jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

code rules
All checks were successful
MCP Tests / mcp-tests (push) Successful in 19s
Details

Browse Source
This commit is contained in:
Danilo Reyes
2026-03-23 15:49:51 -06:00
parent 32729627b1
commit 66483c89ac
75 changed files with 530 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/base.nix
View File

@@ -38,9 +38,7 @@
}; };
i18n = { i18n = {
defaultLocale = "en_CA.UTF-8"; defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = { extraLocaleSettings.LC_MONETARY = "es_MX.UTF-8";
LC_MONETARY = "es_MX.UTF-8";
};
}; };
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
@@ -48,10 +46,6 @@
}; };
security = { security = {
polkit.enable = true; polkit.enable = true;
sudo-rs = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [ pam.loginLimits = [
{ {
domain = "*"; domain = "*";
@@ -60,6 +54,10 @@
value = "8192"; value = "8192";
} }
]; ];
sudo-rs = {
enable = true;
wheelNeedsPassword = false;
};
}; };
users = { users = {
mutableUsers = false; mutableUsers = false;

26
config/derek.nix
View File

@@ -15,6 +15,9 @@ let
}; };
in in
{ {
sops.secrets = lib.mkIf config.my.secureHost {
derek-password.neededForUsers = true;
};
my = { my = {
stylix = enableForDerek; stylix = enableForDerek;
emacs = enableForDerek; emacs = enableForDerek;
@@ -34,9 +37,6 @@ in
multimedia = enableForDerek; multimedia = enableForDerek;
}; };
}; };
sops.secrets = lib.mkIf config.my.secureHost {
derek-password.neededForUsers = true;
};
services = { services = {
tailscale.enable = true; tailscale.enable = true;
sunshine = { sunshine = {
@@ -48,17 +48,15 @@ in
}; };
networking.nftables = { networking.nftables = {
enable = true; enable = true;
tables = { tables.local-uid-block = {
local-uid-block = { family = "inet";
family = "inet"; content = ''
content = '' chain output {
chain output { type filter hook output priority 0; policy accept;
type filter hook output priority 0; policy accept; meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop }
} '';
'';
};
}; };
}; };
users.users.bearded_dragonn = { users.users.bearded_dragonn = {

42
config/home-manager.nix
View File

@@ -39,27 +39,6 @@ in
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";
programs = { programs = {
direnv = {
enable = true;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
nix-direnv.enable = true;
};
git = {
enable = true;
settings = {
pull.rebase = true;
init.defaultBranch = "main";
user = {
email = if osConfig == null then userEmail else osConfig.my.email;
name = "Danilo Reyes";
};
};
};
delta = {
enable = true;
enableGitIntegration = true;
};
ssh.enableDefaultConfig = false; ssh.enableDefaultConfig = false;
bash = lib.mkIf (shellType == "bash") { bash = lib.mkIf (shellType == "bash") {
enable = true; enable = true;
@@ -85,6 +64,27 @@ in
ignoreAllDups = true; ignoreAllDups = true;
}; };
}; };
delta = {
enable = true;
enableGitIntegration = true;
};
direnv = {
enable = true;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
nix-direnv.enable = true;
};
git = {
enable = true;
settings = {
pull.rebase = true;
init.defaultBranch = "main";
user = {
email = if osConfig == null then userEmail else osConfig.my.email;
name = "Danilo Reyes";
};
};
};
}; };
xdg = { xdg = {
enable = true; enable = true;

16
config/stylix.nix
View File

@@ -21,13 +21,11 @@ in
description = "Users to apply Stylix theming for"; description = "Users to apply Stylix theming for";
}; };
}; };
config = { config.stylix = {
stylix = { inherit (scheme) image polarity;
inherit (scheme) image polarity; enable = true;
enable = true; autoEnable = cfg.enable;
autoEnable = cfg.enable; targets.qt.platform = lib.mkForce "qtct";
targets.qt.platform = lib.mkForce "qtct"; }
} // lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
// lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
};
} }

58
dotfiles/gallery-dl.nix
View File

@@ -1,4 +1,5 @@
{ {
output.mode = "auto";
extractor = { extractor = {
skip = "abort:5"; skip = "abort:5";
cookies = [ cookies = [
@@ -8,6 +9,29 @@
]; ];
retries = 10; retries = 10;
sleep-request = 0; sleep-request = 0;
pinterest.directory = [
"{board[owner][username]}"
"{board[name]}"
];
exhentai.directory = [
"{category}"
"{title}"
];
gfycat.format = "webm";
imgur.mp4 = true;
paheal.directory = [
"Husbands"
"{search_tags}"
];
rule34.directory = [
"Husbands"
"{search_tags}"
];
e621.directory = [
"Husbands"
"{search_tags}"
];
baraag.directory = [ "{account[username]}" ];
directlink = { directlink = {
filename = "{filename}.{extension}"; filename = "{filename}.{extension}";
directory = [ ]; directory = [ ];
@@ -35,10 +59,6 @@
"{owner[username]}" "{owner[username]}"
]; ];
}; };
pinterest.directory = [
"{board[owner][username]}"
"{board[name]}"
];
wikifeet = { wikifeet = {
page-reverse = true; page-reverse = true;
directory = [ directory = [
@@ -55,6 +75,11 @@
parent-directory = true; parent-directory = true;
directory = [ "{username}" ]; directory = [ "{username}" ];
previews = true; previews = true;
tagged.directory = [
"{username}"
"tagged"
"{tagged_username}"
];
highlights = { highlights = {
reverse = true; reverse = true;
directory = [ "{username}" ]; directory = [ "{username}" ];
@@ -63,11 +88,6 @@
reverse = true; reverse = true;
directory = [ "{username}" ]; directory = [ "{username}" ];
}; };
tagged.directory = [
"{username}"
"tagged"
"{tagged_username}"
];
}; };
kemonoparty = { kemonoparty = {
limit-rate = "200k-300k"; limit-rate = "200k-300k";
@@ -79,10 +99,6 @@
"{user}" "{user}"
]; ];
}; };
exhentai.directory = [
"{category}"
"{title}"
];
tumblr = { tumblr = {
external = true; external = true;
inline = true; inline = true;
@@ -132,7 +148,6 @@
external = true; external = true;
directory = [ "{userinfo[username]}" ]; directory = [ "{userinfo[username]}" ];
}; };
gfycat.format = "webm";
reddit = { reddit = {
user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)"; user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
client-id = "T7nZ6WZ3_onJWBhLP8r08g"; client-id = "T7nZ6WZ3_onJWBhLP8r08g";
@@ -143,20 +158,6 @@
reverse = true; reverse = true;
directory = [ "{userName}" ]; directory = [ "{userName}" ];
}; };
imgur.mp4 = true;
paheal.directory = [
"Husbands"
"{search_tags}"
];
rule34.directory = [
"Husbands"
"{search_tags}"
];
e621.directory = [
"Husbands"
"{search_tags}"
];
baraag.directory = [ "{account[username]}" ];
pixiv = { pixiv = {
directory = [ "{user[account]} - {user[id]}" ]; directory = [ "{user[account]} - {user[id]}" ];
ugoira = true; ugoira = true;
@@ -275,7 +276,6 @@
]; ];
}; };
}; };
output.mode = "auto";
downloader = { downloader = {
part = true; part = true;
part-directory = "/home/jawz/.cache/gallery-dl"; part-directory = "/home/jawz/.cache/gallery-dl";

12
environments/cinnamon.nix
View File

@@ -1,5 +1,11 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
adw-gtk3 # theme legacy applications
papirus-icon-theme # icon theme
;
};
services = { services = {
libinput.enable = true; libinput.enable = true;
xserver = { xserver = {
@@ -12,10 +18,4 @@
enable = true; enable = true;
style = "adwaita"; style = "adwaita";
}; };
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
adw-gtk3 # theme legacy applications
papirus-icon-theme # icon theme
;
};
} }

10
environments/gnome.nix
View File

@@ -23,11 +23,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
qt.enable = true; qt.enable = true;
services = {
gvfs.enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
environment.gnome.excludePackages = builtins.attrValues { environment.gnome.excludePackages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
baobab baobab
@@ -55,5 +50,10 @@ in
; ;
} }
); );
services = {
gvfs.enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
}; };
} }

38
environments/hyprland-home.nix
View File

@@ -10,6 +10,9 @@ let
in in
{ {
programs = { programs = {
waybar = waybarConfig.programs.waybar // {
style = waybarStyle;
};
wofi = { wofi = {
enable = true; enable = true;
settings = { settings = {
@@ -19,29 +22,10 @@ in
width = "30%"; width = "30%";
}; };
}; };
waybar = waybarConfig.programs.waybar // {
style = waybarStyle;
};
}; };
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = { settings = {
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 3;
layout = "dwindle";
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
force_default_wallpaper = 0;
};
dwindle = {
pseudotile = true;
preserve_split = true;
force_split = 2;
};
bind = [ bind = [
"${mod}, return, exec, ghostty" "${mod}, return, exec, ghostty"
"${mod}, Q, killactive," "${mod}, Q, killactive,"
@@ -108,6 +92,22 @@ in
"${mod}, mouse:272, movewindow" "${mod}, mouse:272, movewindow"
"${mod}, mouse:273, resizewindow" "${mod}, mouse:273, resizewindow"
]; ];
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 3;
layout = "dwindle";
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
force_default_wallpaper = 0;
};
dwindle = {
pseudotile = true;
preserve_split = true;
force_split = 2;
};
}; };
}; };
} }

14
environments/hyprland.nix
View File

@@ -4,13 +4,6 @@
}: }:
{ {
programs.hyprland.enable = true; programs.hyprland.enable = true;
services.greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
user = "greeter";
};
};
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
wl-clipboard-rs wl-clipboard-rs
@@ -25,4 +18,11 @@
; ;
}; };
home-manager.users.jawz.imports = [ ./hyprland-home.nix ]; home-manager.users.jawz.imports = [ ./hyprland-home.nix ];
services.greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
user = "greeter";
};
};
} }

20
flake.nix
View File

@@ -1,5 +1,15 @@
{ {
description = "JawZ NixOS flake setup"; description = "JawZ NixOS flake setup";
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./parts/core.nix
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
];
};
inputs = { inputs = {
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
@@ -71,14 +81,4 @@
flake = false; flake = false;
}; };
}; };
outputs =
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./parts/core.nix
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
];
};
} }

14
hosts/emacs/configuration.nix
View File

@@ -8,6 +8,8 @@
../../config/stylix.nix ../../config/stylix.nix
../../environments/hyprland.nix ../../environments/hyprland.nix
]; ];
networking.hostName = "emacs";
environment.systemPackages = [ ];
virtualisation.vmVariant.virtualisation = { virtualisation.vmVariant.virtualisation = {
memorySize = 4096; memorySize = 4096;
cores = 4; cores = 4;
@@ -23,6 +25,11 @@
emacs.enable = true; emacs.enable = true;
shell.tools.enable = true; shell.tools.enable = true;
services.network.enable = true; services.network.enable = true;
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
dev = { dev = {
nix.enable = true; nix.enable = true;
python.enable = true; python.enable = true;
@@ -37,12 +44,5 @@
zig.enable = true; zig.enable = true;
docker.enable = true; docker.enable = true;
}; };
interfaces = lib.mkMerge [
{
emacs = "eth0";
}
];
}; };
networking.hostName = "emacs";
environment.systemPackages = [ ];
} }

8
hosts/mac/home.nix
View File

@@ -4,6 +4,7 @@
... ...
}: }:
{ {
my = import ./toggles.nix { inherit inputs; };
home = { home = {
username = "carlosdaniloreyesmartinez"; username = "carlosdaniloreyesmartinez";
homeDirectory = "/Users/carlosdaniloreyesmartinez"; homeDirectory = "/Users/carlosdaniloreyesmartinez";
@@ -13,10 +14,11 @@
starship.enable = true; starship.enable = true;
kitty = { kitty = {
enable = true; enable = true;
shellIntegration.enableBashIntegration = false;
shellIntegration.enableZshIntegration = true;
settings.term = "xterm-256color"; settings.term = "xterm-256color";
shellIntegration = {
enableBashIntegration = false;
enableZshIntegration = true;
};
}; };
}; };
my = import ./toggles.nix { inherit inputs; };
} }

20
hosts/miniserver/configuration.nix
View File

@@ -6,13 +6,17 @@
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix { inherit inputs; } // { my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3; nix = {
nix.maxJobs = 8; cores = 3;
users.nixremote.enable = true; maxJobs = 8;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ };
"nixworkstation" users.nixremote = {
"nixserver" enable = true;
]; authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
};
}; };
nix.buildMachines = nix.buildMachines =
let let
@@ -27,6 +31,7 @@
(buildMachine "workstation" 8 40) (buildMachine "workstation" 8 40)
(buildMachine "server" 6 17) (buildMachine "server" 6 17)
]; ];
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
networking = { networking = {
hostName = "miniserver"; hostName = "miniserver";
firewall = { firewall = {
@@ -34,7 +39,6 @@
allowedUDPPorts = [ 2049 ]; allowedUDPPorts = [ 2049 ];
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
services = { services = {
btrfs.autoScrub = { btrfs.autoScrub = {
enable = true; enable = true;

18
hosts/miniserver/hardware-configuration.nix
View File

@@ -54,19 +54,17 @@
fileSystems = fileSystems =
let let
nfsMount = server: nfsDisk: { nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [ options = [
"x-systemd.automount" "x-systemd.automount"
"noauto" "noauto"
"x-systemd.idle-timeout=600" "x-systemd.idle-timeout=600"
]; ];
device = "${server}:/${nfsDisk}";
fsType = "nfs";
}; };
in in
{ {
"/" = { "/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [ options = [
"subvol=nix" "subvol=nix"
"ssd" "ssd"
@@ -77,10 +75,10 @@
"datacow" "datacow"
"noatime" "noatime"
]; ];
};
"/home" = {
device = "/dev/mapper/nvme"; device = "/dev/mapper/nvme";
fsType = "btrfs"; fsType = "btrfs";
};
"/home" = {
options = [ options = [
"subvol=home" "subvol=home"
"ssd" "ssd"
@@ -90,6 +88,8 @@
"commit=120" "commit=120"
"datacow" "datacow"
]; ];
device = "/dev/mapper/nvme";
fsType = "btrfs";
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334"; device = "/dev/disk/by-uuid/bf0aeb95-94cc-4377-b6e4-1dbb4958b334";
@@ -100,18 +100,18 @@
fsType = "vfat"; fsType = "vfat";
}; };
"/var/lib/nextcloud/data" = { "/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ]; options = [ "bind" ];
device = "/srv/pool/nextcloud";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/export/pool" = { "/export/pool" = {
device = "/srv/pool";
options = [ "bind" ]; options = [ "bind" ];
device = "/srv/pool";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/export/jawz" = { "/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ]; options = [ "bind" ];
device = "/home/jawz";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/srv/server/pool" = nfsMount "server" "pool" // { }; "/srv/server/pool" = nfsMount "server" "pool" // { };

16
hosts/miniserver/toggles.nix
View File

@@ -8,14 +8,6 @@ let
; ;
in in
{ {
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
enableProxy = true; enableProxy = true;
websites.portfolio.enableProxy = true; websites.portfolio.enableProxy = true;
apps = enableList mkEnabledWithUsers [ apps = enableList mkEnabledWithUsers [
@@ -49,4 +41,12 @@ in
// enableList mkEnabledWithProxy [ // enableList mkEnabledWithProxy [
"audiobookshelf" "audiobookshelf"
]; ];
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
} }

58
hosts/server/configuration.nix
View File

@@ -17,22 +17,26 @@ in
]; ];
my = import ./toggles.nix { inherit config inputs; } // { my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6; nix.cores = 6;
users.nixremote.enable = true; users.nixremote = {
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ enable = true;
"nixworkstation" authorizedKeys = inputs.self.lib.getSshKeys [
"nixminiserver" "nixworkstation"
]; "nixminiserver"
network.firewall.enabledServicePorts = true; ];
network.firewall.additionalPorts = [ };
2049 # idk network.firewall = {
config.my.ports.syncthingGui enabledServicePorts = true;
config.my.ports.syncthingRelay additionalPorts = [
config.my.ports.sonarqube 2049 # idk
config.my.ports.synapseSsl config.my.ports.syncthingGui
config.my.ports.tdarr config.my.ports.syncthingRelay
config.my.ports.mediaMap config.my.ports.sonarqube
config.my.ports.qbittorrent config.my.ports.synapseSsl
]; config.my.ports.tdarr
config.my.ports.mediaMap
config.my.ports.qbittorrent
];
};
}; };
nix.buildMachines = [ nix.buildMachines = [
{ {
@@ -65,10 +69,6 @@ in
}; };
networking = { networking = {
hostName = "server"; hostName = "server";
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost { wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ]; ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."server/private".path; privateKeyFile = config.sops.secrets."server/private".path;
@@ -86,6 +86,10 @@ in
} }
]; ];
}; };
firewall = {
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
};
}; };
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) podman-compose attic-client; inherit (pkgs) podman-compose attic-client;
@@ -116,14 +120,12 @@ in
vpsHost = "lidarr-reports@${config.my.ips.vps}"; vpsHost = "lidarr-reports@${config.my.ips.vps}";
vpsPath = "/var/www/html/lidarr-mb-gap"; vpsPath = "/var/www/html/lidarr-mb-gap";
sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path; sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path;
sshKnownHosts = { sshKnownHosts.vps = {
vps = { hostNames = [
hostNames = [ config.my.ips.vps
config.my.ips.vps "[${config.my.ips.vps}]:3456"
"[${config.my.ips.vps}]:3456" ];
]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
};
}; };
}; };
}; };

24
hosts/server/hardware-configuration.nix
View File

@@ -84,8 +84,6 @@ in
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/mapper/nvme";
fsType = "btrfs";
options = [ options = [
"subvol=nix" "subvol=nix"
"ssd" "ssd"
@@ -96,10 +94,10 @@ in
"datacow" "datacow"
"noatime" "noatime"
]; ];
};
"/home" = {
device = "/dev/mapper/nvme"; device = "/dev/mapper/nvme";
fsType = "btrfs"; fsType = "btrfs";
};
"/home" = {
options = [ options = [
"subvol=home" "subvol=home"
"ssd" "ssd"
@@ -109,19 +107,19 @@ in
"commit=120" "commit=120"
"datacow" "datacow"
]; ];
device = "/dev/mapper/nvme";
fsType = "btrfs";
}; };
"/boot" = { "/boot" = {
options = [ "nofail" ];
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4"; fsType = "ext4";
options = [ "nofail" ];
}; };
"/boot/efi" = { "/boot/efi" = {
device = "/dev/disk/by-uuid/CBE7-5DEB"; device = "/dev/disk/by-uuid/CBE7-5DEB";
fsType = "vfat"; fsType = "vfat";
}; };
"/srv/pool" = { "/srv/pool" = {
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
options = [ options = [
"subvol=@data" "subvol=@data"
"compress=zstd:3" "compress=zstd:3"
@@ -129,34 +127,36 @@ in
"commit=120" "commit=120"
"datacow" "datacow"
]; ];
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
depends = [ "/boot/efi" ]; depends = [ "/boot/efi" ];
}; };
"/var/lib/nextcloud/data" = { "/var/lib/nextcloud/data" = {
device = "/srv/pool/nextcloud";
options = [ "bind" ]; options = [ "bind" ];
device = "/srv/pool/nextcloud";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/srv/jellyfin/media" = { "/srv/jellyfin/media" = {
device = "/srv/pool/multimedia/media";
options = [ options = [
"bind" "bind"
"ro" "ro"
]; ];
device = "/srv/pool/multimedia/media";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/export/pool" = { "/export/pool" = {
device = "/srv/pool";
options = [ "bind" ]; options = [ "bind" ];
device = "/srv/pool";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/export/jawz" = { "/export/jawz" = {
device = "/home/jawz";
options = [ "bind" ]; options = [ "bind" ];
device = "/home/jawz";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
"/export/backups" = { "/export/backups" = {
device = "/srv/backups";
options = [ "bind" ]; options = [ "bind" ];
device = "/srv/backups";
depends = [ "/srv/pool" ]; depends = [ "/srv/pool" ];
}; };
}; };

24
hosts/server/toggles.nix
View File

@@ -4,20 +4,8 @@ let
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server; mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
in in
{ {
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
enableProxy = true; enableProxy = true;
enableContainers = true; enableContainers = true;
apps.dictionaries = {
enable = true;
users = "jawz";
};
shell = enableList mkEnabledWithUsers [ shell = enableList mkEnabledWithUsers [
"multimedia" "multimedia"
"tools" "tools"
@@ -93,4 +81,16 @@ in
"plausible" "plausible"
"vaultwarden" "vaultwarden"
]; ];
emacs = {
enable = true;
users = "jawz";
};
stylix = {
enable = true;
users = "jawz";
};
apps.dictionaries = {
enable = true;
users = "jawz";
};
} }

38
hosts/vps/configuration.nix
View File

@@ -70,13 +70,30 @@ in
]; ];
}; };
}; };
image.modules.linode = { };
environment.systemPackages = [ ];
security.sudo-rs.extraRules = [
{
users = [ "nixremote" ];
commands = [
{
options = [ "NOPASSWD" ];
command = "/run/current-system/sw/bin/nixos-rebuild";
}
];
}
];
systemd.tmpfiles.rules = [
"d /var/www/html 2775 deploy www-data -"
"d /var/www/html/portfolio 2775 deploy www-data -"
"d /var/www/html/blog 2775 deploy www-data -"
"d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
];
sops.age = { sops.age = {
generateKey = true; generateKey = true;
keyFile = "/var/lib/sops-nix/key.txt"; keyFile = "/var/lib/sops-nix/key.txt";
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}; };
image.modules.linode = { };
environment.systemPackages = [ ];
networking = { networking = {
hostName = "vps"; hostName = "vps";
nat = { nat = {
@@ -137,23 +154,6 @@ in
''; '';
}; };
}; };
security.sudo-rs.extraRules = [
{
users = [ "nixremote" ];
commands = [
{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}
];
}
];
systemd.tmpfiles.rules = [
"d /var/www/html 2775 deploy www-data -"
"d /var/www/html/portfolio 2775 deploy www-data -"
"d /var/www/html/blog 2775 deploy www-data -"
"d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -"
];
services = { services = {
smartd.enable = lib.mkForce false; smartd.enable = lib.mkForce false;
openssh.ports = [ ports.ssh ]; openssh.ports = [ ports.ssh ];

8
hosts/vps/toggles.nix
View File

@@ -41,10 +41,6 @@ let
secureToggles = { secureToggles = {
enableProxy = true; enableProxy = true;
enableContainers = true; enableContainers = true;
websites = {
portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true;
};
servers = servers =
enableList mkEnabledWithProxy [ enableList mkEnabledWithProxy [
"isso" "isso"
@@ -78,6 +74,10 @@ let
"vaultwarden" "vaultwarden"
"yamtrack" "yamtrack"
]; ];
websites = {
portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true;
};
}; };
in in
lib.mkMerge [ lib.mkMerge [

48
hosts/workstation/configuration.nix
View File

@@ -25,13 +25,17 @@ in
../../environments/gnome.nix ../../environments/gnome.nix
]; ];
my = import ./toggles.nix { inherit inputs; } // { my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8; nix = {
nix.maxJobs = 8; cores = 8;
users.nixremote.enable = true; maxJobs = 8;
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ };
"nixserver" users.nixremote = {
"nixminiserver" enable = true;
]; authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
};
}; };
sops.secrets."workstation/private" = lib.mkIf config.my.secureHost { sops.secrets."workstation/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml; sopsFile = ../../secrets/wireguard.yaml;
@@ -53,6 +57,21 @@ in
}; };
networking = { networking = {
hostName = "workstation"; hostName = "workstation";
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-workstation}/32" ];
privateKeyFile = config.sops.secrets."workstation/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
persistentKeepalive = 25;
allowedIPs = [
"${config.my.ips.wg-vps}/32"
config.my.subnets.wg-homelab
];
}
];
};
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
config.my.ports.nsUsbloader config.my.ports.nsUsbloader
@@ -80,21 +99,6 @@ in
} }
''; '';
}; };
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-workstation}/32" ];
privateKeyFile = config.sops.secrets."workstation/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.vps}:51820";
persistentKeepalive = 25;
allowedIPs = [
"${config.my.ips.wg-vps}/32"
config.my.subnets.wg-homelab
];
}
];
};
}; };
users = { users = {
groups.ai = { }; groups.ai = { };

6
hosts/workstation/hardware-configuration.nix
View File

@@ -87,17 +87,16 @@ in
fileSystems = fileSystems =
let let
nfsMount = server: nfsDisk: { nfsMount = server: nfsDisk: {
device = "${server}:/${nfsDisk}";
fsType = "nfs";
options = [ options = [
"x-systemd.automount" "x-systemd.automount"
"noauto" "noauto"
"x-systemd.idle-timeout=600" "x-systemd.idle-timeout=600"
]; ];
device = "${server}:/${nfsDisk}";
fsType = "nfs";
}; };
btrfsMount = device: subvol: extraOpts: { btrfsMount = device: subvol: extraOpts: {
inherit device; inherit device;
fsType = "btrfs";
options = extraOpts ++ [ options = extraOpts ++ [
"subvol=${subvol}" "subvol=${subvol}"
"ssd" "ssd"
@@ -107,6 +106,7 @@ in
"commit=120" "commit=120"
"datacow" "datacow"
]; ];
fsType = "btrfs";
}; };
trashOptions = [ trashOptions = [
"x-gvfs-trash" "x-gvfs-trash"

16
hosts/workstation/toggles.nix
View File

@@ -3,14 +3,6 @@ let
inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList; inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList;
in in
{ {
stylix = {
enable = true;
users = "jawz";
};
emacs = {
enable = true;
users = "jawz";
};
enableContainers = true; enableContainers = true;
servers.drpp.enable = true; servers.drpp.enable = true;
apps = apps =
@@ -52,4 +44,12 @@ in
"ffmpeg4discord" "ffmpeg4discord"
"update-org-agenda-cache" "update-org-agenda-cache"
]; ];
stylix = {
enable = true;
users = "jawz";
};
emacs = {
enable = true;
users = "jawz";
};
} }

2
modules/apps/art.nix
View File

@@ -37,6 +37,7 @@ let
in in
{ {
options.my = { options.my = {
dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
apps.art = { apps.art = {
enable = lib.mkEnableOption "digital art and creative applications"; enable = lib.mkEnableOption "digital art and creative applications";
users = lib.mkOption { users = lib.mkOption {
@@ -45,7 +46,6 @@ in
description = "Users to install art packages for"; description = "Users to install art packages for";
}; };
}; };
dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
}; };
config.users.users = config.users.users =
let let

24
modules/apps/gaming.nix
View File

@@ -21,8 +21,8 @@ let
); );
in in
{ {
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
options.my.apps = { options.my.apps = {
switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
gaming = { gaming = {
enable = lib.mkEnableOption "gaming applications and emulators"; enable = lib.mkEnableOption "gaming applications and emulators";
users = lib.mkOption { users = lib.mkOption {
@@ -31,8 +31,8 @@ in
description = "Users to install gaming packages for"; description = "Users to install gaming packages for";
}; };
}; };
switch.enable = lib.mkEnableOption "Nintendo Switch homebrew tools";
}; };
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
config = lib.mkIf config.my.apps.gaming.enable { config = lib.mkIf config.my.apps.gaming.enable {
# sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable { # sops.secrets.switch-presence = lib.mkIf config.my.apps.gaming.switch.enable {
# sopsFile = ../../secrets/env.yaml; # sopsFile = ../../secrets/env.yaml;
@@ -40,16 +40,6 @@ in
# owner = config.users.users.jawz.name; # owner = config.users.users.jawz.name;
# inherit (config.users.users.jawz) group; # inherit (config.users.users.jawz) group;
# }; # };
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
platformOptimizations.enable = true;
};
};
services = lib.mkIf config.my.apps.switch.enable { services = lib.mkIf config.my.apps.switch.enable {
switch-boot.enable = true; switch-boot.enable = true;
# switch-presence = { # switch-presence = {
@@ -80,5 +70,15 @@ in
}; };
in in
inputs.self.lib.mkUserPackages lib config.my.apps.gaming.users packages; inputs.self.lib.mkUserPackages lib config.my.apps.gaming.users packages;
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
platformOptimizations.enable = true;
};
};
}; };
} }

14
modules/apps/internet/home.nix
View File

@@ -19,6 +19,13 @@ let
]; ];
}; };
cfg = config.my.apps.internet; cfg = config.my.apps.internet;
krisp-patch = builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
);
krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
krisp-settings = { krisp-settings = {
libraries = builtins.attrValues { libraries = builtins.attrValues {
inherit (pkgs.python3Packages) inherit (pkgs.python3Packages)
@@ -32,13 +39,6 @@ let
"F405" "F405"
]; ];
}; };
krisp-patch = builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
);
krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
in in
{ {
options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps"; options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";

10
modules/dev/cc/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.cc = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "C/C++ development shell";
};
my.dev.cc = { my.dev.cc = {
enable = lib.mkEnableOption "Install C/C++ tooling globally"; enable = lib.mkEnableOption "Install C/C++ tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install C/C++ packages for"; description = "Users to install C/C++ packages for";
}; };
}; };
devShells.cc = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "C/C++ development shell";
};
}; };
} }

6
modules/dev/docker/home.nix
View File

@@ -28,8 +28,10 @@ in
my.dev.docker.enable = lib.mkDefault hm.enabledByDefault; my.dev.docker.enable = lib.mkDefault hm.enabledByDefault;
} }
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
home.packages = feature.packages; home = {
home.sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker"; inherit (feature) packages;
sessionVariables.DOCKER_CONFIG = "${config.xdg.configHome}/docker";
};
}) })
]; ];
} }

10
modules/dev/docker/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.docker = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Docker and Dockerfile tooling shell";
};
my.dev.docker = { my.dev.docker = {
enable = lib.mkEnableOption "Install Docker tooling globally"; enable = lib.mkEnableOption "Install Docker tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Docker packages for"; description = "Users to install Docker packages for";
}; };
}; };
devShells.docker = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Docker and Dockerfile tooling shell";
};
}; };
} }

2
modules/dev/emacs/home.nix
View File

@@ -25,8 +25,8 @@ let
}; };
in in
{ {
imports = [ inputs.doom-emacs.homeModule ];
options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration"; options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration";
imports = [ inputs.doom-emacs.homeModule ];
config = lib.mkMerge [ config = lib.mkMerge [
{ {
my.emacs.enable = lib.mkDefault hm.enabledByDefault; my.emacs.enable = lib.mkDefault hm.enabledByDefault;

8
modules/dev/emacs/portable.nix
View File

@@ -5,8 +5,8 @@
}: }:
let let
emacs = import ./common.nix { emacs = import ./common.nix {
lib = pkgs.lib;
inherit pkgs; inherit pkgs;
lib = pkgs.lib;
stylixEnabled = false; stylixEnabled = false;
emacsExtraConfig = ""; emacsExtraConfig = "";
emacsExtraPackages = _epkgs: [ ]; emacsExtraPackages = _epkgs: [ ];
@@ -41,21 +41,21 @@ let
../../../modules/home-manager.nix ../../../modules/home-manager.nix
../../../config/home-manager.nix ../../../config/home-manager.nix
{ {
programs.home-manager.enable = true;
nixpkgs.config.allowUnfree = true;
home = { home = {
username = "portable"; username = "portable";
homeDirectory = if pkgs.stdenv.isDarwin then "/Users/portable" else "/home/portable"; homeDirectory = if pkgs.stdenv.isDarwin then "/Users/portable" else "/home/portable";
stateVersion = "23.05"; stateVersion = "23.05";
}; };
programs.home-manager.enable = true;
nixpkgs.config.allowUnfree = true;
my = { my = {
emacs.enable = true; emacs.enable = true;
shell.tools.enable = true;
dev = { dev = {
nix.enable = true; nix.enable = true;
python.enable = true; python.enable = true;
sh.enable = true; sh.enable = true;
}; };
shell.tools.enable = true;
}; };
} }
]; ];

6
modules/dev/go/home.nix
View File

@@ -28,8 +28,10 @@ in
my.dev.go.enable = lib.mkDefault hm.enabledByDefault; my.dev.go.enable = lib.mkDefault hm.enabledByDefault;
} }
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
home.packages = feature.packages; home = {
home.sessionVariables.GOPATH = "${config.xdg.dataHome}/go"; inherit (feature) packages;
sessionVariables.GOPATH = "${config.xdg.dataHome}/go";
};
}) })
]; ];
} }

10
modules/dev/go/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.go = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
};
my.dev.go = { my.dev.go = {
enable = lib.mkEnableOption "Install Go tooling globally"; enable = lib.mkEnableOption "Install Go tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Go packages for"; description = "Users to install Go packages for";
}; };
}; };
devShells.go = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Go development shell with Emacs tooling, REPL, formatter, and linter";
};
}; };
} }

12
modules/dev/haskell/home.nix
View File

@@ -28,11 +28,13 @@ in
my.dev.haskell.enable = lib.mkDefault hm.enabledByDefault; my.dev.haskell.enable = lib.mkDefault hm.enabledByDefault;
} }
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
home.packages = feature.packages; home = {
home.sessionVariables = { inherit (feature) packages;
CABAL_DIR = "${config.xdg.cacheHome}/cabal"; sessionVariables = {
STACK_ROOT = "${config.xdg.dataHome}/stack"; CABAL_DIR = "${config.xdg.cacheHome}/cabal";
GHCUP_USE_XDG_DIRS = "true"; STACK_ROOT = "${config.xdg.dataHome}/stack";
GHCUP_USE_XDG_DIRS = "true";
};
}; };
}) })
]; ];

10
modules/dev/haskell/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.haskell = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Haskell development shell";
};
my.dev.haskell = { my.dev.haskell = {
enable = lib.mkEnableOption "Install Haskell tooling globally"; enable = lib.mkEnableOption "Install Haskell tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Haskell packages for"; description = "Users to install Haskell packages for";
}; };
}; };
devShells.haskell = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Haskell development shell";
};
}; };
} }

8
modules/dev/javascript/common.nix
View File

@@ -14,12 +14,12 @@ in
echo "📦 JavaScript dev environment" echo "📦 JavaScript dev environment"
''; '';
}; };
sessionVariables = {
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
};
sessionPath = [ sessionPath = [
"\${XDG_DATA_HOME}/npm/bin" "\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm" "\${XDG_DATA_HOME}/pnpm"
]; ];
sessionVariables = {
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
};
} }

10
modules/dev/javascript/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.javascript = lib.mkOption {
type = lib.types.package;
default = javascript.devShell;
description = "JavaScript/Node development shell with npm/pnpm support";
};
my.dev.javascript = { my.dev.javascript = {
enable = lib.mkEnableOption "Install JavaScript tooling globally"; enable = lib.mkEnableOption "Install JavaScript tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install JavaScript packages for"; description = "Users to install JavaScript packages for";
}; };
}; };
devShells.javascript = lib.mkOption {
type = lib.types.package;
default = javascript.devShell;
description = "JavaScript/Node development shell with npm/pnpm support";
};
}; };
} }

10
modules/dev/julia/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.julia = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Julia development shell";
};
my.dev.julia = { my.dev.julia = {
enable = lib.mkEnableOption "Install Julia globally"; enable = lib.mkEnableOption "Install Julia globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Julia packages for"; description = "Users to install Julia packages for";
}; };
}; };
devShells.julia = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Julia development shell";
};
}; };
} }

10
modules/dev/mcp/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.mcp = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "MCP dev shell for this repo";
};
my.dev.mcp = { my.dev.mcp = {
enable = lib.mkEnableOption "Install MCP tooling globally"; enable = lib.mkEnableOption "Install MCP tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install MCP packages for"; description = "Users to install MCP packages for";
}; };
}; };
devShells.mcp = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "MCP dev shell for this repo";
};
}; };
} }

10
modules/dev/nix/nixos.nix
View File

@@ -13,6 +13,11 @@ let
in in
{ {
options = { options = {
devShells.nix = lib.mkOption {
type = lib.types.package;
default = nix.devShell;
description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
};
my.dev.nix = { my.dev.nix = {
enable = lib.mkEnableOption "Install Nix tooling globally"; enable = lib.mkEnableOption "Install Nix tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -21,10 +26,5 @@ in
description = "Users to install Nix packages for"; description = "Users to install Nix packages for";
}; };
}; };
devShells.nix = lib.mkOption {
type = lib.types.package;
default = nix.devShell;
description = "Nix/NixOS development shell with formatter, linter, LSP, and Cachix";
};
}; };
} }

8
modules/dev/python/nixos.nix
View File

@@ -10,6 +10,10 @@ let
in in
{ {
options = { options = {
devShells.python = lib.mkOption {
type = lib.types.package;
default = python.devShell;
};
my.dev.python = { my.dev.python = {
enable = lib.mkEnableOption "Install Python tools globally"; enable = lib.mkEnableOption "Install Python tools globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,9 +22,5 @@ in
description = "Users to install Python packages for"; description = "Users to install Python packages for";
}; };
}; };
devShells.python = lib.mkOption {
type = lib.types.package;
default = python.devShell;
};
}; };
} }

12
modules/dev/ruby/home.nix
View File

@@ -28,11 +28,13 @@ in
my.dev.ruby.enable = lib.mkDefault hm.enabledByDefault; my.dev.ruby.enable = lib.mkDefault hm.enabledByDefault;
} }
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
home.packages = feature.packages; home = {
home.sessionVariables = { inherit (feature) packages;
GEM_HOME = "${config.xdg.dataHome}/ruby/gems"; sessionVariables = {
GEM_PATH = "${config.xdg.dataHome}/ruby/gems"; GEM_HOME = "${config.xdg.dataHome}/ruby/gems";
GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs"; GEM_PATH = "${config.xdg.dataHome}/ruby/gems";
GEM_SPEC_CACHE = "${config.xdg.dataHome}/ruby/specs";
};
}; };
}) })
]; ];

10
modules/dev/ruby/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.ruby = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Ruby development shell with interpreter and Solargraph LSP";
};
my.dev.ruby = { my.dev.ruby = {
enable = lib.mkEnableOption "Install Ruby tooling globally"; enable = lib.mkEnableOption "Install Ruby tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Ruby packages for"; description = "Users to install Ruby packages for";
}; };
}; };
devShells.ruby = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Ruby development shell with interpreter and Solargraph LSP";
};
}; };
} }

6
modules/dev/rust/home.nix
View File

@@ -28,8 +28,10 @@ in
my.dev.rust.enable = lib.mkDefault hm.enabledByDefault; my.dev.rust.enable = lib.mkDefault hm.enabledByDefault;
} }
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
home.packages = feature.packages; home = {
home.sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo"; inherit (feature) packages;
sessionVariables.CARGO_HOME = "${config.xdg.dataHome}/cargo";
};
}) })
]; ];
} }

10
modules/dev/rust/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.rust = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Rust development shell with cargo and rust-analyzer";
};
my.dev.rust = { my.dev.rust = {
enable = lib.mkEnableOption "Install Rust tooling globally"; enable = lib.mkEnableOption "Install Rust tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Rust packages for"; description = "Users to install Rust packages for";
}; };
}; };
devShells.rust = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Rust development shell with cargo and rust-analyzer";
};
}; };
} }

10
modules/dev/sh/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.sh = lib.mkOption {
type = lib.types.package;
default = sh.devShell;
description = "Shell scripting dev shell";
};
my.dev.sh = { my.dev.sh = {
enable = lib.mkEnableOption "Install shell scripting tools globally"; enable = lib.mkEnableOption "Install shell scripting tools globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install shell scripting packages for"; description = "Users to install shell scripting packages for";
}; };
}; };
devShells.sh = lib.mkOption {
type = lib.types.package;
default = sh.devShell;
description = "Shell scripting dev shell";
};
}; };
} }

10
modules/dev/zig/nixos.nix
View File

@@ -10,6 +10,11 @@ let
in in
{ {
options = { options = {
devShells.zig = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Zig development shell with compiler and LSP";
};
my.dev.zig = { my.dev.zig = {
enable = lib.mkEnableOption "Install Zig tooling globally"; enable = lib.mkEnableOption "Install Zig tooling globally";
users = lib.mkOption { users = lib.mkOption {
@@ -18,10 +23,5 @@ in
description = "Users to install Zig packages for"; description = "Users to install Zig packages for";
}; };
}; };
devShells.zig = lib.mkOption {
type = lib.types.package;
default = feature.devShell;
description = "Zig development shell with compiler and LSP";
};
}; };
} }

74
modules/factories/mkscript.nix
View File

@@ -65,41 +65,43 @@
lib.mkMerge ( lib.mkMerge (
lib.mapAttrsToList (user: packages: inputs.self.lib.mkUserPackages lib user packages) userMap lib.mapAttrsToList (user: packages: inputs.self.lib.mkUserPackages lib user packages) userMap
); );
systemd.user.services = systemd.user = {
config.my.scripts services =
|> lib.mapAttrs' ( config.my.scripts
_name: script: |> lib.mapAttrs' (
lib.nameValuePair "${script.name}" ( _name: script:
lib.mkIf (script.enable && script.service) { lib.nameValuePair "${script.name}" (
restartIfChanged = true; lib.mkIf (script.enable && script.service) {
inherit (script) description; restartIfChanged = true;
wantedBy = [ "default.target" ]; inherit (script) description;
path = [ wantedBy = [ "default.target" ];
pkgs.nix path = [
script.package pkgs.nix
]; script.package
serviceConfig = { ];
Restart = "on-failure"; serviceConfig = {
RestartSec = 30; Restart = "on-failure";
ExecStart = "${script.package}/bin/${script.name}"; RestartSec = 30;
}; ExecStart = "${script.package}/bin/${script.name}";
} };
) }
); )
systemd.user.timers = );
config.my.scripts timers =
|> lib.mapAttrs' ( config.my.scripts
_name: script: |> lib.mapAttrs' (
lib.nameValuePair "${script.name}" ( _name: script:
lib.mkIf (script.enable && script.service) { lib.nameValuePair "${script.name}" (
enable = true; lib.mkIf (script.enable && script.service) {
inherit (script) description; enable = true;
wantedBy = [ "timers.target" ]; inherit (script) description;
timerConfig = { wantedBy = [ "timers.target" ];
OnCalendar = script.timer; timerConfig = {
}; OnCalendar = script.timer;
} };
) }
); )
);
};
}; };
} }

12
modules/modules.nix
View File

@@ -53,6 +53,7 @@ in
}; };
ips = lib.mkOption { ips = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "Set of IP's for all my computers.";
default = { default = {
router = "192.168.100.1"; router = "192.168.100.1";
server = "192.168.100.15"; server = "192.168.100.15";
@@ -73,35 +74,34 @@ in
wg-friend5 = "10.8.0.6"; wg-friend5 = "10.8.0.6";
wg-friend6 = "10.8.0.7"; wg-friend6 = "10.8.0.7";
}; };
description = "Set of IP's for all my computers.";
}; };
subnets = lib.mkOption { subnets = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "Set of subnets for WireGuard networks.";
default = { default = {
wg-homelab = "10.77.0.0/24"; wg-homelab = "10.77.0.0/24";
wg-friends = "10.8.0.0/24"; wg-friends = "10.8.0.0/24";
wg-guests = "10.9.0.0/24"; wg-guests = "10.9.0.0/24";
}; };
description = "Set of subnets for WireGuard networks.";
}; };
wgInterfaces = lib.mkOption { wgInterfaces = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "WireGuard interface IPs for the VPS.";
default = { default = {
wg-homelab = "10.77.0.1/24"; wg-homelab = "10.77.0.1/24";
wg-friends = "10.8.0.1/24"; wg-friends = "10.8.0.1/24";
wg-guests = "10.9.0.1/24"; wg-guests = "10.9.0.1/24";
}; };
description = "WireGuard interface IPs for the VPS.";
}; };
interfaces = lib.mkOption { interfaces = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "Set of network interface names for all my computers.";
default = { default = {
server = "enp0s31f6"; server = "enp0s31f6";
miniserver = "enp2s0"; miniserver = "enp2s0";
workstation = "enp5s0"; workstation = "enp5s0";
vps = "eth0"; vps = "eth0";
}; };
description = "Set of network interface names for all my computers.";
}; };
mainServer = lib.mkOption { mainServer = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@@ -130,6 +130,7 @@ in
}; };
ports = lib.mkOption { ports = lib.mkOption {
type = lib.types.attrsOf lib.types.port; type = lib.types.attrsOf lib.types.port;
description = "Common port assignments for local services and firewall rules.";
default = { default = {
comfyui = 8188; comfyui = 8188;
giteaSsh = 22; giteaSsh = 22;
@@ -147,7 +148,6 @@ in
wg = 51820; wg = 51820;
ssh = 3456; ssh = 3456;
}; };
description = "Common port assignments for local services and firewall rules.";
}; };
email = lib.mkOption { email = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@@ -168,6 +168,7 @@ in
}; };
toggleUsers = lib.mkOption { toggleUsers = lib.mkOption {
type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str)); type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
default = { default = {
apps = "jawz"; apps = "jawz";
dev = "jawz"; dev = "jawz";
@@ -176,7 +177,6 @@ in
services = "jawz"; services = "jawz";
stylix = "jawz"; stylix = "jawz";
}; };
description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
example = { example = {
apps = "jawz"; apps = "jawz";
dev = "bearded_dragonn"; dev = "bearded_dragonn";

6
modules/nix/build.nix
View File

@@ -30,8 +30,8 @@
description = "Maximum number of parallel jobs (null = auto-detect)"; description = "Maximum number of parallel jobs (null = auto-detect)";
}; };
}; };
config = { config.nix = {
nix.settings = lib.mkMerge [ settings = lib.mkMerge [
{ {
system-features = config.my.nix.features; system-features = config.my.nix.features;
} }
@@ -42,6 +42,6 @@
max-jobs = config.my.nix.maxJobs; max-jobs = config.my.nix.maxJobs;
}) })
]; ];
nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines; buildMachines = lib.mkIf (config.my.nix.buildMachines != [ ]) config.my.nix.buildMachines;
}; };
} }

2
modules/scripts/download/home.nix
View File

@@ -12,8 +12,8 @@ let
inputs.self.lib.hmOnlyUser config osConfig "jawz" inputs.self.lib.hmOnlyUser config osConfig "jawz"
&& (osConfig.my.units.download.enable || osConfig.my.units.downloadManga.enable); && (osConfig.my.units.download.enable || osConfig.my.units.downloadManga.enable);
download = import ./common.nix { download = import ./common.nix {
config = if osConfig == null then { } else osConfig;
inherit inputs lib pkgs; inherit inputs lib pkgs;
config = if osConfig == null then { } else osConfig;
}; };
in in
{ {

8
modules/servers/drpp.nix
View File

@@ -11,13 +11,13 @@ in
options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0; options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;
config.virtualisation.oci-containers.containers.drpp = lib.mkIf cfg.enable { config.virtualisation.oci-containers.containers.drpp = lib.mkIf cfg.enable {
image = "ghcr.io/phin05/discord-rich-presence-plex:latest"; image = "ghcr.io/phin05/discord-rich-presence-plex:latest";
environment = {
DRPP_UID = toString config.users.users.jawz.uid;
DRPP_GID = toString config.users.groups.users.gid;
};
volumes = [ volumes = [
"${config.my.containerData}/drpp:/app/data" "${config.my.containerData}/drpp:/app/data"
"/run/user/${toString config.users.users.jawz.uid}:/run/app" "/run/user/${toString config.users.users.jawz.uid}:/run/app"
]; ];
environment = {
DRPP_UID = toString config.users.users.jawz.uid;
DRPP_GID = toString config.users.groups.users.gid;
};
}; };
} }

4
modules/servers/flame.nix
View File

@@ -15,9 +15,7 @@ in
flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007; flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
}; };
config = lib.mkIf enable { config = lib.mkIf enable {
sops.secrets = { sops.secrets.flame.sopsFile = ../../secrets/env.yaml;
flame.sopsFile = ../../secrets/env.yaml;
};
virtualisation.oci-containers.containers = lib.mkIf enable { virtualisation.oci-containers.containers = lib.mkIf enable {
flame = lib.mkIf cfg.enable { flame = lib.mkIf cfg.enable {
autoStart = true; autoStart = true;

2
modules/servers/gitea.nix
View File

@@ -9,11 +9,11 @@ let
cfg = config.my.servers.gitea; cfg = config.my.servers.gitea;
in in
{ {
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
imports = [ imports = [
../nix/gitea-actions-runners/nixos.nix ../nix/gitea-actions-runners/nixos.nix
../nix/gitea-actions-runners/docker.nix ../nix/gitea-actions-runners/docker.nix
]; ];
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets.gitea.sopsFile = ../../secrets/env.yaml; sops.secrets.gitea.sopsFile = ../../secrets/env.yaml;
users.groups.gitea.gid = 974; users.groups.gitea.gid = 974;

8
modules/servers/homepage/service-widgets.nix
View File

@@ -154,8 +154,8 @@
icon = "${name}.png"; icon = "${name}.png";
href = url; href = url;
widget = { widget = {
type = name;
inherit url; inherit url;
type = name;
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}"; username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}"; password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
}; };
@@ -169,8 +169,8 @@
icon = "${name}.png"; icon = "${name}.png";
href = url; href = url;
widget = { widget = {
type = name;
inherit url; inherit url;
type = name;
key = "{{HOMEPAGE_VAR_SABNZBD}}"; key = "{{HOMEPAGE_VAR_SABNZBD}}";
}; };
}; };
@@ -231,9 +231,9 @@
icon = "paperless.png"; icon = "paperless.png";
href = url; href = url;
widget = { widget = {
inherit url;
type = name; type = name;
key = "{{HOMEPAGE_VAR_PAPERLESS}}"; key = "{{HOMEPAGE_VAR_PAPERLESS}}";
inherit url;
fields = [ fields = [
"total" "total"
"inbox" "inbox"
@@ -262,9 +262,9 @@
icon = "${name}.png"; icon = "${name}.png";
href = url; href = url;
widget = { widget = {
inherit url;
type = name; type = name;
key = "{{HOMEPAGE_VAR_STASH}}"; key = "{{HOMEPAGE_VAR_STASH}}";
inherit url;
fields = [ fields = [
"scenes" "scenes"
"images" "images"

4
modules/servers/homepage/widgets.nix
View File

@@ -22,14 +22,12 @@
{ {
openweathermap = { openweathermap = {
label = "Apodaca"; label = "Apodaca";
format.maximumFractionDigits = 1;
latitude = 25.760339; latitude = 25.760339;
longitude = -100.2190662; longitude = -100.2190662;
units = "metric"; units = "metric";
provider = "openweathermap"; provider = "openweathermap";
cache = 5; cache = 5;
format = {
maximumFractionDigits = 1;
};
}; };
} }
] ]

4
modules/servers/jellyfin.nix
View File

@@ -54,11 +54,9 @@ in
}; };
timers.sub-sync = { timers.sub-sync = {
enable = true; enable = true;
timerConfig.OnCalendar = "20:00";
description = "syncronizes subtitles downloaded & modified today"; description = "syncronizes subtitles downloaded & modified today";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "20:00";
};
}; };
}; };
}) })

10
modules/servers/lidarr.nix
View File

@@ -13,11 +13,6 @@ in
autoStart = true; autoStart = true;
image = "linuxserver/lidarr:latest"; image = "linuxserver/lidarr:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environment = {
TZ = config.my.timeZone;
PUID = toString config.users.users.jawz.uid;
PGID = toString config.users.groups.piracy.gid;
};
volumes = [ volumes = [
"/srv/pool/multimedia:/data" "/srv/pool/multimedia:/data"
"/srv/pool/multimedia/media/Music:/music" "/srv/pool/multimedia/media/Music:/music"
@@ -31,5 +26,10 @@ in
extraOptions = [ extraOptions = [
"--network=host" "--network=host"
]; ];
environment = {
TZ = config.my.timeZone;
PUID = toString config.users.users.jawz.uid;
PGID = toString config.users.groups.piracy.gid;
};
}; };
} }

2
modules/servers/maloja.nix
View File

@@ -15,6 +15,7 @@ in
image = "krateng/maloja:latest"; image = "krateng/maloja:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.maloja.path ]; environmentFiles = [ config.sops.secrets.maloja.path ];
volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
MALOJA_TIMEZONE = "-6"; MALOJA_TIMEZONE = "-6";
@@ -23,7 +24,6 @@ in
MALOJA_DATA_DIRECTORY = "/mljdata"; MALOJA_DATA_DIRECTORY = "/mljdata";
MALOJA_SKIP_SETUP = "true"; MALOJA_SKIP_SETUP = "true";
}; };
volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
}; };
}; };
} }

2
modules/servers/multi-scrobbler.nix
View File

@@ -15,6 +15,7 @@ in
image = "foxxmd/multi-scrobbler:latest"; image = "foxxmd/multi-scrobbler:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.multi-scrobbler.path ]; environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
PUID = toString config.users.users.jawz.uid; PUID = toString config.users.users.jawz.uid;
@@ -25,7 +26,6 @@ in
PLEX_URL = "http://192.168.100.15:32400"; PLEX_URL = "http://192.168.100.15:32400";
WS_ENABLE = "true"; WS_ENABLE = "true";
}; };
volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
}; };
}; };
} }

26
modules/servers/nextcloud.nix
View File

@@ -21,8 +21,8 @@ let
version = "12.70"; version = "12.70";
in in
{ {
pname = "Image-ExifTool";
inherit version; inherit version;
pname = "Image-ExifTool";
src = pkgs.fetchurl { src = pkgs.fetchurl {
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4="; hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
@@ -54,7 +54,9 @@ in
"openssl-1.1.1v" "openssl-1.1.1v"
]; ];
users = { users = {
groups.nextcloud = { inherit gid; }; groups.nextcloud = {
inherit gid;
};
users.nextcloud = { users.nextcloud = {
inherit uid; inherit uid;
isSystemUser = true; isSystemUser = true;
@@ -189,20 +191,24 @@ in
go-vod = lib.mkIf config.my.servers.go-vod.enable { go-vod = lib.mkIf config.my.servers.go-vod.enable {
autoStart = true; autoStart = true;
image = "radialapps/go-vod:latest"; image = "radialapps/go-vod:latest";
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
NVIDIA_VISIBLE_DEVICES = "all"; NVIDIA_VISIBLE_DEVICES = "all";
}; };
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
}; };
collabora = lib.mkIf cfgC.enable { collabora = lib.mkIf cfgC.enable {
autoStart = true; autoStart = true;
image = "collabora/code:latest"; image = "collabora/code:latest";
ports = [ "${toString cfgC.port}:${toString cfgC.port}" ]; ports = [ "${toString cfgC.port}:${toString cfgC.port}" ];
extraOptions = [
"--cap-add"
"MKNOD"
];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
domain = cfg.host; domain = cfg.host;
@@ -219,10 +225,6 @@ in
DONT_GEN_SSL_CERT = "1"; DONT_GEN_SSL_CERT = "1";
SLEEPFORDEBUGGER = "0"; SLEEPFORDEBUGGER = "0";
}; };
extraOptions = [
"--cap-add"
"MKNOD"
];
}; };
}; };
systemd = lib.mkIf cfg.enableCron { systemd = lib.mkIf cfg.enableCron {
@@ -248,11 +250,9 @@ in
}; };
timers.nextcloud-cronjob = { timers.nextcloud-cronjob = {
enable = true; enable = true;
timerConfig.OnCalendar = "*:0/10";
description = "Runs various nextcloud-related cronjobs"; description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
}; };
}; };
}) })

20
modules/servers/qbittorrent.nix
View File

@@ -99,16 +99,6 @@ in
}; };
user = { user = {
services = { services = {
qbit_manage = {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "oneshot";
TimeoutStartSec = "5min";
ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
};
};
unpackerr = lib.mkIf config.my.servers.unpackerr.enable { unpackerr = lib.mkIf config.my.servers.unpackerr.enable {
enable = true; enable = true;
restartIfChanged = true; restartIfChanged = true;
@@ -130,6 +120,16 @@ in
ExecStart = "${pkgs.unpackerr}/bin/unpackerr"; ExecStart = "${pkgs.unpackerr}/bin/unpackerr";
}; };
}; };
qbit_manage = {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "oneshot";
TimeoutStartSec = "5min";
ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
};
};
}; };
timers.qbit_manage = { timers.qbit_manage = {
enable = true; enable = true;

2
modules/servers/ryot.nix
View File

@@ -15,13 +15,13 @@ in
image = "ghcr.io/ignisda/ryot:v10"; image = "ghcr.io/ignisda/ryot:v10";
ports = [ "${toString cfg.port}:8000" ]; ports = [ "${toString cfg.port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ]; environmentFiles = [ config.sops.secrets.ryot.path ];
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
environment = { environment = {
RUST_LOG = "ryot=debug,sea_orm=debug"; RUST_LOG = "ryot=debug,sea_orm=debug";
TZ = config.my.timeZone; TZ = config.my.timeZone;
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}"; DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true"; FRONTEND_INSECURE_COOKIES = "true";
}; };
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
}; };
}; };
} }

8
modules/servers/synapse.nix
View File

@@ -28,8 +28,12 @@ in
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf (cfg.enable && config.my.secureHost) { (lib.mkIf (cfg.enable && config.my.secureHost) {
my.servers = { my.servers = {
synapse = { inherit domain; }; synapse = {
element = { inherit domain; }; inherit domain;
};
element = {
inherit domain;
};
}; };
users.groups.matrix-synapse = { inherit gid; }; users.groups.matrix-synapse = { inherit gid; };
users.users.matrix-synapse = { users.users.matrix-synapse = {

2
modules/servers/synctube.nix
View File

@@ -17,8 +17,8 @@ let
version ? "git", version ? "git",
}: }:
pkgs.stdenvNoCC.mkDerivation { pkgs.stdenvNoCC.mkDerivation {
name = "${libname}-${version}";
inherit src; inherit src;
name = "${libname}-${version}";
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
mkdir -p "$out/lib/haxe/${withCommas libname}/${withCommas version}" mkdir -p "$out/lib/haxe/${withCommas libname}/${withCommas version}"

2
modules/servers/yamtrack.nix
View File

@@ -18,6 +18,7 @@ in
ports = [ "${toString cfg.port}:8000" ]; ports = [ "${toString cfg.port}:8000" ];
dependsOn = [ "yamtrack-redis" ]; dependsOn = [ "yamtrack-redis" ];
environmentFiles = [ config.sops.secrets.yamtrack.path ]; environmentFiles = [ config.sops.secrets.yamtrack.path ];
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
URLS = cfg.url; URLS = cfg.url;
@@ -31,7 +32,6 @@ in
REDIS_URL = "redis://yamtrack-redis:6379/0"; REDIS_URL = "redis://yamtrack-redis:6379/0";
SOCIAL_PROVIDERS = "allauth.socialaccount.providers.openid_connect"; SOCIAL_PROVIDERS = "allauth.socialaccount.providers.openid_connect";
}; };
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
}; };
}; };
}; };

24
modules/services/network.nix
View File

@@ -38,18 +38,6 @@ in
"${config.my.localhost6}:53" "${config.my.localhost6}:53"
] ]
++ lib.optionals config.my.services.wireguard.enable wgListenAddrs; ++ lib.optionals config.my.services.wireguard.enable wgListenAddrs;
query_log = {
file = "/var/lib/dnscrypt-proxy/query.log";
format = "tsv";
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
server_names = [ server_names = [
"adfilter-adl" "adfilter-adl"
"adfilter-adl-ipv6" "adfilter-adl-ipv6"
@@ -65,6 +53,18 @@ in
"quad9-dnscrypt-ip6-filter-pri" "quad9-dnscrypt-ip6-filter-pri"
"ibksturm" "ibksturm"
]; ];
query_log = {
file = "/var/lib/dnscrypt-proxy/query.log";
format = "tsv";
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
}; };
}; };
}; };

6
modules/services/nvidia.nix
View File

@@ -29,8 +29,10 @@
open = config.networking.hostName == "workstation"; open = config.networking.hostName == "workstation";
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true; modesetting.enable = true;
powerManagement.enable = true; powerManagement = {
powerManagement.finegrained = false; enable = true;
finegrained = false;
};
}; };
}; };
}; };

6
modules/services/sound.nix
View File

@@ -11,10 +11,12 @@
security.rtkit.enable = true; # make pipewire realtime-capable security.rtkit.enable = true; # make pipewire realtime-capable
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
wireplumber.enable = true; wireplumber.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
# lowLatency = { # lowLatency = {
# enable = true; # enable = true;
# quantum = 64; # quantum = 64;

8
modules/services/syncthing.nix
View File

@@ -49,10 +49,6 @@ in
relaysEnabled = false; relaysEnabled = false;
globalAnnounceEnabled = false; globalAnnounceEnabled = false;
}; };
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
devices = devices =
let let
mkWgDevice = name: id: { mkWgDevice = name: id: {
@@ -75,6 +71,10 @@ in
wg-friend4 = mkWgDevice "wg-friend4" "7YPUQ4Y-2UVEAXI-KBQVU7R-B6R5O36-GDQPTOY-3R3OG7H-BVWVOTD-EX52VQM"; wg-friend4 = mkWgDevice "wg-friend4" "7YPUQ4Y-2UVEAXI-KBQVU7R-B6R5O36-GDQPTOY-3R3OG7H-BVWVOTD-EX52VQM";
wg-friend6 = mkWgDevice "wg-friend6" "STQGYJV-YNFX6PB-NK63JBV-7HS74L4-AMF2QWA-KAFLXZA-3FELLSB-TE65ZQI"; wg-friend6 = mkWgDevice "wg-friend6" "STQGYJV-YNFX6PB-NK63JBV-7HS74L4-AMF2QWA-KAFLXZA-3FELLSB-TE65ZQI";
}; };
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
folders = { folders = {
cache = mkMobile "~/Downloads/cache/"; cache = mkMobile "~/Downloads/cache/";
friends = mkMobile "~/Pictures/Artist/friends/"; friends = mkMobile "~/Pictures/Artist/friends/";

4
modules/websites/lidarr-mb-report.nix
View File

@@ -11,9 +11,7 @@ let
''; '';
in in
{ {
options.my.websites.lidarrMbReport = { options.my.websites.lidarrMbReport.enableProxy = lib.mkEnableOption "lidarr mb report static site";
enableProxy = lib.mkEnableOption "lidarr mb report static site";
};
config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) { config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
services.nginx.virtualHosts."mb-report.lebubu.org" = { services.nginx.virtualHosts."mb-report.lebubu.org" = {
forceSSL = true; forceSSL = true;

4
modules/websites/portfolio.nix
View File

@@ -57,9 +57,7 @@ let
}; };
in in
{ {
options.my.websites.portfolio = { options.my.websites.portfolio.enableProxy = lib.mkEnableOption "portfolio and blog static sites";
enableProxy = lib.mkEnableOption "portfolio and blog static sites";
};
config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) { config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"www.danilo-reyes.com" = { "www.danilo-reyes.com" = {

4
parts/core.nix
View File

@@ -259,15 +259,15 @@ in
mkEnabledIp = ip: name: { mkEnabledIp = ip: name: {
inherit name; inherit name;
value = { value = {
enable = true;
inherit ip; inherit ip;
enable = true;
}; };
}; };
mkEnabledProxyIp = ip: name: { mkEnabledProxyIp = ip: name: {
inherit name; inherit name;
value = { value = {
enableProxy = true;
inherit ip; inherit ip;
enableProxy = true;
}; };
}; };
enableList = func: list: list |> map func |> builtins.listToAttrs; enableList = func: list: list |> map func |> builtins.listToAttrs;

8
parts/hosts.nix
View File

@@ -1,6 +1,10 @@
{ inputs, ... }: { inputs, ... }:
{ {
flake = { flake = {
homeConfigurations.mac = inputs.self.lib.createHomeConfig {
name = "mac";
system = "aarch64-darwin";
};
nixosConfigurations = { nixosConfigurations = {
workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs; workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs;
miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small; miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small;
@@ -9,9 +13,5 @@
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs; emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
vps = inputs.self.lib.createConfig "vps" inputs.nixpkgs-small; vps = inputs.self.lib.createConfig "vps" inputs.nixpkgs-small;
}; };
homeConfigurations.mac = inputs.self.lib.createHomeConfig {
name = "mac";
system = "aarch64-darwin";
};
}; };
} }

6
parts/packages.nix
View File

@@ -34,8 +34,10 @@
( (
{ lib, ... }: { lib, ... }:
{ {
my.secureHost = lib.mkForce false; my = {
my.build.baseImage = true; secureHost = lib.mkForce false;
build.baseImage = true;
};
} }
) )
]; ];