genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add linting, formatting, and CI with fixes for all warnings

Browse source 
Infrastructure:
- Add deadnix, nixfmt, and statix to flake inputs
- Add formatter output to flake for nix fmt support
- Add deadnix, nixfmt, statix to Home Manager packages
- Add GitHub Actions workflow for CI validation
- Add .pre-commit-config.yaml with hooks for nixfmt, deadnix, and statix
- Support x86_64-darwin in formatter

Statix fixes (W10/W20 warnings):
- Remove unused lambda argument from nixpkgs-settings.nix
- Merge repeated keys in hardware-configuration.nix files (boot.initrd, boot, fileSystems)
- Merge repeated keys in nixnuc/default.nix (services, virtualisation)
- Merge repeated keys in rainbow-planet/default.nix (desktopManager)
- Merge repeated keys in home/general/default.nix (home)

Deadnix fixes (unused declarations):
- Remove unused pkgs/lib/username/http_port arguments from various files
- Fix unused final parameter in overlay functions (final -> _final)

CI/pre-commit fixes:
- Fix pre-commit statix config: add pass_filenames: false
- Fix CI workflow: use nix run nixpkgs# prefix and --ci flag for nixfmt
This commit is contained in:
Gene Liverman 2026-03-20 22:11:58 -04:00
parent 5047d93b86
commit 9b3c078319
No known key found for this signature in database
78 changed files with 1662 additions and 955 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/hosts/nixos/bigboy/default.nix
View file

@ -1,14 +1,20 @@
{ config, pkgs, username, ... }:
let
libbluray = pkgs.libbluray.override {
withAACS = true;
withBDplus = true;
withJava = true;
};
vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
in
{
imports = [ # Include the results of the hardware scan.
config,
pkgs,
username,
...
}:
let
libbluray = pkgs.libbluray.override {
withAACS = true;
withBDplus = true;
withJava = true;
};
vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../../shared/nixos/flatpaks.nix
../../../shared/nixos/ripping.nix
@ -43,7 +49,6 @@
zoom-us
];
networking.networkmanager.enable = true;
programs = {
@ -118,10 +123,15 @@
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" "dialout" "input" ];
extraGroups = [
"networkmanager"
"wheel"
"dialout"
"input"
];
packages = with pkgs; [
kdePackages.kate
# thunderbird
# thunderbird
];
};
}

55
modules/hosts/nixos/bigboy/hardware-configuration.nix
View file

@ -1,32 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
"sg"
];
extraModulePackages = [ ];
};
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "sg" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/59CB-16DE";
"/boot" = {
device = "/dev/disk/by-uuid/59CB-16DE";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices =
[ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
];
swapDevices = [
{ device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

4
modules/hosts/nixos/bigboy/home-gene.nix
View file

@ -1,4 +1,5 @@
{ ... }: {
{ ... }:
{
home.stateVersion = "24.05";
imports = [
../../../shared/home/general/all-gui.nix
@ -27,4 +28,3 @@
};
};
}

15
modules/hosts/nixos/default.nix
View file

@ -1,10 +1,19 @@
{ hostname, pkgs, username, ... }: {
{
hostname,
pkgs,
username,
...
}:
{
imports = [
../shared/nixos/internationalisation.nix
../shared/nixos/internationalisation.nix
];
environment = {
shells = with pkgs; [ bash zsh ];
shells = with pkgs; [
bash
zsh
];
systemPackages = with pkgs; [
age
dconf2nix

28
modules/hosts/nixos/hetznix01/default.nix
View file

@ -1,4 +1,9 @@
{ inputs, pkgs, username, ... }: {
{
pkgs,
username,
...
}:
{
imports = [
../../../shared/nixos/nixroutes.nix
./disk-config.nix
@ -24,14 +29,14 @@
networking = {
# Open ports in the firewall.
firewall.allowedTCPPorts = [
22 # ssh
25 # SMTP (unencrypted)
80 # http to local Nginx
143 # imap
443 # https to local Nginx
465 # SMTP with TLS
587 # SMTP with STARTTLS
993 # imaps
22 # ssh
25 # SMTP (unencrypted)
80 # http to local Nginx
143 # imap
443 # https to local Nginx
465 # SMTP with TLS
587 # SMTP with STARTTLS
993 # imaps
1883 # mqtt
8333 # Bitcoin Core
8448 # Matrix Synapse
@ -88,7 +93,10 @@
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
extraGroups = [
"networkmanager"
"wheel"
];
linger = true;
};
}

26
modules/hosts/nixos/hetznix01/hardware-configuration.nix
View file

@ -4,14 +4,25 @@
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot = {
initrd = {
availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."pack1828" = {
device = "/dev/disk/by-id/scsi-0HC_Volume_102600992";
@ -25,4 +36,3 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

4
modules/hosts/nixos/hetznix01/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: {
home.stateVersion = "24.05";
{
home.stateVersion = "24.05";
}

6
modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix
View file

@ -1,6 +1,8 @@
{ config, username, ... }: let
{ config, username, ... }:
let
volume_base = "/var/lib/emqx";
in {
in
{
# Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html
virtualisation.oci-containers.containers = {
"emqx" = {

71
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -1,7 +1,15 @@
{ config, lib, pkgs, username, ... }: let
{
config,
lib,
pkgs,
username,
...
}:
let
domain = "technicalissues.us";
restic_backup_time = "01:00";
in {
in
{
imports = [
../../../../shared/nixos/lets-encrypt.nix
../../../../shared/nixos/restic.nix
@ -26,7 +34,7 @@ in {
# Listen on loopback interface only, and accept requests from ::1
net = {
listen = "loopback";
post_allow.host = ["::1"];
post_allow.host = [ "::1" ];
};
# Restrict loading documents from WOPI Host nextcloud.example.com
@ -162,14 +170,14 @@ in {
};
matrix_secrets_yaml = {
owner = config.users.users.matrix-synapse.name;
restartUnits = ["matrix-synapse.service"];
restartUnits = [ "matrix-synapse.service" ];
};
matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name;
mqtt_recorder_pass.restartUnits = ["mosquitto.service"];
mqtt_recorder_pass.restartUnits = [ "mosquitto.service" ];
nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
owntracks_basic_auth = {
owner = config.users.users.nginx.name;
restartUnits = ["nginx.service"];
restartUnits = [ "nginx.service" ];
};
plausible_admin_pass.owner = config.users.users.nginx.name;
plausible_secret_key_base.owner = config.users.users.nginx.name;
@ -180,31 +188,36 @@ in {
};
systemd.services = {
nextcloud-config-collabora = let
inherit (config.services.nextcloud) occ;
nextcloud-config-collabora =
let
inherit (config.services.nextcloud) occ;
wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
public_wopi_url = "https://collabora.pack1828.org";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
"5.161.244.95"
"2a01:4ff:f0:977c::1"
];
in {
wantedBy = ["multi-user.target"];
after = ["nextcloud-setup.service" "coolwsd.service"];
requires = ["coolwsd.service"];
script = ''
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
public_wopi_url = "https://collabora.pack1828.org";
wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1"
"::1"
"5.161.244.95"
"2a01:4ff:f0:977c::1"
];
in
{
wantedBy = [ "multi-user.target" ];
after = [
"nextcloud-setup.service"
"coolwsd.service"
];
requires = [ "coolwsd.service" ];
script = ''
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
};
};
};
# Enable common container config files in /etc/containers

5
modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix
View file

@ -1,4 +1,5 @@
{ config, ... }: {
{ config, ... }:
{
services.matrix-synapse = {
enable = true;
configureRedisLocally = true;
@ -33,7 +34,7 @@
];
url_preview_enabled = true;
enable_registration = false;
trusted_key_servers = [{ server_name = "matrix.org"; }];
trusted_key_servers = [ { server_name = "matrix.org"; } ];
};
};

21
modules/hosts/nixos/hetznix01/post-install/monitoring.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let
{ config, pkgs, ... }:
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in {
in
{
services = {
vmagent = {
enable = true;
@ -14,11 +16,11 @@ in {
{
job_name = "node";
static_configs = [
{ targets = ["127.0.0.1:9100"]; }
{ targets = [ "127.0.0.1:9100" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -35,11 +37,11 @@ in {
{
job_name = "nginx";
static_configs = [
{ targets = ["127.0.0.1:9113"]; }
{ targets = [ "127.0.0.1:9113" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -77,7 +79,7 @@ in {
# ----------------------------
# Exporters (using built-in NixOS modules)
# ----------------------------
# Node exporter - using the built-in module
prometheus.exporters.node = {
enable = true;
@ -110,7 +112,7 @@ in {
group = "vmagent";
};
users.groups.vmagent = {};
users.groups.vmagent = { };
# ----------------------------
# SOPS secrets configuration
@ -119,10 +121,9 @@ in {
secrets = {
vmagent_push_pw = {
owner = "vmagent";
restartUnits = ["vmagent.service"];
restartUnits = [ "vmagent.service" ];
sopsFile = ../../../../shared/secrets.yaml;
};
};
};
}

137
modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
View file

@ -1,16 +1,21 @@
{ config, ... }: let
{ config, ... }:
let
mqtt_domain = "mqtt.technicalissues.us";
in {
security.acme.certs.${mqtt_domain}.postRun = "systemctl restart ${config.systemd.services.mosquitto.name}";
in
{
security.acme.certs.${mqtt_domain}.postRun =
"systemctl restart ${config.systemd.services.mosquitto.name}";
services.mosquitto = {
enable = true;
bridges = {
liamcottle = {
addresses = [{
address = "mqtt.meshtastic.liamcottle.net";
port = 1883;
}];
addresses = [
{
address = "mqtt.meshtastic.liamcottle.net";
port = 1883;
}
];
topics = [
"msh/# out 1 \"\""
];
@ -24,10 +29,12 @@ in {
};
};
meshtastic = {
addresses = [{
address = "mqtt.meshtastic.org";
port = 1883;
}];
addresses = [
{
address = "mqtt.meshtastic.org";
port = 1883;
}
];
topics = [
"msh/# out 1 \"\""
];
@ -42,10 +49,12 @@ in {
};
};
homeassistant = {
addresses = [{
address = "homeasistant-lc.atlas-snares.ts.net";
port = 1883;
}];
addresses = [
{
address = "homeasistant-lc.atlas-snares.ts.net";
port = 1883;
}
];
topics = [
"msh/US/2/e/LongFast/!a386c80 out 1 \"\""
"msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
@ -62,53 +71,59 @@ in {
};
};
};
listeners = let
mqtt_users = {
genebean = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
listeners =
let
mqtt_users = {
genebean = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
};
mountain_mesh = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
};
};
mountain_mesh = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
};
};
in [
{
port = 1883;
users = mqtt_users;
settings.allow_anonymous = false;
}
{
port = 8883;
users = mqtt_users;
settings = let
certDir = config.security.acme.certs."${mqtt_domain}".directory;
in {
allow_anonymous = false;
keyfile = certDir + "/key.pem";
certfile = certDir + "/cert.pem";
cafile = certDir + "/chain.pem";
};
}
{
port = 9001;
users = mqtt_users;
settings = let
certDir = config.security.acme.certs."${mqtt_domain}".directory;
in {
allow_anonymous = false;
keyfile = certDir + "/key.pem";
certfile = certDir + "/cert.pem";
cafile = certDir + "/chain.pem";
protocol = "websockets";
};
}
];
in
[
{
port = 1883;
users = mqtt_users;
settings.allow_anonymous = false;
}
{
port = 8883;
users = mqtt_users;
settings =
let
certDir = config.security.acme.certs."${mqtt_domain}".directory;
in
{
allow_anonymous = false;
keyfile = certDir + "/key.pem";
certfile = certDir + "/cert.pem";
cafile = certDir + "/chain.pem";
};
}
{
port = 9001;
users = mqtt_users;
settings =
let
certDir = config.security.acme.certs."${mqtt_domain}".directory;
in
{
allow_anonymous = false;
keyfile = certDir + "/key.pem";
certfile = certDir + "/cert.pem";
cafile = certDir + "/chain.pem";
protocol = "websockets";
};
}
];
};
sops.secrets = {

43
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -1,9 +1,11 @@
{ config, ... }: let
{ config, ... }:
let
domain = "technicalissues.us";
http_port = 80;
https_port = 443;
private_btc = "umbrel.atlas-snares.ts.net";
in {
in
{
services.nginx = {
enable = true;
@ -134,14 +136,36 @@ in {
};
"matrix.${domain}" = {
listen = [
{ port = http_port; addr = "0.0.0.0"; }
{ port = http_port; addr = "[::]"; }
{
port = http_port;
addr = "0.0.0.0";
}
{
port = http_port;
addr = "[::]";
}
{ port = https_port; addr = "0.0.0.0"; ssl = true; }
{ port = https_port; addr = "[::]"; ssl = true; }
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
{
port = https_port;
addr = "[::]";
ssl = true;
}
{ port = 8448; addr = "0.0.0.0"; ssl = true; }
{ port = 8448; addr = "[::]"; ssl = true; }
{
port = 8448;
addr = "0.0.0.0";
ssl = true;
}
{
port = 8448;
addr = "[::]";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
@ -195,7 +219,8 @@ in {
"/" = {
proxyPass = "http://127.0.0.1:8083";
};
"/pub" = { # Client apps need to point to this path
"/pub" = {
# Client apps need to point to this path
extraConfig = "proxy_set_header X-Limit-U $remote_user;";
proxyPass = "http://127.0.0.1:8083/pub";
};

19
modules/hosts/nixos/hetznix02/default.nix
View file

@ -1,4 +1,10 @@
{ inputs, pkgs, username, ... }: {
{
inputs,
pkgs,
username,
...
}:
{
imports = [
../../../shared/nixos/nixroutes.nix
./disk-config.nix
@ -29,9 +35,9 @@
networking = {
# Open ports in the firewall.
firewall.allowedTCPPorts = [
22 # ssh
80 # Nginx
443 # Nginx
22 # ssh
80 # Nginx
443 # Nginx
];
# firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
@ -56,7 +62,10 @@
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
extraGroups = [
"networkmanager"
"wheel"
];
linger = true;
};

8
modules/hosts/nixos/hetznix02/disk-config.nix
View file

@ -44,10 +44,10 @@
content = {
type = "gpt";
partitions = {
nix = {
name = "nix";
size = "100%";
content = {
nix = {
name = "nix";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";

31
modules/hosts/nixos/hetznix02/hardware-configuration.nix
View file

@ -4,34 +4,43 @@
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ];
availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" =
{ device = "/dev/disk/by-partlabel/disk-primary-root";
fileSystems = {
"/" = {
device = "/dev/disk/by-partlabel/disk-primary-root";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-partlabel/disk-primary-ESP";
"/boot" = {
device = "/dev/disk/by-partlabel/disk-primary-ESP";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-partlabel/disk-volume1-nix";
"/nix" = {
device = "/dev/disk/by-partlabel/disk-volume1-nix";
fsType = "ext4";
};
};
swapDevices = [ ];

2
modules/hosts/nixos/hetznix02/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: {
{
home.stateVersion = "24.05";
}

4
modules/hosts/nixos/hetznix02/post-install/default.nix
View file

@ -1,4 +1,5 @@
{ config, username, ... }: {
{ config, username, ... }:
{
imports = [
../../../../shared/nixos/lets-encrypt.nix
./monitoring.nix
@ -23,4 +24,3 @@
};
};
}

21
modules/hosts/nixos/hetznix02/post-install/monitoring.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let
{ config, pkgs, ... }:
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in {
in
{
services = {
vmagent = {
enable = true;
@ -14,11 +16,11 @@ in {
{
job_name = "node";
static_configs = [
{ targets = ["127.0.0.1:9100"]; }
{ targets = [ "127.0.0.1:9100" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -35,11 +37,11 @@ in {
{
job_name = "nginx";
static_configs = [
{ targets = ["127.0.0.1:9113"]; }
{ targets = [ "127.0.0.1:9113" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -77,7 +79,7 @@ in {
# ----------------------------
# Exporters (using built-in NixOS modules)
# ----------------------------
# Node exporter - using the built-in module
prometheus.exporters.node = {
enable = true;
@ -110,7 +112,7 @@ in {
group = "vmagent";
};
users.groups.vmagent = {};
users.groups.vmagent = { };
# ----------------------------
# SOPS secrets configuration
@ -119,10 +121,9 @@ in {
secrets = {
vmagent_push_pw = {
owner = "vmagent";
restartUnits = ["vmagent.service"];
restartUnits = [ "vmagent.service" ];
sopsFile = ../../../../shared/secrets.yaml;
};
};
};
}

7
modules/hosts/nixos/hetznix02/post-install/nginx.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }: let
{ pkgs, ... }:
let
domain = "genebean.me";
in {
in
{
environment.etc.nginx-littlelinks = {
# Info generated via
# nurl https://github.com/genebean/littlelink genebean-sometag

48
modules/hosts/nixos/kiosk-entryway/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, username, ... }: {
{
config,
lib,
pkgs,
username,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
@ -42,7 +49,7 @@
# Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks
"Gallery Row-GuestWiFi" = {};
"Gallery Row-GuestWiFi" = { };
"LocalTies Guest".pskRaw = "ext:psk_local_ties";
};
secretsFile = "${config.sops.secrets.wifi_creds.path}";
@ -50,26 +57,27 @@
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
(_final: super: {
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
services = {
cage = let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in {
enable = true;
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
cage =
let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in
{
enable = true;
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
};
};
prometheus.exporters.node = {
enable = true;
enabledCollectors = [
@ -115,7 +123,10 @@
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
extraGroups = [
"networkmanager"
"wheel"
];
linger = true;
};
@ -125,4 +136,3 @@
memoryPercent = 90;
};
}

32
modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix
View file

@ -1,17 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

3
modules/hosts/nixos/kiosk-entryway/home-gene.nix
View file

@ -1,4 +1,4 @@
{ ... }: {
{
home.stateVersion = "24.11";
programs = {
@ -21,4 +21,3 @@
};
}

21
modules/hosts/nixos/kiosk-entryway/monitoring.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let
{ config, pkgs, ... }:
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in {
in
{
services = {
vmagent = {
enable = true;
@ -14,11 +16,11 @@ in {
{
job_name = "node";
static_configs = [
{ targets = ["127.0.0.1:9100"]; }
{ targets = [ "127.0.0.1:9100" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -35,11 +37,11 @@ in {
{
job_name = "nginx";
static_configs = [
{ targets = ["127.0.0.1:9113"]; }
{ targets = [ "127.0.0.1:9113" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -77,7 +79,7 @@ in {
# ----------------------------
# Exporters (using built-in NixOS modules)
# ----------------------------
# Node exporter - using the built-in module
prometheus.exporters.node = {
enable = true;
@ -110,7 +112,7 @@ in {
group = "vmagent";
};
users.groups.vmagent = {};
users.groups.vmagent = { };
# ----------------------------
# SOPS secrets configuration
@ -119,10 +121,9 @@ in {
secrets = {
vmagent_push_pw = {
owner = "vmagent";
restartUnits = ["vmagent.service"];
restartUnits = [ "vmagent.service" ];
sopsFile = ../../../../shared/secrets.yaml;
};
};
};
}

49
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -1,4 +1,12 @@
{ inputs, config, lib, pkgs, username, ... }: {
{
inputs,
config,
lib,
pkgs,
username,
...
}:
{
imports = [
# SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
@ -34,7 +42,7 @@
# Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks
"Gallery Row-GuestWiFi" = {};
"Gallery Row-GuestWiFi" = { };
"LocalTies Guest".pskRaw = "ext:psk_local_ties";
};
secretsFile = "${config.sops.secrets.wifi_creds.path}";
@ -42,28 +50,29 @@
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
(_final: super: {
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
sdImage.compressImage = true;
services = {
cage = let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in {
enable = true;
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
cage =
let
kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
/etc/profiles/per-user/gene/bin/chromium-browser
'';
in
{
enable = true;
program = kioskProgram;
user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
};
};
prometheus.exporters.node = {
enable = true;
enabledCollectors = [
@ -108,7 +117,10 @@
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ];
extraGroups = [
"networkmanager"
"wheel"
];
linger = true;
};
@ -118,4 +130,3 @@
memoryPercent = 90;
};
}

3
modules/hosts/nixos/kiosk-gene-desk/home-gene.nix
View file

@ -1,4 +1,4 @@
{ ... }: {
{
home.stateVersion = "24.11";
programs = {
@ -20,4 +20,3 @@
};
}

14
modules/hosts/nixos/nixnas1/default.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, username, ... }: {
{
config,
pkgs,
username,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
@ -17,16 +23,16 @@
device = "nodev";
mirroredBoots = [
{
devices = ["/dev/disk/by-uuid/02A5-6FCC"];
devices = [ "/dev/disk/by-uuid/02A5-6FCC" ];
path = "/boot";
}
{
devices = ["/dev/disk/by-uuid/02F1-B12D"];
devices = [ "/dev/disk/by-uuid/02F1-B12D" ];
path = "/boot-fallback";
}
];
};
supportedFilesystems = ["zfs"];
supportedFilesystems = [ "zfs" ];
zfs = {
extraPools = [ "storage" ];
forceImportRoot = false;

3
modules/hosts/nixos/nixnas1/disk-config.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{
disko.devices = {
disk = {
@ -124,4 +123,4 @@
}; # end zroot
};
};
}
}

78
modules/hosts/nixos/nixnas1/hardware-configuration.nix
View file

@ -1,46 +1,72 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "nvme" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot = {
initrd = {
availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
];
kernelModules = [ "nvme" ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" =
{ device = "zroot/root";
fileSystems = {
"/" = {
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "zroot/root/nix";
"/nix" = {
device = "zroot/root/nix";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zroot/root/home";
"/home" = {
device = "zroot/root/home";
fsType = "zfs";
};
fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/02A5-6FCC";
{ device = "/dev/disk/by-partlabel/disk-sdc-BOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
"/boot" =
# { device = "/dev/disk/by-uuid/02A5-6FCC";
{
device = "/dev/disk/by-partlabel/disk-sdc-BOOT";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/boot-fallback" =
# { device = "/dev/disk/by-uuid/02F1-B12D";
{ device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
"/boot-fallback" =
# { device = "/dev/disk/by-uuid/02F1-B12D";
{
device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
swapDevices = [ ];

4
modules/hosts/nixos/nixnas1/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: {
home.stateVersion = "24.05";
{
home.stateVersion = "24.05";
}

6
modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix
View file

@ -1,7 +1,9 @@
{ ... }: let
_:
let
volume_base = "/var/lib/audiobookshelf";
http_port = "13378";
in {
in
{
# Audiobookshelf
virtualisation.oci-containers.containers = {

10
modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix
View file

@ -1,6 +1,8 @@
{ config, username, ... }: let
{ config, ... }:
let
volume_base = "/orico/mountain-mesh-bot-discord";
in {
in
{
# My mountain-mesh-bot-discord container
virtualisation.oci-containers.containers = {
@ -17,6 +19,8 @@ in {
sops.secrets.mtnmesh_bot_dot_env = {
path = "${volume_base}/.env";
restartUnits = [ "${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}" ];
restartUnits = [
"${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}"
];
};
}

7
modules/hosts/nixos/nixnuc/containers/psitransfer.nix
View file

@ -1,8 +1,10 @@
{ config, ... }: let
{ config, ... }:
let
volume_base = "/orico/psitransfer";
http_port = "3000";
psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}";
in {
in
{
#############################################################################
# My intent as of now is to only make this available to the outside world #
@ -29,4 +31,3 @@ in {
};
};
}

235
modules/hosts/nixos/nixnuc/default.nix
View file

@ -1,10 +1,17 @@
{ inputs, config, pkgs, username, ... }: let
http_port = 80;
{
inputs,
config,
pkgs,
username,
...
}:
let
https_port = 443;
home_domain = "home.technicalissues.us";
backend_ip = "127.0.0.1";
restic_backup_time = "02:00";
in {
in
{
imports = [
./hardware-configuration.nix
./containers/audiobookshelf.nix
@ -31,7 +38,9 @@ in {
};
environment = {
sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
systemPackages = with pkgs; [
inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default
docker-compose
@ -57,7 +66,7 @@ in {
intel-ocl # Generic OpenCL support
];
};
mailserver = {
enable = true;
enableImap = false;
@ -81,26 +90,26 @@ in {
# Open ports in the firewall.
firewall = {
allowedTCPPorts = [
22 # ssh
80 # http to local Nginx
443 # https to local Nginx
3000 # PsiTransfer in oci-container
3001 # immich-kiosk in compose
3002 # grafana
3005 # Firefly III
3006 # Firefly III Data Importer
3030 # Forgejo
3087 # Youtarr in docker compose
8001 # Tube Archivist
8384 # Syncthing gui
8888 # Atuin
8090 # Wallabag in docker compose
8945 # Pinchflat
22 # ssh
80 # http to local Nginx
443 # https to local Nginx
3000 # PsiTransfer in oci-container
3001 # immich-kiosk in compose
3002 # grafana
3005 # Firefly III
3006 # Firefly III Data Importer
3030 # Forgejo
3087 # Youtarr in docker compose
8001 # Tube Archivist
8384 # Syncthing gui
8888 # Atuin
8090 # Wallabag in docker compose
8945 # Pinchflat
13378 # Audiobookshelf in oci-container
];
allowedUDPPorts = [
1900 # Jellyfin service auto-discovery
7359 # Jellyfin auto-discovery
1900 # Jellyfin service auto-discovery
7359 # Jellyfin auto-discovery
];
};
# Or disable the firewall altogether.
@ -112,23 +121,24 @@ in {
networkmanager.enable = false;
useNetworkd = true;
vlans = {
vlan23 = { id = 23; interface = "eno1"; };
vlan23 = {
id = 23;
interface = "eno1";
};
};
interfaces = {
eno1.useDHCP = true;
vlan23.ipv4.addresses = [{ address = "192.168.23.21"; prefixLength = 24; }];
vlan23.ipv4.addresses = [
{
address = "192.168.23.21";
prefixLength = 24;
}
];
};
};
# Enable sound with pipewire.
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.pulseaudio.enable = false;
programs = {
mtr.enable = true;
@ -136,6 +146,13 @@ in {
# List services that you want to enable:
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
pulseaudio.enable = false;
atuin = {
enable = true;
host = "127.0.0.1";
@ -311,7 +328,11 @@ in {
"nix-tester.${home_domain}"
];
listen = [
{ port = https_port; addr = "0.0.0.0"; ssl = true; }
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
@ -331,7 +352,13 @@ in {
};
};
"ab.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -342,17 +369,41 @@ in {
'';
};
"atuin.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://${backend_ip}:8888";
};
# budget.${home_domain}
"${config.services.firefly-iii.virtualHost}".listen = [{ port = 3005; addr = "0.0.0.0"; ssl = false; }];
"${config.services.firefly-iii-data-importer.virtualHost}".listen = [{ port = 3006; addr = "0.0.0.0"; ssl = false; }];
"${config.services.firefly-iii.virtualHost}".listen = [
{
port = 3005;
addr = "0.0.0.0";
ssl = false;
}
];
"${config.services.firefly-iii-data-importer.virtualHost}".listen = [
{
port = 3006;
addr = "0.0.0.0";
ssl = false;
}
];
"git.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -362,7 +413,13 @@ in {
'';
};
"id.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -374,7 +431,13 @@ in {
'';
};
"immich.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -388,7 +451,13 @@ in {
'';
};
"immich-kiosk.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -403,7 +472,13 @@ in {
'';
};
"jellyfin.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -428,7 +503,13 @@ in {
'';
};
"mealie.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -438,7 +519,13 @@ in {
'';
};
"monitoring.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -469,7 +556,13 @@ in {
'';
};
"readit.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true;
acmeRoot = null;
forceSSL = true;
@ -557,7 +650,7 @@ in {
secrets = {
firefly_app_key = {
owner = config.services.firefly-iii.user;
restartUnits = ["nginx.service"];
restartUnits = [ "nginx.service" ];
};
firefly_pat_data_import = {
owner = config.services.firefly-iii-data-importer.user;
@ -582,7 +675,7 @@ in {
};
immich_kiosk_basic_auth = {
owner = config.users.users.nginx.name;
restartUnits = ["nginx.service"];
restartUnits = [ "nginx.service" ];
};
local_git_config = {
owner = "${username}";
@ -594,12 +687,12 @@ in {
};
mealie = {
mode = "0444";
restartUnits = ["mealie.service"];
restartUnits = [ "mealie.service" ];
};
nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
nginx_basic_auth = {
owner = "nginx";
restartUnits = ["nginx.service"];
restartUnits = [ "nginx.service" ];
};
tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ];
@ -610,38 +703,44 @@ in {
systemd.services = {
jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
"mealie" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
"nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
};
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "docker" "podman" "networkmanager" "wheel" ];
extraGroups = [
"docker"
"podman"
"networkmanager"
"wheel"
];
linger = true;
};
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";
# Compose based apps were crashing with podman compose, so back to Docker...
docker = {
enable = true;
package = pkgs.docker;
};
podman = {
enable = true;
autoPrune.enable = true;
#dockerCompat = true;
extraPackages = [ pkgs.zfs ]; # Required if the host is running ZFS
virtualisation.oci-containers.backend = "podman";
# Compose based apps were crashing with podman compose, so back to Docker...
virtualisation.docker.enable = true;
virtualisation.docker.package = pkgs.docker;
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
#dockerCompat = true;
extraPackages = [ pkgs.zfs ]; # Required if the host is running ZFS
# Required for container networking to be able to use names.
defaultNetwork.settings.dns_enabled = true;
# Required for container networking to be able to use names.
defaultNetwork.settings.dns_enabled = true;
};
};
}

54
modules/hosts/nixos/nixnuc/hardware-configuration.nix
View file

@ -1,42 +1,60 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4814-3E47";
"/boot" = {
device = "/dev/disk/by-uuid/4814-3E47";
fsType = "vfat";
};
fileSystems."/var/lib/audiobookshelf" =
{ device = "orico/audiobookshelf";
"/var/lib/audiobookshelf" = {
device = "orico/audiobookshelf";
fsType = "zfs";
};
fileSystems."/var/lib/postgresql" =
{ device = "orico/postgresql-data";
"/var/lib/postgresql" = {
device = "orico/postgresql-data";
fsType = "zfs";
};
fileSystems."/var/lib/postgresql/16/pg_wal" =
{ device = "orico/postgresql-wal-16";
"/var/lib/postgresql/16/pg_wal" = {
device = "orico/postgresql-wal-16";
fsType = "zfs";
};
};
# Second disk inside case
#fileSystems."/var/lib/postgresql" =

4
modules/hosts/nixos/nixnuc/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: {
home.stateVersion = "23.11";
{
home.stateVersion = "23.11";
}

109
modules/hosts/nixos/nixnuc/monitoring-stack.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let
{ config, pkgs, ... }:
let
home_domain = "home.technicalissues.us";
in {
in
{
environment.systemPackages = with pkgs; [
# Keeping empty for manual testing if needed
];
@ -25,7 +27,7 @@ in {
# ----------------------------
victoriametrics = {
enable = true;
stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix
stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix
package = pkgs.victoriametrics;
};
@ -47,21 +49,24 @@ in {
static_configs = [
{
targets = [
"127.0.0.1:9100" # nixnuc
"192.168.22.22:9100" # home assistant
"127.0.0.1:9100" # nixnuc
"192.168.22.22:9100" # home assistant
"umbrel:9100"
];
}
];
metric_relabel_configs = [
{
source_labels = ["__name__" "nodename"];
source_labels = [
"__name__"
"nodename"
];
regex = "node_uname_info;0d869efa-prometheus-node-exporter";
target_label = "nodename";
replacement = "homeassistant";
}
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -84,11 +89,11 @@ in {
{
job_name = "cadvisor";
static_configs = [
{ targets = ["127.0.0.1:8081"]; }
{ targets = [ "127.0.0.1:8081" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -105,11 +110,11 @@ in {
{
job_name = "nginx";
static_configs = [
{ targets = ["127.0.0.1:9113"]; }
{ targets = [ "127.0.0.1:9113" ]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
@ -128,7 +133,7 @@ in {
scrape_interval = "30s";
metrics_path = "/api/prometheus";
static_configs = [
{ targets = ["192.168.22.22:8123"]; }
{ targets = [ "192.168.22.22:8123" ]; }
];
bearer_token_file = config.sops.secrets.home_assistant_token.path;
relabel_configs = [
@ -145,7 +150,7 @@ in {
scheme = "https";
scrape_interval = "30s";
static_configs = [
{ targets = ["utk.technicalissues.us"]; }
{ targets = [ "utk.technicalissues.us" ]; }
];
basic_auth = {
password_file = config.sops.secrets.uptimekuma_grafana_api_key.path;
@ -153,19 +158,19 @@ in {
};
metric_relabel_configs = [
{
source_labels = ["monitor_hostname"];
source_labels = [ "monitor_hostname" ];
regex = "^null$";
replacement = "";
target_label = "monitor_hostname";
}
{
source_labels = ["monitor_port"];
source_labels = [ "monitor_port" ];
regex = "^null$";
replacement = "";
target_label = "monitor_port";
}
{
source_labels = ["monitor_url"];
source_labels = [ "monitor_url" ];
regex = "https:\/\/";
replacement = "";
target_label = "monitor_url";
@ -211,17 +216,16 @@ in {
datasources.settings.datasources = [
{
name = "VictoriaMetrics";
type = "victoriametrics-metrics-datasource";
name = "VictoriaMetrics";
type = "victoriametrics-metrics-datasource";
access = "proxy";
url = "http://127.0.0.1:8428";
url = "http://127.0.0.1:8428";
isDefault = true;
uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules
uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules
}
];
};
settings = {
auth = {
# Set to true to disable (hide) the login form, useful if you use OAuth
@ -229,36 +233,36 @@ in {
};
"auth.generic_oauth" = {
name = "Pocket ID";
enabled = true;
name = "Pocket ID";
enabled = true;
# Use Grafana's file reference syntax for secrets
client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}";
client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}";
client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}";
client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}";
auth_style = "AutoDetect";
scopes = "openid email profile groups";
auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize";
token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token";
allow_sign_up = true;
auto_login = true;
name_attribute_path = "display_name";
login_attribute_path = "preferred_username";
email_attribute_name = "email:primary";
email_attribute_path = "email";
role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'";
role_attribute_strict = false;
auth_style = "AutoDetect";
scopes = "openid email profile groups";
auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize";
token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token";
allow_sign_up = true;
auto_login = true;
name_attribute_path = "display_name";
login_attribute_path = "preferred_username";
email_attribute_name = "email:primary";
email_attribute_path = "email";
role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'";
role_attribute_strict = false;
allow_assign_grafana_admin = true;
skip_org_role_sync = false;
use_pkce = true;
use_refresh_token = false;
tls_skip_verify_insecure = false;
skip_org_role_sync = false;
use_pkce = true;
use_refresh_token = false;
tls_skip_verify_insecure = false;
};
# Database configuration - use PostgreSQL with peer authentication
database = {
type = "postgres";
host = "/run/postgresql"; # Use Unix socket instead of TCP
host = "/run/postgresql"; # Use Unix socket instead of TCP
name = "grafana";
user = "grafana";
# No password needed - using peer authentication via Unix socket
@ -266,10 +270,10 @@ in {
# Server configuration
server = {
domain = "monitoring.${home_domain}";
http_addr = "0.0.0.0";
http_port = 3002;
root_url = "https://monitoring.${home_domain}/grafana/";
domain = "monitoring.${home_domain}";
http_addr = "0.0.0.0";
http_port = 3002;
root_url = "https://monitoring.${home_domain}/grafana/";
serve_from_sub_path = true;
};
@ -286,7 +290,7 @@ in {
# ----------------------------
# Exporters (using built-in NixOS modules)
# ----------------------------
# Node exporter - using the built-in module
prometheus.exporters.node = {
enable = true;
@ -332,7 +336,7 @@ in {
group = "vmagent";
};
users.groups.vmagent = {};
users.groups.vmagent = { };
# ----------------------------
# Systemd service dependencies
@ -350,19 +354,19 @@ in {
secrets = {
grafana_oauth_client_id = {
owner = "grafana";
restartUnits = ["grafana.service"];
restartUnits = [ "grafana.service" ];
};
grafana_oauth_client_secret = {
owner = "grafana";
restartUnits = ["grafana.service"];
restartUnits = [ "grafana.service" ];
};
home_assistant_token = {
owner = "vmagent";
restartUnits = ["vmagent.service"];
restartUnits = [ "vmagent.service" ];
};
uptimekuma_grafana_api_key = {
owner = "vmagent";
restartUnits = ["vmagent.service"];
restartUnits = [ "vmagent.service" ];
sopsFile = ../../../shared/secrets.yaml;
};
};
@ -378,4 +382,3 @@ in {
];
};
}

31
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -1,4 +1,11 @@
{ inputs, config, pkgs, username, ... }: {
{
inputs,
config,
pkgs,
username,
...
}:
{
imports = [
./hardware-configuration.nix
../../../shared/nixos/flatpaks.nix
@ -14,7 +21,7 @@
};
loader = {
efi.canTouchEfiVariables = true;
systemd-boot= {
systemd-boot = {
enable = true;
consoleMode = "1";
};
@ -108,9 +115,13 @@
boinc.enable = true;
bpftune.enable = true;
dbus.implementation = "broker";
desktopManager.cosmic.enable = false;
desktopManager.cosmic.xwayland.enable = false;
desktopManager.plasma6.enable = true;
desktopManager = {
cosmic = {
enable = false;
xwayland.enable = false;
};
plasma6.enable = true;
};
displayManager.cosmic-greeter.enable = false;
displayManager.sddm = {
enable = true;
@ -179,7 +190,15 @@
users.users.${username} = {
isNormalUser = true;
description = "Gene Liverman";
extraGroups = [ "adbusers" "dialout" "docker" "input" "networkmanager" "podman" "wheel" ];
extraGroups = [
"adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"podman"
"wheel"
];
packages = with pkgs; [
tailscale-systray
];

6
modules/hosts/nixos/rainbow-planet/gnome.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gnome.gnome-tweaks
gnome.nautilus
@ -15,7 +16,7 @@
gnome.gnome-keyring.enable = true; # Provides secret storage
gvfs.enable = true; # Used by Nautilus
xserver = {
enable = true; # Enable the X11 windowing system.
enable = true; # Enable the X11 windowing system.
# Configure keymap in X11
xkb = {
@ -33,4 +34,3 @@
};
};
}

60
modules/hosts/nixos/rainbow-planet/hardware-configuration.nix
View file

@ -1,36 +1,56 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, pkgs, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
# boot.kernelPackages = pkgs.linuxPackages_zen;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "sg" ];
boot.kernelParams = [
"i915.enable_fbc=1"
"i915.enable_psr=2"
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c";
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
# boot.kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
"sg"
];
kernelParams = [
"i915.enable_fbc=1"
"i915.enable_psr=2"
];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/924D-E7A4";
"/boot" = {
device = "/dev/disk/by-uuid/924D-E7A4";
fsType = "vfat";
};
};
swapDevices =
[ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; }
];
swapDevices = [
{ device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

19
modules/hosts/nixos/rainbow-planet/home-gene.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
home.stateVersion = "23.11";
imports = [
../../../shared/home/general/all-gui.nix
@ -10,12 +11,14 @@
];
home.file = {
".config/hypr/frappe.conf".source = (pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "hyprland";
rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be";
hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8=";
} + "/themes/frappe.conf");
".config/hypr/frappe.conf".source =
pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "hyprland";
rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be";
hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8=";
}
+ "/themes/frappe.conf";
};
programs = {
@ -32,7 +35,7 @@
settings = {
global = {
frame_color = "#8CAAEE";
separator_color= "frame";
separator_color = "frame";
};
urgency_low = {