From 899928c1efdccc9b59803b79f1e7cfe9b80a29b0 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Sun, 9 Jun 2024 12:03:43 -0600 Subject: [PATCH] miniserver init --- flake.nix | 11 + hosts/miniserver/configuration.nix | 575 +--------- hosts/miniserver/configuration.org | 1017 ----------------- .../{fstab.nix => hardware-configuration.nix} | 27 +- hosts/miniserver/mail.nix | 37 - hosts/miniserver/openldap.nix | 83 -- hosts/miniserver/scripts/update-dns.sh | 55 - hosts/miniserver/servers.nix | 4 +- hosts/workstation/configuration.nix | 1 - jawz.nix | 1 + modules/apps/gaming.nix | 48 +- modules/apps/internet.nix | 34 +- modules/scripts.nix | 15 +- modules/scripts/download.nix | 4 +- modules/scripts/ffmpeg4discord.nix | 4 +- modules/scripts/ffmpreg.nix | 4 +- modules/scripts/find-dup-episode.nix | 4 +- modules/scripts/manage-library.nix | 4 +- modules/scripts/pika-list.nix | 4 +- modules/scripts/run.nix | 4 +- modules/scripts/split-dir.nix | 4 +- modules/scripts/tasks.nix | 4 +- modules/scripts/update-dns.nix | 4 +- modules/shell/tools.nix | 1 + overlay.nix | 5 - pkgs/fooyin/default.nix | 43 - 26 files changed, 141 insertions(+), 1856 deletions(-) delete mode 100644 hosts/miniserver/configuration.org rename hosts/miniserver/{fstab.nix => hardware-configuration.nix} (92%) delete mode 100644 hosts/miniserver/mail.nix delete mode 100644 hosts/miniserver/openldap.nix delete mode 100644 hosts/miniserver/scripts/update-dns.sh delete mode 100644 pkgs/fooyin/default.nix diff --git a/flake.nix b/flake.nix index c974071..37b7504 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,17 @@ ]; specialArgs = { inherit inputs outputs; }; }; + miniserver = lib.nixosSystem { + inherit system; + modules = [ + ./hosts/miniserver/configuration.nix + ({ pkgs, ... }: { + nixpkgs.overlays = + [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ]; + }) + ]; + specialArgs = { inherit inputs outputs; }; + }; }; }; } diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix index 978ab26..f02a21f 100644 --- a/hosts/miniserver/configuration.nix +++ b/hosts/miniserver/configuration.nix @@ -1,92 +1,59 @@ { config, lib, pkgs, ... }: let - version = "23.11"; - myEmail = "CaptainJawZ@outlook.com"; - myName = "Danilo Reyes"; - cpuArchitecture = "alderlake"; - home-manager = builtins.fetchTarball - # "https://github.com/nix-community/home-manager/archive/master.tar.gz"; - "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; - unstable = import - (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { - config = config.nixpkgs.config; + stream-dl = pkgs.writeScriptBin "stream-dl" + (builtins.readFile ../../scripts/stream-dl.sh); +in { + imports = + [ ./servers.nix ./docker.nix ./hardware-configuration.nix ../../base.nix ]; + my = { + emacs.enable = true; + apps.dictionaries.enable = true; + shell.tools.enable = true; + services.network.enable = true; + dev = { + nix.enable = true; + python.enable = true; + sh.enable = true; }; - jawzManageLibrary = pkgs.writeScriptBin "manage-library" - (builtins.readFile ../scripts/manage-library.sh); - jawzTasks = - pkgs.writeScriptBin "tasks" (builtins.readFile ../scripts/tasks.sh); - jawzSubs = - pkgs.writeScriptBin "sub-sync" (builtins.readFile ../scripts/sub-sync.sh); - jawzStream = - pkgs.writeScriptBin "stream-dl" (builtins.readFile ../scripts/stream-dl.sh); -in { # Remember to close this bracket at the end of the document - - imports = [ - ./fstab.nix - ./servers.nix - ./docker.nix - # ./mail.nix - # ./openldap.nix - # - (import "${home-manager}/nixos") - ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + scripts = { + run.enable = true; + split-dir.enable = true; + download.enable = true; + ffmpreg.enable = true; + ffmpeg4discord.enable = true; + manage-library.enable = true; + sync-subs.enable = true; + pika-list.enable = true; + find-dup-episodes.enable = true; + }; + }; + fonts.fontconfig.enable = true; networking = { - useDHCP = lib.mkDefault true; - enableIPv6 = false; hostName = "miniserver"; - networkmanager.enable = true; - extraHosts = '' - 192.168.1.64 workstation - 192.168.1.69 server - ''; firewall = let open_firewall_ports = [ 51413 # torrent sedding 9091 # qbittorrent 2049 # nfs ]; - open_firewall_port_ranges = [ ]; in { - enable = true; allowPing = true; allowedTCPPorts = open_firewall_ports; allowedUDPPorts = open_firewall_ports; - allowedTCPPortRanges = open_firewall_port_ranges; - allowedUDPPortRanges = open_firewall_port_ranges; }; }; - - time.timeZone = "America/Mexico_City"; - i18n = { - defaultLocale = "en_CA.UTF-8"; - extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; }; - }; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - # useXkbConfig = true; # use xkbOptions in tty. - }; - - system = { - copySystemConfiguration = true; - stateVersion = "${version}"; - }; nix = let featuresList = [ "nixos-test" "benchmark" "big-parallel" "kvm" - "gccarch-${cpuArchitecture}" "gccarch-znver3" + "gccarch-skylake" + "gccarch-alderlake" ]; in { - gc = { - automatic = true; - dates = "weekly"; - }; + distributedBuilds = true; buildMachines = [{ hostName = "workstation"; system = "x86_64-linux"; @@ -95,63 +62,26 @@ in { # Remember to close this bracket at the end of the document speedFactor = 1; supportedFeatures = featuresList; }]; - distributedBuilds = true; settings = { cores = 3; auto-optimise-store = true; trusted-users = [ "nixremote" ]; system-features = featuresList; - substituters = [ - "https://nix-gaming.cachix.org" - "https://nixpkgs-python.cachix.org" - "https://devenv.cachix.org" - "https://cuda-maintainers.cachix.org" - ]; - trusted-public-keys = [ - "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" - "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; }; }; - + nixpkgs.config = { + allowUnfree = true; + permittedInsecurePackages = [ "openssl-1.1.1w" ]; + }; security = { + rtkit.enable = true; acme = { acceptTerms = true; - defaults.email = myEmail; + defaults.email = "CaptainJawZ@outlook.com"; }; - rtkit.enable = true; - sudo = { - enable = true; - wheelNeedsPassword = false; - }; - pam.loginLimits = [{ - domain = "*"; - type = "soft"; - item = "nofile"; - value = "8192"; - }]; }; - - nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; - config = { - allowUnfree = true; - permittedInsecurePackages = [ "openssl-1.1.1w" ]; - }; - # localSystem = { - # gcc.arch = cpuArchitecture; - # gcc.tune = cpuArchitecture; - # system = "x86_64-linux"; - # }; - }; - users = { - groups.nixremote = { - name = "nixremote"; - gid = 555; - }; + groups.nixremote.gid = 555; users.nixremote = { isNormalUser = true; createHome = true; @@ -159,361 +89,17 @@ in { # Remember to close this bracket at the end of the document home = "/var/nixremote/"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation" - "" ]; }; }; - users.users.jawz = { - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "docker" - "scanner" - "lp" - "piracy" - "kavita" - "render" - "video" - ]; - initialPassword = "password"; - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server" - ]; - }; - - packages = (with pkgs; [ - - hunspell - hunspellDicts.it_IT - hunspellDicts.es_MX - hunspellDicts.en_CA - - symbola - - unstable.yt-dlp # downloads videos from most video websites - unstable.gallery-dl # similar to yt-dlp but for most image gallery websites - - fd # modern find, faster searches - fzf # fuzzy finder! super cool and useful - gdu # disk-space utility, somewhat useful - du-dust # rusty du - trash-cli # oop! didn't meant to delete that - eza # like ls but with colors - rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS - smartmontools # check hard drie health - - jawzManageLibrary - jawzTasks - jawzSubs - jawzStream - (writeScriptBin "ffmpeg4discord" - (builtins.readFile ../scripts/ffmpeg4discord.py)) - (writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh)) - (writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh)) - (writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh)) - (writeScriptBin "run" (builtins.readFile ../scripts/run.sh)) - (writeScriptBin "find-dup-episodes" - (builtins.readFile ../scripts/find-dup-episodes.sh)) - - tldr # man for retards - - # SH - bats # testing system, required by Exercism - bashdb # autocomplete - shellcheck # linting - shfmt # a shell parser and formatter - - # NIX - expect # keep color when nom'ing - nix-output-monitor # autistic nix builds - nixfmt # linting - cachix # why spend time compiling? - - # PYTHON. - (python3.withPackages (ps: - with ps; [ - flake8 # wraper for pyflakes, pycodestyle and mccabe - isort # sort Python imports - nose # testing and running python scripts - pyflakes # checks source code for errors - pytest # framework for writing tests - speedtest-cli # check internet speed from the comand line - editorconfig # follow rules of contributin - black # Python code formatter - pylint # bug and style checker for python - ])) # base language - - ]) ++ (with pkgs.python3Packages; [ - (buildPythonApplication rec { - pname = "download"; - version = "1.5"; - src = ../scripts/download/.; - doCheck = false; - buildInputs = [ setuptools ]; - propagatedBuildInputs = [ pyyaml types-pyyaml ]; - }) - (buildPythonApplication rec { - pname = "ffpb"; - version = "0.4.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk="; - }; - doCheck = false; - buildInputs = [ setuptools ]; - propagatedBuildInputs = [ tqdm ]; - }) - # (buildPythonApplication rec { - # pname = "qbit_manage"; - # version = "4.0.3"; - # src = fetchPypi { - # inherit pname version; - # sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk="; - # }; - # doCheck = true; - # buildInputs = [ setuptools ]; - # propagatedBuildInputs = - # [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ]; - # }) - - ]) ++ (with pkgs.nodePackages; [ - # Language servers - dockerfile-language-server-nodejs - yaml-language-server - bash-language-server - vscode-json-languageserver - pyright - - markdownlint-cli # Linter - prettier # Linter - pnpm # Package manager - - ]); - }; # <--- end of package list - - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - users.jawz = { config, pkgs, ... }: { - home.stateVersion = "${version}"; - - programs.bash = { - enable = true; - historyFile = "\${XDG_STATE_HOME}/bash/history"; - historyControl = [ "erasedups" "ignorespace" ]; - shellAliases = { - hh = "hstr"; - ls = "eza --icons --group-directories-first"; - edit = "emacsclient -t"; - comic = ''download -u jawz -i "$(cat $LC | fzf --multi --exact -i)"''; - gallery = - ''download -u jawz -i "$(cat $LW | fzf --multi --exact -i)"''; - cp = "cp -i"; - mv = "mv -i"; - mkcd = ''mkdir -pv "$1" && cd "$1" || exit''; - mkdir = "mkdir -p"; - rm = "trash"; - ".." = "cd .."; - "..." = "cd ../.."; - ".3" = "cd ../../.."; - ".4" = "cd ../../../.."; - ".5" = "cd ../../../../.."; - dl = "download -u jawz -i"; - e = "edit"; - c = "cat"; - f = "fzf --multi --exact -i"; - sc = "systemctl --user"; - jc = "journalctl --user -xefu"; - open-gallery = '' - cd /mnt/pool/scrapping/JawZ/gallery-dl && - xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"''; - unique-extensions = '' - fd -tf | rev | cut -d. -f1 | rev | - tr '[:upper:]' '[:lower:]' | sort | - uniq --count | sort -rn''; - }; - enableVteIntegration = true; - initExtra = '' - $HOME/.local/bin/pokemon-colorscripts -r --no-title - # Lists - list_root="${config.xdg.configHome}"/jawz/lists/jawz - export LW=$list_root/watch.txt - export LI=$list_root/instant.txt - export LC=$list_root/comic.txt - export command_timeout=30 - - if command -v fzf-share >/dev/null; then - source "$(fzf-share)/key-bindings.bash" - source "$(fzf-share)/completion.bash" - fi - - nixos-reload () { - nixfmt /home/jawz/Development/NixOS/miniserver/*.nix - sudo unbuffer nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/miniserver/configuration.nix |& nom - } - ''; - }; - - xdg = { - enable = true; - userDirs = { - enable = true; - createDirectories = false; - desktop = "${config.home.homeDirectory}"; - documents = "${config.home.homeDirectory}/Documents"; - download = "${config.home.homeDirectory}/Downloads"; - music = "${config.home.homeDirectory}/Music"; - pictures = "${config.home.homeDirectory}/Pictures"; - templates = "${config.xdg.dataHome}/Templates"; - videos = "${config.home.homeDirectory}/Videos"; - }; - configFile = { - "wgetrc".source = ../dotfiles/wget/wgetrc; - "configstore/update-notifier-npm-check.json".source = - ../dotfiles/npm/update-notifier-npm-check.json; - "npm/npmrc".source = ../dotfiles/npm/npmrc; - "gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json; - "htop/htoprc".source = ../dotfiles/htop/htoprc; - "python/pythonrc".source = ../dotfiles/pythonrc; - "unpackerr.conf".source = ../dotfiles/unpackerr.conf; - }; - }; - - programs = { - helix = { enable = true; }; - hstr.enable = true; - emacs.enable = true; - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - }; - bat = { - enable = true; - config = { - pager = "less -FR"; - theme = "base16"; - }; - extraPackages = with pkgs.bat-extras; [ - batman # man pages - batpipe # piping - batgrep # ripgrep - batdiff # this is getting crazy! - batwatch # probably my next best friend - prettybat # trans your sourcecode! - ]; - }; - git = { - enable = true; - userName = "${myName}"; - userEmail = "${myEmail}"; - }; - htop = { - enable = true; - package = pkgs.htop-vim; - }; - }; - - services = { - lorri.enable = true; - emacs = { - enable = true; - defaultEditor = true; - package = pkgs.emacs; - startWithUserSession = "graphical"; - }; - }; - - }; - }; - - environment = { - systemPackages = with pkgs; [ - wget - jellyfin-ffmpeg # coolest video converter! - mediainfo - dlib - fd - ripgrep - ]; - variables = rec { - # PATH - XDG_CACHE_HOME = "\${HOME}/.cache"; - XDG_CONFIG_HOME = "\${HOME}/.config"; - XDG_BIN_HOME = "\${HOME}/.local/bin"; - XDG_DATA_HOME = "\${HOME}/.local/share"; - XDG_STATE_HOME = "\${HOME}/.local/state"; - - # DEV PATH - CABAL_DIR = "${XDG_CACHE_HOME}/cabal"; - CARGO_HOME = "${XDG_DATA_HOME}/cargo"; - GEM_HOME = "${XDG_DATA_HOME}/ruby/gems"; - GEM_PATH = "${XDG_DATA_HOME}/ruby/gems"; - GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs"; - GOPATH = "${XDG_DATA_HOME}/go"; - NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc"; - PNPM_HOME = "${XDG_DATA_HOME}/pnpm"; - PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history"; - REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history"; - WINEPREFIX = "${XDG_DATA_HOME}/wine"; - PYTHONSTARTUP = "${XDG_CONFIG_HOME}/python/pythonrc"; - STACK_ROOT = "${XDG_DATA_HOME}/stack"; - - # OPTIONS - HISTFILE = "${XDG_STATE_HOME}/bash/history"; - LESSHISTFILE = "-"; - GHCUP_USE_XDG_DIRS = "true"; - RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; - ELECTRUMDIR = "${XDG_DATA_HOME}/electrum"; - VISUAL = "emacsclient -ca emacs"; - WGETRC = "${XDG_CONFIG_HOME}/wgetrc"; - XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose"; - "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java"; - DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker"; - - # NVIDIA - CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv"; - - # Themes - # WEBKIT_DISABLE_COMPOSITING_MODE = "1"; - CALIBRE_USE_SYSTEM_THEME = "1"; - - PATH = [ - "\${HOME}/.local/bin" - "${XDG_CONFIG_HOME}/emacs/bin" - "${XDG_DATA_HOME}/npm/bin" - "${XDG_DATA_HOME}/pnpm" - ]; - - # needed for tensorflow - # CUDA_PATH = "${pkgs.cudatoolkit}"; - # # LD_LIBRARY_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib:${pkgs.ncurses5}/lib"; - # EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"; - # EXTRA_CCFLAGS = "-I/usr/include"; - }; - }; - - programs = { - starship.enable = true; - tmux.enable = true; - fzf.fuzzyCompletion = true; - neovim = { - enable = true; - vimAlias = true; - }; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - + environment.systemPackages = with pkgs; [ + wget + jellyfin-ffmpeg # coolest video converter! + mediainfo # nextcloud + dlib + ]; services = { + btrfs.autoScrub.fileSystems = [ "/mnt/pool" ]; # minidlna = { # enable = true; # openFirewall = true; @@ -524,27 +110,7 @@ in { # Remember to close this bracket at the end of the document # ]; # }; # }; - avahi = { - enable = true; - nssmdns = true; - }; - fstrim.enable = true; - smartd.enable = true; - btrfs.autoScrub = { - enable = true; - fileSystems = [ "/" "/mnt/pool" ]; - }; - openssh = { - enable = true; - openFirewall = true; - startWhenNeeded = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; }; - systemd = { packages = let pkgs = import (builtins.fetchTarball { @@ -568,11 +134,11 @@ in { # Remember to close this bracket at the end of the document description = "monitors a stream channel for online streams."; restartIfChanged = true; wantedBy = [ "default.target" ]; - path = [ pkgs.nix jawzStream ]; + path = [ pkgs.nix stream-dl ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; - ExecStart = "${jawzStream}/bin/stream-dl %I"; + ExecStart = "${stream-dl}/bin/stream-dl %I"; }; }; # unpackerr = { @@ -586,30 +152,6 @@ in { # Remember to close this bracket at the end of the document # ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf"; # }; # }; - manage-library = { - enable = true; - restartIfChanged = true; - description = "Run the manage library bash script"; - wantedBy = [ "default.target" ]; - path = [ pkgs.nix jawzManageLibrary ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${jawzManageLibrary}/bin/manage-library"; - }; - }; - tasks = { - restartIfChanged = true; - description = - "Run a tasks script which keeps a lot of things organized"; - wantedBy = [ "default.target" ]; - path = [ pkgs.nix jawzTasks ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${jawzTasks}/bin/tasks"; - }; - }; qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in { restartIfChanged = true; @@ -641,19 +183,6 @@ in { # Remember to close this bracket at the end of the document "stream@tommy9x6" = streamTimer // { }; "stream@brocollirob" = streamTimer // { }; "stream@tomayto\\x20picarto" = streamTimer // { }; - tasks = { - enable = true; - description = - "Run a tasks script which keeps a lot of things organized"; - wantedBy = [ "timers.target" ]; - timerConfig = { OnCalendar = "*:0/10"; }; - }; - manage-library = { - enable = true; - description = "Run the manage library bash script"; - wantedBy = [ "timers.target" ]; - timerConfig = { OnCalendar = "00:30"; }; - }; qbit_manage = { enable = true; description = "Tidy up my torrents"; @@ -663,16 +192,4 @@ in { # Remember to close this bracket at the end of the document }; }; }; - - fonts.fontconfig.enable = true; - - hardware = { - cpu.intel.updateMicrocode = lib.mkDefault true; - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; - }; - } diff --git a/hosts/miniserver/configuration.org b/hosts/miniserver/configuration.org deleted file mode 100644 index dc11934..0000000 --- a/hosts/miniserver/configuration.org +++ /dev/null @@ -1,1017 +0,0 @@ -#+TITLE: JawZ NixOS server configuration -#+AUTHOR: Danilo Reyes -#+PROPERTY: header-args :tangle configuration.nix -#+auto_tangle: t - -* TODO [0/6] -- [ ] System configurations [0/8] - - [ ] fail2ban -- [ ] Misc [0/3] - - [ ] Figure out how to get rid of xterm - - -* DECLARATION -Here I will declare the dependencies and variables that I call multiple times -through the config file, such as the current version of NixOS, repositories and -even some scripts that I reuse on systemd configurations. - -- version: used by both NixOS and home-manager to dictate the state repository - from which to pull configurations, modules and packages. -- myEmail myName: used by git and acme -- cpuArchitecture: used by NixOS to optimize the compiled binaries to my current - CPU specifications. -- home-manager: the channel containing the packages matching the NixOS state - version, with a commented out to the unstable master. -- unstable: a sort of overlay that allows to prepend "unstable" to a package, - to pull from the unstable channel rather than precompiled binaries on a case - by case use. -- jawz*: scripts that will reuse multiple times through the config, such as - on systemd, and as such this feels like a safe way to compile them only once. - -#+begin_src nix -{ config, pkgs, lib, ... }: -let - version = "23.11"; - myEmail = "CaptainJawZ@outlook.com"; - myName = "Danilo Reyes"; - cpuArchitecture = "alderlake"; - home-manager = builtins.fetchTarball - # "https://github.com/nix-community/home-manager/archive/master.tar.gz"; - "https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; - unstable = import - (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { - config = config.nixpkgs.config; - }; - jawzManageLibrary = pkgs.writeScriptBin - "manage-library" (builtins.readFile ../scripts/manage-library.sh); - jawzTasks = pkgs.writeScriptBin - "tasks" (builtins.readFile ../scripts/tasks.sh); - jawzSubs = pkgs.writeScriptBin - "sub-sync" (builtins.readFile ../scripts/sub-sync.sh); - jawzStream = pkgs.writeScriptBin - "stream-dl" (builtins.readFile ../scripts/stream-dl.sh); -in -{ # Remember to close this bracket at the end of the document -#+end_src - -These are files and modules which get loaded onto the configuration file, in the -future I may segment this file into different modules once it becomes too -cluttered, for example, I may create a module for systemd units. - -- agenix: an encryption system which cleans up the nix-configuration files from -passwords and other secrets. - -#+begin_src nix -imports = [ - ./fstab.nix - ./servers.nix - ./docker.nix - # ./mail.nix - # ./openldap.nix - # - (import "${home-manager}/nixos") -]; -#+end_src - -* SYSTEM CONFIGURATION -** NETWORKING -Sets sensible networking options, such as setting up a hostname, and creating a -hosts file with the static IP and hostname of other devices on my network. - -Also open ports on the firewall for LAN connectivity, and well keeping commented -what each port does, I declared the firwewall ports with variables, because I -don't care to figure out whether I need TCP or UDP so let's open both, and -repetition is maddening. - -#+begin_src nix -powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; -networking = { - useDHCP = lib.mkDefault true; - enableIPv6 = false; - hostName = "miniserver"; - networkmanager.enable = true; - extraHosts = '' - 192.168.1.64 workstation - 192.168.1.69 server - ''; - firewall = let - open_firewall_ports = [ - 51413 # torrent sedding - 9091 # qbittorrent - 2049 # nfs - ]; - open_firewall_port_ranges = [ ]; - in - { - enable = true; - allowPing = true; - allowedTCPPorts = open_firewall_ports; - allowedUDPPorts = open_firewall_ports; - allowedTCPPortRanges = open_firewall_port_ranges; - allowedUDPPortRanges = open_firewall_port_ranges; - }; -}; -#+end_src - -** TIMEZONE & LOCALE -For some reason, useXkbConfig throws an error when building the system, either -way it is an unnecessary setting as my keyboards are the default en_US, only -locale set to Canadian out because I prefer how it displays the date. -LC_MONETARY, it's also a personal preference. - -#+begin_src nix -time.timeZone = "America/Mexico_City"; -i18n = { - defaultLocale = "en_CA.UTF-8"; - extraLocaleSettings = { - LC_MONETARY = "es_MX.UTF-8"; - }; -}; -console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - # useXkbConfig = true; # use xkbOptions in tty. -}; -#+end_src - -** SYSTEM/NIX CONFIGURATIONS -The first setting creates a copy the NixOS configuration file and link it from -the resulting system (/run/current-system/configuration.nix). This is useful in -case you accidentally delete configuration.nix. - -The version value determines the NixOS release from which the default settings for -stateful data, like file locations and database versions on your system. -It‘s perfectly fine and recommended to leave this value at the release version -of the first install of this system. - -Lastly I configure in here cachix repositories, which is a website that keeps a -cache of nixbuilds for easy quick deployments without having to compile -everything from scratch. - -- gc: automatically garbage-collects. -- auto-optimise-store: hard-links binaries whenever possible. -- system-features: features present on compiling time. - -#+begin_src nix -system = { - copySystemConfiguration = true; - stateVersion = "${version}"; -}; -nix = let featuresList = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - "gccarch-${cpuArchitecture}" - "gccarch-znver3" - ]; - in - { - gc = { - automatic = true; - dates = "weekly"; - }; - buildMachines = [ { - hostName = "workstation"; - system = "x86_64-linux"; - sshUser = "nixremote"; - maxJobs = 14; - speedFactor = 1; - supportedFeatures = featuresList; - } ]; - distributedBuilds = true; - settings = { - cores = 3; - auto-optimise-store = true; - trusted-users = [ "nixremote" ]; - system-features = featuresList; - substituters = [ - "https://nix-gaming.cachix.org" - "https://nixpkgs-python.cachix.org" - "https://devenv.cachix.org" - "https://cuda-maintainers.cachix.org" - ]; - trusted-public-keys = [ - "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" - "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" - "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" - ]; - }; -}; -#+end_src - -* SECURITY -Disabled password in sudo for commodity, but this is obviously not recommended, -regarding rkit, that setting enables pipewire to run with real-time -capabilities. And lastly, the acme settings are for signing certificates. - -The pam limits exists so NixOS can compile the entire system without running -into "Too many files open" errors. - -#+begin_src nix -security = { - acme = { - acceptTerms = true; - defaults.email = myEmail; - }; - rtkit.enable = true; - sudo = { - enable = true; - wheelNeedsPassword = false; - }; - pam.loginLimits = [{ - domain = "*"; - type = "soft"; - item = "nofile"; - value = "8192"; - }]; -}; -#+end_src - -* NIXPKGS SETTINGS -Allow non-free, sadly is a requirement for some of my drivers, besides that, -here is a good place to declare some package overrides as well as permit unsafe -packages. - -localSystem allows me to compile the entire operating system optimized to my CPU -architecture and other build flags. - -=note= if using gcc.arch flags, comment out hostPlatform and viceversa. - -#+begin_src nix -nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; - config = { - allowUnfree = true; - permittedInsecurePackages = [ - "openssl-1.1.1w" - ]; - }; - # localSystem = { - # gcc.arch = cpuArchitecture; - # gcc.tune = cpuArchitecture; - # system = "x86_64-linux"; - # }; -}; -#+end_src - -* NORMAL USERS -Being part of the "wheel" group, means that the user has root privileges. The -piracy.gid is so I have read/write access permissions on all the hard drives -split among my multiple systems, the rest of the groups are self explanatory. - -- nixremote: is a low-privilege user set exclusively with the intention to be a - proxy to build the nix-store remotely. - -#+begin_src nix -users = { - groups.nixremote = { - name = "nixremote"; - gid = 555; - }; - users.nixremote = { - isNormalUser = true; - createHome = true; - group = "nixremote"; - home = "/var/nixremote/"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation" - "" - ]; - }; -}; -users.users.jawz = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "docker" - "scanner" "lp" "piracy" "kavita" - "render" "video" - ]; - initialPassword = "password"; - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server" - ]; - }; -#+end_src - -This section of the document categorizes and organizes all he packages that I -want installed, attempting to group them as dependencies of others when -necessary. - -* USER PACKAGES -This section of the document categorizes and organizes all he packages that I -want installed, attempting to group them as dependencies of others when -necessary. - -Begin the block to install user packages. - -#+begin_src nix -packages = (with pkgs; [ -#+end_src - -cli and tui packages, which on their own right are as or more powerful than the -packages on the previous section. - -** HUNSPELL -These dictionaries work with Firefox, Doom Emacs and LibreOffice. - -#+begin_src nix -hunspell -hunspellDicts.it_IT -hunspellDicts.es_MX -hunspellDicts.en_CA -#+end_src - -** CUSTOMIZATION PACKAGES -Themes and other customization, making my DE look the way I want is one of the -main draws of Linux for me. - -#+begin_src nix -symbola -#+end_src - -** COMMAND-LINE PACKAGES - -#+begin_src nix -unstable.yt-dlp # downloads videos from most video websites -unstable.gallery-dl # similar to yt-dlp but for most image gallery websites - -fd # modern find, faster searches -fzf # fuzzy finder! super cool and useful -gdu # disk-space utility, somewhat useful -du-dust # rusty du -trash-cli # oop! didn't meant to delete that -eza # like ls but with colors -rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS -smartmontools # check hard drie health -#+end_src - -** MY SCRIPTS -Here I compile my own scripts into binaries - -#+begin_src nix -jawzManageLibrary -jawzTasks -jawzSubs -jawzStream -(writeScriptBin "ffmpeg4discord" (builtins.readFile ../scripts/ffmpeg4discord.py)) -(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh)) -(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh)) -(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh)) -(writeScriptBin "run" (builtins.readFile ../scripts/run.sh)) -(writeScriptBin "find-dup-episodes" (builtins.readFile ../scripts/find-dup-episodes.sh)) -#+end_src - -** DEVELOPMENT PACKAGES -Assorted development packages and libraries, categorized by languages. - -#+begin_src nix -tldr # man for retards - -# SH -bats # testing system, required by Exercism -bashdb # autocomplete -shellcheck # linting -shfmt # a shell parser and formatter - -# NIX -expect # keep color when nom'ing -nix-output-monitor # autistic nix builds -nixfmt # linting -cachix # why spend time compiling? - -# PYTHON. -(python3.withPackages (ps: with ps; [ - flake8 # wraper for pyflakes, pycodestyle and mccabe - isort # sort Python imports - nose # testing and running python scripts - pyflakes # checks source code for errors - pytest # framework for writing tests - speedtest-cli # check internet speed from the comand line - editorconfig # follow rules of contributin - black # Python code formatter - pylint # bug and style checker for python -])) # base language -#+end_src - -** CUSTOM PYTHON SCRIPTS -Libraries & apps not found on the nix-store and scripts made by me. - -#+begin_src nix -]) ++ (with pkgs.python3Packages; [ - (buildPythonApplication rec { - pname = "download"; - version = "2.5"; - src = ../scripts/download/.; - doCheck = false; - buildInputs = [ setuptools ]; - propagatedBuildInputs = - [ pyyaml types-pyyaml ]; - }) - (buildPythonApplication rec { - pname = "ffpb"; - version = "0.4.1"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk="; - }; - doCheck = false; - buildInputs = [ setuptools ]; - propagatedBuildInputs = - [ tqdm ]; - }) -# (buildPythonApplication rec { -# pname = "qbit_manage"; -# version = "4.0.3"; -# src = fetchPypi { -# inherit pname version; -# sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk="; -# }; -# doCheck = true; -# buildInputs = [ setuptools ]; -# propagatedBuildInputs = -# [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ]; -# }) -#+end_src - -** NODEJS PACKAGES -Language servers and linters. - -#+begin_src nix -]) ++ (with pkgs.nodePackages; [ - # Language servers - dockerfile-language-server-nodejs - yaml-language-server - bash-language-server - vscode-json-languageserver - pyright - - markdownlint-cli # Linter - prettier # Linter - pnpm # Package manager -#+end_src - -** CLOSING USER PACKAGES - -#+begin_src nix -]); }; # <--- end of package list -#+end_src - -* HOME-MANAGER -** HOME-MANAGER SETTINGS -These make it so packages install to '/etc' rather than the user home directory, -also allow for upgrades when rebuilding the system. - -#+begin_src nix -home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - users.jawz = { config, pkgs, ... }:{ - home.stateVersion = "${version}"; -#+end_src - -** DOTFILES -I opted out of using home-manager to declare my package environment, and instead -I use it exclusively for setting up my dotfiles. - -*** BASH -Declares my .bashrc file, and sets up some environment and functions. - -#+begin_src nix -programs.bash = { - enable = true; - historyFile = "\${XDG_STATE_HOME}/bash/history"; - historyControl = [ "erasedups" "ignorespace" ]; - shellAliases = { - hh = "hstr"; - ls = "eza --icons --group-directories-first"; - edit = "emacsclient -t"; - comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\""; - gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\""; - cp = "cp -i"; - mv = "mv -i"; - mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit"; - mkdir = "mkdir -p"; - rm = "trash"; - ".." = "cd .."; - "..." = "cd ../.."; - ".3" = "cd ../../.."; - ".4" = "cd ../../../.."; - ".5" = "cd ../../../../.."; - dl = "download -u jawz -i"; - e = "edit"; - c = "cat"; - f = "fzf --multi --exact -i"; - sc = "systemctl --user"; - jc = "journalctl --user -xefu"; - open-gallery = "cd /mnt/pool/scrapping/JawZ/gallery-dl && - xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\""; - unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | - tr '[:upper:]' '[:lower:]' | sort | - uniq --count | sort -rn"; - }; - enableVteIntegration = true; - initExtra = '' - $HOME/.local/bin/pokemon-colorscripts -r --no-title - # Lists - list_root="${config.xdg.configHome}"/jawz/lists/jawz - export LW=$list_root/watch.txt - export LI=$list_root/instant.txt - export LC=$list_root/comic.txt - export command_timeout=30 - - if command -v fzf-share >/dev/null; then - source "$(fzf-share)/key-bindings.bash" - source "$(fzf-share)/completion.bash" - fi - - nixos-reload () { - nixfmt /home/jawz/Development/NixOS/miniserver/*.nix - sudo unbuffer nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/miniserver/configuration.nix |& nom - } - ''; -}; -#+end_src - -*** XDG -Configurations for XDG directories, as well as installing dotfiles from the -sub-directory on this repository. - -#+begin_src nix -xdg = { - enable = true; - userDirs = { - enable = true; - createDirectories = false; - desktop = "${config.home.homeDirectory}"; - documents = "${config.home.homeDirectory}/Documents"; - download = "${config.home.homeDirectory}/Downloads"; - music = "${config.home.homeDirectory}/Music"; - pictures = "${config.home.homeDirectory}/Pictures"; - templates = "${config.xdg.dataHome}/Templates"; - videos = "${config.home.homeDirectory}/Videos"; - }; - configFile = { - "wgetrc".source = ../dotfiles/wget/wgetrc; - "configstore/update-notifier-npm-check.json".source = ../dotfiles/npm/update-notifier-npm-check.json; - "npm/npmrc".source = ../dotfiles/npm/npmrc; - "gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json; - "htop/htoprc".source = ../dotfiles/htop/htoprc; - "python/pythonrc".source = ../dotfiles/pythonrc; - "unpackerr.conf".source = ../dotfiles/unpackerr.conf; - }; -}; -#+end_src - -** HOME-MANAGER PROGRAMS -Program declarations that are exclusive to home-manager, declaring packages this -way allows for extra configuration and integration beyond installing the -packages on the user environment, it's the only exception I make to installing -packages through home-manager. - -#+begin_src nix -programs = { - helix = { - enable = true; - }; - hstr.enable = true; - emacs.enable = true; - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - }; - bat = { - enable = true; - config = { - pager = "less -FR"; - theme = "base16"; - }; - extraPackages = with pkgs.bat-extras; [ - batman # man pages - batpipe # piping - batgrep # ripgrep - batdiff # this is getting crazy! - batwatch # probably my next best friend - prettybat # trans your sourcecode! - ]; - }; - git = { - enable = true; - userName = "${myName}"; - userEmail = "${myEmail}"; - }; - htop = { - enable = true; - package = pkgs.htop-vim; - }; -}; -#+end_src - -** HOME-MANAGER USER-SERVICES -Lorri helps optimize emacs compilations, and the declaring emacs as a service -through home-manager fixes the bug where emacs loads so quickly that can not -connect to a graphic environment unless restarting the systemd service. - -#+begin_src nix -services = { - lorri.enable = true; - emacs = { - enable = true; - defaultEditor = true; - package = pkgs.emacs; - startWithUserSession = "graphical"; - }; -}; -#+end_src - -** CLOSING HOME-MANAGER - -#+begin_src nix -}; }; -#+end_src - -* ENVIRONMENT -These are a MUST to ensure the optimal function of nix, without these, recovery -may be challenging. - -The environment.etc block allows for bluetooth devices to control volume, pause, -and other things through the headset controls. - -Declare environment variables whose function is mostly to clear-up the $HOME -directory from as much bloat as possible, as well as some minor graphical tweaks -some applications use. - -#+begin_src nix -environment = { - systemPackages = with pkgs; [ - wget - jellyfin-ffmpeg # coolest video converter! - mediainfo - dlib - fd - ripgrep - ]; - variables = rec { - # PATH - XDG_CACHE_HOME = "\${HOME}/.cache"; - XDG_CONFIG_HOME = "\${HOME}/.config"; - XDG_BIN_HOME = "\${HOME}/.local/bin"; - XDG_DATA_HOME = "\${HOME}/.local/share"; - XDG_STATE_HOME = "\${HOME}/.local/state"; - - # DEV PATH - CABAL_DIR = "${XDG_CACHE_HOME}/cabal"; - CARGO_HOME = "${XDG_DATA_HOME}/cargo"; - GEM_HOME = "${XDG_DATA_HOME}/ruby/gems"; - GEM_PATH = "${XDG_DATA_HOME}/ruby/gems"; - GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs"; - GOPATH = "${XDG_DATA_HOME}/go"; - NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc"; - PNPM_HOME = "${XDG_DATA_HOME}/pnpm"; - PSQL_HISTORY="${XDG_DATA_HOME}/psql_history"; - REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history"; - WINEPREFIX="${XDG_DATA_HOME}/wine"; - PYTHONSTARTUP="${XDG_CONFIG_HOME}/python/pythonrc"; - STACK_ROOT="${XDG_DATA_HOME}/stack"; - - # OPTIONS - HISTFILE = "${XDG_STATE_HOME}/bash/history"; - LESSHISTFILE = "-"; - GHCUP_USE_XDG_DIRS = "true"; - RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc"; - ELECTRUMDIR = "${XDG_DATA_HOME}/electrum"; - VISUAL = "emacsclient -ca emacs"; - WGETRC = "${XDG_CONFIG_HOME}/wgetrc"; - XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose"; - "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java"; - DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker"; - - # NVIDIA - CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv"; - - # Themes - # WEBKIT_DISABLE_COMPOSITING_MODE = "1"; - CALIBRE_USE_SYSTEM_THEME = "1"; - - PATH = [ - "\${HOME}/.local/bin" - "${XDG_CONFIG_HOME}/emacs/bin" - "${XDG_DATA_HOME}/npm/bin" - "${XDG_DATA_HOME}/pnpm" - ]; - - # needed for tensorflow - # CUDA_PATH = "${pkgs.cudatoolkit}"; - # # LD_LIBRARY_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib:${pkgs.ncurses5}/lib"; - # EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib"; - # EXTRA_CCFLAGS = "-I/usr/include"; - }; -}; -#+end_src - -* PROGRAMS -Some programs get enabled and installed through here, as well as the activation -of some services. - -#+begin_src nix -programs = { - starship.enable = true; - tmux.enable = true; - fzf.fuzzyCompletion = true; - neovim = { - enable = true; - vimAlias = true; - }; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; -}; -#+end_src - -* SERVICES -Miscellaneous services, managed by systemd. - -- minidlna: allows me to watch my media on my TV. -- avahi: allows to discover/connect to devices through their hostname on the - same network. -- fstrim/btrfs: file-system services. - -#+begin_src nix -services = { - # minidlna = { - # enable = true; - # openFirewall = true; - # settings = { - # inotify = "yes"; - # media_dir = [ - # "/mnt/pool/glue" - # ]; - # }; - # }; - avahi = { - enable = true; - nssmdns = true; - }; - fstrim.enable = true; - smartd.enable = true; - btrfs.autoScrub = { - enable = true; - fileSystems = [ - "/" - "/mnt/pool" - ]; - }; - openssh = { - enable = true; - openFirewall = true; - startWhenNeeded = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; -}; -#+end_src - -* SYSTEMD -Home-manager, is not as flushed out when it comes to creating systemd units, so -the best way to define them for now, is using nix. - -#+begin_src nix -systemd = { - packages = let - pkgs = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/9957cd48326fe8dbd52fdc50dd2502307f188b0d.tar.gz"; - }) {}; - - myPkg = pkgs.qbittorrent-nox; -in [ myPkg ]; - services = { - "qbittorrent-nox@jawz" = { - enable = true; - overrideStrategy = "asDropin"; - wantedBy = [ "multi-user.target" ]; - }; - }; - timers = { - }; - user = { - services = { - "stream@" = { - description = "monitors a stream channel for online streams."; - restartIfChanged = true; - wantedBy = [ "default.target" ]; - path = [ - pkgs.nix - jawzStream - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${jawzStream}/bin/stream-dl %I"; - }; - }; - "download@" = { - description = "Downloads post from multiple sources."; - restartIfChanged = true; - wantedBy = [ "default.target" ]; - path = [ - pkgs.bash - unstable.pkgs.gallery-dl - unstable.pkgs.yt-dlp - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "/etc/profiles/per-user/jawz/bin/download %I"; - }; - }; - "instagram@" = { - description = "Downloads post types from instagram."; - restartIfChanged = true; - wantedBy = [ "default.target" ]; - path = [ - pkgs.bash - unstable.pkgs.gallery-dl - unstable.pkgs.yt-dlp - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "/etc/profiles/per-user/jawz/bin/download \\ - instagram -u jawz -t %I"; - }; - }; - # unpackerr = { - # enable = true; - # restartIfChanged = true; - # description = "Run unpackerr"; - # wantedBy = [ "default.target" ]; - # serviceConfig = { - # Restart = "on-failure"; - # RestartSec = 30; - # ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf"; - # }; - # }; - tuhmayto = { - enable = true; - restartIfChanged = true; - description = "Downloads tuhmayto stuff"; - wantedBy = [ "default.target" ]; - path = [ - pkgs.bash - unstable.pkgs.gallery-dl - unstable.pkgs.yt-dlp - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "/etc/profiles/per-user/jawz/bin/download \\ - -u jawz -i https://twitter.com/tuhmayto/media \\ - https://www.furaffinity.net/user/tuhmayto/"; - }; - }; - manage-library = { - enable = true; - restartIfChanged = true; - description = "Run the manage library bash script"; - wantedBy = [ "default.target" ]; - path = [ - pkgs.nix - pkgs.sudo - jawzManageLibrary - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${jawzManageLibrary}/bin/manage-library"; - }; - }; - qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in { - restartIfChanged = true; - description = "Tidy up my torrents"; - wantedBy = [ "default.target" ]; - path = [ - pkgs.python3 - pkgs.pipenv - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${qbit_dir}/venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml"; - }; - }; - }; - timers = let - streamTimer = { - enable = true; - description = "monitors a stream channel for online streams."; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "5min"; - OnUnitActiveSec = "65min"; - RandomizedDelaySec = 30; - }; - }; - downloadTimer = time : { - enable = true; - description = "Downloads post from multiple sources."; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = time; - RandomizedDelaySec = 30; - Persistent = true; - }; - }; - instagramTimer = time : { - enable = true; - description = "Downloads post types from instagram."; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = time; - RandomizedDelaySec = 120; - Persistent = true; - }; - }; - in { - "stream@johnneal911" = streamTimer // { }; - "stream@uk2011boy" = streamTimer // { }; - "stream@tommy9x6" = streamTimer // { }; - "stream@brocollirob" = streamTimer // { }; - "stream@tomayto\\x20picarto" = streamTimer // { }; - "instagram@stories" = instagramTimer "*-*-* 08:12:00" // { }; - "download@main" = downloadTimer "*-*-* 06,18:02:00" // { }; - "download@push" = downloadTimer "*:0/5" // { }; - "download@manga" = downloadTimer "Fri *-*-* 03:08:00" // { }; - # "download@kemono" = downloadTimer - # "*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 18:06:00" // { }; - tuhmayto = { - enable = true; - description = "Downloads tuhmayto stuff"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*:0/10"; - }; - }; - manage-library = { - enable = true; - description = "Run the manage library bash script"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "00:30"; - }; - }; - qbit_manage = { - enable = true; - description = "Tidy up my torrents"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*:0/10"; - }; - }; - }; - }; -}; -#+end_src - -* FONTCONFIG -If enabled, a Fontconfig configuration file will point to a set of default -fonts. If you don not care about running X11 applications or any other program -that uses Fontconfig, you can turn this option off and prevent a dependency on -all those fonts. -=tip= once that Wayland is ready for deployment, I probably can remove this -setting. - -#+begin_src nix -fonts.fontconfig.enable = true; -#+end_src - -* HARDWARE -Computer-specific hardware settings. The power management settings default to -"performance". - -- nvidia: GPU drivers. -- cpu.intel: microcode patches. - -#+begin_src nix -hardware = { - cpu.intel.updateMicrocode = lib.mkDefault true; - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; -}; -#+end_src - -* CLOSE SYSTEM -#+begin_src nix -} -#+end_src diff --git a/hosts/miniserver/fstab.nix b/hosts/miniserver/hardware-configuration.nix similarity index 92% rename from hosts/miniserver/fstab.nix rename to hosts/miniserver/hardware-configuration.nix index c7c9463..e6b7556 100644 --- a/hosts/miniserver/fstab.nix +++ b/hosts/miniserver/hardware-configuration.nix @@ -1,6 +1,23 @@ -{ config, lib, pkgs, modulesPath, ... }: { +{ lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + nixpkgs.hostPlatform = "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + hardware = { + cpu.intel.updateMicrocode = lib.mkDefault true; + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + }; boot = { + kernelModules = [ "kvm-intel" ]; + kernel.sysctl = { + "vm.swappiness" = 80; + "net.ipv6.conf.all.disable_ipv6" = 1; + "net.ipv6.conf.lo.disable_ipv6" = 1; + "net.ipv6.conf.default.disable_ipv6" = 1; + }; loader = { efi = { canTouchEfiVariables = true; @@ -35,13 +52,6 @@ # preLVM = true; # }; }; - kernelModules = [ "kvm-intel" ]; - kernel.sysctl = { - "vm.swappiness" = 80; - "net.ipv6.conf.all.disable_ipv6" = 1; - "net.ipv6.conf.lo.disable_ipv6" = 1; - "net.ipv6.conf.default.disable_ipv6" = 1; - }; extraModulePackages = [ ]; initrd = { availableKernelModules = [ @@ -57,7 +67,6 @@ kernelModules = [ "kvm-intel" ]; }; }; - fileSystems = { "/" = { device = "/dev/mapper/nvme"; diff --git a/hosts/miniserver/mail.nix b/hosts/miniserver/mail.nix deleted file mode 100644 index e6eee91..0000000 --- a/hosts/miniserver/mail.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: -let - version = "23.05"; - domain = "danilo-reyes.com"; -in { - imports = [ - (builtins.fetchTarball { - # Pick a release version you are interested in and set its hash, e.g. - url = - "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz"; - # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: - # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack - sha256 = "1ngil2shzkf61qxiqw11awyl81cr7ks2kv3r3k243zz7v2xakm5c"; - }) - ]; - - mailserver = { - enable = true; - fqdn = "mail.${domain}"; - domains = [ domain ]; - - # A list of all login accounts. To create the password hashes, use - # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' - loginAccounts = { - "contact@${domain}" = { - hashedPasswordFile = ../dotfiles/secrets/mailserver; - aliases = [ "jawz@${domain}" ]; - }; - }; - - # Use Let's Encrypt certificates. Note that this needs to set up a stripped - # down nginx and opens port 80. - certificateScheme = "acme-nginx"; - }; - security.acme.acceptTerms = true; - security.acme.defaults.email = "contact@${domain}"; -} diff --git a/hosts/miniserver/openldap.nix b/hosts/miniserver/openldap.nix deleted file mode 100644 index 53c9429..0000000 --- a/hosts/miniserver/openldap.nix +++ /dev/null @@ -1,83 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -let hostname = "servidos.lat"; -in { - services.openldap = { - enable = true; - - # enable plain and secure connections - urlList = [ "ldap:///" "ldaps:///" ]; - - settings = { - attrs = { - olcLogLevel = "conns config"; - - # settings for acme ssl - olcTLSCACertificateFile = "/var/lib/acme/${hostname}/full.pem"; - olcTLSCertificateFile = "/var/lib/acme/${hostname}/cert.pem"; - olcTLSCertificateKeyFile = "/var/lib/acme/${hostname}/key.pem"; - olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; - olcTLSCRLCheck = "none"; - olcTLSVerifyClient = "never"; - olcTLSProtocolMin = "3.1"; - }; - - children = { - "cn=schema".includes = [ - "${pkgs.openldap}/etc/schema/core.ldif" - "${pkgs.openldap}/etc/schema/cosine.ldif" - "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - ]; - - "olcDatabase={1}mdb".attrs = { - objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - - olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=example,dc=com"; - - # your admin account, do not use writeText on a production system - olcRootDN = "cn=admin,dc=example,dc=com"; - olcRootPW.path = pkgs.writeText "olcRootPW" "pass"; - - olcAccess = [ - # custom access rules for userPassword attributes - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by * none'' - - # allow read on anything else - '' - {1}to * - by * read'' - ]; - }; - }; - }; - }; - - # ensure openldap is launched after certificates are created - systemd.services.openldap = { - wants = [ "acme-${hostname}.service" ]; - after = [ "acme-${hostname}.service" ]; - }; - - # make acme certificates accessible by openldap - security.acme.defaults.group = "certs"; - users.groups.certs.members = [ "openldap" ]; - - # trigger the actual certificate generation for your hostname - security.acme.certs."${hostname}" = { extraDomainNames = [ ]; }; - - # example using hetzner dns to run letsencrypt verification - security.acme.defaults.dnsProvider = "hetzner"; - security.acme.defaults.credentialsFile = pkgs.writeText "credentialsFile" '' - HETZNER_API_KEY= - ''; -} diff --git a/hosts/miniserver/scripts/update-dns.sh b/hosts/miniserver/scripts/update-dns.sh deleted file mode 100644 index 7a7a826..0000000 --- a/hosts/miniserver/scripts/update-dns.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash -p bash curl jq dig - -# Shell script to update namecheap.com dynamic dns -# for a domain to your external IP address - -# namecheap -hostnames=(cloud @ 6fxAtnPxEeI8hN) -domain=rotehaare.art -password=60d672be5d9d4828a0f96264babe0ac1 - -ip=$(curl -s ipecho.net/plain) -for hostname in "${hostnames[@]}"; do - curl "https://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$password&ip=$ip" -done - -# cloudflare -zone_id=833996ed25eb09f1a50606e0457790e4 -record=servidos.lat -record_id=6b117173e53a7511ba36ceb9637ede63 -cloudflare_token=VdKosfThQmOcuywLOUq9DY4-df9EmbHrDWyf_vUb - -# get record_id -# curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records?type=A&name=${record}" \ -# -H "Authorization: Bearer ${cloudflare_token}" \ -# -H "Content-Type: application/json" | jq -r '{"result"}[] | .[0] | .id' - -curr_ip=$(curl -s -X GET https://checkip.amazonaws.com) -curr_reg=$(dig ${record} +short @1.1.1.1) -if echo "${curr_reg}" | grep "${curr_ip}"; then - echo "$(date --rfc-3339=seconds) - OK - Current record matches current IP (${curr_ip})" -else - curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id}" \ - -H "Authorization: Bearer ${cloudflare_token}" \ - -H "Content-Type: application/json" \ - --data "{\"type\":\"A\",\"name\":\"${record}\",\"content\":\"$curr_ip\",\"ttl\":1,\"proxied\":false}" >/dev/null - echo "$(date --rfc-3339=seconds) - NOK - Record Updated to $curr_ip from ${curr_reg}" -fi - -# godaddy -domain=danilo-reyes.com -host=@ -APIKey=AEjhf24Sczj_BpoXZmSK1Zha3pvRpRYxnf -APISecret=5pumrt9iMaSxR8U4PjhRCE - -WanIP=$(curl -s "https://api.ipify.org") -GDIP=$(curl -s -X GET -H "Authorization: sso-key ${APIKey}:${APISecret}" "https://api.godaddy.com/v1/domains/${domain}/records/A/${host}" | cut -d'[' -f 2 | cut -d']' -f 1) - -if [ "$WanIP" != "$GDIP" ] && [ "$WanIP" != "" ]; then - echo "Actualizando ip godaddy" - curl -s -X PUT "https://api.godaddy.com/v1/domains/${domain}/records/A/${host}" \ - -H "Authorization: sso-key ${APIKey}:${APISecret}" \ - -H "Content-Type: application/json" \ - -d "[{\"data\": \"${WanIP}\"}]" -fi diff --git a/hosts/miniserver/servers.nix b/hosts/miniserver/servers.nix index c621cc7..2776e3e 100644 --- a/hosts/miniserver/servers.nix +++ b/hosts/miniserver/servers.nix @@ -268,7 +268,7 @@ in { # }; nextcloud-cronjob = let jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob" - (builtins.readFile ../scripts/nextcloud-cronjob.sh); + (builtins.readFile ../../scripts/nextcloud-cronjob.sh); in { description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "multi-user.target" ]; @@ -299,7 +299,7 @@ in { user.services = { update-dns = let jawzUpdateDns = pkgs.writeScriptBin "update-dns" - (builtins.readFile ../scripts/update-dns.sh); + (builtins.readFile ../../scripts/update-dns.sh); in { restartIfChanged = true; description = "update DNS of my websites"; diff --git a/hosts/workstation/configuration.nix b/hosts/workstation/configuration.nix index 8f55154..a2c110b 100644 --- a/hosts/workstation/configuration.nix +++ b/hosts/workstation/configuration.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { imports = [ - # ./hardware-configuration.nix ../../base.nix ../../gnome.nix diff --git a/jawz.nix b/jawz.nix index ac89a1e..3bf9b0b 100644 --- a/jawz.nix +++ b/jawz.nix @@ -17,6 +17,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjnNIggZweJ+GJKKvFEPhpLcs+t64xXjBmeuERsLFLL jawz@miniserver" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy" ]; diff --git a/modules/apps/gaming.nix b/modules/apps/gaming.nix index 321c4f3..29796de 100644 --- a/modules/apps/gaming.nix +++ b/modules/apps/gaming.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, ... }: -let polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { }; -in { +{ config, lib, pkgs, ... }: { options.my.apps.gaming.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.apps.gaming.enable { programs = { @@ -12,27 +10,29 @@ in { dedicatedServer.openFirewall = true; }; }; - users.users.jawz.packages = (with pkgs; [ - mangohud # fps & stats overlay - lutris # games launcher & emulator hub - cartridges # games launcher - gamemode # optimizes linux to have better gaming performance - heroic # install epic games - protonup-qt # update proton-ge - #minecraft # minecraft official launcher - ns-usbloader # load games into my switch - # grapejuice # roblox manager + users.users.jawz.packages = + let polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { }; + in (with pkgs; [ + mangohud # fps & stats overlay + lutris # games launcher & emulator hub + cartridges # games launcher + gamemode # optimizes linux to have better gaming performance + heroic # install epic games + protonup-qt # update proton-ge + #minecraft # minecraft official launcher + ns-usbloader # load games into my switch + # grapejuice # roblox manager - # emulators - rpcs3 # ps3 emulator - pcsx2 # ps2 emulator - cemu # wii u emulator - dolphin-emu # wii emulator - #citra-nightly # 3Ds emulator - snes9x-gtk # snes emulator - ryujinx # switch emulator - ]) ++ [ - polymc # minecraft launcher with mod support - ]; + # emulators + rpcs3 # ps3 emulator + pcsx2 # ps2 emulator + cemu # wii u emulator + dolphin-emu # wii emulator + #citra-nightly # 3Ds emulator + snes9x-gtk # snes emulator + ryujinx # switch emulator + ]) ++ [ + polymc # minecraft launcher with mod support + ]; }; } diff --git a/modules/apps/internet.nix b/modules/apps/internet.nix index a699a77..b4b0eab 100644 --- a/modules/apps/internet.nix +++ b/modules/apps/internet.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, ... }: -let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { }; -in { +{ config, lib, pkgs, ... }: { options.my.apps.internet.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.apps.internet.enable { programs = { @@ -11,19 +9,21 @@ in { }; }; services.psd.enable = true; - users.users.jawz.packages = (with pkgs; [ - nextcloud-client # self-hosted google-drive alternative - fragments # beautiful torrent client - protonmail-bridge # bridge for protonmail - tor-browser-bundle-bin # dark web, so dark! - chromium # web browser with spyware included - telegram-desktop # furry chat - nicotine-plus # remember Ares? - vesktop # screen share with audio discord - discord # :3 - # hugo # website engine - ]) ++ [ - vdhcoapp # video download helper assistant - ]; + users.users.jawz.packages = + let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { }; + in (with pkgs; [ + nextcloud-client # self-hosted google-drive alternative + fragments # beautiful torrent client + protonmail-bridge # bridge for protonmail + tor-browser-bundle-bin # dark web, so dark! + chromium # web browser with spyware included + telegram-desktop # furry chat + nicotine-plus # remember Ares? + vesktop # screen share with audio discord + discord # :3 + # hugo # website engine + ]) ++ [ + vdhcoapp # video download helper assistant + ]; }; } diff --git a/modules/scripts.nix b/modules/scripts.nix index 6d6dec5..5d5c2e8 100644 --- a/modules/scripts.nix +++ b/modules/scripts.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ ... }: { imports = [ ./scripts/download.nix ./scripts/ffmpeg4discord.nix @@ -13,17 +13,4 @@ ./scripts/tasks.nix ./scripts/update-dns.nix ]; - my.scripts = { - download.enable = lib.mkDefault false; - ffmpeg4discord.enable = lib.mkDefault false; - ffmpreg.enable = lib.mkDefault false; - find-dup-episodes.enable = lib.mkDefault false; - manage-library.enable = lib.mkDefault false; - pika-list.enable = lib.mkDefault false; - run.enable = lib.mkDefault false; - split-dir.enable = lib.mkDefault false; - sub-sync.enable = lib.mkDefault false; - tasks.enable = lib.mkDefault false; - update-dns.enable = lib.mkDefault false; - }; } diff --git a/modules/scripts/download.nix b/modules/scripts/download.nix index da982de..f4ad5cb 100644 --- a/modules/scripts/download.nix +++ b/modules/scripts/download.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config = { home-manager.users.jawz = { @@ -25,7 +25,7 @@ }; users.users.jawz.packages = [ pkgs.gallery-dl ]; my.scripts.download = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "download"; diff --git a/modules/scripts/ffmpeg4discord.nix b/modules/scripts/ffmpeg4discord.nix index 0206106..8c42543 100644 --- a/modules/scripts/ffmpeg4discord.nix +++ b/modules/scripts/ffmpeg4discord.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.ffmpeg4discord = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "ffmpeg4discord"; diff --git a/modules/scripts/ffmpreg.nix b/modules/scripts/ffmpreg.nix index 968c30b..0e19dab 100644 --- a/modules/scripts/ffmpreg.nix +++ b/modules/scripts/ffmpreg.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.ffmpreg = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "ffmpreg"; diff --git a/modules/scripts/find-dup-episode.nix b/modules/scripts/find-dup-episode.nix index 621523e..902b05b 100644 --- a/modules/scripts/find-dup-episode.nix +++ b/modules/scripts/find-dup-episode.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.find-dup-episodes = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "find-dup-episodes"; diff --git a/modules/scripts/manage-library.nix b/modules/scripts/manage-library.nix index 921bfa1..614d22a 100644 --- a/modules/scripts/manage-library.nix +++ b/modules/scripts/manage-library.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.manage-library = { - enable = true; + enable = lib.mkDefault false; install = true; service = true; name = "manage-library"; diff --git a/modules/scripts/pika-list.nix b/modules/scripts/pika-list.nix index 706b6b6..1a4473b 100644 --- a/modules/scripts/pika-list.nix +++ b/modules/scripts/pika-list.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.pika-list = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "pika-list"; diff --git a/modules/scripts/run.nix b/modules/scripts/run.nix index 12cc9b1..a9504f2 100644 --- a/modules/scripts/run.nix +++ b/modules/scripts/run.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.run = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "run"; diff --git a/modules/scripts/split-dir.nix b/modules/scripts/split-dir.nix index 5da41a4..cd63a0c 100644 --- a/modules/scripts/split-dir.nix +++ b/modules/scripts/split-dir.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.split-dir = { - enable = true; + enable = lib.mkDefault false; install = true; service = false; name = "split-dir"; diff --git a/modules/scripts/tasks.nix b/modules/scripts/tasks.nix index 9e13d72..95379fa 100644 --- a/modules/scripts/tasks.nix +++ b/modules/scripts/tasks.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.tasks = { - enable = true; + enable = lib.mkDefault false; install = true; service = true; name = "tasks"; diff --git a/modules/scripts/update-dns.nix b/modules/scripts/update-dns.nix index 0bad14e..2434f72 100644 --- a/modules/scripts/update-dns.nix +++ b/modules/scripts/update-dns.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { imports = [ ./base.nix ]; config.my.scripts.update-dns = { - enable = true; + enable = lib.mkDefault false; install = true; service = true; name = "update-dns"; diff --git a/modules/shell/tools.nix b/modules/shell/tools.nix index 4081cf6..b064423 100644 --- a/modules/shell/tools.nix +++ b/modules/shell/tools.nix @@ -70,6 +70,7 @@ tldr # man for retards trash-cli # oop! did not meant to delete that jq # linting + smartmontools # check hard drie health ]; environment.variables = { HISTFILE = "\${XDG_STATE_HOME}/bash/history"; diff --git a/overlay.nix b/overlay.nix index 4c25147..91c305b 100644 --- a/overlay.nix +++ b/overlay.nix @@ -11,7 +11,6 @@ self: super: { ]); }); }); - lutris = super.lutris.override { extraPkgs = pkgs: [ pkgs.winetricks @@ -19,16 +18,12 @@ self: super: { pkgs.wineWowPackages.stable ]; }; - nerdfonts = super.nerdfonts.override { fonts = [ "CascadiaCode" "ComicShannsMono" "Iosevka" ]; }; - - fooyin = pkgsM.fooyin; planify = pkgsU.planify; gdtoolkit = pkgsU.gdtoolkit; gallery-dl = pkgsU.gallery-dl; - ns-usbloader = pkgsU.ns-usbloader; handbrake = super.handbrake.override { useGtk = true; }; discord = super.discord.override { withOpenASAR = true; }; diff --git a/pkgs/fooyin/default.nix b/pkgs/fooyin/default.nix deleted file mode 100644 index ab07fc2..0000000 --- a/pkgs/fooyin/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ stdenv, lib, fetchFromGitHub, cmake, pkg-config, alsa-lib, ffmpeg, kdePackages -, kdsingleapplication, pipewire, taglib }: - -stdenv.mkDerivation (finalAttrs: { - pname = "fooyin"; - version = "0.4.2"; - - src = fetchFromGitHub { - owner = "ludouzi"; - repo = "fooyin"; - rev = "v" + finalAttrs.version; - hash = "sha256-1U7eqXVcp0lO/X92oNQ3mWdozgJ1eroQPojscSWH6+I="; - }; - - buildInputs = [ - alsa-lib - ffmpeg - kdsingleapplication - pipewire - kdePackages.qcoro - kdePackages.qtbase - kdePackages.qtsvg - taglib - ]; - - nativeBuildInputs = - [ cmake pkg-config kdePackages.qttools kdePackages.wrapQtAppsHook ]; - - cmakeFlags = [ - (lib.cmakeBool "BUILD_TESTING" (finalAttrs.doCheck or false)) - (lib.cmakeBool "INSTALL_FHS" true) - ]; - - env.LANG = "C.UTF-8"; - - meta = with lib; { - description = "A customisable music player"; - mainProgram = "fooyin"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ peterhoeg ]; - platforms = platforms.all; - }; -})