jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

code rules
All checks were successful
MCP Tests / mcp-tests (push) Successful in 19s
Details

Browse Source
This commit is contained in:
Danilo Reyes
2026-03-23 15:49:51 -06:00
parent 32729627b1
commit 66483c89ac
75 changed files with 530 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/base.nix
View File

@@ -38,9 +38,7 @@
};
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
extraLocaleSettings.LC_MONETARY = "es_MX.UTF-8";
};
console = {
font = "Lat2-Terminus16";
@@ -48,10 +46,6 @@
};
security = {
polkit.enable = true;
sudo-rs = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [
{
domain = "*";
@@ -60,6 +54,10 @@
value = "8192";
}
];
sudo-rs = {
enable = true;
wheelNeedsPassword = false;
};
};
users = {
mutableUsers = false;

26
config/derek.nix
View File

@@ -15,6 +15,9 @@ let
};
in
{
sops.secrets = lib.mkIf config.my.secureHost {
derek-password.neededForUsers = true;
};
my = {
stylix = enableForDerek;
emacs = enableForDerek;
@@ -34,9 +37,6 @@ in
multimedia = enableForDerek;
};
};
sops.secrets = lib.mkIf config.my.secureHost {
derek-password.neededForUsers = true;
};
services = {
tailscale.enable = true;
sunshine = {
@@ -48,17 +48,15 @@ in
};
networking.nftables = {
enable = true;
tables = {
local-uid-block = {
family = "inet";
content = ''
chain output {
type filter hook output priority 0; policy accept;
meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
}
'';
};
tables.local-uid-block = {
family = "inet";
content = ''
chain output {
type filter hook output priority 0; policy accept;
meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
}
'';
};
};
users.users.bearded_dragonn = {

42
config/home-manager.nix
View File

@@ -39,27 +39,6 @@ in
];
home.stateVersion = "23.05";
programs = {
direnv = {
enable = true;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
nix-direnv.enable = true;
};
git = {
enable = true;
settings = {
pull.rebase = true;
init.defaultBranch = "main";
user = {
email = if osConfig == null then userEmail else osConfig.my.email;
name = "Danilo Reyes";
};
};
};
delta = {
enable = true;
enableGitIntegration = true;
};
ssh.enableDefaultConfig = false;
bash = lib.mkIf (shellType == "bash") {
enable = true;
@@ -85,6 +64,27 @@ in
ignoreAllDups = true;
};
};
delta = {
enable = true;
enableGitIntegration = true;
};
direnv = {
enable = true;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
nix-direnv.enable = true;
};
git = {
enable = true;
settings = {
pull.rebase = true;
init.defaultBranch = "main";
user = {
email = if osConfig == null then userEmail else osConfig.my.email;
name = "Danilo Reyes";
};
};
};
};
xdg = {
enable = true;

16
config/stylix.nix
View File

@@ -21,13 +21,11 @@ in
description = "Users to apply Stylix theming for";
};
};
config = {
stylix = {
inherit (scheme) image polarity;
enable = true;
autoEnable = cfg.enable;
targets.qt.platform = lib.mkForce "qtct";
}
// lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
};
config.stylix = {
inherit (scheme) image polarity;
enable = true;
autoEnable = cfg.enable;
targets.qt.platform = lib.mkForce "qtct";
}
// lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
}

58
dotfiles/gallery-dl.nix
View File

@@ -1,4 +1,5 @@
{
output.mode = "auto";
extractor = {
skip = "abort:5";
cookies = [
@@ -8,6 +9,29 @@
];
retries = 10;
sleep-request = 0;
pinterest.directory = [
"{board[owner][username]}"
"{board[name]}"
];
exhentai.directory = [
"{category}"
"{title}"
];
gfycat.format = "webm";
imgur.mp4 = true;
paheal.directory = [
"Husbands"
"{search_tags}"
];
rule34.directory = [
"Husbands"
"{search_tags}"
];
e621.directory = [
"Husbands"
"{search_tags}"
];
baraag.directory = [ "{account[username]}" ];
directlink = {
filename = "{filename}.{extension}";
directory = [ ];
@@ -35,10 +59,6 @@
"{owner[username]}"
];
};
pinterest.directory = [
"{board[owner][username]}"
"{board[name]}"
];
wikifeet = {
page-reverse = true;
directory = [
@@ -55,6 +75,11 @@
parent-directory = true;
directory = [ "{username}" ];
previews = true;
tagged.directory = [
"{username}"
"tagged"
"{tagged_username}"
];
highlights = {
reverse = true;
directory = [ "{username}" ];
@@ -63,11 +88,6 @@
reverse = true;
directory = [ "{username}" ];
};
tagged.directory = [
"{username}"
"tagged"
"{tagged_username}"
];
};
kemonoparty = {
limit-rate = "200k-300k";
@@ -79,10 +99,6 @@
"{user}"
];
};
exhentai.directory = [
"{category}"
"{title}"
];
tumblr = {
external = true;
inline = true;
@@ -132,7 +148,6 @@
external = true;
directory = [ "{userinfo[username]}" ];
};
gfycat.format = "webm";
reddit = {
user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
client-id = "T7nZ6WZ3_onJWBhLP8r08g";
@@ -143,20 +158,6 @@
reverse = true;
directory = [ "{userName}" ];
};
imgur.mp4 = true;
paheal.directory = [
"Husbands"
"{search_tags}"
];
rule34.directory = [
"Husbands"
"{search_tags}"
];
e621.directory = [
"Husbands"
"{search_tags}"
];
baraag.directory = [ "{account[username]}" ];
pixiv = {
directory = [ "{user[account]} - {user[id]}" ];
ugoira = true;
@@ -275,7 +276,6 @@
];
};
};
output.mode = "auto";
downloader = {
part = true;
part-directory = "/home/jawz/.cache/gallery-dl";

12
environments/cinnamon.nix
View File

@@ -1,5 +1,11 @@
{ pkgs, ... }:
{
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
adw-gtk3 # theme legacy applications
papirus-icon-theme # icon theme
;
};
services = {
libinput.enable = true;
xserver = {
@@ -12,10 +18,4 @@
enable = true;
style = "adwaita";
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
adw-gtk3 # theme legacy applications
papirus-icon-theme # icon theme
;
};
}

10
environments/gnome.nix
View File

@@ -23,11 +23,6 @@ in
};
config = lib.mkIf cfg.enable {
qt.enable = true;
services = {
gvfs.enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
environment.gnome.excludePackages = builtins.attrValues {
inherit (pkgs)
baobab
@@ -55,5 +50,10 @@ in
;
}
);
services = {
gvfs.enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
};
}

38
environments/hyprland-home.nix
View File

@@ -10,6 +10,9 @@ let
in
{
programs = {
waybar = waybarConfig.programs.waybar // {
style = waybarStyle;
};
wofi = {
enable = true;
settings = {
@@ -19,29 +22,10 @@ in
width = "30%";
};
};
waybar = waybarConfig.programs.waybar // {
style = waybarStyle;
};
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 3;
layout = "dwindle";
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
force_default_wallpaper = 0;
};
dwindle = {
pseudotile = true;
preserve_split = true;
force_split = 2;
};
bind = [
"${mod}, return, exec, ghostty"
"${mod}, Q, killactive,"
@@ -108,6 +92,22 @@ in
"${mod}, mouse:272, movewindow"
"${mod}, mouse:273, resizewindow"
];
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 3;
layout = "dwindle";
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
force_default_wallpaper = 0;
};
dwindle = {
pseudotile = true;
preserve_split = true;
force_split = 2;
};
};
};
}

14
environments/hyprland.nix
View File

@@ -4,13 +4,6 @@
}:
{
programs.hyprland.enable = true;
services.greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
user = "greeter";
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
wl-clipboard-rs
@@ -25,4 +18,11 @@
;
};
home-manager.users.jawz.imports = [ ./hyprland-home.nix ];
services.greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
user = "greeter";
};
};
}

20
flake.nix
View File

@@ -1,5 +1,15 @@
{
description = "JawZ NixOS flake setup";
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./parts/core.nix
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
];
};
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
@@ -71,14 +81,4 @@
flake = false;
};
};
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./parts/core.nix
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
];
};
}

14
hosts/emacs/configuration.nix
View File

@@ -8,6 +8,8 @@
../../config/stylix.nix
../../environments/hyprland.nix
];
networking.hostName = "emacs";
environment.systemPackages = [ ];
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
@@ -23,6 +25,11 @@
emacs.enable = true;
shell.tools.enable = true;
services.network.enable = true;
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
dev = {
nix.enable = true;
python.enable = true;
@@ -37,12 +44,5 @@
zig.enable = true;
docker.enable = true;
};
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
};
networking.hostName = "emacs";
environment.systemPackages = [ ];
}

8
hosts/mac/home.nix
View File

@@ -4,6 +4,7 @@
...
}:
{
my = import ./toggles.nix { inherit inputs; };
home = {
username = "carlosdaniloreyesmartinez";
homeDirectory = "/Users/carlosdaniloreyesmartinez";
@@ -13,10 +14,11 @@
starship.enable = true;
kitty = {
enable = true;
shellIntegration.enableBashIntegration = false;
shellIntegration.enableZshIntegration = true;
settings.term = "xterm-256color";
shellIntegration = {
enableBashIntegration = false;
enableZshIntegration = true;
};
};
};
my = import ./toggles.nix { inherit inputs; };
}

20
hosts/miniserver/configuration.nix
View File

@@ -6,13 +6,17 @@
../../config/stylix.nix
];
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
nix = {
cores = 3;
maxJobs = 8;
};
users.nixremote = {
enable = true;
authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
};
};
nix.buildMachines =
let
@@ -27,6 +31,7 @@
(buildMachine "workstation" 8 40)
(buildMachine "server" 6 17)
];
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
networking = {
hostName = "miniserver";
firewall = {
@@ -34,7 +39,6 @@
allowedUDPPorts = [ 2049 ];
};
};
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
services = {
btrfs.autoScrub = {
enable = true;

18
hosts/miniserver/hardware-configuration.nix
View File

@@ -54,19 +54,17 @@
fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
device = "${server}:/${nfsDisk}";
fsType = "nfs";
};
in
{
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
@@ -77,10 +75,10 @@
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/home" = {
options = [
"subvol=home"
"ssd"
@@ -90,6 +88,8 @@
"commit=120"
"datacow"
];
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
@@ -100,18 +100,18 @@
fsType = "vfat";
};
"/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ];
device = "/srv/pool/nextcloud";
depends = [ "/srv/pool" ];
};
"/export/pool" = {
device = "/srv/pool";
options = [ "bind" ];
device = "/srv/pool";
depends = [ "/srv/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
device = "/home/jawz";
depends = [ "/srv/pool" ];
};
"/srv/server/pool" = nfsMount "server" "pool" // { };

16
hosts/miniserver/toggles.nix
View File

@@ -8,14 +8,6 @@ let
;
in
{
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
enableProxy = true;
websites.portfolio.enableProxy = true;
apps = enableList mkEnabledWithUsers [
@@ -49,4 +41,12 @@ in
// enableList mkEnabledWithProxy [
"audiobookshelf"
];
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
}

58
hosts/server/configuration.nix
View File

@@ -17,22 +17,26 @@ in
];
my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixminiserver"
];
network.firewall.enabledServicePorts = true;
network.firewall.additionalPorts = [
2049 # idk
config.my.ports.syncthingGui
config.my.ports.syncthingRelay
config.my.ports.sonarqube
config.my.ports.synapseSsl
config.my.ports.tdarr
config.my.ports.mediaMap
config.my.ports.qbittorrent
];
users.nixremote = {
enable = true;
authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixminiserver"
];
};
network.firewall = {
enabledServicePorts = true;
additionalPorts = [
2049 # idk
config.my.ports.syncthingGui
config.my.ports.syncthingRelay
config.my.ports.sonarqube
config.my.ports.synapseSsl
config.my.ports.tdarr
config.my.ports.mediaMap
config.my.ports.qbittorrent
];
};
};
nix.buildMachines = [
{
@@ -65,10 +69,6 @@ in
};
networking = {
hostName = "server";
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."server/private".path;
@@ -86,6 +86,10 @@ in
}
];
};
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) podman-compose attic-client;
@@ -116,14 +120,12 @@ in
vpsHost = "lidarr-reports@${config.my.ips.vps}";
vpsPath = "/var/www/html/lidarr-mb-gap";
sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path;
sshKnownHosts = {
vps = {
hostNames = [
config.my.ips.vps
"[${config.my.ips.vps}]:3456"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
};
sshKnownHosts.vps = {
hostNames = [
config.my.ips.vps
"[${config.my.ips.vps}]:3456"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
};
};
};

24
hosts/server/hardware-configuration.nix
View File

@@ -84,8 +84,6 @@ in
};
fileSystems = {
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
@@ -96,10 +94,10 @@ in
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/home" = {
options = [
"subvol=home"
"ssd"
@@ -109,19 +107,19 @@ in
"commit=120"
"datacow"
];
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/boot" = {
options = [ "nofail" ];
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4";
options = [ "nofail" ];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat";
};
"/srv/pool" = {
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
options = [
"subvol=@data"
"compress=zstd:3"
@@ -129,34 +127,36 @@ in
"commit=120"
"datacow"
];
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
depends = [ "/boot/efi" ];
};
"/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ];
device = "/srv/pool/nextcloud";
depends = [ "/srv/pool" ];
};
"/srv/jellyfin/media" = {
device = "/srv/pool/multimedia/media";
options = [
"bind"
"ro"
];
device = "/srv/pool/multimedia/media";
depends = [ "/srv/pool" ];
};
"/export/pool" = {
device = "/srv/pool";
options = [ "bind" ];
device = "/srv/pool";
depends = [ "/srv/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
device = "/home/jawz";
depends = [ "/srv/pool" ];
};
"/export/backups" = {
device = "/srv/backups";
options = [ "bind" ];
device = "/srv/backups";
depends = [ "/srv/pool" ];
};
};

24
hosts/server/toggles.nix
View File

@@ -4,20 +4,8 @@ let
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
in
{
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
enableProxy = true;
enableContainers = true;
apps.dictionaries = {
enable = true;
users = "jawz";
};
shell = enableList mkEnabledWithUsers [
"multimedia"
"tools"
@@ -93,4 +81,16 @@ in
"plausible"
"vaultwarden"
];
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
apps.dictionaries = {
enable = true;
users = "jawz";
};
}

38
hosts/vps/configuration.nix
View File

@@ -70,13 +70,30 @@ in
];
};
};
image.modules.linode = { };
environment.systemPackages = [ ];
security.sudo-rs.extraRules = [
{
users = [ "nixremote" ];
commands = [
{
options = [ "NOPASSWD" ];
command = "/run/current-system/sw/bin/nixos-rebuild";
}
];
}
];
systemd.tmpfiles.rules = [
"d /var/www/html 2775 deploy www-data -"
"d /var/www/html/portfolio 2775 deploy www-data -"
"d /var/www/html/blog 2775 deploy www-data -"
"d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
];
sops.age = {
generateKey = true;
keyFile = "/var/lib/sops-nix/key.txt";
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
image.modules.linode = { };
environment.systemPackages = [ ];
networking = {
hostName = "vps";
nat = {
@@ -137,23 +154,6 @@ in
'';
};
};
security.sudo-rs.extraRules = [
{
users = [ "nixremote" ];
commands = [
{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
];
}
];
systemd.tmpfiles.rules = [
"d /var/www/html 2775 deploy www-data -"
"d /var/www/html/portfolio 2775 deploy www-data -"
"d /var/www/html/blog 2775 deploy www-data -"
"d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
];
services = {
smartd.enable = lib.mkForce false;
openssh.ports = [ ports.ssh ];

8
hosts/vps/toggles.nix
View File

@@ -41,10 +41,6 @@ let
secureToggles = {
enableProxy = true;
enableContainers = true;
websites = {
portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true;
};
servers =
enableList mkEnabledWithProxy [
"isso"
@@ -78,6 +74,10 @@ let
"vaultwarden"
"yamtrack"
];
websites = {
portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true;
};
};
in
lib.mkMerge [

48
hosts/workstation/configuration.nix
View File

@@ -25,13 +25,17 @@ in
../../environments/gnome.nix
];
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
nix = {
cores = 8;
maxJobs = 8;
};
users.nixremote = {
enable = true;
authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
};
};
sops.secrets."workstation/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
@@ -53,6 +57,21 @@ in
};
networking = {
hostName = "workstation";
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-workstation}/32" ];
privateKeyFile = config.sops.secrets."workstation/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
persistentKeepalive = 25;
allowedIPs = [
"${config.my.ips.wg-vps}/32"
config.my.subnets.wg-homelab
];
}
];
};
firewall = {
allowedTCPPorts = [
config.my.ports.nsUsbloader
@@ -80,21 +99,6 @@ in
}
'';
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-workstation}/32" ];
privateKeyFile = config.sops.secrets."workstation/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
persistentKeepalive = 25;
allowedIPs = [
"${config.my.ips.wg-vps}/32"
config.my.subnets.wg-homelab
];
}
];
};
};
users = {
groups.ai = { };

6
hosts/workstation/hardware-configuration.nix
View File

@@ -87,17 +87,16 @@ in
fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
device = "${server}:/${nfsDisk}";
fsType = "nfs";
};
btrfsMount = device: subvol: extraOpts: {
inherit device;
fsType = "btrfs";
options = extraOpts ++ [
"subvol=${subvol}"
"ssd"
@@ -107,6 +106,7 @@ in
"commit=120"
"datacow"
];
fsType = "btrfs";
};
trashOptions = [
"x-gvfs-trash"

16
hosts/workstation/toggles.nix
View File

@@ -3,14 +3,6 @@ let
inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList;
in
{
stylix = {
enable = true;
users = "jawz";
};
emacs = {
enable = true;
users = "jawz";
};
enableContainers = true;
servers.drpp.enable = true;
apps =
@@ -52,4 +44,12 @@ in
"ffmpeg4discord"
"update-org-agenda-cache"
];
stylix = {
enable = true;
users = "jawz";
};
emacs = {
enable = true;
users = "jawz";
};
}

2
modules/apps/art.nix
View File

@@ -37,6 +37,7 @@ let
in
{
options.my = {
dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
apps.art = {
enable = lib.mkEnableOption "digital art and creative applications";
users = lib.mkOption {
@@ -45,7 +46,6 @@ in
description = "Users to install art packages for";
};
};
dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
};
config.users.users =
let

24
modules/apps/gaming.nix
View File

@@ -21,8 +21,8 @@ let
);
in
{
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
options.my.apps = {
switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
gaming = {
enable = lib.mkEnableOption "gaming applications and emulators";
users = lib.mkOption {
@@ -31,8 +31,8 @@ in
description = "Users to install gaming packages for";
};
};
switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
};
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
config = lib.mkIf config.my.apps.gaming.enable {
# sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable {
# sopsFile = ../../secrets/env.yaml;
@@ -40,16 +40,6 @@ in
# owner = config.users.users.jawz.name;
# inherit (config.users.users.jawz) group;
# };
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
platformOptimizations.enable = true;
};
};
services = lib.mkIf config.my.apps.switch.enable {
switch-boot.enable = true;
# switch-presence = {
@@ -80,5 +70,15 @@ in
};
in
inputs.self.lib.mkUserPackages lib config.my.apps.gaming.users packages;
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
platformOptimizations.enable = true;
};
};
};
}

14
modules/apps/internet/home.nix
View File

@@ -19,6 +19,13 @@ let
];
};
cfg = config.my.apps.internet;
krisp-patch = builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
);
krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
krisp-settings = {
libraries = builtins.attrValues {
inherit (pkgs.python3Packages)
@@ -32,13 +39,6 @@ let
"F405"
];
};
krisp-patch = builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
);
krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
in
{
options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";

10
modules/dev/cc/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.cc = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "C/C++ development shell";
};
my.dev.cc = {
enable = lib.mkEnableOption "Install C/C++ tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install C/C++ packages for";
};
};
devShells.cc = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "C/C++ development shell";
};
};
}

6
modules/dev/docker/home.nix
View File

@@ -28,8 +28,10 @@ in
my.dev.docker.enable = lib.mkDefault hm.enabledByDefault;
}
(lib.mkIf cfg.enable {
home.packages = feature.packages;
home.sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker";
home = {
inherit (feature) packages;
sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker";
};
})
];
}

10
modules/dev/docker/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.docker = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Docker and Dockerfile tooling shell";
};
my.dev.docker = {
enable = lib.mkEnableOption "Install Docker tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Docker packages for";
};
};
devShells.docker = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Docker and Dockerfile tooling shell";
};
};
}

2
modules/dev/emacs/home.nix
View File

@@ -25,8 +25,8 @@ let
};
in
{
imports = [ inputs.doom-emacs.homeModule ];
options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration";
imports = [ inputs.doom-emacs.homeModule ];
config = lib.mkMerge [
{
my.emacs.enable = lib.mkDefault hm.enabledByDefault;

8
modules/dev/emacs/portable.nix
View File

@@ -5,8 +5,8 @@
}:
let
emacs = import ./common.nix {
lib = pkgs.lib;
inherit pkgs;
lib = pkgs.lib;
stylixEnabled = false;
emacsExtraConfig = "";
emacsExtraPackages = _epkgs: [ ];
@@ -41,21 +41,21 @@ let
../../../modules/home-manager.nix
../../../config/home-manager.nix
{
programs.home-manager.enable = true;
nixpkgs.config.allowUnfree = true;
home = {
username = "portable";
homeDirectory = if pkgs.stdenv.isDarwin then "/Users/portable" else "/home/portable";
stateVersion = "23.05";
};
programs.home-manager.enable = true;
nixpkgs.config.allowUnfree = true;
my = {
emacs.enable = true;
shell.tools.enable = true;
dev = {
nix.enable = true;
python.enable = true;
sh.enable = true;
};
shell.tools.enable = true;
};
}
];

6
modules/dev/go/home.nix
View File

@@ -28,8 +28,10 @@ in
my.dev.go.enable = lib.mkDefault hm.enabledByDefault;
}
(lib.mkIf cfg.enable {
home.packages = feature.packages;
home.sessionVariables.GOPATH = "${config.xdg.dataHome}/go";
home = {
inherit (feature) packages;
sessionVariables.GOPATH = "${config.xdg.dataHome}/go";
};
})
];
}

10
modules/dev/go/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.go = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
};
my.dev.go = {
enable = lib.mkEnableOption "Install Go tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Go packages for";
};
};
devShells.go = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
};
};
}

12
modules/dev/haskell/home.nix
View File

@@ -28,11 +28,13 @@ in
my.dev.haskell.enable = lib.mkDefault hm.enabledByDefault;
}
(lib.mkIf cfg.enable {
home.packages = feature.packages;
home.sessionVariables = {
CABAL_DIR = "${config.xdg.cacheHome}/cabal";
STACK_ROOT = "${config.xdg.dataHome}/stack";
GHCUP_USE_XDG_DIRS = "true";
home = {
inherit (feature) packages;
sessionVariables = {
CABAL_DIR = "${config.xdg.cacheHome}/cabal";
STACK_ROOT = "${config.xdg.dataHome}/stack";
GHCUP_USE_XDG_DIRS = "true";
};
};
})
];

10
modules/dev/haskell/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.haskell = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Haskell development shell";
};
my.dev.haskell = {
enable = lib.mkEnableOption "Install Haskell tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Haskell packages for";
};
};
devShells.haskell = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Haskell development shell";
};
};
}

8
modules/dev/javascript/common.nix
View File

@@ -14,12 +14,12 @@ in
echo "📦 JavaScript dev environment"
'';
};
sessionVariables = {
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
};
sessionPath = [
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
sessionVariables = {
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
};
}

10
modules/dev/javascript/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.javascript = lib.mkOption {
type = lib.types.package;
default = javascript.devShell;
description = "JavaScript/Node development shell with npm/pnpm support";
};
my.dev.javascript = {
enable = lib.mkEnableOption "Install JavaScript tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install JavaScript packages for";
};
};
devShells.javascript = lib.mkOption {
type = lib.types.package;
default = javascript.devShell;
description = "JavaScript/Node development shell with npm/pnpm support";
};
};
}

10
modules/dev/julia/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.julia = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Julia development shell";
};
my.dev.julia = {
enable = lib.mkEnableOption "Install Julia globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Julia packages for";
};
};
devShells.julia = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Julia development shell";
};
};
}

10
modules/dev/mcp/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.mcp = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "MCP dev shell for this repo";
};
my.dev.mcp = {
enable = lib.mkEnableOption "Install MCP tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install MCP packages for";
};
};
devShells.mcp = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "MCP dev shell for this repo";
};
};
}

10
modules/dev/nix/nixos.nix
View File

@@ -13,6 +13,11 @@ let
in
{
options = {
devShells.nix = lib.mkOption {
type = lib.types.package;
default = nix.devShell;
description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
};
my.dev.nix = {
enable = lib.mkEnableOption "Install Nix tooling globally";
users = lib.mkOption {
@@ -21,10 +26,5 @@ in
description = "Users to install Nix packages for";
};
};
devShells.nix = lib.mkOption {
type = lib.types.package;
default = nix.devShell;
description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
};
};
}

8
modules/dev/python/nixos.nix
View File

@@ -10,6 +10,10 @@ let
in
{
options = {
devShells.python = lib.mkOption {
type = lib.types.package;
default = python.devShell;
};
my.dev.python = {
enable = lib.mkEnableOption "Install Python tools globally";
users = lib.mkOption {
@@ -18,9 +22,5 @@ in
description = "Users to install Python packages for";
};
};
devShells.python = lib.mkOption {
type = lib.types.package;
default = python.devShell;
};
};
}

12
modules/dev/ruby/home.nix
View File

@@ -28,11 +28,13 @@ in
my.dev.ruby.enable = lib.mkDefault hm.enabledByDefault;
}
(lib.mkIf cfg.enable {
home.packages = feature.packages;
home.sessionVariables = {
GEM_HOME = "${config.xdg.dataHome}/ruby/gems";
GEM_PATH = "${config.xdg.dataHome}/ruby/gems";
GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs";
home = {
inherit (feature) packages;
sessionVariables = {
GEM_HOME = "${config.xdg.dataHome}/ruby/gems";
GEM_PATH = "${config.xdg.dataHome}/ruby/gems";
GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs";
};
};
})
];

10
modules/dev/ruby/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.ruby = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Ruby development shell with interpreter and Solargraph LSP";
};
my.dev.ruby = {
enable = lib.mkEnableOption "Install Ruby tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Ruby packages for";
};
};
devShells.ruby = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Ruby development shell with interpreter and Solargraph LSP";
};
};
}

6
modules/dev/rust/home.nix
View File

@@ -28,8 +28,10 @@ in
my.dev.rust.enable = lib.mkDefault hm.enabledByDefault;
}
(lib.mkIf cfg.enable {
home.packages = feature.packages;
home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
home = {
inherit (feature) packages;
sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
};
})
];
}

10
modules/dev/rust/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.rust = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Rust development shell with cargo and rust-analyzer";
};
my.dev.rust = {
enable = lib.mkEnableOption "Install Rust tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Rust packages for";
};
};
devShells.rust = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Rust development shell with cargo and rust-analyzer";
};
};
}

10
modules/dev/sh/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.sh = lib.mkOption {
type = lib.types.package;
default = sh.devShell;
description = "Shell scripting dev shell";
};
my.dev.sh = {
enable = lib.mkEnableOption "Install shell scripting tools globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install shell scripting packages for";
};
};
devShells.sh = lib.mkOption {
type = lib.types.package;
default = sh.devShell;
description = "Shell scripting dev shell";
};
};
}

10
modules/dev/zig/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in
{
options = {
devShells.zig = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Zig development shell with compiler and LSP";
};
my.dev.zig = {
enable = lib.mkEnableOption "Install Zig tooling globally";
users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Zig packages for";
};
};
devShells.zig = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Zig development shell with compiler and LSP";
};
};
}

74
modules/factories/mkscript.nix
View File

@@ -65,41 +65,43 @@
lib.mkMerge (
lib.mapAttrsToList (user: packages: inputs.self.lib.mkUserPackages lib user packages) userMap
);
systemd.user.services =
config.my.scripts
|> lib.mapAttrs' (
_name: script:
lib.nameValuePair "${script.name}" (
lib.mkIf (script.enable && script.service) {
restartIfChanged = true;
inherit (script) description;
wantedBy = [ "default.target" ];
path = [
pkgs.nix
script.package
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${script.package}/bin/${script.name}";
};
}
)
);
systemd.user.timers =
config.my.scripts
|> lib.mapAttrs' (
_name: script:
lib.nameValuePair "${script.name}" (
lib.mkIf (script.enable && script.service) {
enable = true;
inherit (script) description;
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = script.timer;
};
}
)
);
systemd.user = {
services =
config.my.scripts
|> lib.mapAttrs' (
_name: script:
lib.nameValuePair "${script.name}" (
lib.mkIf (script.enable && script.service) {
restartIfChanged = true;
inherit (script) description;
wantedBy = [ "default.target" ];
path = [
pkgs.nix
script.package
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${script.package}/bin/${script.name}";
};
}
)
);
timers =
config.my.scripts
|> lib.mapAttrs' (
_name: script:
lib.nameValuePair "${script.name}" (
lib.mkIf (script.enable && script.service) {
enable = true;
inherit (script) description;
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = script.timer;
};
}
)
);
};
};
}

12
modules/modules.nix
View File

@@ -53,6 +53,7 @@ in
};
ips = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Set of IP's for all my computers.";
default = {
router = "192.168.100.1";
server = "192.168.100.15";
@@ -73,35 +74,34 @@ in
wg-friend5 = "10.8.0.6";
wg-friend6 = "10.8.0.7";
};
description = "Set of IP's for all my computers.";
};
subnets = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Set of subnets for WireGuard networks.";
default = {
wg-homelab = "10.77.0.0/24";
wg-friends = "10.8.0.0/24";
wg-guests = "10.9.0.0/24";
};
description = "Set of subnets for WireGuard networks.";
};
wgInterfaces = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "WireGuard interface IPs for the VPS.";
default = {
wg-homelab = "10.77.0.1/24";
wg-friends = "10.8.0.1/24";
wg-guests = "10.9.0.1/24";
};
description = "WireGuard interface IPs for the VPS.";
};
interfaces = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Set of network interface names for all my computers.";
default = {
server = "enp0s31f6";
miniserver = "enp2s0";
workstation = "enp5s0";
vps = "eth0";
};
description = "Set of network interface names for all my computers.";
};
mainServer = lib.mkOption {
type = lib.types.str;
@@ -130,6 +130,7 @@ in
};
ports = lib.mkOption {
type = lib.types.attrsOf lib.types.port;
description = "Common port assignments for local services and firewall rules.";
default = {
comfyui = 8188;
giteaSsh = 22;
@@ -147,7 +148,6 @@ in
wg = 51820;
ssh = 3456;
};
description = "Common port assignments for local services and firewall rules.";
};
email = lib.mkOption {
type = lib.types.str;
@@ -168,6 +168,7 @@ in
};
toggleUsers = lib.mkOption {
type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
default = {
apps = "jawz";
dev = "jawz";
@@ -176,7 +177,6 @@ in
services = "jawz";
stylix = "jawz";
};
description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
example = {
apps = "jawz";
dev = "bearded_dragonn";

6
modules/nix/build.nix
View File

@@ -30,8 +30,8 @@
description = "Maximum number of parallel jobs (null = auto-detect)";
};
};
config = {
nix.settings = lib.mkMerge [
config.nix = {
settings = lib.mkMerge [
{
system-features = config.my.nix.features;
}
@@ -42,6 +42,6 @@
max-jobs = config.my.nix.maxJobs;
})
];
nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
};
}

2
modules/scripts/download/home.nix
View File

@@ -12,8 +12,8 @@ let
inputs.self.lib.hmOnlyUser config osConfig "jawz"
&& (osConfig.my.units.download.enable || osConfig.my.units.downloadManga.enable);
download = import ./common.nix {
config = if osConfig == null then { } else osConfig;
inherit inputs lib pkgs;
config = if osConfig == null then { } else osConfig;
};
in
{

8
modules/servers/drpp.nix
View File

@@ -11,13 +11,13 @@ in
options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;
config.virtualisation.oci-containers.containers.drpp = lib.mkIf cfg.enable {
image = "ghcr.io/phin05/discord-rich-presence-plex:latest";
environment = {
DRPP_UID = toString config.users.users.jawz.uid;
DRPP_GID = toString config.users.groups.users.gid;
};
volumes = [
"${config.my.containerData}/drpp:/app/data"
"/run/user/${toString config.users.users.jawz.uid}:/run/app"
];
environment = {
DRPP_UID = toString config.users.users.jawz.uid;
DRPP_GID = toString config.users.groups.users.gid;
};
};
}

4
modules/servers/flame.nix
View File

@@ -15,9 +15,7 @@ in
flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
};
config = lib.mkIf enable {
sops.secrets = {
flame.sopsFile = ../../secrets/env.yaml;
};
sops.secrets.flame.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers = lib.mkIf enable {
flame = lib.mkIf cfg.enable {
autoStart = true;

2
modules/servers/gitea.nix
View File

@@ -9,11 +9,11 @@ let
cfg = config.my.servers.gitea;
in
{
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
imports = [
../nix/gitea-actions-runners/nixos.nix
../nix/gitea-actions-runners/docker.nix
];
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets.gitea.sopsFile = ../../secrets/env.yaml;
users.groups.gitea.gid = 974;

8
modules/servers/homepage/service-widgets.nix
View File

@@ -154,8 +154,8 @@
icon = "${name}.png";
href = url;
widget = {
type = name;
inherit url;
type = name;
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
};
@@ -169,8 +169,8 @@
icon = "${name}.png";
href = url;
widget = {
type = name;
inherit url;
type = name;
key = "{{HOMEPAGE_VAR_SABNZBD}}";
};
};
@@ -231,9 +231,9 @@
icon = "paperless.png";
href = url;
widget = {
inherit url;
type = name;
key = "{{HOMEPAGE_VAR_PAPERLESS}}";
inherit url;
fields = [
"total"
"inbox"
@@ -262,9 +262,9 @@
icon = "${name}.png";
href = url;
widget = {
inherit url;
type = name;
key = "{{HOMEPAGE_VAR_STASH}}";
inherit url;
fields = [
"scenes"
"images"

4
modules/servers/homepage/widgets.nix
View File

@@ -22,14 +22,12 @@
{
openweathermap = {
label = "Apodaca";
format.maximumFractionDigits = 1;
latitude = 25.760339;
longitude = -100.2190662;
units = "metric";
provider = "openweathermap";
cache = 5;
format = {
maximumFractionDigits = 1;
};
};
}
]

4
modules/servers/jellyfin.nix
View File

@@ -54,11 +54,9 @@ in
};
timers.sub-sync = {
enable = true;
timerConfig.OnCalendar = "20:00";
description = "syncronizes subtitles downloaded & modified today";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "20:00";
};
};
};
})

10
modules/servers/lidarr.nix
View File

@@ -13,11 +13,6 @@ in
autoStart = true;
image = "linuxserver/lidarr:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environment = {
TZ = config.my.timeZone;
PUID = toString config.users.users.jawz.uid;
PGID = toString config.users.groups.piracy.gid;
};
volumes = [
"/srv/pool/multimedia:/data"
"/srv/pool/multimedia/media/Music:/music"
@@ -31,5 +26,10 @@ in
extraOptions = [
"--network=host"
];
environment = {
TZ = config.my.timeZone;
PUID = toString config.users.users.jawz.uid;
PGID = toString config.users.groups.piracy.gid;
};
};
}

2
modules/servers/maloja.nix
View File

@@ -15,6 +15,7 @@ in
image = "krateng/maloja:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.maloja.path ];
volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
environment = {
TZ = config.my.timeZone;
MALOJA_TIMEZONE = "-6";
@@ -23,7 +24,6 @@ in
MALOJA_DATA_DIRECTORY = "/mljdata";
MALOJA_SKIP_SETUP = "true";
};
volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
};
};
}

2
modules/servers/multi-scrobbler.nix
View File

@@ -15,6 +15,7 @@ in
image = "foxxmd/multi-scrobbler:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
environment = {
TZ = config.my.timeZone;
PUID = toString config.users.users.jawz.uid;
@@ -25,7 +26,6 @@ in
PLEX_URL = "http://192.168.100.15:32400";
WS_ENABLE = "true";
};
volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
};
};
}

26
modules/servers/nextcloud.nix
View File

@@ -21,8 +21,8 @@ let
version = "12.70";
in
{
pname = "Image-ExifTool";
inherit version;
pname = "Image-ExifTool";
src = pkgs.fetchurl {
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
@@ -54,7 +54,9 @@ in
"openssl-1.1.1v"
];
users = {
groups.nextcloud = { inherit gid; };
groups.nextcloud = {
inherit gid;
};
users.nextcloud = {
inherit uid;
isSystemUser = true;
@@ -189,20 +191,24 @@ in
go-vod = lib.mkIf config.my.servers.go-vod.enable {
autoStart = true;
image = "radialapps/go-vod:latest";
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
environment = {
TZ = config.my.timeZone;
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
NVIDIA_VISIBLE_DEVICES = "all";
};
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
};
collabora = lib.mkIf cfgC.enable {
autoStart = true;
image = "collabora/code:latest";
ports = [ "${toString cfgC.port}:${toString cfgC.port}" ];
extraOptions = [
"--cap-add"
"MKNOD"
];
environment = {
TZ = config.my.timeZone;
domain = cfg.host;
@@ -219,10 +225,6 @@ in
DONT_GEN_SSL_CERT = "1";
SLEEPFORDEBUGGER = "0";
};
extraOptions = [
"--cap-add"
"MKNOD"
];
};
};
systemd = lib.mkIf cfg.enableCron {
@@ -248,11 +250,9 @@ in
};
timers.nextcloud-cronjob = {
enable = true;
timerConfig.OnCalendar = "*:0/10";
description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
})

20
modules/servers/qbittorrent.nix
View File

@@ -99,16 +99,6 @@ in
};
user = {
services = {
qbit_manage = {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "oneshot";
TimeoutStartSec = "5min";
ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
};
};
unpackerr = lib.mkIf config.my.servers.unpackerr.enable {
enable = true;
restartIfChanged = true;
@@ -130,6 +120,16 @@ in
ExecStart = "${pkgs.unpackerr}/bin/unpackerr";
};
};
qbit_manage = {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "oneshot";
TimeoutStartSec = "5min";
ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
};
};
};
timers.qbit_manage = {
enable = true;

2
modules/servers/ryot.nix
View File

@@ -15,13 +15,13 @@ in
image = "ghcr.io/ignisda/ryot:v10";
ports = [ "${toString cfg.port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ];
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
environment = {
RUST_LOG = "ryot=debug,sea_orm=debug";
TZ = config.my.timeZone;
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true";
};
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
};
};
}

8
modules/servers/synapse.nix
View File

@@ -28,8 +28,12 @@ in
config = lib.mkMerge [
(lib.mkIf (cfg.enable && config.my.secureHost) {
my.servers = {
synapse = { inherit domain; };
element = { inherit domain; };
synapse = {
inherit domain;
};
element = {
inherit domain;
};
};
users.groups.matrix-synapse = { inherit gid; };
users.users.matrix-synapse = {

2
modules/servers/synctube.nix
View File

@@ -17,8 +17,8 @@ let
version ? "git",
}:
pkgs.stdenvNoCC.mkDerivation {
name = "${libname}-${version}";
inherit src;
name = "${libname}-${version}";
installPhase = ''
runHook preInstall
mkdir -p "$out/lib/haxe/${withCommas libname}/${withCommas version}"

2
modules/servers/yamtrack.nix
View File

@@ -18,6 +18,7 @@ in
ports = [ "${toString cfg.port}:8000" ];
dependsOn = [ "yamtrack-redis" ];
environmentFiles = [ config.sops.secrets.yamtrack.path ];
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
environment = {
TZ = config.my.timeZone;
URLS = cfg.url;
@@ -31,7 +32,6 @@ in
REDIS_URL = "redis://yamtrack-redis:6379/0";
SOCIAL_PROVIDERS = "allauth.socialaccount.providers.openid_connect";
};
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
};
};
};

24
modules/services/network.nix
View File

@@ -38,18 +38,6 @@ in
"${config.my.localhost6}:53"
]
++ lib.optionals config.my.services.wireguard.enable wgListenAddrs;
query_log = {
file = "/var/lib/dnscrypt-proxy/query.log";
format = "tsv";
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
server_names = [
"adfilter-adl"
"adfilter-adl-ipv6"
@@ -65,6 +53,18 @@ in
"quad9-dnscrypt-ip6-filter-pri"
"ibksturm"
];
query_log = {
file = "/var/lib/dnscrypt-proxy/query.log";
format = "tsv";
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
};

6
modules/services/nvidia.nix
View File

@@ -29,8 +29,10 @@
open = config.networking.hostName == "workstation";
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
powerManagement = {
enable = true;
finegrained = false;
};
};
};
};

6
modules/services/sound.nix
View File

@@ -11,10 +11,12 @@
security.rtkit.enable = true; # make pipewire realtime-capable
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
# lowLatency = {
# enable = true;
# quantum = 64;

8
modules/services/syncthing.nix
View File

@@ -49,10 +49,6 @@ in
relaysEnabled = false;
globalAnnounceEnabled = false;
};
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
devices =
let
mkWgDevice = name: id: {
@@ -75,6 +71,10 @@ in
wg-friend4 = mkWgDevice "wg-friend4" "7YPUQ4Y-2UVEAXI-KBQVU7R-B6R5O36-GDQPTOY-3R3OG7H-BVWVOTD-EX52VQM";
wg-friend6 = mkWgDevice "wg-friend6" "STQGYJV-YNFX6PB-NK63JBV-7HS74L4-AMF2QWA-KAFLXZA-3FELLSB-TE65ZQI";
};
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
folders = {
cache = mkMobile "~/Downloads/cache/";
friends = mkMobile "~/Pictures/Artist/friends/";

4
modules/websites/lidarr-mb-report.nix
View File

@@ -11,9 +11,7 @@ let
'';
in
{
options.my.websites.lidarrMbReport = {
enableProxy = lib.mkEnableOption "lidarr mb report static site";
};
options.my.websites.lidarrMbReport.enableProxy = lib.mkEnableOption "lidarr mb report static site";
config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
services.nginx.virtualHosts."mb-report.lebubu.org" = {
forceSSL = true;

4
modules/websites/portfolio.nix
View File

@@ -57,9 +57,7 @@ let
};
in
{
options.my.websites.portfolio = {
enableProxy = lib.mkEnableOption "portfolio and blog static sites";
};
options.my.websites.portfolio.enableProxy = lib.mkEnableOption "portfolio and blog static sites";
config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
services.nginx.virtualHosts = {
"www.danilo-reyes.com" = {

4
parts/core.nix
View File

@@ -259,15 +259,15 @@ in
mkEnabledIp = ip: name: {
inherit name;
value = {
enable = true;
inherit ip;
enable = true;
};
};
mkEnabledProxyIp = ip: name: {
inherit name;
value = {
enableProxy = true;
inherit ip;
enableProxy = true;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;

8
parts/hosts.nix
View File

@@ -1,6 +1,10 @@
{ inputs, ... }:
{
flake = {
homeConfigurations.mac = inputs.self.lib.createHomeConfig {
name = "mac";
system = "aarch64-darwin";
};
nixosConfigurations = {
workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs;
miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small;
@@ -9,9 +13,5 @@
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
vps = inputs.self.lib.createConfig "vps" inputs.nixpkgs-small;
};
homeConfigurations.mac = inputs.self.lib.createHomeConfig {
name = "mac";
system = "aarch64-darwin";
};
};
}

6
parts/packages.nix
View File

@@ -34,8 +34,10 @@
(
{ lib, ... }:
{
my.secureHost = lib.mkForce false;
my.build.baseImage = true;
my = {
secureHost = lib.mkForce false;
build.baseImage = true;
};
}
)
];