narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=", "owner": "nix-community", "repo": "home-manager", - "rev": "7ede02c32a729db0d6340bdb41d10e73ec511ca0", + "rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1745816321, + "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1744768710, - "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", + "lastModified": 1746151051, + "narHash": "sha256-zdPTKcfvZ/mL9urzbJuQVbsIJTNIKVmI9QEimb7xIAM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", + "rev": "31e24801a4d8eabd8c500237af732ca2ab305326", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1745955289, + "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { From 17fc9618ba116bd1f13df4776f2c0a47d9bf8110 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 10 May 2025 16:44:47 -0500 Subject: [PATCH 635/695] disabled activity feed on home page --- configurations/home-manager/leyla/firefox.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index eef5d88..2781fe4 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -121,6 +121,7 @@ "trailhead.firstrun.didSeeAboutWelcome" = true; "browser.bookmarks.restore_default_bookmarks" = false; "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; # Usage Experiance "browser.startup.homepage" = "about:home"; From 825bdfc50610dfd55e897ef0401febc6a3b47f48 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 10 May 2025 16:58:04 -0500 Subject: [PATCH 636/695] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index cba3bfe..ad193be 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1745812220, - "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", + "lastModified": 1746729224, + "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", "owner": "nix-community", "repo": "disko", - "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", + "rev": "85555d27ded84604ad6657ecca255a03fd878607", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1746187242, - "narHash": "sha256-wtfhdDEPsxKYaJHCt0+eYaLm9pFVw594MZzQqP6iIE0=", + "lastModified": 1746849806, + "narHash": "sha256-6vJX4DnhDlWNtOOh3v08YqPgjJblfgHnV9562nPHNEo=", "owner": "rycee", "repo": "nur-expressions", - "rev": "982ed2da17695d932b695eacaec05c8ca053f8fc", + "rev": "e2408d3f94a6b658e12f135501aa7fd38efabc72", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1746204974, - "narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=", + "lastModified": 1746912617, + "narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f", + "rev": "9ef92f1c6b77944198fd368ec805ced842352a1d", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1745816321, - "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=", + "lastModified": 1746708654, + "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01", + "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746151051, - "narHash": "sha256-zdPTKcfvZ/mL9urzbJuQVbsIJTNIKVmI9QEimb7xIAM=", + "lastModified": 1746842090, + "narHash": "sha256-W/WqQ8VGZ4tlV6BAFGY6BDEc5ShAm4i3pv5c3s3YlUI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "31e24801a4d8eabd8c500237af732ca2ab305326", + "rev": "5603fb6fb99f68dfc244429c79a7b706ed9a2fd7", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745955289, - "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", + "lastModified": 1746814339, + "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", + "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1746663147, + "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { From aa15f1ffe5fd0bc0f9798911c7e19cc73bd914ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:07:56 -0500 Subject: [PATCH 637/695] updated flake lock --- flake.lock | 54 ++++++++++++++++---------------- modules/nixos-modules/system.nix | 1 + 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index ad193be..1a03eab 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1746729224, - "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "85555d27ded84604ad6657ecca255a03fd878607", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1746849806, - "narHash": "sha256-6vJX4DnhDlWNtOOh3v08YqPgjJblfgHnV9562nPHNEo=", + "lastModified": 1747973023, + "narHash": "sha256-v2OgykASspKAyL+hYKlfa9PM4cwlFZ7/WQ1uvd256ko=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e2408d3f94a6b658e12f135501aa7fd38efabc72", + "rev": "c7ee05a5dc9b52ba7a6a660537fabaf711b7790a", "type": "gitlab" }, "original": { @@ -44,11 +44,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1746912617, - "narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9ef92f1c6b77944198fd368ec805ced842352a1d", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1746708654, - "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", + "lastModified": 1748004251, + "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", + "rev": "33220d4791784e4dd4739edd3f6c028020082f91", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746842090, - "narHash": "sha256-W/WqQ8VGZ4tlV6BAFGY6BDEc5ShAm4i3pv5c3s3YlUI=", + "lastModified": 1747965670, + "narHash": "sha256-O91kjsTL7xccgTQr2KITmGhhLTpX9zh+oRvvV8ScOrg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5603fb6fb99f68dfc244429c79a7b706ed9a2fd7", + "rev": "d3099346fa5e9e33d0989a4e6afc3e8dedd25311", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1746814339, - "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746663147, - "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index b839067..51a92ed 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,5 +1,6 @@ {...}: { nix = { + settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; From 85e766a571a1cb430ab0510588f1dbbf7d89434a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:27:07 -0500 Subject: [PATCH 638/695] fixed vs code configuration --- .../home-manager/leyla/packages.nix | 2 +- configurations/home-manager/leyla/vscode.nix | 123 ------------------ .../home-manager/leyla/vscode/default.nix | 76 +++++++---- .../home-manager/leyla/vscode/user-words.nix | 1 + .../nixos/twilight/configuration.nix | 9 +- 5 files changed, 56 insertions(+), 155 deletions(-) delete mode 100644 configurations/home-manager/leyla/vscode.nix diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 506c2b3..13263ea 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -8,7 +8,7 @@ hardware = osConfig.host.hardware; in { imports = [ - ./vscode.nix + ./vscode/default.nix ./firefox.nix ]; diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix deleted file mode 100644 index e42c4cd..0000000 --- a/configurations/home-manager/leyla/vscode.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - lib, - pkgs, - inputs, - osConfig, - ... -}: let - nix-development-enabled = osConfig.host.nix-development.enable; -in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; - }; - - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; - - package = pkgs.vscodium; - - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; - - # builtins.elemAt osConfig.services.ollama.loadModels 0; - }) - ]; - - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ++ ( - lib.lists.optionals osConfig.services.ollama.enable [ - rjmacarthy.twinny - ] - ) - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ] - ) - ); - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 641fff9..f6cbac7 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -6,6 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; + ai-tooling-enabled = osConfig.services.ollama.enable; in { nixpkgs = { overlays = [ @@ -28,30 +29,42 @@ in { package = pkgs.vscodium; mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.language" = "en,de-DE,it"; - "cSpell.userWords" = import ./user-words.nix; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; + + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) + ]; + }; extensions = ( with open-vsx; @@ -76,12 +89,15 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # go extensions + golang.go + # astro blog extensions astro-build.astro-vscode unifiedjs.vscode-mdx # misc extensions - bungcip.better-toml + tamasfe.even-better-toml ] ++ (lib.lists.optionals nix-development-enabled [ # nix extensions @@ -90,10 +106,14 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ] + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) ) ); }; diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix index 94a85a2..4444c30 100644 --- a/configurations/home-manager/leyla/vscode/user-words.nix +++ b/configurations/home-manager/leyla/vscode/user-words.nix @@ -1,3 +1,4 @@ [ "leyla" + "webdav" ] diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 3d8e6b1..c007932 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,9 +37,12 @@ enable = true; loadModels = [ - "deepseek-coder:6.7b" - "deepseek-r1:8b" - "deepseek-r1:32b" + "llama3.1:8b" + "qwen2.5-coder:1.5b-base" + "nomic-embed-text:latest" + # "deepseek-coder:6.7b" + # "deepseek-r1:8b" + # "deepseek-r1:32b" ]; }; From f3431e3028b92580e4dad4f8260d24721be62702 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:30:39 -0500 Subject: [PATCH 639/695] disabled telemetry --- configurations/home-manager/leyla/vscode/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index f6cbac7..5db972c 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -57,9 +57,7 @@ in { }; }) (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; + "continue.telemetryEnabled" = false; # builtins.elemAt osConfig.services.ollama.loadModels 0; }) From 705554dd16794f84b702f41cbb2e340417c08522 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:33:08 -0500 Subject: [PATCH 640/695] added TODO notes --- configurations/home-manager/leyla/vscode/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 5db972c..e123149 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -14,6 +14,9 @@ in { ]; }; + # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use remote hosted on defiant + # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use use better models hosted on defiant + programs = { bash.shellAliases = { code = "codium"; From c95186093051ef5d6f01f1dcdc96bbb589a24563 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:53:37 -0500 Subject: [PATCH 641/695] re enabled deep seek models for twilight --- configurations/nixos/twilight/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index c007932..be7056f 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -40,9 +40,9 @@ "llama3.1:8b" "qwen2.5-coder:1.5b-base" "nomic-embed-text:latest" - # "deepseek-coder:6.7b" - # "deepseek-r1:8b" - # "deepseek-r1:32b" + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" ]; }; From c6ec40a3f7a12e2be5eed3fc7419a4c75accd105 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 21:14:09 -0500 Subject: [PATCH 642/695] organized models for twilight --- configurations/nixos/twilight/configuration.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index be7056f..f851b08 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,12 +37,22 @@ enable = true; loadModels = [ + # conversation models "llama3.1:8b" - "qwen2.5-coder:1.5b-base" - "nomic-embed-text:latest" - "deepseek-coder:6.7b" "deepseek-r1:8b" "deepseek-r1:32b" + + # auto complete models + "qwen2.5-coder:1.5b-base" + "qwen2.5-coder:7b" + "deepseek-coder:6.7b" + "deepseek-coder:33b" + + # agent models + "qwen3:32b" + + # embedding models + "nomic-embed-text:latest" ]; }; From 5cc41542e168be054b508e4ce5861675a160cb43 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 21:51:19 -0500 Subject: [PATCH 643/695] fixed spelling of comment --- configurations/home-manager/leyla/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 2781fe4..4f8c624 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -123,7 +123,7 @@ "browser.bookmarks.addedImportButton" = true; "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experiance + # Usage Experience "browser.startup.homepage" = "about:home"; "browser.download.useDownloadDir" = false; "browser.uiCustomization.state" = builtins.toJSON { From 7b6344b41972d6165606d23ce84b5f783f6272ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 22:17:19 -0500 Subject: [PATCH 644/695] added ollama to defiant --- .../home-manager/leyla/vscode/user-words.nix | 2 ++ .../nixos/defiant/configuration.nix | 19 +++++++++++++++++-- modules/nixos-modules/ollama.nix | 13 +++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix index 4444c30..b581118 100644 --- a/configurations/home-manager/leyla/vscode/user-words.nix +++ b/configurations/home-manager/leyla/vscode/user-words.nix @@ -1,4 +1,6 @@ [ "leyla" "webdav" + "ollama" + "optimise" ] diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8e1eab8..59ad2c9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,13 +201,28 @@ }; ollama = { - enable = false; + enable = true; + exposePort = true; loadModels = [ - "deepseek-coder:6.7b" + # conversation models + "llama3.1:8b" "deepseek-r1:8b" "deepseek-r1:32b" "deepseek-r1:70b" + + # auto complete models + "qwen2.5-coder:1.5b-base" + "qwen2.5-coder:7b" + "deepseek-coder:6.7b" + "deepseek-coder:33b" + + # agent models + "qwen3:8b" + "qwen3:32b" + + # embedding models + "nomic-embed-text:latest" ]; }; tailscale = { diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 5cdc041..6b1d5bb 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -3,6 +3,10 @@ lib, ... }: { + options = { + services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; + }; + config = lib.mkMerge [ { services.ollama = { @@ -22,6 +26,15 @@ } ]; }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + ports = [ + config.services.ollama.port + ]; + in + lib.mkIf config.services.ollama.exposePort { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; })) ]; } From 77ab4781ac005f89a76eef72113f766ed2b6828b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 23:03:20 -0500 Subject: [PATCH 645/695] started to draft out configuration of continue models --- .../home-manager/leyla/vscode/default.nix | 102 +++++++++--------- .../nixos/twilight/configuration.nix | 59 +++++++++- modules/nixos-modules/continue.nix | 44 ++++++++ modules/nixos-modules/default.nix | 1 + 4 files changed, 154 insertions(+), 52 deletions(-) create mode 100644 modules/nixos-modules/continue.nix diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index e123149..1108f2f 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -65,58 +65,58 @@ in { # builtins.elemAt osConfig.services.ollama.loadModels 0; }) ]; + + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # go extensions + golang.go + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); }; - - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); }; }; } diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index f851b08..12d9151 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,8 +30,65 @@ graphicsAcceleration.enable = true; directAccess.enable = true; }; - }; + ai = { + enable = true; + # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant + models = { + # conversation models + "lamma3.1:8b" = { + model = "lamma3.1:8b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-r1:8b" = { + model = "deepseek-r1:8b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-r1:32b" = { + model = "deepseek-r1:32b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + # auto complete models + "qwen2.5-coder:1.5b-base" = { + model = "qwen2.5-coder:1.5b-base"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "qwen2.5-coder:7b" = { + model = "qwen2.5-coder:7b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-coder:6.7b" = { + model = "deepseek-coder:6.7b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-coder:33b" = { + model = "deepseek-coder:33b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + + # agent models + "qwen3:32b" = { + model = "qwen3:32b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + + # embedding models + "nomic-embed-text:latest" = { + model = "nomic-embed-text:latest"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + }; + }; + }; services = { ollama = { enable = true; diff --git a/modules/nixos-modules/continue.nix b/modules/nixos-modules/continue.nix new file mode 100644 index 0000000..73ff4db --- /dev/null +++ b/modules/nixos-modules/continue.nix @@ -0,0 +1,44 @@ +{lib, ...}: { + options.host = { + ai = { + enable = lib.mkEnableOption "should we use AI on this machine"; + models = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + option = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + model = { + type = lib.types.str; + }; + provider = { + type = lib.types.str; + default = "ollama"; + }; + apiBase = { + type = lib.types.str; + default = null; + }; + roles = { + type = lib.types.listOf lib.types.enumOf [ + "chat" + "autocomplete" + "embed" + "rerank" + "edit" + "apply" + "summarize" + ]; + }; + }; + })); + }; + }; + }; + + config = { + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is null + # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index fdbdc7e..67c75ce 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,6 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix + ./continue.nix ./tailscale.nix ./server ]; From 3f88b989d112f6d11fb086331dc60c30db214f40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 23:27:11 -0500 Subject: [PATCH 646/695] added more notes about continue configuration --- modules/home-manager-modules/continue.nix | 3 +++ modules/nixos-modules/{continue.nix => ai.nix} | 0 modules/nixos-modules/default.nix | 2 +- modules/nixos-modules/ollama.nix | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/continue.nix rename modules/nixos-modules/{continue.nix => ai.nix} (100%) diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix new file mode 100644 index 0000000..fce3b38 --- /dev/null +++ b/modules/home-manager-modules/continue.nix @@ -0,0 +1,3 @@ +{...}: { + # TODO: enable option for continue.yaml for home based on options defined in osConfig.ai.models +} diff --git a/modules/nixos-modules/continue.nix b/modules/nixos-modules/ai.nix similarity index 100% rename from modules/nixos-modules/continue.nix rename to modules/nixos-modules/ai.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 67c75ce..8cdeae9 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,7 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix - ./continue.nix + ./ai.nix ./tailscale.nix ./server ]; diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 6b1d5bb..1d515f8 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -10,6 +10,7 @@ config = lib.mkMerge [ { services.ollama = { + # TODO: these should match whats set in the users file group = "ollama"; user = "ollama"; }; From 2c77cf2ed40682a3e005441c88f7d650df7028b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 01:32:05 -0500 Subject: [PATCH 647/695] updated list of models on twilight --- .../nixos/twilight/configuration.nix | 27 +++++++------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 12d9151..4a2c838 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,54 +37,45 @@ # conversation models "lamma3.1:8b" = { model = "lamma3.1:8b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; "deepseek-r1:8b" = { model = "deepseek-r1:8b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; "deepseek-r1:32b" = { model = "deepseek-r1:32b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; # auto complete models "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "qwen2.5-coder:7b" = { model = "qwen2.5-coder:7b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "deepseek-coder:6.7b" = { model = "deepseek-coder:6.7b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "deepseek-coder:33b" = { model = "deepseek-coder:33b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; # agent models "qwen3:32b" = { model = "qwen3:32b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; # embedding models "nomic-embed-text:latest" = { model = "nomic-embed-text:latest"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["embed"]; }; }; }; From 393f468be2699d49512aeda7f0624f767ddfe708 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 13:07:32 -0500 Subject: [PATCH 648/695] generate .continue/config.yaml via configuration --- configurations/home-manager/leyla/default.nix | 26 +++++++ .../home-manager/leyla/vscode/default.nix | 10 +-- .../nixos/twilight/configuration.nix | 2 +- modules/home-manager-modules/continue.nix | 76 ++++++++++++++++++- modules/home-manager-modules/default.nix | 1 + modules/nixos-modules/ai.nix | 22 +++--- 6 files changed, 117 insertions(+), 20 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index f2c14e1..0c90ab1 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -83,6 +83,32 @@ }; }; + user = { + continue = { + enable = true; + docs = { + "Continue Docs" = { + startUrl = "https://docs.continue.dev"; + }; + "Nixpkgs" = { + startUrl = "https://ryantm.github.io/nixpkgs/#preface"; + }; + "Nix Manual" = { + startUrl = "https://nixos.org/manual/nixos/stable/"; + }; + "Home manager Manual" = { + startUrl = "https://nix-community.github.io/home-manager/"; + }; + "Nix Docs" = { + startUrl = "https://nix.dev/index.html"; + }; + "Linux Man Page" = { + startUrl = "https://linux.die.net/man/"; + }; + }; + }; + }; + programs = { # Let Home Manager install and manage itself. home-manager.enable = true; diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 1108f2f..2f3c455 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -2,11 +2,12 @@ lib, pkgs, inputs, + config, osConfig, ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = osConfig.services.ollama.enable; + ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { nixpkgs = { overlays = [ @@ -14,9 +15,6 @@ in { ]; }; - # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use remote hosted on defiant - # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use use better models hosted on defiant - programs = { bash.shellAliases = { code = "codium"; @@ -59,10 +57,8 @@ in { "expr" = "import {}"; }; }) - (lib.mkIf osConfig.services.ollama.enable { + (lib.mkIf ai-tooling-enabled { "continue.telemetryEnabled" = false; - - # builtins.elemAt osConfig.services.ollama.loadModels 0; }) ]; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4a2c838..82ca9b7 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -35,7 +35,7 @@ # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant models = { # conversation models - "lamma3.1:8b" = { + "Llama 3.1 8B" = { model = "lamma3.1:8b"; roles = ["chat" "edit" "apply"]; }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index fce3b38..327ee44 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -1,3 +1,75 @@ -{...}: { - # TODO: enable option for continue.yaml for home based on options defined in osConfig.ai.models +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; +in { + options = { + user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + startUrl = lib.mkOption { + type = lib.types.str; + }; + }; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; + }; + }; + }; + }; + + config = + lib.mkIf ai-tooling-enabled + (lib.mkMerge [ + { + home = { + file = { + ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { + name = "Assistant"; + version = "1.0.0"; + schema = "v1"; + models = lib.attrsets.attrValues osConfig.host.ai.models; + context = lib.attrsets.attrValues config.user.continue.context; + docs = lib.attrsets.attrValues config.user.continue.docs; + }; + }; + }; + } + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".continue/index" + ".continue/sessions" + ]; + allowOther = true; + }; + }) + ]); } diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a..ee47fb5 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./continue.nix ]; } diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 73ff4db..8cc19ff 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -4,24 +4,24 @@ enable = lib.mkEnableOption "should we use AI on this machine"; models = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - option = { + options = { name = lib.mkOption { type = lib.types.str; default = name; }; - model = { + model = lib.mkOption { type = lib.types.str; }; - provider = { + provider = lib.mkOption { type = lib.types.str; default = "ollama"; }; - apiBase = { - type = lib.types.str; - default = null; - }; - roles = { - type = lib.types.listOf lib.types.enumOf [ + # apiBase = lib.mkOption { + # type = lib.types.nullOr lib.types.str; + # default = null; + # }; + roles = lib.mkOption { + type = lib.types.listOf (lib.types.enum [ "chat" "autocomplete" "embed" @@ -29,11 +29,13 @@ "edit" "apply" "summarize" - ]; + ]); + default = []; }; }; })); }; + default = {}; }; }; From 089fbb8717f4770b1dd38946ac0cf0806ec15823 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 13:49:03 -0500 Subject: [PATCH 649/695] changed formatting for ollama.nix to wrap all of configurations in its enable option --- modules/nixos-modules/ollama.nix | 53 +++++++++++++++++--------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 1d515f8..155ec5d 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -7,35 +7,38 @@ services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; }; - config = lib.mkMerge [ - { - services.ollama = { - # TODO: these should match whats set in the users file - group = "ollama"; - user = "ollama"; - }; - } - (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - } - ]; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + { + services.ollama = { + # TODO: these should match whats set in the users file + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.services.ollama.exposePort (let ports = [ config.services.ollama.port ]; - in - lib.mkIf config.services.ollama.exposePort { + in { + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; }; - })) - ]; + })) + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + }) + ] + ); } From 60f8b0265a01419542ee36cc777a77ccbb9c6aff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 17:42:53 -0500 Subject: [PATCH 650/695] fixed ollama on defiant --- modules/nixos-modules/ollama.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 155ec5d..81ad3d0 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -36,6 +36,13 @@ user = config.services.ollama.user; group = config.services.ollama.group; } + { + directory = "/var/lib/private/ollama"; + user = config.services.ollama.user; + group = config.services.ollama.group; + mode = "0700"; + defaultPerms.mode = "0700"; + } ]; }; }) From c6dfa3e7ce4c61074a3be2c416240808129ce933 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 21:33:41 -0500 Subject: [PATCH 651/695] replaced disko disk --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 59ad2c9..97e8edf 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" # this one is broken replace with "ata-ST18000NT001-XXXXXX_ZVTJ732N" + "ata-ST18000NT001-3NF101_ZVTEZACV" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From 0a7bbdbc8f63213a784b4e95a0e14cf24a6ef709 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 21:48:13 -0500 Subject: [PATCH 652/695] fixed disk name --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 97e8edf..be906a7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" + "ata-ST18000NE000-3G6101_ZVTJ7359" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From b1cd64e23e2cbcfb935234e635973cff7fa51664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 12:23:58 -0500 Subject: [PATCH 653/695] added new drives to defiant --- .../nixos/defiant/configuration.nix | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index be906a7..fef7a56 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,13 +40,24 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { - drives = [ - "ata-ST18000NE000-3G6101_ZVTCXVEB" - "ata-ST18000NE000-3G6101_ZVTCXWSC" - "ata-ST18000NE000-3G6101_ZVTD10EH" - "ata-ST18000NT001-3NF101_ZVTE0S3Q" - "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NE000-3G6101_ZVTJ7359" + vdevs = [ + [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NE000-3G6101_ZVTJ7359" + ] + # TODO: this needs to be configured manually + [ + "ata-ST4000NE001-2MA101_WS2275P3" + "ata-ST4000NE001-2MA101_WS227B9F" + "ata-ST4000NE001-2MA101_WS227CEW" + "ata-ST4000NE001-2MA101_WS227CYN" + "ata-ST4000NE001-2MA101_WS23TBWV" + "ata-ST4000NE001-2MA101_WS23TC5F" + ] ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From 0bd483147dd1b0e3473c42d479ea5ae184022e0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:48:25 -0500 Subject: [PATCH 654/695] updated flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 1a03eab..b70bb5a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1747742835, - "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "owner": "nix-community", "repo": "disko", - "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1747973023, - "narHash": "sha256-v2OgykASspKAyL+hYKlfa9PM4cwlFZ7/WQ1uvd256ko=", + "lastModified": 1748232210, + "narHash": "sha256-hyXsQVgl/URb13iWEONwV3gGZ9IU90Q9yPmn5xoWP/8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c7ee05a5dc9b52ba7a6a660537fabaf711b7790a", + "rev": "26c86ba664f227c6abb383d3ca8db9365f275766", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1748227609, + "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1748004251, - "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=", + "lastModified": 1748149228, + "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "33220d4791784e4dd4739edd3f6c028020082f91", + "rev": "a9939228f661df370c4094fe85f683e45d761dbe", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747965670, - "narHash": "sha256-O91kjsTL7xccgTQr2KITmGhhLTpX9zh+oRvvV8ScOrg=", + "lastModified": 1748225039, + "narHash": "sha256-Lvl26mCEatC5akRHywuXkYM6ZKc7R5T9m6u7rBPtNQw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d3099346fa5e9e33d0989a4e6afc3e8dedd25311", + "rev": "cde730cb9dc2759104d7c8c27cb36d73189be1e2", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { From 8c36fe5a72b0a6a408ae7419941155d5cf0e7592 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:49:47 -0500 Subject: [PATCH 655/695] set default api base for ai models to localhost --- configurations/nixos/horizon/configuration.nix | 8 -------- modules/nixos-modules/ai.nix | 10 +++++----- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 63ed59d..f27f585 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -51,14 +51,6 @@ fprintd = { enable = true; }; - ollama = { - enable = false; - - loadModels = [ - "deepseek-coder:1.3b" - "deepseek-r1:1.5b" - ]; - }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 8cc19ff..646e1b5 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -16,10 +16,10 @@ type = lib.types.str; default = "ollama"; }; - # apiBase = lib.mkOption { - # type = lib.types.nullOr lib.types.str; - # default = null; - # }; + apiBase = lib.mkOption { + type = lib.types.str; + default = "http://localhost:11434"; + }; roles = lib.mkOption { type = lib.types.listOf (lib.types.enum [ "chat" @@ -40,7 +40,7 @@ }; config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is null + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is the default value # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true }; } From f96f9f767537857f3b2bee4400e19ff20e4ee95c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:54:09 -0500 Subject: [PATCH 656/695] set horizon up to use twilight ollama models --- .../nixos/horizon/configuration.nix | 23 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 1 + modules/nixos-modules/ai.nix | 4 ++-- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f27f585..8448654 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -23,6 +23,29 @@ hardware = { directAccess.enable = true; }; + + ai = { + enable = true; + models = { + "Llama 3.1 8B" = { + model = "lamma3.1:8b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + + "qwen2.5-coder:1.5b-base" = { + model = "qwen2.5-coder:1.5b-base"; + roles = ["autocomplete"]; + apiBase = "http://twilight:11434"; + }; + + "nomic-embed-text:latest" = { + model = "nomic-embed-text:latest"; + roles = ["embed"]; + apiBase = "http://twilight:11434"; + }; + }; + }; }; environment.systemPackages = [ diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 82ca9b7..10f2606 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -83,6 +83,7 @@ services = { ollama = { enable = true; + exposePort = true; loadModels = [ # conversation models diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 646e1b5..d8cd63d 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -40,7 +40,7 @@ }; config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is the default value - # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is localhost + # TODO: if we have any models that have a non localhost options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true }; } From 3e27429c74d60ecc79f23dacadc9b2bc7a7ffd2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 18:49:17 -0500 Subject: [PATCH 657/695] set host when exporting port --- modules/nixos-modules/ollama.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 81ad3d0..8f194cf 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -21,6 +21,7 @@ config.services.ollama.port ]; in { + services.ollama.host = "0.0.0.0"; networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; From bdbe98dd6582ad1801f7e496fe154f4ba49b27e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 19:36:21 -0500 Subject: [PATCH 658/695] enabled steam hardware --- configurations/nixos/twilight/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 10f2606..e9032d8 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -126,6 +126,7 @@ remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index # enabled virtualisation for docker # virtualisation.docker.enable = true; From 1b30c7d0ff17bb6510e92c76db9f3f16e55266d3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 15:28:03 -0500 Subject: [PATCH 659/695] updated nix flake --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index b70bb5a..fa3ad83 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748232210, - "narHash": "sha256-hyXsQVgl/URb13iWEONwV3gGZ9IU90Q9yPmn5xoWP/8=", + "lastModified": 1748405006, + "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "26c86ba664f227c6abb383d3ca8db9365f275766", + "rev": "f9801a86d6603260940890c36650275090d1dceb", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1748227609, - "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", + "lastModified": 1748455938, + "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", "owner": "nix-community", "repo": "home-manager", - "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", + "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1748149228, - "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", + "lastModified": 1748352827, + "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a9939228f661df370c4094fe85f683e45d761dbe", + "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1748225039, - "narHash": "sha256-Lvl26mCEatC5akRHywuXkYM6ZKc7R5T9m6u7rBPtNQw=", + "lastModified": 1748397853, + "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "cde730cb9dc2759104d7c8c27cb36d73189be1e2", + "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748190013, - "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { From 210a4084f7e4c15edc7551d39fc6c1fcda816eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 15:54:58 -0500 Subject: [PATCH 660/695] created prostudiomasters package --- configurations/nixos/horizon/configuration.nix | 4 ++++ configurations/nixos/horizon/prostudiomasters.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 configurations/nixos/horizon/prostudiomasters.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8448654..99e3268 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -52,6 +52,10 @@ (pkgs.callPackage ./webtoon-dl.nix {}) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (pkgs.callPackage + ./prostudiomasters.nix + {}) ]; programs = { diff --git a/configurations/nixos/horizon/prostudiomasters.nix b/configurations/nixos/horizon/prostudiomasters.nix new file mode 100644 index 0000000..c1c03fe --- /dev/null +++ b/configurations/nixos/horizon/prostudiomasters.nix @@ -0,0 +1,14 @@ +{ + fetchurl, + appimageTools, +}: let + pname = "prostudiomasters"; + version = "2.5.6"; + src = fetchurl { + url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; + hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; + }; +in + appimageTools.wrapType2 { + inherit pname version src; + } From 7923f493eba3c870d691b25cc440a2ce037ad767 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 16:03:05 -0500 Subject: [PATCH 661/695] moved deviations living under horizon to common shared folder --- configurations/nixos/horizon/configuration.nix | 11 +++-------- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/packages/default.nix | 17 +++++++++++++++++ .../packages}/prostudiomasters.nix | 0 .../nixos-modules/packages}/webtoon-dl.nix | 0 5 files changed, 21 insertions(+), 8 deletions(-) create mode 100644 modules/nixos-modules/packages/default.nix rename {configurations/nixos/horizon => modules/nixos-modules/packages}/prostudiomasters.nix (100%) rename {configurations/nixos/horizon => modules/nixos-modules/packages}/webtoon-dl.nix (100%) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 99e3268..7e2ab8a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -48,14 +48,9 @@ }; }; - environment.systemPackages = [ - (pkgs.callPackage - ./webtoon-dl.nix - {}) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (pkgs.callPackage - ./prostudiomasters.nix - {}) + environment.systemPackages = with pkgs; [ + webtoon-dl + prostudiomasters ]; programs = { diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 8cdeae9..d668a74 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,6 +15,7 @@ ./ai.nix ./tailscale.nix ./server + ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix new file mode 100644 index 0000000..208ee24 --- /dev/null +++ b/modules/nixos-modules/packages/default.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; +} diff --git a/configurations/nixos/horizon/prostudiomasters.nix b/modules/nixos-modules/packages/prostudiomasters.nix similarity index 100% rename from configurations/nixos/horizon/prostudiomasters.nix rename to modules/nixos-modules/packages/prostudiomasters.nix diff --git a/configurations/nixos/horizon/webtoon-dl.nix b/modules/nixos-modules/packages/webtoon-dl.nix similarity index 100% rename from configurations/nixos/horizon/webtoon-dl.nix rename to modules/nixos-modules/packages/webtoon-dl.nix From 1be7eb162af7abd255828fdfbbf5cf9b50d9b08b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 11:22:46 -0500 Subject: [PATCH 662/695] enabled qmk if via keyboard is enabled --- modules/nixos-modules/keyboard.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 modules/nixos-modules/keyboard.nix diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix new file mode 100644 index 0000000..06a85c5 --- /dev/null +++ b/modules/nixos-modules/keyboard.nix @@ -0,0 +1,12 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf config.host.hardware.viaKeyboard { + hardware.keyboard.qmk.enable = true; + }; + + services.udev.packages = [pkgs.via]; +} From ee389bdb92796558667d8aa8771c41df422029eb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 12:58:01 -0500 Subject: [PATCH 663/695] added via to udev --- modules/nixos-modules/keyboard.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix index 06a85c5..f820c48 100644 --- a/modules/nixos-modules/keyboard.nix +++ b/modules/nixos-modules/keyboard.nix @@ -6,7 +6,7 @@ }: { config = lib.mkIf config.host.hardware.viaKeyboard { hardware.keyboard.qmk.enable = true; - }; - services.udev.packages = [pkgs.via]; + services.udev.packages = [pkgs.via]; + }; } From 5dd2b2282164f87a674f160da175afe472e1489b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 13:00:47 -0500 Subject: [PATCH 664/695] moved keyboard config to hardware.nix --- modules/nixos-modules/hardware.nix | 17 ++++++++++++++++- modules/nixos-modules/keyboard.nix | 12 ------------ 2 files changed, 16 insertions(+), 13 deletions(-) delete mode 100644 modules/nixos-modules/keyboard.nix diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index 1b22ece..8f4cc01 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -1,4 +1,9 @@ -{lib, ...}: { +{ + lib, + config, + pkgs, + ... +}: { options.host.hardware = { piperMouse = { enable = lib.mkEnableOption "host has a piper mouse"; @@ -16,4 +21,14 @@ enable = lib.mkEnableOption "can a host be used on its own"; }; }; + config = lib.mkMerge [ + (lib.mkIf config.host.hardware.piperMouse.enable { + services.udev.packages = [pkgs.piper]; + }) + (lib.mkIf config.host.hardware.viaKeyboard.enable { + hardware.keyboard.qmk.enable = true; + + services.udev.packages = [pkgs.via]; + }) + ]; } diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix deleted file mode 100644 index f820c48..0000000 --- a/modules/nixos-modules/keyboard.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - config = lib.mkIf config.host.hardware.viaKeyboard { - hardware.keyboard.qmk.enable = true; - - services.udev.packages = [pkgs.via]; - }; -} From 45835201f566bc9fdc757fda85f160cdbc591fa0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 13:04:57 -0500 Subject: [PATCH 665/695] fixed piper --- modules/nixos-modules/hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index 8f4cc01..07e6fa8 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -23,7 +23,7 @@ }; config = lib.mkMerge [ (lib.mkIf config.host.hardware.piperMouse.enable { - services.udev.packages = [pkgs.piper]; + services.ratbagd.enable = true; }) (lib.mkIf config.host.hardware.viaKeyboard.enable { hardware.keyboard.qmk.enable = true; From 8f29881b72061657b8bebfe6dd051fa56e0779a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 May 2025 17:42:12 -0500 Subject: [PATCH 666/695] created emergent configuration --- .../nixos/emergent/configuration.nix | 139 ++++++++++++++++++ configurations/nixos/emergent/default.nix | 8 + .../nixos/emergent/disco-configuration.nix | 57 +++++++ .../nixos/emergent/hardware-configuration.nix | 32 ++++ flake.nix | 1 + modules/nixos-modules/users.nix | 4 +- 6 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 configurations/nixos/emergent/configuration.nix create mode 100644 configurations/nixos/emergent/default.nix create mode 100644 configurations/nixos/emergent/disco-configuration.nix create mode 100644 configurations/nixos/emergent/hardware-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix new file mode 100644 index 0000000..a880ef5 --- /dev/null +++ b/configurations/nixos/emergent/configuration.nix @@ -0,0 +1,139 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + host = { + users = { + eve = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + }; + }; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + networking = { + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + hostId = "7e35eb97"; # arbitrary id number generated via this command: `head -c4 /dev/urandom | od -A none -t x4` + hostName = "emergent"; # Define your hostname. + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix new file mode 100644 index 0000000..3455825 --- /dev/null +++ b/configurations/nixos/emergent/default.nix @@ -0,0 +1,8 @@ +# evs desktop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ./disco-configuration.nix + ]; +} diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix new file mode 100644 index 0000000..29e13fe --- /dev/null +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -0,0 +1,57 @@ +{...}: { + disko.devices = { + disk = { + disk1 = { + type = "disk"; + device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + options.cachefile = "none"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + "system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix new file mode 100644 index 0000000..4e13149 --- /dev/null +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/flake.nix b/flake.nix index ba10d20..496456a 100644 --- a/flake.nix +++ b/flake.nix @@ -99,6 +99,7 @@ horizon = mkNixosSystem "horizon"; twilight = mkNixosSystem "twilight"; defiant = mkNixosSystem "defiant"; + emergent = mkNixosSystem "emergent"; }; darwinSystems = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 18cf06f..68bd78b 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -106,7 +106,9 @@ in { uid = lib.mkForce uids.eve; name = lib.mkForce host.users.eve.name; description = "Eve"; - extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; + extraGroups = + lib.optionals host.users.eve.isNormalUser ["networkmanager"] + ++ (lib.lists.optionals host.users.eve.isPrincipleUser ["wheel"]); hashedPasswordFile = config.sops.secrets."passwords/eve".path; isNormalUser = host.users.eve.isNormalUser; isSystemUser = !host.users.eve.isNormalUser; From d88c1c15885193f639f111cbb7610f9aaf95c7e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 May 2025 19:14:37 -0500 Subject: [PATCH 667/695] updated mode for zfs disk --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index 29e13fe..ec002b2 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -31,7 +31,7 @@ zpool = { zroot = { type = "zpool"; - mode = "mirror"; + mode = ""; options.cachefile = "none"; rootFsOptions = { compression = "zstd"; From 69b8f5ceca186be1e40ee8db07c717e7ee54d269 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 00:44:58 +0000 Subject: [PATCH 668/695] generate ssh keys for each system eve is on --- configurations/home-manager/eve/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0ea88ee..b353363 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,6 +1,7 @@ { pkgs, lib, + config, osConfig, ... }: let @@ -72,5 +73,14 @@ in { programs = { # Let Home Manager install and manage itself. home-manager.enable = true; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; }; } From caea10c1e25ab97959aef7e28c5e90bfe45dbb32 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 00:45:13 +0000 Subject: [PATCH 669/695] set git agent information --- configurations/home-manager/eve/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b353363..4e1d6fd 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -74,6 +74,13 @@ in { # Let Home Manager install and manage itself. home-manager.enable = true; + git = { + enable = true; + userName = "Eve Halfmann"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + openssh = { hostKeys = [ { From 5d055c6a88ac087661cb805fb487a1c9219b3063 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 16:20:33 +0000 Subject: [PATCH 670/695] updated git username --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 4e1d6fd..d3dda26 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -76,7 +76,7 @@ in { git = { enable = true; - userName = "Eve Halfmann"; + userName = "Eve"; userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; From 327a5ce55fa9af2442845cad14662db95ee7aa6f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 16:31:08 +0000 Subject: [PATCH 671/695] added vscodium --- configurations/home-manager/eve/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index d3dda26..7dedb68 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,6 +80,11 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; openssh = { hostKeys = [ From c54210411d5f6c5097adb0c96f1f31d9db00649f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 11:59:56 -0500 Subject: [PATCH 672/695] added steam + dependencies --- configurations/nixos/emergent/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index a880ef5..4325eb3 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -80,6 +80,8 @@ # programs.firefox.enable = true; + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. # You can use https://search.nixos.org/ to find more packages (and options). # environment.systemPackages = with pkgs; [ @@ -87,6 +89,13 @@ # wget # ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; From 7acf6a1c13935a5a5b4fb8b4a078697bf322dca3 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 12:22:42 -0500 Subject: [PATCH 673/695] added nvidia-drivers as a seperate file and imported to config file --- .../nixos/emergent/configuration.nix | 1 + .../nixos/emergent/nvidia-drivers.nix | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 configurations/nixos/emergent/nvidia-drivers.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 4325eb3..389dfe5 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -8,6 +8,7 @@ ... }: { imports = [ + ./nvidia-drivers.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix new file mode 100644 index 0000000..4df1b67 --- /dev/null +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: +{ + + # Enable OpenGL + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + } \ No newline at end of file From 2820252c54f9b5bac43d09e280c48baaaf45657d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:00:34 -0500 Subject: [PATCH 674/695] made leyla configs optional --- configurations/home-manager/eve/default.nix | 2 +- configurations/home-manager/leyla/default.nix | 45 +- configurations/home-manager/leyla/firefox.nix | 623 +++++++++--------- .../home-manager/leyla/packages.nix | 72 +- .../home-manager/leyla/vscode/default.nix | 185 +++--- .../nixos/emergent/nvidia-drivers.nix | 20 +- 6 files changed, 477 insertions(+), 470 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 7dedb68..b2ae492 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,7 +80,7 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; - + vscode = { enable = true; package = pkgs.vscodium; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 0c90ab1..90251a3 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,8 +1,4 @@ -{ - osConfig, - config, - ... -}: { +{osConfig, ...}: { imports = [ ./i18n.nix ./packages.nix @@ -108,44 +104,5 @@ }; }; }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; }; } diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 4f8c624..0adea28 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -2,340 +2,345 @@ lib, pkgs, inputs, + osConfig, ... -}: { - programs.firefox = { - enable = true; - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; +}: let + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; +in { + config = lib.mkIf is-desktop-user { + programs.firefox = { + enable = true; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; }; }; - }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - privacy-badger - decentraleyes - clearurls - localcdn + privacy-badger + decentraleyes + clearurls + localcdn - snowflake + snowflake - deutsch-de-language-pack - dictionary-german + deutsch-de-language-pack + dictionary-german - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" "privacy_privacy_com-browser-action" - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" + "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" "jid1-bofifl9vbdl2zq_jetpack-browser-action" "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } ]; }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; }; }; }; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 13263ea..e9ab230 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, pkgs, ... @@ -12,22 +13,22 @@ in { ./firefox.nix ]; - nixpkgs.config = { - allowUnfree = true; - }; + config = lib.mkMerge [ + (lib.mkIf userConfig.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf userConfig.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; - home = { - packages = - lib.lists.optionals userConfig.isTerminalUser ( - with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ] - ) - ++ ( + home.packages = ( lib.lists.optionals userConfig.isDesktopUser ( (with pkgs; [ # helvetica font @@ -91,5 +92,44 @@ in { ) ) ); - }; + programs = lib.mkIf userConfig.isDesktopUser { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; + }; + }; + bash.enable = true; + + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }) + ]; } diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 2f3c455..c2ee066 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -8,110 +8,113 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; + config = lib.mkIf is-desktop-user { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; + programs = { + bash.shellAliases = { + code = "codium"; + }; - package = pkgs.vscodium; + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; - mutableExtensionsDir = false; + package = pkgs.vscodium; - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf ai-tooling-enabled { + "continue.telemetryEnabled" = false; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # go extensions - golang.go + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # go extensions + golang.go - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); + }; }; }; }; diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index 4df1b67..b264ca5 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, ... }: { - + config, + lib, + pkgs, + ... +}: { # Enable OpenGL hardware.graphics = { enable = true; @@ -10,13 +13,12 @@ services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { - # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -26,17 +28,17 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; - } \ No newline at end of file +} From 21eff1d08302abacb7010b5dd065d49e69f57e69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:07:56 -0500 Subject: [PATCH 675/695] moved Eve configurations into their own package --- configurations/home-manager/eve/default.nix | 45 +--------------- configurations/home-manager/eve/packages.nix | 52 +++++++++++++++++++ .../nixos/emergent/configuration.nix | 13 ++--- 3 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 configurations/home-manager/eve/packages.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b2ae492..0ab0c59 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,10 +1,4 @@ -{ - pkgs, - lib, - config, - osConfig, - ... -}: let +{osConfig, ...}: let userConfig = osConfig.host.users.eve; in { nixpkgs.config = { @@ -57,42 +51,5 @@ in { sessionVariables = { # EDITOR = "emacs"; }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin - ungoogled-chromium - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; - - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; }; } diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix new file mode 100644 index 0000000..6cc4630 --- /dev/null +++ b/configurations/home-manager/eve/packages.nix @@ -0,0 +1,52 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.eve; +in { + config = { + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + home.packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop-bin + ungoogled-chromium + ] + ); + + # Packages that need to be installed with some extra configuration + # See https://home-manager-options.extranix.com/ for all options + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 389dfe5..2d7df4c 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -83,13 +83,14 @@ nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + environment.systemPackages = with pkgs; [ + wget + ]; + # Packages that need to be installed with some extra configuration + # See https://search.nixos.org/options for all options programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 93793f2f1c71786215025d06f1c8072bbe4ea026 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:44 -0500 Subject: [PATCH 676/695] set nvidia drivers to open --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b264ca5..fd569b3 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -32,7 +32,7 @@ # supported GPUs is at: # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ - open = false; + open = true; # Enable the Nvidia settings menu, # accessible via `nvidia-settings`. From 54d03b280c5de2cd11c26fbed6f3a3e5f4497c4d Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:50 -0500 Subject: [PATCH 677/695] increase size of boot partiton for emergent --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index ec002b2..ac2067f 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -8,7 +8,7 @@ type = "gpt"; partitions = { ESP = { - size = "64M"; + size = "512M"; type = "EF00"; content = { type = "filesystem"; From 36382ebfe0001273823e2fe417e3242495b75da6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:19:31 -0500 Subject: [PATCH 678/695] switched to using nixos-anywhere flake in dev shell --- flake.lock | 153 +++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 12 +++- util/default.nix | 2 +- 3 files changed, 163 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83..fe1ba7d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,28 @@ "type": "github" } }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -57,6 +79,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -151,6 +194,27 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748765518, + "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", + "owner": "Mic92", + "repo": "nix-vm-test", + "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-vm-test", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -172,6 +236,32 @@ "type": "github" } }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1748794949, + "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "b7686308b281917d63137373a2eb5c566a973d03", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -188,6 +278,47 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748481078, + "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1748437600, + "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -214,6 +345,7 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", + "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -270,6 +402,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 496456a..c0a72cf 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # disk configurations disko = { url = "github:nix-community/disko"; @@ -79,6 +84,7 @@ sops-nix, nix-syncthing, home-manager, + nixos-anywhere, impermanence, ... } @ inputs: let @@ -131,11 +137,11 @@ systemsHomes // homeSystems; in { - formatter = forEachPkgs (pkgs: pkgs.alejandra); + formatter = forEachPkgs (system: pkgs: pkgs.alejandra); # templates = import ./templates; - devShells = forEachPkgs (pkgs: { + devShells = forEachPkgs (system: pkgs: { default = pkgs.mkShell { packages = with pkgs; [ # for version controlling this repo @@ -147,7 +153,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere + nixos-anywhere.packages.${system}.nixos-anywhere # for updating disko configurations disko ]; diff --git a/util/default.nix b/util/default.nix index 4b713da..5b61779 100644 --- a/util/default.nix +++ b/util/default.nix @@ -53,7 +53,7 @@ ../modules/system-modules ]; in { - forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: From b1e7be48b37adc932bac365d0ae10bdb6b0d9f9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:27:50 -0500 Subject: [PATCH 679/695] moved packages to common-modules --- modules/common-modules/pkgs/default.nix | 19 ++++++++++++++++--- .../pkgs}/prostudiomasters.nix | 0 .../pkgs}/webtoon-dl.nix | 0 modules/nixos-modules/default.nix | 1 - modules/nixos-modules/packages/default.nix | 17 ----------------- 5 files changed, 16 insertions(+), 21 deletions(-) rename modules/{nixos-modules/packages => common-modules/pkgs}/prostudiomasters.nix (100%) rename modules/{nixos-modules/packages => common-modules/pkgs}/webtoon-dl.nix (100%) delete mode 100644 modules/nixos-modules/packages/default.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 3e4456b..208ee24 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,17 @@ -# this folder is for custom derivations -{...}: { - # package = pkgs.callPackage ./package.nix {}; +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; } diff --git a/modules/nixos-modules/packages/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix similarity index 100% rename from modules/nixos-modules/packages/prostudiomasters.nix rename to modules/common-modules/pkgs/prostudiomasters.nix diff --git a/modules/nixos-modules/packages/webtoon-dl.nix b/modules/common-modules/pkgs/webtoon-dl.nix similarity index 100% rename from modules/nixos-modules/packages/webtoon-dl.nix rename to modules/common-modules/pkgs/webtoon-dl.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index d668a74..8cdeae9 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,7 +15,6 @@ ./ai.nix ./tailscale.nix ./server - ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix deleted file mode 100644 index 208ee24..0000000 --- a/modules/nixos-modules/packages/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, ...}: { - nixpkgs.overlays = [ - (final: prev: { - webtoon-dl = - pkgs.callPackage - ./webtoon-dl.nix - {}; - }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (final: prev: { - prostudiomasters = - pkgs.callPackage - ./prostudiomasters.nix - {}; - }) - ]; -} From 7979b4ed17663d504f95036af80de4a07ab2f697 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:29:39 -0500 Subject: [PATCH 680/695] installed prostudiomasters for leyla only --- configurations/home-manager/leyla/packages.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index e9ab230..020060d 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -72,6 +72,7 @@ in { # proprietary platforms discord obsidian + prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 7e2ab8a..770eeef 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -50,7 +50,6 @@ environment.systemPackages = with pkgs; [ webtoon-dl - prostudiomasters ]; programs = { From a68f81cf3bc41a131ceb7ec644629037e1102ccd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:41:55 -0500 Subject: [PATCH 681/695] moved disko needed configuration to disko.nix --- modules/nixos-modules/disko.nix | 41 ++++++++++++++++++++++++-- modules/nixos-modules/impermanence.nix | 27 ----------------- 2 files changed, 39 insertions(+), 29 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 13ddb8f..af83023 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -20,6 +20,8 @@ disk: lib.attrsets.nameValuePair (hashDisk disk) disk ) config.host.storage.pool.cache; + + datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; @@ -63,6 +65,39 @@ in { description = "list of drives that are going to be used as cache"; default = []; }; + # Default datasets that are needed to make a functioning system + datasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + default = { + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + }; + }; extraDatasets = lib.mkOption { type = lib.types.attrsOf (inputs.disko.lib.subType { types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; @@ -222,13 +257,15 @@ in { ); datasets = lib.mkMerge [ - (lib.attrsets.mapAttrs (name: value: { + ( + lib.attrsets.mapAttrs (name: value: { type = value.type; options = value.options; mountpoint = value.mountpoint; postCreateHook = value.postCreateHook; }) - config.host.storage.pool.extraDatasets) + datasets + ) ]; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e969e20..2f38cd3 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -38,33 +38,6 @@ }; host.storage.pool.extraDatasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - # persist datasets are datasets that contain information that we would like to keep around "persist" = { type = "zfs_fs"; From 99ea35547290d71e04fb600f9cb8cec2979bfbef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:59:24 -0500 Subject: [PATCH 682/695] made boot disko partition configurable --- .../nixos/defiant/configuration.nix | 2 + modules/nixos-modules/disko.nix | 99 ++++++++----------- 2 files changed, 45 insertions(+), 56 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fef7a56..a48bddb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,6 +40,8 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; vdevs = [ [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index af83023..2cfeacc 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,16 +50,25 @@ in { }; }; pool = { - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; + # list of drives in pool that will have a boot partition put onto them + bootDrives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of disks that are going to have a boot partition installed on them"; + default = lib.lists.flatten config.host.storage.pool.vdevs; }; + # shorthand for vdevs if you only have 1 vdev drives = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be in the vdev"; default = []; }; + # list of all drives in each vdev + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + # list of cache drives for pool cache = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be used as cache"; @@ -156,59 +165,37 @@ in { disko.devices = { disk = ( builtins.listToAttrs ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { + # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - (lib.lists.flatten vdevs) - ) - ++ ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - # 2G here because its not much relative to how much storage we have for caching - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - cache + (lib.lists.flatten vdevs) ++ cache ) ) ); From 795b9b010f2890b2414ea549e3f5a133186234a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:04:37 -0500 Subject: [PATCH 683/695] made zfs mode settable --- modules/nixos-modules/disko.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 2cfeacc..3d15498 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; }; pool = { + mode = lib.mkOption { + type = lib.types.str; + default = "raidz2"; + description = "what level of redundancy should this pool have"; + }; # list of drives in pool that will have a boot partition put onto them bootDrives = lib.mkOption { type = lib.types.listOf lib.types.str; @@ -207,7 +212,7 @@ in { type = "topology"; vdev = ( builtins.map (disks: { - mode = "raidz2"; + mode = config.host.storage.pool.mode; members = builtins.map (disk: disk.name) disks; }) From 6ce718ab095036ae60e2979e825a1ffee9777f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:07:13 -0500 Subject: [PATCH 684/695] moved emergent to common disko configuration --- .../nixos/emergent/configuration.nix | 8 +++ configurations/nixos/emergent/default.nix | 1 - .../nixos/emergent/disco-configuration.nix | 57 ------------------- 3 files changed, 8 insertions(+), 58 deletions(-) delete mode 100644 configurations/nixos/emergent/disco-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 2d7df4c..8176f97 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -50,6 +50,14 @@ isPrincipleUser = true; }; }; + + storage = { + enable = true; + pool = { + mode = ""; + drives = ["wwn-0x5000039fd0cf05eb"]; + }; + }; }; # Configure keymap in X11 diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 3455825..452334a 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,6 +3,5 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./disco-configuration.nix ]; } diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix deleted file mode 100644 index ac2067f..0000000 --- a/configurations/nixos/emergent/disco-configuration.nix +++ /dev/null @@ -1,57 +0,0 @@ -{...}: { - disko.devices = { - disk = { - disk1 = { - type = "disk"; - device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = ""; - options.cachefile = "none"; - rootFsOptions = { - compression = "zstd"; - "com.sun:auto-snapshot" = "true"; - }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - - datasets = { - "system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - }; - }; - }; -} From ba2a31a80ebea98dff88657c968f6cb239343086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:16:27 -0500 Subject: [PATCH 685/695] removed unused variable --- configurations/nixos/emergent/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 8176f97..eaac657 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -2,7 +2,6 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - config, lib, pkgs, ... From 2475170d0aecd74581b9d9f37dd6ce907d3ca48e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:28:06 -0500 Subject: [PATCH 686/695] moved user set configurations out of hardware-configuration.nix --- .../nixos/horizon/configuration.nix | 28 ++++- .../nixos/horizon/hardware-configuration.nix | 115 ++---------------- 2 files changed, 39 insertions(+), 104 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 770eeef..4a73d8c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,7 +1,8 @@ { + lib, + pkgs, config, inputs, - pkgs, ... }: { imports = [ @@ -10,6 +11,19 @@ nixpkgs.config.allowUnfree = true; + boot = { + initrd = { + availableKernelModules = ["usb_storage" "sd_mod"]; + }; + kernelModules = ["sg"]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + host = { users = { leyla = { @@ -49,8 +63,10 @@ }; environment.systemPackages = with pkgs; [ + cachefilesd webtoon-dl ]; + services.cachefilesd.enable = true; programs = { adb.enable = true; @@ -61,6 +77,16 @@ }; }; + networking = { + networkmanager.enable = true; + hostName = "horizon"; # Define your hostname. + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware = { + graphics.enable = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index e88d8dc..cec4914 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,22 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-intel" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - supportedFilesystems = ["nfs"]; - }; + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -39,98 +26,20 @@ device = "/dev/disk/by-uuid/E138-65B5"; fsType = "vfat"; }; - - "/mnt/leyla_documents" = { - device = "defiant:/export/leyla_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/eve_documents" = { - device = "defiant:/export/eve_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/export/users_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/media" = { - device = "defiant:/export/media"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - - services.cachefilesd.enable = true; - swapDevices = [ {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} ]; - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - hostName = "horizon"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware = { - graphics.enable = true; - cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From 35d6c1a63476a007ee81ce30bb517e8ceda5930a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:04:13 -0500 Subject: [PATCH 687/695] enabled fwupd on horizon --- configurations/nixos/horizon/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 4a73d8c..5817e2b 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -98,6 +98,10 @@ fprintd = { enable = true; }; + # firmware update tool + fwupd = { + enable = true; + }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; From 2e41153c43a8c3c1729b8deccc841d3bad38fcd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:37:12 -0500 Subject: [PATCH 688/695] reverted nixos-anywhere devshell --- flake.lock | 153 ----------------------- flake.nix | 8 +- modules/home-manager-modules/openssh.nix | 16 +-- 3 files changed, 9 insertions(+), 168 deletions(-) diff --git a/flake.lock b/flake.lock index fe1ba7d..fa3ad83 100644 --- a/flake.lock +++ b/flake.lock @@ -20,28 +20,6 @@ "type": "github" } }, - "disko_2": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", - "owner": "nix-community", - "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "disko", - "type": "github" - } - }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -79,27 +57,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -194,27 +151,6 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, - "nix-vm-test": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748765518, - "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", - "owner": "Mic92", - "repo": "nix-vm-test", - "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "nix-vm-test", - "type": "github" - } - }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -236,32 +172,6 @@ "type": "github" } }, - "nixos-anywhere": { - "inputs": { - "disko": "disko_2", - "flake-parts": "flake-parts", - "nix-vm-test": "nix-vm-test", - "nixos-images": "nixos-images", - "nixos-stable": "nixos-stable", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1748794949, - "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", - "owner": "nix-community", - "repo": "nixos-anywhere", - "rev": "b7686308b281917d63137373a2eb5c566a973d03", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-anywhere", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -278,47 +188,6 @@ "type": "github" } }, - "nixos-images": { - "inputs": { - "nixos-stable": [ - "nixos-anywhere", - "nixos-stable" - ], - "nixos-unstable": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748481078, - "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", - "owner": "nix-community", - "repo": "nixos-images", - "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-images", - "type": "github" - } - }, - "nixos-stable": { - "locked": { - "lastModified": 1748437600, - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -345,7 +214,6 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", - "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -402,27 +270,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c0a72cf..ac651f7 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-anywhere = { - url = "github:nix-community/nixos-anywhere"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # disk configurations disko = { url = "github:nix-community/disko"; @@ -84,7 +79,6 @@ sops-nix, nix-syncthing, home-manager, - nixos-anywhere, impermanence, ... } @ inputs: let @@ -153,7 +147,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere.packages.${system}.nixos-anywhere + nixos-anywhere # for updating disko configurations disko ]; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b8..d7a0873 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); - }; + # programs.ssh = { + # enable = true; + # compression = true; + # addKeysToAgent = "confirm"; + # extraConfig = lib.strings.concatLines ( + # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + # ); + # }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From 5e0bf9f068b879f8b00bcec30cf4cdda47d0862e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 17:37:56 -0500 Subject: [PATCH 689/695] re enabled ssh agent IdentityFile --- modules/home-manager-modules/openssh.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index d7a0873..7b646b8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - # programs.ssh = { - # enable = true; - # compression = true; - # addKeysToAgent = "confirm"; - # extraConfig = lib.strings.concatLines ( - # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - # ); - # }; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From ac7c2e6de6eb957c8408c66f50d51397624be090 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:11:27 -0500 Subject: [PATCH 690/695] switched to lix --- flake.lock | 86 +++++++++++++++++++++++++++++++- flake.nix | 8 +-- modules/nixos-modules/system.nix | 1 - util/default.nix | 4 +- 4 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83..3dbabc8 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +143,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +221,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -270,6 +339,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ac651f7..7896d60 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 51a92ed..b839067 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,6 +1,5 @@ {...}: { nix = { - settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; diff --git a/util/default.nix b/util/default.nix index 5b61779..fb2f83d 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9664eeb38dd162ea6d76102bfe7215a8c09bec44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:19:03 -0500 Subject: [PATCH 691/695] updated flakes --- .../nixos/emergent/configuration.nix | 4 +-- flake.lock | 34 +++++++++---------- modules/nixos-modules/desktop.nix | 10 +++--- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index eaac657..aacc820 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -38,8 +38,8 @@ services.xserver.enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; host = { users = { diff --git a/flake.lock b/flake.lock index 3dbabc8..bbaffa4 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748405006, - "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", + "lastModified": 1748730131, + "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9801a86d6603260940890c36650275090d1dceb", + "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748455938, - "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", + "lastModified": 1748811839, + "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", "owner": "nix-community", "repo": "home-manager", - "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", + "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", "type": "github" }, "original": { @@ -150,7 +150,7 @@ "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", @@ -171,7 +171,7 @@ "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748397853, - "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", + "lastModified": 1748744745, + "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", + "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1748634340, + "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748370509, - "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index cf59cd9..323b7cc 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -19,12 +19,6 @@ # Enable the X11 windowing system. enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - }; - # Get rid of xTerm desktopManager.xterm.enable = false; excludePackages = with pkgs; [ @@ -47,6 +41,10 @@ ]; }; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + pipewire = { enable = true; alsa.enable = true; From 42e2ce9258660796c4607ce8b088978406e7d57e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 20:58:30 -0500 Subject: [PATCH 692/695] fixed warnings on defiant --- configurations/nixos/defiant/configuration.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a48bddb..0b9d1b7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,16 +201,14 @@ # temp enable desktop enviroment for setup # Enable the X11 windowing system. - xserver = { - enable = true; + xserver.enable = true; - # Enable the GNOME Desktop Environment. - displayManager = { - gdm.enable = true; - }; - desktopManager = { - gnome.enable = true; - }; + # Enable the GNOME Desktop Environment. + displayManager = { + gdm.enable = true; + }; + desktopManager = { + gnome.enable = true; }; ollama = { @@ -300,7 +298,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; - services.xserver.displayManager.gdm.autoSuspend = false; + services.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 1a4c2b2f950359eb905a2a7975e6e9af56e1aceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 21:06:54 -0500 Subject: [PATCH 693/695] stripped down twilight configuration.nix --- .../nixos/twilight/configuration.nix | 63 ++++++++++ configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/hardware-configuration.nix | 116 +----------------- .../nixos/twilight/nvidia-drivers.nix | 52 ++++++++ 4 files changed, 121 insertions(+), 111 deletions(-) create mode 100644 configurations/nixos/twilight/nvidia-drivers.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index e9032d8..0306f19 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,6 +1,7 @@ { inputs, config, + pkgs, ... }: { imports = [ @@ -121,6 +122,63 @@ syncthing.enable = true; }; + + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + cachefilesd + ]; programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play @@ -128,6 +186,11 @@ }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index + networking = { + networkmanager.enable = true; + hostName = "twilight"; # Define your hostname. + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index edfb3f6..43a9164 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./nvidia-drivers.nix ]; } diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1cba7de..9a4c2d2 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,16 +25,6 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - - supportedFilesystems = ["nfs"]; - }; - - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; }; fileSystems = { @@ -48,111 +38,15 @@ fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; - - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" - "fsc" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - swapDevices = []; - networking = { - networkmanager.enable = true; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - hostName = "twilight"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix new file mode 100644 index 0000000..883b5cb --- /dev/null +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -0,0 +1,52 @@ +{ + lib, + config, + ... +}: { + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = true; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} From a7b738eae366d806f145b291c6de1ba8e1580dc2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 22:10:29 -0500 Subject: [PATCH 694/695] made twilight hardware-configuration.nix match what is automatically generated --- .../nixos/twilight/configuration.nix | 8 ++++++++ .../nixos/twilight/hardware-configuration.nix | 20 +++++-------------- .../nixos/twilight/nvidia-drivers.nix | 8 +------- 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0306f19..6cef2fb 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,6 +10,14 @@ nixpkgs.config.allowUnfree = true; + boot.initrd.availableKernelModules = ["usb_storage"]; + boot.kernelModules = ["sg"]; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/twilight" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 9a4c2d2..1389caf 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,20 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-amd" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -49,4 +38,5 @@ networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 883b5cb..d373bf2 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{config, ...}: { services.xserver = { # Load nvidia driver for Xorg and Wayland videoDrivers = ["nvidia"]; @@ -46,7 +42,5 @@ # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.production; }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } From e6a640abfc772e034b9dcdffc14a5101d8973fac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 23:52:13 -0500 Subject: [PATCH 695/695] fixed warning in nvida-drivers --- configurations/nixos/twilight/nvidia-drivers.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index d373bf2..47763f8 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,9 @@ {config, ...}: { - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; # Use X instead of wayland for gaming reasons displayManager.gdm.wayland = false; };