diff --git a/flake.lock b/flake.lock index 58b507c..fd784c8 100644 --- a/flake.lock +++ b/flake.lock @@ -112,7 +112,7 @@ "devshell_2": { "inputs": { "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] @@ -198,7 +198,7 @@ "flake-parts_2": { "inputs": { "nixpkgs-lib": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] @@ -291,18 +291,18 @@ "git-hooks": { "inputs": { "flake-compat": [ - "nixvim", + "nixvim-config", "nixvim", "flake-compat" ], "gitignore": "gitignore_2", "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ], "nixpkgs-stable": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] @@ -346,7 +346,7 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "git-hooks", "nixpkgs" @@ -411,7 +411,7 @@ "home-manager_3": { "inputs": { "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] @@ -448,7 +448,7 @@ "nix-darwin": { "inputs": { "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] @@ -612,26 +612,6 @@ } }, "nixvim": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_4", - "nixvim": "nixvim_2" - }, - "locked": { - "lastModified": 1723012155, - "narHash": "sha256-7AlUEGsbIOCQmIRc+lH/k2CJ32pdEkFszyMekTOVoJc=", - "ref": "refs/heads/master", - "rev": "e3dc3f07d69bcb0c9df5875aefd7dbf3877be794", - "revCount": 14, - "type": "git", - "url": "https://git.sajenim.dev/jasmine/nvim.nix.git" - }, - "original": { - "type": "git", - "url": "https://git.sajenim.dev/jasmine/nvim.nix.git" - } - }, - "nixvim_2": { "inputs": { "devshell": "devshell_2", "flake-compat": "flake-compat_3", @@ -657,11 +637,31 @@ "type": "github" } }, + "nixvim-config": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_4", + "nixvim": "nixvim" + }, + "locked": { + "lastModified": 1723012155, + "narHash": "sha256-7AlUEGsbIOCQmIRc+lH/k2CJ32pdEkFszyMekTOVoJc=", + "ref": "refs/heads/master", + "rev": "e3dc3f07d69bcb0c9df5875aefd7dbf3877be794", + "revCount": 14, + "type": "git", + "url": "https://git.sajenim.dev/jasmine/nvim.nix.git" + }, + "original": { + "type": "git", + "url": "https://git.sajenim.dev/jasmine/nvim.nix.git" + } + }, "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils_4", "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] @@ -718,7 +718,7 @@ "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", - "nixvim": "nixvim" + "nixvim-config": "nixvim-config" } }, "systems": { @@ -814,7 +814,7 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ - "nixvim", + "nixvim-config", "nixvim", "nixpkgs" ] diff --git a/flake.nix b/flake.nix index b2d6698..884b758 100644 --- a/flake.nix +++ b/flake.nix @@ -28,87 +28,84 @@ # Add any other flake you might need. nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - nixvim.url = "git+https://git.sajenim.dev/jasmine/nvim.nix.git"; + nixvim-config.url = "git+https://git.sajenim.dev/jasmine/nvim.nix.git"; }; - outputs = { - self, - nixpkgs, - home-manager, - ... - } @ inputs: let - inherit (self) outputs; - # Supported systems for your flake packages, shell, etc. - systems = [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - "aarch64-darwin" - "x86_64-darwin" - ]; - # This is a function that generates an attribute by calling a function you - # pass to it, with each system as an argument - forAllSystems = nixpkgs.lib.genAttrs systems; - in { - # Your custom packages - # Acessible through 'nix build', 'nix shell', etc - packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); - # Formatter for your nix files, available through 'nix fmt' - # Other options beside 'alejandra' include 'nixpkgs-fmt' - formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); + outputs = { self, nixpkgs, home-manager, ... }@inputs: + let + inherit (self) outputs; + # Supported systems for your flake packages, shell, etc. + systems = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + "aarch64-darwin" + "x86_64-darwin" + ]; + # This is a function that generates an attribute by calling a function you + # pass to it, with each system as an argument + forAllSystems = nixpkgs.lib.genAttrs systems; + in + { + # Your custom packages + # Acessible through 'nix build', 'nix shell', etc + packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + # Formatter for your nix files, available through 'nix fmt' + # Other options beside 'alejandra' include 'nixpkgs-fmt' + formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); - # Your custom packages and modifications, exported as overlays - overlays = import ./overlays {inherit inputs;}; - # Reusable nixos modules you might want to export - # These are usually stuff you would upstream into nixpkgs - nixosModules = import ./modules/nixos; - # Reusable home-manager modules you might want to export - # These are usually stuff you would upstream into home-manager - homeManagerModules = import ./modules/home-manager; + # Your custom packages and modifications, exported as overlays + overlays = import ./overlays { inherit inputs; }; + # Reusable nixos modules you might want to export + # These are usually stuff you would upstream into nixpkgs + nixosModules = import ./modules/nixos; + # Reusable home-manager modules you might want to export + # These are usually stuff you would upstream into home-manager + homeManagerModules = import ./modules/home-manager; - # Expose the necessary information in your flake so agenix-rekey - # knows where it has too look for secrets and paths. - agenix-rekey = inputs.agenix-rekey.configure { - userFlake = self; - nodes = self.nixosConfigurations; - }; - - # NixOS configuration entrypoint - # Available through 'nixos-rebuild --flake .#your-hostname' - nixosConfigurations = { - fuchsia = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - modules = [ - ./nixos/fuchsia/configuration.nix - ]; + # Expose the necessary information in your flake so agenix-rekey + # knows where it has too look for secrets and paths. + agenix-rekey = inputs.agenix-rekey.configure { + userFlake = self; + nodes = self.nixosConfigurations; }; - viridian = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - modules = [ - ./nixos/viridian/configuration.nix - ]; + # NixOS configuration entrypoint + # Available through 'nixos-rebuild --flake .#your-hostname' + nixosConfigurations = { + fuchsia = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + ./nixos/fuchsia/configuration.nix + ]; + }; + + viridian = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + ./nixos/viridian/configuration.nix + ]; + }; + }; + + # Standalone home-manager configuration entrypoint + # Available through 'home-manager --flake .#your-username@your-hostname' + homeConfigurations = { + "sajenim@fuchsia" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs outputs; }; + modules = [ + ./home-manager/sajenim/fuchsia.nix + ]; + }; + + "sajenim@viridian" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs outputs; }; + modules = [ + ./home-manager/sajenim/viridian.nix + ]; + }; }; }; - - # Standalone home-manager configuration entrypoint - # Available through 'home-manager --flake .#your-username@your-hostname' - homeConfigurations = { - "sajenim@fuchsia" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home-manager/sajenim/fuchsia.nix - ]; - }; - - "sajenim@viridian" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = {inherit inputs outputs;}; - modules = [ - ./home-manager/sajenim/viridian.nix - ]; - }; - }; - }; } diff --git a/home-manager/sajenim/features/cli/default.nix b/home-manager/sajenim/features/cli/default.nix index 16f4aff..7251ad7 100644 --- a/home-manager/sajenim/features/cli/default.nix +++ b/home-manager/sajenim/features/cli/default.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ imports = [ ./git.nix ./nvim.nix diff --git a/home-manager/sajenim/features/cli/git.nix b/home-manager/sajenim/features/cli/git.nix index 705c89c..863a500 100644 --- a/home-manager/sajenim/features/cli/git.nix +++ b/home-manager/sajenim/features/cli/git.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ home.packages = with pkgs; [ lazygit ]; diff --git a/home-manager/sajenim/features/cli/nvim.nix b/home-manager/sajenim/features/cli/nvim.nix index 85a8cc6..3161bff 100644 --- a/home-manager/sajenim/features/cli/nvim.nix +++ b/home-manager/sajenim/features/cli/nvim.nix @@ -1,8 +1,7 @@ +{ inputs, ... }: + { - inputs, - pkgs, - ... -}: { # Install our nixvim configuration for neovim. - home.packages = [inputs.nixvim.packages.${pkgs.system}.default]; + home.packages = [ inputs.nixvim-config.packages.x86_64-linux.default ]; } + diff --git a/home-manager/sajenim/features/cli/zsh.nix b/home-manager/sajenim/features/cli/zsh.nix index 9411919..876c788 100644 --- a/home-manager/sajenim/features/cli/zsh.nix +++ b/home-manager/sajenim/features/cli/zsh.nix @@ -1,11 +1,13 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ home.packages = with pkgs; [ fzf # command-line fuzzy finder ]; programs.zsh = { enable = true; - + # Enable extra features autosuggestion = { enable = true; @@ -15,17 +17,17 @@ }; enableCompletion = true; dotDir = ".config/zsh"; - + # Commands that should be added to to top of '.zshrc' initExtraFirst = '' ''; # Aliases shellAliases = { - c = "clear"; - r = "cd ~/.repositories"; - p = "cd ~/.print"; - d = "cd ~/.repositories/dotfiles.nix"; + c = "clear"; + r = "cd ~/.repositories"; + p = "cd ~/.print"; + d = "cd ~/.repositories/dotfiles.nix"; la = "ls -a"; ll = "ls -l"; tt = "wezterm cli set-tab-title "; @@ -38,7 +40,7 @@ crkbd = "$HOME/.github/qmk_keymaps/keyboards/crkbd/keymaps/sajenim"; kchrn = "$HOME/.github/qmk_keymaps/keyboards/keychron/q4/ansi_v2/keymaps/sajenim"; }; - + # Install plugins plugins = [ { @@ -51,7 +53,7 @@ }; } ]; - + # Extra commands that should be added to '.zshrc' initExtra = '' eval "$(direnv hook zsh)" @@ -64,3 +66,4 @@ ''; }; } + diff --git a/home-manager/sajenim/features/desktop/awesome/default.nix b/home-manager/sajenim/features/desktop/awesome/default.nix index 08af1d1..68c9549 100644 --- a/home-manager/sajenim/features/desktop/awesome/default.nix +++ b/home-manager/sajenim/features/desktop/awesome/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: let +{ pkgs, ... }: +let awesome = pkgs.awesome.overrideAttrs (oa: { version = "ad0290bc1aac3ec2391aa14784146a53ebf9d1f0"; src = pkgs.fetchFromGitHub { @@ -8,18 +9,16 @@ hash = "sha256-uaskBbnX8NgxrprI4UbPfb5cRqdRsJZv0YXXshfsxFU="; }; - patches = []; + patches = [ ]; postPatch = '' patchShebangs tests/examples/_postprocess.lua ''; }); -in { +in +{ xdg.configFile = { - awesome = { - source = ./config; - recursive = true; - }; + awesome = { source = ./config; recursive = true; }; }; xsession.windowManager.awesome = { @@ -27,3 +26,4 @@ in { package = awesome; }; } + diff --git a/home-manager/sajenim/features/desktop/default.nix b/home-manager/sajenim/features/desktop/default.nix index adbbfa0..c3c6b4e 100644 --- a/home-manager/sajenim/features/desktop/default.nix +++ b/home-manager/sajenim/features/desktop/default.nix @@ -1,8 +1,6 @@ +{ inputs, pkgs, ... }: + { - inputs, - pkgs, - ... -}: { imports = [ ./discord ./rofi diff --git a/home-manager/sajenim/features/desktop/discord/default.nix b/home-manager/sajenim/features/desktop/discord/default.nix index 838f8fe..7f58107 100644 --- a/home-manager/sajenim/features/desktop/discord/default.nix +++ b/home-manager/sajenim/features/desktop/discord/default.nix @@ -1,7 +1,9 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ nixpkgs.overlays = [ (final: prev: { - discord = prev.discord.override {withOpenASAR = true;}; + discord = prev.discord.override { withOpenASAR = true; }; }) ]; diff --git a/home-manager/sajenim/features/desktop/email.nix b/home-manager/sajenim/features/desktop/email.nix index 346a889..967b805 100644 --- a/home-manager/sajenim/features/desktop/email.nix +++ b/home-manager/sajenim/features/desktop/email.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ home.packages = with pkgs; [ # protonmail-bridge requires password manager pass @@ -113,3 +115,4 @@ ]; }; } + diff --git a/home-manager/sajenim/features/desktop/irc.nix b/home-manager/sajenim/features/desktop/irc.nix index cc6b3f4..35d37a4 100644 --- a/home-manager/sajenim/features/desktop/irc.nix +++ b/home-manager/sajenim/features/desktop/irc.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ home.packages = with pkgs; [ weechat ]; @@ -14,3 +16,4 @@ ]; }; } + diff --git a/home-manager/sajenim/features/desktop/mpd.nix b/home-manager/sajenim/features/desktop/mpd.nix index 77956cd..487d56d 100644 --- a/home-manager/sajenim/features/desktop/mpd.nix +++ b/home-manager/sajenim/features/desktop/mpd.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ services.mpd = { enable = true; musicDirectory = "nfs://viridian.kanto.dev/srv/multimedia/library/music"; diff --git a/home-manager/sajenim/features/desktop/picom.nix b/home-manager/sajenim/features/desktop/picom.nix index 3ea617f..c8f0ff9 100644 --- a/home-manager/sajenim/features/desktop/picom.nix +++ b/home-manager/sajenim/features/desktop/picom.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ services.picom = { enable = true; shadow = true; diff --git a/home-manager/sajenim/features/desktop/rofi/default.nix b/home-manager/sajenim/features/desktop/rofi/default.nix index 2aff585..c4ee9ca 100644 --- a/home-manager/sajenim/features/desktop/rofi/default.nix +++ b/home-manager/sajenim/features/desktop/rofi/default.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ programs.rofi = { enable = true; font = "Fisa Code 10"; @@ -14,3 +16,4 @@ recursive = true; }; } + diff --git a/home-manager/sajenim/features/desktop/wezterm/default.nix b/home-manager/sajenim/features/desktop/wezterm/default.nix index 052768a..3b94c2f 100644 --- a/home-manager/sajenim/features/desktop/wezterm/default.nix +++ b/home-manager/sajenim/features/desktop/wezterm/default.nix @@ -1,12 +1,12 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ home.packages = with pkgs.unstable; [ wezterm ]; xdg.configFile = { - wezterm = { - source = ./config; - recursive = true; - }; + wezterm = { source = ./config; recursive = true; }; }; } + diff --git a/home-manager/sajenim/features/games/default.nix b/home-manager/sajenim/features/games/default.nix index ae96cc2..de05e91 100644 --- a/home-manager/sajenim/features/games/default.nix +++ b/home-manager/sajenim/features/games/default.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ imports = [ ./mangohud.nix ]; diff --git a/home-manager/sajenim/features/games/mangohud.nix b/home-manager/sajenim/features/games/mangohud.nix index dcc7598..e442255 100644 --- a/home-manager/sajenim/features/games/mangohud.nix +++ b/home-manager/sajenim/features/games/mangohud.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ programs.mangohud = { enable = true; package = pkgs.mangohud; diff --git a/home-manager/sajenim/features/printing/default.nix b/home-manager/sajenim/features/printing/default.nix index 8a0b051..a63ca88 100644 --- a/home-manager/sajenim/features/printing/default.nix +++ b/home-manager/sajenim/features/printing/default.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ home = { packages = with pkgs; [ blender diff --git a/home-manager/sajenim/fuchsia.nix b/home-manager/sajenim/fuchsia.nix index 629f38c..d6619ed 100644 --- a/home-manager/sajenim/fuchsia.nix +++ b/home-manager/sajenim/fuchsia.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ imports = [ ./global ./features/desktop @@ -49,3 +51,4 @@ }; }; } + diff --git a/home-manager/sajenim/global/default.nix b/home-manager/sajenim/global/default.nix index 20182f4..0d75824 100644 --- a/home-manager/sajenim/global/default.nix +++ b/home-manager/sajenim/global/default.nix @@ -1,8 +1,4 @@ -{ - inputs, - outputs, - ... -}: { +{ inputs, outputs, ... }: { imports = [ inputs.impermanence.nixosModules.home-manager.impermanence ../features/cli @@ -16,10 +12,10 @@ ]; config = { allowUnfree = true; - allowUnfreePredicate = _: true; + allowUnfreePredicate = (_: true); }; }; - + programs.home-manager.enable = true; home = { diff --git a/home-manager/sajenim/viridian.nix b/home-manager/sajenim/viridian.nix index 19c4cfc..d95dabc 100644 --- a/home-manager/sajenim/viridian.nix +++ b/home-manager/sajenim/viridian.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ imports = [ ./global ]; diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 45aae31..e41f7d9 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -1,5 +1,6 @@ # Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module). # These should be stuff you would like to share with others, not your personal configurations. + { # List your module files here # my-module = import ./my-module.nix; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 8605069..bec6184 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,5 +1,6 @@ # Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). # These should be stuff you would like to share with others, not your personal configurations. + { # List your module files here # my-module = import ./my-module.nix; diff --git a/nixos/common/global/age.nix b/nixos/common/global/age.nix index 521ff70..f5c6e77 100644 --- a/nixos/common/global/age.nix +++ b/nixos/common/global/age.nix @@ -1,11 +1,8 @@ -{ - config, - pkgs, - inputs, - ... -}: let +{ config, pkgs, inputs, ... }: +let hostname = config.networking.hostName; -in { +in +{ imports = [ inputs.agenix.nixosModules.default inputs.agenix-rekey.nixosModules.default @@ -23,7 +20,7 @@ in { # Pubkey for rekeying hostPubkey = ../../${hostname}/ssh_host_ed25519_key.pub; # Master identity used for decryption - masterIdentities = [../users/sajenim/agenix-rekey.pub]; + masterIdentities = [ ../users/sajenim/agenix-rekey.pub ]; # Where we store the rekeyed secrets storageMode = "local"; localStorageDir = ./. + "/secrets/rekeyed/${config.networking.hostName}"; diff --git a/nixos/common/global/default.nix b/nixos/common/global/default.nix index ac40afd..ec6ae97 100644 --- a/nixos/common/global/default.nix +++ b/nixos/common/global/default.nix @@ -1,4 +1,6 @@ -{outputs, ...}: { +{ outputs, ... }: + +{ imports = [ ./age.nix ./env.nix diff --git a/nixos/common/global/env.nix b/nixos/common/global/env.nix index e4dbfc1..a1e1246 100644 --- a/nixos/common/global/env.nix +++ b/nixos/common/global/env.nix @@ -1,33 +1,35 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ environment = { binsh = "${pkgs.bash}/bin/bash"; - shells = with pkgs; [zsh]; + shells = with pkgs; [ zsh ]; systemPackages = with pkgs; [ # Ensure home-manager is on all systems home-manager # Useful system utilities - tree # directory structure - bc # basic calculator - vim # editor - ranger # console file manager - htop # system monitor - scrot # screenshot - direnv # load environment - jq # JSON processor - git # version control - nmap # network mapper - xclip # clipboard + tree # directory structure + bc # basic calculator + vim # editor + ranger # console file manager + htop # system monitor + scrot # screenshot + direnv # load environment + jq # JSON processor + git # version control + nmap # network mapper + xclip # clipboard ripgrep # searches the current directory for a regex pattern # HTTP - curl # transfer dato to/from server - wget # download files from web + curl # transfer dato to/from server + wget # download files from web # Archive - unrar # extract roshal archive - unzip # extract zip archive + unrar # extract roshal archive + unzip # extract zip archive ]; - pathsToLink = ["/share/zsh"]; + pathsToLink = [ "/share/zsh" ]; }; } diff --git a/nixos/common/global/nix.nix b/nixos/common/global/nix.nix index 22ebea3..6a35883 100644 --- a/nixos/common/global/nix.nix +++ b/nixos/common/global/nix.nix @@ -1,9 +1,6 @@ +{ config, inputs, lib, ... }: + { - config, - inputs, - lib, - ... -}: { nix = { gc = { # Automatically run the garbage collector an a specified time. @@ -14,7 +11,7 @@ # This will add each flake input as a registry # To make nix commands consistent with your flake - registry = lib.mapAttrs (_: value: {flake = value;}) inputs; + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; # This will additionally add your inputs to the system's legacy channels # Making legacy nix commands consistent as well, awesome! diff --git a/nixos/common/global/ssh.nix b/nixos/common/global/ssh.nix index 40a41e5..32841af 100644 --- a/nixos/common/global/ssh.nix +++ b/nixos/common/global/ssh.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ services.openssh = { enable = true; settings = { @@ -6,7 +8,7 @@ PasswordAuthentication = false; LogLevel = "VERBOSE"; }; - ports = [22]; + ports = [ 22 ]; openFirewall = true; }; diff --git a/nixos/common/optional/ephemeral-btrfs.nix b/nixos/common/optional/ephemeral-btrfs.nix index e6e84cb..c0196cf 100644 --- a/nixos/common/optional/ephemeral-btrfs.nix +++ b/nixos/common/optional/ephemeral-btrfs.nix @@ -1,10 +1,8 @@ -{ - lib, - config, - ... -}: let +{ lib, config, ... }: +let hostname = config.networking.hostName; -in { +in +{ imports = [ ./persist.nix ]; @@ -38,26 +36,26 @@ in { "/" = { device = "/dev/disk/by-label/${hostname}"; fsType = "btrfs"; - options = ["subvol=root" "compress=zstd"]; + options = [ "subvol=root" "compress=zstd" ]; }; "/nix" = { device = "/dev/disk/by-label/${hostname}"; fsType = "btrfs"; - options = ["subvol=nix" "compress=zstd"]; + options = [ "subvol=nix" "compress=zstd" ]; }; "/persist" = { device = "/dev/disk/by-label/${hostname}"; fsType = "btrfs"; - options = ["subvol=persist" "compress=zstd"]; + options = [ "subvol=persist" "compress=zstd" ]; neededForBoot = true; }; "/swap" = { device = "/dev/disk/by-label/${hostname}"; fsType = "btrfs"; - options = ["subvol=swap" "compress=zstd"]; + options = [ "subvol=swap" "compress=zstd" ]; }; }; } diff --git a/nixos/common/optional/key.nix b/nixos/common/optional/key.nix index 9c86ebe..6e0aa4c 100644 --- a/nixos/common/optional/key.nix +++ b/nixos/common/optional/key.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ environment.systemPackages = with pkgs; [ # Enables files to be encrypted to age identities stored on YubiKeys age-plugin-yubikey @@ -15,7 +17,7 @@ pinentryPackage = pkgs.pinentry-curses; }; - # Use our yubikey as a user login or for sudo access + # Use our yubikey as a user login or for sudo access security.pam.services = { login.u2fAuth = true; sudo.u2fAuth = true; diff --git a/nixos/common/optional/persist.nix b/nixos/common/optional/persist.nix index bd218b5..d78f48a 100644 --- a/nixos/common/optional/persist.nix +++ b/nixos/common/optional/persist.nix @@ -1,4 +1,6 @@ -{inputs, ...}: { +{ inputs, ... }: + +{ imports = [ inputs.impermanence.nixosModules.impermanence ]; diff --git a/nixos/common/users/sajenim/default.nix b/nixos/common/users/sajenim/default.nix index 7e1678f..7660fa5 100644 --- a/nixos/common/users/sajenim/default.nix +++ b/nixos/common/users/sajenim/default.nix @@ -1,26 +1,22 @@ +{ inputs, outputs, pkgs, config, ... }: + { - inputs, - outputs, - pkgs, - config, - ... -}: { imports = [ inputs.home-manager.nixosModules.home-manager ]; users.users.sajenim = { - isNormalUser = true; - extraGroups = ["audio" "docker" "networkmanager" "wheel" "adbusers"]; - shell = pkgs.zsh; - openssh.authorizedKeys.keyFiles = [ - "${inputs.self}/home-manager/sajenim/sajenim_sk.pub" - ]; - hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9"; + isNormalUser = true; + extraGroups = [ "audio" "docker" "networkmanager" "wheel" "adbusers" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = [ + "${inputs.self}/home-manager/sajenim/sajenim_sk.pub" + ]; + hashedPassword = "$y$j9T$qIhW5qL9J9w.w6JWa.bGo/$oddG3HJyOZ1mwHzYnYPJ/MzN38oHEBEvPDc0sB3rAf9"; }; users.mutableUsers = false; home-manager = { - extraSpecialArgs = {inherit inputs outputs;}; + extraSpecialArgs = { inherit inputs outputs; }; users = { sajenim = import "${inputs.self}/home-manager/sajenim/${config.networking.hostName}.nix"; }; diff --git a/nixos/common/users/sajenim/samba/default.nix b/nixos/common/users/sajenim/samba/default.nix index 9055fed..1b554d9 100644 --- a/nixos/common/users/sajenim/samba/default.nix +++ b/nixos/common/users/sajenim/samba/default.nix @@ -1,14 +1,12 @@ +{ pkgs, config, ... }: + { - pkgs, - config, - ... -}: { age.secrets.smb-secrets = { rekeyFile = ./smb-secrets.age; }; # For mount.cifs, required unless domain name resolution is not needed. - environment.systemPackages = [pkgs.cifs-utils]; + environment.systemPackages = [ pkgs.cifs-utils ]; fileSystems."/home/sajenim/.backup" = { device = "//192.168.20.4/sajenim"; @@ -16,10 +14,12 @@ options = let # this line prevents hanging on network split automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users"; - in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; + + in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; }; environment.etc = { "nixos/smb-secrets".source = config.age.secrets.smb-secrets.path; }; } + diff --git a/nixos/common/users/sajenim/steam/default.nix b/nixos/common/users/sajenim/steam/default.nix index bb6fcf7..ba578e0 100644 --- a/nixos/common/users/sajenim/steam/default.nix +++ b/nixos/common/users/sajenim/steam/default.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ fileSystems."/home/sajenim/.local/share/Steam" = { device = "/dev/disk/by-label/data"; fsType = "btrfs"; diff --git a/nixos/common/users/spectre/default.nix b/nixos/common/users/spectre/default.nix index 776c43e..57241bb 100644 --- a/nixos/common/users/spectre/default.nix +++ b/nixos/common/users/spectre/default.nix @@ -1,15 +1,13 @@ +{ inputs, pkgs, ... }: + { - inputs, - pkgs, - ... -}: { imports = [ inputs.home-manager.nixosModules.home-manager ]; users.users.spectre = { - isNormalUser = true; - shell = pkgs.zsh; - hashedPassword = "$y$j9T$eCJ0MDPsx3tww9LP0LU8..$sE8u5keO7QNKNAR1t2R6GqsDzvGD0Xn9Fi3to14Gf9/"; + isNormalUser = true; + shell = pkgs.zsh; + hashedPassword = "$y$j9T$eCJ0MDPsx3tww9LP0LU8..$sE8u5keO7QNKNAR1t2R6GqsDzvGD0Xn9Fi3to14Gf9/"; }; users.mutableUsers = false; } diff --git a/nixos/fuchsia/configuration.nix b/nixos/fuchsia/configuration.nix index 1ff9b8e..5ea26b1 100644 --- a/nixos/fuchsia/configuration.nix +++ b/nixos/fuchsia/configuration.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ imports = [ ../common/global @@ -13,18 +15,18 @@ ./hardware-configuration.nix ]; - # Boot configuration + /* Boot configuration */ boot = { kernelPackages = pkgs.linuxPackages_latest; - kernelParams = [ + kernelParams = [ # Enable amdgpu driver sysfs API that allows fine grain control of GPU "amdgpu.ppfeaturemask=0xffffffff" ]; - kernelModules = ["i2c-dev" "i2c-piix4"]; - initrd.kernelModules = ["amdgpu"]; + kernelModules = [ "i2c-dev" "i2c-piix4" ]; + initrd.kernelModules = [ "amdgpu" ]; }; - # Hardware configuration + /* Hardware configuration */ hardware = { bluetooth = { enable = true; @@ -47,7 +49,7 @@ }; }; - # Networking configuration + /* Networking configuration */ networking = { hostName = "fuchsia"; networkmanager.enable = true; diff --git a/nixos/fuchsia/hardware-configuration.nix b/nixos/fuchsia/hardware-configuration.nix index 6cb0aad..b4742db 100644 --- a/nixos/fuchsia/hardware-configuration.nix +++ b/nixos/fuchsia/hardware-configuration.nix @@ -1,16 +1,14 @@ +{ config, lib, ... }: + { - config, - lib, - ... -}: { imports = [ ../common/optional/ephemeral-btrfs.nix ]; boot = { initrd = { - availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - kernelModules = ["kvm-amd"]; + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ "kvm-amd" ]; }; loader = { systemd-boot.enable = true; @@ -27,9 +25,8 @@ }; swapDevices = [ - { - device = "/swap/swapfile"; - size = 16 * 1024; + { device = "/swap/swapfile"; + size = 16*1024; } ]; diff --git a/nixos/fuchsia/programs/default.nix b/nixos/fuchsia/programs/default.nix index d22ced8..033c41f 100644 --- a/nixos/fuchsia/programs/default.nix +++ b/nixos/fuchsia/programs/default.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ programs = { zsh.enable = true; # Load and unload environment variables. @@ -7,3 +9,4 @@ adb.enable = true; }; } + diff --git a/nixos/fuchsia/services/amdgpu-clocks.nix b/nixos/fuchsia/services/amdgpu-clocks.nix index 2ffadac..f0a89e4 100644 --- a/nixos/fuchsia/services/amdgpu-clocks.nix +++ b/nixos/fuchsia/services/amdgpu-clocks.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ # Our custom power state environment.etc = { "default/amdgpu-custom-states.card0" = { @@ -24,5 +26,6 @@ }; # Install our overclocking script. - environment.systemPackages = with pkgs; [amdgpu-clocks]; + environment.systemPackages = with pkgs; [ amdgpu-clocks ]; } + diff --git a/nixos/fuchsia/services/default.nix b/nixos/fuchsia/services/default.nix index 98ec064..d402afb 100644 --- a/nixos/fuchsia/services/default.nix +++ b/nixos/fuchsia/services/default.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ imports = [ ./amdgpu-clocks.nix ./flatpak.nix diff --git a/nixos/fuchsia/services/flatpak.nix b/nixos/fuchsia/services/flatpak.nix index 01d397d..974f133 100644 --- a/nixos/fuchsia/services/flatpak.nix +++ b/nixos/fuchsia/services/flatpak.nix @@ -1,9 +1,11 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ # Required to install flatpak xdg.portal = { enable = true; - config.common.default = ["gtk"]; - extraPortals = [pkgs.xdg-desktop-portal-wlr]; + config.common.default = [ "gtk" ]; + extraPortals = [ pkgs.xdg-desktop-portal-wlr ]; }; services.flatpak.enable = true; diff --git a/nixos/fuchsia/services/libinput.nix b/nixos/fuchsia/services/libinput.nix index 5cf6a28..c2e056c 100644 --- a/nixos/fuchsia/services/libinput.nix +++ b/nixos/fuchsia/services/libinput.nix @@ -1,7 +1,9 @@ -{...}: { +{ ... }: + +{ services.libinput = { enable = true; - mouse = {accelProfile = "flat";}; + mouse = { accelProfile = "flat"; }; }; # DBus daemon to configure input devices. diff --git a/nixos/fuchsia/services/ollama.nix b/nixos/fuchsia/services/ollama.nix index aaa7917..733432d 100644 --- a/nixos/fuchsia/services/ollama.nix +++ b/nixos/fuchsia/services/ollama.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ # Get up and running with large language models locally. services.ollama = { enable = true; diff --git a/nixos/fuchsia/services/udev.nix b/nixos/fuchsia/services/udev.nix index b97a004..5ecb734 100644 --- a/nixos/fuchsia/services/udev.nix +++ b/nixos/fuchsia/services/udev.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ # Enable necessary udev rules. services.udev.packages = with pkgs; [ openrgb diff --git a/nixos/fuchsia/services/xserver.nix b/nixos/fuchsia/services/xserver.nix index 4caf225..126a074 100644 --- a/nixos/fuchsia/services/xserver.nix +++ b/nixos/fuchsia/services/xserver.nix @@ -1,9 +1,11 @@ -{...}: { +{ ... }: + +{ # Setup our display server services.xserver = { enable = true; xkb.layout = "au"; - videoDrivers = ["amdgpu"]; + videoDrivers = [ "amdgpu" ]; displayManager.startx.enable = true; }; } diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix index 05ce351..b30eedc 100644 --- a/nixos/viridian/configuration.nix +++ b/nixos/viridian/configuration.nix @@ -1,4 +1,6 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ imports = [ ../common/global ../common/users/sajenim @@ -31,24 +33,24 @@ enable = true; allowPing = true; allowedTCPPorts = [ - 53 # adguardhome (DNS) - 80 # traefik (HTTP) - 443 # traefik (HTTPS) + 53 # adguardhome (DNS) + 80 # traefik (HTTP) + 443 # traefik (HTTPS) 32372 # qbittorrent - 6600 # mpd + 6600 # mpd ]; allowedUDPPorts = [ - 53 # adguardhome (DNS) - 80 # traefik (HTTP) - 443 # traefik (HTTPS) + 53 # adguardhome (DNS) + 80 # traefik (HTTP) + 443 # traefik (HTTPS) 32372 # qbittorrent 51820 # Wireguard - 6600 # mpd + 6600 # mpd ]; }; }; - programs = { + programs = { zsh.enable = true; }; @@ -63,3 +65,4 @@ # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "24.05"; } + diff --git a/nixos/viridian/containers/default.nix b/nixos/viridian/containers/default.nix index 433c9ba..48a91aa 100644 --- a/nixos/viridian/containers/default.nix +++ b/nixos/viridian/containers/default.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ imports = [ ./jellyfin.nix ./jellyseerr.nix diff --git a/nixos/viridian/containers/jellyfin.nix b/nixos/viridian/containers/jellyfin.nix index d7664de..389f5fc 100644 --- a/nixos/viridian/containers/jellyfin.nix +++ b/nixos/viridian/containers/jellyfin.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "8096"; -in { +in +{ virtualisation.oci-containers.containers = { # Volunteer-built media solution that puts you in control of your media jellyfin = { @@ -33,7 +35,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { jellyfin = { - rule = "Host(`jellyfin.kanto.dev`)"; + rule = "Host(`jellyfin.kanto.dev`)"; entryPoints = [ "websecure" ]; @@ -46,7 +48,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { jellyfin.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/jellyseerr.nix b/nixos/viridian/containers/jellyseerr.nix index 47bb4c5..e06c7f4 100644 --- a/nixos/viridian/containers/jellyseerr.nix +++ b/nixos/viridian/containers/jellyseerr.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "5055"; -in { +in +{ virtualisation.oci-containers.containers = { # Request management jellyseerr = { @@ -37,7 +39,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { jellyseerr.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/lidarr.nix b/nixos/viridian/containers/lidarr.nix index 6956a96..f38b396 100644 --- a/nixos/viridian/containers/lidarr.nix +++ b/nixos/viridian/containers/lidarr.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "8686"; -in { +in +{ virtualisation.oci-containers.containers = { # # Music collection manager for Usenet and BitTorrent users lidarr = { @@ -40,7 +42,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { lidarr.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/mealie.nix b/nixos/viridian/containers/mealie.nix index 0e8b75e..34b550e 100644 --- a/nixos/viridian/containers/mealie.nix +++ b/nixos/viridian/containers/mealie.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "9925"; -in { +in +{ virtualisation.oci-containers.containers = { mealie = { autoStart = true; @@ -27,7 +29,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { mealie = { - rule = "Host(`mealie.kanto.dev`)"; + rule = "Host(`mealie.kanto.dev`)"; entryPoints = [ "websecure" ]; @@ -41,7 +43,9 @@ in { services.traefik.dynamicConfigOptions.http.services = { mealie.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; + } + diff --git a/nixos/viridian/containers/microbin/default.nix b/nixos/viridian/containers/microbin/default.nix index 26e3316..baf1728 100644 --- a/nixos/viridian/containers/microbin/default.nix +++ b/nixos/viridian/containers/microbin/default.nix @@ -1,11 +1,13 @@ -{config, ...}: let +{ config, ... }: +let port = "8181"; -in { +in +{ age.secrets.microbin = { - # Environment variables for microbin - rekeyFile = ./environment.age; - owner = "sajenim"; - group = "users"; + # Environment variables for microbin + rekeyFile = ./environment.age; + owner = "sajenim"; + group = "users"; }; virtualisation.oci-containers.containers = { @@ -41,7 +43,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { microbin.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/prowlarr.nix b/nixos/viridian/containers/prowlarr.nix index 5651cc4..25474ec 100644 --- a/nixos/viridian/containers/prowlarr.nix +++ b/nixos/viridian/containers/prowlarr.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "9696"; -in { +in +{ virtualisation.oci-containers.containers = { # Indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps. prowlarr = { @@ -34,10 +36,11 @@ in { service = "prowlarr"; }; }; - + services.traefik.dynamicConfigOptions.http.services = { prowlarr.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/qbittorrent.nix b/nixos/viridian/containers/qbittorrent.nix index f31b9af..904afb4 100644 --- a/nixos/viridian/containers/qbittorrent.nix +++ b/nixos/viridian/containers/qbittorrent.nix @@ -1,14 +1,16 @@ -{...}: let +{ ... }: +let port = "8487"; -in { +in +{ virtualisation.oci-containers.containers = { # # Open-source software alternative to µTorrent qbittorrent = { autoStart = true; image = "ghcr.io/hotio/qbittorrent:release-4.6.5"; ports = [ - "${port}:8080/tcp" # WebUI - "32372:32372/tcp" # Transport protocol + "${port}:8080/tcp" # WebUI + "32372:32372/tcp" # Transport protocol ]; volumes = [ # Seedbox @@ -40,7 +42,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { qbittorrent.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/radarr.nix b/nixos/viridian/containers/radarr.nix index acf8a05..62dbf84 100644 --- a/nixos/viridian/containers/radarr.nix +++ b/nixos/viridian/containers/radarr.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "7878"; -in { +in +{ virtualisation.oci-containers.containers = { # Movie collection manager for Usenet and BitTorrent users radarr = { @@ -39,7 +41,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { radarr.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/containers/recyclarr.nix b/nixos/viridian/containers/recyclarr.nix index cd7aa60..ed6d5b8 100644 --- a/nixos/viridian/containers/recyclarr.nix +++ b/nixos/viridian/containers/recyclarr.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ virtualisation.oci-containers.containers = { # Automatically synchronize recommended settings from the TRaSH guides to your Sonarr/Radarr instances recyclarr = { diff --git a/nixos/viridian/containers/sonarr.nix b/nixos/viridian/containers/sonarr.nix index be5faed..1ae52a7 100644 --- a/nixos/viridian/containers/sonarr.nix +++ b/nixos/viridian/containers/sonarr.nix @@ -1,6 +1,8 @@ -{...}: let +{ ... }: +let port = "8989"; -in { +in +{ virtualisation.oci-containers.containers = { # PVR for Usenet and BitTorrent users sonarr = { @@ -40,7 +42,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { sonarr.loadBalancer.servers = [ - {url = "http://127.0.0.1:${port}";} + { url = "http://127.0.0.1:${port}"; } ]; }; } + diff --git a/nixos/viridian/hardware-configuration.nix b/nixos/viridian/hardware-configuration.nix index 5a4ea4c..956f1f7 100644 --- a/nixos/viridian/hardware-configuration.nix +++ b/nixos/viridian/hardware-configuration.nix @@ -1,18 +1,16 @@ -{ - config, - lib, - ... -}: let +{ config, lib, ... }: +let hostname = config.networking.hostName; -in { +in +{ imports = [ ../common/optional/ephemeral-btrfs.nix ]; boot = { initrd = { - availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - kernelModules = ["kvm-intel"]; + availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ "kvm-intel" ]; }; loader = { systemd-boot.enable = true; @@ -23,12 +21,12 @@ in { }; }; - fileSystems."/boot" = { + fileSystems."/boot" = { device = "/dev/disk/by-label/ESP"; fsType = "vfat"; }; - fileSystems."/srv/multimedia" = { + fileSystems."/srv/multimedia" = { device = "/dev/disk/by-label/multimedia"; fsType = "ext4"; }; @@ -36,31 +34,30 @@ in { fileSystems."/srv/containers" = { device = "/dev/disk/by-label/${hostname}"; fsType = "btrfs"; - options = ["subvol=containers" "compress=zstd"]; + options = [ "subvol=containers" "compress=zstd" ]; }; fileSystems."/srv/services" = { device = "/dev/disk/by-label/${hostname}"; fsType = "btrfs"; - options = ["subvol=services" "compress=zstd"]; + options = [ "subvol=services" "compress=zstd" ]; }; fileSystems."/srv/shares" = { device = "/dev/disk/by-label/data"; fsType = "btrfs"; - options = ["subvol=shares" "compress=zstd"]; + options = [ "subvol=shares" "compress=zstd" ]; }; fileSystems."/srv/backup" = { device = "/dev/disk/by-label/data"; fsType = "btrfs"; - options = ["subvol=backup" "compress=zstd"]; + options = [ "subvol=backup" "compress=zstd" ]; }; - swapDevices = [ - { - device = "/swap/swapfile"; - size = 16 * 1024; + swapDevices = [ + { device = "/swap/swapfile"; + size = 16*1024; } ]; diff --git a/nixos/viridian/services/borgbackup.nix b/nixos/viridian/services/borgbackup.nix index d2a226f..d3057a5 100644 --- a/nixos/viridian/services/borgbackup.nix +++ b/nixos/viridian/services/borgbackup.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ services.borgbackup.jobs = { containers = { paths = [ @@ -31,3 +33,4 @@ }; }; } + diff --git a/nixos/viridian/services/crowdsec/default.nix b/nixos/viridian/services/crowdsec/default.nix index b8471d3..8b5fcaf 100644 --- a/nixos/viridian/services/crowdsec/default.nix +++ b/nixos/viridian/services/crowdsec/default.nix @@ -1,11 +1,8 @@ -{ - config, - inputs, - pkgs, - ... -}: let +{ config, inputs, pkgs, ... }: +let port = "8080"; -in { +in +{ imports = [ inputs.crowdsec.nixosModules.crowdsec inputs.crowdsec.nixosModules.crowdsec-firewall-bouncer @@ -89,12 +86,9 @@ in { environment.persistence."/persist" = { directories = [ - { - directory = "/var/lib/crowdsec"; - user = "crowdsec"; - group = "crowdsec"; - } + { directory = "/var/lib/crowdsec"; user = "crowdsec"; group = "crowdsec"; } ]; hideMounts = true; }; } + diff --git a/nixos/viridian/services/default.nix b/nixos/viridian/services/default.nix index 148afef..aa4cc04 100644 --- a/nixos/viridian/services/default.nix +++ b/nixos/viridian/services/default.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ imports = [ ./traefik ./crowdsec diff --git a/nixos/viridian/services/forgejo.nix b/nixos/viridian/services/forgejo.nix index 6890c4a..75f5be5 100644 --- a/nixos/viridian/services/forgejo.nix +++ b/nixos/viridian/services/forgejo.nix @@ -1,4 +1,6 @@ -{config, ...}: { +{ config, ... }: + +{ services.forgejo = { enable = true; stateDir = "/srv/services/forgejo"; @@ -32,7 +34,8 @@ services.traefik.dynamicConfigOptions.http.services = { forgejo.loadBalancer.servers = [ - {url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";} + { url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}"; } ]; }; } + diff --git a/nixos/viridian/services/grafana.nix b/nixos/viridian/services/grafana.nix index e457450..2e74e7e 100644 --- a/nixos/viridian/services/grafana.nix +++ b/nixos/viridian/services/grafana.nix @@ -1,4 +1,6 @@ -{config, ...}: { +{ config, ... }: + +{ # Setup grafana our grafana instance. services.grafana = { enable = true; @@ -22,15 +24,13 @@ # Setup our database for grafana. services.mysql = { - ensureUsers = [ - { - name = "grafana"; - ensurePermissions = { - "grafana.*" = "ALL PRIVILEGES"; - }; - } - ]; - ensureDatabases = ["grafana"]; + ensureUsers = [{ + name = "grafana"; + ensurePermissions = { + "grafana.*" = "ALL PRIVILEGES"; + }; + }]; + ensureDatabases = [ "grafana" ]; }; # Setup our traefik router. @@ -50,7 +50,7 @@ # Setup our traefik service. services.traefik.dynamicConfigOptions.http.services = { grafana.loadBalancer.servers = [ - {url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";} + { url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; } ]; }; } diff --git a/nixos/viridian/services/lighttpd.nix b/nixos/viridian/services/lighttpd.nix index ec976b8..db73952 100644 --- a/nixos/viridian/services/lighttpd.nix +++ b/nixos/viridian/services/lighttpd.nix @@ -1,4 +1,6 @@ -{config, ...}: { +{ config, ... }: + +{ services.lighttpd = { enable = true; port = 5624; @@ -21,7 +23,8 @@ services.traefik.dynamicConfigOptions.http.services = { lighttpd.loadBalancer.servers = [ - {url = "http://127.0.0.1:${toString config.services.lighttpd.port}";} + { url = "http://127.0.0.1:${toString config.services.lighttpd.port}"; } ]; }; } + diff --git a/nixos/viridian/services/minecraft/default.nix b/nixos/viridian/services/minecraft/default.nix index 3e9748e..5297994 100644 --- a/nixos/viridian/services/minecraft/default.nix +++ b/nixos/viridian/services/minecraft/default.nix @@ -1,10 +1,5 @@ -{ - inputs, - pkgs, - lib, - config, - ... -}: let +{ inputs, pkgs, lib, config, ... }: +let modpack = pkgs.fetchPackwizModpack rec { version = "7091175a49"; url = "https://git.sajenim.dev/jasmine/minecraft-modpack/raw/commit/${version}/pack.toml"; @@ -12,8 +7,9 @@ }; mcVersion = modpack.manifest.versions.minecraft; fabricVersion = modpack.manifest.versions.fabric; - serverVersion = lib.replaceStrings ["."] ["_"] "fabric-${mcVersion}"; -in { + serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}"; +in +{ imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ]; @@ -31,7 +27,7 @@ in { kanto = { enable = true; # The minecraft server package to use. - package = pkgs.fabricServers.${serverVersion}.override {loaderVersion = fabricVersion;}; # Specific fabric loader version. + package = pkgs.fabricServers.${serverVersion}.override { loaderVersion = fabricVersion; }; # Specific fabric loader version. # Allowed players whitelist = { @@ -50,10 +46,10 @@ in { server-port = 25565; white-list = true; }; - + # Things to symlink into this server's data directory. symlinks = { - "mods" = "${modpack}/mods"; + "mods" = "${modpack}/mods"; }; # Things to copy into this server's data directory. @@ -94,7 +90,8 @@ in { services.traefik.dynamicConfigOptions.http.services = { minecraft.loadBalancer.servers = [ - {url = "http://127.0.0.1:${toString config.services.minecraft-servers.servers.kanto.serverProperties.server-port}";} + { url = "http://127.0.0.1:${toString config.services.minecraft-servers.servers.kanto.serverProperties.server-port}"; } ]; }; } + diff --git a/nixos/viridian/services/mpd.nix b/nixos/viridian/services/mpd.nix index 2370e7d..5665d69 100644 --- a/nixos/viridian/services/mpd.nix +++ b/nixos/viridian/services/mpd.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ services.mpd = { enable = true; musicDirectory = "/srv/multimedia/library/music"; @@ -26,7 +28,7 @@ }; networking.firewall = { # # for NFSv3; view with `rpcinfo -p` - allowedTCPPorts = [111 2049 4000 4001 4002 20048]; - allowedUDPPorts = [111 2049 4000 4001 4002 20048]; + allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ]; + allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ]; }; } diff --git a/nixos/viridian/services/mysql.nix b/nixos/viridian/services/mysql.nix index 3ca4267..30c62fa 100644 --- a/nixos/viridian/services/mysql.nix +++ b/nixos/viridian/services/mysql.nix @@ -1,7 +1,10 @@ -{pkgs, ...}: { +{ pkgs, ... }: + +{ services.mysql = { enable = true; package = pkgs.mariadb; dataDir = "/srv/services/mysql"; }; } + diff --git a/nixos/viridian/services/prometheus.nix b/nixos/viridian/services/prometheus.nix index 38a67aa..339a0f9 100644 --- a/nixos/viridian/services/prometheus.nix +++ b/nixos/viridian/services/prometheus.nix @@ -1,7 +1,9 @@ -{config, ...}: { +{ config, ... }: + +{ services.prometheus = { enable = true; - port = 9001; # Port to listen on. + port = 9001; # Port to listen on. # Valid in all configuration contexts, defaults for other configuration sections. globalConfig = { @@ -12,7 +14,7 @@ exporters = { node = { enable = true; - enabledCollectors = ["systemd" "processes"]; + enabledCollectors = [ "systemd" "processes" ]; port = 9100; }; }; @@ -21,12 +23,11 @@ scrapeConfigs = [ { job_name = "node"; - static_configs = [ - { - targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; - } - ]; + static_configs = [{ + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; + }]; } ]; }; } + diff --git a/nixos/viridian/services/samba.nix b/nixos/viridian/services/samba.nix index ca92a52..0486522 100644 --- a/nixos/viridian/services/samba.nix +++ b/nixos/viridian/services/samba.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ services.samba = { enable = true; securityType = "user"; @@ -7,7 +9,7 @@ workgroup = WORKGROUP server string = smbnix netbios name = smbnix - security = user + security = user #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 @@ -45,5 +47,5 @@ openFirewall = true; }; - environment.persistence."/persist".directories = ["/var/lib/samba"]; + environment.persistence."/persist".directories = [ "/var/lib/samba" ]; } diff --git a/nixos/viridian/services/traefik/default.nix b/nixos/viridian/services/traefik/default.nix index 5466e9d..f10cb0e 100644 --- a/nixos/viridian/services/traefik/default.nix +++ b/nixos/viridian/services/traefik/default.nix @@ -1,10 +1,7 @@ +{ inputs, config, pkgs, ... }: + { - inputs, - config, - pkgs, - ... -}: { - disabledModules = ["services/web-servers/traefik.nix"]; + disabledModules = [ "services/web-servers/traefik.nix" ]; imports = [ "${inputs.nixpkgs-unstable}/nixos/modules/services/web-servers/traefik.nix" @@ -89,14 +86,12 @@ # List of domains in our network domains = [ # Internal services - { - main = "kanto.dev"; - sans = ["*.kanto.dev"]; + { main = "kanto.dev"; + sans = [ "*.kanto.dev" ]; } # Public services - { - main = "sajenim.dev"; - sans = ["*.sajenim.dev"]; + { main = "sajenim.dev"; + sans = [ "*.sajenim.dev" ]; } ]; }; @@ -111,7 +106,7 @@ metrics = { prometheus = { entryPoint = "metrics"; - buckets = ["0.1" "0.3" "1.2" "5.0"]; + buckets = [ "0.1" "0.3" "1.2" "5.0" ]; addEntryPointsLabels = true; addRoutersLabels = true; addServicesLabels = true; @@ -149,33 +144,20 @@ services.prometheus.scrapeConfigs = [ { job_name = "traefik"; - static_configs = [ - { - targets = ["127.0.0.1:8082"]; - } - ]; + static_configs = [{ + targets = [ "127.0.0.1:8082" ]; + }]; } ]; # Persist our traefik data & logs environment.persistence."/persist" = { directories = [ - { - directory = "/var/lib/traefik"; - user = "traefik"; - group = "traefik"; - } - { - directory = "/var/log/traefik"; - user = "traefik"; - group = "traefik"; - } - { - directory = "/plugins-storage"; - user = "traefik"; - group = "traefik"; - } + { directory = "/var/lib/traefik"; user = "traefik"; group = "traefik"; } + { directory = "/var/log/traefik"; user = "traefik"; group = "traefik"; } + { directory = "/plugins-storage"; user = "traefik"; group = "traefik"; } ]; hideMounts = true; }; } + diff --git a/nixos/viridian/services/traefik/middlewares.nix b/nixos/viridian/services/traefik/middlewares.nix index cc0becb..a525832 100644 --- a/nixos/viridian/services/traefik/middlewares.nix +++ b/nixos/viridian/services/traefik/middlewares.nix @@ -1,4 +1,6 @@ -{config, ...}: { +{ config, ... }: + +{ # Crowdsec Local API key for the bouncer. age.secrets.traefik-bouncer-key = { rekeyFile = ../crowdsec/traefik-bouncer-key.age; @@ -10,7 +12,7 @@ services.traefik.dynamicConfigOptions.http.middlewares = { # Restrict access to internal networks internal.ipwhitelist.sourcerange = [ - "127.0.0.1/32" # localhost + "127.0.0.1/32" # localhost "192.168.20.1/24" # lan ]; @@ -47,7 +49,7 @@ crowdsec.plugin.bouncer = { enabled = "true"; crowdsecMode = "appsec"; - crowdsecLapiKeyFile = config.age.secrets.traefik-bouncer-key.path; + crowdsecLapiKeyFile = config.age.secrets.traefik-bouncer-key.path; crowdsecLapiScheme = "http"; crowdsecLapiHost = "127.0.0.1:8080"; crowdsecAppsecEnabled = "true"; @@ -55,3 +57,4 @@ }; }; } + diff --git a/nixos/viridian/services/traefik/routers.nix b/nixos/viridian/services/traefik/routers.nix index 0fa790c..0b711fd 100644 --- a/nixos/viridian/services/traefik/routers.nix +++ b/nixos/viridian/services/traefik/routers.nix @@ -1,4 +1,6 @@ -{...}: { +{ ... }: + +{ services.traefik.dynamicConfigOptions.http.routers = { traefik-dashboard = { rule = "Host(`traefik.kanto.dev`)"; @@ -23,3 +25,4 @@ }; }; } + diff --git a/nixos/viridian/services/traefik/services.nix b/nixos/viridian/services/traefik/services.nix index b03fc0c..9ad772b 100644 --- a/nixos/viridian/services/traefik/services.nix +++ b/nixos/viridian/services/traefik/services.nix @@ -1,7 +1,10 @@ -{...}: { +{ ... }: + +{ services.traefik.dynamicConfigOptions.http.services = { ender1.loadBalancer.servers = [ - {url = "http://192.168.1.103:80";} + { url = "http://192.168.1.103:80"; } ]; }; } + diff --git a/overlays/default.nix b/overlays/default.nix index 7bfcb4c..9466703 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,7 @@ # This file defines overlays -{inputs, ...}: { +{ inputs, ... }: + +{ # This one brings our custom packages from the 'pkgs' directory additions = final: _prev: import ../pkgs final.pkgs; diff --git a/pkgs/amdgpu-clocks/default.nix b/pkgs/amdgpu-clocks/default.nix index d21d6be..a049817 100644 --- a/pkgs/amdgpu-clocks/default.nix +++ b/pkgs/amdgpu-clocks/default.nix @@ -1,27 +1,27 @@ -{ - stdenv, - lib, - fetchFromGitHub, - bash, - subversion, - makeWrapper, +{ stdenv +, lib +, fetchFromGitHub +, bash +, subversion +, makeWrapper }: -stdenv.mkDerivation { - pname = "amdgpu-clocks"; - version = "973139a"; - src = fetchFromGitHub { - # https://github.com/sibradzic/amdgpu-clocks - owner = "sibradzic"; - repo = "amdgpu-clocks"; - rev = "973139a5933bd315aa99332b642305ef5ef49a32"; - sha256 = "sha256-mZV4ECNG9X6SDIWl6P0nHrxa4kGU1h/hFdMcswbEYrk="; - }; - buildInputs = [bash subversion]; - nativeBuildInputs = [makeWrapper]; - installPhase = '' - mkdir -p $out/bin - cp amdgpu-clocks $out/bin/amdgpu-clocks - wrapProgram $out/bin/amdgpu-clocks \ - --prefix PATH : ${lib.makeBinPath [bash subversion]} - ''; -} + stdenv.mkDerivation { + pname = "amdgpu-clocks"; + version = "973139a"; + src = fetchFromGitHub { + # https://github.com/sibradzic/amdgpu-clocks + owner = "sibradzic"; + repo = "amdgpu-clocks"; + rev = "973139a5933bd315aa99332b642305ef5ef49a32"; + sha256 = "sha256-mZV4ECNG9X6SDIWl6P0nHrxa4kGU1h/hFdMcswbEYrk="; + }; + buildInputs = [ bash subversion ]; + nativeBuildInputs = [ makeWrapper ]; + installPhase = '' + mkdir -p $out/bin + cp amdgpu-clocks $out/bin/amdgpu-clocks + wrapProgram $out/bin/amdgpu-clocks \ + --prefix PATH : ${lib.makeBinPath [ bash subversion ]} + ''; + } + diff --git a/pkgs/default.nix b/pkgs/default.nix index 0a16cb0..58b5c32 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,7 +1,8 @@ # Custom packages, that can be defined similarly to ones from nixpkgs # You can build them using 'nix build .#example' + pkgs: { - xmobar = pkgs.callPackage ./xmobar-config {}; - xmonad = pkgs.callPackage ./xmonad-config {}; - amdgpu-clocks = pkgs.callPackage ./amdgpu-clocks {}; + xmobar = pkgs.callPackage ./xmobar-config { }; + xmonad = pkgs.callPackage ./xmonad-config { }; + amdgpu-clocks = pkgs.callPackage ./amdgpu-clocks { }; } diff --git a/pkgs/xmobar-config/default.nix b/pkgs/xmobar-config/default.nix index a414727..a6dd3cf 100644 --- a/pkgs/xmobar-config/default.nix +++ b/pkgs/xmobar-config/default.nix @@ -1,4 +1,5 @@ -{pkgs}: +{ pkgs }: + pkgs.haskellPackages.developPackage { root = ./.; } diff --git a/pkgs/xmobar-config/shell.nix b/pkgs/xmobar-config/shell.nix index fc5f52c..e62ec28 100644 --- a/pkgs/xmobar-config/shell.nix +++ b/pkgs/xmobar-config/shell.nix @@ -1,4 +1,4 @@ -{pkgs ? import {}}: -pkgs.mkShell { - nativeBuildInputs = with pkgs.buildPackages; [cabal-install ghc]; +{ pkgs ? import {} }: + pkgs.mkShell { + nativeBuildInputs = with pkgs.buildPackages; [ cabal-install ghc ]; } diff --git a/pkgs/xmonad-config/default.nix b/pkgs/xmonad-config/default.nix index 251e2f3..35b82c2 100644 --- a/pkgs/xmonad-config/default.nix +++ b/pkgs/xmonad-config/default.nix @@ -1,10 +1,12 @@ -{pkgs}: +{ pkgs }: + pkgs.haskellPackages.developPackage { root = ./.; source-overrides = { - xmonad = builtins.fetchTarball { + xmonad = (builtins.fetchTarball { url = "https://github.com/xmonad/xmonad/archive/refs/tags/v0.18.0.tar.gz"; sha256 = "0jlc60n5jarcxgjxm1vcsgc3s2lwmn3c3n56hialhzx54wfskkbc"; - }; + }); }; } + diff --git a/pkgs/xmonad-config/shell.nix b/pkgs/xmonad-config/shell.nix index fc5f52c..e62ec28 100644 --- a/pkgs/xmonad-config/shell.nix +++ b/pkgs/xmonad-config/shell.nix @@ -1,4 +1,4 @@ -{pkgs ? import {}}: -pkgs.mkShell { - nativeBuildInputs = with pkgs.buildPackages; [cabal-install ghc]; +{ pkgs ? import {} }: + pkgs.mkShell { + nativeBuildInputs = with pkgs.buildPackages; [ cabal-install ghc ]; }