jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

code rules
All checks were successful
MCP Tests / mcp-tests (push) Successful in 19s
Details

Browse Source
This commit is contained in:
Danilo Reyes
2026-03-23 15:49:51 -06:00
parent 32729627b1
commit 66483c89ac
75 changed files with 530 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/emacs/configuration.nix
View File

@@ -8,6 +8,8 @@
../../config/stylix.nix
../../environments/hyprland.nix
];
networking.hostName = "emacs";
environment.systemPackages = [ ];
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
@@ -23,6 +25,11 @@
emacs.enable = true;
shell.tools.enable = true;
services.network.enable = true;
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
dev = {
nix.enable = true;
python.enable = true;
@@ -37,12 +44,5 @@
zig.enable = true;
docker.enable = true;
};
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
};
networking.hostName = "emacs";
environment.systemPackages = [ ];
}

8
hosts/mac/home.nix
View File

@@ -4,6 +4,7 @@
...
}:
{
my = import ./toggles.nix { inherit inputs; };
home = {
username = "carlosdaniloreyesmartinez";
homeDirectory = "/Users/carlosdaniloreyesmartinez";
@@ -13,10 +14,11 @@
starship.enable = true;
kitty = {
enable = true;
shellIntegration.enableBashIntegration = false;
shellIntegration.enableZshIntegration = true;
settings.term = "xterm-256color";
shellIntegration = {
enableBashIntegration = false;
enableZshIntegration = true;
};
};
};
my = import ./toggles.nix { inherit inputs; };
}

20
hosts/miniserver/configuration.nix
View File

@@ -6,13 +6,17 @@
../../config/stylix.nix
];
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
nix = {
cores = 3;
maxJobs = 8;
};
users.nixremote = {
enable = true;
authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
};
};
nix.buildMachines =
let
@@ -27,6 +31,7 @@
(buildMachine "workstation" 8 40)
(buildMachine "server" 6 17)
];
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
networking = {
hostName = "miniserver";
firewall = {
@@ -34,7 +39,6 @@
allowedUDPPorts = [ 2049 ];
};
};
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
services = {
btrfs.autoScrub = {
enable = true;

18
hosts/miniserver/hardware-configuration.nix
View File

@@ -54,19 +54,17 @@
fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
device = "${server}:/${nfsDisk}";
fsType = "nfs";
};
in
{
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
@@ -77,10 +75,10 @@
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/home" = {
options = [
"subvol=home"
"ssd"
@@ -90,6 +88,8 @@
"commit=120"
"datacow"
];
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
@@ -100,18 +100,18 @@
fsType = "vfat";
};
"/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ];
device = "/srv/pool/nextcloud";
depends = [ "/srv/pool" ];
};
"/export/pool" = {
device = "/srv/pool";
options = [ "bind" ];
device = "/srv/pool";
depends = [ "/srv/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
device = "/home/jawz";
depends = [ "/srv/pool" ];
};
"/srv/server/pool" = nfsMount "server" "pool" // { };

16
hosts/miniserver/toggles.nix
View File

@@ -8,14 +8,6 @@ let
;
in
{
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
enableProxy = true;
websites.portfolio.enableProxy = true;
apps = enableList mkEnabledWithUsers [
@@ -49,4 +41,12 @@ in
// enableList mkEnabledWithProxy [
"audiobookshelf"
];
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
}

58
hosts/server/configuration.nix
View File

@@ -17,22 +17,26 @@ in
];
my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixminiserver"
];
network.firewall.enabledServicePorts = true;
network.firewall.additionalPorts = [
2049 # idk
config.my.ports.syncthingGui
config.my.ports.syncthingRelay
config.my.ports.sonarqube
config.my.ports.synapseSsl
config.my.ports.tdarr
config.my.ports.mediaMap
config.my.ports.qbittorrent
];
users.nixremote = {
enable = true;
authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixminiserver"
];
};
network.firewall = {
enabledServicePorts = true;
additionalPorts = [
2049 # idk
config.my.ports.syncthingGui
config.my.ports.syncthingRelay
config.my.ports.sonarqube
config.my.ports.synapseSsl
config.my.ports.tdarr
config.my.ports.mediaMap
config.my.ports.qbittorrent
];
};
};
nix.buildMachines = [
{
@@ -65,10 +69,6 @@ in
};
networking = {
hostName = "server";
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."server/private".path;
@@ -86,6 +86,10 @@ in
}
];
};
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) podman-compose attic-client;
@@ -116,14 +120,12 @@ in
vpsHost = "lidarr-reports@${config.my.ips.vps}";
vpsPath = "/var/www/html/lidarr-mb-gap";
sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path;
sshKnownHosts = {
vps = {
hostNames = [
config.my.ips.vps
"[${config.my.ips.vps}]:3456"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
};
sshKnownHosts.vps = {
hostNames = [
config.my.ips.vps
"[${config.my.ips.vps}]:3456"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
};
};
};

24
hosts/server/hardware-configuration.nix
View File

@@ -84,8 +84,6 @@ in
};
fileSystems = {
"/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
@@ -96,10 +94,10 @@ in
"datacow"
"noatime"
];
};
"/home" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/home" = {
options = [
"subvol=home"
"ssd"
@@ -109,19 +107,19 @@ in
"commit=120"
"datacow"
];
device = "/dev/mapper/nvme";
fsType = "btrfs";
};
"/boot" = {
options = [ "nofail" ];
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4";
options = [ "nofail" ];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat";
};
"/srv/pool" = {
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
options = [
"subvol=@data"
"compress=zstd:3"
@@ -129,34 +127,36 @@ in
"commit=120"
"datacow"
];
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
depends = [ "/boot/efi" ];
};
"/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ];
device = "/srv/pool/nextcloud";
depends = [ "/srv/pool" ];
};
"/srv/jellyfin/media" = {
device = "/srv/pool/multimedia/media";
options = [
"bind"
"ro"
];
device = "/srv/pool/multimedia/media";
depends = [ "/srv/pool" ];
};
"/export/pool" = {
device = "/srv/pool";
options = [ "bind" ];
device = "/srv/pool";
depends = [ "/srv/pool" ];
};
"/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ];
device = "/home/jawz";
depends = [ "/srv/pool" ];
};
"/export/backups" = {
device = "/srv/backups";
options = [ "bind" ];
device = "/srv/backups";
depends = [ "/srv/pool" ];
};
};

24
hosts/server/toggles.nix
View File

@@ -4,20 +4,8 @@ let
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
in
{
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
enableProxy = true;
enableContainers = true;
apps.dictionaries = {
enable = true;
users = "jawz";
};
shell = enableList mkEnabledWithUsers [
"multimedia"
"tools"
@@ -93,4 +81,16 @@ in
"plausible"
"vaultwarden"
];
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
apps.dictionaries = {
enable = true;
users = "jawz";
};
}

38
hosts/vps/configuration.nix
View File

@@ -70,13 +70,30 @@ in
];
};
};
image.modules.linode = { };
environment.systemPackages = [ ];
security.sudo-rs.extraRules = [
{
users = [ "nixremote" ];
commands = [
{
options = [ "NOPASSWD" ];
command = "/run/current-system/sw/bin/nixos-rebuild";
}
];
}
];
systemd.tmpfiles.rules = [
"d /var/www/html 2775 deploy www-data -"
"d /var/www/html/portfolio 2775 deploy www-data -"
"d /var/www/html/blog 2775 deploy www-data -"
"d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
];
sops.age = {
generateKey = true;
keyFile = "/var/lib/sops-nix/key.txt";
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
image.modules.linode = { };
environment.systemPackages = [ ];
networking = {
hostName = "vps";
nat = {
@@ -137,23 +154,6 @@ in
'';
};
};
security.sudo-rs.extraRules = [
{
users = [ "nixremote" ];
commands = [
{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
];
}
];
systemd.tmpfiles.rules = [
"d /var/www/html 2775 deploy www-data -"
"d /var/www/html/portfolio 2775 deploy www-data -"
"d /var/www/html/blog 2775 deploy www-data -"
"d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
];
services = {
smartd.enable = lib.mkForce false;
openssh.ports = [ ports.ssh ];

8
hosts/vps/toggles.nix
View File

@@ -41,10 +41,6 @@ let
secureToggles = {
enableProxy = true;
enableContainers = true;
websites = {
portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true;
};
servers =
enableList mkEnabledWithProxy [
"isso"
@@ -78,6 +74,10 @@ let
"vaultwarden"
"yamtrack"
];
websites = {
portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true;
};
};
in
lib.mkMerge [

48
hosts/workstation/configuration.nix
View File

@@ -25,13 +25,17 @@ in
../../environments/gnome.nix
];
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
nix = {
cores = 8;
maxJobs = 8;
};
users.nixremote = {
enable = true;
authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
};
};
sops.secrets."workstation/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
@@ -53,6 +57,21 @@ in
};
networking = {
hostName = "workstation";
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-workstation}/32" ];
privateKeyFile = config.sops.secrets."workstation/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
persistentKeepalive = 25;
allowedIPs = [
"${config.my.ips.wg-vps}/32"
config.my.subnets.wg-homelab
];
}
];
};
firewall = {
allowedTCPPorts = [
config.my.ports.nsUsbloader
@@ -80,21 +99,6 @@ in
}
'';
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-workstation}/32" ];
privateKeyFile = config.sops.secrets."workstation/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
persistentKeepalive = 25;
allowedIPs = [
"${config.my.ips.wg-vps}/32"
config.my.subnets.wg-homelab
];
}
];
};
};
users = {
groups.ai = { };

6
hosts/workstation/hardware-configuration.nix
View File

@@ -87,17 +87,16 @@ in
fileSystems =
let
nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=600"
];
device = "${server}:/${nfsDisk}";
fsType = "nfs";
};
btrfsMount = device: subvol: extraOpts: {
inherit device;
fsType = "btrfs";
options = extraOpts ++ [
"subvol=${subvol}"
"ssd"
@@ -107,6 +106,7 @@ in
"commit=120"
"datacow"
];
fsType = "btrfs";
};
trashOptions = [
"x-gvfs-trash"

16
hosts/workstation/toggles.nix
View File

@@ -3,14 +3,6 @@ let
inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList;
in
{
stylix = {
enable = true;
users = "jawz";
};
emacs = {
enable = true;
users = "jawz";
};
enableContainers = true;
servers.drpp.enable = true;
apps =
@@ -52,4 +44,12 @@ in
"ffmpeg4discord"
"update-org-agenda-cache"
];
stylix = {
enable = true;
users = "jawz";
};
emacs = {
enable = true;
users = "jawz";
};
}