genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-28 09:57:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: genebean:f830613ded458d9cc1ebc8cac82a5328f9153eb4
Branches Tags
genebean:main
genebean:genebean-module
genebean:hm-puppet
genebean:remote_builds
genebean:nbc
genebean:fix-htts-redirects
genebean:commit-signing
genebean:create-host-smarthome
genebean:custom-packages
genebean:nixed-neovim
genebean:hm-bigboy
genebean:owntracks
genebean:linux-docs
..
compare: genebean:1312755c4b75a8c7555e6355ef6dedad320712e8
Branches Tags
genebean:main
genebean:genebean-module
genebean:hm-puppet
genebean:remote_builds
genebean:nbc
genebean:fix-htts-redirects
genebean:commit-signing
genebean:create-host-smarthome
genebean:custom-packages
genebean:nixed-neovim
genebean:hm-bigboy
genebean:owntracks
genebean:linux-docs

No commits in common. "f830613ded458d9cc1ebc8cac82a5328f9153eb4" and "1312755c4b75a8c7555e6355ef6dedad320712e8" have entirely different histories.
f830613ded ... 1312755c4b

77 changed files with 773 additions and 1426 deletions
Download patch file Download diff file Expand all files Collapse all files

27
.github/workflows/validate.yml vendored
View file

@ -1,27 +0,0 @@
name: Validate
on:
pull_request:
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
with:
extra_nix_config: |
trusted-users = root @runner
- name: Validate flake
run: nix flake show
- name: Check formatting
run: nix fmt --check .
- name: Run deadnix
run: deadnix ./modules ./lib
- name: Run statix
run: statix check ./modules ./lib

18
.pre-commit-config.yaml
View file

@ -1,18 +0,0 @@
repos:
- repo: local
hooks:
- id: nixfmt
name: nixfmt
entry: nixfmt
language: system
types: [nix]
pass_filenames: false
args: ["."]
- id: deadnix
name: deadnix
entry: deadnix
language: system
types: [nix]
args: ["./modules", "./lib"]

2
.sops.yaml
View file

@ -60,8 +60,6 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *system_rainbow_planet - *system_rainbow_planet
- path_regex: ^\.pre-commit-config\.yaml$
# Plain YAML file, not encrypted
- path_regex: modules/shared/secrets.yaml$ - path_regex: modules/shared/secrets.yaml$
key_groups: key_groups:
- age: - age:

67
examples/flake-structure.nix
View file

@ -6,41 +6,38 @@
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
}; };
outputs = outputs = inputs@{ self, ... }: let
inputs@{ self, ... }: # Import helper functions from lib/
let localLib = import ./lib { inherit inputs; };
# Import helper functions from lib/ in {
localLib = import ./lib { inherit inputs; }; # Darwin (macOS) hosts
in darwinConfigurations = {
{ mightymac = localLib.mkDarwinHost {
# Darwin (macOS) hosts system = "aarch64-darwin";
darwinConfigurations = { hostname = "mightymac";
mightymac = localLib.mkDarwinHost { username = "gene.liverman";
system = "aarch64-darwin";
hostname = "mightymac";
username = "gene.liverman";
};
};
# NixOS hosts
nixosConfigurations = {
rainbow-planet = localLib.mkNixosHost {
system = "x86_64-linux";
hostname = "rainbow-planet";
username = "gene";
additionalModules = [
inputs.nixos-hardware.nixosModules.dell-xps-13-9360
];
};
};
# Home Manager (only) users
homeConfigurations = {
gene = localLib.mkHomeConfig {
system = "x86_64-linux";
homeDirectory = "/home/gene";
username = "gene";
};
}; };
}; };
# NixOS hosts
nixosConfigurations = {
rainbow-planet = localLib.mkNixosHost {
system = "x86_64-linux";
hostname = "rainbow-planet";
username = "gene";
additionalModules = [
inputs.nixos-hardware.nixosModules.dell-xps-13-9360
];
};
};
# Home Manager (only) users
homeConfigurations = {
gene = localLib.mkHomeConfig {
system = "x86_64-linux";
homeDirectory = "/home/gene";
username = "gene";
};
};
};
} }

202
flake.lock generated
View file

@ -69,25 +69,6 @@
"type": "github" "type": "github"
} }
}, },
"deadnix": {
"inputs": {
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1764114543,
"narHash": "sha256-+C39E8qmGODT6eB0rhE/VX+DcekXW/Xww5IL/xlERNY=",
"owner": "astro",
"repo": "deadnix",
"rev": "d590041677add62267bef35ddec63cd9402d3505",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "deadnix",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -130,28 +111,6 @@
"type": "github" "type": "github"
} }
}, },
"fenix_2": {
"inputs": {
"nixpkgs": [
"statix",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
"lastModified": 1645251813,
"narHash": "sha256-cQ66tGjnZclBCS3nD26mZ5fUH+3/HnysGffBiWXUSHk=",
"owner": "nix-community",
"repo": "fenix",
"rev": "9892337b588c38ec59466a1c89befce464aae7f8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -238,7 +197,7 @@
"crane": "crane", "crane": "crane",
"fenix": "fenix", "fenix": "fenix",
"nix-unit-src": "nix-unit-src", "nix-unit-src": "nix-unit-src",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
@ -349,11 +308,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773264488, "lastModified": 1772985280,
"narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=", "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c", "rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -372,11 +331,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1773371628, "lastModified": 1772680513,
"narHash": "sha256-G9+d9C/7hz8qBFHOCzdH34Cj6MBNOlE9kCNfF+PKPZM=", "narHash": "sha256-zwVeM1TgfwMIq026uln9hqcCIINsLv6jEjztPqx0q+U=",
"owner": "numtide", "owner": "numtide",
"repo": "nix-auth", "repo": "nix-auth",
"rev": "09a9b568631cfbf4a70058bbff495b7e854aedc4", "rev": "77c07e9a107972dd2170da6da9ed1e73e65c4a4a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -521,16 +480,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1763934636, "lastModified": 1742889210,
"narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "NixOS", "owner": "flox",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "flox",
"ref": "nixpkgs-unstable", "ref": "stable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -552,11 +511,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1773231277, "lastModified": 1772956932,
"narHash": "sha256-Xy3WEpUAbpsz8ydgvVAQAGGB/WB+8cNA5cshiL0McTI=", "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "75690239f08f885ca9b0267580101f60d10fbe62", "rev": "608d0cadfed240589a7eea422407a547ad626a14",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -567,22 +526,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "flox",
"repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
"owner": "flox",
"ref": "stable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1770107345, "lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
@ -598,13 +541,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1773375660, "lastModified": 1773068389,
"narHash": "sha256-SEzUWw2Rf5Ki3bcM26nSKgbeoqi2uYy8IHVBqOKjX3w=", "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3e20095fe3c6cbb1ddcef89b26969a69a1570776", "rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -614,22 +557,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": {
"locked": {
"lastModified": 1645013224,
"narHash": "sha256-b7OEC8vwzJv3rsz9pwnTX2LQDkeOWz2DbKypkVvNHXc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b66b39216b1fef2d8c33cc7a5c72d8da80b79970",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"onchg": { "onchg": {
"inputs": { "inputs": {
"nix-pre-commit": "nix-pre-commit", "nix-pre-commit": "nix-pre-commit",
@ -704,7 +631,6 @@
"root": { "root": {
"inputs": { "inputs": {
"compose2nix": "compose2nix", "compose2nix": "compose2nix",
"deadnix": "deadnix",
"disko": "disko", "disko": "disko",
"flox": "flox", "flox": "flox",
"genebean-omp-themes": "genebean-omp-themes", "genebean-omp-themes": "genebean-omp-themes",
@ -715,12 +641,11 @@
"nix-homebrew": "nix-homebrew", "nix-homebrew": "nix-homebrew",
"nixos-cosmic": "nixos-cosmic", "nixos-cosmic": "nixos-cosmic",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"private-flake": "private-flake", "private-flake": "private-flake",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix", "sops-nix": "sops-nix"
"statix": "statix"
} }
}, },
"rust-analyzer-src": { "rust-analyzer-src": {
@ -740,23 +665,6 @@
"type": "github" "type": "github"
} }
}, },
"rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1645205556,
"narHash": "sha256-e4lZW3qRyOEJ+vLKFQP7m2Dxh5P44NrnekZYLxlucww=",
"owner": "rust-analyzer",
"repo": "rust-analyzer",
"rev": "acf5874b39f3dc5262317a6074d9fc7285081161",
"type": "github"
},
"original": {
"owner": "rust-analyzer",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -788,11 +696,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773313890, "lastModified": 1766537863,
"narHash": "sha256-NXm/kOAk7HLziH1uWaUbNb9MhDS8yxFfQ8fMK5eN8/A=", "narHash": "sha256-HEt+wbazRgJYeY+lgj65bxhPyVc4x7NEB2bs5NU6DF8=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "9cdd6869e513df8153db4b920c8f15d394e150f7", "rev": "23f0a53ca6e58e61e1ea2b86791c69b79c91656d",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -822,50 +730,16 @@
"type": "github" "type": "github"
} }
}, },
"statix": {
"inputs": {
"fenix": "fenix_2",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1676888642,
"narHash": "sha256-C73LOMVVCkeL0jA5xN7klLEDEB4NkuiATEJY4A/tIyM=",
"owner": "astro",
"repo": "statix",
"rev": "3c7136a23f444db252a556928c1489869ca3ab4e",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "statix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1773297127, "lastModified": 1772660329,
"narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", "rev": "3710e0e1218041bbad640352a0440114b1e10428",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -873,24 +747,6 @@
"repo": "treefmt-nix", "repo": "treefmt-nix",
"type": "github" "type": "github"
} }
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

193
flake.nix
View file

@ -8,7 +8,7 @@
compose2nix = { compose2nix = {
url = "github:aksiksi/compose2nix"; url = "github:aksiksi/compose2nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows ="nixpkgs";
}; };
# Format disks with nix-config # Format disks with nix-config
@ -79,115 +79,100 @@
# Secrets managemnt # Secrets managemnt
sops-nix = { sops-nix = {
url = "github:mic92/sops-nix"; url = "github:mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows ="nixpkgs";
}; };
# Linting and formatting
deadnix.url = "github:astro/deadnix";
statix.url = "github:astro/statix";
}; # end inputs }; # end inputs
outputs = outputs = inputs@{ self, ... }: let
inputs@{ self, nixpkgs, ... }: # Functions that setup systems
let localLib = import ./lib { inherit inputs; };
# Functions that setup systems
localLib = import ./lib { inherit inputs; };
forAllSystems = nixpkgs.lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
in
{
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt);
# Darwin (macOS) hosts in {
darwinConfigurations = { # Darwin (macOS) hosts
AirPuppet = localLib.mkDarwinHost { darwinConfigurations = {
system = "x86_64-darwin"; AirPuppet = localLib.mkDarwinHost {
hostname = "AirPuppet"; system = "x86_64-darwin";
}; hostname = "AirPuppet";
Blue-Rock = localLib.mkDarwinHost { };
system = "x86_64-darwin"; Blue-Rock = localLib.mkDarwinHost {
hostname = "Blue-Rock"; system = "x86_64-darwin";
username = "gene.liverman"; hostname = "Blue-Rock";
}; username = "gene.liverman";
mightymac = localLib.mkDarwinHost { };
hostname = "mightymac"; mightymac = localLib.mkDarwinHost {
username = "gene.liverman"; hostname = "mightymac";
}; username = "gene.liverman";
}; # end darwinConfigurations };
}; # end darwinConfigurations
# NixOS hosts # NixOS hosts
nixosConfigurations = { nixosConfigurations = {
bigboy = localLib.mkNixosHost { bigboy = localLib.mkNixosHost {
hostname = "bigboy"; hostname = "bigboy";
additionalModules = [ additionalModules = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52 inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p52
]; ];
}; };
hetznix01 = localLib.mkNixosHost { hetznix01 = localLib.mkNixosHost {
hostname = "hetznix01"; hostname = "hetznix01";
additionalModules = [ additionalModules = [
inputs.private-flake.nixosModules.private.hetznix01 inputs.private-flake.nixosModules.private.hetznix01
]; ];
}; };
hetznix02 = localLib.mkNixosHost { hetznix02 = localLib.mkNixosHost {
system = "aarch64-linux"; system = "aarch64-linux";
hostname = "hetznix02"; hostname = "hetznix02";
additionalModules = [ additionalModules = [
# inputs.simple-nixos-mailserver.nixosModule # inputs.simple-nixos-mailserver.nixosModule
]; ];
}; };
kiosk-entryway = localLib.mkNixosHost { kiosk-entryway = localLib.mkNixosHost {
# Lenovo IdeaCentre Q190 # Lenovo IdeaCentre Q190
hostname = "kiosk-entryway"; hostname = "kiosk-entryway";
}; };
kiosk-gene-desk = localLib.mkNixosHost { kiosk-gene-desk = localLib.mkNixosHost {
system = "aarch64-linux"; system = "aarch64-linux";
hostname = "kiosk-gene-desk"; hostname = "kiosk-gene-desk";
additionalModules = [ additionalModules = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.nixos-hardware.nixosModules.raspberry-pi-4
]; ];
}; };
nixnas1 = localLib.mkNixosHost { nixnas1 = localLib.mkNixosHost {
hostname = "nixnas1"; hostname = "nixnas1";
additionalModules = [ additionalModules = [
inputs.simple-nixos-mailserver.nixosModule inputs.simple-nixos-mailserver.nixosModule
]; ];
}; };
nixnuc = localLib.mkNixosHost { nixnuc = localLib.mkNixosHost {
hostname = "nixnuc"; hostname = "nixnuc";
additionalModules = [ additionalModules = [
inputs.simple-nixos-mailserver.nixosModule inputs.simple-nixos-mailserver.nixosModule
]; ];
}; };
rainbow-planet = localLib.mkNixosHost { rainbow-planet = localLib.mkNixosHost {
hostname = "rainbow-planet"; hostname = "rainbow-planet";
additionalModules = [ additionalModules = [
inputs.nixos-cosmic.nixosModules.default inputs.nixos-cosmic.nixosModules.default
inputs.nixos-hardware.nixosModules.dell-xps-13-9360 inputs.nixos-hardware.nixosModules.dell-xps-13-9360
]; ];
}; };
}; # end nixosConfigurations }; # end nixosConfigurations
# Home Manager (only) users # Home Manager (only) users
homeConfigurations = { homeConfigurations = {
gene-x86_64-linux = localLib.mkHomeConfig { gene-x86_64-linux = localLib.mkHomeConfig {
homeDirectory = "/home/gene"; homeDirectory = "/home/gene";
username = "gene"; username = "gene";
system = "x86_64-linux"; system = "x86_64-linux";
}; };
gene-aarch64-linux = localLib.mkHomeConfig { gene-aarch64-linux = localLib.mkHomeConfig {
homeDirectory = "/home/gene"; homeDirectory = "/home/gene";
username = "gene"; username = "gene";
system = "aarch64-linux"; system = "aarch64-linux";
}; };
}; # end homeConfigurations }; # end homeConfigurations
packages.aarch64-linux.kiosk-gene-desk-sdImage = packages.aarch64-linux.kiosk-gene-desk-sdImage = self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage;
self.nixosConfigurations.kiosk-gene-desk.config.system.build.sdImage; };
};
} }

6
lib/default.nix
View file

@ -1,10 +1,8 @@
{ inputs, ... }: { inputs, ... }: let
let
mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; }; mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; };
mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; }; mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; };
mkNixosHost = import ./mkNixosHost.nix { inherit inputs; }; mkNixosHost = import ./mkNixosHost.nix { inherit inputs; };
in in {
{
inherit (mkDarwinHost) mkDarwinHost; inherit (mkDarwinHost) mkDarwinHost;
inherit (mkHomeConfig) mkHomeConfig; inherit (mkHomeConfig) mkHomeConfig;
inherit (mkNixosHost) mkNixosHost; inherit (mkNixosHost) mkNixosHost;

83
lib/mkDarwinHost.nix
View file

@ -1,50 +1,41 @@
{ inputs, ... }: { inputs, ... }: {
{ mkDarwinHost = {
mkDarwinHost = system ? "aarch64-darwin",
{ hostname,
system ? "aarch64-darwin", username ? "gene",
hostname, additionalModules ? [],
username ? "gene", additionalSpecialArgs ? {}
additionalModules ? [ ], }: inputs.nix-darwin.lib.darwinSystem {
additionalSpecialArgs ? { }, inherit system;
}: specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs;
inputs.nix-darwin.lib.darwinSystem { modules = [
inherit system; ./nixpkgs-settings.nix
specialArgs = {
inherit inputs hostname username; inputs.nix-homebrew.darwinModules.nix-homebrew {
nix-homebrew = {
enable = true; # Install Homebrew under the default prefix
user = "${username}"; # User owning the Homebrew prefix
autoMigrate = true; # Automatically migrate existing Homebrew installations
};
} }
// additionalSpecialArgs;
modules = [
./nixpkgs-settings.nix
inputs.nix-homebrew.darwinModules.nix-homebrew inputs.home-manager.darwinModules.home-manager {
{ home-manager = {
nix-homebrew = { extraSpecialArgs = { inherit inputs username; };
enable = true; # Install Homebrew under the default prefix useGlobalPkgs = true;
user = "${username}"; # User owning the Homebrew prefix useUserPackages = true;
autoMigrate = true; # Automatically migrate existing Homebrew installations users.${username}.imports = [
}; inputs.sops-nix.homeManagerModule # user-level secrets management
} ../modules/shared/home/general
../modules/shared/home/general/all-gui.nix
../modules/hosts/darwin/home.nix
../modules/hosts/darwin/${hostname}/home-${username}.nix
];
};
}
inputs.home-manager.darwinModules.home-manager ../modules/hosts/darwin # system-wide stuff
{ ../modules/hosts/darwin/${hostname} # host specific stuff
home-manager = { ] ++ additionalModules; # end modules
extraSpecialArgs = { inherit inputs username; }; }; # end darwinSystem
useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
inputs.sops-nix.homeManagerModule # user-level secrets management
../modules/shared/home/general
../modules/shared/home/general/all-gui.nix
../modules/hosts/darwin/home.nix
../modules/hosts/darwin/${hostname}/home-${username}.nix
];
};
}
../modules/hosts/darwin # system-wide stuff
../modules/hosts/darwin/${hostname} # host specific stuff
]
++ additionalModules; # end modules
}; # end darwinSystem
} }

60
lib/mkHomeConfig.nix
View file

@ -1,39 +1,29 @@
{ inputs, ... }: { inputs, ... }: {
{ mkHomeConfig = {
mkHomeConfig = homeDirectory,
{ system,
homeDirectory, username,
system, }: inputs.home-manager.lib.homeManagerConfiguration {
username, extraSpecialArgs = { inherit inputs homeDirectory system username; };
}:
inputs.home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = {
inherit
inputs
homeDirectory
system
username
;
};
pkgs = inputs.nixpkgs.legacyPackages.${system}; pkgs = inputs.nixpkgs.legacyPackages.${system};
# Specify your home configuration modules here, for example, # Specify your home configuration modules here, for example,
# the path to your home.nix. # the path to your home.nix.
modules = [ modules = [
./nixpkgs-settings.nix ./nixpkgs-settings.nix
../modules/shared/home/general ../modules/shared/home/general
../modules/hosts/home-manager-only ../modules/hosts/home-manager-only
../modules/hosts/home-manager-only/home-${username}.nix ../modules/hosts/home-manager-only/home-${username}.nix
{ {
home = { home = {
username = "${username}"; username = "${username}";
homeDirectory = "${homeDirectory}"; homeDirectory = "${homeDirectory}";
}; };
} }
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
]; ];
}; };
} }

74
lib/mkNixosHost.nix
View file

@ -1,44 +1,36 @@
{ inputs, ... }: { inputs, ... }: {
{ mkNixosHost = {
mkNixosHost = system ? "x86_64-linux",
{ hostname,
system ? "x86_64-linux", username ? "gene",
hostname, additionalModules ? [],
username ? "gene", additionalSpecialArgs ? {}
additionalModules ? [ ], }: inputs.nixpkgs.lib.nixosSystem {
additionalSpecialArgs ? { }, inherit system;
}: specialArgs = { inherit inputs hostname username; } // additionalSpecialArgs;
inputs.nixpkgs.lib.nixosSystem { modules = [
inherit system; ./nixpkgs-settings.nix
specialArgs = {
inherit inputs hostname username; inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager {
home-manager = {
extraSpecialArgs = { inherit inputs hostname username; };
useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
../modules/shared/home/general
../modules/shared/home/linux
../modules/hosts/nixos/${hostname}/home-${username}.nix
];
};
} }
// additionalSpecialArgs;
modules = [
./nixpkgs-settings.nix
inputs.disko.nixosModules.disko inputs.nix-flatpak.nixosModules.nix-flatpak
inputs.private-flake.nixosModules.private.ssh-keys
inputs.home-manager.nixosModules.home-manager inputs.sops-nix.nixosModules.sops # system wide secrets management
{ ../modules/hosts/nixos # system-wide stuff
home-manager = { ../modules/hosts/nixos/${hostname} # host specific stuff
extraSpecialArgs = { inherit inputs hostname username; }; ] ++ additionalModules;
useGlobalPkgs = true; };
useUserPackages = true;
users.${username}.imports = [
../modules/shared/home/general
../modules/shared/home/linux
../modules/hosts/nixos/${hostname}/home-${username}.nix
];
};
}
inputs.nix-flatpak.nixosModules.nix-flatpak
inputs.private-flake.nixosModules.private.ssh-keys
inputs.sops-nix.nixosModules.sops # system wide secrets management
../modules/hosts/nixos # system-wide stuff
../modules/hosts/nixos/${hostname} # host specific stuff
]
++ additionalModules;
};
} }

3
lib/nixpkgs-settings.nix
View file

@ -1,5 +1,4 @@
{ inputs, ... }: { inputs, ... }: {
{
nixpkgs = { nixpkgs = {
config = { config = {
allowUnfree = true; allowUnfree = true;

2
modules/hosts/darwin/AirPuppet/default.nix
View file

@ -1,4 +1,4 @@
_: { { ... }: {
system.stateVersion = 4; system.stateVersion = 4;
homebrew = { homebrew = {

3
modules/hosts/darwin/AirPuppet/home-gene.nix
View file

@ -1,5 +1,4 @@
{ username, ... }: { username, ... }: {
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
sops = { sops = {

3
modules/hosts/darwin/Blue-Rock/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
system.stateVersion = 4; system.stateVersion = 4;
environment = { environment = {

5
modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix
View file

@ -1,7 +1,6 @@
{ username, ... }: { username, ... }: {
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
programs = { programs = {
go = { go = {
enable = true; enable = true;

18
modules/hosts/darwin/default.nix
View file

@ -1,17 +1,8 @@
{ { pkgs, hostname, username, ... }: {
pkgs,
hostname,
username,
...
}:
{
system.primaryUser = username; system.primaryUser = username;
environment = { environment = {
shells = with pkgs; [ shells = with pkgs; [ bash zsh ];
bash
zsh
];
pathsToLink = [ pathsToLink = [
"/Applications" "/Applications"
"/share/zsh" "/share/zsh"
@ -122,10 +113,7 @@
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs=" "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
"cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc=" "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
]; ];
trusted-users = [ trusted-users = [ "@admin" "${username}" ];
"@admin"
"${username}"
];
}; };
extraOptions = '' extraOptions = ''
# Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0. # Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0.

3
modules/hosts/darwin/home.nix
View file

@ -1,5 +1,4 @@
{ username, ... }: { username, ... }: {
{
# dawrwin-specific shell config # dawrwin-specific shell config
programs = { programs = {
zsh = { zsh = {

3
modules/hosts/darwin/mightymac/default.nix
View file

@ -1,5 +1,4 @@
{ inputs, pkgs, ... }: { inputs, pkgs, ... }: {
{
system.stateVersion = 4; system.stateVersion = 4;
environment = { environment = {

3
modules/hosts/darwin/mightymac/home-gene.liverman.nix
View file

@ -1,5 +1,4 @@
{ config, ... }: { config, ... }: {
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
programs = { programs = {

9
modules/hosts/home-manager-only/default.nix
View file

@ -1,11 +1,4 @@
{ { config, pkgs, system, username, ... }: {
config,
pkgs,
system,
username,
...
}:
{
home.stateVersion = "25.05"; home.stateVersion = "25.05";
home.packages = with pkgs; [ home.packages = with pkgs; [
age age

4
modules/hosts/home-manager-only/home-gene.liverman.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
# Settings just for work machines go here # Settings just for work machines go here
} }

3
modules/hosts/home-manager-only/home-gene.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Settings just for personal machines go here # Settings just for personal machines go here
home.packages = with pkgs; [ home.packages = with pkgs; [

36
modules/hosts/nixos/bigboy/default.nix
View file

@ -1,20 +1,14 @@
{ config, pkgs, username, ... }:
let
libbluray = pkgs.libbluray.override {
withAACS = true;
withBDplus = true;
withJava = true;
};
vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
in
{ {
config, imports = [ # Include the results of the hardware scan.
pkgs,
username,
...
}:
let
libbluray = pkgs.libbluray.override {
withAACS = true;
withBDplus = true;
withJava = true;
};
vlc-with-decoding = pkgs.vlc.override { inherit libbluray; };
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../../shared/nixos/flatpaks.nix ../../../shared/nixos/flatpaks.nix
../../../shared/nixos/ripping.nix ../../../shared/nixos/ripping.nix
@ -49,6 +43,7 @@ in
zoom-us zoom-us
]; ];
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
programs = { programs = {
@ -123,15 +118,10 @@ in
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "networkmanager" "wheel" "dialout" "input" ];
"networkmanager"
"wheel"
"dialout"
"input"
];
packages = with pkgs; [ packages = with pkgs; [
kdePackages.kate kdePackages.kate
# thunderbird # thunderbird
]; ];
}; };
} }

54
modules/hosts/nixos/bigboy/hardware-configuration.nix
View file

@ -1,50 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ boot.kernelModules = [ "kvm-intel" "sg" ];
"kvm-intel"
"sg"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832"; { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/59CB-16DE"; { device = "/dev/disk/by-uuid/59CB-16DE";
fsType = "vfat"; fsType = "vfat";
options = [ options = [ "fmask=0077" "dmask=0077" ];
"fmask=0077" };
"dmask=0077"
swapDevices =
[ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
]; ];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

4
modules/hosts/nixos/bigboy/home-gene.nix
View file

@ -1,5 +1,4 @@
{ ... }: { ... }: {
{
home.stateVersion = "24.05"; home.stateVersion = "24.05";
imports = [ imports = [
../../../shared/home/general/all-gui.nix ../../../shared/home/general/all-gui.nix
@ -28,3 +27,4 @@
}; };
}; };
} }

15
modules/hosts/nixos/default.nix
View file

@ -1,19 +1,10 @@
{ { hostname, pkgs, username, ... }: {
hostname,
pkgs,
username,
...
}:
{
imports = [ imports = [
../shared/nixos/internationalisation.nix ../shared/nixos/internationalisation.nix
]; ];
environment = { environment = {
shells = with pkgs; [ shells = with pkgs; [ bash zsh ];
bash
zsh
];
systemPackages = with pkgs; [ systemPackages = with pkgs; [
age age
dconf2nix dconf2nix

29
modules/hosts/nixos/hetznix01/default.nix
View file

@ -1,10 +1,4 @@
{ { inputs, pkgs, username, ... }: {
inputs,
pkgs,
username,
...
}:
{
imports = [ imports = [
../../../shared/nixos/nixroutes.nix ../../../shared/nixos/nixroutes.nix
./disk-config.nix ./disk-config.nix
@ -30,14 +24,14 @@
networking = { networking = {
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
25 # SMTP (unencrypted) 25 # SMTP (unencrypted)
80 # http to local Nginx 80 # http to local Nginx
143 # imap 143 # imap
443 # https to local Nginx 443 # https to local Nginx
465 # SMTP with TLS 465 # SMTP with TLS
587 # SMTP with STARTTLS 587 # SMTP with STARTTLS
993 # imaps 993 # imaps
1883 # mqtt 1883 # mqtt
8333 # Bitcoin Core 8333 # Bitcoin Core
8448 # Matrix Synapse 8448 # Matrix Synapse
@ -94,10 +88,7 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "networkmanager" "wheel" ];
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
} }

16
modules/hosts/nixos/hetznix01/hardware-configuration.nix
View file

@ -4,18 +4,11 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = [ imports =
(modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -32,3 +25,4 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

4
modules/hosts/nixos/hetznix01/home-gene.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
} }

6
modules/hosts/nixos/hetznix01/post-install/containers/emqx.nix
View file

@ -1,8 +1,6 @@
{ config, username, ... }: { config, username, ... }: let
let
volume_base = "/var/lib/emqx"; volume_base = "/var/lib/emqx";
in in {
{
# Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html # Based on docs at https://docs.emqx.com/en/emqx/latest/deploy/install-docker.html
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"emqx" = { "emqx" = {

71
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -1,15 +1,7 @@
{ { config, lib, pkgs, username, ... }: let
config,
lib,
pkgs,
username,
...
}:
let
domain = "technicalissues.us"; domain = "technicalissues.us";
restic_backup_time = "01:00"; restic_backup_time = "01:00";
in in {
{
imports = [ imports = [
../../../../shared/nixos/lets-encrypt.nix ../../../../shared/nixos/lets-encrypt.nix
../../../../shared/nixos/restic.nix ../../../../shared/nixos/restic.nix
@ -34,7 +26,7 @@ in
# Listen on loopback interface only, and accept requests from ::1 # Listen on loopback interface only, and accept requests from ::1
net = { net = {
listen = "loopback"; listen = "loopback";
post_allow.host = [ "::1" ]; post_allow.host = ["::1"];
}; };
# Restrict loading documents from WOPI Host nextcloud.example.com # Restrict loading documents from WOPI Host nextcloud.example.com
@ -170,14 +162,14 @@ in
}; };
matrix_secrets_yaml = { matrix_secrets_yaml = {
owner = config.users.users.matrix-synapse.name; owner = config.users.users.matrix-synapse.name;
restartUnits = [ "matrix-synapse.service" ]; restartUnits = ["matrix-synapse.service"];
}; };
matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name; matrix_homeserver_signing_key.owner = config.users.users.matrix-synapse.name;
mqtt_recorder_pass.restartUnits = [ "mosquitto.service" ]; mqtt_recorder_pass.restartUnits = ["mosquitto.service"];
nextcloud_admin_pass.owner = config.users.users.nextcloud.name; nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
owntracks_basic_auth = { owntracks_basic_auth = {
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
restartUnits = [ "nginx.service" ]; restartUnits = ["nginx.service"];
}; };
plausible_admin_pass.owner = config.users.users.nginx.name; plausible_admin_pass.owner = config.users.users.nginx.name;
plausible_secret_key_base.owner = config.users.users.nginx.name; plausible_secret_key_base.owner = config.users.users.nginx.name;
@ -188,36 +180,31 @@ in
}; };
systemd.services = { systemd.services = {
nextcloud-config-collabora = nextcloud-config-collabora = let
let inherit (config.services.nextcloud) occ;
inherit (config.services.nextcloud) occ;
wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
public_wopi_url = "https://collabora.pack1828.org"; public_wopi_url = "https://collabora.pack1828.org";
wopi_allowlist = lib.concatStringsSep "," [ wopi_allowlist = lib.concatStringsSep "," [
"127.0.0.1" "127.0.0.1"
"::1" "::1"
"5.161.244.95" "5.161.244.95"
"2a01:4ff:f0:977c::1" "2a01:4ff:f0:977c::1"
]; ];
in in {
{ wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ]; after = ["nextcloud-setup.service" "coolwsd.service"];
after = [ requires = ["coolwsd.service"];
"nextcloud-setup.service" script = ''
"coolwsd.service" ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
]; ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
requires = [ "coolwsd.service" ]; ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
script = '' ${occ}/bin/nextcloud-occ richdocuments:setup
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} '';
${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} serviceConfig = {
${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} Type = "oneshot";
${occ}/bin/nextcloud-occ richdocuments:setup
'';
serviceConfig = {
Type = "oneshot";
};
}; };
};
}; };
# Enable common container config files in /etc/containers # Enable common container config files in /etc/containers

5
modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix
View file

@ -1,5 +1,4 @@
{ config, ... }: { config, ... }: {
{
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
configureRedisLocally = true; configureRedisLocally = true;
@ -34,7 +33,7 @@
]; ];
url_preview_enabled = true; url_preview_enabled = true;
enable_registration = false; enable_registration = false;
trusted_key_servers = [ { server_name = "matrix.org"; } ]; trusted_key_servers = [{ server_name = "matrix.org"; }];
}; };
}; };

21
modules/hosts/nixos/hetznix01/post-install/monitoring.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }: let
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in in {
{
services = { services = {
vmagent = { vmagent = {
enable = true; enable = true;
@ -16,11 +14,11 @@ in
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9100" ]; } { targets = ["127.0.0.1:9100"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -37,11 +35,11 @@ in
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9113" ]; } { targets = ["127.0.0.1:9113"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -79,7 +77,7 @@ in
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -112,7 +110,7 @@ in
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = { }; users.groups.vmagent = {};
# ---------------------------- # ----------------------------
# SOPS secrets configuration # SOPS secrets configuration
@ -121,9 +119,10 @@ in
secrets = { secrets = {
vmagent_push_pw = { vmagent_push_pw = {
owner = "vmagent"; owner = "vmagent";
restartUnits = [ "vmagent.service" ]; restartUnits = ["vmagent.service"];
sopsFile = ../../../../shared/secrets.yaml; sopsFile = ../../../../shared/secrets.yaml;
}; };
}; };
}; };
} }

137
modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
View file

@ -1,21 +1,16 @@
{ config, ... }: { config, ... }: let
let
mqtt_domain = "mqtt.technicalissues.us"; mqtt_domain = "mqtt.technicalissues.us";
in in {
{ security.acme.certs.${mqtt_domain}.postRun = "systemctl restart ${config.systemd.services.mosquitto.name}";
security.acme.certs.${mqtt_domain}.postRun =
"systemctl restart ${config.systemd.services.mosquitto.name}";
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
bridges = { bridges = {
liamcottle = { liamcottle = {
addresses = [ addresses = [{
{ address = "mqtt.meshtastic.liamcottle.net";
address = "mqtt.meshtastic.liamcottle.net"; port = 1883;
port = 1883; }];
}
];
topics = [ topics = [
"msh/# out 1 \"\"" "msh/# out 1 \"\""
]; ];
@ -29,12 +24,10 @@ in
}; };
}; };
meshtastic = { meshtastic = {
addresses = [ addresses = [{
{ address = "mqtt.meshtastic.org";
address = "mqtt.meshtastic.org"; port = 1883;
port = 1883; }];
}
];
topics = [ topics = [
"msh/# out 1 \"\"" "msh/# out 1 \"\""
]; ];
@ -49,12 +42,10 @@ in
}; };
}; };
homeassistant = { homeassistant = {
addresses = [ addresses = [{
{ address = "homeasistant-lc.atlas-snares.ts.net";
address = "homeasistant-lc.atlas-snares.ts.net"; port = 1883;
port = 1883; }];
}
];
topics = [ topics = [
"msh/US/2/e/LongFast/!a386c80 out 1 \"\"" "msh/US/2/e/LongFast/!a386c80 out 1 \"\""
"msh/US/2/e/LongFast/!b03bcb24 out 1 \"\"" "msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
@ -71,59 +62,53 @@ in
}; };
}; };
}; };
listeners = listeners = let
let mqtt_users = {
mqtt_users = { genebean = {
genebean = { acl = [
acl = [ "readwrite msh/#"
"readwrite msh/#" ];
]; hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
};
mountain_mesh = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
};
}; };
in mountain_mesh = {
[ acl = [
{ "readwrite msh/#"
port = 1883; ];
users = mqtt_users; hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
settings.allow_anonymous = false; };
} };
{ in [
port = 8883; {
users = mqtt_users; port = 1883;
settings = users = mqtt_users;
let settings.allow_anonymous = false;
certDir = config.security.acme.certs."${mqtt_domain}".directory; }
in {
{ port = 8883;
allow_anonymous = false; users = mqtt_users;
keyfile = certDir + "/key.pem"; settings = let
certfile = certDir + "/cert.pem"; certDir = config.security.acme.certs."${mqtt_domain}".directory;
cafile = certDir + "/chain.pem"; in {
}; allow_anonymous = false;
} keyfile = certDir + "/key.pem";
{ certfile = certDir + "/cert.pem";
port = 9001; cafile = certDir + "/chain.pem";
users = mqtt_users; };
settings = }
let {
certDir = config.security.acme.certs."${mqtt_domain}".directory; port = 9001;
in users = mqtt_users;
{ settings = let
allow_anonymous = false; certDir = config.security.acme.certs."${mqtt_domain}".directory;
keyfile = certDir + "/key.pem"; in {
certfile = certDir + "/cert.pem"; allow_anonymous = false;
cafile = certDir + "/chain.pem"; keyfile = certDir + "/key.pem";
protocol = "websockets"; certfile = certDir + "/cert.pem";
}; cafile = certDir + "/chain.pem";
} protocol = "websockets";
]; };
}
];
}; };
sops.secrets = { sops.secrets = {

43
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -1,11 +1,9 @@
{ config, ... }: { config, ... }: let
let
domain = "technicalissues.us"; domain = "technicalissues.us";
http_port = 80; http_port = 80;
https_port = 443; https_port = 443;
private_btc = "umbrel.atlas-snares.ts.net"; private_btc = "umbrel.atlas-snares.ts.net";
in in {
{
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -136,36 +134,14 @@ in
}; };
"matrix.${domain}" = { "matrix.${domain}" = {
listen = [ listen = [
{ { port = http_port; addr = "0.0.0.0"; }
port = http_port; { port = http_port; addr = "[::]"; }
addr = "0.0.0.0";
}
{
port = http_port;
addr = "[::]";
}
{ { port = https_port; addr = "0.0.0.0"; ssl = true; }
port = https_port; { port = https_port; addr = "[::]"; ssl = true; }
addr = "0.0.0.0";
ssl = true;
}
{
port = https_port;
addr = "[::]";
ssl = true;
}
{ { port = 8448; addr = "0.0.0.0"; ssl = true; }
port = 8448; { port = 8448; addr = "[::]"; ssl = true; }
addr = "0.0.0.0";
ssl = true;
}
{
port = 8448;
addr = "[::]";
ssl = true;
}
]; ];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
@ -219,8 +195,7 @@ in
"/" = { "/" = {
proxyPass = "http://127.0.0.1:8083"; proxyPass = "http://127.0.0.1:8083";
}; };
"/pub" = { "/pub" = { # Client apps need to point to this path
# Client apps need to point to this path
extraConfig = "proxy_set_header X-Limit-U $remote_user;"; extraConfig = "proxy_set_header X-Limit-U $remote_user;";
proxyPass = "http://127.0.0.1:8083/pub"; proxyPass = "http://127.0.0.1:8083/pub";
}; };

19
modules/hosts/nixos/hetznix02/default.nix
View file

@ -1,10 +1,4 @@
{ { inputs, pkgs, username, ... }: {
inputs,
pkgs,
username,
...
}:
{
imports = [ imports = [
../../../shared/nixos/nixroutes.nix ../../../shared/nixos/nixroutes.nix
./disk-config.nix ./disk-config.nix
@ -35,9 +29,9 @@
networking = { networking = {
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
80 # Nginx 80 # Nginx
443 # Nginx 443 # Nginx
]; ];
# firewall.allowedUDPPorts = [ ... ]; # firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
@ -62,10 +56,7 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "networkmanager" "wheel" ];
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };

8
modules/hosts/nixos/hetznix02/disk-config.nix
View file

@ -44,10 +44,10 @@
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
nix = { nix = {
name = "nix"; name = "nix";
size = "100%"; size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/nix"; mountpoint = "/nix";

41
modules/hosts/nixos/hetznix02/hardware-configuration.nix
View file

@ -4,41 +4,34 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = [ imports =
(modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ];
"xhci_pci"
"virtio_scsi"
"sr_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-partlabel/disk-primary-root"; { device = "/dev/disk/by-partlabel/disk-primary-root";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-partlabel/disk-primary-ESP"; { device = "/dev/disk/by-partlabel/disk-primary-ESP";
fsType = "vfat"; fsType = "vfat";
options = [ options = [ "fmask=0022" "dmask=0022" ];
"fmask=0022" };
"dmask=0022"
];
};
fileSystems."/nix" = { fileSystems."/nix" =
device = "/dev/disk/by-partlabel/disk-volume1-nix"; { device = "/dev/disk/by-partlabel/disk-volume1-nix";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [ ];

2
modules/hosts/nixos/hetznix02/home-gene.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
} }

4
modules/hosts/nixos/hetznix02/post-install/default.nix
View file

@ -1,5 +1,4 @@
{ config, username, ... }: { config, username, ... }: {
{
imports = [ imports = [
../../../../shared/nixos/lets-encrypt.nix ../../../../shared/nixos/lets-encrypt.nix
./monitoring.nix ./monitoring.nix
@ -24,3 +23,4 @@
}; };
}; };
} }

21
modules/hosts/nixos/hetznix02/post-install/monitoring.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }: let
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in in {
{
services = { services = {
vmagent = { vmagent = {
enable = true; enable = true;
@ -16,11 +14,11 @@ in
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9100" ]; } { targets = ["127.0.0.1:9100"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -37,11 +35,11 @@ in
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9113" ]; } { targets = ["127.0.0.1:9113"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -79,7 +77,7 @@ in
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -112,7 +110,7 @@ in
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = { }; users.groups.vmagent = {};
# ---------------------------- # ----------------------------
# SOPS secrets configuration # SOPS secrets configuration
@ -121,9 +119,10 @@ in
secrets = { secrets = {
vmagent_push_pw = { vmagent_push_pw = {
owner = "vmagent"; owner = "vmagent";
restartUnits = [ "vmagent.service" ]; restartUnits = ["vmagent.service"];
sopsFile = ../../../../shared/secrets.yaml; sopsFile = ../../../../shared/secrets.yaml;
}; };
}; };
}; };
} }

7
modules/hosts/nixos/hetznix02/post-install/nginx.nix
View file

@ -1,8 +1,7 @@
{ pkgs, ... }:
let { pkgs, ... }: let
domain = "genebean.me"; domain = "genebean.me";
in in {
{
environment.etc.nginx-littlelinks = { environment.etc.nginx-littlelinks = {
# Info generated via # Info generated via
# nurl https://github.com/genebean/littlelink genebean-sometag # nurl https://github.com/genebean/littlelink genebean-sometag

46
modules/hosts/nixos/kiosk-entryway/default.nix
View file

@ -1,11 +1,4 @@
{ { config, lib, pkgs, username, ... }: {
config,
lib,
pkgs,
username,
...
}:
{
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -49,7 +42,7 @@
# Home # Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley"; "Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks # Public networks
"Gallery Row-GuestWiFi" = { }; "Gallery Row-GuestWiFi" = {};
"LocalTies Guest".pskRaw = "ext:psk_local_ties"; "LocalTies Guest".pskRaw = "ext:psk_local_ties";
}; };
secretsFile = "${config.sops.secrets.wifi_creds.path}"; secretsFile = "${config.sops.secrets.wifi_creds.path}";
@ -58,26 +51,25 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (final: super: {
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
}) })
]; ];
services = { services = {
cage = cage = let
let kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
kioskProgram = pkgs.writeShellScript "kiosk.sh" '' WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 /etc/profiles/per-user/gene/bin/chromium-browser
/etc/profiles/per-user/gene/bin/chromium-browser '';
''; in {
in enable = true;
{ program = kioskProgram;
enable = true; user = "gene";
program = kioskProgram; environment = {
user = "gene"; WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
}; };
};
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
enabledCollectors = [ enabledCollectors = [
@ -123,10 +115,7 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "networkmanager" "wheel" ];
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
@ -136,3 +125,4 @@
memoryPercent = 90; memoryPercent = 90;
}; };
} }

23
modules/hosts/nixos/kiosk-entryway/hardware-configuration.nix
View file

@ -1,27 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
"xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

3
modules/hosts/nixos/kiosk-entryway/home-gene.nix
View file

@ -1,4 +1,4 @@
_: { { ... }: {
home.stateVersion = "24.11"; home.stateVersion = "24.11";
programs = { programs = {
@ -21,3 +21,4 @@ _: {
}; };
} }

21
modules/hosts/nixos/kiosk-entryway/monitoring.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }: let
let
metrics_server = "https://monitoring.home.technicalissues.us/remotewrite"; metrics_server = "https://monitoring.home.technicalissues.us/remotewrite";
in in {
{
services = { services = {
vmagent = { vmagent = {
enable = true; enable = true;
@ -16,11 +14,11 @@ in
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9100" ]; } { targets = ["127.0.0.1:9100"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -37,11 +35,11 @@ in
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9113" ]; } { targets = ["127.0.0.1:9113"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -79,7 +77,7 @@ in
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -112,7 +110,7 @@ in
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = { }; users.groups.vmagent = {};
# ---------------------------- # ----------------------------
# SOPS secrets configuration # SOPS secrets configuration
@ -121,9 +119,10 @@ in
secrets = { secrets = {
vmagent_push_pw = { vmagent_push_pw = {
owner = "vmagent"; owner = "vmagent";
restartUnits = [ "vmagent.service" ]; restartUnits = ["vmagent.service"];
sopsFile = ../../../../shared/secrets.yaml; sopsFile = ../../../../shared/secrets.yaml;
}; };
}; };
}; };
} }

47
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -1,12 +1,4 @@
{ { inputs, config, lib, pkgs, username, ... }: {
inputs,
config,
lib,
pkgs,
username,
...
}:
{
imports = [ imports = [
# SD card image # SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
@ -42,7 +34,7 @@
# Home # Home
"Diagon Alley".pskRaw = "ext:psk_diagon_alley"; "Diagon Alley".pskRaw = "ext:psk_diagon_alley";
# Public networks # Public networks
"Gallery Row-GuestWiFi" = { }; "Gallery Row-GuestWiFi" = {};
"LocalTies Guest".pskRaw = "ext:psk_local_ties"; "LocalTies Guest".pskRaw = "ext:psk_local_ties";
}; };
secretsFile = "${config.sops.secrets.wifi_creds.path}"; secretsFile = "${config.sops.secrets.wifi_creds.path}";
@ -51,28 +43,27 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (final: super: {
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
}) })
]; ];
sdImage.compressImage = true; sdImage.compressImage = true;
services = { services = {
cage = cage = let
let kioskProgram = pkgs.writeShellScript "kiosk.sh" ''
kioskProgram = pkgs.writeShellScript "kiosk.sh" '' WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90
WAYLAND_DISPLAY=wayland-0 wlr-randr --output HDMI-A-1 --transform 90 /etc/profiles/per-user/gene/bin/chromium-browser
/etc/profiles/per-user/gene/bin/chromium-browser '';
''; in {
in enable = true;
{ program = kioskProgram;
enable = true; user = "gene";
program = kioskProgram; environment = {
user = "gene"; WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
environment = {
WLR_LIBINPUT_NO_DEVICES = "1"; # boot up even if no mouse/keyboard connected
};
}; };
};
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
enabledCollectors = [ enabledCollectors = [
@ -117,10 +108,7 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "networkmanager" "wheel" ];
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };
@ -130,3 +118,4 @@
memoryPercent = 90; memoryPercent = 90;
}; };
} }

3
modules/hosts/nixos/kiosk-gene-desk/home-gene.nix
View file

@ -1,4 +1,4 @@
_: { { ... }: {
home.stateVersion = "24.11"; home.stateVersion = "24.11";
programs = { programs = {
@ -20,3 +20,4 @@ _: {
}; };
} }

14
modules/hosts/nixos/nixnas1/default.nix
View file

@ -1,10 +1,4 @@
{ { config, pkgs, username, ... }: {
config,
pkgs,
username,
...
}:
{
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -23,16 +17,16 @@
device = "nodev"; device = "nodev";
mirroredBoots = [ mirroredBoots = [
{ {
devices = [ "/dev/disk/by-uuid/02A5-6FCC" ]; devices = ["/dev/disk/by-uuid/02A5-6FCC"];
path = "/boot"; path = "/boot";
} }
{ {
devices = [ "/dev/disk/by-uuid/02F1-B12D" ]; devices = ["/dev/disk/by-uuid/02F1-B12D"];
path = "/boot-fallback"; path = "/boot-fallback";
} }
]; ];
}; };
supportedFilesystems = [ "zfs" ]; supportedFilesystems = ["zfs"];
zfs = { zfs = {
extraPools = [ "storage" ]; extraPools = [ "storage" ];
forceImportRoot = false; forceImportRoot = false;

5
modules/hosts/nixos/nixnas1/disk-config.nix
View file

@ -1,4 +1,5 @@
_: { { ... }:
{
disko.devices = { disko.devices = {
disk = { disk = {
sdc = { sdc = {
@ -123,4 +124,4 @@ _: {
}; # end zroot }; # end zroot
}; };
}; };
} }

62
modules/hosts/nixos/nixnas1/hardware-configuration.nix
View file

@ -1,65 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, modulesPath, ... }:
config,
lib,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ "nvme" ]; boot.initrd.kernelModules = [ "nvme" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "zroot/root"; { device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "zroot/root/nix"; { device = "zroot/root/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "zroot/root/home"; { device = "zroot/root/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/02A5-6FCC"; # { device = "/dev/disk/by-uuid/02A5-6FCC";
{ { device = "/dev/disk/by-partlabel/disk-sdc-BOOT";
device = "/dev/disk/by-partlabel/disk-sdc-BOOT";
fsType = "vfat"; fsType = "vfat";
options = [ options = [ "fmask=0022" "dmask=0022" ];
"fmask=0022"
"dmask=0022"
];
}; };
fileSystems."/boot-fallback" = fileSystems."/boot-fallback" =
# { device = "/dev/disk/by-uuid/02F1-B12D"; # { device = "/dev/disk/by-uuid/02F1-B12D";
{ { device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK";
device = "/dev/disk/by-partlabel/disk-sdd-BOOT-FALLBACK";
fsType = "vfat"; fsType = "vfat";
options = [ options = [ "fmask=0022" "dmask=0022" ];
"fmask=0022"
"dmask=0022"
];
}; };
swapDevices = [ ]; swapDevices = [ ];

4
modules/hosts/nixos/nixnas1/home-gene.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
} }

6
modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix
View file

@ -1,9 +1,7 @@
_: { ... }: let
let
volume_base = "/var/lib/audiobookshelf"; volume_base = "/var/lib/audiobookshelf";
http_port = "13378"; http_port = "13378";
in in {
{
# Audiobookshelf # Audiobookshelf
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {

10
modules/hosts/nixos/nixnuc/containers/mountain-mesh-bot-discord.nix
View file

@ -1,8 +1,6 @@
{ config, username, ... }: { config, username, ... }: let
let
volume_base = "/orico/mountain-mesh-bot-discord"; volume_base = "/orico/mountain-mesh-bot-discord";
in in {
{
# My mountain-mesh-bot-discord container # My mountain-mesh-bot-discord container
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@ -19,8 +17,6 @@ in
sops.secrets.mtnmesh_bot_dot_env = { sops.secrets.mtnmesh_bot_dot_env = {
path = "${volume_base}/.env"; path = "${volume_base}/.env";
restartUnits = [ restartUnits = [ "${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}" ];
"${config.virtualisation.oci-containers.containers.mtnmesh_bot_discord.serviceName}"
];
}; };
} }

7
modules/hosts/nixos/nixnuc/containers/psitransfer.nix
View file

@ -1,10 +1,8 @@
{ config, ... }: { config, ... }: let
let
volume_base = "/orico/psitransfer"; volume_base = "/orico/psitransfer";
http_port = "3000"; http_port = "3000";
psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}"; psitransfer_dot_env = "${config.sops.secrets.psitransfer_dot_env.path}";
in in {
{
############################################################################# #############################################################################
# My intent as of now is to only make this available to the outside world # # My intent as of now is to only make this available to the outside world #
@ -31,3 +29,4 @@ in
}; };
}; };
} }

189
modules/hosts/nixos/nixnuc/default.nix
View file

@ -1,18 +1,10 @@
{ { inputs, config, pkgs, username, ... }: let
inputs,
config,
pkgs,
username,
...
}:
let
http_port = 80; http_port = 80;
https_port = 443; https_port = 443;
home_domain = "home.technicalissues.us"; home_domain = "home.technicalissues.us";
backend_ip = "127.0.0.1"; backend_ip = "127.0.0.1";
restic_backup_time = "02:00"; restic_backup_time = "02:00";
in in {
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./containers/audiobookshelf.nix ./containers/audiobookshelf.nix
@ -39,9 +31,7 @@ in
}; };
environment = { environment = {
sessionVariables = { sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
LIBVA_DRIVER_NAME = "iHD";
};
systemPackages = with pkgs; [ systemPackages = with pkgs; [
inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default
docker-compose docker-compose
@ -67,7 +57,7 @@ in
intel-ocl # Generic OpenCL support intel-ocl # Generic OpenCL support
]; ];
}; };
mailserver = { mailserver = {
enable = true; enable = true;
enableImap = false; enableImap = false;
@ -91,26 +81,26 @@ in
# Open ports in the firewall. # Open ports in the firewall.
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
22 # ssh 22 # ssh
80 # http to local Nginx 80 # http to local Nginx
443 # https to local Nginx 443 # https to local Nginx
3000 # PsiTransfer in oci-container 3000 # PsiTransfer in oci-container
3001 # immich-kiosk in compose 3001 # immich-kiosk in compose
3002 # grafana 3002 # grafana
3005 # Firefly III 3005 # Firefly III
3006 # Firefly III Data Importer 3006 # Firefly III Data Importer
3030 # Forgejo 3030 # Forgejo
3087 # Youtarr in docker compose 3087 # Youtarr in docker compose
8001 # Tube Archivist 8001 # Tube Archivist
8384 # Syncthing gui 8384 # Syncthing gui
8888 # Atuin 8888 # Atuin
8090 # Wallabag in docker compose 8090 # Wallabag in docker compose
8945 # Pinchflat 8945 # Pinchflat
13378 # Audiobookshelf in oci-container 13378 # Audiobookshelf in oci-container
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
1900 # Jellyfin service auto-discovery 1900 # Jellyfin service auto-discovery
7359 # Jellyfin auto-discovery 7359 # Jellyfin auto-discovery
]; ];
}; };
# Or disable the firewall altogether. # Or disable the firewall altogether.
@ -122,19 +112,11 @@ in
networkmanager.enable = false; networkmanager.enable = false;
useNetworkd = true; useNetworkd = true;
vlans = { vlans = {
vlan23 = { vlan23 = { id = 23; interface = "eno1"; };
id = 23;
interface = "eno1";
};
}; };
interfaces = { interfaces = {
eno1.useDHCP = true; eno1.useDHCP = true;
vlan23.ipv4.addresses = [ vlan23.ipv4.addresses = [{ address = "192.168.23.21"; prefixLength = 24; }];
{
address = "192.168.23.21";
prefixLength = 24;
}
];
}; };
}; };
@ -329,11 +311,7 @@ in
"nix-tester.${home_domain}" "nix-tester.${home_domain}"
]; ];
listen = [ listen = [
{ { port = https_port; addr = "0.0.0.0"; ssl = true; }
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
]; ];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
@ -353,13 +331,7 @@ in
}; };
}; };
"ab.${home_domain}" = { "ab.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -370,41 +342,17 @@ in
''; '';
}; };
"atuin.${home_domain}" = { "atuin.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://${backend_ip}:8888"; locations."/".proxyPass = "http://${backend_ip}:8888";
}; };
# budget.${home_domain} # budget.${home_domain}
"${config.services.firefly-iii.virtualHost}".listen = [ "${config.services.firefly-iii.virtualHost}".listen = [{ port = 3005; addr = "0.0.0.0"; ssl = false; }];
{ "${config.services.firefly-iii-data-importer.virtualHost}".listen = [{ port = 3006; addr = "0.0.0.0"; ssl = false; }];
port = 3005;
addr = "0.0.0.0";
ssl = false;
}
];
"${config.services.firefly-iii-data-importer.virtualHost}".listen = [
{
port = 3006;
addr = "0.0.0.0";
ssl = false;
}
];
"git.${home_domain}" = { "git.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -414,13 +362,7 @@ in
''; '';
}; };
"id.${home_domain}" = { "id.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -432,13 +374,7 @@ in
''; '';
}; };
"immich.${home_domain}" = { "immich.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -452,13 +388,7 @@ in
''; '';
}; };
"immich-kiosk.${home_domain}" = { "immich-kiosk.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -473,13 +403,7 @@ in
''; '';
}; };
"jellyfin.${home_domain}" = { "jellyfin.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -504,13 +428,7 @@ in
''; '';
}; };
"mealie.${home_domain}" = { "mealie.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -520,13 +438,7 @@ in
''; '';
}; };
"monitoring.${home_domain}" = { "monitoring.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -557,13 +469,7 @@ in
''; '';
}; };
"readit.${home_domain}" = { "readit.${home_domain}" = {
listen = [ listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
{
port = https_port;
addr = "0.0.0.0";
ssl = true;
}
];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
@ -651,7 +557,7 @@ in
secrets = { secrets = {
firefly_app_key = { firefly_app_key = {
owner = config.services.firefly-iii.user; owner = config.services.firefly-iii.user;
restartUnits = [ "nginx.service" ]; restartUnits = ["nginx.service"];
}; };
firefly_pat_data_import = { firefly_pat_data_import = {
owner = config.services.firefly-iii-data-importer.user; owner = config.services.firefly-iii-data-importer.user;
@ -676,7 +582,7 @@ in
}; };
immich_kiosk_basic_auth = { immich_kiosk_basic_auth = {
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
restartUnits = [ "nginx.service" ]; restartUnits = ["nginx.service"];
}; };
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
@ -688,12 +594,12 @@ in
}; };
mealie = { mealie = {
mode = "0444"; mode = "0444";
restartUnits = [ "mealie.service" ]; restartUnits = ["mealie.service"];
}; };
nextcloud_admin_pass.owner = config.users.users.nextcloud.name; nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
nginx_basic_auth = { nginx_basic_auth = {
owner = "nginx"; owner = "nginx";
restartUnits = [ "nginx.service" ]; restartUnits = ["nginx.service"];
}; };
tailscale_key = { tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ]; restartUnits = [ "tailscaled-autoconnect.service" ];
@ -704,24 +610,19 @@ in
systemd.services = { systemd.services = {
jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
"mealie" = { "mealie" = {
requires = [ "postgresql.service" ]; requires = ["postgresql.service"];
after = [ "postgresql.service" ]; after = ["postgresql.service"];
}; };
"nextcloud-setup" = { "nextcloud-setup" = {
requires = [ "postgresql.service" ]; requires = ["postgresql.service"];
after = [ "postgresql.service" ]; after = ["postgresql.service"];
}; };
}; };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "docker" "podman" "networkmanager" "wheel" ];
"docker"
"podman"
"networkmanager"
"wheel"
];
linger = true; linger = true;
}; };

62
modules/hosts/nixos/nixnuc/hardware-configuration.nix
View file

@ -1,54 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, modulesPath, ... }:
config,
lib,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0"; { device = "/dev/disk/by-uuid/0ee15ee9-37ea-448d-aa3b-23eb25994df0";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/4814-3E47"; { device = "/dev/disk/by-uuid/4814-3E47";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/var/lib/audiobookshelf" = { fileSystems."/var/lib/audiobookshelf" =
device = "orico/audiobookshelf"; { device = "orico/audiobookshelf";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/postgresql" = { fileSystems."/var/lib/postgresql" =
device = "orico/postgresql-data"; { device = "orico/postgresql-data";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/postgresql/16/pg_wal" = { fileSystems."/var/lib/postgresql/16/pg_wal" =
device = "orico/postgresql-wal-16"; { device = "orico/postgresql-wal-16";
fsType = "zfs"; fsType = "zfs";
}; };
# Second disk inside case # Second disk inside case
#fileSystems."/var/lib/postgresql" = #fileSystems."/var/lib/postgresql" =

4
modules/hosts/nixos/nixnuc/home-gene.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
home.stateVersion = "23.11"; home.stateVersion = "23.11";
} }

109
modules/hosts/nixos/nixnuc/monitoring-stack.nix
View file

@ -1,8 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }: let
let
home_domain = "home.technicalissues.us"; home_domain = "home.technicalissues.us";
in in {
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Keeping empty for manual testing if needed # Keeping empty for manual testing if needed
]; ];
@ -27,7 +25,7 @@ in
# ---------------------------- # ----------------------------
victoriametrics = { victoriametrics = {
enable = true; enable = true;
stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix stateDir = "victoriametrics"; # Just the directory name, module adds /var/lib/ prefix
package = pkgs.victoriametrics; package = pkgs.victoriametrics;
}; };
@ -49,24 +47,21 @@ in
static_configs = [ static_configs = [
{ {
targets = [ targets = [
"127.0.0.1:9100" # nixnuc "127.0.0.1:9100" # nixnuc
"192.168.22.22:9100" # home assistant "192.168.22.22:9100" # home assistant
"umbrel:9100" "umbrel:9100"
]; ];
} }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ source_labels = ["__name__" "nodename"];
"__name__"
"nodename"
];
regex = "node_uname_info;0d869efa-prometheus-node-exporter"; regex = "node_uname_info;0d869efa-prometheus-node-exporter";
target_label = "nodename"; target_label = "nodename";
replacement = "homeassistant"; replacement = "homeassistant";
} }
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -89,11 +84,11 @@ in
{ {
job_name = "cadvisor"; job_name = "cadvisor";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:8081" ]; } { targets = ["127.0.0.1:8081"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -110,11 +105,11 @@ in
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9113" ]; } { targets = ["127.0.0.1:9113"]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = ["__name__"];
regex = "go_.*"; regex = "go_.*";
action = "drop"; action = "drop";
} }
@ -133,7 +128,7 @@ in
scrape_interval = "30s"; scrape_interval = "30s";
metrics_path = "/api/prometheus"; metrics_path = "/api/prometheus";
static_configs = [ static_configs = [
{ targets = [ "192.168.22.22:8123" ]; } { targets = ["192.168.22.22:8123"]; }
]; ];
bearer_token_file = config.sops.secrets.home_assistant_token.path; bearer_token_file = config.sops.secrets.home_assistant_token.path;
relabel_configs = [ relabel_configs = [
@ -150,7 +145,7 @@ in
scheme = "https"; scheme = "https";
scrape_interval = "30s"; scrape_interval = "30s";
static_configs = [ static_configs = [
{ targets = [ "utk.technicalissues.us" ]; } { targets = ["utk.technicalissues.us"]; }
]; ];
basic_auth = { basic_auth = {
password_file = config.sops.secrets.uptimekuma_grafana_api_key.path; password_file = config.sops.secrets.uptimekuma_grafana_api_key.path;
@ -158,19 +153,19 @@ in
}; };
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "monitor_hostname" ]; source_labels = ["monitor_hostname"];
regex = "^null$"; regex = "^null$";
replacement = ""; replacement = "";
target_label = "monitor_hostname"; target_label = "monitor_hostname";
} }
{ {
source_labels = [ "monitor_port" ]; source_labels = ["monitor_port"];
regex = "^null$"; regex = "^null$";
replacement = ""; replacement = "";
target_label = "monitor_port"; target_label = "monitor_port";
} }
{ {
source_labels = [ "monitor_url" ]; source_labels = ["monitor_url"];
regex = "https:\/\/"; regex = "https:\/\/";
replacement = ""; replacement = "";
target_label = "monitor_url"; target_label = "monitor_url";
@ -216,16 +211,17 @@ in
datasources.settings.datasources = [ datasources.settings.datasources = [
{ {
name = "VictoriaMetrics"; name = "VictoriaMetrics";
type = "victoriametrics-metrics-datasource"; type = "victoriametrics-metrics-datasource";
access = "proxy"; access = "proxy";
url = "http://127.0.0.1:8428"; url = "http://127.0.0.1:8428";
isDefault = true; isDefault = true;
uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules uid = "VictoriaMetrics"; # Set explicit UID for use in alert rules
} }
]; ];
}; };
settings = { settings = {
auth = { auth = {
# Set to true to disable (hide) the login form, useful if you use OAuth # Set to true to disable (hide) the login form, useful if you use OAuth
@ -233,36 +229,36 @@ in
}; };
"auth.generic_oauth" = { "auth.generic_oauth" = {
name = "Pocket ID"; name = "Pocket ID";
enabled = true; enabled = true;
# Use Grafana's file reference syntax for secrets # Use Grafana's file reference syntax for secrets
client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}"; client_id = "$__file{${config.sops.secrets.grafana_oauth_client_id.path}}";
client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}"; client_secret = "$__file{${config.sops.secrets.grafana_oauth_client_secret.path}}";
auth_style = "AutoDetect"; auth_style = "AutoDetect";
scopes = "openid email profile groups"; scopes = "openid email profile groups";
auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize"; auth_url = "${config.services.pocket-id.settings.APP_URL}/authorize";
token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token"; token_url = "${config.services.pocket-id.settings.APP_URL}/api/oidc/token";
allow_sign_up = true; allow_sign_up = true;
auto_login = true; auto_login = true;
name_attribute_path = "display_name"; name_attribute_path = "display_name";
login_attribute_path = "preferred_username"; login_attribute_path = "preferred_username";
email_attribute_name = "email:primary"; email_attribute_name = "email:primary";
email_attribute_path = "email"; email_attribute_path = "email";
role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'"; role_attribute_path = "contains(groups[*], 'grafana_super_admin') && 'GrafanaAdmin' || contains(groups[*], 'grafana_admin') && 'Admin' || contains(groups[*], 'grafana_editor') && 'Editor' || 'Viewer'";
role_attribute_strict = false; role_attribute_strict = false;
allow_assign_grafana_admin = true; allow_assign_grafana_admin = true;
skip_org_role_sync = false; skip_org_role_sync = false;
use_pkce = true; use_pkce = true;
use_refresh_token = false; use_refresh_token = false;
tls_skip_verify_insecure = false; tls_skip_verify_insecure = false;
}; };
# Database configuration - use PostgreSQL with peer authentication # Database configuration - use PostgreSQL with peer authentication
database = { database = {
type = "postgres"; type = "postgres";
host = "/run/postgresql"; # Use Unix socket instead of TCP host = "/run/postgresql"; # Use Unix socket instead of TCP
name = "grafana"; name = "grafana";
user = "grafana"; user = "grafana";
# No password needed - using peer authentication via Unix socket # No password needed - using peer authentication via Unix socket
@ -270,10 +266,10 @@ in
# Server configuration # Server configuration
server = { server = {
domain = "monitoring.${home_domain}"; domain = "monitoring.${home_domain}";
http_addr = "0.0.0.0"; http_addr = "0.0.0.0";
http_port = 3002; http_port = 3002;
root_url = "https://monitoring.${home_domain}/grafana/"; root_url = "https://monitoring.${home_domain}/grafana/";
serve_from_sub_path = true; serve_from_sub_path = true;
}; };
@ -290,7 +286,7 @@ in
# ---------------------------- # ----------------------------
# Exporters (using built-in NixOS modules) # Exporters (using built-in NixOS modules)
# ---------------------------- # ----------------------------
# Node exporter - using the built-in module # Node exporter - using the built-in module
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
@ -336,7 +332,7 @@ in
group = "vmagent"; group = "vmagent";
}; };
users.groups.vmagent = { }; users.groups.vmagent = {};
# ---------------------------- # ----------------------------
# Systemd service dependencies # Systemd service dependencies
@ -354,19 +350,19 @@ in
secrets = { secrets = {
grafana_oauth_client_id = { grafana_oauth_client_id = {
owner = "grafana"; owner = "grafana";
restartUnits = [ "grafana.service" ]; restartUnits = ["grafana.service"];
}; };
grafana_oauth_client_secret = { grafana_oauth_client_secret = {
owner = "grafana"; owner = "grafana";
restartUnits = [ "grafana.service" ]; restartUnits = ["grafana.service"];
}; };
home_assistant_token = { home_assistant_token = {
owner = "vmagent"; owner = "vmagent";
restartUnits = [ "vmagent.service" ]; restartUnits = ["vmagent.service"];
}; };
uptimekuma_grafana_api_key = { uptimekuma_grafana_api_key = {
owner = "vmagent"; owner = "vmagent";
restartUnits = [ "vmagent.service" ]; restartUnits = ["vmagent.service"];
sopsFile = ../../../shared/secrets.yaml; sopsFile = ../../../shared/secrets.yaml;
}; };
}; };
@ -382,3 +378,4 @@ in
]; ];
}; };
} }

21
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -1,11 +1,4 @@
{ { inputs, config, pkgs, username, ... }: {
inputs,
config,
pkgs,
username,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../../shared/nixos/flatpaks.nix ../../../shared/nixos/flatpaks.nix
@ -21,7 +14,7 @@
}; };
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot = { systemd-boot= {
enable = true; enable = true;
consoleMode = "1"; consoleMode = "1";
}; };
@ -186,15 +179,7 @@
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ extraGroups = [ "adbusers" "dialout" "docker" "input" "networkmanager" "podman" "wheel" ];
"adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"podman"
"wheel"
];
packages = with pkgs; [ packages = with pkgs; [
tailscale-systray tailscale-systray
]; ];

6
modules/hosts/nixos/rainbow-planet/gnome.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnome.gnome-tweaks gnome.gnome-tweaks
gnome.nautilus gnome.nautilus
@ -16,7 +15,7 @@
gnome.gnome-keyring.enable = true; # Provides secret storage gnome.gnome-keyring.enable = true; # Provides secret storage
gvfs.enable = true; # Used by Nautilus gvfs.enable = true; # Used by Nautilus
xserver = { xserver = {
enable = true; # Enable the X11 windowing system. enable = true; # Enable the X11 windowing system.
# Configure keymap in X11 # Configure keymap in X11
xkb = { xkb = {
@ -34,3 +33,4 @@
}; };
}; };
} }

49
modules/hosts/nixos/rainbow-planet/hardware-configuration.nix
View file

@ -1,51 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, modulesPath, pkgs, ... }:
config,
lib,
modulesPath,
pkgs,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
# boot.kernelPackages = pkgs.linuxPackages_zen; # boot.kernelPackages = pkgs.linuxPackages_zen;
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ boot.kernelModules = [ "kvm-intel" "sg" ];
"kvm-intel"
"sg"
];
boot.kernelParams = [ boot.kernelParams = [
"i915.enable_fbc=1" "i915.enable_fbc=1"
"i915.enable_psr=2" "i915.enable_psr=2"
]; ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c"; { device = "/dev/disk/by-uuid/eb9a2c7e-ae61-4d06-9464-49b98d576f7c";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/924D-E7A4"; { device = "/dev/disk/by-uuid/924D-E7A4";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices =
{ device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; } [ { device = "/dev/disk/by-uuid/166d24ca-401c-492e-845d-bb1d0d6d7d86"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

19
modules/hosts/nixos/rainbow-planet/home-gene.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
home.stateVersion = "23.11"; home.stateVersion = "23.11";
imports = [ imports = [
../../../shared/home/general/all-gui.nix ../../../shared/home/general/all-gui.nix
@ -11,14 +10,12 @@
]; ];
home.file = { home.file = {
".config/hypr/frappe.conf".source = ".config/hypr/frappe.conf".source = (pkgs.fetchFromGitHub {
pkgs.fetchFromGitHub { owner = "catppuccin";
owner = "catppuccin"; repo = "hyprland";
repo = "hyprland"; rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be";
rev = "99a88fd21fac270bd999d4a26cf0f4a4222c58be"; hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8=";
hash = "sha256-07B5QmQmsUKYf38oWU3+2C6KO4JvinuTwmW1Pfk8CT8="; } + "/themes/frappe.conf");
}
+ "/themes/frappe.conf";
}; };
programs = { programs = {
@ -35,7 +32,7 @@
settings = { settings = {
global = { global = {
frame_color = "#8CAAEE"; frame_color = "#8CAAEE";
separator_color = "frame"; separator_color= "frame";
}; };
urgency_low = { urgency_low = {

3
modules/shared/home/general/all-gui.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
esptool esptool
]; ];

48
modules/shared/home/general/default.nix
View file

@ -1,29 +1,17 @@
{ { config, inputs, pkgs, ... }: let
config, sqlite_lib = if builtins.elem pkgs.stdenv.hostPlatform.system [
inputs, "aarch64-darwin"
pkgs, "x86_64-darwin"
... ]
}: then "libsqlite3.dylib"
let else "libsqlite3.so";
sqlite_lib = in {
if
builtins.elem pkgs.stdenv.hostPlatform.system [
"aarch64-darwin"
"x86_64-darwin"
]
then
"libsqlite3.dylib"
else
"libsqlite3.so";
in
{
home.packages = with pkgs; [ home.packages = with pkgs; [
btop btop
bundix bundix
cargo cargo
cheat cheat
colordiff colordiff
deadnix
dogdns dogdns
dos2unix dos2unix
duf duf
@ -51,7 +39,6 @@ in
nodejs nodejs
nurl nurl
nvd nvd
nixfmt
onefetch onefetch
powershell powershell
pre-commit pre-commit
@ -59,7 +46,6 @@ in
rename rename
ruby ruby
subversion subversion
statix
tldr tldr
tree tree
trippy trippy
@ -125,7 +111,7 @@ in
"*.swp" "*.swp"
".DS_Store" ".DS_Store"
]; ];
includes = [ { path = "~/.gitconfig-local"; } ]; includes = [ { path = "~/.gitconfig-local"; }];
lfs.enable = true; lfs.enable = true;
package = pkgs.gitFull; package = pkgs.gitFull;
settings = { settings = {
@ -173,7 +159,7 @@ in
''; '';
extraPackages = with pkgs; [ extraPackages = with pkgs; [
gcc # needed so treesitter can do compiling gcc # needed so treesitter can do compiling
sqlite # needed by sqlite.lua used by telescope-cheat sqlite # needed by sqlite.lua used by telescope-cheat
]; ];
plugins = [ pkgs.vimPlugins.lazy-nvim ]; # let lazy.nvim manage every other plugin plugins = [ pkgs.vimPlugins.lazy-nvim ]; # let lazy.nvim manage every other plugin
@ -185,11 +171,7 @@ in
oh-my-posh = { oh-my-posh = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
settings = builtins.fromJSON ( settings = builtins.fromJSON (builtins.unsafeDiscardStringContext (builtins.readFile (inputs.genebean-omp-themes + "/beanbag.omp.json")));
builtins.unsafeDiscardStringContext (
builtins.readFile (inputs.genebean-omp-themes + "/beanbag.omp.json")
)
);
#useTheme = "amro"; #useTheme = "amro";
#useTheme = "montys"; #useTheme = "montys";
}; };
@ -207,7 +189,7 @@ in
set -g @dracula-show-battery false set -g @dracula-show-battery false
set -g @dracula-show-powerline true set -g @dracula-show-powerline true
set -g @dracula-refresh-rate 10 set -g @dracula-refresh-rate 10
''; '';
} }
]; ];
extraConfig = '' extraConfig = ''
@ -378,9 +360,7 @@ in
source = ../../files/nvim/lua/plugins; source = ../../files/nvim/lua/plugins;
recursive = true; recursive = true;
}; };
".config/powershell/Microsoft.PowerShell_profile.ps1".source = ".config/powershell/Microsoft.PowerShell_profile.ps1".source = ../../files/Microsoft.PowerShell_profile.ps1;
../../files/Microsoft.PowerShell_profile.ps1; ".config/powershell/Microsoft.VSCode_profile.ps1".source = ../../files/Microsoft.PowerShell_profile.ps1;
".config/powershell/Microsoft.VSCode_profile.ps1".source =
../../files/Microsoft.PowerShell_profile.ps1;
}; };
} }

2
modules/shared/home/linux/apps/hexchat.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
programs.hexchat.enable = true; programs.hexchat.enable = true;
} }

2
modules/shared/home/linux/apps/pidgin.nix
View file

@ -1,3 +1,3 @@
_: { { ... }: {
programs.pidgin.enable = true; programs.pidgin.enable = true;
} }

39
modules/shared/home/linux/apps/tilix.nix
View file

@ -1,6 +1,4 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }: with lib.hm.gvariant; {
with lib.hm.gvariant;
{
dconf.settings = { dconf.settings = {
"com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = { "com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = {
@ -12,24 +10,7 @@ with lib.hm.gvariant;
font = "Hack Nerd Font Mono 12"; font = "Hack Nerd Font Mono 12";
foreground-color = "#F8F8F2"; foreground-color = "#F8F8F2";
highlight-colors-set = false; highlight-colors-set = false;
palette = [ palette = [ "#272822" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F8F8F2" "#75715E" "#F92672" "#A6E22E" "#F4BF75" "#66D9EF" "#AE81FF" "#A1EFE4" "#F9F8F5" ];
"#272822"
"#F92672"
"#A6E22E"
"#F4BF75"
"#66D9EF"
"#AE81FF"
"#A1EFE4"
"#F8F8F2"
"#75715E"
"#F92672"
"#A6E22E"
"#F4BF75"
"#66D9EF"
"#AE81FF"
"#A1EFE4"
"#F9F8F5"
];
use-system-font = false; use-system-font = false;
use-theme-colors = false; use-theme-colors = false;
visible-name = "Default"; visible-name = "Default";
@ -39,13 +20,11 @@ with lib.hm.gvariant;
home.file = { home.file = {
".config/tilix/schemes/Beanbag-Mathias.json".source = ../../../files/tilix/Beanbag-Mathias.json; ".config/tilix/schemes/Beanbag-Mathias.json".source = ../../../files/tilix/Beanbag-Mathias.json;
".config/tilix/schemes/Catppuccin-Frappe.json".source = ".config/tilix/schemes/Catppuccin-Frappe.json".source = (pkgs.fetchFromGitHub {
pkgs.fetchFromGitHub { owner = "catppuccin";
owner = "catppuccin"; repo = "tilix";
repo = "tilix"; rev = "3fd05e03419321f2f2a6aad6da733b28be1765ef";
rev = "3fd05e03419321f2f2a6aad6da733b28be1765ef"; hash = "sha256-SI7QxQ+WBHzeuXbTye+s8pi4tDVZOV4Aa33mRYO276k=";
hash = "sha256-SI7QxQ+WBHzeuXbTye+s8pi4tDVZOV4Aa33mRYO276k="; } + "/src/Catppuccin-Frappe.json");
}
+ "/src/Catppuccin-Frappe.json";
}; };
} }

21
modules/shared/home/linux/apps/waybar.nix
View file

@ -1,20 +1,17 @@
{ pkgs, ... }: { pkgs, ... }: {
{
home.file = { home.file = {
".config/waybar/config".source = ../../../files/waybar/config; ".config/waybar/config".source = ../../../files/waybar/config;
".config/waybar/frappe.css".source = ".config/waybar/frappe.css".source = (pkgs.fetchFromGitHub {
pkgs.fetchFromGitHub { owner = "catppuccin";
owner = "catppuccin"; repo = "waybar";
repo = "waybar"; rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff";
rev = "f74ab1eecf2dcaf22569b396eed53b2b2fbe8aff"; hash = "sha256-WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8=";
hash = "sha256-WLJMA2X20E5PCPg0ZPtSop0bfmu+pLImP9t8A8V4QK8="; } + "/themes/frappe.css");
}
+ "/themes/frappe.css";
".config/waybar/style.css".source = ../../../files/waybar/style.css; ".config/waybar/style.css".source = ../../../files/waybar/style.css;
}; };
programs = { programs = {
# Using file in ../../files/waybar/ to configure waybar # Using file in ../../files/waybar/ to configure waybar
waybar.enable = true; waybar.enable = true;
}; };
} }

7
modules/shared/home/linux/apps/xfce4-terminal.nix
View file

@ -1,4 +1,4 @@
_: { { ... }: {
home.file = { home.file = {
".config/xfce4/terminal/accels.scm".source = ../../../files/xfce4/terminal/accels.scm; ".config/xfce4/terminal/accels.scm".source = ../../../files/xfce4/terminal/accels.scm;
}; };
@ -11,8 +11,7 @@ _: {
"color-background" = "#08052b"; "color-background" = "#08052b";
"color-cursor" = "#ff7f7f"; "color-cursor" = "#ff7f7f";
"color-cursor-use-default" = false; "color-cursor-use-default" = false;
"color-palette" = "color-palette" = "#000000;#e52222;#a6e32d;#fc951e;#c48dff;#fa2573;#67d9f0;#f2f2f2;#555555;#ff5555;#55ff55;#ffff55;#5555ff;#ff55ff;#55ffff;#ffffff";
"#000000;#e52222;#a6e32d;#fc951e;#c48dff;#fa2573;#67d9f0;#f2f2f2;#555555;#ff5555;#55ff55;#ffff55;#5555ff;#ff55ff;#55ffff;#ffffff";
"font-name" = "Hack Nerd Font Mono 12"; "font-name" = "Hack Nerd Font Mono 12";
"misc-always-show-tabs" = false; "misc-always-show-tabs" = false;
"misc-bell" = false; "misc-bell" = false;
@ -44,4 +43,4 @@ _: {
"title-initial" = "xfce4-terminal"; "title-initial" = "xfce4-terminal";
}; };
}; };
} }

3
modules/shared/home/linux/default.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
fastfetch fastfetch
]; ];

3
modules/shared/nixos/flatpaks.nix
View file

@ -1,4 +1,5 @@
_: {
{ ... }: {
services = { services = {
flatpak = { flatpak = {
enable = true; enable = true;

4
modules/shared/nixos/internationalisation.nix
View file

@ -1,4 +1,4 @@
_: { { ... }: {
# Select internationalisation properties. # Select internationalisation properties.
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
@ -14,4 +14,4 @@ _: {
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
}; };
} }

7
modules/shared/nixos/lets-encrypt.nix
View file

@ -1,5 +1,4 @@
{ config, username, ... }: { config, username, ... }: {
{
########################################################################## ##########################################################################
# # # #
@ -11,9 +10,7 @@
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "lets-encrypt@technicalissues.us"; email = "lets-encrypt@technicalissues.us";
credentialFiles = { credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}"; };
"GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}";
};
dnsProvider = "gandiv5"; dnsProvider = "gandiv5";
dnsResolver = "ns1.gandi.net"; dnsResolver = "ns1.gandi.net";
# uncomment below for testing # uncomment below for testing

8
modules/shared/nixos/nixroutes.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (config.networking) hostName; hostName = config.networking.hostName;
in in {
{ programs.zsh.shellAliases.nixroutes =
programs.zsh.shellAliases.nixroutes = "cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'"; "cd ~/repos/dots && echo '=== Current Routes ===' && ip route show && ip -6 route show && echo '' && echo '=== New Build Routes ===' && nix eval --json '.#nixosConfigurations.${hostName}.config.systemd.network.networks.\"10-wan\".routes'";
} }

4
modules/shared/nixos/restic.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, ... }: {
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
restic restic
]; ];
@ -30,3 +29,4 @@
}; };
}; };
} }

4
modules/shared/nixos/ripping.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Be sure this is added if on NixOS # Be sure this is added if on NixOS
# boot.kernelModules = [ "sg" ]; # boot.kernelModules = [ "sg" ];
@ -21,3 +20,4 @@
mkvtoolnix-cli mkvtoolnix-cli
]; ];
} }