jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

miniserver init

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-09 12:03:43 -06:00
parent 8ae8963cfe
commit 899928c1ef
26 changed files with 141 additions and 1856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
flake.nix
View File

@ -37,6 +37,17 @@
]; ];
specialArgs = { inherit inputs outputs; }; specialArgs = { inherit inputs outputs; };
}; };
miniserver = lib.nixosSystem {
inherit system;
modules = [
./hosts/miniserver/configuration.nix
({ pkgs, ... }: {
nixpkgs.overlays =
[ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
})
];
specialArgs = { inherit inputs outputs; };
};
}; };
}; };
} }

575
hosts/miniserver/configuration.nix
View File

@ -1,92 +1,59 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
version = "23.11"; stream-dl = pkgs.writeScriptBin "stream-dl"
myEmail = "CaptainJawZ@outlook.com"; (builtins.readFile ../../scripts/stream-dl.sh);
myName = "Danilo Reyes"; in {
cpuArchitecture = "alderlake"; imports =
home-manager = builtins.fetchTarball [ ./servers.nix ./docker.nix ./hardware-configuration.nix ../../base.nix ];
# "https://github.com/nix-community/home-manager/archive/master.tar.gz"; my = {
"https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz"; emacs.enable = true;
unstable = import apps.dictionaries.enable = true;
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { shell.tools.enable = true;
config = config.nixpkgs.config; services.network.enable = true;
dev = {
nix.enable = true;
python.enable = true;
sh.enable = true;
}; };
jawzManageLibrary = pkgs.writeScriptBin "manage-library" scripts = {
(builtins.readFile ../scripts/manage-library.sh); run.enable = true;
jawzTasks = split-dir.enable = true;
pkgs.writeScriptBin "tasks" (builtins.readFile ../scripts/tasks.sh); download.enable = true;
jawzSubs = ffmpreg.enable = true;
pkgs.writeScriptBin "sub-sync" (builtins.readFile ../scripts/sub-sync.sh); ffmpeg4discord.enable = true;
jawzStream = manage-library.enable = true;
pkgs.writeScriptBin "stream-dl" (builtins.readFile ../scripts/stream-dl.sh); sync-subs.enable = true;
in { # Remember to close this bracket at the end of the document pika-list.enable = true;
find-dup-episodes.enable = true;
imports = [ };
./fstab.nix };
./servers.nix fonts.fontconfig.enable = true;
./docker.nix
# ./mail.nix
# ./openldap.nix
# <agenix/modules/age.nix>
(import "${home-manager}/nixos")
];
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
networking = { networking = {
useDHCP = lib.mkDefault true;
enableIPv6 = false;
hostName = "miniserver"; hostName = "miniserver";
networkmanager.enable = true;
extraHosts = ''
192.168.1.64 workstation
192.168.1.69 server
'';
firewall = let firewall = let
open_firewall_ports = [ open_firewall_ports = [
51413 # torrent sedding 51413 # torrent sedding
9091 # qbittorrent 9091 # qbittorrent
2049 # nfs 2049 # nfs
]; ];
open_firewall_port_ranges = [ ];
in { in {
enable = true;
allowPing = true; allowPing = true;
allowedTCPPorts = open_firewall_ports; allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports; allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
}; };
}; };
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; };
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = let nix = let
featuresList = [ featuresList = [
"nixos-test" "nixos-test"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" "kvm"
"gccarch-${cpuArchitecture}"
"gccarch-znver3" "gccarch-znver3"
"gccarch-skylake"
"gccarch-alderlake"
]; ];
in { in {
gc = { distributedBuilds = true;
automatic = true;
dates = "weekly";
};
buildMachines = [{ buildMachines = [{
hostName = "workstation"; hostName = "workstation";
system = "x86_64-linux"; system = "x86_64-linux";
@ -95,63 +62,26 @@ in { # Remember to close this bracket at the end of the document
speedFactor = 1; speedFactor = 1;
supportedFeatures = featuresList; supportedFeatures = featuresList;
}]; }];
distributedBuilds = true;
settings = { settings = {
cores = 3; cores = 3;
auto-optimise-store = true; auto-optimise-store = true;
trusted-users = [ "nixremote" ]; trusted-users = [ "nixremote" ];
system-features = featuresList; system-features = featuresList;
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
}; };
}; };
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "openssl-1.1.1w" ];
};
security = { security = {
rtkit.enable = true;
acme = { acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = myEmail; defaults.email = "CaptainJawZ@outlook.com";
}; };
rtkit.enable = true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
}; };
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [ "openssl-1.1.1w" ];
};
# localSystem = {
# gcc.arch = cpuArchitecture;
# gcc.tune = cpuArchitecture;
# system = "x86_64-linux";
# };
};
users = { users = {
groups.nixremote = { groups.nixremote.gid = 555;
name = "nixremote";
gid = 555;
};
users.nixremote = { users.nixremote = {
isNormalUser = true; isNormalUser = true;
createHome = true; createHome = true;
@ -159,361 +89,17 @@ in { # Remember to close this bracket at the end of the document
home = "/var/nixremote/"; home = "/var/nixremote/";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation"
""
]; ];
}; };
}; };
users.users.jawz = { environment.systemPackages = with pkgs; [
isNormalUser = true; wget
extraGroups = [ jellyfin-ffmpeg # coolest video converter!
"wheel" mediainfo # nextcloud
"networkmanager" dlib
"docker" ];
"scanner"
"lp"
"piracy"
"kavita"
"render"
"video"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
];
};
packages = (with pkgs; [
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
symbola
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility, somewhat useful
du-dust # rusty du
trash-cli # oop! didn't meant to delete that
eza # like ls but with colors
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
smartmontools # check hard drie health
jawzManageLibrary
jawzTasks
jawzSubs
jawzStream
(writeScriptBin "ffmpeg4discord"
(builtins.readFile ../scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
(writeScriptBin "run" (builtins.readFile ../scripts/run.sh))
(writeScriptBin "find-dup-episodes"
(builtins.readFile ../scripts/find-dup-episodes.sh))
tldr # man for retards
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
# NIX
expect # keep color when nom'ing
nix-output-monitor # autistic nix builds
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
(python3.withPackages (ps:
with ps; [
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pyflakes # checks source code for errors
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
black # Python code formatter
pylint # bug and style checker for python
])) # base language
]) ++ (with pkgs.python3Packages; [
(buildPythonApplication rec {
pname = "download";
version = "1.5";
src = ../scripts/download/.;
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs = [ pyyaml types-pyyaml ];
})
(buildPythonApplication rec {
pname = "ffpb";
version = "0.4.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
};
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs = [ tqdm ];
})
# (buildPythonApplication rec {
# pname = "qbit_manage";
# version = "4.0.3";
# src = fetchPypi {
# inherit pname version;
# sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
# };
# doCheck = true;
# buildInputs = [ setuptools ];
# propagatedBuildInputs =
# [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ];
# })
]) ++ (with pkgs.nodePackages; [
# Language servers
dockerfile-language-server-nodejs
yaml-language-server
bash-language-server
vscode-json-languageserver
pyright
markdownlint-cli # Linter
prettier # Linter
pnpm # Package manager
]);
}; # <--- end of package list
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jawz = { config, pkgs, ... }: {
home.stateVersion = "${version}";
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" "ignorespace" ];
shellAliases = {
hh = "hstr";
ls = "eza --icons --group-directories-first";
edit = "emacsclient -t";
comic = ''download -u jawz -i "$(cat $LC | fzf --multi --exact -i)"'';
gallery =
''download -u jawz -i "$(cat $LW | fzf --multi --exact -i)"'';
cp = "cp -i";
mv = "mv -i";
mkcd = ''mkdir -pv "$1" && cd "$1" || exit'';
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = ''
cd /mnt/pool/scrapping/JawZ/gallery-dl &&
xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)"'';
unique-extensions = ''
fd -tf | rev | cut -d. -f1 | rev |
tr '[:upper:]' '[:lower:]' | sort |
uniq --count | sort -rn'';
};
enableVteIntegration = true;
initExtra = ''
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/miniserver/*.nix
sudo unbuffer nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/miniserver/configuration.nix |& nom
}
'';
};
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ../dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source =
../dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ../dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ../dotfiles/htop/htoprc;
"python/pythonrc".source = ../dotfiles/pythonrc;
"unpackerr.conf".source = ../dotfiles/unpackerr.conf;
};
};
programs = {
helix = { enable = true; };
hstr.enable = true;
emacs.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
extraPackages = with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
];
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};
services = {
lorri.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
startWithUserSession = "graphical";
};
};
};
};
environment = {
systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
mediainfo
dlib
fd
ripgrep
];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
PYTHONSTARTUP = "${XDG_CONFIG_HOME}/python/pythonrc";
STACK_ROOT = "${XDG_DATA_HOME}/stack";
# OPTIONS
HISTFILE = "${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG = "${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"${XDG_CONFIG_HOME}/emacs/bin"
"${XDG_DATA_HOME}/npm/bin"
"${XDG_DATA_HOME}/pnpm"
];
# needed for tensorflow
# CUDA_PATH = "${pkgs.cudatoolkit}";
# # LD_LIBRARY_PATH = "${pkgs.linuxPackages.nvidia_x11}/lib:${pkgs.ncurses5}/lib";
# EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib";
# EXTRA_CCFLAGS = "-I/usr/include";
};
};
programs = {
starship.enable = true;
tmux.enable = true;
fzf.fuzzyCompletion = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services = { services = {
btrfs.autoScrub.fileSystems = [ "/mnt/pool" ];
# minidlna = { # minidlna = {
# enable = true; # enable = true;
# openFirewall = true; # openFirewall = true;
@ -524,27 +110,7 @@ in { # Remember to close this bracket at the end of the document
# ]; # ];
# }; # };
# }; # };
avahi = {
enable = true;
nssmdns = true;
};
fstrim.enable = true;
smartd.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/mnt/pool" ];
};
openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
}; };
systemd = { systemd = {
packages = let packages = let
pkgs = import (builtins.fetchTarball { pkgs = import (builtins.fetchTarball {
@ -568,11 +134,11 @@ in { # Remember to close this bracket at the end of the document
description = "monitors a stream channel for online streams."; description = "monitors a stream channel for online streams.";
restartIfChanged = true; restartIfChanged = true;
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzStream ]; path = [ pkgs.nix stream-dl ];
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 30; RestartSec = 30;
ExecStart = "${jawzStream}/bin/stream-dl %I"; ExecStart = "${stream-dl}/bin/stream-dl %I";
}; };
}; };
# unpackerr = { # unpackerr = {
@ -586,30 +152,6 @@ in { # Remember to close this bracket at the end of the document
# ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf"; # ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
# }; # };
# }; # };
manage-library = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzManageLibrary ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
tasks = {
restartIfChanged = true;
description =
"Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [ pkgs.nix jawzTasks ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage";
in { in {
restartIfChanged = true; restartIfChanged = true;
@ -641,19 +183,6 @@ in { # Remember to close this bracket at the end of the document
"stream@tommy9x6" = streamTimer // { }; "stream@tommy9x6" = streamTimer // { };
"stream@brocollirob" = streamTimer // { }; "stream@brocollirob" = streamTimer // { };
"stream@tomayto\\x20picarto" = streamTimer // { }; "stream@tomayto\\x20picarto" = streamTimer // { };
tasks = {
enable = true;
description =
"Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
manage-library = {
enable = true;
description = "Run the manage library bash script";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "00:30"; };
};
qbit_manage = { qbit_manage = {
enable = true; enable = true;
description = "Tidy up my torrents"; description = "Tidy up my torrents";
@ -663,16 +192,4 @@ in { # Remember to close this bracket at the end of the document
}; };
}; };
}; };
fonts.fontconfig.enable = true;
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
} }

1017
hosts/miniserver/configuration.org
View File

File diff suppressed because it is too large Load Diff

27
hosts/miniserver/fstab.nix → hosts/miniserver/hardware-configuration.nix
View File

@ -1,6 +1,23 @@
{ config, lib, pkgs, modulesPath, ... }: { { lib, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
boot = { boot = {
kernelModules = [ "kvm-intel" ];
kernel.sysctl = {
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
loader = { loader = {
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
@ -35,13 +52,6 @@
# preLVM = true; # preLVM = true;
# }; # };
}; };
kernelModules = [ "kvm-intel" ];
kernel.sysctl = {
"vm.swappiness" = 80;
"net.ipv6.conf.all.disable_ipv6" = 1;
"net.ipv6.conf.lo.disable_ipv6" = 1;
"net.ipv6.conf.default.disable_ipv6" = 1;
};
extraModulePackages = [ ]; extraModulePackages = [ ];
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
@ -57,7 +67,6 @@
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
}; };
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/mapper/nvme"; device = "/dev/mapper/nvme";

37
hosts/miniserver/mail.nix
View File

@ -1,37 +0,0 @@
{ config, pkgs, ... }:
let
version = "23.05";
domain = "danilo-reyes.com";
in {
imports = [
(builtins.fetchTarball {
# Pick a release version you are interested in and set its hash, e.g.
url =
"https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-${version}/nixos-mailserver-nixos-${version}.tar.gz";
# To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command:
# release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack
sha256 = "1ngil2shzkf61qxiqw11awyl81cr7ks2kv3r3k243zz7v2xakm5c";
})
];
mailserver = {
enable = true;
fqdn = "mail.${domain}";
domains = [ domain ];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"contact@${domain}" = {
hashedPasswordFile = ../dotfiles/secrets/mailserver;
aliases = [ "jawz@${domain}" ];
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "contact@${domain}";
}

83
hosts/miniserver/openldap.nix
View File

@ -1,83 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let hostname = "servidos.lat";
in {
services.openldap = {
enable = true;
# enable plain and secure connections
urlList = [ "ldap:///" "ldaps:///" ];
settings = {
attrs = {
olcLogLevel = "conns config";
# settings for acme ssl
olcTLSCACertificateFile = "/var/lib/acme/${hostname}/full.pem";
olcTLSCertificateFile = "/var/lib/acme/${hostname}/cert.pem";
olcTLSCertificateKeyFile = "/var/lib/acme/${hostname}/key.pem";
olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
olcTLSCRLCheck = "none";
olcTLSVerifyClient = "never";
olcTLSProtocolMin = "3.1";
};
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={1}mdb".attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=example,dc=com";
# your admin account, do not use writeText on a production system
olcRootDN = "cn=admin,dc=example,dc=com";
olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
olcAccess = [
# custom access rules for userPassword attributes
''
{0}to attrs=userPassword
by self write
by anonymous auth
by * none''
# allow read on anything else
''
{1}to *
by * read''
];
};
};
};
};
# ensure openldap is launched after certificates are created
systemd.services.openldap = {
wants = [ "acme-${hostname}.service" ];
after = [ "acme-${hostname}.service" ];
};
# make acme certificates accessible by openldap
security.acme.defaults.group = "certs";
users.groups.certs.members = [ "openldap" ];
# trigger the actual certificate generation for your hostname
security.acme.certs."${hostname}" = { extraDomainNames = [ ]; };
# example using hetzner dns to run letsencrypt verification
security.acme.defaults.dnsProvider = "hetzner";
security.acme.defaults.credentialsFile = pkgs.writeText "credentialsFile" ''
HETZNER_API_KEY=<your-hetzner-dns-api-key>
'';
}

55
hosts/miniserver/scripts/update-dns.sh
View File

@ -1,55 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bash curl jq dig
# Shell script to update namecheap.com dynamic dns
# for a domain to your external IP address
# namecheap
hostnames=(cloud @ 6fxAtnPxEeI8hN)
domain=rotehaare.art
password=60d672be5d9d4828a0f96264babe0ac1
ip=$(curl -s ipecho.net/plain)
for hostname in "${hostnames[@]}"; do
curl "https://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$password&ip=$ip"
done
# cloudflare
zone_id=833996ed25eb09f1a50606e0457790e4
record=servidos.lat
record_id=6b117173e53a7511ba36ceb9637ede63
cloudflare_token=VdKosfThQmOcuywLOUq9DY4-df9EmbHrDWyf_vUb
# get record_id
# curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records?type=A&name=${record}" \
# -H "Authorization: Bearer ${cloudflare_token}" \
# -H "Content-Type: application/json" | jq -r '{"result"}[] | .[0] | .id'
curr_ip=$(curl -s -X GET https://checkip.amazonaws.com)
curr_reg=$(dig ${record} +short @1.1.1.1)
if echo "${curr_reg}" | grep "${curr_ip}"; then
echo "$(date --rfc-3339=seconds) - OK - Current record matches current IP (${curr_ip})"
else
curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id}" \
-H "Authorization: Bearer ${cloudflare_token}" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"${record}\",\"content\":\"$curr_ip\",\"ttl\":1,\"proxied\":false}" >/dev/null
echo "$(date --rfc-3339=seconds) - NOK - Record Updated to $curr_ip from ${curr_reg}"
fi
# godaddy
domain=danilo-reyes.com
host=@
APIKey=AEjhf24Sczj_BpoXZmSK1Zha3pvRpRYxnf
APISecret=5pumrt9iMaSxR8U4PjhRCE
WanIP=$(curl -s "https://api.ipify.org")
GDIP=$(curl -s -X GET -H "Authorization: sso-key ${APIKey}:${APISecret}" "https://api.godaddy.com/v1/domains/${domain}/records/A/${host}" | cut -d'[' -f 2 | cut -d']' -f 1)
if [ "$WanIP" != "$GDIP" ] && [ "$WanIP" != "" ]; then
echo "Actualizando ip godaddy"
curl -s -X PUT "https://api.godaddy.com/v1/domains/${domain}/records/A/${host}" \
-H "Authorization: sso-key ${APIKey}:${APISecret}" \
-H "Content-Type: application/json" \
-d "[{\"data\": \"${WanIP}\"}]"
fi

4
hosts/miniserver/servers.nix
View File

@ -268,7 +268,7 @@ in {
# }; # };
nextcloud-cronjob = let nextcloud-cronjob = let
jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob" jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob"
(builtins.readFile ../scripts/nextcloud-cronjob.sh); (builtins.readFile ../../scripts/nextcloud-cronjob.sh);
in { in {
description = "Runs various nextcloud-related cronjobs"; description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -299,7 +299,7 @@ in {
user.services = { user.services = {
update-dns = let update-dns = let
jawzUpdateDns = pkgs.writeScriptBin "update-dns" jawzUpdateDns = pkgs.writeScriptBin "update-dns"
(builtins.readFile ../scripts/update-dns.sh); (builtins.readFile ../../scripts/update-dns.sh);
in { in {
restartIfChanged = true; restartIfChanged = true;
description = "update DNS of my websites"; description = "update DNS of my websites";

1
hosts/workstation/configuration.nix
View File

@ -1,6 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }: {
imports = [ imports = [
# <agenix/modules/age.nix>
./hardware-configuration.nix ./hardware-configuration.nix
../../base.nix ../../base.nix
../../gnome.nix ../../gnome.nix

1
jawz.nix
View File

@ -17,6 +17,7 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjnNIggZweJ+GJKKvFEPhpLcs+t64xXjBmeuERsLFLL jawz@miniserver" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjnNIggZweJ+GJKKvFEPhpLcs+t64xXjBmeuERsLFLL jawz@miniserver"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
]; ];

48
modules/apps/gaming.nix
View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
let polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { };
in {
options.my.apps.gaming.enable = lib.mkEnableOption "enable"; options.my.apps.gaming.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.gaming.enable { config = lib.mkIf config.my.apps.gaming.enable {
programs = { programs = {
@ -12,27 +10,29 @@ in {
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
}; };
}; };
users.users.jawz.packages = (with pkgs; [ users.users.jawz.packages =
mangohud # fps & stats overlay let polymc = pkgs.callPackage ../../pkgs/polymc/default.nix { };
lutris # games launcher & emulator hub in (with pkgs; [
cartridges # games launcher mangohud # fps & stats overlay
gamemode # optimizes linux to have better gaming performance lutris # games launcher & emulator hub
heroic # install epic games cartridges # games launcher
protonup-qt # update proton-ge gamemode # optimizes linux to have better gaming performance
#minecraft # minecraft official launcher heroic # install epic games
ns-usbloader # load games into my switch protonup-qt # update proton-ge
# grapejuice # roblox manager #minecraft # minecraft official launcher
ns-usbloader # load games into my switch
# grapejuice # roblox manager
# emulators # emulators
rpcs3 # ps3 emulator rpcs3 # ps3 emulator
pcsx2 # ps2 emulator pcsx2 # ps2 emulator
cemu # wii u emulator cemu # wii u emulator
dolphin-emu # wii emulator dolphin-emu # wii emulator
#citra-nightly # 3Ds emulator #citra-nightly # 3Ds emulator
snes9x-gtk # snes emulator snes9x-gtk # snes emulator
ryujinx # switch emulator ryujinx # switch emulator
]) ++ [ ]) ++ [
polymc # minecraft launcher with mod support polymc # minecraft launcher with mod support
]; ];
}; };
} }

34
modules/apps/internet.nix
View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { };
in {
options.my.apps.internet.enable = lib.mkEnableOption "enable"; options.my.apps.internet.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.apps.internet.enable { config = lib.mkIf config.my.apps.internet.enable {
programs = { programs = {
@ -11,19 +9,21 @@ in {
}; };
}; };
services.psd.enable = true; services.psd.enable = true;
users.users.jawz.packages = (with pkgs; [ users.users.jawz.packages =
nextcloud-client # self-hosted google-drive alternative let vdhcoapp = pkgs.callPackage ../../pkgs/vdhcoapp/default.nix { };
fragments # beautiful torrent client in (with pkgs; [
protonmail-bridge # bridge for protonmail nextcloud-client # self-hosted google-drive alternative
tor-browser-bundle-bin # dark web, so dark! fragments # beautiful torrent client
chromium # web browser with spyware included protonmail-bridge # bridge for protonmail
telegram-desktop # furry chat tor-browser-bundle-bin # dark web, so dark!
nicotine-plus # remember Ares? chromium # web browser with spyware included
vesktop # screen share with audio discord telegram-desktop # furry chat
discord # :3 nicotine-plus # remember Ares?
# hugo # website engine vesktop # screen share with audio discord
]) ++ [ discord # :3
vdhcoapp # video download helper assistant # hugo # website engine
]; ]) ++ [
vdhcoapp # video download helper assistant
];
}; };
} }

15
modules/scripts.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }: { { ... }: {
imports = [ imports = [
./scripts/download.nix ./scripts/download.nix
./scripts/ffmpeg4discord.nix ./scripts/ffmpeg4discord.nix
@ -13,17 +13,4 @@
./scripts/tasks.nix ./scripts/tasks.nix
./scripts/update-dns.nix ./scripts/update-dns.nix
]; ];
my.scripts = {
download.enable = lib.mkDefault false;
ffmpeg4discord.enable = lib.mkDefault false;
ffmpreg.enable = lib.mkDefault false;
find-dup-episodes.enable = lib.mkDefault false;
manage-library.enable = lib.mkDefault false;
pika-list.enable = lib.mkDefault false;
run.enable = lib.mkDefault false;
split-dir.enable = lib.mkDefault false;
sub-sync.enable = lib.mkDefault false;
tasks.enable = lib.mkDefault false;
update-dns.enable = lib.mkDefault false;
};
} }

4
modules/scripts/download.nix
View File

@ -1,4 +1,4 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config = { config = {
home-manager.users.jawz = { home-manager.users.jawz = {
@ -25,7 +25,7 @@
}; };
users.users.jawz.packages = [ pkgs.gallery-dl ]; users.users.jawz.packages = [ pkgs.gallery-dl ];
my.scripts.download = { my.scripts.download = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "download"; name = "download";

4
modules/scripts/ffmpeg4discord.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.ffmpeg4discord = { config.my.scripts.ffmpeg4discord = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "ffmpeg4discord"; name = "ffmpeg4discord";

4
modules/scripts/ffmpreg.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.ffmpreg = { config.my.scripts.ffmpreg = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "ffmpreg"; name = "ffmpreg";

4
modules/scripts/find-dup-episode.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.find-dup-episodes = { config.my.scripts.find-dup-episodes = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "find-dup-episodes"; name = "find-dup-episodes";

4
modules/scripts/manage-library.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.manage-library = { config.my.scripts.manage-library = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = true; service = true;
name = "manage-library"; name = "manage-library";

4
modules/scripts/pika-list.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.pika-list = { config.my.scripts.pika-list = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "pika-list"; name = "pika-list";

4
modules/scripts/run.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.run = { config.my.scripts.run = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "run"; name = "run";

4
modules/scripts/split-dir.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.split-dir = { config.my.scripts.split-dir = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = false; service = false;
name = "split-dir"; name = "split-dir";

4
modules/scripts/tasks.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.tasks = { config.my.scripts.tasks = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = true; service = true;
name = "tasks"; name = "tasks";

4
modules/scripts/update-dns.nix
View File

@ -1,7 +1,7 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config.my.scripts.update-dns = { config.my.scripts.update-dns = {
enable = true; enable = lib.mkDefault false;
install = true; install = true;
service = true; service = true;
name = "update-dns"; name = "update-dns";

1
modules/shell/tools.nix
View File

@ -70,6 +70,7 @@
tldr # man for retards tldr # man for retards
trash-cli # oop! did not meant to delete that trash-cli # oop! did not meant to delete that
jq # linting jq # linting
smartmontools # check hard drie health
]; ];
environment.variables = { environment.variables = {
HISTFILE = "\${XDG_STATE_HOME}/bash/history"; HISTFILE = "\${XDG_STATE_HOME}/bash/history";

5
overlay.nix
View File

@ -11,7 +11,6 @@ self: super: {
]); ]);
}); });
}); });
lutris = super.lutris.override { lutris = super.lutris.override {
extraPkgs = pkgs: [ extraPkgs = pkgs: [
pkgs.winetricks pkgs.winetricks
@ -19,16 +18,12 @@ self: super: {
pkgs.wineWowPackages.stable pkgs.wineWowPackages.stable
]; ];
}; };
nerdfonts = super.nerdfonts.override { nerdfonts = super.nerdfonts.override {
fonts = [ "CascadiaCode" "ComicShannsMono" "Iosevka" ]; fonts = [ "CascadiaCode" "ComicShannsMono" "Iosevka" ];
}; };
fooyin = pkgsM.fooyin;
planify = pkgsU.planify; planify = pkgsU.planify;
gdtoolkit = pkgsU.gdtoolkit; gdtoolkit = pkgsU.gdtoolkit;
gallery-dl = pkgsU.gallery-dl; gallery-dl = pkgsU.gallery-dl;
ns-usbloader = pkgsU.ns-usbloader; ns-usbloader = pkgsU.ns-usbloader;
handbrake = super.handbrake.override { useGtk = true; }; handbrake = super.handbrake.override { useGtk = true; };
discord = super.discord.override { withOpenASAR = true; }; discord = super.discord.override { withOpenASAR = true; };

43
pkgs/fooyin/default.nix
View File

@ -1,43 +0,0 @@
{ stdenv, lib, fetchFromGitHub, cmake, pkg-config, alsa-lib, ffmpeg, kdePackages
, kdsingleapplication, pipewire, taglib }:
stdenv.mkDerivation (finalAttrs: {
pname = "fooyin";
version = "0.4.2";
src = fetchFromGitHub {
owner = "ludouzi";
repo = "fooyin";
rev = "v" + finalAttrs.version;
hash = "sha256-1U7eqXVcp0lO/X92oNQ3mWdozgJ1eroQPojscSWH6+I=";
};
buildInputs = [
alsa-lib
ffmpeg
kdsingleapplication
pipewire
kdePackages.qcoro
kdePackages.qtbase
kdePackages.qtsvg
taglib
];
nativeBuildInputs =
[ cmake pkg-config kdePackages.qttools kdePackages.wrapQtAppsHook ];
cmakeFlags = [
(lib.cmakeBool "BUILD_TESTING" (finalAttrs.doCheck or false))
(lib.cmakeBool "INSTALL_FHS" true)
];
env.LANG = "C.UTF-8";
meta = with lib; {
description = "A customisable music player";
mainProgram = "fooyin";
license = licenses.gpl3Only;
maintainers = with maintainers; [ peterhoeg ];
platforms = platforms.all;
};
})