jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

massive restructure of my org file

Browse Source 
ops

sakljdask
This commit is contained in:
Danilo Reyes 2023-09-02 19:42:21 -06:00
parent e60a8909ea
commit 49280cf576
3 changed files with 353 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/dotfiles/*.Appimage /dotfiles/*.Appimage
/scripts/download/.direnv/ /scripts/download/.direnv/
/configuration.nix /configuration.nix
/scripts/PureRef-1.11.1_x64.Appimage

686
configuration.org
View File

@ -35,25 +35,35 @@ other functions.
them into binaries which then I can integrate into the nix-store as well as them into binaries which then I can integrate into the nix-store as well as
declared systemd units. declared systemd units.
* DECLARATION
Here I will declare the dependencies and variables that will be used multiple
times through the config file, such as the current version of NixOS,
repositories and even some scripts that will be reused on systemd
configurations.
** VARIABLES
#+begin_src nix #+begin_src nix
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
VERSION = "23.05"; version = "23.05";
unstable = import (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config; config = config.nixpkgs.config;
}; };
nix-gaming = import (builtins.fetchTarball "https://github.com/fufexan/nix-gaming/archive/master.tar.gz"); nixGaming = import
jawz_nextcloud_scrapsync = pkgs.writeScriptBin (builtins.fetchTarball "https://github.com/fufexan/nix-gaming/archive/master.tar.gz");
"nextcloud_scrapsync" (builtins.readFile ./scripts/nextcloud_scrapsync.sh); jawzManageLibrary = pkgs.writeScriptBin
jawz_manage_library = pkgs.writeScriptBin "manage-library" (builtins.readFile ./scripts/manage-library.sh);
"manage_library" (builtins.readFile ./scripts/manage_library.sh); jawzTasks = pkgs.writeScriptBin
jawz_tasks = pkgs.writeScriptBin
"tasks" (builtins.readFile ./scripts/tasks.sh); "tasks" (builtins.readFile ./scripts/tasks.sh);
in in
{ # Remember to close this bracket at the end of the document { # Remember to close this bracket at the end of the document
#+end_src #+end_src
* IMPORTS ** IMPORTS
These are files and modules which get loaded onto the configuration file, in the These are files and modules which get loaded onto the configuration file, in the
future I may segment this file into different modules once it becomes too future I may segment this file into different modules once it becomes too
cluttered, for example, I may create a module for systemd units. cluttered, for example, I may create a module for systemd units.
@ -65,7 +75,7 @@ imports = [
# ./openldap.nix # ./openldap.nix
<home-manager/nixos> <home-manager/nixos>
<agenix/modules/age.nix> <agenix/modules/age.nix>
"${nix-gaming}/modules/pipewireLowLatency.nix" "${nixGaming}/modules/pipewireLowLatency.nix"
]; ];
#+end_src #+end_src
@ -108,9 +118,9 @@ console = {
* GNOME * GNOME
At the time of writing this file, I require of X11, as the NVIDIA support for At the time of writing this file, I require of X11, as the NVIDIA support for
Wayland isn't perfect yet. At the time being, the ability to switch through GDM Wayland is not perfect yet. At the time being, the ability to switch through
from Wayland to XORG, it's pretty handy, but in the future these settings will GDM from Wayland to XORG, it's pretty handy, but in the future these settings
require an update. will require an update.
Sets up GNOME as the default desktop environment, while excluding some Sets up GNOME as the default desktop environment, while excluding some
undesirable packages from installing. undesirable packages from installing.
@ -166,7 +176,7 @@ security = {
rtkit.enable = true; rtkit.enable = true;
acme = { acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "captainjawz@outlook.com"; defaults.email = "${myEmail}";
}; };
}; };
services.pipewire = { services.pipewire = {
@ -183,9 +193,6 @@ services.pipewire = {
#+end_src #+end_src
* SECURITY * SECURITY
Recently, I've gotten frustrated with OpenDoas, as such I've decided to
temporarily enable Sudo, but in the future, I plan to revert that decision.
** SUDO
Disabled password for commodity, but this is obviously not recommended. Disabled password for commodity, but this is obviously not recommended.
#+begin_src nix #+begin_src nix
security.sudo = { security.sudo = {
@ -194,12 +201,10 @@ security.sudo = {
}; };
#+end_src #+end_src
* USER PACKAGES * NIXPKGS
Being part of the "wheel" group, means that the user has root privileges. Allow non-free, sadly is a requirement for some of my drivers, besides that,
here is a good place to declare some package overrides as well as permit unsafe
This allows to install non-free packages, and also a toggle for installing packages.
packages from the unstable repository by prepending "unstable" to the package
name.
#+begin_src nix #+begin_src nix
nixpkgs.config = { nixpkgs.config = {
@ -209,22 +214,15 @@ nixpkgs.config = {
}; };
permittedInsecurePackages = [ permittedInsecurePackages = [
"nodejs-14.21.3" "nodejs-14.21.3"
"openssl-1.1.1u" "openssl-1.1.1v"
]; ];
}; };
#+end_src #+end_src
This section of the document categorizes and organizes all he packages that I * SYSTEM USERS
want installed, attempting to group them as dependencies of others when This may be a terrible idea, but because I need some of my service applications
necessary. to be part of specific groups so they have the required permissions to accesss
some files, I'm using a declarative approach to set some of them up.
It has come to my attention, that using home-manager to manage packages, isn't a
recommended thing, while in theory there should be no errors with it, being a
downstream package there is no warranty that an upstream change will break
things with a new upgrade, breaking thus, the declarative nature of NixOs, for
that purpose, I have decided to keep home-manager as a module, with the
intention of reduce the number of dotfiles, however I will keep it exclusively
as a dotfile and service manager.
#+begin_src nix #+begin_src nix
users.groups = { users.groups = {
@ -245,25 +243,42 @@ users.users = {
packages = (with pkgs; [ packages = (with pkgs; [
nodejs_14 nodejs_14
perl perl
# unstable.exiftool (perlPackages.buildPerlPackage rec {
( perlPackages.buildPerlPackage rec { pname = "Image-ExifTool";
pname = "Image-ExifTool"; version = "12.60";
version = "12.60"; src = fetchurl {
src = fetchurl { url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0=";
hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0="; };
}; })
})
]); ]);
}; };
jawz = { #+end_src
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "scanner" "lp" "piracy" "kavita" ]; * NORMAL USERS
initialPassword = "password"; Being part of the "wheel" group, means that the user has root privileges.
openssh = {
#+begin_src nix
jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker"
"scanner" "lp" "piracy" "kavita"
"render" "video"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" ]; authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" ];
}; };
packages = (with pkgs; [ #+end_src
This section of the document categorizes and organizes all he packages that I
want installed, attempting to group them as dependencies of others when
necessary.
* USER PACKAGES
Begin the block to install user packages.
#+begin_src nix
packages = (with pkgs; [
#+end_src #+end_src
** GUI PACKAGES ** GUI PACKAGES
@ -295,17 +310,16 @@ anticipated, most everything seems to run seamlessly.
#+begin_src nix #+begin_src nix
lutris lutris
heroic heroic
wine64Packages.full wine64Packages.stable
wineWowPackages.full wineWowPackages.stable
vulkan-tools
# nix-gaming.packages.${pkgs.hostPlatform.system}.wine-tkg
winetricks winetricks
# nix-gaming.packages.${pkgs.hostPlatform.system}.wine-discord-ipc-bridge vulkan-tools
# nixGaming.packages.${pkgs.hostPlatform.system}.wine-tkg
# nixGaming.packages.${pkgs.hostPlatform.system}.wine-discord-ipc-bridge
# grapejuice # roblox manager # grapejuice # roblox manager
minecraft # minecraft official launcher minecraft # minecraft official launcher
parsec-bin # remote gaming with friends parsec-bin # remote gaming with friends
protonup-qt # update proton-ge protonup-qt # update proton-ge
renpy
#+end_src #+end_src
*** PRODUCTIVITY *** PRODUCTIVITY
@ -313,7 +327,7 @@ This is the section where the apps that help me be productive come, a lot of
this are not used as often as I wish… this are not used as often as I wish…
#+begin_src nix #+begin_src nix
libreoffice-fresh # office, but based unstable.libreoffice-fresh # office, but based
calibre # ugly af eBook library manager calibre # ugly af eBook library manager
foliate # gtk eBook reader foliate # gtk eBook reader
newsflash # feed reader, syncs with nextcloud newsflash # feed reader, syncs with nextcloud
@ -329,7 +343,7 @@ if just for a try and play a little.
#+begin_src nix #+begin_src nix
# sequeler # friendly SQL client # sequeler # friendly SQL client
blanket # background noise blanket # background noise
czkawka # duplicate finder # czkawka # duplicate finder
pika-backup # backups pika-backup # backups
# tilix # used to be my favourite terminal, but it's so outdated, that each time I use it less and less… # tilix # used to be my favourite terminal, but it's so outdated, that each time I use it less and less…
gnome-obfuscate # censor private information gnome-obfuscate # censor private information
@ -342,7 +356,7 @@ libgda # for pano shell extension
*** MULTIMEDIA *** MULTIMEDIA
Overwhelmingly player applications, used for videos and music, while most of my Overwhelmingly player applications, used for videos and music, while most of my
consumption has moved towards Danilo-flix, it's still worth the install of most consumption has moved towards jellyfin, it's still worth the install of most
of these, for now. of these, for now.
#+begin_src nix #+begin_src nix
@ -366,12 +380,11 @@ Stuff that I use to interact with the web, web browsers, chats, download
managers, etc. managers, etc.
#+begin_src nix #+begin_src nix
firefox # web browser that allows to disable spyware
tor-browser-bundle-bin # dark web, so dark!
ungoogled-chromium # web browser with spyware included
discord # chat discord # chat
telegram-desktop # furry chat telegram-desktop # furry chat
google-chrome # web browser with spyware included
firefox # web browser that allows to disable spyware
# librewolf # no spyware web browser
tor-browser-bundle-bin # dark web, so dark!
# hugo # website engine # hugo # website engine
nicotine-plus # remember Ares? nicotine-plus # remember Ares?
warp # never used, but supposedly cool for sharing files warp # never used, but supposedly cool for sharing files
@ -395,15 +408,19 @@ vcsi # video thumbnails for torrents, can I replace it with ^?
tree-sitter # code parsing, required by Doom emacs tree-sitter # code parsing, required by Doom emacs
torrenttools # create torrent files from the terminal! torrenttools # create torrent files from the terminal!
lm_sensors # for extension, displays cpu temp lm_sensors # for extension, displays cpu temp
#+end_src
# My own scripts ** MY SCRIPTS
jawz_manage_library Here I compile my own scripts into binaries
jawz_tasks
#+begin_src nix
jawzManageLibrary
jawzTasks
(writeScriptBin "ffmpeg4discord" (builtins.readFile ./scripts/ffmpeg4discord.py)) (writeScriptBin "ffmpeg4discord" (builtins.readFile ./scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ./scripts/ffmpreg.sh)) (writeScriptBin "ffmpreg" (builtins.readFile ./scripts/ffmpreg.sh))
(writeScriptBin "chat-dl" (builtins.readFile ./scripts/chat-dl.sh)) (writeScriptBin "chat-dl" (builtins.readFile ./scripts/chat-dl.sh))
(writeScriptBin "split_dir" (builtins.readFile ./scripts/split_dir.sh)) (writeScriptBin "split-dir" (builtins.readFile ./scripts/split-dir.sh))
(writeScriptBin "pika_list" (builtins.readFile ./scripts/pika_list.sh)) (writeScriptBin "pika-list" (builtins.readFile ./scripts/pika-list.sh))
(writeScriptBin "run" (builtins.readFile ./scripts/run.sh)) (writeScriptBin "run" (builtins.readFile ./scripts/run.sh))
#+end_src #+end_src
@ -429,8 +446,6 @@ bats # testing system, required by Exercism
bashdb # autocomplete bashdb # autocomplete
shellcheck # linting shellcheck # linting
shfmt # a shell parser and formatter shfmt # a shell parser and formatter
file # required by my tasks script?
xclip # manipulate clipboard from scripts
# NIX # NIX
nixfmt # linting nixfmt # linting
@ -438,8 +453,8 @@ cachix # why spend time compiling?
# PYTHON. # PYTHON.
python3 # base language python3 # base language
pipenv # python development workflow for humans # pipenv # python development workflow for humans
poetry # dependency management made easy # poetry # dependency management made easy
# C# & Rust # C# & Rust
# omnisharp-roslyn # c# linter and code formatter # omnisharp-roslyn # c# linter and code formatter
@ -573,19 +588,6 @@ symbola
]); }; }; # <--- end of package list ]); }; }; # <--- end of package list
#+end_src #+end_src
* MISC SETTINGS
** ENABLE FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
=tip= once that Wayland is ready for deployment, I probably can remove this
setting.
#+begin_src nix
fonts.fontconfig.enable = true;
#+end_src
* HOME-MANAGER * HOME-MANAGER
** HOME-MANAGER SETTINGS ** HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory, These make it so packages install to '/etc' rather than the user home directory,
@ -594,14 +596,8 @@ also allow for upgrades when rebuilding the system.
#+begin_src nix #+begin_src nix
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
#+end_src
** PACKAGES
#+begin_src nix
home-manager.users.jawz = { config, pkgs, ... }:{ home-manager.users.jawz = { config, pkgs, ... }:{
home.stateVersion = VERSION; home.stateVersion = "${version}";
home.packages = with pkgs; [ ];
#+end_src #+end_src
** DOTFILES ** DOTFILES
@ -613,11 +609,11 @@ programs.bash = {
historyFile = "\${XDG_STATE_HOME}/bash/history"; historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" ]; historyControl = [ "erasedups" ];
shellAliases = { shellAliases = {
ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time"; ls = "exa --icons --group-directories-first";
edit = "emacsclient -t"; edit = "emacsclient -t";
comic = "download -u jawz -i $(cat $LC | fzf --multi --exact -i)"; comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\"";
gallery = "download -u jawz -i $(cat $LW | fzf --multi --exact -i)"; gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\"";
open_gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"; open_gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
unique_extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn"; unique_extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
cp = "cp -i"; cp = "cp -i";
mv = "mv -i"; mv = "mv -i";
@ -641,9 +637,9 @@ programs.bash = {
#+end_src #+end_src
#+begin_src bash #+begin_src bash
/home/jawz/.local/bin/pokemon-colorscripts -r --no-title $HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists # Lists
list_root=${config.home.homeDirectory}/.config/jawz/lists/jawz list_root="${config.home.homeDirectory}"/.config/jawz/lists/jawz
export LW=$list_root/watch.txt export LW=$list_root/watch.txt
export LI=$list_root/instant.txt export LI=$list_root/instant.txt
export LC=$list_root/comic.txt export LC=$list_root/comic.txt
@ -686,8 +682,8 @@ programs = {
}; };
git = { git = {
enable = true; enable = true;
userName = "Danilo Reyes"; userName = "${myName}";
userEmail = "CaptainJawZ@outlook.com"; userEmail = "${myEmail}";
}; };
htop = { htop = {
enable = true; enable = true;
@ -767,7 +763,6 @@ environment.variables = rec {
XDG_STATE_HOME = "\${HOME}/.local/state"; XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH # DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal"; CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo"; CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems"; GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
@ -776,9 +771,12 @@ environment.variables = rec {
GOPATH = "\${XDG_DATA_HOME}/go"; GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc"; NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm"; PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY="\${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE="\${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX="\${XDG_DATA_HOME}/wine";
# OPTIONS # OPTIONS
# HISTFILE = "\${XDG_STATE_HOME}/bash/history"; HISTFILE = "\${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-"; LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true"; GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
@ -811,7 +809,7 @@ environment.variables = rec {
#+end_src #+end_src
* DOCKER * DOCKER
Virtualization settings for Docker. NixOS offers an option to declaratively run Virtualisation settings for Docker. NixOS offers an option to declaratively run
docker-compose images using [[https://nixos.wiki/wiki/Docker][Arion]]. Could be an interesting thing to try out. docker-compose images using [[https://nixos.wiki/wiki/Docker][Arion]]. Could be an interesting thing to try out.
#+begin_src nix #+begin_src nix
@ -866,7 +864,7 @@ snapraid = {
}; };
#+end_src #+end_src
* SYSTEM PROGRAMS & SERVICES * SYSTEM PROGRAMS
Some programs get enabled and installed through here, as well as the activation Some programs get enabled and installed through here, as well as the activation
of some services. of some services.
@ -903,94 +901,25 @@ programs = {
}; };
}; };
}; };
#+end_src
* SERVICES
** MISC
Miscellaneous services, most of which are managed by systemd.
#+begin_src nix
services = { services = {
prowlarr.enable = true;
# vaultwarden.enable = true; # vaultwarden.enable = true;
kavita = {
enable = true;
tokenKeyFile = "${pkgs.writeText "kavitaToken" "A\u002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjj\u002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
};
sonarr = {
enable = true;
group = "piracy";
};
radarr = {
enable = true;
package = unstable.pkgs.radarr;
group = "piracy";
};
bazarr = {
enable = true;
group = "piracy";
};
jellyfin = {
enable = true;
group = "piracy";
};
minidlna = { minidlna = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings.media_dir = [ settings = {
"/mnt/disk2/glue" inotify = "yes";
]; media_dir = [
}; "/mnt/disk2/glue"
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud26;
appstoreEnable = true;
configureRedis = true;
maxUploadSize = "512M";
extraAppsEnable = true;
enableImagemagick = true;
hostName = "cloud.servidos.lat";
config = {
adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
overwriteProtocol = "https";
defaultPhoneRegion = "MX";
dbtype = "pgsql";
dbuser = "nextcloud";
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
dbtableprefix = "oc_";
dbname = "nextcloud";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
};
phpOptions = {
catch_workers_output = "yes";
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "16";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"opcache.save_comments" = "1";
"opcache.validate_timestamps" = "0";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
short_open_tag = "Off";
};
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"installed" = true;
"memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
enabledPreviewProviders = [
"OC\\Preview\\Image"
"OC\\Preview\\HEIC"
"OC\\Preview\\TIFF"
"OC\\Preview\\MKV"
"OC\\Preview\\MP4"
"OC\\Preview\\AVI"
"OC\\Preview\\Movie"
]; ];
}; };
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
}; };
postgresql = { postgresql = {
enable = true; enable = true;
@ -1056,6 +985,98 @@ services = {
defaultEditor = true; defaultEditor = true;
package = pkgs.emacs; package = pkgs.emacs;
}; };
#+end_src
** PIRACY
All the fun stuff happens here >:).
#+begin_src nix
prowlarr.enable = true;
kavita = {
enable = true;
tokenKeyFile = "${pkgs.writeText "kavitaToken" "A\u002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjj\u002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
};
sonarr = {
enable = true;
group = "piracy";
};
radarr = {
enable = true;
package = unstable.pkgs.radarr;
group = "piracy";
};
bazarr = {
enable = true;
group = "piracy";
};
jellyfin = {
enable = true;
group = "piracy";
};
#+end_src
** NEXTCLOUD
This configuration may not 100% work on a fresh installation, as some of the
settings declared take into account pre-existing configurations and apps.
#+begin_src nix
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud27;
appstoreEnable = true;
configureRedis = true;
maxUploadSize = "512M";
extraAppsEnable = true;
enableImagemagick = true;
hostName = "cloud.servidos.lat";
config = {
adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
overwriteProtocol = "https";
defaultPhoneRegion = "MX";
dbtype = "pgsql";
dbuser = "nextcloud";
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
dbtableprefix = "oc_";
dbname = "nextcloud";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
};
phpOptions = {
catch_workers_output = "yes";
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "16";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"opcache.save_comments" = "1";
"opcache.validate_timestamps" = "0";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
short_open_tag = "Off";
};
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"installed" = true;
"memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
enabledPreviewProviders = [
"OC\\Preview\\Image"
"OC\\Preview\\HEIC"
"OC\\Preview\\TIFF"
"OC\\Preview\\MKV"
"OC\\Preview\\MP4"
"OC\\Preview\\AVI"
"OC\\Preview\\Movie"
];
};
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
};
}; };
#+end_src #+end_src
@ -1064,156 +1085,136 @@ Home-manager, is not as flushed out when it comes to creating systemd units, so
the best way to define them for now, is using nix. the best way to define them for now, is using nix.
#+begin_src nix #+begin_src nix
systemd.services = { systemd = {
# "docker-compose" = { services = {
# enable = true; "docker-compose" = {
# restartIfChanged = true; enable = true;
# description = "Start docker-compose servers"; restartIfChanged = true;
# after = [ "docker.service" "docker.socket" ]; description = "Start docker-compose servers";
# requires = [ "docker.service" "docker.socket" ]; after = [ "docker.service" "docker.socket" ];
# wantedBy = [ "default.target" ]; requires = [ "docker.service" "docker.socket" ];
# environment = { wantedBy = [ "default.target" ];
# FILE = "/home/jawz/Development/Docker/docker-compose.yml"; environment = {
# }; FILE = "/home/jawz/Development/Docker/docker-compose.yml";
# path = [ };
# pkgs.docker-compose path = [
# ]; pkgs.docker-compose
# serviceConfig = { ];
# Restart = "on-failure"; serviceConfig = {
# RestartSec = 30; Restart = "on-failure";
# ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans"; RestartSec = 30;
# ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down"; ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
# }; ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
# }; };
# "nextcloud_scrapsync" = { };
# description = "Sync scrapped files with nextcloud"; "nextcloud-cronjob" = let jawzNextcloudCronjob = pkgs.writeScriptBin
# wantedBy = [ "default.target" ]; "nextcloud-cronjob" (builtins.readFile ./scripts/nextcloud-cronjob.sh); in {
# path = [ description = "Runs various nextcloud-related cronjobs";
# pkgs.bash wantedBy = [ "default.target" ];
# jawz_nextcloud_scrapsync path = [
# ]; pkgs.bash
# serviceConfig = { jawzNextcloudCronjob
# RestartSec = 30; ];
# ExecStart = "${jawz_nextcloud_scrapsync}/bin/nextcloud_scrapsync"; serviceConfig = {
# }; Restart = "on-failure";
# }; RestartSec = 30;
# "nextcloud_previews" = { ExecStart = "${jawzNextcloudCronjob}/bin/nextcloud-cronjob";
# description = "Generate previews"; };
# wantedBy = [ "default.target" ]; };
# path = [ };
# pkgs.nextcloud26 timers = {
# ]; "nextcloud-cronjob" = {
# serviceConfig = { enable = true;
# RestartSec = 30; description = "Runs various nextcloud-related cronjobs";
# ExecStart = "${pkgs.nextcloud26}/occ preview:pre-generate"; wantedBy = [ "timers.target" ];
# }; timerConfig = {
# }; OnCalendar = "*:0/10";
}; };
systemd.timers = {
# "nextcloud_scrapsync" = {
# enable = true;
# description = "Sync scrapped files with nextcloud";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar= [
# "*-*-* 01:32:00"
# "*-*-* 08:32:00"
# "*-*-* 14:32:00"
# "*-*-* 20:32:00"
# ];
# RandomizedDelaySec = 30;
# Persistent = true;
# };
# };
# "nextcloud_previews" = {
# enable = true;
# description = "Generate previews";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "*:0/10";
# };
# };
};
systemd.user.services = {
"HentaiAtHome" = {
enable = true;
restartIfChanged = true;
description = "Run hentai@home server";
wantedBy = [ "default.target" ];
path = [
pkgs.HentaiAtHome
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
WorkingDirectory="/mnt/hnbox";
ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
}; };
}; };
"manage_library" = { user = {
enable = true; services = {
restartIfChanged = true; "HentaiAtHome" = {
description = "Run the manage library bash script"; enable = true;
wantedBy = [ "default.target" ]; restartIfChanged = true;
path = [ description = "Run hentai@home server";
pkgs.bash wantedBy = [ "default.target" ];
pkgs.nix path = [
jawz_manage_library pkgs.HentaiAtHome
]; ];
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 30; RestartSec = 30;
ExecStart = "${jawz_manage_library}/bin/manage_library"; WorkingDirectory="/mnt/hnbox";
ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
};
};
"manage-library" = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzManageLibrary
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
"tasks" = {
restartIfChanged = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzTasks
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
"update-dns" = let jawzUpdateDns = pkgs.writeScriptBin
"update-dns" (builtins.readFile ./scripts/update-dns.sh); in {
restartIfChanged = true;
description = "update DNS of my websites";
wantedBy = [ "default.target" ];
path = [
pkgs.curl
pkgs.bash
jawzUpdateDns
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzUpdateDns}/bin/update-dns";
};
};
}; };
}; timers = {
"tasks" = { "tasks" = {
restartIfChanged = true; enable = true;
description = "Run a tasks script which keeps a lot of things organized"; description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ]; wantedBy = [ "timers.target" ];
path = [ timerConfig = {
pkgs.bash OnCalendar = "*:0/10";
pkgs.nix };
jawz_tasks };
]; "update_dns" = {
serviceConfig = { enable = true;
Restart = "on-failure"; description = "update DNS of my websites";
RestartSec = 30; wantedBy = [ "timers.target" ];
ExecStart = "${jawz_tasks}/bin/tasks"; timerConfig = {
}; OnBootSec = "1min";
}; OnUnitActiveSec = "6h";
"update_dns" = let jawz_update_dns = pkgs.writeScriptBin };
"update_dns" (builtins.readFile ./scripts/update_dns.sh); in { };
restartIfChanged = true;
description = "update DNS of my websites";
wantedBy = [ "default.target" ];
path = [
pkgs.curl
pkgs.bash
jawz_update_dns
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawz_update_dns}/bin/update_dns";
};
};
};
systemd.user.timers = {
"tasks" = {
enable = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
"update_dns" = {
enable = true;
description = "update DNS of my websites";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1min";
OnUnitActiveSec = "6h";
}; };
}; };
}; };
@ -1246,6 +1247,19 @@ networking = {
# networking.firewall.enable = false; # networking.firewall.enable = false;
#+end_src #+end_src
* MISC SETTINGS
** ENABLE FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don't care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
=tip= once that Wayland is ready for deployment, I probably can remove this
setting.
#+begin_src nix
fonts.fontconfig.enable = true;
#+end_src
* FINAL SYSTEM CONFIGURATIONS * FINAL SYSTEM CONFIGURATIONS
The first setting creates a copy the NixOS configuration file and link it from The first setting creates a copy the NixOS configuration file and link it from
the resulting system (/run/current-system/configuration.nix). This is useful in the resulting system (/run/current-system/configuration.nix). This is useful in
@ -1263,7 +1277,7 @@ everything from scratch.
#+begin_src nix #+begin_src nix
system = { system = {
copySystemConfiguration = true; copySystemConfiguration = true;
stateVersion = VERSION; stateVersion = "${version}";
}; };
nix = { nix = {
settings = { settings = {
@ -1285,11 +1299,7 @@ nix = {
dates = "weekly"; dates = "weekly";
}; };
}; };
#+end_src
** CLOSING :D
That super pesky closing bracket.
#+begin_src nix
} }
#+end_src #+end_src
# LocalWords: useXkbConfig Wayland XORG NIXPKGS

12
hardware-configuration.nix
View File

@ -4,9 +4,10 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
let let
unstable_tarball = unstable = import
builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master"; (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
unstable = import unstable_tarball { config = config.nixpkgs.config; }; config = config.nixpkgs.config;
};
in { in {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
@ -165,13 +166,11 @@ in {
}; };
cpu.intel.updateMicrocode = lib.mkDefault true; cpu.intel.updateMicrocode = lib.mkDefault true;
bluetooth.enable = true; bluetooth.enable = true;
# huion driver
# opentabletdriver = { # opentabletdriver = {
# enable = true; # enable = true;
# package = unstable.opentabletdriver; # package = unstable.opentabletdriver;
# daemon.enable = false; # daemon.enable = false;
# }; # };
# nvidia driver
nvidia.modesetting.enable = true; nvidia.modesetting.enable = true;
opengl = { opengl = {
enable = true; enable = true;
@ -186,7 +185,4 @@ in {
]; ];
}; };
}; };
# hardware.cpu.intel.updateMicrocode =
# lib.mkDefault config.hardware.enableRedistributableFirmware;
} }