diff --git a/.gitattributes b/.gitattributes index 1917907..9f1cb3c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,2 @@ *.yaml diff=sopsdiffer -.pre-commit-config.yaml diff=default diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml deleted file mode 100644 index aca0e80..0000000 --- a/.github/workflows/validate.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Validate - -on: - pull_request: - -jobs: - validate: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: cachix/install-nix-action@v26 - with: - extra_nix_config: | - trusted-users = root @runner - - - name: Validate flake - run: nix flake show - - - name: Check formatting - run: nix fmt -- --ci . - - - name: Run deadnix - run: nix run nixpkgs#deadnix ./modules ./lib - - - name: Run statix - run: nix run nixpkgs#statix check -- . diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index 700ab74..0000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,26 +0,0 @@ -repos: - - repo: local - hooks: - - id: nixfmt - name: nixfmt - entry: nix - language: system - types: [nix] - pass_filenames: false - args: ["fmt"] - - - id: deadnix - name: deadnix - entry: deadnix - language: system - types: [nix] - args: ["./modules", "./lib"] - - - id: statix - name: statix - entry: statix - language: system - types: [nix] - pass_filenames: false - args: ["check", "."] - diff --git a/.sops.yaml b/.sops.yaml index bc2cfd3..6f2ac3b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -60,7 +60,7 @@ creation_rules: key_groups: - age: - *system_rainbow_planet - - path_regex: modules/shared/secrets.yaml$ + - path_regex: modules/hosts/common/secrets.yaml$ key_groups: - age: - *system_bigboy diff --git a/2024-12-rework/.gitignore b/2024-12-rework/.gitignore new file mode 100644 index 0000000..e370078 --- /dev/null +++ b/2024-12-rework/.gitignore @@ -0,0 +1,2 @@ +result/ +result diff --git a/2024-12-rework/configuration.nix b/2024-12-rework/configuration.nix new file mode 100644 index 0000000..5d52004 --- /dev/null +++ b/2024-12-rework/configuration.nix @@ -0,0 +1,25 @@ +{ inputs, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ]; + + system.stateVersion = "23.05"; + + boot = { + initrd.systemd = { + enable = true; + network.wait-online.enable = false; # Handled by NetworkManager + }; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot= { + enable = true; + consoleMode = "1"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + olm + ]; +} \ No newline at end of file diff --git a/2024-12-rework/flake.lock b/2024-12-rework/flake.lock new file mode 100644 index 0000000..49ad4fd --- /dev/null +++ b/2024-12-rework/flake.lock @@ -0,0 +1,183 @@ +{ + "nodes": { + "config": { + "locked": { + "dir": "templates/config", + "lastModified": 1719931926, + "narHash": "sha256-B8j9lHX0LqWlZkm8JxZRN6919RQjJEu/1J1SR8pU/ww=", + "owner": "stackbuilders", + "repo": "nixpkgs-terraform", + "rev": "034287ee462c87dadc14a94d4b53a48ed66c7b3d", + "type": "github" + }, + "original": { + "dir": "templates/config", + "owner": "stackbuilders", + "repo": "nixpkgs-terraform", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733050161, + "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "62d536255879be574ebfe9b87c4ac194febf47c5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1733120037, + "narHash": "sha256-En+gSoVJ3iQKPDU1FHrR6zIxSLXKjzKY+pnh9tt+Yts=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "f9f0d5c5380be0a599b1fb54641fa99af8281539", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-1_0": { + "locked": { + "lastModified": 1699291058, + "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", + "type": "github" + } + }, + "nixpkgs-1_6": { + "locked": { + "lastModified": 1712757991, + "narHash": "sha256-kR7C7Fqt3JP40h0mzmSZeWI5pk1iwqj4CSeGjnUbVHc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6b3ddd253c578a7ab98f8011e59990f21dc3932", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6b3ddd253c578a7ab98f8011e59990f21dc3932", + "type": "github" + } + }, + "nixpkgs-1_9": { + "locked": { + "lastModified": 1732617236, + "narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1722555339, + "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + } + }, + "nixpkgs-terraform": { + "inputs": { + "config": "config", + "flake-parts": "flake-parts", + "nixpkgs-1_0": "nixpkgs-1_0", + "nixpkgs-1_6": "nixpkgs-1_6", + "nixpkgs-1_9": "nixpkgs-1_9", + "systems": "systems" + }, + "locked": { + "lastModified": 1732844581, + "narHash": "sha256-BwHD1d6Bl5LL/HciTf+mQmBN3I3S6nYqcB+5BXVozNk=", + "owner": "stackbuilders", + "repo": "nixpkgs-terraform", + "rev": "b4db1b59d8f62cd37b6f9540e368d0e2627c4a2d", + "type": "github" + }, + "original": { + "owner": "stackbuilders", + "repo": "nixpkgs-terraform", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-terraform": "nixpkgs-terraform" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/2024-12-rework/flake.nix b/2024-12-rework/flake.nix new file mode 100644 index 0000000..394abbb --- /dev/null +++ b/2024-12-rework/flake.nix @@ -0,0 +1,30 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixpkgs-terraform = { + url = "github:stackbuilders/nixpkgs-terraform"; + # inputs.nixpkgs-1_6.follows = "nixpkgs"; + # inputs.nixpkgs-1_9.follows = "nixpkgs-unstable"; + }; + }; + + outputs = inputs: { + nixosConfigurations = { + rainbow-planet = inputs.nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ./nixpkgs-settings.nix + inputs.home-manager.nixosModules.home-manager + ]; + }; + }; + }; +} diff --git a/2024-12-rework/hardware-configuration.nix b/2024-12-rework/hardware-configuration.nix new file mode 100644 index 0000000..d3c51fe --- /dev/null +++ b/2024-12-rework/hardware-configuration.nix @@ -0,0 +1,44 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.kernelParams = [ + "i915.enable_fbc=1" + "i915.enable_psr=2" + ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/924D-E7A4"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/2024-12-rework/nixpkgs-settings.nix b/2024-12-rework/nixpkgs-settings.nix new file mode 100644 index 0000000..ec86e08 --- /dev/null +++ b/2024-12-rework/nixpkgs-settings.nix @@ -0,0 +1,9 @@ +{ inputs, ... }: { + nixpkgs = { + config = { + allowUnfree = true; + permittedInsecurePackages = [ "olm-3.2.16" "electron-27.3.11" ]; + }; + overlays = [ inputs.nixpkgs-terraform.overlays.default ]; + }; +} \ No newline at end of file diff --git a/README.md b/README.md index e79b751..b31041b 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,10 @@ # Dots -This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system. It also contains as much configruation as I can make work on other Linux distros such as Ubuntu. +This repo is a Nix flake that manages most of my setup on macOS and fully manages machines I have that run NixOS as their operating system. - [Flake structure](#flake-structure) -- [Formatting and CI](#formatting-and-ci) +- [Note](#note) +- [Repo structure](#repo-structure) - [Historical bits](#historical-bits) - [Adding a new macOS host](#adding-a-new-macos-host) - [Extras steps not done by Nix and/or Homebrew and/or mas](#extras-steps-not-done-by-nix-andor-homebrew-andor-mas) @@ -14,32 +15,102 @@ This repo is a Nix flake that manages most of my setup on macOS and fully manage - [Adding a NixOS host](#adding-a-nixos-host) - [Post-install](#post-install) + ## Flake structure -- `flake.nix` defines inputs, outputs, and instantiates host configurations via `lib/` functions -- `lib/` contains helper functions: - - `mkNixosHost` - constructs NixOS system configurations - - `mkDarwinHost` - constructs nix-darwin system configurations - - `mkHomeConfig` - constructs Home Manager configurations -- `modules/` contains Nix modules organized by type: - - `modules/shared/` - shared modules imported by multiple hosts - - `modules/shared/home/general/` - Home Manager config for all GUI users - - `modules/shared/home/linux/` - Home Manager config for Linux-specific apps - - `modules/shared/nixos/` - NixOS modules (i18n, flatpaks, restic, etc.) - - `modules/hosts/` - host-specific configurations - - `modules/hosts/nixos/` - NixOS host configs and hardware configs - - `modules/hosts/darwin/` - macOS host configs - - `modules/hosts/home-manager-only/` - Home Manager-only configs +> **RESTRUCTURING IN PROGRESS**: please note, I am restructuring this to remove a lot of complexity. This first pass is done and moves home manager bits into modules that have home in the name. Things that apply to everything under a part of the tree are in a corresponding `default.nix` -## Formatting and CI +The Nix bits are driven by `flake.nix` which pulls in things under `modules/`. Both Intel and Apple Silicon macOS are suppoted, as is NixOS. The flake is structured like so: -This repo uses the following tools for code quality: +- description: a human readable description of this flake +- inputs: all the places things are pulled from +- outputs: + - all the outputs from the inputs + - a `let` ... `in` block that contains: + - `darwinHostConfig` which takes a set of paramters as an attribute set and pulls in all the things needed to use Nix on a macOS host + - `mkNixosHost` which takes a set of parameters as an attribute set and pulls in all the things needed to configure a NixOS host + - `linuxHomeConfig` which takes a set of paramters as an attribute set and pulls in the things I manage on non-NixOS Linux hosts + - the body of outputs that contains: + - `darwinConfigurations` contains is an attribute set that contains keys named for each macOS host set to the results of a call to `darwinHostConfig` with values for each of the required parameters + - `nixosConfigurations` contains is an attribute set that contains keys named for each NixOS host set to the results of a call to `darwinHostConfig` with values for each of the required parameters + - `homeConfigurations` contains an entry for each username set to the results of a call to `linuxHomeConfig` with values for each of the required parameters -- **nixfmt** - Formats Nix files. Run `nix fmt .` to format all files. -- **deadnix** - Finds unused code in Nix files. -- **statix** - Checks Nix code for common issues and style problems. +The parameters on `darwinHostConfig` & `mkNixosHost` are: -Pre-commit hooks are configured in `.pre-commit-config.yaml` and run automatically before commits. CI validation is defined in `.github/workflows/validate.yml`. +- `system:` the system definition to use for nixpkgs +- `hostname:` the hostname of the machine being configured +- `username:` the username being configured on the host (all code currently assumes there is a single human user managed by Nix) +- `additionalModules:` any nix modules that are desired to supplement the default for the host. An example use case for this is adding in the hardware specific module from `nixos-hardware`. +- `additionalSpecialArgs:` any supplemental arguments to be passed to `specialArgs`. + +The parameters on `linxuHomeConfig` are the same as the above. + +## Note + +> All the bits below here are useful, but may be slightly outdated... I have not done a good job of keeping them updated. + +## Repo structure + +The Nix stuff is structured like so, at least for now: + +```bash +$ tree . -I legacy* -I link* --gitignore --dirsfirst +. +├── modules +│   ├── home-manager +│   │   ├── common +│   │   │   ├── linux-apps +│   │   │   │   ├── tilix.nix +│   │   │   │   ├── waybar.nix +│   │   │   │   └── xfce4-terminal.nix +│   │   │   ├── all-cli.nix +│   │   │   ├── all-darwin.nix +│   │   │   ├── all-gui.nix +│   │   │   └── all-linux.nix +│   │   ├── files +│   │   │   ├── tilix +│   │   │   │   └── Beanbag-Mathias.json +│   │   │   ├── waybar +│   │   │   │   ├── config +│   │   │   │   └── style.css +│   │   │   ├── xfce4 +│   │   │   │   └── terminal +│   │   │   │   ├── accels.scm +│   │   │   │   └── terminalrc +│   │   │   └── Microsoft.PowerShell_profile.ps1 +│   │   └── hosts +│   │   ├── Blue-Rock +│   │   │   └── gene.liverman.nix +│   │   ├── nixnuc +│   │   │   └── gene.nix +│   │   └── rainbow-planet +│   │   └── gene.nix +│   ├── hosts +│   │   ├── darwin +│   │   │   └── Blue-Rock +│   │   │   └── default.nix +│   │   └── nixos +│   │   ├── nixnuc +│   │   │   ├── default.nix +│   │   │   └── hardware-configuration.nix +│   │   └── rainbow-planet +│   │   ├── default.nix +│   │   └── hardware-configuration.nix +│   └── system +│   └── common +│   ├── linux +│   │   └── internationalisation.nix +│   ├── all-darwin.nix +│   └── all-nixos.nix +├── LICENSE +├── README.md +├── Vagrantfile +├── flake.lock +└── flake.nix + +23 directories, 29 files + +``` ## Historical bits diff --git a/examples/flake-structure.nix b/examples/flake-structure.nix index 5575f26..b47d1a5 100644 --- a/examples/flake-structure.nix +++ b/examples/flake-structure.nix @@ -1,46 +1,49 @@ { - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; - home-manager.url = "github:nix-community/home-manager"; - nix-darwin.url = "github:lnl7/nix-darwin"; - nixos-hardware.url = "github:NixOS/nixos-hardware"; - }; + inputs = {}; + outputs = inputs@{}: let + darwinHostConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: + nix-darwin.lib.darwinSystem { }; - outputs = - inputs@{ self, ... }: - let - # Import helper functions from lib/ - localLib = import ./lib { inherit inputs; }; - in - { - # Darwin (macOS) hosts - darwinConfigurations = { - mightymac = localLib.mkDarwinHost { - system = "aarch64-darwin"; - hostname = "mightymac"; - username = "gene.liverman"; - }; - }; + mkNixosHost = { system, hostname, username, additionalModules, additionalSpecialArgs }: + nixpkgs.lib.nixosSystem { }; + + linuxHomeConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: + home-manager.lib.homeManagerConfiguration { }; - # NixOS hosts - nixosConfigurations = { - rainbow-planet = localLib.mkNixosHost { - system = "x86_64-linux"; - hostname = "rainbow-planet"; - username = "gene"; - additionalModules = [ - inputs.nixos-hardware.nixosModules.dell-xps-13-9360 - ]; - }; - }; - - # Home Manager (only) users - homeConfigurations = { - gene = localLib.mkHomeConfig { - system = "x86_64-linux"; - homeDirectory = "/home/gene"; - username = "gene"; - }; + in { + # Darwin (macOS) hosts + darwinConfigurations = { + mightymac = darwinHostConfig { + system = "aarch64-darwin"; + hostname = "mightymac"; + username = "gene.liverman"; + additionalModules = []; + additionalSpecialArgs = {}; }; }; -} + + # NixOS hosts + nixosConfigurations = { + rainbow-planet = mkNixosHost { + system = "x86_64-linux"; + hostname = "rainbow-planet"; + username = "gene"; + additionalModules = [ + nixos-hardware.nixosModules.dell-xps-13-9360 + ]; + additionalSpecialArgs = {}; + }; + }; + + # Home Manager (only) users + homeConfigurations = { + gene = linuxHomeConfig { + system = "x86_64-linux"; + hostname = "mini-watcher"; + username = "gene"; + additionalModules = []; + additionalSpecialArgs = {}; + }; + }; + }; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 5a68804..b906cdf 100644 --- a/flake.lock +++ b/flake.lock @@ -69,27 +69,6 @@ "type": "github" } }, - "deadnix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1764114543, - "narHash": "sha256-+C39E8qmGODT6eB0rhE/VX+DcekXW/Xww5IL/xlERNY=", - "owner": "astro", - "repo": "deadnix", - "rev": "d590041677add62267bef35ddec63cd9402d3505", - "type": "github" - }, - "original": { - "owner": "astro", - "repo": "deadnix", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -97,11 +76,11 @@ ] }, "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", + "lastModified": 1773025010, + "narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", "owner": "nix-community", "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", + "rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", "type": "github" }, "original": { @@ -132,28 +111,6 @@ "type": "github" } }, - "fenix_2": { - "inputs": { - "nixpkgs": [ - "statix", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src_2" - }, - "locked": { - "lastModified": 1645251813, - "narHash": "sha256-cQ66tGjnZclBCS3nD26mZ5fUH+3/HnysGffBiWXUSHk=", - "owner": "nix-community", - "repo": "fenix", - "rev": "9892337b588c38ec59466a1c89befce464aae7f8", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -189,11 +146,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -287,11 +244,11 @@ ] }, "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -351,11 +308,11 @@ ] }, "locked": { - "lastModified": 1773963144, - "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=", + "lastModified": 1772985280, + "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", "owner": "nix-community", "repo": "home-manager", - "rev": "a91b3ea73a765614d90360580b689c48102d1d33", + "rev": "8f736f007139d7f70752657dff6a401a585d6cbc", "type": "github" }, "original": { @@ -374,11 +331,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1773726513, - "narHash": "sha256-0Qxa98QMOrE48quqNmE6vFatfZ94hPUF2CQ2cI8Hkow=", + "lastModified": 1772680513, + "narHash": "sha256-zwVeM1TgfwMIq026uln9hqcCIINsLv6jEjztPqx0q+U=", "owner": "numtide", "repo": "nix-auth", - "rev": "8d0466addaf3318af68d8299a8981bb04a873597", + "rev": "77c07e9a107972dd2170da6da9ed1e73e65c4a4a", "type": "github" }, "original": { @@ -507,11 +464,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1774018263, - "narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=", + "lastModified": 1772972630, + "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2d4b4717b2534fad5c715968c1cece04a172b365", + "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72", "type": "github" }, "original": { @@ -554,11 +511,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1773840656, - "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", + "lastModified": 1772956932, + "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", + "rev": "608d0cadfed240589a7eea422407a547ad626a14", "type": "github" }, "original": { @@ -586,11 +543,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1773964973, - "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=", + "lastModified": 1773068389, + "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25", + "rev": "44bae273f9f82d480273bab26f5c50de3724f52f", "type": "github" }, "original": { @@ -658,11 +615,11 @@ ] }, "locked": { - "lastModified": 1774233120, - "narHash": "sha256-txGwTNKNYQT1rFPkxd6imEvQ03SmIyKAXNBaYtB3Jes=", + "lastModified": 1773203147, + "narHash": "sha256-16q/JVUUM8SqeDY4rmM7wt53dXj2dPeBIfGPVP9/NOo=", "owner": "genebean", "repo": "private-flake", - "rev": "45fca86f711966ee29add03027ee3ffc48992110", + "rev": "510a9214433b56fde82cd572063b99ec9a32eb7f", "type": "github" }, "original": { @@ -674,7 +631,6 @@ "root": { "inputs": { "compose2nix": "compose2nix", - "deadnix": "deadnix", "disko": "disko", "flox": "flox", "genebean-omp-themes": "genebean-omp-themes", @@ -689,8 +645,7 @@ "nixpkgs-unstable": "nixpkgs-unstable", "private-flake": "private-flake", "simple-nixos-mailserver": "simple-nixos-mailserver", - "sops-nix": "sops-nix", - "statix": "statix" + "sops-nix": "sops-nix" } }, "rust-analyzer-src": { @@ -710,23 +665,6 @@ "type": "github" } }, - "rust-analyzer-src_2": { - "flake": false, - "locked": { - "lastModified": 1645205556, - "narHash": "sha256-e4lZW3qRyOEJ+vLKFQP7m2Dxh5P44NrnekZYLxlucww=", - "owner": "rust-analyzer", - "repo": "rust-analyzer", - "rev": "acf5874b39f3dc5262317a6074d9fc7285081161", - "type": "github" - }, - "original": { - "owner": "rust-analyzer", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -758,11 +696,11 @@ ] }, "locked": { - "lastModified": 1773912645, - "narHash": "sha256-QHzRqq6gh+t3F/QU9DkP7X63dDDcuIQmaDz12p7ANTg=", + "lastModified": 1766537863, + "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "25e6dbb8fca3b6e779c5a46fd03bd760b2165bb5", + "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d", "type": "gitlab" }, "original": { @@ -779,11 +717,11 @@ ] }, "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", + "lastModified": 1773096132, + "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", "owner": "mic92", "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", + "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", "type": "github" }, "original": { @@ -792,52 +730,16 @@ "type": "github" } }, - "statix": { - "inputs": { - "fenix": "fenix_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1676888642, - "narHash": "sha256-C73LOMVVCkeL0jA5xN7klLEDEB4NkuiATEJY4A/tIyM=", - "owner": "astro", - "repo": "statix", - "rev": "3c7136a23f444db252a556928c1489869ca3ab4e", - "type": "github" - }, - "original": { - "owner": "astro", - "repo": "statix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1773297127, - "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { @@ -845,24 +747,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6492435..c21312c 100644 --- a/flake.nix +++ b/flake.nix @@ -8,13 +8,7 @@ compose2nix = { url = "github:aksiksi/compose2nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # Linting and formatting - deadnix = { - url = "github:astro/deadnix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows ="nixpkgs"; }; # Format disks with nix-config @@ -85,120 +79,122 @@ # Secrets managemnt sops-nix = { url = "github:mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # Linting and formatting - statix = { - url = "github:astro/statix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows ="nixpkgs"; }; }; # end inputs - outputs = - inputs@{ self, nixpkgs, ... }: - let - # Functions that setup systems - localLib = import ./lib { inherit inputs; }; - forAllSystems = nixpkgs.lib.genAttrs [ - "x86_64-linux" - "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" - ]; - in - { - formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-tree); + outputs = inputs@{ self, ... }: let + # Functions that setup systems + localLib = import ./lib { inherit inputs; }; - # Darwin (macOS) hosts - darwinConfigurations = { - AirPuppet = localLib.mkDarwinHost { - system = "x86_64-darwin"; - hostname = "AirPuppet"; + linuxHomeConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: inputs.home-manager.lib.homeManagerConfiguration { + extraSpecialArgs = { inherit inputs hostname username; + pkgs = import inputs.nixpkgs { + inherit system; + config = { + allowUnfree = true; + permittedInsecurePackages = [ "olm-3.2.16" "electron-21.4.4" ]; + }; }; - Blue-Rock = localLib.mkDarwinHost { - system = "x86_64-darwin"; - hostname = "Blue-Rock"; - username = "gene.liverman"; - }; - mightymac = localLib.mkDarwinHost { - hostname = "mightymac"; - username = "gene.liverman"; - }; - }; # end darwinConfigurations + } // additionalSpecialArgs; + modules = [ + ./modules/home-manager/hosts/${hostname}/${username}.nix + { + home = { + username = "${username}"; + homeDirectory = "/home/${username}"; + }; + } + inputs.sops-nix.homeManagerModules.sops + ] ++ additionalModules; + }; # end homeManagerConfiguration - # NixOS hosts - nixosConfigurations = { - bigboy = localLib.mkNixosHost { - hostname = "bigboy"; - additionalModules = [ - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52 - ]; - }; - hetznix01 = localLib.mkNixosHost { - hostname = "hetznix01"; - additionalModules = [ - inputs.private-flake.nixosModules.private.hetznix01 - ]; - }; - hetznix02 = localLib.mkNixosHost { - system = "aarch64-linux"; - hostname = "hetznix02"; - additionalModules = [ - # inputs.simple-nixos-mailserver.nixosModule - ]; - }; - kiosk-entryway = localLib.mkNixosHost { - # Lenovo IdeaCentre Q190 - hostname = "kiosk-entryway"; - }; - kiosk-gene-desk = localLib.mkNixosHost { - system = "aarch64-linux"; - hostname = "kiosk-gene-desk"; - additionalModules = [ - inputs.nixos-hardware.nixosModules.raspberry-pi-4 - ]; - }; - nixnas1 = localLib.mkNixosHost { - hostname = "nixnas1"; - additionalModules = [ - inputs.simple-nixos-mailserver.nixosModule - ]; - }; - nixnuc = localLib.mkNixosHost { - hostname = "nixnuc"; - additionalModules = [ - inputs.simple-nixos-mailserver.nixosModule - ]; - }; - # This machines is currently running Ubuntu and - # configured with home-manager only. - # - #rainbow-planet = localLib.mkNixosHost { - # hostname = "rainbow-planet"; - # additionalModules = [ - # inputs.nixos-cosmic.nixosModules.default - # inputs.nixos-hardware.nixosModules.dell-xps-13-9360 - # ]; - #}; - }; # end nixosConfigurations + in { + # Darwin (macOS) hosts + darwinConfigurations = { + AirPuppet = localLib.mkDarwinHost { + system = "x86_64-darwin"; + hostname = "AirPuppet"; + }; + Blue-Rock = localLib.mkDarwinHost { + system = "x86_64-darwin"; + hostname = "Blue-Rock"; + username = "gene.liverman"; + }; + mightymac = localLib.mkDarwinHost { + hostname = "mightymac"; + username = "gene.liverman"; + }; + }; # end darwinConfigurations - # Home Manager (only) users - homeConfigurations = { - gene-x86_64-linux = localLib.mkHomeConfig { - homeDirectory = "/home/gene"; - username = "gene"; - system = "x86_64-linux"; - }; + # NixOS hosts + nixosConfigurations = { + bigboy = localLib.mkNixosHost { + hostname = "bigboy"; + additionalModules = [ + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52 + ]; + }; + hetznix01 = localLib.mkNixosHost { + hostname = "hetznix01"; + additionalModules = [ + inputs.private-flake.nixosModules.private.hetznix01 + ]; + }; + hetznix02 = localLib.mkNixosHost { + system = "aarch64-linux"; + hostname = "hetznix02"; + additionalModules = [ + # inputs.simple-nixos-mailserver.nixosModule + ]; + }; + kiosk-entryway = localLib.mkNixosHost { + # Lenovo IdeaCentre Q190 + hostname = "kiosk-entryway"; + }; + kiosk-gene-desk = localLib.mkNixosHost { + system = "aarch64-linux"; + hostname = "kiosk-gene-desk"; + additionalModules = [ + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + ]; + }; + nixnas1 = localLib.mkNixosHost { + hostname = "nixnas1"; + additionalModules = [ + inputs.simple-nixos-mailserver.nixosModule + ]; + }; + nixnuc = localLib.mkNixosHost { + hostname = "nixnuc"; + additionalModules = [ + inputs.simple-nixos-mailserver.nixosModule + ]; + }; + rainbow-planet = localLib.mkNixosHost { + hostname = "rainbow-planet"; + additionalModules = [ + inputs.nixos-cosmic.nixosModules.default + inputs.nixos-hardware.nixosModules.dell-xps-13-9360 + ]; + }; + }; # end nixosConfigurations - gene-aarch64-linux = localLib.mkHomeConfig { - homeDirectory = "/home/gene"; - username = "gene"; - system = "aarch64-linux"; - }; - }; # end homeConfigurations + # Home Manager (only) users + homeConfigurations = { + gene-x86_64-linux = localLib.mkHomeConfig { + homeDirectory = "/home/gene"; + username = "gene"; + system = "x86_64-linux"; + }; - packages.aarch64-linux.kiosk-gene-desk-sdImage = - self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage; - }; + gene-aarch64-linux = localLib.mkHomeConfig { + homeDirectory = "/home/gene"; + username = "gene"; + system = "aarch64-linux"; + }; + }; # end homeConfigurations + + packages.aarch64-linux.kiosk-gene-desk-sdImage = self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage; + }; } diff --git a/lib/default.nix b/lib/default.nix index 3d7d901..5d79385 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,10 +1,8 @@ -{ inputs, ... }: -let +{ inputs, ... }: let mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; }; mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; }; mkNixosHost = import ./mkNixosHost.nix { inherit inputs; }; -in -{ +in { inherit (mkDarwinHost) mkDarwinHost; inherit (mkHomeConfig) mkHomeConfig; inherit (mkNixosHost) mkNixosHost; diff --git a/lib/mkDarwinHost.nix b/lib/mkDarwinHost.nix index 02c0236..bdcd92a 100644 --- a/lib/mkDarwinHost.nix +++ b/lib/mkDarwinHost.nix @@ -1,50 +1,41 @@ -{ inputs, ... }: -{ - mkDarwinHost = - { - system ? "aarch64-darwin", - hostname, - username ? "gene", - additionalModules ? [ ], - additionalSpecialArgs ? { }, - }: - inputs.nix-darwin.lib.darwinSystem { - inherit system; - specialArgs = { - inherit inputs hostname username; +{ inputs, ... }: { + mkDarwinHost = { + system ? "aarch64-darwin", + hostname, + username ? "gene", + additionalModules ? [], + additionalSpecialArgs ? {} + }: inputs.nix-darwin.lib.darwinSystem { + inherit system; + specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs; + modules = [ + ./nixpkgs-settings.nix + + inputs.nix-homebrew.darwinModules.nix-homebrew { + nix-homebrew = { + enable = true; # Install Homebrew under the default prefix + user = "${username}"; # User owning the Homebrew prefix + autoMigrate = true; # Automatically migrate existing Homebrew installations + }; } - // additionalSpecialArgs; - modules = [ - ./nixpkgs-settings.nix - inputs.nix-homebrew.darwinModules.nix-homebrew - { - nix-homebrew = { - enable = true; # Install Homebrew under the default prefix - user = "${username}"; # User owning the Homebrew prefix - autoMigrate = true; # Automatically migrate existing Homebrew installations - }; - } + inputs.home-manager.darwinModules.home-manager { + home-manager = { + extraSpecialArgs = { inherit inputs username; }; + useGlobalPkgs = true; + useUserPackages = true; + users.${username}.imports = [ + inputs.sops-nix.homeManagerModule # user-level secrets management + ../modules/hosts/common + ../modules/hosts/common/all-gui.nix + ../modules/hosts/darwin/home.nix + ../modules/hosts/darwin/${hostname}/home-${username}.nix + ]; + }; + } - inputs.home-manager.darwinModules.home-manager - { - home-manager = { - extraSpecialArgs = { inherit inputs username; }; - useGlobalPkgs = true; - useUserPackages = true; - users.${username}.imports = [ - inputs.sops-nix.homeManagerModule # user-level secrets management - ../modules/shared/home/general - ../modules/shared/home/general/all-gui.nix - ../modules/hosts/darwin/home.nix - ../modules/hosts/darwin/${hostname}/home-${username}.nix - ]; - }; - } - - ../modules/hosts/darwin # system-wide stuff - ../modules/hosts/darwin/${hostname} # host specific stuff - ] - ++ additionalModules; # end modules - }; # end darwinSystem + ../modules/hosts/darwin # system-wide stuff + ../modules/hosts/darwin/${hostname} # host specific stuff + ] ++ additionalModules; # end modules + }; # end darwinSystem } diff --git a/lib/mkHomeConfig.nix b/lib/mkHomeConfig.nix index f71a7b7..f4ef0cf 100644 --- a/lib/mkHomeConfig.nix +++ b/lib/mkHomeConfig.nix @@ -1,41 +1,29 @@ -{ inputs, ... }: -{ - mkHomeConfig = - { - homeDirectory, - system, - username, - }: - inputs.home-manager.lib.homeManagerConfiguration { - extraSpecialArgs = { - inherit - inputs - homeDirectory - system - username - ; - }; +{ inputs, ... }: { + mkHomeConfig = { + homeDirectory, + system, + username, + }: inputs.home-manager.lib.homeManagerConfiguration { + extraSpecialArgs = { inherit inputs homeDirectory system username; }; - pkgs = inputs.nixpkgs.legacyPackages.${system}; + pkgs = inputs.nixpkgs.legacyPackages.${system}; - # Specify your home configuration modules here, for example, - # the path to your home.nix. - modules = [ - ./nixpkgs-settings.nix - ../modules/hosts/home-manager-only - ../modules/hosts/home-manager-only/home-${username}.nix - ../modules/shared/home/general - ../modules/shared/linux/flatpaks.nix + # Specify your home configuration modules here, for example, + # the path to your home.nix. + modules = [ + ./nixpkgs-settings.nix + ../modules/hosts/common + ../modules/hosts/home-manager-only + ../modules/hosts/home-manager-only/home-${username}.nix - { - home = { - username = "${username}"; - homeDirectory = "${homeDirectory}"; - }; - } + { + home = { + username = "${username}"; + homeDirectory = "${homeDirectory}"; + }; + } - inputs.nix-flatpak.homeManagerModules.nix-flatpak - inputs.sops-nix.homeManagerModules.sops - ]; - }; -} + inputs.sops-nix.homeManagerModules.sops + ]; + }; +} \ No newline at end of file diff --git a/lib/mkNixosHost.nix b/lib/mkNixosHost.nix index 9d4a35b..68b050b 100644 --- a/lib/mkNixosHost.nix +++ b/lib/mkNixosHost.nix @@ -1,44 +1,36 @@ -{ inputs, ... }: -{ - mkNixosHost = - { - system ? "x86_64-linux", - hostname, - username ? "gene", - additionalModules ? [ ], - additionalSpecialArgs ? { }, - }: - inputs.nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs hostname username; +{ inputs, ... }: { + mkNixosHost = { + system ? "x86_64-linux", + hostname, + username ? "gene", + additionalModules ? [], + additionalSpecialArgs ? {} + }: inputs.nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs; + modules = [ + ./nixpkgs-settings.nix + + inputs.disko.nixosModules.disko + + inputs.home-manager.nixosModules.home-manager { + home-manager = { + extraSpecialArgs = { inherit inputs hostname username; }; + useGlobalPkgs = true; + useUserPackages = true; + users.${username}.imports = [ + ../modules/hosts/common + ../modules/hosts/common/linux/home.nix + ../modules/hosts/nixos/${hostname}/home-${username}.nix + ]; + }; } - // additionalSpecialArgs; - modules = [ - ./nixpkgs-settings.nix - inputs.disko.nixosModules.disko - - inputs.home-manager.nixosModules.home-manager - { - home-manager = { - extraSpecialArgs = { inherit inputs hostname username; }; - useGlobalPkgs = true; - useUserPackages = true; - users.${username}.imports = [ - ../modules/shared/home/general - ../modules/shared/home/linux - ../modules/hosts/nixos/${hostname}/home-${username}.nix - ]; - }; - } - - inputs.nix-flatpak.nixosModules.nix-flatpak - inputs.private-flake.nixosModules.private.ssh-keys - inputs.sops-nix.nixosModules.sops # system wide secrets management - ../modules/hosts/nixos # system-wide stuff - ../modules/hosts/nixos/${hostname} # host specific stuff - ] - ++ additionalModules; - }; + inputs.nix-flatpak.nixosModules.nix-flatpak + inputs.private-flake.nixosModules.private.ssh-keys + inputs.sops-nix.nixosModules.sops # system wide secrets management + ../modules/hosts/nixos # system-wide stuff + ../modules/hosts/nixos/${hostname} # host specific stuff + ] ++ additionalModules; + }; } diff --git a/lib/nixpkgs-settings.nix b/lib/nixpkgs-settings.nix index bd0c8c9..6255854 100644 --- a/lib/nixpkgs-settings.nix +++ b/lib/nixpkgs-settings.nix @@ -1,4 +1,4 @@ -{ +{ inputs, ... }: { nixpkgs = { config = { allowUnfree = true; diff --git a/modules/shared/home/general/all-gui.nix b/modules/hosts/common/all-gui.nix similarity index 91% rename from modules/shared/home/general/all-gui.nix rename to modules/hosts/common/all-gui.nix index fe6406c..0a5f3f1 100644 --- a/modules/shared/home/general/all-gui.nix +++ b/modules/hosts/common/all-gui.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { home.packages = with pkgs; [ esptool ]; diff --git a/modules/shared/home/general/default.nix b/modules/hosts/common/default.nix similarity index 82% rename from modules/shared/home/general/default.nix rename to modules/hosts/common/default.nix index e5a8314..80d0f93 100644 --- a/modules/shared/home/general/default.nix +++ b/modules/hosts/common/default.nix @@ -1,92 +1,62 @@ -{ - config, - inputs, - pkgs, - ... -}: -let - sqlite_lib = - if - builtins.elem pkgs.stdenv.hostPlatform.system [ - "aarch64-darwin" - "x86_64-darwin" - ] - then - "libsqlite3.dylib" - else - "libsqlite3.so"; -in -{ - home = { - packages = with pkgs; [ - btop - bundix - cargo - cheat - colordiff - deadnix - dogdns - dos2unix - duf - dust - fd - f2 - git-filter-repo - glab - glow - gomuks - gotop - htop - httpie - hub - inputs.nix-auth.packages.${stdenv.hostPlatform.system}.default - jq - lazydocker - lazygit - lua-language-server - minicom - mtr - nil - nix-search - nix-zsh-completions - nodejs - nurl - nvd - nixfmt-tree - onefetch - powershell - pre-commit - puppet-lint - rename - ruby - subversion - statix - tldr - tree - trippy - vimv - watch - wget - yq-go - ]; - sessionVariables = { - CLICLOLOR = 1; - PAGER = "less"; - }; - file = { - ".config/nvim/lua/config" = { - source = ../../files/nvim/lua/config; - recursive = true; - }; - ".config/nvim/lua/plugins" = { - source = ../../files/nvim/lua/plugins; - recursive = true; - }; - ".config/powershell/Microsoft.PowerShell_profile.ps1".source = - ../../files/Microsoft.PowerShell_profile.ps1; - ".config/powershell/Microsoft.VSCode_profile.ps1".source = - ../../files/Microsoft.PowerShell_profile.ps1; - }; +{ inputs, pkgs, username, ... }: let + sqlite_lib = if builtins.elem pkgs.stdenv.hostPlatform.system [ + "aarch64-darwin" + "x86_64-darwin" + ] + then "libsqlite3.dylib" + else "libsqlite3.so"; +in { + home.packages = with pkgs; [ + btop + bundix + cargo + cheat + colordiff + dogdns + dos2unix + duf + dust + fd + f2 + git-filter-repo + glab + glow + gomuks + gotop + htop + httpie + hub + inputs.nix-auth.packages.${stdenv.hostPlatform.system}.default + jq + lazydocker + lazygit + lua-language-server + minicom + mtr + nil + nix-search + nix-zsh-completions + nodejs + nurl + nvd + onefetch + powershell + pre-commit + puppet-lint + rename + ruby + subversion + tldr + tree + trippy + vimv + watch + wget + yq-go + ]; + home.sessionVariables = { + CLICLOLOR = 1; + PAGER = "less"; }; programs = { atuin = { @@ -141,7 +111,7 @@ in "*.swp" ".DS_Store" ]; - includes = [ { path = "~/.gitconfig-local"; } ]; + includes = [ { path = "~/.gitconfig-local"; }]; lfs.enable = true; package = pkgs.gitFull; settings = { @@ -158,11 +128,6 @@ in user = { name = "Gene Liverman"; }; - signing = { - format = "ssh"; - key = "${config.home.homeDirectory}/.ssh/id_ed25519"; - signByDefault = true; - }; }; }; # end git irssi.enable = true; @@ -194,23 +159,19 @@ in ''; extraPackages = with pkgs; [ - gcc # needed so treesitter can do compiling + gcc # needed so treesitter can do compiling sqlite # needed by sqlite.lua used by telescope-cheat ]; plugins = [ pkgs.vimPlugins.lazy-nvim ]; # let lazy.nvim manage every other plugin }; nh = { enable = true; - flake = "${config.home.homeDirectory}/repos/dots"; + flake = "/Users/${username}/repos/dots"; }; oh-my-posh = { enable = true; enableZshIntegration = true; - settings = builtins.fromJSON ( - builtins.unsafeDiscardStringContext ( - builtins.readFile (inputs.genebean-omp-themes + "/beanbag.omp.json") - ) - ); + settings = builtins.fromJSON (builtins.unsafeDiscardStringContext (builtins.readFile (inputs.genebean-omp-themes + "/beanbag.omp.json"))); #useTheme = "amro"; #useTheme = "montys"; }; @@ -228,7 +189,7 @@ in set -g @dracula-show-battery false set -g @dracula-show-powerline true set -g @dracula-refresh-rate 10 - ''; + ''; } ]; extraConfig = '' @@ -389,4 +350,17 @@ in }; }; # end zsh }; # end programs + + home.file = { + ".config/nvim/lua/config" = { + source = ./files/nvim/lua/config; + recursive = true; + }; + ".config/nvim/lua/plugins" = { + source = ./files/nvim/lua/plugins; + recursive = true; + }; + ".config/powershell/Microsoft.PowerShell_profile.ps1".source = ./files/Microsoft.PowerShell_profile.ps1; + ".config/powershell/Microsoft.VSCode_profile.ps1".source = ./files/Microsoft.PowerShell_profile.ps1; + }; } diff --git a/modules/shared/files/Microsoft.PowerShell_profile.ps1 b/modules/hosts/common/files/Microsoft.PowerShell_profile.ps1 similarity index 100% rename from modules/shared/files/Microsoft.PowerShell_profile.ps1 rename to modules/hosts/common/files/Microsoft.PowerShell_profile.ps1 diff --git a/modules/shared/files/nvim/lua/config/vim-options.lua b/modules/hosts/common/files/nvim/lua/config/vim-options.lua similarity index 100% rename from modules/shared/files/nvim/lua/config/vim-options.lua rename to modules/hosts/common/files/nvim/lua/config/vim-options.lua diff --git a/modules/shared/files/nvim/lua/disabled/barbar.lua b/modules/hosts/common/files/nvim/lua/disabled/barbar.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/barbar.lua rename to modules/hosts/common/files/nvim/lua/disabled/barbar.lua diff --git a/modules/shared/files/nvim/lua/disabled/cheatsheet.lua b/modules/hosts/common/files/nvim/lua/disabled/cheatsheet.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/cheatsheet.lua rename to modules/hosts/common/files/nvim/lua/disabled/cheatsheet.lua diff --git a/modules/shared/files/nvim/lua/disabled/nvim-tree.lua b/modules/hosts/common/files/nvim/lua/disabled/nvim-tree.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/nvim-tree.lua rename to modules/hosts/common/files/nvim/lua/disabled/nvim-tree.lua diff --git a/modules/shared/files/nvim/lua/disabled/themes/dracula.lua b/modules/hosts/common/files/nvim/lua/disabled/themes/dracula.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/themes/dracula.lua rename to modules/hosts/common/files/nvim/lua/disabled/themes/dracula.lua diff --git a/modules/shared/files/nvim/lua/disabled/themes/gruvbox.lua b/modules/hosts/common/files/nvim/lua/disabled/themes/gruvbox.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/themes/gruvbox.lua rename to modules/hosts/common/files/nvim/lua/disabled/themes/gruvbox.lua diff --git a/modules/shared/files/nvim/lua/disabled/themes/kanagawa.lua b/modules/hosts/common/files/nvim/lua/disabled/themes/kanagawa.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/themes/kanagawa.lua rename to modules/hosts/common/files/nvim/lua/disabled/themes/kanagawa.lua diff --git a/modules/shared/files/nvim/lua/disabled/themes/oxocarbon.lua b/modules/hosts/common/files/nvim/lua/disabled/themes/oxocarbon.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/themes/oxocarbon.lua rename to modules/hosts/common/files/nvim/lua/disabled/themes/oxocarbon.lua diff --git a/modules/shared/files/nvim/lua/disabled/themes/tokyonight.lua b/modules/hosts/common/files/nvim/lua/disabled/themes/tokyonight.lua similarity index 100% rename from modules/shared/files/nvim/lua/disabled/themes/tokyonight.lua rename to modules/hosts/common/files/nvim/lua/disabled/themes/tokyonight.lua diff --git a/modules/shared/files/nvim/lua/plugins/alpha.lua b/modules/hosts/common/files/nvim/lua/plugins/alpha.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/alpha.lua rename to modules/hosts/common/files/nvim/lua/plugins/alpha.lua diff --git a/modules/shared/files/nvim/lua/plugins/bufferline.lua b/modules/hosts/common/files/nvim/lua/plugins/bufferline.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/bufferline.lua rename to modules/hosts/common/files/nvim/lua/plugins/bufferline.lua diff --git a/modules/shared/files/nvim/lua/plugins/catppuccin.lua b/modules/hosts/common/files/nvim/lua/plugins/catppuccin.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/catppuccin.lua rename to modules/hosts/common/files/nvim/lua/plugins/catppuccin.lua diff --git a/modules/shared/files/nvim/lua/plugins/completions.lua b/modules/hosts/common/files/nvim/lua/plugins/completions.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/completions.lua rename to modules/hosts/common/files/nvim/lua/plugins/completions.lua diff --git a/modules/shared/files/nvim/lua/plugins/edgy.lua b/modules/hosts/common/files/nvim/lua/plugins/edgy.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/edgy.lua rename to modules/hosts/common/files/nvim/lua/plugins/edgy.lua diff --git a/modules/shared/files/nvim/lua/plugins/git-stuff.lua b/modules/hosts/common/files/nvim/lua/plugins/git-stuff.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/git-stuff.lua rename to modules/hosts/common/files/nvim/lua/plugins/git-stuff.lua diff --git a/modules/shared/files/nvim/lua/plugins/lsp-config.lua b/modules/hosts/common/files/nvim/lua/plugins/lsp-config.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/lsp-config.lua rename to modules/hosts/common/files/nvim/lua/plugins/lsp-config.lua diff --git a/modules/shared/files/nvim/lua/plugins/lualine.lua b/modules/hosts/common/files/nvim/lua/plugins/lualine.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/lualine.lua rename to modules/hosts/common/files/nvim/lua/plugins/lualine.lua diff --git a/modules/shared/files/nvim/lua/plugins/neo-tree.lua b/modules/hosts/common/files/nvim/lua/plugins/neo-tree.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/neo-tree.lua rename to modules/hosts/common/files/nvim/lua/plugins/neo-tree.lua diff --git a/modules/shared/files/nvim/lua/plugins/noice.lua b/modules/hosts/common/files/nvim/lua/plugins/noice.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/noice.lua rename to modules/hosts/common/files/nvim/lua/plugins/noice.lua diff --git a/modules/shared/files/nvim/lua/plugins/none-ls.lua b/modules/hosts/common/files/nvim/lua/plugins/none-ls.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/none-ls.lua rename to modules/hosts/common/files/nvim/lua/plugins/none-ls.lua diff --git a/modules/shared/files/nvim/lua/plugins/nvim-web-devicons.lua b/modules/hosts/common/files/nvim/lua/plugins/nvim-web-devicons.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/nvim-web-devicons.lua rename to modules/hosts/common/files/nvim/lua/plugins/nvim-web-devicons.lua diff --git a/modules/shared/files/nvim/lua/plugins/telescope.lua b/modules/hosts/common/files/nvim/lua/plugins/telescope.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/telescope.lua rename to modules/hosts/common/files/nvim/lua/plugins/telescope.lua diff --git a/modules/shared/files/nvim/lua/plugins/todo-comments.lua b/modules/hosts/common/files/nvim/lua/plugins/todo-comments.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/todo-comments.lua rename to modules/hosts/common/files/nvim/lua/plugins/todo-comments.lua diff --git a/modules/shared/files/nvim/lua/plugins/toggleterm.lua b/modules/hosts/common/files/nvim/lua/plugins/toggleterm.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/toggleterm.lua rename to modules/hosts/common/files/nvim/lua/plugins/toggleterm.lua diff --git a/modules/shared/files/nvim/lua/plugins/treesitter.lua b/modules/hosts/common/files/nvim/lua/plugins/treesitter.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/treesitter.lua rename to modules/hosts/common/files/nvim/lua/plugins/treesitter.lua diff --git a/modules/shared/files/nvim/lua/plugins/trouble.lua b/modules/hosts/common/files/nvim/lua/plugins/trouble.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/trouble.lua rename to modules/hosts/common/files/nvim/lua/plugins/trouble.lua diff --git a/modules/shared/files/nvim/lua/plugins/vim-tmux-navigator.lua b/modules/hosts/common/files/nvim/lua/plugins/vim-tmux-navigator.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/vim-tmux-navigator.lua rename to modules/hosts/common/files/nvim/lua/plugins/vim-tmux-navigator.lua diff --git a/modules/shared/files/nvim/lua/plugins/which-key.lua b/modules/hosts/common/files/nvim/lua/plugins/which-key.lua similarity index 100% rename from modules/shared/files/nvim/lua/plugins/which-key.lua rename to modules/hosts/common/files/nvim/lua/plugins/which-key.lua diff --git a/modules/shared/files/tilix/Beanbag-Mathias.json b/modules/hosts/common/files/tilix/Beanbag-Mathias.json similarity index 100% rename from modules/shared/files/tilix/Beanbag-Mathias.json rename to modules/hosts/common/files/tilix/Beanbag-Mathias.json diff --git a/modules/shared/files/waybar/config b/modules/hosts/common/files/waybar/config similarity index 100% rename from modules/shared/files/waybar/config rename to modules/hosts/common/files/waybar/config diff --git a/modules/shared/files/waybar/style.css b/modules/hosts/common/files/waybar/style.css similarity index 100% rename from modules/shared/files/waybar/style.css rename to modules/hosts/common/files/waybar/style.css diff --git a/modules/shared/files/xfce4/terminal/accels.scm b/modules/hosts/common/files/xfce4/terminal/accels.scm similarity index 100% rename from modules/shared/files/xfce4/terminal/accels.scm rename to modules/hosts/common/files/xfce4/terminal/accels.scm diff --git a/modules/shared/files/xfce4/terminal/terminalrc b/modules/hosts/common/files/xfce4/terminal/terminalrc similarity index 100% rename from modules/shared/files/xfce4/terminal/terminalrc rename to modules/hosts/common/files/xfce4/terminal/terminalrc diff --git a/modules/shared/home/linux/apps/hexchat.nix b/modules/hosts/common/linux/apps/hexchat.nix similarity index 76% rename from modules/shared/home/linux/apps/hexchat.nix rename to modules/hosts/common/linux/apps/hexchat.nix index b0fbc2c..6addb18 100644 --- a/modules/shared/home/linux/apps/hexchat.nix +++ b/modules/hosts/common/linux/apps/hexchat.nix @@ -1,3 +1,3 @@ -{ +{ ... }: { programs.hexchat.enable = true; } diff --git a/modules/shared/home/linux/apps/pidgin.nix b/modules/hosts/common/linux/apps/pidgin.nix similarity index 76% rename from modules/shared/home/linux/apps/pidgin.nix rename to modules/hosts/common/linux/apps/pidgin.nix index 0f2c94e..e6d6840 100644 --- a/modules/shared/home/linux/apps/pidgin.nix +++ b/modules/hosts/common/linux/apps/pidgin.nix @@ -1,3 +1,3 @@ -{ +{ ... }: { programs.pidgin.enable = true; } diff --git a/modules/hosts/common/linux/apps/tilix.nix b/modules/hosts/common/linux/apps/tilix.nix new file mode 100644 index 0000000..bd7433c --- /dev/null +++ b/modules/hosts/common/linux/apps/tilix.nix @@ -0,0 +1,30 @@ +{ lib, pkgs, ... }: with lib.hm.gvariant; { + + dconf.settings = { + "com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = { + background-color = "#272822"; + background-transparency-percent = 10; + badge-color-set = false; + bold-color-set = false; + cursor-colors-set = false; + font = "Hack Nerd Font Mono 12"; + foreground-color = "#F8F8F2"; + highlight-colors-set = false; + palette = [ "#272822" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F8F8F2" "#75715E" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F9F8F5" ]; + use-system-font = false; + use-theme-colors = false; + visible-name = "Default"; + }; + + }; + + home.file = { + ".config/tilix/schemes/Beanbag-Mathias.json".source = ../../files/tilix/Beanbag-Mathias.json; + ".config/tilix/schemes/Catppuccin-Frappe.json".source = (pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "tilix"; + rev = "3fd05e03419321f2f2a6aad6da733b28be1765ef"; + hash = "sha256-SI7QxQ+WBHzeuXbTye+s8pi4tDVZOV4Aa33mRYO276k="; + } + "/src/Catppuccin-Frappe.json"); + }; +} \ No newline at end of file diff --git a/modules/hosts/common/linux/apps/waybar.nix b/modules/hosts/common/linux/apps/waybar.nix new file mode 100644 index 0000000..3fdd87a --- /dev/null +++ b/modules/hosts/common/linux/apps/waybar.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: { + home.file = { + ".config/waybar/config".source = ../../files/waybar/config; + ".config/waybar/frappe.css".source = (pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "waybar"; + rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff"; + hash = "sha256-WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8="; + } + "/themes/frappe.css"); + ".config/waybar/style.css".source = ../../files/waybar/style.css; + }; + + programs = { + # Using file in ../../files/waybar/ to configure waybar + waybar.enable = true; + }; +} \ No newline at end of file diff --git a/modules/shared/home/linux/apps/xfce4-terminal.nix b/modules/hosts/common/linux/apps/xfce4-terminal.nix similarity index 85% rename from modules/shared/home/linux/apps/xfce4-terminal.nix rename to modules/hosts/common/linux/apps/xfce4-terminal.nix index 21aeebf..6b49e4d 100644 --- a/modules/shared/home/linux/apps/xfce4-terminal.nix +++ b/modules/hosts/common/linux/apps/xfce4-terminal.nix @@ -1,6 +1,6 @@ -{ +{ ... }: { home.file = { - ".config/xfce4/terminal/accels.scm".source = ../../../files/xfce4/terminal/accels.scm; + ".config/xfce4/terminal/accels.scm".source = ../../files/xfce4/terminal/accels.scm; }; xfconf.settings = { @@ -11,8 +11,7 @@ "color-background" = "#08052b"; "color-cursor" = "#ff7f7f"; "color-cursor-use-default" = false; - "color-palette" = - "#000000;#e52222;#a6e32d;#fc951e;#c48dff;#fa2573;#67d9f0;#f2f2f2;#555555;#ff5555;#55ff55;#ffff55;#5555ff;#ff55ff;#55ffff;#ffffff"; + "color-palette" = "#000000;#e52222;#a6e32d;#fc951e;#c48dff;#fa2573;#67d9f0;#f2f2f2;#555555;#ff5555;#55ff55;#ffff55;#5555ff;#ff55ff;#55ffff;#ffffff"; "font-name" = "Hack Nerd Font Mono 12"; "misc-always-show-tabs" = false; "misc-bell" = false; @@ -44,4 +43,4 @@ "title-initial" = "xfce4-terminal"; }; }; -} +} \ No newline at end of file diff --git a/modules/shared/linux/flatpaks.nix b/modules/hosts/common/linux/flatpaks.nix similarity index 61% rename from modules/shared/linux/flatpaks.nix rename to modules/hosts/common/linux/flatpaks.nix index 6d68d30..f29a1ff 100644 --- a/modules/shared/linux/flatpaks.nix +++ b/modules/hosts/common/linux/flatpaks.nix @@ -1,21 +1,16 @@ -{ - # Though it wouldn't seem to be this way, - # This is used both in NixOS and Home Manager + +{ ... }: { services = { flatpak = { enable = true; packages = [ + "im.riot.Riot" "com.cassidyjames.butler" "com.logseq.Logseq" "com.vivaldi.Vivaldi" - "im.riot.Riot" - "io.kopia.KopiaUI" - "org.localsend.localsend_app" - "org.gnome.Fractal" "org.signal.Signal" "org.telegram.desktop" ]; - uninstallUnmanaged = true; update.auto = { enable = true; onCalendar = "daily"; diff --git a/modules/shared/home/linux/default.nix b/modules/hosts/common/linux/home.nix similarity index 97% rename from modules/shared/home/linux/default.nix rename to modules/hosts/common/linux/home.nix index 2cc695b..04428b9 100644 --- a/modules/shared/home/linux/default.nix +++ b/modules/hosts/common/linux/home.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { home.packages = with pkgs; [ fastfetch ]; diff --git a/modules/shared/nixos/internationalisation.nix b/modules/hosts/common/linux/internationalisation.nix similarity index 97% rename from modules/shared/nixos/internationalisation.nix rename to modules/hosts/common/linux/internationalisation.nix index eef867a..5d71c99 100644 --- a/modules/shared/nixos/internationalisation.nix +++ b/modules/hosts/common/linux/internationalisation.nix @@ -1,4 +1,4 @@ -{ +{ ... }: { # Select internationalisation properties. i18n = { defaultLocale = "en_US.UTF-8"; @@ -14,4 +14,4 @@ LC_TIME = "en_US.UTF-8"; }; }; -} +} \ No newline at end of file diff --git a/modules/shared/nixos/lets-encrypt.nix b/modules/hosts/common/linux/lets-encrypt.nix similarity index 84% rename from modules/shared/nixos/lets-encrypt.nix rename to modules/hosts/common/linux/lets-encrypt.nix index 6ab50df..e885306 100644 --- a/modules/shared/nixos/lets-encrypt.nix +++ b/modules/hosts/common/linux/lets-encrypt.nix @@ -1,5 +1,4 @@ -{ config, username, ... }: -{ +{ config, username, ... }: { ########################################################################## # # @@ -11,9 +10,7 @@ acceptTerms = true; defaults = { email = "lets-encrypt@technicalissues.us"; - credentialFiles = { - "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}"; - }; + credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}"; }; dnsProvider = "gandiv5"; dnsResolver = "ns1.gandi.net"; # uncomment below for testing diff --git a/modules/hosts/common/linux/nixroutes.nix b/modules/hosts/common/linux/nixroutes.nix new file mode 100644 index 0000000..0b50bdf --- /dev/null +++ b/modules/hosts/common/linux/nixroutes.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: +let + hostName = config.networking.hostName; +in { + programs.zsh.shellAliases.nixroutes = + "cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'"; +} diff --git a/modules/shared/nixos/restic.nix b/modules/hosts/common/linux/restic.nix similarity index 96% rename from modules/shared/nixos/restic.nix rename to modules/hosts/common/linux/restic.nix index 4c0a04b..91cc256 100644 --- a/modules/shared/nixos/restic.nix +++ b/modules/hosts/common/linux/restic.nix @@ -1,5 +1,4 @@ -{ config, pkgs, ... }: -{ +{ config, pkgs, ... }: { environment.systemPackages = with pkgs; [ restic ]; @@ -30,3 +29,4 @@ }; }; } + diff --git a/modules/shared/nixos/ripping.nix b/modules/hosts/common/linux/ripping.nix similarity index 95% rename from modules/shared/nixos/ripping.nix rename to modules/hosts/common/linux/ripping.nix index 9f6b33f..680db32 100644 --- a/modules/shared/nixos/ripping.nix +++ b/modules/hosts/common/linux/ripping.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { # Be sure this is added if on NixOS # boot.kernelModules = [ "sg" ]; @@ -21,3 +20,4 @@ mkvtoolnix-cli ]; } + diff --git a/modules/shared/secrets.yaml b/modules/hosts/common/secrets.yaml similarity index 100% rename from modules/shared/secrets.yaml rename to modules/hosts/common/secrets.yaml diff --git a/modules/hosts/darwin/AirPuppet/default.nix b/modules/hosts/darwin/AirPuppet/default.nix index 4dc5d60..84afcb1 100644 --- a/modules/hosts/darwin/AirPuppet/default.nix +++ b/modules/hosts/darwin/AirPuppet/default.nix @@ -1,4 +1,4 @@ -{ +{ ... }: { system.stateVersion = 4; homebrew = { diff --git a/modules/hosts/darwin/AirPuppet/home-gene.nix b/modules/hosts/darwin/AirPuppet/home-gene.nix index 2643ed1..644bc76 100644 --- a/modules/hosts/darwin/AirPuppet/home-gene.nix +++ b/modules/hosts/darwin/AirPuppet/home-gene.nix @@ -1,5 +1,4 @@ -{ username, ... }: -{ +{ username, ... }: { home.stateVersion = "23.11"; sops = { diff --git a/modules/hosts/darwin/Blue-Rock/default.nix b/modules/hosts/darwin/Blue-Rock/default.nix index a6efc0d..a2a98f4 100644 --- a/modules/hosts/darwin/Blue-Rock/default.nix +++ b/modules/hosts/darwin/Blue-Rock/default.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { system.stateVersion = 4; environment = { diff --git a/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix b/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix index 2ed7e0a..7f1fa1a 100644 --- a/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix +++ b/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix @@ -1,7 +1,6 @@ -{ username, ... }: -{ +{ username, ... }: { home.stateVersion = "23.11"; - + programs = { go = { enable = true; diff --git a/modules/hosts/darwin/default.nix b/modules/hosts/darwin/default.nix index 1d49aef..7f3e7e5 100644 --- a/modules/hosts/darwin/default.nix +++ b/modules/hosts/darwin/default.nix @@ -1,17 +1,8 @@ -{ - pkgs, - hostname, - username, - ... -}: -{ +{ pkgs, hostname, username, ... }: { system.primaryUser = username; environment = { - shells = with pkgs; [ - bash - zsh - ]; + shells = with pkgs; [ bash zsh ]; pathsToLink = [ "/Applications" "/share/zsh" @@ -68,7 +59,6 @@ "gitkraken-cli" "handbrake-app" "imageoptim" - "itermbrowserplugin" "iterm2" "keepingyouawake" "libreoffice" @@ -123,10 +113,7 @@ "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs=" "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc=" ]; - trusted-users = [ - "@admin" - "${username}" - ]; + trusted-users = [ "@admin" "${username}" ]; }; extraOptions = '' # Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0. diff --git a/modules/hosts/darwin/home.nix b/modules/hosts/darwin/home.nix index 7df380e..3767a24 100644 --- a/modules/hosts/darwin/home.nix +++ b/modules/hosts/darwin/home.nix @@ -1,5 +1,4 @@ -{ username, ... }: -{ +{ username, ... }: { # dawrwin-specific shell config programs = { zsh = { diff --git a/modules/hosts/darwin/mightymac/default.nix b/modules/hosts/darwin/mightymac/default.nix index 074ca67..49e1f76 100644 --- a/modules/hosts/darwin/mightymac/default.nix +++ b/modules/hosts/darwin/mightymac/default.nix @@ -1,5 +1,4 @@ -{ inputs, pkgs, ... }: -{ +{ inputs, pkgs, ... }: { system.stateVersion = 4; environment = { diff --git a/modules/hosts/darwin/mightymac/home-gene.liverman.nix b/modules/hosts/darwin/mightymac/home-gene.liverman.nix index 49aaea2..2d4fa73 100644 --- a/modules/hosts/darwin/mightymac/home-gene.liverman.nix +++ b/modules/hosts/darwin/mightymac/home-gene.liverman.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{ config, ... }: { home.stateVersion = "23.11"; programs = { diff --git a/modules/hosts/darwin/mightymac/secrets.yaml b/modules/hosts/darwin/mightymac/secrets.yaml index d12fc69..a37f3ec 100644 --- a/modules/hosts/darwin/mightymac/secrets.yaml +++ b/modules/hosts/darwin/mightymac/secrets.yaml @@ -1,7 +1,7 @@ tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str] user_nix_conf: ENC[AES256_GCM,data:1PCMb2Xyq7G/ROrk39UcfC9Ktj+fhh5j2/EAi4ganLIyk3chzifk265XLxK5eFIVjys9mdGikaepcJky3cgnKl8HOX8=,iv:7/cxkyl3QgwzkT8Fi3/+CqRZu91l287TxeVYQcH0P5I=,tag:bMo3RJchirQSJTjXPds8Ag==,type:str] i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str] -local_git_config: ENC[AES256_GCM,data:DjLFwnglZuH2Piami9gHUd5fmlW3luXDCxx7cEuTPRPM4Y4fr2PmXXWSIvZEo6FuVC8tAMr4Z9wbgWQumB4Ul4lIHpwHrbvS2ccOI/ye4Q9OQ/Ki9OEbVFg8nBHsz57RnD0uh3Fk+9gV0yoTmjxP2A==,iv:7Z2d/pgc4uarGe0/BAcIFGLMdBdNwhxr6wGOaZvUqxw=,tag:HgOW/RF9/QEfm+xkEV75+Q==,type:str] +local_git_config: ENC[AES256_GCM,data:KEmChuCHJxKrZ3d72fbhgm1K+aAKjkwTpEq/qsNPOQbZqSCZgy/IQBY/L+qMJZlr3iIyrAKxN1CxfrurpB2/m+yxMo7ONoARAR6X67GqmgJX4mbO0EEHQvP6/0v/HVHfT67ZKg1oZTzmKAKr5eiyTnX4e73Ao11TySiqHTJBw4cPc0BTNmgrnf9xvXAPeYWa,iv:vyDbCml7pnouqpb+PewFBih6f7wPbHjv/GJgLUsRjbM=,tag:DLWz19yoJIZTLR46FuH/iw==,type:str] local_private_env: ENC[AES256_GCM,data:vaa2MKSzCs2s2mzRkFSkz2CT2hCRfad+mqkLW/PCulcw8x6TYRWWjfYicqdCh+lmeMlRgoukH45qTq2YaKo8lvm0jOPnk1Z6ZOYCafm6JX8Cn+hpxRq/nw0OjtytLrVIh6CCqe8IJM5nK6EC5dXJDO/08AaiRdlYqRG7HhKFSa0nODlQpWGXiwYz3ajkCmlgl3qR+6HpZxjMKAGAyLZr9g5n8rNHN7oXe0Kf06wmoMnFNKvuZ9kliJe5x3gUbiDN85UNXNKnMs6SFk7Hr+jE3RIGUjYL6XCUgWgvt9gL0VDWjt3KfJbASJMBwBU9B4Jj02pxyHeQovyK2CjAm7Qm2s40JYsdsbfV4QaTBRCT5DdIQiB3FI/ELuwKdEo8MlpSvk5DqyxipAvicOa216x4N+FG/N311vExq4gNIjO+6w191ymRk4YCxWjUIk7GwiftsVBp+Jo6M27Xe7k7yYCBblEyAtq7NDbcxrh9YoXs+K409wBE6U81bJbMWwRzwG7Sfhrzx1X+C1SGe+VYSmh1EqHEbJbkHXxEF35vfNGwQoIAVOQ+ePlYyGhvNkbLTxxf2Ni6orl/tKnLejmMSwhUrv5R1RgQqxyiK7aSl0bf89+hxb2WWdGpmFEMUCns4hoFzN+ob1h7oH3aD33CMKuoOFAhsDkELS08Bvx2RMyKEv7ktU6KmaOEvO99soRQAMZvznM0/8H6v11ua1sAvzN5of+9bdA31Yt2fj1lMpAxuc/jc/fjlSpdr+TkEIoAP1R/z4xhlR4QoxlnBkLJU2y699dPBChl52k8S5W53/XW0NoXptpf8+BKgnQCjXRASHBxN2ChjjpUFLyKV/0x8lbrs+NbNb4wJP4HK1625R9278hcD02KcfzofPtr/sglSGEWOla7vsNlyQiwRp0ZfbGrrfvQ3QhKVx/shPL7BkmGGDapkiT0YqWIWo/gOtRnDGIcsjER5DMZQwez27eqaZq7jwQv4He1Tj/UelR1eOurlPE7NKIDXXCR14vfsVCX/5mNPuNDZ+hhEpp8xAqAsnv6TCHHZ7q1ngrIe/uxJZLGE3oWxmjxn1FGP3m42IT59RMXHNmzZwPYmPZK8cjSNqViP2Krsvca0p+Jf7+1hP17UwLFneo6bf3um891sF0X40R9uNA+7fuP4rbBwrJZaNwSojxXyk9kVpXATwk9JMaXijU78KZ+59ucl5lVsu1OQTYtcZxSecGr21ATSi2EydhaHNM/hsamAeyy3EbiVfDD6Bv9V2uwoEWRIApnCoKN9zcpdjMuVIZUKywuAyEzCaaOuDfrFLsgR051ijqkOQnmuZNJ+DRmdC1siUPqNQawRqvewKN5FbHJFuI7X6Zxfa3OxZFqnsWdipuL/+3sy8hGjaH5y1RIHeJzL/ZnQNoEkBMep6zeLmQHoGV3iXjmbobUpJMpHKG3yt92zw8hyckPO+tEvOjYW2RR+6NfbArWTqaW7e4FHYpDtX3Oh3a1SzX+fK5lEUglN3+wx6uDDXczG7IZwQDQc9kfL2rt45s8uHw9MZL/kH8Ssdhk4Ha2JIXXyyoxyFHH5OaZCaQFveVjvo70E394AU5oJ5YmvlKIMZEJxnL9TdtshTPVvKeL3DBjEzIocv9/MWQJLfltnaU2ieIQFsvG8ma7za8YOvFVgr1Z3DfRsusQOmnJB3Umm18YfST0U1u1DpiCsvdGoRuySqAjp4OdmxTvKLRHKkNzRzmS8NnewFjUitJy1WjXmcoVRc8+hm2IJxQl3iGm1In2zuGtyklbban7+84ygV2XvhGpv5MLE0ooKHTXLU7da9jUgvRgCQ9EZWGh/Xqg/OA7mK3C9ojeuJKCgtKwDm2QeHKswRzgUpSTtYlgS3TmTQOdgMo7N7w9uWTTjU9ozXnJHZlKF7264XaIOmLZGwcIPwjQb6+onv0xvDDgKaDU2QpHA1MMXrJAPnyAP3xjpttEggHcY9i+t0ZlvrzS1Ux7Tv2qKnabJEuzw5mX7RyjmUOp89mXK/Ot/hTwMKf2Rm7QsoSMl3NqTFHUMYnxzN8TyVAWvcXh1iS24ryvgMqE+Et2EFW2+lz3XffS+hKJ49osu3ZX53QDLCXhWRK7xnCj3JGNVtnyMkRH7eRVpQwbxl7DuYSx8xrzDyLItOOVyUeif+XiIzsjDWfitTV0+SDhsuJpvCm3hh1+SDUwL9abgOJ0Hv0Y8EtvkoAUlkC5O3+qVFVQ2gmdTWvZ5eIci4wKvv4jXyljW7uDGCjqoGL3yi9JUGWhJGVe0gFvUyP/k6ThxjbrpERVOCpiPZDfwU31ACVVEagwdLjs2vJB1oRs2dJWwwXMPR4lbslgDUXkD4j0hodOvbrqa9teBB1Q48mAZ/CqhOgwFjEymLmXUEcauBHSuLywQkff7TYVmyWzGZAH0gZB7aVuwZ1ZRj59PuFdMKcRoqNC8/yb4Nj9HDprE8l7gS5jaELkm6G/lo7jbei7CLdYB5zNW9qSypKv6QvqYbxhpCazsPAvjIXj0O3k24Q8U6CROuxWwNe7hCPaYaC1wI/lr+QEoG//3sRMRMBYJ5M2deFSXhKFstcoOAinkESMgwLc2eeTmqYS14e4qtCIMzAy9YOt0SaKUVjnCgj9vkoJNPgqdVEnszDThBS2Rhe3f/CrfFdoWf/nWisy3NwCWcdj8cjR2sAGcu8ImxRciXYuUS9XAdGiUUVv9+BF1wf2VCWVJQ895WQ7dxBtHZdrh7SRtlR0qKTQuSPzEzSYwve0Xm1Kw6VbgrcQnpvafS2unS+3VlGH+gjv3swHWaiot0IbvoG7K4guVfUFORTlsqlktg2UdfskhVpXliJub1B91q6Ocuponi6NI0ytmNGgNKoxNU8Bfi8zruCak2lwKK1lwqR9Q2Xhg0xHW/bjsX37HHC6hS5WoB3KpwouwSdY7bbZttyq3EdODHz4P7FdsrirSgt9U/1ue9shbDQmBwImPAr7KttRMZUcuCWYoxSzZbqz5OdIinVgonOkqPWvsxSb1+PjpWFkYwMzeOlcYRGylD8VZ5TMn/p0DVpzWK4zTbmY1s6nvu+gPPgLWBM0soj33UY7vSlJMgzOXEc4dFGspfVbkbjBx/qbtN3wS7WnI1RP0oTszSacVkuJvsDZURecNUIyNxaKTYOIOrxErTBJwZ1mYUDh0KWprAirzTD1p+4soiGiMwYQdKZd6MwgD0HmjzPwi+DpoBfo1Y7R6BeefFvSLT2dZhilwlh496FQX/DNOqPd/5ZiMOGC8JvG6pBred5r2QFCFgN7F9BIFoLHpF8DjRkvcQC4bf/IQrQBGJGMk2o3fG+cjPxB5c7Ce9BzCUY5+AAcm7/u2oMZvCiUc91OKV/l3S5J+ZmUutXIrFvJIlE4FUJi6QFtDI4fygzxI84wbTtnrQzYWOvWZlKEmXDQyn6iRxqu1pcJq38cX3UpouMXlbqA+pGsc1xAkt7a295qYBcVrm1RjQWwVW1okNF9bgswF3X8HCEx8tCFsZdM+lHE4/+ytqTOMvPrgodbUeCBORwpsKN4TzBCGzQI/1Fs++ucL6EwwgN95goW4gvqgk2sEdSGqO7fk4pwzfHNLdoZmosblsHFTmCefHURmeM+rakbZLIyERBSEWzW8uSMFqdqQtFjx2cMEcavSj3xO69p6YuK4baRVV1ATLeYfpMnSkt6wM5TCowXBiA67TQUzEl0+rTG4kPc2PYLFCkKzjxM2ngA+P2gyx5jRPtztLLDe669sUecsNCDfs1h8nLDJyL9zDF/K3Iw8AlsMgqYDhDcFVW9sZ+to7UGL0VToRMFKrP+zW3MSSC9sXQIX+aZeI0yjgxYU4zH4MB4JlP/dgPvqBKkAU+lCD0EesdXaL3hUQQ6+8BY2wsO3ws77rFYDWCq0lzjXHH+BtyihWF194ZEXxNzkq3mH5uBHqipWZ4EMnoHbzfq4CI11VK0Kgu6atw0xDCApA+0auom7jayFvL6HvhSW+lWhOTSlOktXzFula1iNKqJI1y6bLig94HEJ13z+3HSKsyA,iv:c81f5M5cmElhm6Yb/p7JkX0mJacbatqm3qmIba/LMcs=,tag:V2FVsGqf9G18VimH2rsSRg==,type:str] sops: age: @@ -14,7 +14,7 @@ sops: YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-19T15:01:09Z" - mac: ENC[AES256_GCM,data:FKz9GZZfLnBFiVuyn3xmhR0p6NpPxlJBZlGL6PrqsiJWmIrzZBq6x5fj9fWprYuzeAJYRrwSX8X5fYKdatrW2aLIYrXclZl1yw3afnP65lJZvJxlhD9gD3gPZ9eMbmRUOqrhLn8OeQ+mY4WBXg0G6WNOxsp/bAQf7Xjkj1eItBI=,iv:duqy8YcrhfPmiTHJBYnFbMyv1jCxLPtU1Gbo1F/YkHs=,tag:3TNSf3BLu6Wm38RmReihwg==,type:str] + lastmodified: "2026-02-26T13:53:28Z" + mac: ENC[AES256_GCM,data:QfP3eTXlhl1M3qLF+vuS6R+nwqpwjS9I6lXofSR1Qa1FsA6EsMPkzFyousS5IMScqUv5co868yS3KvXgkwwYsMkU1JwChBN2gPTF6OJ29fyjzE2jtVUop+ZRkUcV5I2FwAxMCR9LIyWNfePTpM056yGCM/2cnjOfc0vmhE2ctRw=,iv:a1VbTwMl5AuV5wN/dUpT8nrtt0qCJT9NmIb+f3avt6c=,tag:DYAue3j10rwhBTs4xRUZOw==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.11.0 diff --git a/modules/hosts/home-manager-only/default.nix b/modules/hosts/home-manager-only/default.nix index d4932be..3b00ffd 100644 --- a/modules/hosts/home-manager-only/default.nix +++ b/modules/hosts/home-manager-only/default.nix @@ -1,11 +1,4 @@ -{ - config, - pkgs, - system, - username, - ... -}: -{ +{ config, pkgs, system, username, ... }: { home.stateVersion = "25.05"; home.packages = with pkgs; [ age diff --git a/modules/hosts/home-manager-only/home-gene.liverman.nix b/modules/hosts/home-manager-only/home-gene.liverman.nix index 28f3d15..7095165 100644 --- a/modules/hosts/home-manager-only/home-gene.liverman.nix +++ b/modules/hosts/home-manager-only/home-gene.liverman.nix @@ -1,3 +1,3 @@ -{ +{ ... }: { # Settings just for work machines go here -} +} \ No newline at end of file diff --git a/modules/hosts/home-manager-only/home-gene.nix b/modules/hosts/home-manager-only/home-gene.nix index 7c6b6bf..29c0c0f 100644 --- a/modules/hosts/home-manager-only/home-gene.nix +++ b/modules/hosts/home-manager-only/home-gene.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { # Settings just for personal machines go here home.packages = with pkgs; [ diff --git a/modules/hosts/home-manager-only/secrets.yaml b/modules/hosts/home-manager-only/secrets.yaml index a4d26f8..7fdcb6f 100644 --- a/modules/hosts/home-manager-only/secrets.yaml +++ b/modules/hosts/home-manager-only/secrets.yaml @@ -1,4 +1,4 @@ -local_git_config: ENC[AES256_GCM,data:z/yS/4VgTapy476DAIucKd0DQsn1Rg0f8U3DAYwvI7+THGq8MAhgQ9Y=,iv:deh7DIRNPKlZJQu+ihiBzWqNV1rSP0hATERmeGCLi4s=,tag:NYVUUv1uve0Gv2sXSJuQmw==,type:str] +local_git_config: ENC[AES256_GCM,data:7zJpT5px88Y/9S/ZR3dRZQmALdVS1aR/1qpKDYzfSAG7bTHutIXztBi93xH+iuId2blWZ7DVjRZPTLgbsxzPBGMVnwDMCTOfLPhTwbSGI6XfKXvYyl9TXNiw1qxn1zhIAia7zt2J/dBt63JMVByXaVohpHr0/9cKZio/cuI=,iv:k55B7Pe70M+enpMP+toVjyEkdIsuNnA5hRUe5Kgq5pE=,tag:6sChtIN2POPiK2zYweqTTA==,type:str] local_private_env: ENC[AES256_GCM,data:bUDiSzNaLDLBCM9SosCA/79utc+rqht3BqWOqgGAoc/E1YPfiCsqSOgMSRaYnACc9ubpozEGbsSSwxhq/p+4,iv:opwNCd3hAVJdXLiVbGh5FVuv0Uwnfns6QGrRKHGOtiE=,tag:Dun7sZC9RyxXiTlAPRMV6Q==,type:str] sops: age: @@ -11,7 +11,7 @@ sops: aTV4a1QvaThld3g0aGt3Z3JvaWFtcFEK1zvoJDUDSwSmSJ5YyFUjNCP9qoj/7Uv5 MusGUeYe+IdBz413voyT0PgsGmlKNEjfxjzsF0DRKAw5a/n0EY9cOg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-22T23:15:19Z" - mac: ENC[AES256_GCM,data:KAKblfnDL1nyFvPY/i9yy77RY0zr2QMYlV/asMXRd6TlR/jVGBFFdXVOFKFsbWpMbm5K8VtAOGxc/xL1NYsrAxGaoCH5YCHOjx2ZxJ9/5ZOGTSqAW7b2Ny1MlU9+IP7tD5qC3IFdzdtf3Osi7mwoQP5/xtLtZ5CP6mu+cy/xnB4=,iv:wk8pNiEcv9gGPWWNoCxpf3QmuNoZhapvo8BXKdaSy4E=,tag:8vuwebWrnv2+2SLw77ge7Q==,type:str] + lastmodified: "2026-01-10T18:40:37Z" + mac: ENC[AES256_GCM,data:JfaHXsdnJNyrUEL8WyhH4ht8PO4ifQguvf0YLjmpMFbr1Mih+e/+DtQTPO9M2U/vrH7rFCk1UiZQhNZD3kY6S5LUqvHYvQwbf81zNXpGtAr/lQVT+bIJeqfRdJXkIGIZscu16Lmqm0WM6lmugfrIteNATYr9Qc4mDn2UApl5YXc=,iv:bC0XJUwgytnHefMPGsmdY5EkMTRmF5GcakjEIlIeNvs=,tag:JZ0k1y9J7StXKG3GeyGhfg==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.11.0 diff --git a/modules/hosts/nixos/bigboy/default.nix b/modules/hosts/nixos/bigboy/default.nix index 685e89f..9556bf2 100644 --- a/modules/hosts/nixos/bigboy/default.nix +++ b/modules/hosts/nixos/bigboy/default.nix @@ -1,23 +1,17 @@ +{ config, pkgs, username, ... }: + let + libbluray = pkgs.libbluray.override { + withAACS = true; + withBDplus = true; + withJava = true; + }; + vlc-with-decoding = pkgs.vlc.override { inherit libbluray; }; + in { - config, - pkgs, - username, - ... -}: -let - libbluray = pkgs.libbluray.override { - withAACS = true; - withBDplus = true; - withJava = true; - }; - vlc-with-decoding = pkgs.vlc.override { inherit libbluray; }; -in -{ - imports = [ - # Include the results of the hardware scan. + imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../../shared/linux/flatpaks.nix - ../../../shared/nixos/ripping.nix + ../../common/linux/flatpaks.nix + ../../common/linux/ripping.nix ]; system.stateVersion = "24.11"; # Did you read the comment? @@ -49,6 +43,7 @@ in zoom-us ]; + networking.networkmanager.enable = true; programs = { @@ -123,15 +118,10 @@ in users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "networkmanager" - "wheel" - "dialout" - "input" - ]; + extraGroups = [ "networkmanager" "wheel" "dialout" "input" ]; packages = with pkgs; [ kdePackages.kate - # thunderbird + # thunderbird ]; }; } diff --git a/modules/hosts/nixos/bigboy/hardware-configuration.nix b/modules/hosts/nixos/bigboy/hardware-configuration.nix index 7b7baf8..b124fad 100644 --- a/modules/hosts/nixos/bigboy/hardware-configuration.nix +++ b/modules/hosts/nixos/bigboy/hardware-configuration.nix @@ -1,55 +1,32 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "nvme" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - kernelModules = [ ]; - }; - kernelModules = [ - "kvm-intel" - "sg" + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") ]; - extraModulePackages = [ ]; - }; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832"; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832"; fsType = "ext4"; }; - "/boot" = { - device = "/dev/disk/by-uuid/59CB-16DE"; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/59CB-16DE"; fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; + options = [ "fmask=0077" "dmask=0077" ]; }; - }; - swapDevices = [ - { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; } - ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/hosts/nixos/bigboy/home-gene.nix b/modules/hosts/nixos/bigboy/home-gene.nix index fa2f7e0..962d99e 100644 --- a/modules/hosts/nixos/bigboy/home-gene.nix +++ b/modules/hosts/nixos/bigboy/home-gene.nix @@ -1,10 +1,9 @@ -{ ... }: -{ +{ ... }: { home.stateVersion = "24.05"; imports = [ - ../../../shared/home/general/all-gui.nix - ../../../shared/home/linux/apps/tilix.nix - ../../../shared/home/linux/apps/xfce4-terminal.nix + ../../common/all-gui.nix + ../../common/linux/apps/tilix.nix + ../../common/linux/apps/xfce4-terminal.nix ]; programs = { @@ -28,3 +27,4 @@ }; }; } + diff --git a/modules/hosts/nixos/default.nix b/modules/hosts/nixos/default.nix index 485afff..cef3366 100644 --- a/modules/hosts/nixos/default.nix +++ b/modules/hosts/nixos/default.nix @@ -1,19 +1,10 @@ -{ - hostname, - pkgs, - username, - ... -}: -{ +{ hostname, pkgs, username, ... }: { imports = [ - ../../shared/nixos/internationalisation.nix + ../common/linux/internationalisation.nix ]; environment = { - shells = with pkgs; [ - bash - zsh - ]; + shells = with pkgs; [ bash zsh ]; systemPackages = with pkgs; [ age dconf2nix diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 092dbb3..5f06448 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -1,11 +1,6 @@ -{ - pkgs, - username, - ... -}: -{ +{ inputs, pkgs, username, ... }: { imports = [ - ../../../shared/nixos/nixroutes.nix + ../../common/linux/nixroutes.nix ./disk-config.nix ./hardware-configuration.nix ./post-install @@ -29,14 +24,14 @@ networking = { # Open ports in the firewall. firewall.allowedTCPPorts = [ - 22 # ssh - 25 # SMTP (unencrypted) - 80 # http to local Nginx - 143 # imap - 443 # https to local Nginx - 465 # SMTP with TLS - 587 # SMTP with STARTTLS - 993 # imaps + 22 # ssh + 25 # SMTP (unencrypted) + 80 # http to local Nginx + 143 # imap + 443 # https to local Nginx + 465 # SMTP with TLS + 587 # SMTP with STARTTLS + 993 # imaps 1883 # mqtt 8333 # Bitcoin Core 8448 # Matrix Synapse @@ -93,10 +88,7 @@ users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "networkmanager" - "wheel" - ]; + extraGroups = [ "networkmanager" "wheel" ]; linger = true; }; } diff --git a/modules/hosts/nixos/hetznix01/hardware-configuration.nix b/modules/hosts/nixos/hetznix01/hardware-configuration.nix index 87f1802..67a3557 100644 --- a/modules/hosts/nixos/hetznix01/hardware-configuration.nix +++ b/modules/hosts/nixos/hetznix01/hardware-configuration.nix @@ -4,25 +4,14 @@ { lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "ahci" - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - kernelModules = [ ]; - }; - kernelModules = [ ]; - extraModulePackages = [ ]; - }; + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; fileSystems."pack1828" = { device = "/dev/disk/by-id/scsi-0HC_Volume_102600992"; @@ -36,3 +25,4 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } + diff --git a/modules/hosts/nixos/hetznix01/home-gene.nix b/modules/hosts/nixos/hetznix01/home-gene.nix index 13c6855..ec20c58 100644 --- a/modules/hosts/nixos/hetznix01/home-gene.nix +++ b/modules/hosts/nixos/hetznix01/home-gene.nix @@ -1,3 +1,3 @@ -{ - home.stateVersion = "24.05"; +{ ... }: { + home.stateVersion = "24.05"; } diff --git a/modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix b/modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix index f350c4e..33188e9 100644 --- a/modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix @@ -1,8 +1,6 @@ -{ config, username, ... }: -let +{ config, username, ... }: let volume_base = "/var/lib/emqx"; -in -{ +in { # Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html virtualisation.oci-containers.containers = { "emqx" = { diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix index 3aaa909..83eddd6 100644 --- a/modules/hosts/nixos/hetznix01/post-install/default.nix +++ b/modules/hosts/nixos/hetznix01/post-install/default.nix @@ -1,18 +1,10 @@ -{ - config, - lib, - pkgs, - username, - ... -}: -let +{ config, lib, pkgs, username, ... }: let domain = "technicalissues.us"; restic_backup_time = "01:00"; -in -{ +in { imports = [ - ../../../../shared/nixos/lets-encrypt.nix - ../../../../shared/nixos/restic.nix + ../../../common/linux/lets-encrypt.nix + ../../../common/linux/restic.nix ./containers/emqx.nix ./matrix-synapse.nix ./monitoring.nix @@ -34,7 +26,7 @@ in # Listen on loopback interface only, and accept requests from ::1 net = { listen = "loopback"; - post_allow.host = [ "::1" ]; + post_allow.host = ["::1"]; }; # Restrict loading documents from WOPI Host nextcloud.example.com @@ -170,14 +162,14 @@ in }; matrix_secrets_yaml = { owner = config.users.users.matrix-synapse.name; - restartUnits = [ "matrix-synapse.service" ]; + restartUnits = ["matrix-synapse.service"]; }; matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name; - mqtt_recorder_pass.restartUnits = [ "mosquitto.service" ]; + mqtt_recorder_pass.restartUnits = ["mosquitto.service"]; nextcloud_admin_pass.owner = config.users.users.nextcloud.name; owntracks_basic_auth = { owner = config.users.users.nginx.name; - restartUnits = [ "nginx.service" ]; + restartUnits = ["nginx.service"]; }; plausible_admin_pass.owner = config.users.users.nginx.name; plausible_secret_key_base.owner = config.users.users.nginx.name; @@ -188,36 +180,31 @@ in }; systemd.services = { - nextcloud-config-collabora = - let - inherit (config.services.nextcloud) occ; + nextcloud-config-collabora = let + inherit (config.services.nextcloud) occ; - wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; - public_wopi_url = "https://collabora.pack1828.org"; - wopi_allowlist = lib.concatStringsSep "," [ - "127.0.0.1" - "::1" - "5.161.244.95" - "2a01:4ff:f0:977c::1" - ]; - in - { - wantedBy = [ "multi-user.target" ]; - after = [ - "nextcloud-setup.service" - "coolwsd.service" - ]; - requires = [ "coolwsd.service" ]; - script = '' - ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} - ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} - ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} - ${occ}/bin/nextcloud-occ richdocuments:setup - ''; - serviceConfig = { - Type = "oneshot"; - }; + wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; + public_wopi_url = "https://collabora.pack1828.org"; + wopi_allowlist = lib.concatStringsSep "," [ + "127.0.0.1" + "::1" + "5.161.244.95" + "2a01:4ff:f0:977c::1" + ]; + in { + wantedBy = ["multi-user.target"]; + after = ["nextcloud-setup.service" "coolwsd.service"]; + requires = ["coolwsd.service"]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} + ${occ}/bin/nextcloud-occ richdocuments:setup + ''; + serviceConfig = { + Type = "oneshot"; }; + }; }; # Enable common container config files in /etc/containers diff --git a/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix b/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix index 0421a1d..7c83bc2 100644 --- a/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix +++ b/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix @@ -1,5 +1,4 @@ -{ config, ... }: -{ +{ config, ... }: { services.matrix-synapse = { enable = true; configureRedisLocally = true; @@ -34,7 +33,7 @@ ]; url_preview_enabled = true; enable_registration = false; - trusted_key_servers = [ { server_name = "matrix.org"; } ]; + trusted_key_servers = [{ server_name = "matrix.org"; }]; }; }; diff --git a/modules/hosts/nixos/hetznix01/post-install/monitoring.nix b/modules/hosts/nixos/hetznix01/post-install/monitoring.nix index 8f44f00..20fc60b 100644 --- a/modules/hosts/nixos/hetznix01/post-install/monitoring.nix +++ b/modules/hosts/nixos/hetznix01/post-install/monitoring.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: -let +{ config, pkgs, ... }: let metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; -in -{ +in { services = { vmagent = { enable = true; @@ -16,11 +14,11 @@ in { job_name = "node"; static_configs = [ - { targets = [ "127.0.0.1:9100" ]; } + { targets = ["127.0.0.1:9100"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -37,11 +35,11 @@ in { job_name = "nginx"; static_configs = [ - { targets = [ "127.0.0.1:9113" ]; } + { targets = ["127.0.0.1:9113"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -79,7 +77,7 @@ in # ---------------------------- # Exporters (using built-in NixOS modules) # ---------------------------- - + # Node exporter - using the built-in module prometheus.exporters.node = { enable = true; @@ -112,7 +110,7 @@ in group = "vmagent"; }; - users.groups.vmagent = { }; + users.groups.vmagent = {}; # ---------------------------- # SOPS secrets configuration @@ -121,9 +119,10 @@ in secrets = { vmagent_push_pw = { owner = "vmagent"; - restartUnits = [ "vmagent.service" ]; - sopsFile = ../../../../shared/secrets.yaml; + restartUnits = ["vmagent.service"]; + sopsFile = ../../../common/secrets.yaml; }; }; }; } + diff --git a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix index 282557f..d3405e4 100644 --- a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix +++ b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix @@ -1,21 +1,16 @@ -{ config, ... }: -let +{ config, ... }: let mqtt_domain = "mqtt.technicalissues.us"; -in -{ - security.acme.certs.${mqtt_domain}.postRun = - "systemctl restart ${config.systemd.services.mosquitto.name}"; +in { + security.acme.certs.${mqtt_domain}.postRun = "systemctl restart ${config.systemd.services.mosquitto.name}"; services.mosquitto = { enable = true; bridges = { liamcottle = { - addresses = [ - { - address = "mqtt.meshtastic.liamcottle.net"; - port = 1883; - } - ]; + addresses = [{ + address = "mqtt.meshtastic.liamcottle.net"; + port = 1883; + }]; topics = [ "msh/# out 1 \"\"" ]; @@ -29,12 +24,10 @@ in }; }; meshtastic = { - addresses = [ - { - address = "mqtt.meshtastic.org"; - port = 1883; - } - ]; + addresses = [{ + address = "mqtt.meshtastic.org"; + port = 1883; + }]; topics = [ "msh/# out 1 \"\"" ]; @@ -49,12 +42,10 @@ in }; }; homeassistant = { - addresses = [ - { - address = "homeasistant-lc.atlas-snares.ts.net"; - port = 1883; - } - ]; + addresses = [{ + address = "homeasistant-lc.atlas-snares.ts.net"; + port = 1883; + }]; topics = [ "msh/US/2/e/LongFast/!a386c80 out 1 \"\"" "msh/US/2/e/LongFast/!b03bcb24 out 1 \"\"" @@ -71,59 +62,53 @@ in }; }; }; - listeners = - let - mqtt_users = { - genebean = { - acl = [ - "readwrite msh/#" - ]; - hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path; - }; - mountain_mesh = { - acl = [ - "readwrite msh/#" - ]; - hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path; - }; + listeners = let + mqtt_users = { + genebean = { + acl = [ + "readwrite msh/#" + ]; + hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path; }; - in - [ - { - port = 1883; - users = mqtt_users; - settings.allow_anonymous = false; - } - { - port = 8883; - users = mqtt_users; - settings = - let - certDir = config.security.acme.certs."${mqtt_domain}".directory; - in - { - allow_anonymous = false; - keyfile = certDir + "/key.pem"; - certfile = certDir + "/cert.pem"; - cafile = certDir + "/chain.pem"; - }; - } - { - port = 9001; - users = mqtt_users; - settings = - let - certDir = config.security.acme.certs."${mqtt_domain}".directory; - in - { - allow_anonymous = false; - keyfile = certDir + "/key.pem"; - certfile = certDir + "/cert.pem"; - cafile = certDir + "/chain.pem"; - protocol = "websockets"; - }; - } - ]; + mountain_mesh = { + acl = [ + "readwrite msh/#" + ]; + hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path; + }; + }; + in [ + { + port = 1883; + users = mqtt_users; + settings.allow_anonymous = false; + } + { + port = 8883; + users = mqtt_users; + settings = let + certDir = config.security.acme.certs."${mqtt_domain}".directory; + in { + allow_anonymous = false; + keyfile = certDir + "/key.pem"; + certfile = certDir + "/cert.pem"; + cafile = certDir + "/chain.pem"; + }; + } + { + port = 9001; + users = mqtt_users; + settings = let + certDir = config.security.acme.certs."${mqtt_domain}".directory; + in { + allow_anonymous = false; + keyfile = certDir + "/key.pem"; + certfile = certDir + "/cert.pem"; + cafile = certDir + "/chain.pem"; + protocol = "websockets"; + }; + } + ]; }; sops.secrets = { diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index fd39b68..c714b31 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -1,11 +1,9 @@ -{ config, ... }: -let +{ config, ... }: let domain = "technicalissues.us"; http_port = 80; https_port = 443; private_btc = "umbrel.atlas-snares.ts.net"; -in -{ +in { services.nginx = { enable = true; @@ -136,36 +134,14 @@ in }; "matrix.${domain}" = { listen = [ - { - port = http_port; - addr = "0.0.0.0"; - } - { - port = http_port; - addr = "[::]"; - } + { port = http_port; addr = "0.0.0.0"; } + { port = http_port; addr = "[::]"; } - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - { - port = https_port; - addr = "[::]"; - ssl = true; - } + { port = https_port; addr = "0.0.0.0"; ssl = true; } + { port = https_port; addr = "[::]"; ssl = true; } - { - port = 8448; - addr = "0.0.0.0"; - ssl = true; - } - { - port = 8448; - addr = "[::]"; - ssl = true; - } + { port = 8448; addr = "0.0.0.0"; ssl = true; } + { port = 8448; addr = "[::]"; ssl = true; } ]; enableACME = true; acmeRoot = null; @@ -219,8 +195,7 @@ in "/" = { proxyPass = "http://127.0.0.1:8083"; }; - "/pub" = { - # Client apps need to point to this path + "/pub" = { # Client apps need to point to this path extraConfig = "proxy_set_header X-Limit-U $remote_user;"; proxyPass = "http://127.0.0.1:8083/pub"; }; diff --git a/modules/hosts/nixos/hetznix02/default.nix b/modules/hosts/nixos/hetznix02/default.nix index 77b2cf8..6d33499 100644 --- a/modules/hosts/nixos/hetznix02/default.nix +++ b/modules/hosts/nixos/hetznix02/default.nix @@ -1,12 +1,6 @@ -{ - inputs, - pkgs, - username, - ... -}: -{ +{ inputs, pkgs, username, ... }: { imports = [ - ../../../shared/nixos/nixroutes.nix + ../../common/linux/nixroutes.nix ./disk-config.nix ./hardware-configuration.nix ./post-install @@ -35,9 +29,9 @@ networking = { # Open ports in the firewall. firewall.allowedTCPPorts = [ - 22 # ssh - 80 # Nginx - 443 # Nginx + 22 # ssh + 80 # Nginx + 443 # Nginx ]; # firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. @@ -62,10 +56,7 @@ users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "networkmanager" - "wheel" - ]; + extraGroups = [ "networkmanager" "wheel" ]; linger = true; }; diff --git a/modules/hosts/nixos/hetznix02/disk-config.nix b/modules/hosts/nixos/hetznix02/disk-config.nix index c1f51ca..bf22bdd 100644 --- a/modules/hosts/nixos/hetznix02/disk-config.nix +++ b/modules/hosts/nixos/hetznix02/disk-config.nix @@ -44,10 +44,10 @@ content = { type = "gpt"; partitions = { - nix = { - name = "nix"; - size = "100%"; - content = { + nix = { + name = "nix"; + size = "100%"; + content = { type = "filesystem"; format = "ext4"; mountpoint = "/nix"; diff --git a/modules/hosts/nixos/hetznix02/hardware-configuration.nix b/modules/hosts/nixos/hetznix02/hardware-configuration.nix index 047c685..d13bb36 100644 --- a/modules/hosts/nixos/hetznix02/hardware-configuration.nix +++ b/modules/hosts/nixos/hetznix02/hardware-configuration.nix @@ -4,43 +4,34 @@ { lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; boot = { initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_scsi" - "sr_mod" - ]; + availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ]; kernelModules = [ ]; }; kernelModules = [ ]; extraModulePackages = [ ]; }; - fileSystems = { - "/" = { - device = "/dev/disk/by-partlabel/disk-primary-root"; + fileSystems."/" = + { device = "/dev/disk/by-partlabel/disk-primary-root"; fsType = "ext4"; }; - "/boot" = { - device = "/dev/disk/by-partlabel/disk-primary-ESP"; + fileSystems."/boot" = + { device = "/dev/disk/by-partlabel/disk-primary-ESP"; fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; + options = [ "fmask=0022" "dmask=0022" ]; }; - "/nix" = { - device = "/dev/disk/by-partlabel/disk-volume1-nix"; + fileSystems."/nix" = + { device = "/dev/disk/by-partlabel/disk-volume1-nix"; fsType = "ext4"; }; - }; swapDevices = [ ]; diff --git a/modules/hosts/nixos/hetznix02/home-gene.nix b/modules/hosts/nixos/hetznix02/home-gene.nix index 13c6855..945badd 100644 --- a/modules/hosts/nixos/hetznix02/home-gene.nix +++ b/modules/hosts/nixos/hetznix02/home-gene.nix @@ -1,3 +1,3 @@ -{ +{ ... }: { home.stateVersion = "24.05"; } diff --git a/modules/hosts/nixos/hetznix02/post-install/default.nix b/modules/hosts/nixos/hetznix02/post-install/default.nix index 823dabb..2500481 100644 --- a/modules/hosts/nixos/hetznix02/post-install/default.nix +++ b/modules/hosts/nixos/hetznix02/post-install/default.nix @@ -1,7 +1,6 @@ -{ config, username, ... }: -{ +{ config, username, ... }: { imports = [ - ../../../../shared/nixos/lets-encrypt.nix + ../../../common/linux/lets-encrypt.nix ./monitoring.nix ./nginx.nix ]; @@ -24,3 +23,4 @@ }; }; } + diff --git a/modules/hosts/nixos/hetznix02/post-install/monitoring.nix b/modules/hosts/nixos/hetznix02/post-install/monitoring.nix index 8f44f00..20fc60b 100644 --- a/modules/hosts/nixos/hetznix02/post-install/monitoring.nix +++ b/modules/hosts/nixos/hetznix02/post-install/monitoring.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: -let +{ config, pkgs, ... }: let metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; -in -{ +in { services = { vmagent = { enable = true; @@ -16,11 +14,11 @@ in { job_name = "node"; static_configs = [ - { targets = [ "127.0.0.1:9100" ]; } + { targets = ["127.0.0.1:9100"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -37,11 +35,11 @@ in { job_name = "nginx"; static_configs = [ - { targets = [ "127.0.0.1:9113" ]; } + { targets = ["127.0.0.1:9113"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -79,7 +77,7 @@ in # ---------------------------- # Exporters (using built-in NixOS modules) # ---------------------------- - + # Node exporter - using the built-in module prometheus.exporters.node = { enable = true; @@ -112,7 +110,7 @@ in group = "vmagent"; }; - users.groups.vmagent = { }; + users.groups.vmagent = {}; # ---------------------------- # SOPS secrets configuration @@ -121,9 +119,10 @@ in secrets = { vmagent_push_pw = { owner = "vmagent"; - restartUnits = [ "vmagent.service" ]; - sopsFile = ../../../../shared/secrets.yaml; + restartUnits = ["vmagent.service"]; + sopsFile = ../../../common/secrets.yaml; }; }; }; } + diff --git a/modules/hosts/nixos/hetznix02/post-install/nginx.nix b/modules/hosts/nixos/hetznix02/post-install/nginx.nix index 880b521..bd91204 100644 --- a/modules/hosts/nixos/hetznix02/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix02/post-install/nginx.nix @@ -1,8 +1,7 @@ -{ pkgs, ... }: -let + +{ pkgs, ... }: let domain = "genebean.me"; -in -{ +in { environment.etc.nginx-littlelinks = { # Info generated via # nurl https://github.com/genebean/littlelink genebean-sometag diff --git a/modules/hosts/nixos/kiosk-entryway/default.nix b/modules/hosts/nixos/kiosk-entryway/default.nix index f3b88a7..a694dbf 100644 --- a/modules/hosts/nixos/kiosk-entryway/default.nix +++ b/modules/hosts/nixos/kiosk-entryway/default.nix @@ -1,11 +1,4 @@ -{ - config, - lib, - pkgs, - username, - ... -}: -{ +{ config, lib, pkgs, username, ... }: { imports = [ ./disk-config.nix ./hardware-configuration.nix @@ -49,7 +42,7 @@ # Home "Diagon Alley".pskRaw = "ext:psk_diagon_alley"; # Public networks - "Gallery Row-GuestWiFi" = { }; + "Gallery Row-GuestWiFi" = {}; "LocalTies Guest".pskRaw = "ext:psk_local_ties"; }; secretsFile = "${config.sops.secrets.wifi_creds.path}"; @@ -57,27 +50,26 @@ }; nixpkgs.overlays = [ - (_final: super: { - makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); }) ]; services = { - cage = - let - kioskProgram = pkgs.writeShellScript "kiosk.sh" '' - WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 - /etc/profiles/per-user/gene/bin/chromium-browser - ''; - in - { - enable = true; - program = kioskProgram; - user = "gene"; - environment = { - WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected - }; + cage = let + kioskProgram = pkgs.writeShellScript "kiosk.sh" '' + WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 + /etc/profiles/per-user/gene/bin/chromium-browser + ''; + in { + enable = true; + program = kioskProgram; + user = "gene"; + environment = { + WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected }; + }; prometheus.exporters.node = { enable = true; enabledCollectors = [ @@ -105,7 +97,7 @@ path = "${config.users.users.${username}.home}/.private-env"; }; wifi_creds = { - sopsFile = ../../../shared/secrets.yaml; + sopsFile = ../../common/secrets.yaml; restartUnits = [ "wpa_supplicant.service" ]; @@ -123,10 +115,7 @@ users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "networkmanager" - "wheel" - ]; + extraGroups = [ "networkmanager" "wheel" ]; linger = true; }; @@ -136,3 +125,4 @@ memoryPercent = 90; }; } + diff --git a/modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix b/modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix index f7bbe15..23c2071 100644 --- a/modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix +++ b/modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix @@ -1,33 +1,17 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ehci_pci" - "ahci" - "usbhid" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - kernelModules = [ ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/hosts/nixos/kiosk-entryway/home-gene.nix b/modules/hosts/nixos/kiosk-entryway/home-gene.nix index 8ff51f9..8e3e8b1 100644 --- a/modules/hosts/nixos/kiosk-entryway/home-gene.nix +++ b/modules/hosts/nixos/kiosk-entryway/home-gene.nix @@ -1,4 +1,4 @@ -{ +{ ... }: { home.stateVersion = "24.11"; programs = { @@ -21,3 +21,4 @@ }; } + diff --git a/modules/hosts/nixos/kiosk-entryway/monitoring.nix b/modules/hosts/nixos/kiosk-entryway/monitoring.nix index 246af7f..20fc60b 100644 --- a/modules/hosts/nixos/kiosk-entryway/monitoring.nix +++ b/modules/hosts/nixos/kiosk-entryway/monitoring.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: -let +{ config, pkgs, ... }: let metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; -in -{ +in { services = { vmagent = { enable = true; @@ -16,11 +14,32 @@ in { job_name = "node"; static_configs = [ - { targets = [ "127.0.0.1:9100" ]; } + { targets = ["127.0.0.1:9100"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; + regex = "go_.*"; + action = "drop"; + } + ]; + relabel_configs = [ + { + target_label = "instance"; + replacement = "${config.networking.hostName}"; + } + ]; + } + + # Nginx exporter + { + job_name = "nginx"; + static_configs = [ + { targets = ["127.0.0.1:9113"]; } + ]; + metric_relabel_configs = [ + { + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -58,17 +77,29 @@ in # ---------------------------- # Exporters (using built-in NixOS modules) # ---------------------------- - + # Node exporter - using the built-in module prometheus.exporters.node = { enable = true; listenAddress = "127.0.0.1"; port = 9100; + enabledCollectors = [ + "systemd" + ]; extraFlags = [ "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|run|tmp|var/lib/docker/.+)($|/)" "--collector.diskstats.device-exclude=^(loop|ram|fd|sr|dm-|nvme[0-9]n[0-9]p[0-9]+_crypt)$" ]; }; + + # Nginx exporter - using the built-in module + prometheus.exporters.nginx = { + enable = true; + listenAddress = "127.0.0.1"; + port = 9113; + scrapeUri = "https://127.0.0.1/server_status"; + sslVerify = false; + }; }; # ---------------------------- @@ -79,7 +110,7 @@ in group = "vmagent"; }; - users.groups.vmagent = { }; + users.groups.vmagent = {}; # ---------------------------- # SOPS secrets configuration @@ -88,9 +119,10 @@ in secrets = { vmagent_push_pw = { owner = "vmagent"; - restartUnits = [ "vmagent.service" ]; - sopsFile = ../../../shared/secrets.yaml; + restartUnits = ["vmagent.service"]; + sopsFile = ../../../common/secrets.yaml; }; }; }; } + diff --git a/modules/hosts/nixos/kiosk-entryway/secrets.yaml b/modules/hosts/nixos/kiosk-entryway/secrets.yaml index f602c32..17ef002 100644 --- a/modules/hosts/nixos/kiosk-entryway/secrets.yaml +++ b/modules/hosts/nixos/kiosk-entryway/secrets.yaml @@ -1,6 +1,10 @@ -local_git_config: ENC[AES256_GCM,data:Vzcth5778ZuzbN7iQUxAuyUxUWoP45p8iW4xt5G4/pljdmkDl7Kw0kE=,iv:PSQTPeEp8DOQEI7/Fn3PAlKbDlxHqJEPuDRKGHewGDo=,tag:w7NXm6tUqnkGOJAquBtzeg==,type:str] +local_git_config: ENC[AES256_GCM,data:9eq+YMK1wRewtTOCYdq9haD9XhMKcKCXeYlioxn5kAAreUJdjw/D92O33958eXvA3TbvRJGpioN0iZZribay7q+e2zoW+SfITwetfKa9xIeU2UQF3f6jB9juh5mqWZBXGxx+An3tIg9jNjtHRRzK7nzp6Uyxy5TNEfBKPwU=,iv:mAMMKaEWN9DvVGDDc8tNKE6LXxTnd7NKe5VXL1vmCp0=,tag:EhJkL9V3J+020uUSVsL8BA==,type:str] local_private_env: ENC[AES256_GCM,data:66Ii8OUAwROOyfSFAWhCdpq8OiTEwGqn6y51Tp3FnOYYuDepJmsh/ikBAkoowVUWf4F4RdABtauLCqOuRg==,iv:xZMtNffbdnbUbohcmr0ZprxdaeFNvp5VfHOyRh+hrhU=,tag:Tq+fo2QJxZvcMAE1oIudBA==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age1xaaf9enkf669w0cfnlx4ksd9g2kvvkuskp4xw7x84x6u492ulquqfjez5s enc: | @@ -11,7 +15,8 @@ sops: eEtid0paSEttc3FLamFJZ2FWZDVQSGcKG8gAV8xuSyYUxbRJqC+2WcwsuLQ0/Ngv gFy5WVrDl61qq6MtI59ELHQiM6/Jv7x5Gv0Nmfy6q8ABtP6rSns/HA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-22T23:30:59Z" - mac: ENC[AES256_GCM,data:dtdgENN1+zOOrDrF82VH5yIFs6F/Td65+G6JcoVVYuIKAnqtlDiaYLnJXfcqFl5wTXvY5J+4uPDh0dm0bGmTcxJITdapTr9CQNf+FQlKf5hm9U6CgHRp5EkQkZDtRIufirdhvFlWsU61Vv2qgt3AJnRD8VoIf8zhVDwwEpBLE48=,iv:bhsHBCMBiRHkRbi3IsDh91dqaKckCm8HhS7D0ZuhOVc=,tag:x+SfetIPvqLKzY4dTJUrwQ==,type:str] + lastmodified: "2025-04-03T16:37:52Z" + mac: ENC[AES256_GCM,data:c/cGUUlyWJIcJ4sgJEv2EhGvOcE73V953hrOVq3l2PX23mm01rQF5NzXJ0PrEc17kpAPrmnS5CK45KBuN+38WQW6WsCPN+gjzoYzyo6X3W+LaHcSwJd48gRfC/1FXjDvoz7l2o3nmyPncaAzqINTj7ccTzMwgHjrfRNVv+aVWXY=,iv:tV++nZK6zl3dP1Bf+rsB0ivpRZj3r2RCPSGQj19Wdfg=,tag:SbRcxjF57bKZvZ+zl/pBLA==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.9.4 diff --git a/modules/hosts/nixos/kiosk-gene-desk/default.nix b/modules/hosts/nixos/kiosk-gene-desk/default.nix index e9668a9..ace2fe5 100644 --- a/modules/hosts/nixos/kiosk-gene-desk/default.nix +++ b/modules/hosts/nixos/kiosk-gene-desk/default.nix @@ -1,12 +1,4 @@ -{ - inputs, - config, - lib, - pkgs, - username, - ... -}: -{ +{ inputs, config, lib, pkgs, username, ... }: { imports = [ # SD card image "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" @@ -42,7 +34,7 @@ # Home "Diagon Alley".pskRaw = "ext:psk_diagon_alley"; # Public networks - "Gallery Row-GuestWiFi" = { }; + "Gallery Row-GuestWiFi" = {}; "LocalTies Guest".pskRaw = "ext:psk_local_ties"; }; secretsFile = "${config.sops.secrets.wifi_creds.path}"; @@ -50,29 +42,28 @@ }; nixpkgs.overlays = [ - (_final: super: { - makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + (final: super: { + makeModulesClosure = x: + super.makeModulesClosure (x // { allowMissing = true; }); }) ]; sdImage.compressImage = true; services = { - cage = - let - kioskProgram = pkgs.writeShellScript "kiosk.sh" '' - WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90 - /etc/profiles/per-user/gene/bin/chromium-browser - ''; - in - { - enable = true; - program = kioskProgram; - user = "gene"; - environment = { - WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected - }; + cage = let + kioskProgram = pkgs.writeShellScript "kiosk.sh" '' + WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90 + /etc/profiles/per-user/gene/bin/chromium-browser + ''; + in { + enable = true; + program = kioskProgram; + user = "gene"; + environment = { + WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected }; + }; prometheus.exporters.node = { enable = true; enabledCollectors = [ @@ -99,7 +90,7 @@ path = "${config.users.users.${username}.home}/.private-env"; }; wifi_creds = { - sopsFile = ../../../shared/secrets.yaml; + sopsFile = ../../common/secrets.yaml; restartUnits = [ "wpa_supplicant.service" ]; @@ -117,10 +108,7 @@ users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "networkmanager" - "wheel" - ]; + extraGroups = [ "networkmanager" "wheel" ]; linger = true; }; @@ -130,3 +118,4 @@ memoryPercent = 90; }; } + diff --git a/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix b/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix index f5700df..b6f0a3c 100644 --- a/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix +++ b/modules/hosts/nixos/kiosk-gene-desk/home-gene.nix @@ -1,4 +1,4 @@ -{ +{ ... }: { home.stateVersion = "24.11"; programs = { @@ -20,3 +20,4 @@ }; } + diff --git a/modules/hosts/nixos/nixnas1/default.nix b/modules/hosts/nixos/nixnas1/default.nix index 6ab4184..708ccba 100644 --- a/modules/hosts/nixos/nixnas1/default.nix +++ b/modules/hosts/nixos/nixnas1/default.nix @@ -1,14 +1,8 @@ -{ - config, - pkgs, - username, - ... -}: -{ +{ config, pkgs, username, ... }: { imports = [ ./disk-config.nix ./hardware-configuration.nix - ../../../shared/nixos/restic.nix + ../../../system/common/linux/restic.nix ]; system.stateVersion = "24.05"; @@ -23,16 +17,16 @@ device = "nodev"; mirroredBoots = [ { - devices = [ "/dev/disk/by-uuid/02A5-6FCC" ]; + devices = ["/dev/disk/by-uuid/02A5-6FCC"]; path = "/boot"; } { - devices = [ "/dev/disk/by-uuid/02F1-B12D" ]; + devices = ["/dev/disk/by-uuid/02F1-B12D"]; path = "/boot-fallback"; } ]; }; - supportedFilesystems = [ "zfs" ]; + supportedFilesystems = ["zfs"]; zfs = { extraPools = [ "storage" ]; forceImportRoot = false; diff --git a/modules/hosts/nixos/nixnas1/disk-config.nix b/modules/hosts/nixos/nixnas1/disk-config.nix index 8720d6e..dcb9555 100644 --- a/modules/hosts/nixos/nixnas1/disk-config.nix +++ b/modules/hosts/nixos/nixnas1/disk-config.nix @@ -1,3 +1,4 @@ +{ ... }: { disko.devices = { disk = { @@ -123,4 +124,4 @@ }; # end zroot }; }; -} +} \ No newline at end of file diff --git a/modules/hosts/nixos/nixnas1/hardware-configuration.nix b/modules/hosts/nixos/nixnas1/hardware-configuration.nix index 7423268..8cce237 100644 --- a/modules/hosts/nixos/nixnas1/hardware-configuration.nix +++ b/modules/hosts/nixos/nixnas1/hardware-configuration.nix @@ -1,72 +1,46 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "ehci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - "sr_mod" - ]; - kernelModules = [ "nvme" ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "nvme" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - fileSystems = { - "/" = { - device = "zroot/root"; + fileSystems."/" = + { device = "zroot/root"; fsType = "zfs"; }; - "/nix" = { - device = "zroot/root/nix"; + fileSystems."/nix" = + { device = "zroot/root/nix"; fsType = "zfs"; }; - "/home" = { - device = "zroot/root/home"; + fileSystems."/home" = + { device = "zroot/root/home"; fsType = "zfs"; }; - "/boot" = - # { device = "/dev/disk/by-uuid/02A5-6FCC"; - { - device = "/dev/disk/by-partlabel/disk-sdc-BOOT"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; - }; + fileSystems."/boot" = + # { device = "/dev/disk/by-uuid/02A5-6FCC"; + { device = "/dev/disk/by-partlabel/disk-sdc-BOOT"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; - "/boot-fallback" = - # { device = "/dev/disk/by-uuid/02F1-B12D"; - { - device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; - }; - }; + fileSystems."/boot-fallback" = + # { device = "/dev/disk/by-uuid/02F1-B12D"; + { device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; swapDevices = [ ]; diff --git a/modules/hosts/nixos/nixnas1/home-gene.nix b/modules/hosts/nixos/nixnas1/home-gene.nix index 13c6855..b6eed65 100644 --- a/modules/hosts/nixos/nixnas1/home-gene.nix +++ b/modules/hosts/nixos/nixnas1/home-gene.nix @@ -1,3 +1,3 @@ -{ - home.stateVersion = "24.05"; +{ ... }: { + home.stateVersion = "24.05"; } diff --git a/modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix b/modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix index 4e8d2b0..2c8f134 100644 --- a/modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix +++ b/modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix @@ -1,9 +1,7 @@ -_: -let +{ ... }: let volume_base = "/var/lib/audiobookshelf"; http_port = "13378"; -in -{ +in { # Audiobookshelf virtualisation.oci-containers.containers = { diff --git a/modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix b/modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix index 35d6819..670918b 100644 --- a/modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix +++ b/modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix @@ -1,8 +1,6 @@ -{ config, ... }: -let +{ config, username, ... }: let volume_base = "/orico/mountain-mesh-bot-discord"; -in -{ +in { # My mountain-mesh-bot-discord container virtualisation.oci-containers.containers = { @@ -19,8 +17,6 @@ in sops.secrets.mtnmesh_bot_dot_env = { path = "${volume_base}/.env"; - restartUnits = [ - "${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}" - ]; + restartUnits = [ "${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}" ]; }; } diff --git a/modules/hosts/nixos/nixnuc/containers/psitransfer.nix b/modules/hosts/nixos/nixnuc/containers/psitransfer.nix index f1e3558..b8f6e55 100644 --- a/modules/hosts/nixos/nixnuc/containers/psitransfer.nix +++ b/modules/hosts/nixos/nixnuc/containers/psitransfer.nix @@ -1,10 +1,8 @@ -{ config, ... }: -let +{ config, ... }: let volume_base = "/orico/psitransfer"; http_port = "3000"; psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}"; -in -{ +in { ############################################################################# # My intent as of now is to only make this available to the outside world # @@ -31,3 +29,4 @@ in }; }; } + diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index d2172dd..c3e1fb1 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -1,25 +1,18 @@ -{ - inputs, - config, - pkgs, - username, - ... -}: -let +{ inputs, config, pkgs, username, ... }: let + http_port = 80; https_port = 443; home_domain = "home.technicalissues.us"; backend_ip = "127.0.0.1"; restic_backup_time = "02:00"; -in -{ +in { imports = [ ./hardware-configuration.nix ./containers/audiobookshelf.nix ./containers/mountain-mesh-bot-discord.nix ./containers/psitransfer.nix ./monitoring-stack.nix - ../../../shared/nixos/lets-encrypt.nix - ../../../shared/nixos/restic.nix + ../../common/linux/lets-encrypt.nix + ../../common/linux/restic.nix ]; system.stateVersion = "23.11"; @@ -38,9 +31,7 @@ in }; environment = { - sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; - }; + sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; systemPackages = with pkgs; [ inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default docker-compose @@ -66,7 +57,7 @@ in intel-ocl # Generic OpenCL support ]; }; - + mailserver = { enable = true; enableImap = false; @@ -90,26 +81,26 @@ in # Open ports in the firewall. firewall = { allowedTCPPorts = [ - 22 # ssh - 80 # http to local Nginx - 443 # https to local Nginx - 3000 # PsiTransfer in oci-container - 3001 # immich-kiosk in compose - 3002 # grafana - 3005 # Firefly III - 3006 # Firefly III Data Importer - 3030 # Forgejo - 3087 # Youtarr in docker compose - 8001 # Tube Archivist - 8384 # Syncthing gui - 8888 # Atuin - 8090 # Wallabag in docker compose - 8945 # Pinchflat + 22 # ssh + 80 # http to local Nginx + 443 # https to local Nginx + 3000 # PsiTransfer in oci-container + 3001 # immich-kiosk in compose + 3002 # grafana + 3005 # Firefly III + 3006 # Firefly III Data Importer + 3030 # Forgejo + 3087 # Youtarr in docker compose + 8001 # Tube Archivist + 8384 # Syncthing gui + 8888 # Atuin + 8090 # Wallabag in docker compose + 8945 # Pinchflat 13378 # Audiobookshelf in oci-container ]; allowedUDPPorts = [ - 1900 # Jellyfin service auto-discovery - 7359 # Jellyfin auto-discovery + 1900 # Jellyfin service auto-discovery + 7359 # Jellyfin auto-discovery ]; }; # Or disable the firewall altogether. @@ -121,24 +112,23 @@ in networkmanager.enable = false; useNetworkd = true; vlans = { - vlan23 = { - id = 23; - interface = "eno1"; - }; + vlan23 = { id = 23; interface = "eno1"; }; }; interfaces = { eno1.useDHCP = true; - vlan23.ipv4.addresses = [ - { - address = "192.168.23.21"; - prefixLength = 24; - } - ]; + vlan23.ipv4.addresses = [{ address = "192.168.23.21"; prefixLength = 24; }]; }; }; # Enable sound with pipewire. security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + services.pulseaudio.enable = false; programs = { mtr.enable = true; @@ -146,13 +136,6 @@ in # List services that you want to enable: services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - pulseaudio.enable = false; atuin = { enable = true; host = "127.0.0.1"; @@ -328,11 +311,7 @@ in "nix-tester.${home_domain}" ]; listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } + { port = https_port; addr = "0.0.0.0"; ssl = true; } ]; enableACME = true; acmeRoot = null; @@ -352,13 +331,7 @@ in }; }; "ab.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -369,41 +342,17 @@ in ''; }; "atuin.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; locations."/".proxyPass = "http://${backend_ip}:8888"; }; # budget.${home_domain} - "${config.services.firefly-iii.virtualHost}".listen = [ - { - port = 3005; - addr = "0.0.0.0"; - ssl = false; - } - ]; - "${config.services.firefly-iii-data-importer.virtualHost}".listen = [ - { - port = 3006; - addr = "0.0.0.0"; - ssl = false; - } - ]; + "${config.services.firefly-iii.virtualHost}".listen = [{ port = 3005; addr = "0.0.0.0"; ssl = false; }]; + "${config.services.firefly-iii-data-importer.virtualHost}".listen = [{ port = 3006; addr = "0.0.0.0"; ssl = false; }]; "git.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -413,13 +362,7 @@ in ''; }; "id.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -431,13 +374,7 @@ in ''; }; "immich.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -451,13 +388,7 @@ in ''; }; "immich-kiosk.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -472,13 +403,7 @@ in ''; }; "jellyfin.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -503,13 +428,7 @@ in ''; }; "mealie.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -519,13 +438,7 @@ in ''; }; "monitoring.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -556,13 +469,7 @@ in ''; }; "readit.${home_domain}" = { - listen = [ - { - port = https_port; - addr = "0.0.0.0"; - ssl = true; - } - ]; + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; acmeRoot = null; forceSSL = true; @@ -650,7 +557,7 @@ in secrets = { firefly_app_key = { owner = config.services.firefly-iii.user; - restartUnits = [ "nginx.service" ]; + restartUnits = ["nginx.service"]; }; firefly_pat_data_import = { owner = config.services.firefly-iii-data-importer.user; @@ -675,7 +582,7 @@ in }; immich_kiosk_basic_auth = { owner = config.users.users.nginx.name; - restartUnits = [ "nginx.service" ]; + restartUnits = ["nginx.service"]; }; local_git_config = { owner = "${username}"; @@ -687,12 +594,12 @@ in }; mealie = { mode = "0444"; - restartUnits = [ "mealie.service" ]; + restartUnits = ["mealie.service"]; }; nextcloud_admin_pass.owner = config.users.users.nextcloud.name; nginx_basic_auth = { owner = "nginx"; - restartUnits = [ "nginx.service" ]; + restartUnits = ["nginx.service"]; }; tailscale_key = { restartUnits = [ "tailscaled-autoconnect.service" ]; @@ -703,44 +610,38 @@ in systemd.services = { jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; "mealie" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + requires = ["postgresql.service"]; + after = ["postgresql.service"]; }; "nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + requires = ["postgresql.service"]; + after = ["postgresql.service"]; }; }; users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "docker" - "podman" - "networkmanager" - "wheel" - ]; + extraGroups = [ "docker" "podman" "networkmanager" "wheel" ]; linger = true; }; # Enable common container config files in /etc/containers - virtualisation = { - containers.enable = true; - oci-containers.backend = "podman"; - # Compose based apps were crashing with podman compose, so back to Docker... - docker = { - enable = true; - package = pkgs.docker; - }; - podman = { - enable = true; - autoPrune.enable = true; - #dockerCompat = true; - extraPackages = [ pkgs.zfs ]; # Required if the host is running ZFS + virtualisation.containers.enable = true; - # Required for container networking to be able to use names. - defaultNetwork.settings.dns_enabled = true; - }; + virtualisation.oci-containers.backend = "podman"; + + # Compose based apps were crashing with podman compose, so back to Docker... + virtualisation.docker.enable = true; + virtualisation.docker.package = pkgs.docker; + + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + #dockerCompat = true; + extraPackages = [ pkgs.zfs ]; # Required if the host is running ZFS + + # Required for container networking to be able to use names. + defaultNetwork.settings.dns_enabled = true; }; } diff --git a/modules/hosts/nixos/nixnuc/hardware-configuration.nix b/modules/hosts/nixos/nixnuc/hardware-configuration.nix index 220502f..c4d326f 100644 --- a/modules/hosts/nixos/nixnuc/hardware-configuration.nix +++ b/modules/hosts/nixos/nixnuc/hardware-configuration.nix @@ -1,60 +1,42 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - kernelModules = [ ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0"; + fileSystems."/" = + { device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0"; fsType = "ext4"; }; - "/boot" = { - device = "/dev/disk/by-uuid/4814-3E47"; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/4814-3E47"; fsType = "vfat"; }; - "/var/lib/audiobookshelf" = { - device = "orico/audiobookshelf"; + fileSystems."/var/lib/audiobookshelf" = + { device = "orico/audiobookshelf"; fsType = "zfs"; }; - "/var/lib/postgresql" = { - device = "orico/postgresql-data"; + fileSystems."/var/lib/postgresql" = + { device = "orico/postgresql-data"; fsType = "zfs"; }; - "/var/lib/postgresql/16/pg_wal" = { - device = "orico/postgresql-wal-16"; + fileSystems."/var/lib/postgresql/16/pg_wal" = + { device = "orico/postgresql-wal-16"; fsType = "zfs"; }; - }; # Second disk inside case #fileSystems."/var/lib/postgresql" = diff --git a/modules/hosts/nixos/nixnuc/home-gene.nix b/modules/hosts/nixos/nixnuc/home-gene.nix index e48c48c..21ec006 100644 --- a/modules/hosts/nixos/nixnuc/home-gene.nix +++ b/modules/hosts/nixos/nixnuc/home-gene.nix @@ -1,3 +1,3 @@ -{ - home.stateVersion = "23.11"; +{ ... }: { + home.stateVersion = "23.11"; } diff --git a/modules/hosts/nixos/nixnuc/monitoring-stack.nix b/modules/hosts/nixos/nixnuc/monitoring-stack.nix index 3d489f8..e486512 100644 --- a/modules/hosts/nixos/nixnuc/monitoring-stack.nix +++ b/modules/hosts/nixos/nixnuc/monitoring-stack.nix @@ -1,8 +1,6 @@ -{ config, pkgs, ... }: -let +{ config, pkgs, ... }: let home_domain = "home.technicalissues.us"; -in -{ +in { environment.systemPackages = with pkgs; [ # Keeping empty for manual testing if needed ]; @@ -27,7 +25,7 @@ in # ---------------------------- victoriametrics = { enable = true; - stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix + stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix package = pkgs.victoriametrics; }; @@ -49,24 +47,21 @@ in static_configs = [ { targets = [ - "127.0.0.1:9100" # nixnuc - "192.168.22.22:9100" # home assistant + "127.0.0.1:9100" # nixnuc + "192.168.22.22:9100" # home assistant "umbrel:9100" ]; } ]; metric_relabel_configs = [ { - source_labels = [ - "__name__" - "nodename" - ]; + source_labels = ["__name__" "nodename"]; regex = "node_uname_info;0d869efa-prometheus-node-exporter"; target_label = "nodename"; replacement = "homeassistant"; } { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -89,11 +84,11 @@ in { job_name = "cadvisor"; static_configs = [ - { targets = [ "127.0.0.1:8081" ]; } + { targets = ["127.0.0.1:8081"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -110,11 +105,11 @@ in { job_name = "nginx"; static_configs = [ - { targets = [ "127.0.0.1:9113" ]; } + { targets = ["127.0.0.1:9113"]; } ]; metric_relabel_configs = [ { - source_labels = [ "__name__" ]; + source_labels = ["__name__"]; regex = "go_.*"; action = "drop"; } @@ -133,7 +128,7 @@ in scrape_interval = "30s"; metrics_path = "/api/prometheus"; static_configs = [ - { targets = [ "192.168.22.22:8123" ]; } + { targets = ["192.168.22.22:8123"]; } ]; bearer_token_file = config.sops.secrets.home_assistant_token.path; relabel_configs = [ @@ -150,7 +145,7 @@ in scheme = "https"; scrape_interval = "30s"; static_configs = [ - { targets = [ "utk.technicalissues.us" ]; } + { targets = ["utk.technicalissues.us"]; } ]; basic_auth = { password_file = config.sops.secrets.uptimekuma_grafana_api_key.path; @@ -158,19 +153,19 @@ in }; metric_relabel_configs = [ { - source_labels = [ "monitor_hostname" ]; + source_labels = ["monitor_hostname"]; regex = "^null$"; replacement = ""; target_label = "monitor_hostname"; } { - source_labels = [ "monitor_port" ]; + source_labels = ["monitor_port"]; regex = "^null$"; replacement = ""; target_label = "monitor_port"; } { - source_labels = [ "monitor_url" ]; + source_labels = ["monitor_url"]; regex = "https:\/\/"; replacement = ""; target_label = "monitor_url"; @@ -216,16 +211,17 @@ in datasources.settings.datasources = [ { - name = "VictoriaMetrics"; - type = "victoriametrics-metrics-datasource"; + name = "VictoriaMetrics"; + type = "victoriametrics-metrics-datasource"; access = "proxy"; - url = "http://127.0.0.1:8428"; + url = "http://127.0.0.1:8428"; isDefault = true; - uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules + uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules } ]; }; + settings = { auth = { # Set to true to disable (hide) the login form, useful if you use OAuth @@ -233,36 +229,36 @@ in }; "auth.generic_oauth" = { - name = "Pocket ID"; - enabled = true; + name = "Pocket ID"; + enabled = true; # Use Grafana's file reference syntax for secrets - client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}"; - client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}"; + client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}"; + client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}"; - auth_style = "AutoDetect"; - scopes = "openid email profile groups"; - auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize"; - token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token"; - allow_sign_up = true; - auto_login = true; - name_attribute_path = "display_name"; - login_attribute_path = "preferred_username"; - email_attribute_name = "email:primary"; - email_attribute_path = "email"; - role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'"; - role_attribute_strict = false; + auth_style = "AutoDetect"; + scopes = "openid email profile groups"; + auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize"; + token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token"; + allow_sign_up = true; + auto_login = true; + name_attribute_path = "display_name"; + login_attribute_path = "preferred_username"; + email_attribute_name = "email:primary"; + email_attribute_path = "email"; + role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'"; + role_attribute_strict = false; allow_assign_grafana_admin = true; - skip_org_role_sync = false; - use_pkce = true; - use_refresh_token = false; - tls_skip_verify_insecure = false; + skip_org_role_sync = false; + use_pkce = true; + use_refresh_token = false; + tls_skip_verify_insecure = false; }; # Database configuration - use PostgreSQL with peer authentication database = { type = "postgres"; - host = "/run/postgresql"; # Use Unix socket instead of TCP + host = "/run/postgresql"; # Use Unix socket instead of TCP name = "grafana"; user = "grafana"; # No password needed - using peer authentication via Unix socket @@ -270,10 +266,10 @@ in # Server configuration server = { - domain = "monitoring.${home_domain}"; - http_addr = "0.0.0.0"; - http_port = 3002; - root_url = "https://monitoring.${home_domain}/grafana/"; + domain = "monitoring.${home_domain}"; + http_addr = "0.0.0.0"; + http_port = 3002; + root_url = "https://monitoring.${home_domain}/grafana/"; serve_from_sub_path = true; }; @@ -290,7 +286,7 @@ in # ---------------------------- # Exporters (using built-in NixOS modules) # ---------------------------- - + # Node exporter - using the built-in module prometheus.exporters.node = { enable = true; @@ -336,7 +332,7 @@ in group = "vmagent"; }; - users.groups.vmagent = { }; + users.groups.vmagent = {}; # ---------------------------- # Systemd service dependencies @@ -354,20 +350,20 @@ in secrets = { grafana_oauth_client_id = { owner = "grafana"; - restartUnits = [ "grafana.service" ]; + restartUnits = ["grafana.service"]; }; grafana_oauth_client_secret = { owner = "grafana"; - restartUnits = [ "grafana.service" ]; + restartUnits = ["grafana.service"]; }; home_assistant_token = { owner = "vmagent"; - restartUnits = [ "vmagent.service" ]; + restartUnits = ["vmagent.service"]; }; uptimekuma_grafana_api_key = { owner = "vmagent"; - restartUnits = [ "vmagent.service" ]; - sopsFile = ../../../shared/secrets.yaml; + restartUnits = ["vmagent.service"]; + sopsFile = ../../common/secrets.yaml; }; }; }; @@ -382,3 +378,4 @@ in ]; }; } + diff --git a/modules/hosts/nixos/nixnuc/secrets.yaml b/modules/hosts/nixos/nixnuc/secrets.yaml index dfaeed9..407fbf3 100644 --- a/modules/hosts/nixos/nixnuc/secrets.yaml +++ b/modules/hosts/nixos/nixnuc/secrets.yaml @@ -1,5 +1,5 @@ tailscale_key: ENC[AES256_GCM,data:d6Fgyr6SXhj3/rVu+KvNqHUODIH6aFqL+eKaITO7zRVhwrwRxcHVT901Ts8RjkMhZjWHOlC45AUBA/ZMFA==,iv:X22cerxp5Ak/nWTQAvy2/cN6zqfarg4mJhKmYAzeqIQ=,tag:b5jNpanzIYGaUEoTJzwh1g==,type:str] -local_git_config: ENC[AES256_GCM,data:Qw094T7+BVtYPxpJeXr2aaqYh6VDoiMlHS5UY9OkcqJxiiC1ST/Vv0c=,iv:H6eQX2Mxb1xC0MN+oWhnuZF04UuapKdqgN7vhiJF5gI=,tag:SbMJHxJgtj1CmDDitkCvIw==,type:str] +local_git_config: ENC[AES256_GCM,data:P5a6cABRQOA5apaDHdDcTEyXFMbewO/G0Jx9JR7REEH9r32eKKN7lGSfw79oG2jrbrlTtAgSvrbCWx0xaMbiGON0164SKX3zU9whOgljNzgqxVI32KxeWHe9ljef/Gj9y4Q0zedKF4M93qv5CmeZKn6+mK0ltctZANdXbEI=,iv:Dh8JOHqxCJ82OVE8EW4XEaamZBZ+dn+OHi5bPx6ksDs=,tag:JqfHmsdATxfn1IeVSwV8iA==,type:str] local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str] firefly_app_key: ENC[AES256_GCM,data:sNaqRgFOSmdSS0lCmEG8Nxy/3N7F/hQyS6iPnwau3sQbm6zCL5j6qfuvJtMx7C5NePMW,iv:WT16cRGiDRaOjNwP8d0Ee71K9wTH2xOjGwj2osinF/8=,tag:MNaGAEDBPYJRsNJn7QTSaA==,type:str] firefly_pat_data_import: ENC[AES256_GCM,data:mZ32gVaDZGEnpsu4HBHeIZ8UtkTQMrHNWp6iv1jOxsUNJlswWS0kU3IN/sVRWT734KcBGUnriWcXIFvZTx6KXhOjWdEYXyO+g9ws88CWCAguCssiPJI23XaDwMhaqjWRvauzPgjzGXdvg4pFs+myxui+MkLyqcv/ZOBoMt85Nn/M6xuMyyzzmalvTtovCgkja3LJDgxCK7AZoGkXK3X9v15ShHaAjM6mEYkSpONeprew+a7PfmPkM8ynMMOgdCQbRLf/34tLXnTer9qL/kz/Xt14PZsQ5+Fj+fxVwt08xv4FWi3VqUR9wL4Fs4G/yJQHUkDQXDcCk67+TgHxFnsYcxZw6k0ue8u1Ab1aDPyEhUD/UwyzTKyIjzCCIc8NBnst6o8kV62d6ei7dG4PWvNk8m2yNhZVlvoKEjmvZg0Bxv7xGniSimXpvTcMs18+mB0nOcYFUZJf6S0tolcClEDBEegwf0kD+p2F7jXsUjcJsaxqh9Xk215qbTi9iRVtQMWfPO8dCo4EC9vs7MFNmtJsGEp0WR2nwGFh7eIRbzug5+HC5OtUEGbmIUhLmTYnrohkJUKauMYALeYUS7j8GwFdfN0qT0N5r1d5OC/uOih2W5jWiMsOkNWKlaxZ/D1TOTYjLdcHCmIDlQHv9XVFUketsy6KPyg3XkmicKYq18xMi2pkWwGwDV0rd0aqHqRLTNfj3BoXI53eWSsZo8CKuUgWyXM4mIRy7yle2s52a2Idsc8/Zx42MmbWov3c5CNaQDjaseTSO8bv57U30GBY43UBJ4n+p6AIBnXQAN9d/YQ2Wvphe80ZdqyfHzTgj+6PEQKFXzs4KJDE83es/1+HVZdKehpUksenPeQ8UAxoIFtgFjdz6p9JBdXcuFhkWs6oAT96VQtkS6aHgOOUSTN2+H0Q/l6yvIvQB/QcI88r4BiU2vroGqzuVRCbgaXZqjUU06lS608gJOGqIe2a2bHbxwKU+SHEglTdDzRP4n02v8Ua5+BpcWVmhamEzd+8qhLEp/awYi9rd2Kc38T/vowsumLQAvfuZHUt8ySS1JEsyjrWsXQ/cfAiKMeTWkL7b2vEmvx30D8Acz68wDmXwxI/pWDKSe+jagegkmPWVnGQz7MATfApjIl4ZksDQH/O88WrYVF71YYfhA2Qpxr+2FHJ0F2kTPV6tv3QPcteJH4s8pVXvgpYZ050FL9/gJ+gB4rt23Lp0pGW+WEo6YenZ0plbWe4ixf8+U4he5eecGAlAYFEVYZnl6WKLLhX9/xMG9vNJODnUxF97csMPDYiGBhupT8dVk6+1ww=,iv:L0Ff7RYYOPqPeR81LJuTMZ5dsmeQrJtfO1e7Aei+tc4=,tag:wK5s7gRQNpk2aOnsIhtr2A==,type:str] @@ -28,7 +28,7 @@ sops: bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-22T23:27:45Z" - mac: ENC[AES256_GCM,data:ZR+AqF/6rF/A+36JLQenThy0eYSD1tHFPVrMBXdknZ/2FHNKBgtU4jdy2VE61bzj7MLOqi2eeA7OudY3QuAjVsQ9gn85AAkghyEThsmqhJPUHxhHzYt40mUVEE+rKmxkUBR8dMEIUg/yn07zzG96s/P5PV5OejW2ZEJ/oQwxIFI=,iv:CMQOg0fJnyxjQDISIeUWg3fQBHQVhpdtbOaJVp/ayKs=,tag:/d+tPluy8aV1hYK2w2t/Lw==,type:str] + lastmodified: "2026-02-01T03:12:35Z" + mac: ENC[AES256_GCM,data:2PCSk5RQfgsDkQwlujmrBw4yDOIypKBeW/MAF339OR2o77Dz4+YHbUjxoPHt84bpZDMNeUDAifQUoBrKqq66gBJU7CcF/A/dRGCw5xxkdGGEqIjOX+SpC4I+j0zfJ34Pc1BvmTtY32Ivb9njqKZtTj21KJGMB/NDdkgYrDkqY+g=,iv:TSh4Xlmu840HVPBRw+2D2NoDURkEusjwhUEVoL0YWvs=,tag:4K6sHya1LEOziB4zBo0QIg==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.11.0 diff --git a/modules/hosts/nixos/rainbow-planet/default.nix b/modules/hosts/nixos/rainbow-planet/default.nix index 142389b..1a0ae65 100644 --- a/modules/hosts/nixos/rainbow-planet/default.nix +++ b/modules/hosts/nixos/rainbow-planet/default.nix @@ -1,15 +1,8 @@ -{ - inputs, - config, - pkgs, - username, - ... -}: -{ +{ inputs, config, pkgs, username, ... }: { imports = [ ./hardware-configuration.nix - ../../../shared/linux/flatpaks.nix - ../../../shared/nixos/ripping.nix + ../../common/linux/flatpaks.nix + ../../common/linux/ripping.nix ]; system.stateVersion = "23.05"; @@ -21,7 +14,7 @@ }; loader = { efi.canTouchEfiVariables = true; - systemd-boot = { + systemd-boot= { enable = true; consoleMode = "1"; }; @@ -115,13 +108,9 @@ boinc.enable = true; bpftune.enable = true; dbus.implementation = "broker"; - desktopManager = { - cosmic = { - enable = false; - xwayland.enable = false; - }; - plasma6.enable = true; - }; + desktopManager.cosmic.enable = false; + desktopManager.cosmic.xwayland.enable = false; + desktopManager.plasma6.enable = true; displayManager.cosmic-greeter.enable = false; displayManager.sddm = { enable = true; @@ -190,15 +179,7 @@ users.users.${username} = { isNormalUser = true; description = "Gene Liverman"; - extraGroups = [ - "adbusers" - "dialout" - "docker" - "input" - "networkmanager" - "podman" - "wheel" - ]; + extraGroups = [ "adbusers" "dialout" "docker" "input" "networkmanager" "podman" "wheel" ]; packages = with pkgs; [ tailscale-systray ]; diff --git a/modules/hosts/nixos/rainbow-planet/gnome.nix b/modules/hosts/nixos/rainbow-planet/gnome.nix index afe7c35..2aa57a5 100644 --- a/modules/hosts/nixos/rainbow-planet/gnome.nix +++ b/modules/hosts/nixos/rainbow-planet/gnome.nix @@ -1,5 +1,4 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { environment.systemPackages = with pkgs; [ gnome.gnome-tweaks gnome.nautilus @@ -16,7 +15,7 @@ gnome.gnome-keyring.enable = true; # Provides secret storage gvfs.enable = true; # Used by Nautilus xserver = { - enable = true; # Enable the X11 windowing system. + enable = true; # Enable the X11 windowing system. # Configure keymap in X11 xkb = { @@ -34,3 +33,4 @@ }; }; } + diff --git a/modules/hosts/nixos/rainbow-planet/hardware-configuration.nix b/modules/hosts/nixos/rainbow-planet/hardware-configuration.nix index 781a9fa..7a37e9f 100644 --- a/modules/hosts/nixos/rainbow-planet/hardware-configuration.nix +++ b/modules/hosts/nixos/rainbow-planet/hardware-configuration.nix @@ -1,56 +1,36 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, modulesPath, pkgs, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + # boot.kernelPackages = pkgs.linuxPackages_zen; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; + boot.kernelParams = [ + "i915.enable_fbc=1" + "i915.enable_psr=2" ]; + boot.extraModulePackages = [ ]; - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "nvme" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - # boot.kernelPackages = pkgs.linuxPackages_zen; - kernelModules = [ ]; - }; - kernelModules = [ - "kvm-intel" - "sg" - ]; - kernelParams = [ - "i915.enable_fbc=1" - "i915.enable_psr=2" - ]; - extraModulePackages = [ ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c"; + fileSystems."/" = + { device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c"; fsType = "ext4"; }; - "/boot" = { - device = "/dev/disk/by-uuid/924D-E7A4"; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/924D-E7A4"; fsType = "vfat"; }; - }; - swapDevices = [ - { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; } - ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/hosts/nixos/rainbow-planet/home-gene.nix b/modules/hosts/nixos/rainbow-planet/home-gene.nix index db28e94..2c501a5 100644 --- a/modules/hosts/nixos/rainbow-planet/home-gene.nix +++ b/modules/hosts/nixos/rainbow-planet/home-gene.nix @@ -1,24 +1,21 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { home.stateVersion = "23.11"; imports = [ - ../../../shared/home/general/all-gui.nix - ../../../shared/home/linux/apps/hexchat.nix - ../../../shared/home/linux/apps/pidgin.nix - ../../../shared/home/linux/apps/tilix.nix - ../../../shared/home/linux/apps/waybar.nix - ../../../shared/home/linux/apps/xfce4-terminal.nix + ../../common/all-gui.nix + ../../common/linux/apps/hexchat.nix + ../../common/linux/apps/pidgin.nix + ../../common/linux/apps/tilix.nix + ../../common/linux/apps/waybar.nix + ../../common/linux/apps/xfce4-terminal.nix ]; home.file = { - ".config/hypr/frappe.conf".source = - pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "hyprland"; - rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be"; - hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8="; - } - + "/themes/frappe.conf"; + ".config/hypr/frappe.conf".source = (pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "hyprland"; + rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be"; + hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8="; + } + "/themes/frappe.conf"); }; programs = { @@ -35,7 +32,7 @@ settings = { global = { frame_color = "#8CAAEE"; - separator_color = "frame"; + separator_color= "frame"; }; urgency_low = { diff --git a/modules/shared/home/linux/apps/tilix.nix b/modules/shared/home/linux/apps/tilix.nix deleted file mode 100644 index a70af5f..0000000 --- a/modules/shared/home/linux/apps/tilix.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib, pkgs, ... }: -with lib.hm.gvariant; -{ - - dconf.settings = { - "com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = { - background-color = "#272822"; - background-transparency-percent = 10; - badge-color-set = false; - bold-color-set = false; - cursor-colors-set = false; - font = "Hack Nerd Font Mono 12"; - foreground-color = "#F8F8F2"; - highlight-colors-set = false; - palette = [ - "#272822" - "#F92672" - "#A6E22E" - "#F4BF75" - "#66D9EF" - "#AE81FF" - "#A1EFE4" - "#F8F8F2" - "#75715E" - "#F92672" - "#A6E22E" - "#F4BF75" - "#66D9EF" - "#AE81FF" - "#A1EFE4" - "#F9F8F5" - ]; - use-system-font = false; - use-theme-colors = false; - visible-name = "Default"; - }; - - }; - - home.file = { - ".config/tilix/schemes/Beanbag-Mathias.json".source = ../../../files/tilix/Beanbag-Mathias.json; - ".config/tilix/schemes/Catppuccin-Frappe.json".source = - pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "tilix"; - rev = "3fd05e03419321f2f2a6aad6da733b28be1765ef"; - hash = "sha256-SI7QxQ+WBHzeuXbTye+s8pi4tDVZOV4Aa33mRYO276k="; - } - + "/src/Catppuccin-Frappe.json"; - }; -} diff --git a/modules/shared/home/linux/apps/waybar.nix b/modules/shared/home/linux/apps/waybar.nix deleted file mode 100644 index 806ee21..0000000 --- a/modules/shared/home/linux/apps/waybar.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -{ - home.file = { - ".config/waybar/config".source = ../../../files/waybar/config; - ".config/waybar/frappe.css".source = - pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "waybar"; - rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff"; - hash = "sha256-WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8="; - } - + "/themes/frappe.css"; - ".config/waybar/style.css".source = ../../../files/waybar/style.css; - }; - - programs = { - # Using file in ../../files/waybar/ to configure waybar - waybar.enable = true; - }; -} diff --git a/modules/shared/nixos/nixroutes.nix b/modules/shared/nixos/nixroutes.nix deleted file mode 100644 index 6ea2e0c..0000000 --- a/modules/shared/nixos/nixroutes.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, ... }: -let - inherit (config.networking) hostName; -in -{ - programs.zsh.shellAliases.nixroutes = "cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'"; -}