genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: genebean:14fbadd9aafeade3211f93c91bf27d0bd558459d
Branches Tags
genebean:main
genebean:genebean-module
genebean:hm-puppet
genebean:remote_builds
genebean:nbc
genebean:fix-htts-redirects
genebean:commit-signing
genebean:create-host-smarthome
genebean:custom-packages
genebean:nixed-neovim
genebean:hm-bigboy
genebean:owntracks
genebean:linux-docs
..
compare: genebean:c2ae11d010d3745b54dd41b143ce32ab4cddc3c8
Branches Tags
genebean:main
genebean:genebean-module
genebean:hm-puppet
genebean:remote_builds
genebean:nbc
genebean:fix-htts-redirects
genebean:commit-signing
genebean:create-host-smarthome
genebean:custom-packages
genebean:nixed-neovim
genebean:hm-bigboy
genebean:owntracks
genebean:linux-docs

16 commits
14fbadd9aa ... c2ae11d010

Author SHA1 Message Date
Gene Liverman
c2ae11d010
Merge pull request #610 from genebean/flake-update 
Ran nix flake update, added follows
 2026-03-22 22:53:58 -04:00
Gene Liverman
3875f530f5 Ran nix flake update, added follows 2026-03-22 22:51:28 -04:00
Gene Liverman
c9e22a9e14
Merge pull request #543 from genebean/rainbow 
rainbow
 2026-03-22 21:58:48 -04:00
Gene Liverman
77fc9d9853 Manage flatpaks in home-manager 
Using this on Ubuntu 25.10. Also sorted module list.
 2026-03-22 21:47:31 -04:00
Gene Liverman
8c6f942779
Indicate rainbow-planet isn't NixOS right now 2026-03-22 19:50:43 -04:00
Gene Liverman
13af7504fe
Merge pull request #609 from genebean/iterm_browser 
Add itermbrowserplugin
 2026-03-22 19:47:39 -04:00
Gene Liverman
a1238dc6e3
Add itermbrowserplugin 2026-03-22 19:46:15 -04:00
Gene Liverman
55102c885f
Merge pull request #608 from genebean/git_signing 
Re-work ssh-based signing
 2026-03-22 19:43:41 -04:00
Gene Liverman
3bd9288b14
Merge pull request #607 from genebean/kiosk-cleanup 
kiosk cleanup
 2026-03-22 19:42:24 -04:00
Gene Liverman
4bb978ad7f
Fix path to secrets file 2026-03-22 19:41:06 -04:00
Gene Liverman
b33f8a929e
Fix monitoring on kiosk 2026-03-22 19:40:15 -04:00
Gene Liverman
4df74ad638
Re-work ssh-based signing 2026-03-22 19:33:46 -04:00
Gene Liverman
e645668621
Merge pull request #606 from genebean/rainbow-rework 
Do some restructuring and cleanup
 2026-03-22 19:05:56 -04:00
Gene Liverman
50fc1b6e84
Update readme 2026-03-22 19:04:24 -04:00
Gene Liverman
5dbcce7686
Add linting, formatting, and CI infrastructure 
- Add deadnix, nixfmt, and statix to flake inputs
- Add formatter output to flake for nix fmt support
- Add deadnix, nixfmt, statix to Home Manager packages
- Add GitHub Actions workflow for CI validation
- Add .pre-commit-config.yaml with hooks for nixfmt, deadnix, and statix
- Support x86_64-darwin in formatter
 2026-03-22 18:32:20 -04:00
Gene Liverman
582f93d9ed
Restructure modules/shared and update all imports 
- Delete 2024-12-rework/ folder
- Rename modules/hosts/common to modules/shared, then split into:
  - modules/shared/home/general
  - modules/shared/home/linux
  - modules/shared/nixos
- Update all import paths throughout the codebase
- Update lib/*.nix to use new paths
- Fix hardcoded /Users/${username} to use config.home.homeDirectory
- Update README and examples/flake-structure.nix
 2026-03-22 18:32:08 -04:00
127 changed files with 1667 additions and 1406 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitattributes vendored
View file

@ -1,2 +1,3 @@
*.yaml diff=sopsdiffer *.yaml diff=sopsdiffer
.pre-commit-config.yaml diff=default

27
.github/workflows/validate.yml vendored Normal file
View file

@ -0,0 +1,27 @@
name: Validate
on:
pull_request:
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
with:
extra_nix_config: |
trusted-users = root @runner
- name: Validate flake
run: nix flake show
- name: Check formatting
run: nix fmt -- --ci .
- name: Run deadnix
run: nix run nixpkgs#deadnix ./modules ./lib
- name: Run statix
run: nix run nixpkgs#statix check -- .

26
.pre-commit-config.yaml Normal file
View file

@ -0,0 +1,26 @@
repos:
- repo: local
hooks:
- id: nixfmt
name: nixfmt
entry: nix
language: system
types: [nix]
pass_filenames: false
args: ["fmt"]
- id: deadnix
name: deadnix
entry: deadnix
language: system
types: [nix]
args: ["./modules", "./lib"]
- id: statix
name: statix
entry: statix
language: system
types: [nix]
pass_filenames: false
args: ["check", "."]

2
.sops.yaml
View file

@ -60,7 +60,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *system_rainbow_planet - *system_rainbow_planet
- path_regex: modules/hosts/common/secrets.yaml$ - path_regex: modules/shared/secrets.yaml$
key_groups: key_groups:
- age: - age:
- *system_bigboy - *system_bigboy

2
2024-12-rework/.gitignore vendored
View file

@ -1,2 +0,0 @@
result/
result

25
2024-12-rework/configuration.nix
View file

@ -1,25 +0,0 @@
{ inputs, pkgs, ... }: {
imports = [
./hardware-configuration.nix
];
system.stateVersion = "23.05";
boot = {
initrd.systemd = {
enable = true;
network.wait-online.enable = false; # Handled by NetworkManager
};
loader = {
efi.canTouchEfiVariables = true;
systemd-boot= {
enable = true;
consoleMode = "1";
};
};
};
environment.systemPackages = with pkgs; [
olm
];
}

183
2024-12-rework/flake.lock generated
View file

@ -1,183 +0,0 @@
{
"nodes": {
"config": {
"locked": {
"dir": "templates/config",
"lastModified": 1719931926,
"narHash": "sha256-B8j9lHX0LqWlZkm8JxZRN6919RQjJEu/1J1SR8pU/ww=",
"owner": "stackbuilders",
"repo": "nixpkgs-terraform",
"rev": "034287ee462c87dadc14a94d4b53a48ed66c7b3d",
"type": "github"
},
"original": {
"dir": "templates/config",
"owner": "stackbuilders",
"repo": "nixpkgs-terraform",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1733050161,
"narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1733120037,
"narHash": "sha256-En+gSoVJ3iQKPDU1FHrR6zIxSLXKjzKY+pnh9tt+Yts=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f9f0d5c5380be0a599b1fb54641fa99af8281539",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-1_0": {
"locked": {
"lastModified": 1699291058,
"narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
"type": "github"
}
},
"nixpkgs-1_6": {
"locked": {
"lastModified": 1712757991,
"narHash": "sha256-kR7C7Fqt3JP40h0mzmSZeWI5pk1iwqj4CSeGjnUbVHc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d6b3ddd253c578a7ab98f8011e59990f21dc3932",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d6b3ddd253c578a7ab98f8011e59990f21dc3932",
"type": "github"
}
},
"nixpkgs-1_9": {
"locked": {
"lastModified": 1732617236,
"narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-terraform": {
"inputs": {
"config": "config",
"flake-parts": "flake-parts",
"nixpkgs-1_0": "nixpkgs-1_0",
"nixpkgs-1_6": "nixpkgs-1_6",
"nixpkgs-1_9": "nixpkgs-1_9",
"systems": "systems"
},
"locked": {
"lastModified": 1732844581,
"narHash": "sha256-BwHD1d6Bl5LL/HciTf+mQmBN3I3S6nYqcB+5BXVozNk=",
"owner": "stackbuilders",
"repo": "nixpkgs-terraform",
"rev": "b4db1b59d8f62cd37b6f9540e368d0e2627c4a2d",
"type": "github"
},
"original": {
"owner": "stackbuilders",
"repo": "nixpkgs-terraform",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-terraform": "nixpkgs-terraform"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

30
2024-12-rework/flake.nix
View file

@ -1,30 +0,0 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-terraform = {
url = "github:stackbuilders/nixpkgs-terraform";
# inputs.nixpkgs-1_6.follows = "nixpkgs";
# inputs.nixpkgs-1_9.follows = "nixpkgs-unstable";
};
};
outputs = inputs: {
nixosConfigurations = {
rainbow-planet = inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
system = "x86_64-linux";
modules = [
./configuration.nix
./nixpkgs-settings.nix
inputs.home-manager.nixosModules.home-manager
];
};
};
};
}

44
2024-12-rework/hardware-configuration.nix
View file

@ -1,44 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelParams = [
"i915.enable_fbc=1"
"i915.enable_psr=2"
];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/924D-E7A4";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

9
2024-12-rework/nixpkgs-settings.nix
View file

@ -1,9 +0,0 @@
{ inputs, ... }: {
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [ "olm-3.2.16" "electron-27.3.11" ];
};
overlays = [ inputs.nixpkgs-terraform.overlays.default ];
};
}

115
README.md
View file

@ -1,10 +1,9 @@
# Dots # Dots
This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system. This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system. It also contains as much configruation as I can make work on other Linux distros such as Ubuntu.
- [Flake structure](#flake-structure) - [Flake structure](#flake-structure)
- [Note](#note) - [Formatting and CI](#formatting-and-ci)
- [Repo structure](#repo-structure)
- [Historical bits](#historical-bits) - [Historical bits](#historical-bits)
- [Adding a new macOS host](#adding-a-new-macos-host) - [Adding a new macOS host](#adding-a-new-macos-host)
- [Extras steps not done by Nix and/or Homebrew and/or mas](#extras-steps-not-done-by-nix-andor-homebrew-andor-mas) - [Extras steps not done by Nix and/or Homebrew and/or mas](#extras-steps-not-done-by-nix-andor-homebrew-andor-mas)
@ -15,102 +14,32 @@ This repo is a Nix flake that manages most of my setup on macOS and fully manage
- [Adding a NixOS host](#adding-a-nixos-host) - [Adding a NixOS host](#adding-a-nixos-host)
- [Post-install](#post-install) - [Post-install](#post-install)
## Flake structure ## Flake structure
> **RESTRUCTURING IN PROGRESS**: please note, I am restructuring this to remove a lot of complexity. This first pass is done and moves home manager bits into modules that have home in the name. Things that apply to everything under a part of the tree are in a corresponding `default.nix` - `flake.nix` defines inputs, outputs, and instantiates host configurations via `lib/` functions
- `lib/` contains helper functions:
- `mkNixosHost` - constructs NixOS system configurations
- `mkDarwinHost` - constructs nix-darwin system configurations
- `mkHomeConfig` - constructs Home Manager configurations
- `modules/` contains Nix modules organized by type:
- `modules/shared/` - shared modules imported by multiple hosts
- `modules/shared/home/general/` - Home Manager config for all GUI users
- `modules/shared/home/linux/` - Home Manager config for Linux-specific apps
- `modules/shared/nixos/` - NixOS modules (i18n, flatpaks, restic, etc.)
- `modules/hosts/` - host-specific configurations
- `modules/hosts/nixos/` - NixOS host configs and hardware configs
- `modules/hosts/darwin/` - macOS host configs
- `modules/hosts/home-manager-only/` - Home Manager-only configs
The Nix bits are driven by `flake.nix` which pulls in things under `modules/`. Both Intel and Apple Silicon macOS are suppoted, as is NixOS. The flake is structured like so: ## Formatting and CI
- description: a human readable description of this flake This repo uses the following tools for code quality:
- inputs: all the places things are pulled from
- outputs:
- all the outputs from the inputs
- a `let` ... `in` block that contains:
- `darwinHostConfig` which takes a set of paramters as an attribute set and pulls in all the things needed to use Nix on a macOS host
- `mkNixosHost` which takes a set of parameters as an attribute set and pulls in all the things needed to configure a NixOS host
- `linuxHomeConfig` which takes a set of paramters as an attribute set and pulls in the things I manage on non-NixOS Linux hosts
- the body of outputs that contains:
- `darwinConfigurations` contains is an attribute set that contains keys named for each macOS host set to the results of a call to `darwinHostConfig` with values for each of the required parameters
- `nixosConfigurations` contains is an attribute set that contains keys named for each NixOS host set to the results of a call to `darwinHostConfig` with values for each of the required parameters
- `homeConfigurations` contains an entry for each username set to the results of a call to `linuxHomeConfig` with values for each of the required parameters
The parameters on `darwinHostConfig` & `mkNixosHost` are: - **nixfmt** - Formats Nix files. Run `nix fmt .` to format all files.
- **deadnix** - Finds unused code in Nix files.
- **statix** - Checks Nix code for common issues and style problems.
- `system:` the system definition to use for nixpkgs Pre-commit hooks are configured in `.pre-commit-config.yaml` and run automatically before commits. CI validation is defined in `.github/workflows/validate.yml`.
- `hostname:` the hostname of the machine being configured
- `username:` the username being configured on the host (all code currently assumes there is a single human user managed by Nix)
- `additionalModules:` any nix modules that are desired to supplement the default for the host. An example use case for this is adding in the hardware specific module from `nixos-hardware`.
- `additionalSpecialArgs:` any supplemental arguments to be passed to `specialArgs`.
The parameters on `linxuHomeConfig` are the same as the above.
## Note
> All the bits below here are useful, but may be slightly outdated... I have not done a good job of keeping them updated.
## Repo structure
The Nix stuff is structured like so, at least for now:
```bash
$ tree . -I legacy* -I link* --gitignore --dirsfirst
.
├── modules
│   ├── home-manager
│   │   ├── common
│   │   │   ├── linux-apps
│   │   │   │   ├── tilix.nix
│   │   │   │   ├── waybar.nix
│   │   │   │   └── xfce4-terminal.nix
│   │   │   ├── all-cli.nix
│   │   │   ├── all-darwin.nix
│   │   │   ├── all-gui.nix
│   │   │   └── all-linux.nix
│   │   ├── files
│   │   │   ├── tilix
│   │   │   │   └── Beanbag-Mathias.json
│   │   │   ├── waybar
│   │   │   │   ├── config
│   │   │   │   └── style.css
│   │   │   ├── xfce4
│   │   │   │   └── terminal
│   │   │   │   ├── accels.scm
│   │   │   │   └── terminalrc
│   │   │   └── Microsoft.PowerShell_profile.ps1
│   │   └── hosts
│   │   ├── Blue-Rock
│   │   │   └── gene.liverman.nix
│   │   ├── nixnuc
│   │   │   └── gene.nix
│   │   └── rainbow-planet
│   │   └── gene.nix
│   ├── hosts
│   │   ├── darwin
│   │   │   └── Blue-Rock
│   │   │   └── default.nix
│   │   └── nixos
│   │   ├── nixnuc
│   │   │   ├── default.nix
│   │   │   └── hardware-configuration.nix
│   │   └── rainbow-planet
│   │   ├── default.nix
│   │   └── hardware-configuration.nix
│   └── system
│   └── common
│   ├── linux
│   │   └── internationalisation.nix
│   ├── all-darwin.nix
│   └── all-nixos.nix
├── LICENSE
├── README.md
├── Vagrantfile
├── flake.lock
└── flake.nix
23 directories, 29 files
```
## Historical bits ## Historical bits

91
examples/flake-structure.nix
View file

@ -1,49 +1,46 @@
{ {
inputs = {}; inputs = {
outputs = inputs@{}: let nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
darwinHostConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: home-manager.url = "github:nix-community/home-manager";
nix-darwin.lib.darwinSystem { }; nix-darwin.url = "github:lnl7/nix-darwin";
nixos-hardware.url = "github:NixOS/nixos-hardware";
mkNixosHost = { system, hostname, username, additionalModules, additionalSpecialArgs }:
nixpkgs.lib.nixosSystem { };
linuxHomeConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }:
home-manager.lib.homeManagerConfiguration { };
in {
# Darwin (macOS) hosts
darwinConfigurations = {
mightymac = darwinHostConfig {
system = "aarch64-darwin";
hostname = "mightymac";
username = "gene.liverman";
additionalModules = [];
additionalSpecialArgs = {};
};
};
# NixOS hosts
nixosConfigurations = {
rainbow-planet = mkNixosHost {
system = "x86_64-linux";
hostname = "rainbow-planet";
username = "gene";
additionalModules = [
nixos-hardware.nixosModules.dell-xps-13-9360
];
additionalSpecialArgs = {};
};
};
# Home Manager (only) users
homeConfigurations = {
gene = linuxHomeConfig {
system = "x86_64-linux";
hostname = "mini-watcher";
username = "gene";
additionalModules = [];
additionalSpecialArgs = {};
};
};
}; };
}
outputs =
inputs@{ self, ... }:
let
# Import helper functions from lib/
localLib = import ./lib { inherit inputs; };
in
{
# Darwin (macOS) hosts
darwinConfigurations = {
mightymac = localLib.mkDarwinHost {
system = "aarch64-darwin";
hostname = "mightymac";
username = "gene.liverman";
};
};
# NixOS hosts
nixosConfigurations = {
rainbow-planet = localLib.mkNixosHost {
system = "x86_64-linux";
hostname = "rainbow-planet";
username = "gene";
additionalModules = [
inputs.nixos-hardware.nixosModules.dell-xps-13-9360
];
};
};
# Home Manager (only) users
homeConfigurations = {
gene = localLib.mkHomeConfig {
system = "x86_64-linux";
homeDirectory = "/home/gene";
username = "gene";
};
};
};
}

190
flake.lock generated
View file

@ -69,6 +69,27 @@
"type": "github" "type": "github"
} }
}, },
"deadnix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1764114543,
"narHash": "sha256-+C39E8qmGODT6eB0rhE/VX+DcekXW/Xww5IL/xlERNY=",
"owner": "astro",
"repo": "deadnix",
"rev": "d590041677add62267bef35ddec63cd9402d3505",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "deadnix",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -76,11 +97,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773025010, "lastModified": 1773889306,
"narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -111,6 +132,28 @@
"type": "github" "type": "github"
} }
}, },
"fenix_2": {
"inputs": {
"nixpkgs": [
"statix",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
"lastModified": 1645251813,
"narHash": "sha256-cQ66tGjnZclBCS3nD26mZ5fUH+3/HnysGffBiWXUSHk=",
"owner": "nix-community",
"repo": "fenix",
"rev": "9892337b588c38ec59466a1c89befce464aae7f8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -146,11 +189,11 @@
"flake-compat_3": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1761588595, "lastModified": 1767039857,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -244,11 +287,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763319842, "lastModified": 1772893680,
"narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,11 +351,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772985280, "lastModified": 1773963144,
"narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f736f007139d7f70752657dff6a401a585d6cbc", "rev": "a91b3ea73a765614d90360580b689c48102d1d33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -331,11 +374,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1772680513, "lastModified": 1773726513,
"narHash": "sha256-zwVeM1TgfwMIq026uln9hqcCIINsLv6jEjztPqx0q+U=", "narHash": "sha256-0Qxa98QMOrE48quqNmE6vFatfZ94hPUF2CQ2cI8Hkow=",
"owner": "numtide", "owner": "numtide",
"repo": "nix-auth", "repo": "nix-auth",
"rev": "77c07e9a107972dd2170da6da9ed1e73e65c4a4a", "rev": "8d0466addaf3318af68d8299a8981bb04a873597",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -464,11 +507,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1772972630, "lastModified": 1774018263,
"narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=", "narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72", "rev": "2d4b4717b2534fad5c715968c1cece04a172b365",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -511,11 +554,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1772956932, "lastModified": 1773840656,
"narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "608d0cadfed240589a7eea422407a547ad626a14", "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -543,11 +586,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1773068389, "lastModified": 1773964973,
"narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=", "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44bae273f9f82d480273bab26f5c50de3724f52f", "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -615,11 +658,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773203147, "lastModified": 1774233120,
"narHash": "sha256-16q/JVUUM8SqeDY4rmM7wt53dXj2dPeBIfGPVP9/NOo=", "narHash": "sha256-txGwTNKNYQT1rFPkxd6imEvQ03SmIyKAXNBaYtB3Jes=",
"owner": "genebean", "owner": "genebean",
"repo": "private-flake", "repo": "private-flake",
"rev": "510a9214433b56fde82cd572063b99ec9a32eb7f", "rev": "45fca86f711966ee29add03027ee3ffc48992110",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -631,6 +674,7 @@
"root": { "root": {
"inputs": { "inputs": {
"compose2nix": "compose2nix", "compose2nix": "compose2nix",
"deadnix": "deadnix",
"disko": "disko", "disko": "disko",
"flox": "flox", "flox": "flox",
"genebean-omp-themes": "genebean-omp-themes", "genebean-omp-themes": "genebean-omp-themes",
@ -645,7 +689,8 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"private-flake": "private-flake", "private-flake": "private-flake",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix" "sops-nix": "sops-nix",
"statix": "statix"
} }
}, },
"rust-analyzer-src": { "rust-analyzer-src": {
@ -665,6 +710,23 @@
"type": "github" "type": "github"
} }
}, },
"rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1645205556,
"narHash": "sha256-e4lZW3qRyOEJ+vLKFQP7m2Dxh5P44NrnekZYLxlucww=",
"owner": "rust-analyzer",
"repo": "rust-analyzer",
"rev": "acf5874b39f3dc5262317a6074d9fc7285081161",
"type": "github"
},
"original": {
"owner": "rust-analyzer",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -696,11 +758,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766537863, "lastModified": 1773912645,
"narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=", "narHash": "sha256-QHzRqq6gh+t3F/QU9DkP7X63dDDcuIQmaDz12p7ANTg=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d", "rev": "25e6dbb8fca3b6e779c5a46fd03bd760b2165bb5",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -717,11 +779,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773096132, "lastModified": 1774154798,
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -730,16 +792,52 @@
"type": "github" "type": "github"
} }
}, },
"statix": {
"inputs": {
"fenix": "fenix_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1676888642,
"narHash": "sha256-C73LOMVVCkeL0jA5xN7klLEDEB4NkuiATEJY4A/tIyM=",
"owner": "astro",
"repo": "statix",
"rev": "3c7136a23f444db252a556928c1489869ca3ab4e",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "statix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1772660329, "lastModified": 1773297127,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428", "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -747,6 +845,24 @@
"repo": "treefmt-nix", "repo": "treefmt-nix",
"type": "github" "type": "github"
} }
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

224
flake.nix
View file

@ -8,7 +8,13 @@
compose2nix = { compose2nix = {
url = "github:aksiksi/compose2nix"; url = "github:aksiksi/compose2nix";
inputs.nixpkgs.follows ="nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
# Linting and formatting
deadnix = {
url = "github:astro/deadnix";
inputs.nixpkgs.follows = "nixpkgs";
}; };
# Format disks with nix-config # Format disks with nix-config
@ -79,122 +85,120 @@
# Secrets managemnt # Secrets managemnt
sops-nix = { sops-nix = {
url = "github:mic92/sops-nix"; url = "github:mic92/sops-nix";
inputs.nixpkgs.follows ="nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
# Linting and formatting
statix = {
url = "github:astro/statix";
inputs.nixpkgs.follows = "nixpkgs";
}; };
}; # end inputs }; # end inputs
outputs = inputs@{ self, ... }: let outputs =
# Functions that setup systems inputs@{ self, nixpkgs, ... }:
localLib = import ./lib { inherit inputs; }; let
# Functions that setup systems
localLib = import ./lib { inherit inputs; };
forAllSystems = nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
in
{
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-tree);
linuxHomeConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: inputs.home-manager.lib.homeManagerConfiguration { # Darwin (macOS) hosts
extraSpecialArgs = { inherit inputs hostname username; darwinConfigurations = {
pkgs = import inputs.nixpkgs { AirPuppet = localLib.mkDarwinHost {
inherit system; system = "x86_64-darwin";
config = { hostname = "AirPuppet";
allowUnfree = true;
permittedInsecurePackages = [ "olm-3.2.16" "electron-21.4.4" ];
};
}; };
} // additionalSpecialArgs; Blue-Rock = localLib.mkDarwinHost {
modules = [ system = "x86_64-darwin";
./modules/home-manager/hosts/${hostname}/${username}.nix hostname = "Blue-Rock";
{ username = "gene.liverman";
home = { };
username = "${username}"; mightymac = localLib.mkDarwinHost {
homeDirectory = "/home/${username}"; hostname = "mightymac";
}; username = "gene.liverman";
} };
inputs.sops-nix.homeManagerModules.sops }; # end darwinConfigurations
] ++ additionalModules;
}; # end homeManagerConfiguration
in { # NixOS hosts
# Darwin (macOS) hosts nixosConfigurations = {
darwinConfigurations = { bigboy = localLib.mkNixosHost {
AirPuppet = localLib.mkDarwinHost { hostname = "bigboy";
system = "x86_64-darwin"; additionalModules = [
hostname = "AirPuppet"; inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52
}; ];
Blue-Rock = localLib.mkDarwinHost { };
system = "x86_64-darwin"; hetznix01 = localLib.mkNixosHost {
hostname = "Blue-Rock"; hostname = "hetznix01";
username = "gene.liverman"; additionalModules = [
}; inputs.private-flake.nixosModules.private.hetznix01
mightymac = localLib.mkDarwinHost { ];
hostname = "mightymac"; };
username = "gene.liverman"; hetznix02 = localLib.mkNixosHost {
}; system = "aarch64-linux";
}; # end darwinConfigurations hostname = "hetznix02";
additionalModules = [
# inputs.simple-nixos-mailserver.nixosModule
];
};
kiosk-entryway = localLib.mkNixosHost {
# Lenovo IdeaCentre Q190
hostname = "kiosk-entryway";
};
kiosk-gene-desk = localLib.mkNixosHost {
system = "aarch64-linux";
hostname = "kiosk-gene-desk";
additionalModules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
};
nixnas1 = localLib.mkNixosHost {
hostname = "nixnas1";
additionalModules = [
inputs.simple-nixos-mailserver.nixosModule
];
};
nixnuc = localLib.mkNixosHost {
hostname = "nixnuc";
additionalModules = [
inputs.simple-nixos-mailserver.nixosModule
];
};
# This machines is currently running Ubuntu and
# configured with home-manager only.
#
#rainbow-planet = localLib.mkNixosHost {
# hostname = "rainbow-planet";
# additionalModules = [
# inputs.nixos-cosmic.nixosModules.default
# inputs.nixos-hardware.nixosModules.dell-xps-13-9360
# ];
#};
}; # end nixosConfigurations
# NixOS hosts # Home Manager (only) users
nixosConfigurations = { homeConfigurations = {
bigboy = localLib.mkNixosHost { gene-x86_64-linux = localLib.mkHomeConfig {
hostname = "bigboy"; homeDirectory = "/home/gene";
additionalModules = [ username = "gene";
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52 system = "x86_64-linux";
]; };
};
hetznix01 = localLib.mkNixosHost {
hostname = "hetznix01";
additionalModules = [
inputs.private-flake.nixosModules.private.hetznix01
];
};
hetznix02 = localLib.mkNixosHost {
system = "aarch64-linux";
hostname = "hetznix02";
additionalModules = [
# inputs.simple-nixos-mailserver.nixosModule
];
};
kiosk-entryway = localLib.mkNixosHost {
# Lenovo IdeaCentre Q190
hostname = "kiosk-entryway";
};
kiosk-gene-desk = localLib.mkNixosHost {
system = "aarch64-linux";
hostname = "kiosk-gene-desk";
additionalModules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
};
nixnas1 = localLib.mkNixosHost {
hostname = "nixnas1";
additionalModules = [
inputs.simple-nixos-mailserver.nixosModule
];
};
nixnuc = localLib.mkNixosHost {
hostname = "nixnuc";
additionalModules = [
inputs.simple-nixos-mailserver.nixosModule
];
};
rainbow-planet = localLib.mkNixosHost {
hostname = "rainbow-planet";
additionalModules = [
inputs.nixos-cosmic.nixosModules.default
inputs.nixos-hardware.nixosModules.dell-xps-13-9360
];
};
}; # end nixosConfigurations
# Home Manager (only) users gene-aarch64-linux = localLib.mkHomeConfig {
homeConfigurations = { homeDirectory = "/home/gene";
gene-x86_64-linux = localLib.mkHomeConfig { username = "gene";
homeDirectory = "/home/gene"; system = "aarch64-linux";
username = "gene"; };
system = "x86_64-linux"; }; # end homeConfigurations
};
gene-aarch64-linux = localLib.mkHomeConfig { packages.aarch64-linux.kiosk-gene-desk-sdImage =
homeDirectory = "/home/gene"; self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage;
username = "gene"; };
system = "aarch64-linux";
};
}; # end homeConfigurations
packages.aarch64-linux.kiosk-gene-desk-sdImage = self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage;
};
} }

6
lib/default.nix
View file

@ -1,8 +1,10 @@
{ inputs, ... }: let { inputs, ... }:
let
mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; }; mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; };
mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; }; mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; };
mkNixosHost = import ./mkNixosHost.nix { inherit inputs; }; mkNixosHost = import ./mkNixosHost.nix { inherit inputs; };
in { in
{
inherit (mkDarwinHost) mkDarwinHost; inherit (mkDarwinHost) mkDarwinHost;
inherit (mkHomeConfig) mkHomeConfig; inherit (mkHomeConfig) mkHomeConfig;
inherit (mkNixosHost) mkNixosHost; inherit (mkNixosHost) mkNixosHost;

83
lib/mkDarwinHost.nix
View file

@ -1,41 +1,50 @@
{ inputs, ... }: { { inputs, ... }:
mkDarwinHost = { {
system ? "aarch64-darwin", mkDarwinHost =
hostname, {
username ? "gene", system ? "aarch64-darwin",
additionalModules ? [], hostname,
additionalSpecialArgs ? {} username ? "gene",
}: inputs.nix-darwin.lib.darwinSystem { additionalModules ? [ ],
inherit system; additionalSpecialArgs ? { },
specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs; }:
modules = [ inputs.nix-darwin.lib.darwinSystem {
./nixpkgs-settings.nix inherit system;
specialArgs = {
inputs.nix-homebrew.darwinModules.nix-homebrew { inherit inputs hostname username;
nix-homebrew = {
enable = true; # Install Homebrew under the default prefix
user = "${username}"; # User owning the Homebrew prefix
autoMigrate = true; # Automatically migrate existing Homebrew installations
};
} }
// additionalSpecialArgs;
modules = [
./nixpkgs-settings.nix
inputs.home-manager.darwinModules.home-manager { inputs.nix-homebrew.darwinModules.nix-homebrew
home-manager = { {
extraSpecialArgs = { inherit inputs username; }; nix-homebrew = {
useGlobalPkgs = true; enable = true; # Install Homebrew under the default prefix
useUserPackages = true; user = "${username}"; # User owning the Homebrew prefix
users.${username}.imports = [ autoMigrate = true; # Automatically migrate existing Homebrew installations
inputs.sops-nix.homeManagerModule # user-level secrets management };
../modules/hosts/common }
../modules/hosts/common/all-gui.nix
../modules/hosts/darwin/home.nix
../modules/hosts/darwin/${hostname}/home-${username}.nix
];
};
}
../modules/hosts/darwin # system-wide stuff inputs.home-manager.darwinModules.home-manager
../modules/hosts/darwin/${hostname} # host specific stuff {
] ++ additionalModules; # end modules home-manager = {
}; # end darwinSystem extraSpecialArgs = { inherit inputs username; };
useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
inputs.sops-nix.homeManagerModule # user-level secrets management
../modules/shared/home/general
../modules/shared/home/general/all-gui.nix
../modules/hosts/darwin/home.nix
../modules/hosts/darwin/${hostname}/home-${username}.nix
];
};
}
../modules/hosts/darwin # system-wide stuff
../modules/hosts/darwin/${hostname} # host specific stuff
]
++ additionalModules; # end modules
}; # end darwinSystem
} }

62
lib/mkHomeConfig.nix
View file

@ -1,29 +1,41 @@
{ inputs, ... }: { { inputs, ... }:
mkHomeConfig = { {
homeDirectory, mkHomeConfig =
system, {
username, homeDirectory,
}: inputs.home-manager.lib.homeManagerConfiguration { system,
extraSpecialArgs = { inherit inputs homeDirectory system username; }; username,
}:
inputs.home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = {
inherit
inputs
homeDirectory
system
username
;
};
pkgs = inputs.nixpkgs.legacyPackages.${system}; pkgs = inputs.nixpkgs.legacyPackages.${system};
# Specify your home configuration modules here, for example, # Specify your home configuration modules here, for example,
# the path to your home.nix. # the path to your home.nix.
modules = [ modules = [
./nixpkgs-settings.nix ./nixpkgs-settings.nix
../modules/hosts/common ../modules/hosts/home-manager-only
../modules/hosts/home-manager-only ../modules/hosts/home-manager-only/home-${username}.nix
../modules/hosts/home-manager-only/home-${username}.nix ../modules/shared/home/general
../modules/shared/linux/flatpaks.nix
{ {
home = { home = {
username = "${username}"; username = "${username}";
homeDirectory = "${homeDirectory}"; homeDirectory = "${homeDirectory}";
}; };
} }
inputs.sops-nix.homeManagerModules.sops inputs.nix-flatpak.homeManagerModules.nix-flatpak
]; inputs.sops-nix.homeManagerModules.sops
}; ];
} };
}

74
lib/mkNixosHost.nix
View file

@ -1,36 +1,44 @@
{ inputs, ... }: { { inputs, ... }:
mkNixosHost = { {
system ? "x86_64-linux", mkNixosHost =
hostname, {
username ? "gene", system ? "x86_64-linux",
additionalModules ? [], hostname,
additionalSpecialArgs ? {} username ? "gene",
}: inputs.nixpkgs.lib.nixosSystem { additionalModules ? [ ],
inherit system; additionalSpecialArgs ? { },
specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs; }:
modules = [ inputs.nixpkgs.lib.nixosSystem {
./nixpkgs-settings.nix inherit system;
specialArgs = {
inputs.disko.nixosModules.disko inherit inputs hostname username;
inputs.home-manager.nixosModules.home-manager {
home-manager = {
extraSpecialArgs = { inherit inputs hostname username; };
useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
../modules/hosts/common
../modules/hosts/common/linux/home.nix
../modules/hosts/nixos/${hostname}/home-${username}.nix
];
};
} }
// additionalSpecialArgs;
modules = [
./nixpkgs-settings.nix
inputs.nix-flatpak.nixosModules.nix-flatpak inputs.disko.nixosModules.disko
inputs.private-flake.nixosModules.private.ssh-keys
inputs.sops-nix.nixosModules.sops # system wide secrets management inputs.home-manager.nixosModules.home-manager
../modules/hosts/nixos # system-wide stuff {
../modules/hosts/nixos/${hostname} # host specific stuff home-manager = {
] ++ additionalModules; extraSpecialArgs = { inherit inputs hostname username; };
}; useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
../modules/shared/home/general
../modules/shared/home/linux
../modules/hosts/nixos/${hostname}/home-${username}.nix
];
};
}
inputs.nix-flatpak.nixosModules.nix-flatpak
inputs.private-flake.nixosModules.private.ssh-keys
inputs.sops-nix.nixosModules.sops # system wide secrets management
../modules/hosts/nixos # system-wide stuff
../modules/hosts/nixos/${hostname} # host specific stuff
]
++ additionalModules;
};
} }

2
lib/nixpkgs-settings.nix
View file

@ -1,4 +1,4 @@
{ inputs, ... }: { {
nixpkgs = { nixpkgs = {
config = { config = {
allowUnfree = true; allowUnfree = true;

30
modules/hosts/common/linux/apps/tilix.nix
View file

@ -1,30 +0,0 @@
{ lib, pkgs, ... }: with lib.hm.gvariant; {
dconf.settings = {
"com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = {
background-color = "#272822";
background-transparency-percent = 10;
badge-color-set = false;
bold-color-set = false;
cursor-colors-set = false;
font = "Hack Nerd Font Mono 12";
foreground-color = "#F8F8F2";
highlight-colors-set = false;
palette = [ "#272822" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F8F8F2" "#75715E" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F9F8F5" ];
use-system-font = false;
use-theme-colors = false;
visible-name = "Default";
};
};
home.file = {
".config/tilix/schemes/Beanbag-Mathias.json".source = ../../files/tilix/Beanbag-Mathias.json;
".config/tilix/schemes/Catppuccin-Frappe.json".source = (pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "tilix";
rev = "3fd05e03419321f2f2a6aad6da733b28be1765ef";
hash = "sha256-SI7QxQ+WBHzeuXbTye+s8pi4tDVZOV4Aa33mRYO276k=";
} + "/src/Catppuccin-Frappe.json");
};
}

17
modules/hosts/common/linux/apps/waybar.nix
View file

@ -1,17 +0,0 @@
{ pkgs, ... }: {
home.file = {
".config/waybar/config".source = ../../files/waybar/config;
".config/waybar/frappe.css".source = (pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "waybar";
rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff";
hash = "sha256-WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8=";
} + "/themes/frappe.css");
".config/waybar/style.css".source = ../../files/waybar/style.css;
};
programs = {
# Using file in ../../files/waybar/ to configure waybar
waybar.enable = true;
};
}

7
modules/hosts/common/linux/nixroutes.nix
View file

@ -1,7 +0,0 @@
{ config, lib, ... }:
let
hostName = config.networking.hostName;
in {
programs.zsh.shellAliases.nixroutes =
"cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'";
}

2
modules/hosts/darwin/AirPuppet/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: { {
system.stateVersion = 4; system.stateVersion = 4;
homebrew = { homebrew = {

3
modules/hosts/darwin/AirPuppet/home-gene.nix
View file

@ -1,4 +1,5 @@
{ username, ... }: { { username, ... }:
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
sops = { sops = {

3
modules/hosts/darwin/Blue-Rock/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
system.stateVersion = 4; system.stateVersion = 4;
environment = { environment = {

5
modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix
View file

@ -1,6 +1,7 @@
{ username, ... }: { { username, ... }:
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
programs = { programs = {
go = { go = {
enable = true; enable = true;

19
modules/hosts/darwin/default.nix
View file

@ -1,8 +1,17 @@
{ pkgs, hostname, username, ... }: { {
pkgs,
hostname,
username,
...
}:
{
system.primaryUser = username; system.primaryUser = username;
environment = { environment = {
shells = with pkgs; [ bash zsh ]; shells = with pkgs; [
bash
zsh
];
pathsToLink = [ pathsToLink = [
"/Applications" "/Applications"
"/share/zsh" "/share/zsh"
@ -59,6 +68,7 @@
"gitkraken-cli" "gitkraken-cli"
"handbrake-app" "handbrake-app"
"imageoptim" "imageoptim"
"itermbrowserplugin"
"iterm2" "iterm2"
"keepingyouawake" "keepingyouawake"
"libreoffice" "libreoffice"
@ -113,7 +123,10 @@
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs=" "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
"cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc=" "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
]; ];
trusted-users = [ "@admin" "${username}" ]; trusted-users = [
"@admin"
"${username}"
];
}; };
extraOptions = '' extraOptions = ''
# Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0. # Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0.

3
modules/hosts/darwin/home.nix
View file

@ -1,4 +1,5 @@
{ username, ... }: { { username, ... }:
{
# dawrwin-specific shell config # dawrwin-specific shell config
programs = { programs = {
zsh = { zsh = {

3
modules/hosts/darwin/mightymac/default.nix
View file

@ -1,4 +1,5 @@
{ inputs, pkgs, ... }: { { inputs, pkgs, ... }:
{
system.stateVersion = 4; system.stateVersion = 4;
environment = { environment = {

3
modules/hosts/darwin/mightymac/home-gene.liverman.nix
View file

@ -1,4 +1,5 @@
{ config, ... }: { { config, ... }:
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
programs = { programs = {

8
modules/hosts/darwin/mightymac/secrets.yaml
View file

@ -1,7 +1,7 @@
tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str] tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str]
user_nix_conf: ENC[AES256_GCM,data:1PCMb2Xyq7G/ROrk39UcfC9Ktj+fhh5j2/EAi4ganLIyk3chzifk265XLxK5eFIVjys9mdGikaepcJky3cgnKl8HOX8=,iv:7/cxkyl3QgwzkT8Fi3/+CqRZu91l287TxeVYQcH0P5I=,tag:bMo3RJchirQSJTjXPds8Ag==,type:str] user_nix_conf: ENC[AES256_GCM,data:1PCMb2Xyq7G/ROrk39UcfC9Ktj+fhh5j2/EAi4ganLIyk3chzifk265XLxK5eFIVjys9mdGikaepcJky3cgnKl8HOX8=,iv:7/cxkyl3QgwzkT8Fi3/+CqRZu91l287TxeVYQcH0P5I=,tag:bMo3RJchirQSJTjXPds8Ag==,type:str]
i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str] i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str]
local_git_config: ENC[AES256_GCM,data:KEmChuCHJxKrZ3d72fbhgm1K+aAKjkwTpEq/qsNPOQbZqSCZgy/IQBY/L+qMJZlr3iIyrAKxN1CxfrurpB2/m+yxMo7ONoARAR6X67GqmgJX4mbO0EEHQvP6/0v/HVHfT67ZKg1oZTzmKAKr5eiyTnX4e73Ao11TySiqHTJBw4cPc0BTNmgrnf9xvXAPeYWa,iv:vyDbCml7pnouqpb+PewFBih6f7wPbHjv/GJgLUsRjbM=,tag:DLWz19yoJIZTLR46FuH/iw==,type:str] local_git_config: ENC[AES256_GCM,data:DjLFwnglZuH2Piami9gHUd5fmlW3luXDCxx7cEuTPRPM4Y4fr2PmXXWSIvZEo6FuVC8tAMr4Z9wbgWQumB4Ul4lIHpwHrbvS2ccOI/ye4Q9OQ/Ki9OEbVFg8nBHsz57RnD0uh3Fk+9gV0yoTmjxP2A==,iv:7Z2d/pgc4uarGe0/BAcIFGLMdBdNwhxr6wGOaZvUqxw=,tag:HgOW/RF9/QEfm+xkEV75+Q==,type:str]
local_private_env: ENC[AES256_GCM,data:vaa2MKSzCs2s2mzRkFSkz2CT2hCRfad+mqkLW/PCulcw8x6TYRWWjfYicqdCh+lmeMlRgoukH45qTq2YaKo8lvm0jOPnk1Z6ZOYCafm6JX8Cn+hpxRq/nw0OjtytLrVIh6CCqe8IJM5nK6EC5dXJDO/08AaiRdlYqRG7HhKFSa0nODlQpWGXiwYz3ajkCmlgl3qR+6HpZxjMKAGAyLZr9g5n8rNHN7oXe0Kf06wmoMnFNKvuZ9kliJe5x3gUbiDN85UNXNKnMs6SFk7Hr+jE3RIGUjYL6XCUgWgvt9gL0VDWjt3KfJbASJMBwBU9B4Jj02pxyHeQovyK2CjAm7Qm2s40JYsdsbfV4QaTBRCT5DdIQiB3FI/ELuwKdEo8MlpSvk5DqyxipAvicOa216x4N+FG/N311vExq4gNIjO+6w191ymRk4YCxWjUIk7GwiftsVBp+Jo6M27Xe7k7yYCBblEyAtq7NDbcxrh9YoXs+K409wBE6U81bJbMWwRzwG7Sfhrzx1X+C1SGe+VYSmh1EqHEbJbkHXxEF35vfNGwQoIAVOQ+ePlYyGhvNkbLTxxf2Ni6orl/tKnLejmMSwhUrv5R1RgQqxyiK7aSl0bf89+hxb2WWdGpmFEMUCns4hoFzN+ob1h7oH3aD33CMKuoOFAhsDkELS08Bvx2RMyKEv7ktU6KmaOEvO99soRQAMZvznM0/8H6v11ua1sAvzN5of+9bdA31Yt2fj1lMpAxuc/jc/fjlSpdr+TkEIoAP1R/z4xhlR4QoxlnBkLJU2y699dPBChl52k8S5W53/XW0NoXptpf8+BKgnQCjXRASHBxN2ChjjpUFLyKV/0x8lbrs+NbNb4wJP4HK1625R9278hcD02KcfzofPtr/sglSGEWOla7vsNlyQiwRp0ZfbGrrfvQ3QhKVx/shPL7BkmGGDapkiT0YqWIWo/gOtRnDGIcsjER5DMZQwez27eqaZq7jwQv4He1Tj/UelR1eOurlPE7NKIDXXCR14vfsVCX/5mNPuNDZ+hhEpp8xAqAsnv6TCHHZ7q1ngrIe/uxJZLGE3oWxmjxn1FGP3m42IT59RMXHNmzZwPYmPZK8cjSNqViP2Krsvca0p+Jf7+1hP17UwLFneo6bf3um891sF0X40R9uNA+7fuP4rbBwrJZaNwSojxXyk9kVpXATwk9JMaXijU78KZ+59ucl5lVsu1OQTYtcZxSecGr21ATSi2EydhaHNM/hsamAeyy3EbiVfDD6Bv9V2uwoEWRIApnCoKN9zcpdjMuVIZUKywuAyEzCaaOuDfrFLsgR051ijqkOQnmuZNJ+DRmdC1siUPqNQawRqvewKN5FbHJFuI7X6Zxfa3OxZFqnsWdipuL/+3sy8hGjaH5y1RIHeJzL/ZnQNoEkBMep6zeLmQHoGV3iXjmbobUpJMpHKG3yt92zw8hyckPO+tEvOjYW2RR+6NfbArWTqaW7e4FHYpDtX3Oh3a1SzX+fK5lEUglN3+wx6uDDXczG7IZwQDQc9kfL2rt45s8uHw9MZL/kH8Ssdhk4Ha2JIXXyyoxyFHH5OaZCaQFveVjvo70E394AU5oJ5YmvlKIMZEJxnL9TdtshTPVvKeL3DBjEzIocv9/MWQJLfltnaU2ieIQFsvG8ma7za8YOvFVgr1Z3DfRsusQOmnJB3Umm18YfST0U1u1DpiCsvdGoRuySqAjp4OdmxTvKLRHKkNzRzmS8NnewFjUitJy1WjXmcoVRc8+hm2IJxQl3iGm1In2zuGtyklbban7+84ygV2XvhGpv5MLE0ooKHTXLU7da9jUgvRgCQ9EZWGh/Xqg/OA7mK3C9ojeuJKCgtKwDm2QeHKswRzgUpSTtYlgS3TmTQOdgMo7N7w9uWTTjU9ozXnJHZlKF7264XaIOmLZGwcIPwjQb6+onv0xvDDgKaDU2QpHA1MMXrJAPnyAP3xjpttEggHcY9i+t0ZlvrzS1Ux7Tv2qKnabJEuzw5mX7RyjmUOp89mXK/Ot/hTwMKf2Rm7QsoSMl3NqTFHUMYnxzN8TyVAWvcXh1iS24ryvgMqE+Et2EFW2+lz3XffS+hKJ49osu3ZX53QDLCXhWRK7xnCj3JGNVtnyMkRH7eRVpQwbxl7DuYSx8xrzDyLItOOVyUeif+XiIzsjDWfitTV0+SDhsuJpvCm3hh1+SDUwL9abgOJ0Hv0Y8EtvkoAUlkC5O3+qVFVQ2gmdTWvZ5eIci4wKvv4jXyljW7uDGCjqoGL3yi9JUGWhJGVe0gFvUyP/k6ThxjbrpERVOCpiPZDfwU31ACVVEagwdLjs2vJB1oRs2dJWwwXMPR4lbslgDUXkD4j0hodOvbrqa9teBB1Q48mAZ/CqhOgwFjEymLmXUEcauBHSuLywQkff7TYVmyWzGZAH0gZB7aVuwZ1ZRj59PuFdMKcRoqNC8/yb4Nj9HDprE8l7gS5jaELkm6G/lo7jbei7CLdYB5zNW9qSypKv6QvqYbxhpCazsPAvjIXj0O3k24Q8U6CROuxWwNe7hCPaYaC1wI/lr+QEoG//3sRMRMBYJ5M2deFSXhKFstcoOAinkESMgwLc2eeTmqYS14e4qtCIMzAy9YOt0SaKUVjnCgj9vkoJNPgqdVEnszDThBS2Rhe3f/CrfFdoWf/nWisy3NwCWcdj8cjR2sAGcu8ImxRciXYuUS9XAdGiUUVv9+BF1wf2VCWVJQ895WQ7dxBtHZdrh7SRtlR0qKTQuSPzEzSYwve0Xm1Kw6VbgrcQnpvafS2unS+3VlGH+gjv3swHWaiot0IbvoG7K4guVfUFORTlsqlktg2UdfskhVpXliJub1B91q6Ocuponi6NI0ytmNGgNKoxNU8Bfi8zruCak2lwKK1lwqR9Q2Xhg0xHW/bjsX37HHC6hS5WoB3KpwouwSdY7bbZttyq3EdODHz4P7FdsrirSgt9U/1ue9shbDQmBwImPAr7KttRMZUcuCWYoxSzZbqz5OdIinVgonOkqPWvsxSb1+PjpWFkYwMzeOlcYRGylD8VZ5TMn/p0DVpzWK4zTbmY1s6nvu+gPPgLWBM0soj33UY7vSlJMgzOXEc4dFGspfVbkbjBx/qbtN3wS7WnI1RP0oTszSacVkuJvsDZURecNUIyNxaKTYOIOrxErTBJwZ1mYUDh0KWprAirzTD1p+4soiGiMwYQdKZd6MwgD0HmjzPwi+DpoBfo1Y7R6BeefFvSLT2dZhilwlh496FQX/DNOqPd/5ZiMOGC8JvG6pBred5r2QFCFgN7F9BIFoLHpF8DjRkvcQC4bf/IQrQBGJGMk2o3fG+cjPxB5c7Ce9BzCUY5+AAcm7/u2oMZvCiUc91OKV/l3S5J+ZmUutXIrFvJIlE4FUJi6QFtDI4fygzxI84wbTtnrQzYWOvWZlKEmXDQyn6iRxqu1pcJq38cX3UpouMXlbqA+pGsc1xAkt7a295qYBcVrm1RjQWwVW1okNF9bgswF3X8HCEx8tCFsZdM+lHE4/+ytqTOMvPrgodbUeCBORwpsKN4TzBCGzQI/1Fs++ucL6EwwgN95goW4gvqgk2sEdSGqO7fk4pwzfHNLdoZmosblsHFTmCefHURmeM+rakbZLIyERBSEWzW8uSMFqdqQtFjx2cMEcavSj3xO69p6YuK4baRVV1ATLeYfpMnSkt6wM5TCowXBiA67TQUzEl0+rTG4kPc2PYLFCkKzjxM2ngA+P2gyx5jRPtztLLDe669sUecsNCDfs1h8nLDJyL9zDF/K3Iw8AlsMgqYDhDcFVW9sZ+to7UGL0VToRMFKrP+zW3MSSC9sXQIX+aZeI0yjgxYU4zH4MB4JlP/dgPvqBKkAU+lCD0EesdXaL3hUQQ6+8BY2wsO3ws77rFYDWCq0lzjXHH+BtyihWF194ZEXxNzkq3mH5uBHqipWZ4EMnoHbzfq4CI11VK0Kgu6atw0xDCApA+0auom7jayFvL6HvhSW+lWhOTSlOktXzFula1iNKqJI1y6bLig94HEJ13z+3HSKsyA,iv:c81f5M5cmElhm6Yb/p7JkX0mJacbatqm3qmIba/LMcs=,tag:V2FVsGqf9G18VimH2rsSRg==,type:str] local_private_env: ENC[AES256_GCM,data:vaa2MKSzCs2s2mzRkFSkz2CT2hCRfad+mqkLW/PCulcw8x6TYRWWjfYicqdCh+lmeMlRgoukH45qTq2YaKo8lvm0jOPnk1Z6ZOYCafm6JX8Cn+hpxRq/nw0OjtytLrVIh6CCqe8IJM5nK6EC5dXJDO/08AaiRdlYqRG7HhKFSa0nODlQpWGXiwYz3ajkCmlgl3qR+6HpZxjMKAGAyLZr9g5n8rNHN7oXe0Kf06wmoMnFNKvuZ9kliJe5x3gUbiDN85UNXNKnMs6SFk7Hr+jE3RIGUjYL6XCUgWgvt9gL0VDWjt3KfJbASJMBwBU9B4Jj02pxyHeQovyK2CjAm7Qm2s40JYsdsbfV4QaTBRCT5DdIQiB3FI/ELuwKdEo8MlpSvk5DqyxipAvicOa216x4N+FG/N311vExq4gNIjO+6w191ymRk4YCxWjUIk7GwiftsVBp+Jo6M27Xe7k7yYCBblEyAtq7NDbcxrh9YoXs+K409wBE6U81bJbMWwRzwG7Sfhrzx1X+C1SGe+VYSmh1EqHEbJbkHXxEF35vfNGwQoIAVOQ+ePlYyGhvNkbLTxxf2Ni6orl/tKnLejmMSwhUrv5R1RgQqxyiK7aSl0bf89+hxb2WWdGpmFEMUCns4hoFzN+ob1h7oH3aD33CMKuoOFAhsDkELS08Bvx2RMyKEv7ktU6KmaOEvO99soRQAMZvznM0/8H6v11ua1sAvzN5of+9bdA31Yt2fj1lMpAxuc/jc/fjlSpdr+TkEIoAP1R/z4xhlR4QoxlnBkLJU2y699dPBChl52k8S5W53/XW0NoXptpf8+BKgnQCjXRASHBxN2ChjjpUFLyKV/0x8lbrs+NbNb4wJP4HK1625R9278hcD02KcfzofPtr/sglSGEWOla7vsNlyQiwRp0ZfbGrrfvQ3QhKVx/shPL7BkmGGDapkiT0YqWIWo/gOtRnDGIcsjER5DMZQwez27eqaZq7jwQv4He1Tj/UelR1eOurlPE7NKIDXXCR14vfsVCX/5mNPuNDZ+hhEpp8xAqAsnv6TCHHZ7q1ngrIe/uxJZLGE3oWxmjxn1FGP3m42IT59RMXHNmzZwPYmPZK8cjSNqViP2Krsvca0p+Jf7+1hP17UwLFneo6bf3um891sF0X40R9uNA+7fuP4rbBwrJZaNwSojxXyk9kVpXATwk9JMaXijU78KZ+59ucl5lVsu1OQTYtcZxSecGr21ATSi2EydhaHNM/hsamAeyy3EbiVfDD6Bv9V2uwoEWRIApnCoKN9zcpdjMuVIZUKywuAyEzCaaOuDfrFLsgR051ijqkOQnmuZNJ+DRmdC1siUPqNQawRqvewKN5FbHJFuI7X6Zxfa3OxZFqnsWdipuL/+3sy8hGjaH5y1RIHeJzL/ZnQNoEkBMep6zeLmQHoGV3iXjmbobUpJMpHKG3yt92zw8hyckPO+tEvOjYW2RR+6NfbArWTqaW7e4FHYpDtX3Oh3a1SzX+fK5lEUglN3+wx6uDDXczG7IZwQDQc9kfL2rt45s8uHw9MZL/kH8Ssdhk4Ha2JIXXyyoxyFHH5OaZCaQFveVjvo70E394AU5oJ5YmvlKIMZEJxnL9TdtshTPVvKeL3DBjEzIocv9/MWQJLfltnaU2ieIQFsvG8ma7za8YOvFVgr1Z3DfRsusQOmnJB3Umm18YfST0U1u1DpiCsvdGoRuySqAjp4OdmxTvKLRHKkNzRzmS8NnewFjUitJy1WjXmcoVRc8+hm2IJxQl3iGm1In2zuGtyklbban7+84ygV2XvhGpv5MLE0ooKHTXLU7da9jUgvRgCQ9EZWGh/Xqg/OA7mK3C9ojeuJKCgtKwDm2QeHKswRzgUpSTtYlgS3TmTQOdgMo7N7w9uWTTjU9ozXnJHZlKF7264XaIOmLZGwcIPwjQb6+onv0xvDDgKaDU2QpHA1MMXrJAPnyAP3xjpttEggHcY9i+t0ZlvrzS1Ux7Tv2qKnabJEuzw5mX7RyjmUOp89mXK/Ot/hTwMKf2Rm7QsoSMl3NqTFHUMYnxzN8TyVAWvcXh1iS24ryvgMqE+Et2EFW2+lz3XffS+hKJ49osu3ZX53QDLCXhWRK7xnCj3JGNVtnyMkRH7eRVpQwbxl7DuYSx8xrzDyLItOOVyUeif+XiIzsjDWfitTV0+SDhsuJpvCm3hh1+SDUwL9abgOJ0Hv0Y8EtvkoAUlkC5O3+qVFVQ2gmdTWvZ5eIci4wKvv4jXyljW7uDGCjqoGL3yi9JUGWhJGVe0gFvUyP/k6ThxjbrpERVOCpiPZDfwU31ACVVEagwdLjs2vJB1oRs2dJWwwXMPR4lbslgDUXkD4j0hodOvbrqa9teBB1Q48mAZ/CqhOgwFjEymLmXUEcauBHSuLywQkff7TYVmyWzGZAH0gZB7aVuwZ1ZRj59PuFdMKcRoqNC8/yb4Nj9HDprE8l7gS5jaELkm6G/lo7jbei7CLdYB5zNW9qSypKv6QvqYbxhpCazsPAvjIXj0O3k24Q8U6CROuxWwNe7hCPaYaC1wI/lr+QEoG//3sRMRMBYJ5M2deFSXhKFstcoOAinkESMgwLc2eeTmqYS14e4qtCIMzAy9YOt0SaKUVjnCgj9vkoJNPgqdVEnszDThBS2Rhe3f/CrfFdoWf/nWisy3NwCWcdj8cjR2sAGcu8ImxRciXYuUS9XAdGiUUVv9+BF1wf2VCWVJQ895WQ7dxBtHZdrh7SRtlR0qKTQuSPzEzSYwve0Xm1Kw6VbgrcQnpvafS2unS+3VlGH+gjv3swHWaiot0IbvoG7K4guVfUFORTlsqlktg2UdfskhVpXliJub1B91q6Ocuponi6NI0ytmNGgNKoxNU8Bfi8zruCak2lwKK1lwqR9Q2Xhg0xHW/bjsX37HHC6hS5WoB3KpwouwSdY7bbZttyq3EdODHz4P7FdsrirSgt9U/1ue9shbDQmBwImPAr7KttRMZUcuCWYoxSzZbqz5OdIinVgonOkqPWvsxSb1+PjpWFkYwMzeOlcYRGylD8VZ5TMn/p0DVpzWK4zTbmY1s6nvu+gPPgLWBM0soj33UY7vSlJMgzOXEc4dFGspfVbkbjBx/qbtN3wS7WnI1RP0oTszSacVkuJvsDZURecNUIyNxaKTYOIOrxErTBJwZ1mYUDh0KWprAirzTD1p+4soiGiMwYQdKZd6MwgD0HmjzPwi+DpoBfo1Y7R6BeefFvSLT2dZhilwlh496FQX/DNOqPd/5ZiMOGC8JvG6pBred5r2QFCFgN7F9BIFoLHpF8DjRkvcQC4bf/IQrQBGJGMk2o3fG+cjPxB5c7Ce9BzCUY5+AAcm7/u2oMZvCiUc91OKV/l3S5J+ZmUutXIrFvJIlE4FUJi6QFtDI4fygzxI84wbTtnrQzYWOvWZlKEmXDQyn6iRxqu1pcJq38cX3UpouMXlbqA+pGsc1xAkt7a295qYBcVrm1RjQWwVW1okNF9bgswF3X8HCEx8tCFsZdM+lHE4/+ytqTOMvPrgodbUeCBORwpsKN4TzBCGzQI/1Fs++ucL6EwwgN95goW4gvqgk2sEdSGqO7fk4pwzfHNLdoZmosblsHFTmCefHURmeM+rakbZLIyERBSEWzW8uSMFqdqQtFjx2cMEcavSj3xO69p6YuK4baRVV1ATLeYfpMnSkt6wM5TCowXBiA67TQUzEl0+rTG4kPc2PYLFCkKzjxM2ngA+P2gyx5jRPtztLLDe669sUecsNCDfs1h8nLDJyL9zDF/K3Iw8AlsMgqYDhDcFVW9sZ+to7UGL0VToRMFKrP+zW3MSSC9sXQIX+aZeI0yjgxYU4zH4MB4JlP/dgPvqBKkAU+lCD0EesdXaL3hUQQ6+8BY2wsO3ws77rFYDWCq0lzjXHH+BtyihWF194ZEXxNzkq3mH5uBHqipWZ4EMnoHbzfq4CI11VK0Kgu6atw0xDCApA+0auom7jayFvL6HvhSW+lWhOTSlOktXzFula1iNKqJI1y6bLig94HEJ13z+3HSKsyA,iv:c81f5M5cmElhm6Yb/p7JkX0mJacbatqm3qmIba/LMcs=,tag:V2FVsGqf9G18VimH2rsSRg==,type:str]
sops: sops:
age: age:
@ -14,7 +14,7 @@ sops:
YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB
qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw== qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-26T13:53:28Z" lastmodified: "2026-03-19T15:01:09Z"
mac: ENC[AES256_GCM,data:QfP3eTXlhl1M3qLF+vuS6R+nwqpwjS9I6lXofSR1Qa1FsA6EsMPkzFyousS5IMScqUv5co868yS3KvXgkwwYsMkU1JwChBN2gPTF6OJ29fyjzE2jtVUop+ZRkUcV5I2FwAxMCR9LIyWNfePTpM056yGCM/2cnjOfc0vmhE2ctRw=,iv:a1VbTwMl5AuV5wN/dUpT8nrtt0qCJT9NmIb+f3avt6c=,tag:DYAue3j10rwhBTs4xRUZOw==,type:str] mac: ENC[AES256_GCM,data:FKz9GZZfLnBFiVuyn3xmhR0p6NpPxlJBZlGL6PrqsiJWmIrzZBq6x5fj9fWprYuzeAJYRrwSX8X5fYKdatrW2aLIYrXclZl1yw3afnP65lJZvJxlhD9gD3gPZ9eMbmRUOqrhLn8OeQ+mY4WBXg0G6WNOxsp/bAQf7Xjkj1eItBI=,iv:duqy8YcrhfPmiTHJBYnFbMyv1jCxLPtU1Gbo1F/YkHs=,tag:3TNSf3BLu6Wm38RmReihwg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.1

9
modules/hosts/home-manager-only/default.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, system, username, ... }: { {
config,
pkgs,
system,
username,
...
}:
{
home.stateVersion = "25.05"; home.stateVersion = "25.05";
home.packages = with pkgs; [ home.packages = with pkgs; [
age age

4
modules/hosts/home-manager-only/home-gene.liverman.nix
View file

@ -1,3 +1,3 @@
{ ... }: { {
# Settings just for work machines go here # Settings just for work machines go here
} }

3
modules/hosts/home-manager-only/home-gene.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
# Settings just for personal machines go here # Settings just for personal machines go here
home.packages = with pkgs; [ home.packages = with pkgs; [

8
modules/hosts/home-manager-only/secrets.yaml
View file

@ -1,4 +1,4 @@
local_git_config: ENC[AES256_GCM,data:7zJpT5px88Y/9S/ZR3dRZQmALdVS1aR/1qpKDYzfSAG7bTHutIXztBi93xH+iuId2blWZ7DVjRZPTLgbsxzPBGMVnwDMCTOfLPhTwbSGI6XfKXvYyl9TXNiw1qxn1zhIAia7zt2J/dBt63JMVByXaVohpHr0/9cKZio/cuI=,iv:k55B7Pe70M+enpMP+toVjyEkdIsuNnA5hRUe5Kgq5pE=,tag:6sChtIN2POPiK2zYweqTTA==,type:str] local_git_config: ENC[AES256_GCM,data:z/yS/4VgTapy476DAIucKd0DQsn1Rg0f8U3DAYwvI7+THGq8MAhgQ9Y=,iv:deh7DIRNPKlZJQu+ihiBzWqNV1rSP0hATERmeGCLi4s=,tag:NYVUUv1uve0Gv2sXSJuQmw==,type:str]
local_private_env: ENC[AES256_GCM,data:bUDiSzNaLDLBCM9SosCA/79utc+rqht3BqWOqgGAoc/E1YPfiCsqSOgMSRaYnACc9ubpozEGbsSSwxhq/p+4,iv:opwNCd3hAVJdXLiVbGh5FVuv0Uwnfns6QGrRKHGOtiE=,tag:Dun7sZC9RyxXiTlAPRMV6Q==,type:str] local_private_env: ENC[AES256_GCM,data:bUDiSzNaLDLBCM9SosCA/79utc+rqht3BqWOqgGAoc/E1YPfiCsqSOgMSRaYnACc9ubpozEGbsSSwxhq/p+4,iv:opwNCd3hAVJdXLiVbGh5FVuv0Uwnfns6QGrRKHGOtiE=,tag:Dun7sZC9RyxXiTlAPRMV6Q==,type:str]
sops: sops:
age: age:
@ -11,7 +11,7 @@ sops:
aTV4a1QvaThld3g0aGt3Z3JvaWFtcFEK1zvoJDUDSwSmSJ5YyFUjNCP9qoj/7Uv5 aTV4a1QvaThld3g0aGt3Z3JvaWFtcFEK1zvoJDUDSwSmSJ5YyFUjNCP9qoj/7Uv5
MusGUeYe+IdBz413voyT0PgsGmlKNEjfxjzsF0DRKAw5a/n0EY9cOg== MusGUeYe+IdBz413voyT0PgsGmlKNEjfxjzsF0DRKAw5a/n0EY9cOg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-10T18:40:37Z" lastmodified: "2026-03-22T23:15:19Z"
mac: ENC[AES256_GCM,data:JfaHXsdnJNyrUEL8WyhH4ht8PO4ifQguvf0YLjmpMFbr1Mih+e/+DtQTPO9M2U/vrH7rFCk1UiZQhNZD3kY6S5LUqvHYvQwbf81zNXpGtAr/lQVT+bIJeqfRdJXkIGIZscu16Lmqm0WM6lmugfrIteNATYr9Qc4mDn2UApl5YXc=,iv:bC0XJUwgytnHefMPGsmdY5EkMTRmF5GcakjEIlIeNvs=,tag:JZ0k1y9J7StXKG3GeyGhfg==,type:str] mac: ENC[AES256_GCM,data:KAKblfnDL1nyFvPY/i9yy77RY0zr2QMYlV/asMXRd6TlR/jVGBFFdXVOFKFsbWpMbm5K8VtAOGxc/xL1NYsrAxGaoCH5YCHOjx2ZxJ9/5ZOGTSqAW7b2Ny1MlU9+IP7tD5qC3IFdzdtf3Osi7mwoQP5/xtLtZ5CP6mu+cy/xnB4=,iv:wk8pNiEcv9gGPWWNoCxpf3QmuNoZhapvo8BXKdaSy4E=,tag:8vuwebWrnv2+2SLw77ge7Q==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.1

40
modules/hosts/nixos/bigboy/default.nix
View file

@ -1,17 +1,23 @@
{ config, pkgs, username, ... }:
let
libbluray = pkgs.libbluray.override {
withAACS = true;
withBDplus = true;
withJava = true;
};
vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
in
{ {
imports = [ # Include the results of the hardware scan. config,
pkgs,
username,
...
}:
let
libbluray = pkgs.libbluray.override {
withAACS = true;
withBDplus = true;
withJava = true;
};
vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../common/linux/flatpaks.nix ../../../shared/linux/flatpaks.nix
../../common/linux/ripping.nix ../../../shared/nixos/ripping.nix
]; ];
system.stateVersion = "24.11"; # Did you read the comment? system.stateVersion = "24.11"; # Did you read the comment?
@ -43,7 +49,6 @@
zoom-us zoom-us
]; ];
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
programs = { programs = {
@ -118,10 +123,15 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" "dialout" "input" ]; extraGroups = [
"networkmanager"
"wheel"
"dialout"
"input"
];
packages = with pkgs; [ packages = with pkgs; [
kdePackages.kate kdePackages.kate
# thunderbird # thunderbird
]; ];
}; };
} }

55
modules/hosts/nixos/bigboy/hardware-configuration.nix
View file

@ -1,32 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
"sg"
]; ];
extraModulePackages = [ ];
};
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; fileSystems = {
boot.initrd.kernelModules = [ ]; "/" = {
boot.kernelModules = [ "kvm-intel" "sg" ]; device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = "/boot" = {
{ device = "/dev/disk/by-uuid/59CB-16DE"; device = "/dev/disk/by-uuid/59CB-16DE";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
};
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; } { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

10
modules/hosts/nixos/bigboy/home-gene.nix
View file

@ -1,9 +1,10 @@
{ ... }: { { ... }:
{
home.stateVersion = "24.05"; home.stateVersion = "24.05";
imports = [ imports = [
../../common/all-gui.nix ../../../shared/home/general/all-gui.nix
../../common/linux/apps/tilix.nix ../../../shared/home/linux/apps/tilix.nix
../../common/linux/apps/xfce4-terminal.nix ../../../shared/home/linux/apps/xfce4-terminal.nix
]; ];
programs = { programs = {
@ -27,4 +28,3 @@
}; };
}; };
} }

15
modules/hosts/nixos/default.nix
View file

@ -1,10 +1,19 @@
{ hostname, pkgs, username, ... }: { {
hostname,
pkgs,
username,
...
}:
{
imports = [ imports = [
../common/linux/internationalisation.nix ../../shared/nixos/internationalisation.nix
]; ];
environment = { environment = {
shells = with pkgs; [ bash zsh ]; shells = with pkgs; [
bash
zsh
];
systemPackages = with pkgs; [ systemPackages = with pkgs; [
age age
dconf2nix dconf2nix

30
modules/hosts/nixos/hetznix01/default.nix
View file

@ -1,6 +1,11 @@
{ inputs, pkgs, username, ... }: { {
pkgs,
username,
...
}:
{
imports = [ imports = [
../../common/linux/nixroutes.nix ../../../shared/nixos/nixroutes.nix
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./post-install ./post-install
@ -24,14 +29,14 @@
networking = { networking = {
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
25 # SMTP (unencrypted) 25 # SMTP (unencrypted)
80 # http to local Nginx 80 # http to local Nginx
143 # imap 143 # imap
443 # https to local Nginx 443 # https to local Nginx
465 # SMTP with TLS 465 # SMTP with TLS
587 # SMTP with STARTTLS 587 # SMTP with STARTTLS
993 # imaps 993 # imaps
1883 # mqtt 1883 # mqtt
8333 # Bitcoin Core 8333 # Bitcoin Core
8448 # Matrix Synapse 8448 # Matrix Synapse
@ -88,7 +93,10 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
} }

26
modules/hosts/nixos/hetznix01/hardware-configuration.nix
View file

@ -4,14 +4,25 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot = {
boot.initrd.kernelModules = [ ]; initrd = {
boot.kernelModules = [ ]; availableKernelModules = [
boot.extraModulePackages = [ ]; "ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."pack1828" = { fileSystems."pack1828" = {
device = "/dev/disk/by-id/scsi-0HC_Volume_102600992"; device = "/dev/disk/by-id/scsi-0HC_Volume_102600992";
@ -25,4 +36,3 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

4
modules/hosts/nixos/hetznix01/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: { {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
} }

6
modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix
View file

@ -1,6 +1,8 @@
{ config, username, ... }: let { config, username, ... }:
let
volume_base = "/var/lib/emqx"; volume_base = "/var/lib/emqx";
in { in
{
# Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html # Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"emqx" = { "emqx" = {

75
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -1,10 +1,18 @@
{ config, lib, pkgs, username, ... }: let {
config,
lib,
pkgs,
username,
...
}:
let
domain = "technicalissues.us"; domain = "technicalissues.us";
restic_backup_time = "01:00"; restic_backup_time = "01:00";
in { in
{
imports = [ imports = [
../../../common/linux/lets-encrypt.nix ../../../../shared/nixos/lets-encrypt.nix
../../../common/linux/restic.nix ../../../../shared/nixos/restic.nix
./containers/emqx.nix ./containers/emqx.nix
./matrix-synapse.nix ./matrix-synapse.nix
./monitoring.nix ./monitoring.nix
@ -26,7 +34,7 @@ in {
# Listen on loopback interface only, and accept requests from ::1 # Listen on loopback interface only, and accept requests from ::1
net = { net = {
listen = "loopback"; listen = "loopback";
post_allow.host = ["::1"]; post_allow.host = [ "::1" ];
}; };
# Restrict loading documents from WOPI Host nextcloud.example.com # Restrict loading documents from WOPI Host nextcloud.example.com
@ -162,14 +170,14 @@ in {
}; };
matrix_secrets_yaml = { matrix_secrets_yaml = {
owner = config.users.users.matrix-synapse.name; owner = config.users.users.matrix-synapse.name;
restartUnits = ["matrix-synapse.service"]; restartUnits = [ "matrix-synapse.service" ];
}; };
matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name; matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name;
mqtt_recorder_pass.restartUnits = ["mosquitto.service"]; mqtt_recorder_pass.restartUnits = [ "mosquitto.service" ];
nextcloud_admin_pass.owner = config.users.users.nextcloud.name; nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
owntracks_basic_auth = { owntracks_basic_auth = {
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
restartUnits = ["nginx.service"]; restartUnits = [ "nginx.service" ];
}; };
plausible_admin_pass.owner = config.users.users.nginx.name; plausible_admin_pass.owner = config.users.users.nginx.name;
plausible_secret_key_base.owner = config.users.users.nginx.name; plausible_secret_key_base.owner = config.users.users.nginx.name;
@ -180,31 +188,36 @@ in {
}; };
systemd.services = { systemd.services = {
nextcloud-config-collabora = let nextcloud-config-collabora =
inherit (config.services.nextcloud) occ; let
inherit (config.services.nextcloud) occ;
wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
public_wopi_url = "https://collabora.pack1828.org"; public_wopi_url = "https://collabora.pack1828.org";
wopi_allowlist = lib.concatStringsSep "," [ wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1" "127.0.0.1"
"::1" "::1"
"5.161.244.95" "5.161.244.95"
"2a01:4ff:f0:977c::1" "2a01:4ff:f0:977c::1"
]; ];
in { in
wantedBy = ["multi-user.target"]; {
after = ["nextcloud-setup.service" "coolwsd.service"]; wantedBy = [ "multi-user.target" ];
requires = ["coolwsd.service"]; after = [
script = '' "nextcloud-setup.service"
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} "coolwsd.service"
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} ];
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} requires = [ "coolwsd.service" ];
${occ}/bin/nextcloud-occ richdocuments:setup script = ''
''; ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
serviceConfig = { ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
Type = "oneshot"; ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
}; };
};
}; };
# Enable common container config files in /etc/containers # Enable common container config files in /etc/containers

5
modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix
View file

@ -1,4 +1,5 @@
{ config, ... }: { { config, ... }:
{
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
configureRedisLocally = true; configureRedisLocally = true;
@ -33,7 +34,7 @@
]; ];
url_preview_enabled = true; url_preview_enabled = true;
enable_registration = false; enable_registration = false;
trusted_key_servers = [{ server_name = "matrix.org"; }]; trusted_key_servers = [ { server_name = "matrix.org"; } ];
}; };
}; };

23
modules/hosts/nixos/hetznix01/post-install/monitoring.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let { config, pkgs, ... }:
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in { in
{
services = { services = {
vmagent = { vmagent = {
enable = true; enable = true;
@ -14,11 +16,11 @@ in {
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:9100"]; } { targets = [ "127.0.0.1:9100" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -35,11 +37,11 @@ in {
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:9113"]; } { targets = [ "127.0.0.1:9113" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -77,7 +79,7 @@ in {
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -110,7 +112,7 @@ in {
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = {}; users.groups.vmagent = { };
# ---------------------------- # ----------------------------
# SOPS secrets configuration # SOPS secrets configuration
@ -119,10 +121,9 @@ in {
secrets = { secrets = {
vmagent_push_pw = { vmagent_push_pw = {
owner = "vmagent"; owner = "vmagent";
restartUnits = ["vmagent.service"]; restartUnits = [ "vmagent.service" ];
sopsFile = ../../../common/secrets.yaml; sopsFile = ../../../../shared/secrets.yaml;
}; };
}; };
}; };
} }

137
modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
View file

@ -1,16 +1,21 @@
{ config, ... }: let { config, ... }:
let
mqtt_domain = "mqtt.technicalissues.us"; mqtt_domain = "mqtt.technicalissues.us";
in { in
security.acme.certs.${mqtt_domain}.postRun = "systemctl restart ${config.systemd.services.mosquitto.name}"; {
security.acme.certs.${mqtt_domain}.postRun =
"systemctl restart ${config.systemd.services.mosquitto.name}";
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
bridges = { bridges = {
liamcottle = { liamcottle = {
addresses = [{ addresses = [
address = "mqtt.meshtastic.liamcottle.net"; {
port = 1883; address = "mqtt.meshtastic.liamcottle.net";
}]; port = 1883;
}
];
topics = [ topics = [
"msh/# out 1 \"\"" "msh/# out 1 \"\""
]; ];
@ -24,10 +29,12 @@ in {
}; };
}; };
meshtastic = { meshtastic = {
addresses = [{ addresses = [
address = "mqtt.meshtastic.org"; {
port = 1883; address = "mqtt.meshtastic.org";
}]; port = 1883;
}
];
topics = [ topics = [
"msh/# out 1 \"\"" "msh/# out 1 \"\""
]; ];
@ -42,10 +49,12 @@ in {
}; };
}; };
homeassistant = { homeassistant = {
addresses = [{ addresses = [
address = "homeasistant-lc.atlas-snares.ts.net"; {
port = 1883; address = "homeasistant-lc.atlas-snares.ts.net";
}]; port = 1883;
}
];
topics = [ topics = [
"msh/US/2/e/LongFast/!a386c80 out 1 \"\"" "msh/US/2/e/LongFast/!a386c80 out 1 \"\""
"msh/US/2/e/LongFast/!b03bcb24 out 1 \"\"" "msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
@ -62,53 +71,59 @@ in {
}; };
}; };
}; };
listeners = let listeners =
mqtt_users = { let
genebean = { mqtt_users = {
acl = [ genebean = {
"readwrite msh/#" acl = [
]; "readwrite msh/#"
hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path; ];
hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
};
mountain_mesh = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
};
}; };
mountain_mesh = { in
acl = [ [
"readwrite msh/#" {
]; port = 1883;
hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path; users = mqtt_users;
}; settings.allow_anonymous = false;
}; }
in [ {
{ port = 8883;
port = 1883; users = mqtt_users;
users = mqtt_users; settings =
settings.allow_anonymous = false; let
} certDir = config.security.acme.certs."${mqtt_domain}".directory;
{ in
port = 8883; {
users = mqtt_users; allow_anonymous = false;
settings = let keyfile = certDir + "/key.pem";
certDir = config.security.acme.certs."${mqtt_domain}".directory; certfile = certDir + "/cert.pem";
in { cafile = certDir + "/chain.pem";
allow_anonymous = false; };
keyfile = certDir + "/key.pem"; }
certfile = certDir + "/cert.pem"; {
cafile = certDir + "/chain.pem"; port = 9001;
}; users = mqtt_users;
} settings =
{ let
port = 9001; certDir = config.security.acme.certs."${mqtt_domain}".directory;
users = mqtt_users; in
settings = let {
certDir = config.security.acme.certs."${mqtt_domain}".directory; allow_anonymous = false;
in { keyfile = certDir + "/key.pem";
allow_anonymous = false; certfile = certDir + "/cert.pem";
keyfile = certDir + "/key.pem"; cafile = certDir + "/chain.pem";
certfile = certDir + "/cert.pem"; protocol = "websockets";
cafile = certDir + "/chain.pem"; };
protocol = "websockets"; }
}; ];
}
];
}; };
sops.secrets = { sops.secrets = {

43
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -1,9 +1,11 @@
{ config, ... }: let { config, ... }:
let
domain = "technicalissues.us"; domain = "technicalissues.us";
http_port = 80; http_port = 80;
https_port = 443; https_port = 443;
private_btc = "umbrel.atlas-snares.ts.net"; private_btc = "umbrel.atlas-snares.ts.net";
in { in
{
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -134,14 +136,36 @@ in {
}; };
"matrix.${domain}" = { "matrix.${domain}" = {
listen = [ listen = [
{ port = http_port; addr = "0.0.0.0"; } {
{ port = http_port; addr = "[::]"; } port = http_port;
addr = "0.0.0.0";
}
{
port = http_port;
addr = "[::]";
}
{ port = https_port; addr = "0.0.0.0"; ssl = true; } {
{ port = https_port; addr = "[::]"; ssl = true; } port = https_port;
addr = "0.0.0.0";
ssl = true;
}
{
port = https_port;
addr = "[::]";
ssl = true;
}
{ port = 8448; addr = "0.0.0.0"; ssl = true; } {
{ port = 8448; addr = "[::]"; ssl = true; } port = 8448;
addr = "0.0.0.0";
ssl = true;
}
{
port = 8448;
addr = "[::]";
ssl = true;
}
]; ];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
@ -195,7 +219,8 @@ in {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:8083"; proxyPass = "http://127.0.0.1:8083";
}; };
"/pub" = { # Client apps need to point to this path "/pub" = {
# Client apps need to point to this path
extraConfig = "proxy_set_header X-Limit-U $remote_user;"; extraConfig = "proxy_set_header X-Limit-U $remote_user;";
proxyPass = "http://127.0.0.1:8083/pub"; proxyPass = "http://127.0.0.1:8083/pub";
}; };

21
modules/hosts/nixos/hetznix02/default.nix
View file

@ -1,6 +1,12 @@
{ inputs, pkgs, username, ... }: { {
inputs,
pkgs,
username,
...
}:
{
imports = [ imports = [
../../common/linux/nixroutes.nix ../../../shared/nixos/nixroutes.nix
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./post-install ./post-install
@ -29,9 +35,9 @@
networking = { networking = {
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
80 # Nginx 80 # Nginx
443 # Nginx 443 # Nginx
]; ];
# firewall.allowedUDPPorts = [ ... ]; # firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
@ -56,7 +62,10 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };

8
modules/hosts/nixos/hetznix02/disk-config.nix
View file

@ -44,10 +44,10 @@
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
nix = { nix = {
name = "nix"; name = "nix";
size = "100%"; size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/nix"; mountpoint = "/nix";

31
modules/hosts/nixos/hetznix02/hardware-configuration.nix
View file

@ -4,34 +4,43 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ]; availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems."/" = fileSystems = {
{ device = "/dev/disk/by-partlabel/disk-primary-root"; "/" = {
device = "/dev/disk/by-partlabel/disk-primary-root";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = "/boot" = {
{ device = "/dev/disk/by-partlabel/disk-primary-ESP"; device = "/dev/disk/by-partlabel/disk-primary-ESP";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
fileSystems."/nix" = "/nix" = {
{ device = "/dev/disk/by-partlabel/disk-volume1-nix"; device = "/dev/disk/by-partlabel/disk-volume1-nix";
fsType = "ext4"; fsType = "ext4";
}; };
};
swapDevices = [ ]; swapDevices = [ ];

2
modules/hosts/nixos/hetznix02/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: { {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
} }

6
modules/hosts/nixos/hetznix02/post-install/default.nix
View file

@ -1,6 +1,7 @@
{ config, username, ... }: { { config, username, ... }:
{
imports = [ imports = [
../../../common/linux/lets-encrypt.nix ../../../../shared/nixos/lets-encrypt.nix
./monitoring.nix ./monitoring.nix
./nginx.nix ./nginx.nix
]; ];
@ -23,4 +24,3 @@
}; };
}; };
} }

23
modules/hosts/nixos/hetznix02/post-install/monitoring.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let { config, pkgs, ... }:
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in { in
{
services = { services = {
vmagent = { vmagent = {
enable = true; enable = true;
@ -14,11 +16,11 @@ in {
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:9100"]; } { targets = [ "127.0.0.1:9100" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -35,11 +37,11 @@ in {
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:9113"]; } { targets = [ "127.0.0.1:9113" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -77,7 +79,7 @@ in {
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -110,7 +112,7 @@ in {
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = {}; users.groups.vmagent = { };
# ---------------------------- # ----------------------------
# SOPS secrets configuration # SOPS secrets configuration
@ -119,10 +121,9 @@ in {
secrets = { secrets = {
vmagent_push_pw = { vmagent_push_pw = {
owner = "vmagent"; owner = "vmagent";
restartUnits = ["vmagent.service"]; restartUnits = [ "vmagent.service" ];
sopsFile = ../../../common/secrets.yaml; sopsFile = ../../../../shared/secrets.yaml;
}; };
}; };
}; };
} }

7
modules/hosts/nixos/hetznix02/post-install/nginx.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }:
{ pkgs, ... }: let let
domain = "genebean.me"; domain = "genebean.me";
in { in
{
environment.etc.nginx-littlelinks = { environment.etc.nginx-littlelinks = {
# Info generated via # Info generated via
# nurl https://github.com/genebean/littlelink genebean-sometag # nurl https://github.com/genebean/littlelink genebean-sometag

50
modules/hosts/nixos/kiosk-entryway/default.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, username, ... }: { {
config,
lib,
pkgs,
username,
...
}:
{
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -42,7 +49,7 @@
# Home # Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley"; "Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks # Public networks
"Gallery Row-GuestWiFi" = {}; "Gallery Row-GuestWiFi" = { };
"LocalTies Guest".pskRaw = "ext:psk_local_ties"; "LocalTies Guest".pskRaw = "ext:psk_local_ties";
}; };
secretsFile = "${config.sops.secrets.wifi_creds.path}"; secretsFile = "${config.sops.secrets.wifi_creds.path}";
@ -50,26 +57,27 @@
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (_final: super: {
makeModulesClosure = x: makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
super.makeModulesClosure (x // { allowMissing = true; });
}) })
]; ];
services = { services = {
cage = let cage =
kioskProgram = pkgs.writeShellScript "kiosk.sh" '' let
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
/etc/profiles/per-user/gene/bin/chromium-browser WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1
''; /etc/profiles/per-user/gene/bin/chromium-browser
in { '';
enable = true; in
program = kioskProgram; {
user = "gene"; enable = true;
environment = { program = kioskProgram;
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
}; };
};
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
enabledCollectors = [ enabledCollectors = [
@ -97,7 +105,7 @@
path = "${config.users.users.${username}.home}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
wifi_creds = { wifi_creds = {
sopsFile = ../../common/secrets.yaml; sopsFile = ../../../shared/secrets.yaml;
restartUnits = [ restartUnits = [
"wpa_supplicant.service" "wpa_supplicant.service"
]; ];
@ -115,7 +123,10 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
@ -125,4 +136,3 @@
memoryPercent = 90; memoryPercent = 90;
}; };
} }

32
modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix
View file

@ -1,17 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; boot = {
boot.initrd.kernelModules = [ ]; initrd = {
boot.kernelModules = [ "kvm-intel" ]; availableKernelModules = [
boot.extraModulePackages = [ ]; "xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

3
modules/hosts/nixos/kiosk-entryway/home-gene.nix
View file

@ -1,4 +1,4 @@
{ ... }: { {
home.stateVersion = "24.11"; home.stateVersion = "24.11";
programs = { programs = {
@ -21,4 +21,3 @@
}; };
} }

52
modules/hosts/nixos/kiosk-entryway/monitoring.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let { config, pkgs, ... }:
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in { in
{
services = { services = {
vmagent = { vmagent = {
enable = true; enable = true;
@ -14,32 +16,11 @@ in {
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:9100"]; } { targets = [ "127.0.0.1:9100" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*";
action = "drop";
}
];
relabel_configs = [
{
target_label = "instance";
replacement = "${config.networking.hostName}";
}
];
}
# Nginx exporter
{
job_name = "nginx";
static_configs = [
{ targets = ["127.0.0.1:9113"]; }
];
metric_relabel_configs = [
{
source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -77,29 +58,17 @@ in {
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9100; port = 9100;
enabledCollectors = [
"systemd"
];
extraFlags = [ extraFlags = [
"--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|run|tmp|var/lib/docker/.+)($|/)" "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|run|tmp|var/lib/docker/.+)($|/)"
"--collector.diskstats.device-exclude=^(loop|ram|fd|sr|dm-|nvme[0-9]n[0-9]p[0-9]+_crypt)$" "--collector.diskstats.device-exclude=^(loop|ram|fd|sr|dm-|nvme[0-9]n[0-9]p[0-9]+_crypt)$"
]; ];
}; };
# Nginx exporter - using the built-in module
prometheus.exporters.nginx = {
enable = true;
listenAddress = "127.0.0.1";
port = 9113;
scrapeUri = "https://127.0.0.1/server_status";
sslVerify = false;
};
}; };
# ---------------------------- # ----------------------------
@ -110,7 +79,7 @@ in {
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = {}; users.groups.vmagent = { };
# ---------------------------- # ----------------------------
# SOPS secrets configuration # SOPS secrets configuration
@ -119,10 +88,9 @@ in {
secrets = { secrets = {
vmagent_push_pw = { vmagent_push_pw = {
owner = "vmagent"; owner = "vmagent";
restartUnits = ["vmagent.service"]; restartUnits = [ "vmagent.service" ];
sopsFile = ../../../common/secrets.yaml; sopsFile = ../../../shared/secrets.yaml;
}; };
}; };
}; };
} }

13
modules/hosts/nixos/kiosk-entryway/secrets.yaml
View file

@ -1,10 +1,6 @@
local_git_config: ENC[AES256_GCM,data:9eq+YMK1wRewtTOCYdq9haD9XhMKcKCXeYlioxn5kAAreUJdjw/D92O33958eXvA3TbvRJGpioN0iZZribay7q+e2zoW+SfITwetfKa9xIeU2UQF3f6jB9juh5mqWZBXGxx+An3tIg9jNjtHRRzK7nzp6Uyxy5TNEfBKPwU=,iv:mAMMKaEWN9DvVGDDc8tNKE6LXxTnd7NKe5VXL1vmCp0=,tag:EhJkL9V3J+020uUSVsL8BA==,type:str] local_git_config: ENC[AES256_GCM,data:Vzcth5778ZuzbN7iQUxAuyUxUWoP45p8iW4xt5G4/pljdmkDl7Kw0kE=,iv:PSQTPeEp8DOQEI7/Fn3PAlKbDlxHqJEPuDRKGHewGDo=,tag:w7NXm6tUqnkGOJAquBtzeg==,type:str]
local_private_env: ENC[AES256_GCM,data:66Ii8OUAwROOyfSFAWhCdpq8OiTEwGqn6y51Tp3FnOYYuDepJmsh/ikBAkoowVUWf4F4RdABtauLCqOuRg==,iv:xZMtNffbdnbUbohcmr0ZprxdaeFNvp5VfHOyRh+hrhU=,tag:Tq+fo2QJxZvcMAE1oIudBA==,type:str] local_private_env: ENC[AES256_GCM,data:66Ii8OUAwROOyfSFAWhCdpq8OiTEwGqn6y51Tp3FnOYYuDepJmsh/ikBAkoowVUWf4F4RdABtauLCqOuRg==,iv:xZMtNffbdnbUbohcmr0ZprxdaeFNvp5VfHOyRh+hrhU=,tag:Tq+fo2QJxZvcMAE1oIudBA==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1xaaf9enkf669w0cfnlx4ksd9g2kvvkuskp4xw7x84x6u492ulquqfjez5s - recipient: age1xaaf9enkf669w0cfnlx4ksd9g2kvvkuskp4xw7x84x6u492ulquqfjez5s
enc: | enc: |
@ -15,8 +11,7 @@ sops:
eEtid0paSEttc3FLamFJZ2FWZDVQSGcKG8gAV8xuSyYUxbRJqC+2WcwsuLQ0/Ngv eEtid0paSEttc3FLamFJZ2FWZDVQSGcKG8gAV8xuSyYUxbRJqC+2WcwsuLQ0/Ngv
gFy5WVrDl61qq6MtI59ELHQiM6/Jv7x5Gv0Nmfy6q8ABtP6rSns/HA== gFy5WVrDl61qq6MtI59ELHQiM6/Jv7x5Gv0Nmfy6q8ABtP6rSns/HA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-03T16:37:52Z" lastmodified: "2026-03-22T23:30:59Z"
mac: ENC[AES256_GCM,data:c/cGUUlyWJIcJ4sgJEv2EhGvOcE73V953hrOVq3l2PX23mm01rQF5NzXJ0PrEc17kpAPrmnS5CK45KBuN+38WQW6WsCPN+gjzoYzyo6X3W+LaHcSwJd48gRfC/1FXjDvoz7l2o3nmyPncaAzqINTj7ccTzMwgHjrfRNVv+aVWXY=,iv:tV++nZK6zl3dP1Bf+rsB0ivpRZj3r2RCPSGQj19Wdfg=,tag:SbRcxjF57bKZvZ+zl/pBLA==,type:str] mac: ENC[AES256_GCM,data:dtdgENN1+zOOrDrF82VH5yIFs6F/Td65+G6JcoVVYuIKAnqtlDiaYLnJXfcqFl5wTXvY5J+4uPDh0dm0bGmTcxJITdapTr9CQNf+FQlKf5hm9U6CgHRp5EkQkZDtRIufirdhvFlWsU61Vv2qgt3AJnRD8VoIf8zhVDwwEpBLE48=,iv:bhsHBCMBiRHkRbi3IsDh91dqaKckCm8HhS7D0ZuhOVc=,tag:x+SfetIPvqLKzY4dTJUrwQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.12.1

51
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -1,4 +1,12 @@
{ inputs, config, lib, pkgs, username, ... }: { {
inputs,
config,
lib,
pkgs,
username,
...
}:
{
imports = [ imports = [
# SD card image # SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
@ -34,7 +42,7 @@
# Home # Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley"; "Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks # Public networks
"Gallery Row-GuestWiFi" = {}; "Gallery Row-GuestWiFi" = { };
"LocalTies Guest".pskRaw = "ext:psk_local_ties"; "LocalTies Guest".pskRaw = "ext:psk_local_ties";
}; };
secretsFile = "${config.sops.secrets.wifi_creds.path}"; secretsFile = "${config.sops.secrets.wifi_creds.path}";
@ -42,28 +50,29 @@
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (_final: super: {
makeModulesClosure = x: makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
super.makeModulesClosure (x // { allowMissing = true; });
}) })
]; ];
sdImage.compressImage = true; sdImage.compressImage = true;
services = { services = {
cage = let cage =
kioskProgram = pkgs.writeShellScript "kiosk.sh" '' let
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90 kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
/etc/profiles/per-user/gene/bin/chromium-browser WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
''; /etc/profiles/per-user/gene/bin/chromium-browser
in { '';
enable = true; in
program = kioskProgram; {
user = "gene"; enable = true;
environment = { program = kioskProgram;
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected user = "gene";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
}; };
};
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
enabledCollectors = [ enabledCollectors = [
@ -90,7 +99,7 @@
path = "${config.users.users.${username}.home}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
wifi_creds = { wifi_creds = {
sopsFile = ../../common/secrets.yaml; sopsFile = ../../../shared/secrets.yaml;
restartUnits = [ restartUnits = [
"wpa_supplicant.service" "wpa_supplicant.service"
]; ];
@ -108,7 +117,10 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
@ -118,4 +130,3 @@
memoryPercent = 90; memoryPercent = 90;
}; };
} }

3
modules/hosts/nixos/kiosk-gene-desk/home-gene.nix
View file

@ -1,4 +1,4 @@
{ ... }: { {
home.stateVersion = "24.11"; home.stateVersion = "24.11";
programs = { programs = {
@ -20,4 +20,3 @@
}; };
} }

16
modules/hosts/nixos/nixnas1/default.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, username, ... }: { {
config,
pkgs,
username,
...
}:
{
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../../system/common/linux/restic.nix ../../../shared/nixos/restic.nix
]; ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
@ -17,16 +23,16 @@
device = "nodev"; device = "nodev";
mirroredBoots = [ mirroredBoots = [
{ {
devices = ["/dev/disk/by-uuid/02A5-6FCC"]; devices = [ "/dev/disk/by-uuid/02A5-6FCC" ];
path = "/boot"; path = "/boot";
} }
{ {
devices = ["/dev/disk/by-uuid/02F1-B12D"]; devices = [ "/dev/disk/by-uuid/02F1-B12D" ];
path = "/boot-fallback"; path = "/boot-fallback";
} }
]; ];
}; };
supportedFilesystems = ["zfs"]; supportedFilesystems = [ "zfs" ];
zfs = { zfs = {
extraPools = [ "storage" ]; extraPools = [ "storage" ];
forceImportRoot = false; forceImportRoot = false;

3
modules/hosts/nixos/nixnas1/disk-config.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{ {
disko.devices = { disko.devices = {
disk = { disk = {
@ -124,4 +123,4 @@
}; # end zroot }; # end zroot
}; };
}; };
} }

78
modules/hosts/nixos/nixnas1/hardware-configuration.nix
View file

@ -1,46 +1,72 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot = {
boot.initrd.kernelModules = [ "nvme" ]; initrd = {
boot.kernelModules = [ "kvm-intel" ]; availableKernelModules = [
boot.extraModulePackages = [ ]; "ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
];
kernelModules = [ "nvme" ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = fileSystems = {
{ device = "zroot/root"; "/" = {
device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = "/nix" = {
{ device = "zroot/root/nix"; device = "zroot/root/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = "/home" = {
{ device = "zroot/root/home"; device = "zroot/root/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = "/boot" =
# { device = "/dev/disk/by-uuid/02A5-6FCC"; # { device = "/dev/disk/by-uuid/02A5-6FCC";
{ device = "/dev/disk/by-partlabel/disk-sdc-BOOT"; {
fsType = "vfat"; device = "/dev/disk/by-partlabel/disk-sdc-BOOT";
options = [ "fmask=0022" "dmask=0022" ]; fsType = "vfat";
}; options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/boot-fallback" = "/boot-fallback" =
# { device = "/dev/disk/by-uuid/02F1-B12D"; # { device = "/dev/disk/by-uuid/02F1-B12D";
{ device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK"; {
fsType = "vfat"; device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK";
options = [ "fmask=0022" "dmask=0022" ]; fsType = "vfat";
}; options = [
"fmask=0022"
"dmask=0022"
];
};
};
swapDevices = [ ]; swapDevices = [ ];

4
modules/hosts/nixos/nixnas1/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: { {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
} }

6
modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix
View file

@ -1,7 +1,9 @@
{ ... }: let _:
let
volume_base = "/var/lib/audiobookshelf"; volume_base = "/var/lib/audiobookshelf";
http_port = "13378"; http_port = "13378";
in { in
{
# Audiobookshelf # Audiobookshelf
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {

10
modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix
View file

@ -1,6 +1,8 @@
{ config, username, ... }: let { config, ... }:
let
volume_base = "/orico/mountain-mesh-bot-discord"; volume_base = "/orico/mountain-mesh-bot-discord";
in { in
{
# My mountain-mesh-bot-discord container # My mountain-mesh-bot-discord container
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@ -17,6 +19,8 @@ in {
sops.secrets.mtnmesh_bot_dot_env = { sops.secrets.mtnmesh_bot_dot_env = {
path = "${volume_base}/.env"; path = "${volume_base}/.env";
restartUnits = [ "${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}" ]; restartUnits = [
"${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}"
];
}; };
} }

7
modules/hosts/nixos/nixnuc/containers/psitransfer.nix
View file

@ -1,8 +1,10 @@
{ config, ... }: let { config, ... }:
let
volume_base = "/orico/psitransfer"; volume_base = "/orico/psitransfer";
http_port = "3000"; http_port = "3000";
psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}"; psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}";
in { in
{
############################################################################# #############################################################################
# My intent as of now is to only make this available to the outside world # # My intent as of now is to only make this available to the outside world #
@ -29,4 +31,3 @@ in {
}; };
}; };
} }

239
modules/hosts/nixos/nixnuc/default.nix
View file

@ -1,18 +1,25 @@
{ inputs, config, pkgs, username, ... }: let {
http_port = 80; inputs,
config,
pkgs,
username,
...
}:
let
https_port = 443; https_port = 443;
home_domain = "home.technicalissues.us"; home_domain = "home.technicalissues.us";
backend_ip = "127.0.0.1"; backend_ip = "127.0.0.1";
restic_backup_time = "02:00"; restic_backup_time = "02:00";
in { in
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./containers/audiobookshelf.nix ./containers/audiobookshelf.nix
./containers/mountain-mesh-bot-discord.nix ./containers/mountain-mesh-bot-discord.nix
./containers/psitransfer.nix ./containers/psitransfer.nix
./monitoring-stack.nix ./monitoring-stack.nix
../../common/linux/lets-encrypt.nix ../../../shared/nixos/lets-encrypt.nix
../../common/linux/restic.nix ../../../shared/nixos/restic.nix
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -31,7 +38,9 @@ in {
}; };
environment = { environment = {
sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
systemPackages = with pkgs; [ systemPackages = with pkgs; [
inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default
docker-compose docker-compose
@ -57,7 +66,7 @@ in {
intel-ocl # Generic OpenCL support intel-ocl # Generic OpenCL support
]; ];
}; };
mailserver = { mailserver = {
enable = true; enable = true;
enableImap = false; enableImap = false;
@ -81,26 +90,26 @@ in {
# Open ports in the firewall. # Open ports in the firewall.
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
22 # ssh 22 # ssh
80 # http to local Nginx 80 # http to local Nginx
443 # https to local Nginx 443 # https to local Nginx
3000 # PsiTransfer in oci-container 3000 # PsiTransfer in oci-container
3001 # immich-kiosk in compose 3001 # immich-kiosk in compose
3002 # grafana 3002 # grafana
3005 # Firefly III 3005 # Firefly III
3006 # Firefly III Data Importer 3006 # Firefly III Data Importer
3030 # Forgejo 3030 # Forgejo
3087 # Youtarr in docker compose 3087 # Youtarr in docker compose
8001 # Tube Archivist 8001 # Tube Archivist
8384 # Syncthing gui 8384 # Syncthing gui
8888 # Atuin 8888 # Atuin
8090 # Wallabag in docker compose 8090 # Wallabag in docker compose
8945 # Pinchflat 8945 # Pinchflat
13378 # Audiobookshelf in oci-container 13378 # Audiobookshelf in oci-container
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
1900 # Jellyfin service auto-discovery 1900 # Jellyfin service auto-discovery
7359 # Jellyfin auto-discovery 7359 # Jellyfin auto-discovery
]; ];
}; };
# Or disable the firewall altogether. # Or disable the firewall altogether.
@ -112,23 +121,24 @@ in {
networkmanager.enable = false; networkmanager.enable = false;
useNetworkd = true; useNetworkd = true;
vlans = { vlans = {
vlan23 = { id = 23; interface = "eno1"; }; vlan23 = {
id = 23;
interface = "eno1";
};
}; };
interfaces = { interfaces = {
eno1.useDHCP = true; eno1.useDHCP = true;
vlan23.ipv4.addresses = [{ address = "192.168.23.21"; prefixLength = 24; }]; vlan23.ipv4.addresses = [
{
address = "192.168.23.21";
prefixLength = 24;
}
];
}; };
}; };
# Enable sound with pipewire. # Enable sound with pipewire.
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.pulseaudio.enable = false;
programs = { programs = {
mtr.enable = true; mtr.enable = true;
@ -136,6 +146,13 @@ in {
# List services that you want to enable: # List services that you want to enable:
services = { services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
pulseaudio.enable = false;
atuin = { atuin = {
enable = true; enable = true;
host = "127.0.0.1"; host = "127.0.0.1";
@ -311,7 +328,11 @@ in {
"nix-tester.${home_domain}" "nix-tester.${home_domain}"
]; ];
listen = [ listen = [
{ port = https_port; addr = "0.0.0.0"; ssl = true; } {
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
]; ];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
@ -331,7 +352,13 @@ in {
}; };
}; };
"ab.${home_domain}" = { "ab.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -342,17 +369,41 @@ in {
''; '';
}; };
"atuin.${home_domain}" = { "atuin.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://${backend_ip}:8888"; locations."/".proxyPass = "http://${backend_ip}:8888";
}; };
# budget.${home_domain} # budget.${home_domain}
"${config.services.firefly-iii.virtualHost}".listen = [{ port = 3005; addr = "0.0.0.0"; ssl = false; }]; "${config.services.firefly-iii.virtualHost}".listen = [
"${config.services.firefly-iii-data-importer.virtualHost}".listen = [{ port = 3006; addr = "0.0.0.0"; ssl = false; }]; {
port = 3005;
addr = "0.0.0.0";
ssl = false;
}
];
"${config.services.firefly-iii-data-importer.virtualHost}".listen = [
{
port = 3006;
addr = "0.0.0.0";
ssl = false;
}
];
"git.${home_domain}" = { "git.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -362,7 +413,13 @@ in {
''; '';
}; };
"id.${home_domain}" = { "id.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -374,7 +431,13 @@ in {
''; '';
}; };
"immich.${home_domain}" = { "immich.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -388,7 +451,13 @@ in {
''; '';
}; };
"immich-kiosk.${home_domain}" = { "immich-kiosk.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -403,7 +472,13 @@ in {
''; '';
}; };
"jellyfin.${home_domain}" = { "jellyfin.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -428,7 +503,13 @@ in {
''; '';
}; };
"mealie.${home_domain}" = { "mealie.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -438,7 +519,13 @@ in {
''; '';
}; };
"monitoring.${home_domain}" = { "monitoring.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -469,7 +556,13 @@ in {
''; '';
}; };
"readit.${home_domain}" = { "readit.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -557,7 +650,7 @@ in {
secrets = { secrets = {
firefly_app_key = { firefly_app_key = {
owner = config.services.firefly-iii.user; owner = config.services.firefly-iii.user;
restartUnits = ["nginx.service"]; restartUnits = [ "nginx.service" ];
}; };
firefly_pat_data_import = { firefly_pat_data_import = {
owner = config.services.firefly-iii-data-importer.user; owner = config.services.firefly-iii-data-importer.user;
@ -582,7 +675,7 @@ in {
}; };
immich_kiosk_basic_auth = { immich_kiosk_basic_auth = {
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
restartUnits = ["nginx.service"]; restartUnits = [ "nginx.service" ];
}; };
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
@ -594,12 +687,12 @@ in {
}; };
mealie = { mealie = {
mode = "0444"; mode = "0444";
restartUnits = ["mealie.service"]; restartUnits = [ "mealie.service" ];
}; };
nextcloud_admin_pass.owner = config.users.users.nextcloud.name; nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
nginx_basic_auth = { nginx_basic_auth = {
owner = "nginx"; owner = "nginx";
restartUnits = ["nginx.service"]; restartUnits = [ "nginx.service" ];
}; };
tailscale_key = { tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ]; restartUnits = [ "tailscaled-autoconnect.service" ];
@ -610,38 +703,44 @@ in {
systemd.services = { systemd.services = {
jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
"mealie" = { "mealie" = {
requires = ["postgresql.service"]; requires = [ "postgresql.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
"nextcloud-setup" = { "nextcloud-setup" = {
requires = ["postgresql.service"]; requires = [ "postgresql.service" ];
after = ["postgresql.service"]; after = [ "postgresql.service" ];
}; };
}; };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "docker" "podman" "networkmanager" "wheel" ]; extraGroups = [
"docker"
"podman"
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
# Enable common container config files in /etc/containers # Enable common container config files in /etc/containers
virtualisation.containers.enable = true; virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";
# Compose based apps were crashing with podman compose, so back to Docker...
docker = {
enable = true;
package = pkgs.docker;
};
podman = {
enable = true;
autoPrune.enable = true;
#dockerCompat = true;
extraPackages = [ pkgs.zfs ]; # Required if the host is running ZFS
virtualisation.oci-containers.backend = "podman"; # Required for container networking to be able to use names.
defaultNetwork.settings.dns_enabled = true;
# Compose based apps were crashing with podman compose, so back to Docker... };
virtualisation.docker.enable = true;
virtualisation.docker.package = pkgs.docker;
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
#dockerCompat = true;
extraPackages = [ pkgs.zfs ]; # Required if the host is running ZFS
# Required for container networking to be able to use names.
defaultNetwork.settings.dns_enabled = true;
}; };
} }

54
modules/hosts/nixos/nixnuc/hardware-configuration.nix
View file

@ -1,42 +1,60 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; boot = {
boot.initrd.kernelModules = [ ]; initrd = {
boot.kernelModules = [ "kvm-intel" ]; availableKernelModules = [
boot.extraModulePackages = [ ]; "xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = fileSystems = {
{ device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0"; "/" = {
device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = "/boot" = {
{ device = "/dev/disk/by-uuid/4814-3E47"; device = "/dev/disk/by-uuid/4814-3E47";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/var/lib/audiobookshelf" = "/var/lib/audiobookshelf" = {
{ device = "orico/audiobookshelf"; device = "orico/audiobookshelf";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/postgresql" = "/var/lib/postgresql" = {
{ device = "orico/postgresql-data"; device = "orico/postgresql-data";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/postgresql/16/pg_wal" = "/var/lib/postgresql/16/pg_wal" = {
{ device = "orico/postgresql-wal-16"; device = "orico/postgresql-wal-16";
fsType = "zfs"; fsType = "zfs";
}; };
};
# Second disk inside case # Second disk inside case
#fileSystems."/var/lib/postgresql" = #fileSystems."/var/lib/postgresql" =

4
modules/hosts/nixos/nixnuc/home-gene.nix
View file

@ -1,3 +1,3 @@
{ ... }: { {
home.stateVersion = "23.11"; home.stateVersion = "23.11";
} }

111
modules/hosts/nixos/nixnuc/monitoring-stack.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let { config, pkgs, ... }:
let
home_domain = "home.technicalissues.us"; home_domain = "home.technicalissues.us";
in { in
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Keeping empty for manual testing if needed # Keeping empty for manual testing if needed
]; ];
@ -25,7 +27,7 @@ in {
# ---------------------------- # ----------------------------
victoriametrics = { victoriametrics = {
enable = true; enable = true;
stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix
package = pkgs.victoriametrics; package = pkgs.victoriametrics;
}; };
@ -47,21 +49,24 @@ in {
static_configs = [ static_configs = [
{ {
targets = [ targets = [
"127.0.0.1:9100" # nixnuc "127.0.0.1:9100" # nixnuc
"192.168.22.22:9100" # home assistant "192.168.22.22:9100" # home assistant
"umbrel:9100" "umbrel:9100"
]; ];
} }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__" "nodename"]; source_labels = [
"__name__"
"nodename"
];
regex = "node_uname_info;0d869efa-prometheus-node-exporter"; regex = "node_uname_info;0d869efa-prometheus-node-exporter";
target_label = "nodename"; target_label = "nodename";
replacement = "homeassistant"; replacement = "homeassistant";
} }
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -84,11 +89,11 @@ in {
{ {
job_name = "cadvisor"; job_name = "cadvisor";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:8081"]; } { targets = [ "127.0.0.1:8081" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -105,11 +110,11 @@ in {
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = ["127.0.0.1:9113"]; } { targets = [ "127.0.0.1:9113" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["__name__"]; source_labels = [ "__name__" ];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -128,7 +133,7 @@ in {
scrape_interval = "30s"; scrape_interval = "30s";
metrics_path = "/api/prometheus"; metrics_path = "/api/prometheus";
static_configs = [ static_configs = [
{ targets = ["192.168.22.22:8123"]; } { targets = [ "192.168.22.22:8123" ]; }
]; ];
bearer_token_file = config.sops.secrets.home_assistant_token.path; bearer_token_file = config.sops.secrets.home_assistant_token.path;
relabel_configs = [ relabel_configs = [
@ -145,7 +150,7 @@ in {
scheme = "https"; scheme = "https";
scrape_interval = "30s"; scrape_interval = "30s";
static_configs = [ static_configs = [
{ targets = ["utk.technicalissues.us"]; } { targets = [ "utk.technicalissues.us" ]; }
]; ];
basic_auth = { basic_auth = {
password_file = config.sops.secrets.uptimekuma_grafana_api_key.path; password_file = config.sops.secrets.uptimekuma_grafana_api_key.path;
@ -153,19 +158,19 @@ in {
}; };
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = ["monitor_hostname"]; source_labels = [ "monitor_hostname" ];
regex = "^null$"; regex = "^null$";
replacement = ""; replacement = "";
target_label = "monitor_hostname"; target_label = "monitor_hostname";
} }
{ {
source_labels = ["monitor_port"]; source_labels = [ "monitor_port" ];
regex = "^null$"; regex = "^null$";
replacement = ""; replacement = "";
target_label = "monitor_port"; target_label = "monitor_port";
} }
{ {
source_labels = ["monitor_url"]; source_labels = [ "monitor_url" ];
regex = "https:\/\/"; regex = "https:\/\/";
replacement = ""; replacement = "";
target_label = "monitor_url"; target_label = "monitor_url";
@ -211,17 +216,16 @@ in {
datasources.settings.datasources = [ datasources.settings.datasources = [
{ {
name = "VictoriaMetrics"; name = "VictoriaMetrics";
type = "victoriametrics-metrics-datasource"; type = "victoriametrics-metrics-datasource";
access = "proxy"; access = "proxy";
url = "http://127.0.0.1:8428"; url = "http://127.0.0.1:8428";
isDefault = true; isDefault = true;
uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules
} }
]; ];
}; };
settings = { settings = {
auth = { auth = {
# Set to true to disable (hide) the login form, useful if you use OAuth # Set to true to disable (hide) the login form, useful if you use OAuth
@ -229,36 +233,36 @@ in {
}; };
"auth.generic_oauth" = { "auth.generic_oauth" = {
name = "Pocket ID"; name = "Pocket ID";
enabled = true; enabled = true;
# Use Grafana's file reference syntax for secrets # Use Grafana's file reference syntax for secrets
client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}"; client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}";
client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}"; client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}";
auth_style = "AutoDetect"; auth_style = "AutoDetect";
scopes = "openid email profile groups"; scopes = "openid email profile groups";
auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize"; auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize";
token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token"; token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token";
allow_sign_up = true; allow_sign_up = true;
auto_login = true; auto_login = true;
name_attribute_path = "display_name"; name_attribute_path = "display_name";
login_attribute_path = "preferred_username"; login_attribute_path = "preferred_username";
email_attribute_name = "email:primary"; email_attribute_name = "email:primary";
email_attribute_path = "email"; email_attribute_path = "email";
role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'"; role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'";
role_attribute_strict = false; role_attribute_strict = false;
allow_assign_grafana_admin = true; allow_assign_grafana_admin = true;
skip_org_role_sync = false; skip_org_role_sync = false;
use_pkce = true; use_pkce = true;
use_refresh_token = false; use_refresh_token = false;
tls_skip_verify_insecure = false; tls_skip_verify_insecure = false;
}; };
# Database configuration - use PostgreSQL with peer authentication # Database configuration - use PostgreSQL with peer authentication
database = { database = {
type = "postgres"; type = "postgres";
host = "/run/postgresql"; # Use Unix socket instead of TCP host = "/run/postgresql"; # Use Unix socket instead of TCP
name = "grafana"; name = "grafana";
user = "grafana"; user = "grafana";
# No password needed - using peer authentication via Unix socket # No password needed - using peer authentication via Unix socket
@ -266,10 +270,10 @@ in {
# Server configuration # Server configuration
server = { server = {
domain = "monitoring.${home_domain}"; domain = "monitoring.${home_domain}";
http_addr = "0.0.0.0"; http_addr = "0.0.0.0";
http_port = 3002; http_port = 3002;
root_url = "https://monitoring.${home_domain}/grafana/"; root_url = "https://monitoring.${home_domain}/grafana/";
serve_from_sub_path = true; serve_from_sub_path = true;
}; };
@ -286,7 +290,7 @@ in {
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -332,7 +336,7 @@ in {
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = {}; users.groups.vmagent = { };
# ---------------------------- # ----------------------------
# Systemd service dependencies # Systemd service dependencies
@ -350,20 +354,20 @@ in {
secrets = { secrets = {
grafana_oauth_client_id = { grafana_oauth_client_id = {
owner = "grafana"; owner = "grafana";
restartUnits = ["grafana.service"]; restartUnits = [ "grafana.service" ];
}; };
grafana_oauth_client_secret = { grafana_oauth_client_secret = {
owner = "grafana"; owner = "grafana";
restartUnits = ["grafana.service"]; restartUnits = [ "grafana.service" ];
}; };
home_assistant_token = { home_assistant_token = {
owner = "vmagent"; owner = "vmagent";
restartUnits = ["vmagent.service"]; restartUnits = [ "vmagent.service" ];
}; };
uptimekuma_grafana_api_key = { uptimekuma_grafana_api_key = {
owner = "vmagent"; owner = "vmagent";
restartUnits = ["vmagent.service"]; restartUnits = [ "vmagent.service" ];
sopsFile = ../../common/secrets.yaml; sopsFile = ../../../shared/secrets.yaml;
}; };
}; };
}; };
@ -378,4 +382,3 @@ in {
]; ];
}; };
} }

8
modules/hosts/nixos/nixnuc/secrets.yaml
View file

@ -1,5 +1,5 @@
tailscale_key: ENC[AES256_GCM,data:d6Fgyr6SXhj3/rVu+KvNqHUODIH6aFqL+eKaITO7zRVhwrwRxcHVT901Ts8RjkMhZjWHOlC45AUBA/ZMFA==,iv:X22cerxp5Ak/nWTQAvy2/cN6zqfarg4mJhKmYAzeqIQ=,tag:b5jNpanzIYGaUEoTJzwh1g==,type:str] tailscale_key: ENC[AES256_GCM,data:d6Fgyr6SXhj3/rVu+KvNqHUODIH6aFqL+eKaITO7zRVhwrwRxcHVT901Ts8RjkMhZjWHOlC45AUBA/ZMFA==,iv:X22cerxp5Ak/nWTQAvy2/cN6zqfarg4mJhKmYAzeqIQ=,tag:b5jNpanzIYGaUEoTJzwh1g==,type:str]
local_git_config: ENC[AES256_GCM,data:P5a6cABRQOA5apaDHdDcTEyXFMbewO/G0Jx9JR7REEH9r32eKKN7lGSfw79oG2jrbrlTtAgSvrbCWx0xaMbiGON0164SKX3zU9whOgljNzgqxVI32KxeWHe9ljef/Gj9y4Q0zedKF4M93qv5CmeZKn6+mK0ltctZANdXbEI=,iv:Dh8JOHqxCJ82OVE8EW4XEaamZBZ+dn+OHi5bPx6ksDs=,tag:JqfHmsdATxfn1IeVSwV8iA==,type:str] local_git_config: ENC[AES256_GCM,data:Qw094T7+BVtYPxpJeXr2aaqYh6VDoiMlHS5UY9OkcqJxiiC1ST/Vv0c=,iv:H6eQX2Mxb1xC0MN+oWhnuZF04UuapKdqgN7vhiJF5gI=,tag:SbMJHxJgtj1CmDDitkCvIw==,type:str]
local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str] local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
firefly_app_key: ENC[AES256_GCM,data:sNaqRgFOSmdSS0lCmEG8Nxy/3N7F/hQyS6iPnwau3sQbm6zCL5j6qfuvJtMx7C5NePMW,iv:WT16cRGiDRaOjNwP8d0Ee71K9wTH2xOjGwj2osinF/8=,tag:MNaGAEDBPYJRsNJn7QTSaA==,type:str] firefly_app_key: ENC[AES256_GCM,data:sNaqRgFOSmdSS0lCmEG8Nxy/3N7F/hQyS6iPnwau3sQbm6zCL5j6qfuvJtMx7C5NePMW,iv:WT16cRGiDRaOjNwP8d0Ee71K9wTH2xOjGwj2osinF/8=,tag:MNaGAEDBPYJRsNJn7QTSaA==,type:str]
firefly_pat_data_import: ENC[AES256_GCM,data:mZ32gVaDZGEnpsu4HBHeIZ8UtkTQMrHNWp6iv1jOxsUNJlswWS0kU3IN/sVRWT734KcBGUnriWcXIFvZTx6KXhOjWdEYXyO+g9ws88CWCAguCssiPJI23XaDwMhaqjWRvauzPgjzGXdvg4pFs+myxui+MkLyqcv/ZOBoMt85Nn/M6xuMyyzzmalvTtovCgkja3LJDgxCK7AZoGkXK3X9v15ShHaAjM6mEYkSpONeprew+a7PfmPkM8ynMMOgdCQbRLf/34tLXnTer9qL/kz/Xt14PZsQ5+Fj+fxVwt08xv4FWi3VqUR9wL4Fs4G/yJQHUkDQXDcCk67+TgHxFnsYcxZw6k0ue8u1Ab1aDPyEhUD/UwyzTKyIjzCCIc8NBnst6o8kV62d6ei7dG4PWvNk8m2yNhZVlvoKEjmvZg0Bxv7xGniSimXpvTcMs18+mB0nOcYFUZJf6S0tolcClEDBEegwf0kD+p2F7jXsUjcJsaxqh9Xk215qbTi9iRVtQMWfPO8dCo4EC9vs7MFNmtJsGEp0WR2nwGFh7eIRbzug5+HC5OtUEGbmIUhLmTYnrohkJUKauMYALeYUS7j8GwFdfN0qT0N5r1d5OC/uOih2W5jWiMsOkNWKlaxZ/D1TOTYjLdcHCmIDlQHv9XVFUketsy6KPyg3XkmicKYq18xMi2pkWwGwDV0rd0aqHqRLTNfj3BoXI53eWSsZo8CKuUgWyXM4mIRy7yle2s52a2Idsc8/Zx42MmbWov3c5CNaQDjaseTSO8bv57U30GBY43UBJ4n+p6AIBnXQAN9d/YQ2Wvphe80ZdqyfHzTgj+6PEQKFXzs4KJDE83es/1+HVZdKehpUksenPeQ8UAxoIFtgFjdz6p9JBdXcuFhkWs6oAT96VQtkS6aHgOOUSTN2+H0Q/l6yvIvQB/QcI88r4BiU2vroGqzuVRCbgaXZqjUU06lS608gJOGqIe2a2bHbxwKU+SHEglTdDzRP4n02v8Ua5+BpcWVmhamEzd+8qhLEp/awYi9rd2Kc38T/vowsumLQAvfuZHUt8ySS1JEsyjrWsXQ/cfAiKMeTWkL7b2vEmvx30D8Acz68wDmXwxI/pWDKSe+jagegkmPWVnGQz7MATfApjIl4ZksDQH/O88WrYVF71YYfhA2Qpxr+2FHJ0F2kTPV6tv3QPcteJH4s8pVXvgpYZ050FL9/gJ+gB4rt23Lp0pGW+WEo6YenZ0plbWe4ixf8+U4he5eecGAlAYFEVYZnl6WKLLhX9/xMG9vNJODnUxF97csMPDYiGBhupT8dVk6+1ww=,iv:L0Ff7RYYOPqPeR81LJuTMZ5dsmeQrJtfO1e7Aei+tc4=,tag:wK5s7gRQNpk2aOnsIhtr2A==,type:str] firefly_pat_data_import: ENC[AES256_GCM,data:mZ32gVaDZGEnpsu4HBHeIZ8UtkTQMrHNWp6iv1jOxsUNJlswWS0kU3IN/sVRWT734KcBGUnriWcXIFvZTx6KXhOjWdEYXyO+g9ws88CWCAguCssiPJI23XaDwMhaqjWRvauzPgjzGXdvg4pFs+myxui+MkLyqcv/ZOBoMt85Nn/M6xuMyyzzmalvTtovCgkja3LJDgxCK7AZoGkXK3X9v15ShHaAjM6mEYkSpONeprew+a7PfmPkM8ynMMOgdCQbRLf/34tLXnTer9qL/kz/Xt14PZsQ5+Fj+fxVwt08xv4FWi3VqUR9wL4Fs4G/yJQHUkDQXDcCk67+TgHxFnsYcxZw6k0ue8u1Ab1aDPyEhUD/UwyzTKyIjzCCIc8NBnst6o8kV62d6ei7dG4PWvNk8m2yNhZVlvoKEjmvZg0Bxv7xGniSimXpvTcMs18+mB0nOcYFUZJf6S0tolcClEDBEegwf0kD+p2F7jXsUjcJsaxqh9Xk215qbTi9iRVtQMWfPO8dCo4EC9vs7MFNmtJsGEp0WR2nwGFh7eIRbzug5+HC5OtUEGbmIUhLmTYnrohkJUKauMYALeYUS7j8GwFdfN0qT0N5r1d5OC/uOih2W5jWiMsOkNWKlaxZ/D1TOTYjLdcHCmIDlQHv9XVFUketsy6KPyg3XkmicKYq18xMi2pkWwGwDV0rd0aqHqRLTNfj3BoXI53eWSsZo8CKuUgWyXM4mIRy7yle2s52a2Idsc8/Zx42MmbWov3c5CNaQDjaseTSO8bv57U30GBY43UBJ4n+p6AIBnXQAN9d/YQ2Wvphe80ZdqyfHzTgj+6PEQKFXzs4KJDE83es/1+HVZdKehpUksenPeQ8UAxoIFtgFjdz6p9JBdXcuFhkWs6oAT96VQtkS6aHgOOUSTN2+H0Q/l6yvIvQB/QcI88r4BiU2vroGqzuVRCbgaXZqjUU06lS608gJOGqIe2a2bHbxwKU+SHEglTdDzRP4n02v8Ua5+BpcWVmhamEzd+8qhLEp/awYi9rd2Kc38T/vowsumLQAvfuZHUt8ySS1JEsyjrWsXQ/cfAiKMeTWkL7b2vEmvx30D8Acz68wDmXwxI/pWDKSe+jagegkmPWVnGQz7MATfApjIl4ZksDQH/O88WrYVF71YYfhA2Qpxr+2FHJ0F2kTPV6tv3QPcteJH4s8pVXvgpYZ050FL9/gJ+gB4rt23Lp0pGW+WEo6YenZ0plbWe4ixf8+U4he5eecGAlAYFEVYZnl6WKLLhX9/xMG9vNJODnUxF97csMPDYiGBhupT8dVk6+1ww=,iv:L0Ff7RYYOPqPeR81LJuTMZ5dsmeQrJtfO1e7Aei+tc4=,tag:wK5s7gRQNpk2aOnsIhtr2A==,type:str]
@ -28,7 +28,7 @@ sops:
bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA== PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-01T03:12:35Z" lastmodified: "2026-03-22T23:27:45Z"
mac: ENC[AES256_GCM,data:2PCSk5RQfgsDkQwlujmrBw4yDOIypKBeW/MAF339OR2o77Dz4+YHbUjxoPHt84bpZDMNeUDAifQUoBrKqq66gBJU7CcF/A/dRGCw5xxkdGGEqIjOX+SpC4I+j0zfJ34Pc1BvmTtY32Ivb9njqKZtTj21KJGMB/NDdkgYrDkqY+g=,iv:TSh4Xlmu840HVPBRw+2D2NoDURkEusjwhUEVoL0YWvs=,tag:4K6sHya1LEOziB4zBo0QIg==,type:str] mac: ENC[AES256_GCM,data:ZR+AqF/6rF/A+36JLQenThy0eYSD1tHFPVrMBXdknZ/2FHNKBgtU4jdy2VE61bzj7MLOqi2eeA7OudY3QuAjVsQ9gn85AAkghyEThsmqhJPUHxhHzYt40mUVEE+rKmxkUBR8dMEIUg/yn07zzG96s/P5PV5OejW2ZEJ/oQwxIFI=,iv:CMQOg0fJnyxjQDISIeUWg3fQBHQVhpdtbOaJVp/ayKs=,tag:/d+tPluy8aV1hYK2w2t/Lw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.1

35
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -1,8 +1,15 @@
{ inputs, config, pkgs, username, ... }: { {
inputs,
config,
pkgs,
username,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../common/linux/flatpaks.nix ../../../shared/linux/flatpaks.nix
../../common/linux/ripping.nix ../../../shared/nixos/ripping.nix
]; ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
@ -14,7 +21,7 @@
}; };
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot= { systemd-boot = {
enable = true; enable = true;
consoleMode = "1"; consoleMode = "1";
}; };
@ -108,9 +115,13 @@
boinc.enable = true; boinc.enable = true;
bpftune.enable = true; bpftune.enable = true;
dbus.implementation = "broker"; dbus.implementation = "broker";
desktopManager.cosmic.enable = false; desktopManager = {
desktopManager.cosmic.xwayland.enable = false; cosmic = {
desktopManager.plasma6.enable = true; enable = false;
xwayland.enable = false;
};
plasma6.enable = true;
};
displayManager.cosmic-greeter.enable = false; displayManager.cosmic-greeter.enable = false;
displayManager.sddm = { displayManager.sddm = {
enable = true; enable = true;
@ -179,7 +190,15 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "adbusers" "dialout" "docker" "input" "networkmanager" "podman" "wheel" ]; extraGroups = [
"adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"podman"
"wheel"
];
packages = with pkgs; [ packages = with pkgs; [
tailscale-systray tailscale-systray
]; ];

6
modules/hosts/nixos/rainbow-planet/gnome.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnome.gnome-tweaks gnome.gnome-tweaks
gnome.nautilus gnome.nautilus
@ -15,7 +16,7 @@
gnome.gnome-keyring.enable = true; # Provides secret storage gnome.gnome-keyring.enable = true; # Provides secret storage
gvfs.enable = true; # Used by Nautilus gvfs.enable = true; # Used by Nautilus
xserver = { xserver = {
enable = true; # Enable the X11 windowing system. enable = true; # Enable the X11 windowing system.
# Configure keymap in X11 # Configure keymap in X11
xkb = { xkb = {
@ -33,4 +34,3 @@
}; };
}; };
} }

60
modules/hosts/nixos/rainbow-planet/hardware-configuration.nix
View file

@ -1,36 +1,56 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, pkgs, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
# boot.kernelPackages = pkgs.linuxPackages_zen;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "sg" ];
boot.kernelParams = [
"i915.enable_fbc=1"
"i915.enable_psr=2"
]; ];
boot.extraModulePackages = [ ];
fileSystems."/" = boot = {
{ device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c"; initrd = {
availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
# boot.kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
"sg"
];
kernelParams = [
"i915.enable_fbc=1"
"i915.enable_psr=2"
];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = "/boot" = {
{ device = "/dev/disk/by-uuid/924D-E7A4"; device = "/dev/disk/by-uuid/924D-E7A4";
fsType = "vfat"; fsType = "vfat";
}; };
};
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; } { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

31
modules/hosts/nixos/rainbow-planet/home-gene.nix
View file

@ -1,21 +1,24 @@
{ pkgs, ... }: { { pkgs, ... }:
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
imports = [ imports = [
../../common/all-gui.nix ../../../shared/home/general/all-gui.nix
../../common/linux/apps/hexchat.nix ../../../shared/home/linux/apps/hexchat.nix
../../common/linux/apps/pidgin.nix ../../../shared/home/linux/apps/pidgin.nix
../../common/linux/apps/tilix.nix ../../../shared/home/linux/apps/tilix.nix
../../common/linux/apps/waybar.nix ../../../shared/home/linux/apps/waybar.nix
../../common/linux/apps/xfce4-terminal.nix ../../../shared/home/linux/apps/xfce4-terminal.nix
]; ];
home.file = { home.file = {
".config/hypr/frappe.conf".source = (pkgs.fetchFromGitHub { ".config/hypr/frappe.conf".source =
owner = "catppuccin"; pkgs.fetchFromGitHub {
repo = "hyprland"; owner = "catppuccin";
rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be"; repo = "hyprland";
hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8="; rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be";
} + "/themes/frappe.conf"); hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8=";
}
+ "/themes/frappe.conf";
}; };
programs = { programs = {
@ -32,7 +35,7 @@
settings = { settings = {
global = { global = {
frame_color = "#8CAAEE"; frame_color = "#8CAAEE";
separator_color= "frame"; separator_color = "frame";
}; };
urgency_low = { urgency_low = {

0
modules/hosts/common/files/Microsoft.PowerShell_profile.ps1 → modules/shared/files/Microsoft.PowerShell_profile.ps1
View file

0
modules/hosts/common/files/nvim/lua/config/vim-options.lua → modules/shared/files/nvim/lua/config/vim-options.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/barbar.lua → modules/shared/files/nvim/lua/disabled/barbar.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/cheatsheet.lua → modules/shared/files/nvim/lua/disabled/cheatsheet.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/nvim-tree.lua → modules/shared/files/nvim/lua/disabled/nvim-tree.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/themes/dracula.lua → modules/shared/files/nvim/lua/disabled/themes/dracula.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/themes/gruvbox.lua → modules/shared/files/nvim/lua/disabled/themes/gruvbox.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/themes/kanagawa.lua → modules/shared/files/nvim/lua/disabled/themes/kanagawa.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/themes/oxocarbon.lua → modules/shared/files/nvim/lua/disabled/themes/oxocarbon.lua
View file

0
modules/hosts/common/files/nvim/lua/disabled/themes/tokyonight.lua → modules/shared/files/nvim/lua/disabled/themes/tokyonight.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/alpha.lua → modules/shared/files/nvim/lua/plugins/alpha.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/bufferline.lua → modules/shared/files/nvim/lua/plugins/bufferline.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/catppuccin.lua → modules/shared/files/nvim/lua/plugins/catppuccin.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/completions.lua → modules/shared/files/nvim/lua/plugins/completions.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/edgy.lua → modules/shared/files/nvim/lua/plugins/edgy.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/git-stuff.lua → modules/shared/files/nvim/lua/plugins/git-stuff.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/lsp-config.lua → modules/shared/files/nvim/lua/plugins/lsp-config.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/lualine.lua → modules/shared/files/nvim/lua/plugins/lualine.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/neo-tree.lua → modules/shared/files/nvim/lua/plugins/neo-tree.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/noice.lua → modules/shared/files/nvim/lua/plugins/noice.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/none-ls.lua → modules/shared/files/nvim/lua/plugins/none-ls.lua
View file

0
modules/hosts/common/files/nvim/lua/plugins/nvim-web-devicons.lua → modules/shared/files/nvim/lua/plugins/nvim-web-devicons.lua
View file

Some files were not shown because too many files have changed in this diff Show more