diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..b1083e1 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,108 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## What This Repo Is + +A NixOS flake configuration managing multiple hosts (desktops, laptops, servers). All hosts share common settings via `hosts/configuration_common.nix` and are assembled in `hosts/default.nix`. + +## Common Commands + +```bash +# Format all nix files +nix fmt + +# Build a host configuration (no activation) +nixos-rebuild build --flake .# + +# Switch the current host +sudo nixos-rebuild switch --flake .# + +# Build a custom package +nix build .# + +# Edit an age-encrypted secret +agenix -e secrets/.age + +# Re-key all secrets after adding a new host key to secrets/secrets.nix +agenix -r +``` + +## Architecture + +### Entry Points + +- `flake.nix` — defines inputs (nixpkgs stable=25.11, unstable, home-manager, agenix, lanzaboote, jovian-nixos, microvm, impermanence, noctalia) and calls `hosts/default.nix` for `nixosConfigurations` +- `hosts/default.nix` — instantiates every host via `lib.nixosSystem`; contains the `mkHM` helper that wires home-manager into a host's modules list + +### Host Structure + +Each host lives in `hosts//`: +- `default.nix` — imports either `../../modules/desktop` or `../../modules/server`, sets the module options (`myDesktop.*` / `myServer.*`), and adds host-specific settings +- `home.nix` — host-specific home-manager config (merged with `hosts/home.nix` for desktops or `hosts/home_server.nix` for servers) +- `hardware-configuration.nix` — generated hardware config + +Shared host-level files: +- `hosts/configuration_common.nix` — applied to every host: SSH (key-only, no root), locale, nix GC/settings, zsh, fonts, auto-upgrade flake URL +- `hosts/home.nix` — desktop home-manager base +- `hosts/home_server.nix` — server home-manager base + +### Module System + +Two top-level NixOS modules expose all major knobs as typed options: + +**`modules/desktop/default.nix`** — `myDesktop.*` +- `windowManager`: `"niri"` (default) | `"sway"` | `"kde"` +- `cpu`: `"amd"` | `"intel"` | `"none"` — selects KVM kernel params +- `virtualisation.enable` — podman (docker-compat) + qemu/libvirt + virt-manager +- `syncthing.{enable,devices,folders}` +- `openrgb.{enable,motherboard}` +- `laptop.{enable,lidSwitch,hibernateDelaySec}` +- `nitrokey.enable` +- `niri.hotkeyVariant`: `"default"` | `"lifebook"` +- `git.signingKey` — SSH key for commit signing +- `extraSystemPackages` + +**`modules/server/default.nix`** — `myServer.*` +- `sshPort` (default 2220) +- `virtualisation.{enable,cpu}` — podman only (no libvirt) +- `fail2ban.enable` +- `autoUpgrade.enable` (default true) +- `uid`, `sudoRequiresPassword`, `extraGroups`, `extraSystemPackages` + +Service bundles are imported as lists in host `default.nix`: +- `modules/services/server/` — kabtop services (gitea, nextcloud, matrix, coturn, hydra, mealie, etc.) +- `modules/services/nas/` — jupiter services (nfs, vaultwarden, syncthing, paperless) +- `modules/services/dmz/` — dmz services (gitea runner microVM) +- `modules/services/kabtopci/` — kabtopci services (hydra, gitea runner) +- `modules/services/nasbackup/` — nasbak backup jobs + +### Secrets (agenix) + +`secrets/secrets.nix` declares which age public keys (users + host SSH keys) can decrypt each `.age` file. Add a new host: add its `ssh-ed25519` host key to `secrets/secrets.nix` in the relevant groups, then run `agenix -r` to re-key. + +### Custom Packages & Overlays + +- `packages/` — custom packages (e.g. `corosync-qdevice`), imported at `flake.nix` level +- `overlays/` — nixpkgs overlays applied globally +- Per-host overlays: set `nixpkgs.overlays` inside the host's `default.nix` so only that host is affected + +### Disk Layouts + +`disko/` contains reusable disko modules: `btrfs.nix`, `btrfs_luks.nix`, `nas_luks.nix` — referenced during initial install. + +## Active Hosts + +| Host | Role | WM / Notes | +|---|---|---| +| hades | Desktop | niri, AMD, Secure Boot (lanzaboote) | +| lifebook | Laptop | niri, Intel, Secure Boot | +| steamdeck | Gaming | KDE/Jovian-NixOS, Secure Boot | +| kabtop | Main server | gitea, nextcloud, matrix+bridges, coturn, hydra, mealie | +| kabtopci | CI server | hydra, nix-serve | +| jupiter | NAS | nfs, vaultwarden, syncthing, paperless | +| dmz | DMZ | gitea Actions homerunner microVM | +| nasbak | NAS backup | — | +| kubemaster-1 | K8s master | — | + +See `SERVICES.md` for port-level service details per host. diff --git a/disko/btrfs.nix b/disko/btrfs.nix index de0da1c..9748832 100644 --- a/disko/btrfs.nix +++ b/disko/btrfs.nix @@ -13,7 +13,7 @@ content = { type = "filesystem"; format = "vfat"; - extraArgs = [ "-n" "NIXBOOT" ]; + extraArgs = ["-n" "NIXBOOT"]; mountpoint = "/boot"; mountOptions = [ "defaults" @@ -24,31 +24,31 @@ size = "100%"; content = { type = "btrfs"; - extraArgs = [ "-f" "-L" "NIXROOT" ]; + extraArgs = ["-f" "-L" "NIXROOT"]; subvolumes = { "@" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@snapshots" = { mountpoint = "/mnt"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@srv" = { mountpoint = "/srv"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@var" = { mountpoint = "/var"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@swap" = { mountpoint = "/swap"; diff --git a/disko/btrfs_luks.nix b/disko/btrfs_luks.nix index 90d0309..8860d75 100644 --- a/disko/btrfs_luks.nix +++ b/disko/btrfs_luks.nix @@ -13,7 +13,7 @@ content = { type = "filesystem"; format = "vfat"; - extraArgs = [ "-n NIXBOOT" ]; + extraArgs = ["-n NIXBOOT"]; mountpoint = "/boot"; mountOptions = [ "defaults" @@ -33,35 +33,35 @@ }; content = { type = "btrfs"; - extraArgs = [ "-f -L NIXROOT" ]; + extraArgs = ["-f -L NIXROOT"]; subvolumes = { "@" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@home" = { mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@opt" = { mountpoint = "/opt"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@snapshots" = { mountpoint = "/mnt"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@srv" = { mountpoint = "/srv"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@var" = { mountpoint = "/var"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; + mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; }; "@swap" = { mountpoint = "/swap"; diff --git a/flake.nix b/flake.nix index c5e4aa8..69f8390 100644 --- a/flake.nix +++ b/flake.nix @@ -2,55 +2,55 @@ # https://github.com/MatthiasBenaets/nixos-config # https://www.youtube.com/watch?v=AGVXJ-TIv3Y # -# flake.nix * +# flake.nix * # ├─ ./hosts # │ └─ default.nix - { description = "Kabbone's personal NixOS Flake config"; inputs = { - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - microvm = { - url = "github:microvm-nix/microvm.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + microvm = { + url = "github:microvm-nix/microvm.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - impermanence.url = "github:nix-community/impermanence"; + impermanence.url = "github:nix-community/impermanence"; - home-manager = { # User Package Management - url = "github:nix-community/home-manager/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + home-manager = { + # User Package Management + url = "github:nix-community/home-manager/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - home-manager-unstable = { # User Package Management - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; + home-manager-unstable = { + # User Package Management + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - jovian-nixos = { - url = "github:Jovian-Experiments/Jovian-NixOS"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; + jovian-nixos = { + url = "github:Jovian-Experiments/Jovian-NixOS"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; - lanzaboote = { - url = "github:nix-community/lanzaboote/master"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + lanzaboote = { + url = "github:nix-community/lanzaboote/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -67,17 +67,16 @@ lanzaboote, noctalia, ... - } @ inputs: - let + } @ inputs: let systems = [ -# "aarch64-linux" + # "aarch64-linux" "x86_64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs systems; in { # Your custom packages # Accessible through 'nix build', 'nix shell', etc - packages = forAllSystems (system: import ./packages { pkgs = nixpkgs.legacyPackages.${system}; }); + packages = forAllSystems (system: import ./packages {pkgs = nixpkgs.legacyPackages.${system};}); # Formatter for your nix files, available through 'nix fmt' # Other options beside 'alejandra' include 'nixpkgs-fmt' formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); @@ -91,11 +90,11 @@ # These are usually stuff you would upstream into home-manager #homeManagerModules = import ./modules/home-manager; - - nixosConfigurations = ( # NixOS configurations - import ./hosts { # Imports ./hosts/default.nix + nixosConfigurations = ( # NixOS configurations + import ./hosts { + # Imports ./hosts/default.nix inherit (nixpkgs) lib; - inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here. + inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here. } ); diff --git a/hosts/configuration_common.nix b/hosts/configuration_common.nix index 77aeffb..6183f31 100644 --- a/hosts/configuration_common.nix +++ b/hosts/configuration_common.nix @@ -2,10 +2,16 @@ # Common configuration shared by all hosts (desktop and server). # Imported by configuration_desktop.nix and configuration_server.nix. # - -{ config, lib, pkgs, inputs, user, location, agenix, ... }: - { + config, + lib, + pkgs, + inputs, + user, + location, + agenix, + ... +}: { imports = [ ../modules/hardware/hydraCache.nix ]; @@ -86,7 +92,7 @@ nix = { settings = { auto-optimise-store = true; - allowed-users = [ "@wheel" ]; + allowed-users = ["@wheel"]; }; gc = { automatic = true; diff --git a/hosts/configuration_server.nix b/hosts/configuration_server.nix index 8d955b2..5195978 100644 --- a/hosts/configuration_server.nix +++ b/hosts/configuration_server.nix @@ -2,10 +2,16 @@ # Server configuration. Imports configuration_common.nix for shared settings. # Service modules are imported per-host. # - -{ config, lib, pkgs, inputs, user, location, agenix, ... }: - { + config, + lib, + pkgs, + inputs, + user, + location, + agenix, + ... +}: { imports = [ ./configuration_common.nix ]; @@ -13,7 +19,7 @@ users.users.${user} = { isNormalUser = true; uid = 3000; - extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ]; + extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"]; }; security.sudo.wheelNeedsPassword = true; @@ -25,7 +31,7 @@ ]; services.openssh = { - ports = [ 2220 ]; + ports = [2220]; openFirewall = true; }; diff --git a/hosts/default.nix b/hosts/default.nix index e2dd41f..10d97bf 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -12,10 +12,21 @@ # ├─ ./default.nix # └─ ./home.nix # - -{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: - -let +{ + lib, + inputs, + nixpkgs, + nixpkgs-unstable, + nixos-hardware, + home-manager, + home-manager-unstable, + agenix, + jovian-nixos, + microvm, + impermanence, + lanzaboote, + ... +}: let # Default user — desktop hosts share this; server hosts may override per-host # by passing a different `user` value in their own specialArgs block. defaultUser = "kabbone"; @@ -30,7 +41,10 @@ let pkgs-kabbone = import ../packages { inherit system; - pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; }; pkgs = import nixpkgs { @@ -51,136 +65,188 @@ let { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit user; }; + home-manager.extraSpecialArgs = {inherit user;}; home-manager.users.${user}.imports = hmImports; } ]; - -in -{ - hades = lib.nixosSystem { # Desktop profile +in { + hades = lib.nixosSystem { + # Desktop profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - microvm.nixosModules.host - lanzaboote.nixosModules.lanzaboote - ./desktop # myDesktop options set inside - ./configuration_common.nix - ../modules/hardware/remoteBuilder.nix - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-gpu-amd - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home.nix ./desktop/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + microvm.nixosModules.host + lanzaboote.nixosModules.lanzaboote + ./desktop # myDesktop options set inside + ./configuration_common.nix + ../modules/hardware/remoteBuilder.nix + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-gpu-amd + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home.nix ./desktop/home.nix]); }; - lifebook = lib.nixosSystem { # Laptop profile + lifebook = lib.nixosSystem { + # Laptop profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix lanzaboote; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - lanzaboote.nixosModules.lanzaboote - ./lifebook # myDesktop options set inside - ./configuration_common.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home.nix ./lifebook/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix lanzaboote; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + lanzaboote.nixosModules.lanzaboote + ./lifebook # myDesktop options set inside + ./configuration_common.nix + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home.nix ./lifebook/home.nix]); }; - steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile + steamdeck = nixpkgs-unstable.lib.nixosSystem { + # steamdeck profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - jovian-nixos.nixosModules.default - lanzaboote.nixosModules.lanzaboote - ./steamdeck - ./configuration_common.nix - ] ++ (mkHM home-manager-unstable defaultUser [ ./home.nix ./steamdeck/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + jovian-nixos.nixosModules.default + lanzaboote.nixosModules.lanzaboote + ./steamdeck + ./configuration_common.nix + ] + ++ (mkHM home-manager-unstable defaultUser [./home.nix ./steamdeck/home.nix]); }; - kabtop = lib.nixosSystem { # Server profile + kabtop = lib.nixosSystem { + # Server profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - microvm.nixosModules.host - ./kabtop - ./configuration_common.nix - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtop/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix impermanence; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + microvm.nixosModules.host + ./kabtop + ./configuration_common.nix + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home_server.nix ./kabtop/home.nix]); }; - nasbak = lib.nixosSystem { # Server profile + nasbak = lib.nixosSystem { + # Server profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - ./nasbackup - ./configuration_common.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./nasbackup/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + ./nasbackup + ./configuration_common.nix + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home_server.nix ./nasbackup/home.nix]); }; - jupiter = lib.nixosSystem { # Server profile + jupiter = lib.nixosSystem { + # Server profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - ./jupiter - ./configuration_common.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./jupiter/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + ./jupiter + ./configuration_common.nix + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home_server.nix ./jupiter/home.nix]); }; - kabtopci = lib.nixosSystem { # Server profile + kabtopci = lib.nixosSystem { + # Server profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - microvm.nixosModules.host - ./kabtopci - ./configuration_common.nix - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtopci/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix impermanence; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + microvm.nixosModules.host + ./kabtopci + ./configuration_common.nix + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home_server.nix ./kabtopci/home.nix]); }; - kubemaster-1 = lib.nixosSystem { # Server profile + kubemaster-1 = lib.nixosSystem { + # Server profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - microvm.nixosModules.host - ./kubemaster-1 - ./configuration_common.nix - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kubemaster-1/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix impermanence; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + microvm.nixosModules.host + ./kubemaster-1 + ./configuration_common.nix + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home_server.nix ./kubemaster-1/home.nix]); }; - dmz = lib.nixosSystem { # Server profile + dmz = lib.nixosSystem { + # Server profile inherit system; - specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; }; - modules = [ - agenix.nixosModules.default - microvm.nixosModules.host - ./dmz - ./configuration_common.nix - nixos-hardware.nixosModules.common-pc-ssd - ] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./dmz/home.nix ]); + specialArgs = { + inherit inputs location nixos-hardware agenix impermanence; + user = defaultUser; + }; + modules = + [ + agenix.nixosModules.default + microvm.nixosModules.host + ./dmz + ./configuration_common.nix + nixos-hardware.nixosModules.common-pc-ssd + ] + ++ (mkHM home-manager defaultUser [./home_server.nix ./dmz/home.nix]); }; -# vm = lib.nixosSystem { # VM profile -# inherit system; -# specialArgs = { inherit inputs user location; }; -# modules = [ -# ./vm -# ./configuration.nix -# -# (mkHM home-manager [ ./home.nix ./vm/home.nix ]) -# ]; -# }; + # vm = lib.nixosSystem { # VM profile + # inherit system; + # specialArgs = { inherit inputs user location; }; + # modules = [ + # ./vm + # ./configuration.nix + # + # (mkHM home-manager [ ./home.nix ./vm/home.nix ]) + # ]; + # }; } diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index d4549c5..9e92958 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -1,10 +1,12 @@ # # Hades desktop — system configuration # - -{ lib, pkgs, inputs, ... }: - { + lib, + pkgs, + inputs, + ... +}: { # Example: host-specific overlays — only hades gets these packages in its pkgs. # nixpkgs.overlays = [ # (final: prev: { @@ -21,22 +23,22 @@ ]; # ── Desktop module options ────────────────────────────────────────────── - myDesktop.windowManager = "niri"; - myDesktop.cpu = "amd"; + myDesktop.windowManager = "niri"; + myDesktop.cpu = "amd"; myDesktop.virtualisation.enable = true; - myDesktop.openrgb.enable = true; + myDesktop.openrgb.enable = true; myDesktop.openrgb.motherboard = "amd"; - myDesktop.syncthing.enable = true; + myDesktop.syncthing.enable = true; myDesktop.syncthing.devices = { - "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; }; - "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; }; + "jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";}; + "lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";}; }; myDesktop.syncthing.folders = { "Sync" = { - path = "/home/kabbone/Sync"; - devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; + path = "/home/kabbone/Sync"; + devices = ["jupiter.home.opel-online.de" "lifebook.home.opel-online.de"]; ignorePerms = false; }; }; @@ -45,16 +47,16 @@ boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { - systemd-boot.enable = lib.mkForce false; + systemd-boot.enable = lib.mkForce false; efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot"; - timeout = 1; + timeout = 1; }; lanzaboote = { - enable = true; + enable = true; pkiBundle = "/etc/secureboot"; }; }; - environment.systemPackages = [ pkgs.linux-firmware ]; + environment.systemPackages = [pkgs.linux-firmware]; } diff --git a/hosts/desktop/hardware-configuration.nix b/hosts/desktop/hardware-configuration.nix index fac3a88..c6bd67f 100644 --- a/hosts/desktop/hardware-configuration.nix +++ b/hosts/desktop/hardware-configuration.nix @@ -10,17 +10,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = - [ (modulesPath + "/installer/scan/not-detected.nix")] ++ - [( import ../../modules/hardware/backup.nix )]; + [(modulesPath + "/installer/scan/not-detected.nix")] + ++ [(import ../../modules/hardware/backup.nix)]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ "kvm-amd" "nct6775" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + boot.kernelModules = ["kvm-amd" "nct6775"]; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -34,149 +38,148 @@ }; services.btrbk = { - extraPackages = [ pkgs.lz4 pkgs.mbuffer ]; - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + extraPackages = [pkgs.lz4 pkgs.mbuffer]; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@home" = {}; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@home" = {}; }; + }; }; - bak = { - onCalendar = "daily"; - settings = { - stream_buffer = "256m"; - stream_compress = "lz4"; - incremental = "yes"; - snapshot_create = "no"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; - - snapshot_preserve_min = "all"; - target_preserve_min = "no"; - target_preserve = "4w 3d"; - - ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; - ssh_user = "btrbk"; - - volume = { - "/mnt/snapshots/root" = { - subvolume = { - "@home" = {}; - }; - target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades"; - }; - }; - }; - }; + }; }; + bak = { + onCalendar = "daily"; + settings = { + stream_buffer = "256m"; + stream_compress = "lz4"; + incremental = "yes"; + snapshot_create = "no"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; + + snapshot_preserve_min = "all"; + target_preserve_min = "no"; + target_preserve = "4w 3d"; + + ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; + ssh_user = "btrbk"; + + volume = { + "/mnt/snapshots/root" = { + subvolume = { + "@home" = {}; + }; + target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades"; + }; + }; + }; + }; + }; }; systemd.timers = { - btrbk-bak = { - after = [ "network-online.target" ]; - requires = [ "network-online.target" ]; - }; + btrbk-bak = { + after = ["network-online.target"]; + requires = ["network-online.target"]; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; + fsType = "vfat"; + }; - fileSystems."/mnt/Pluto" = - { device = "jupiter:/Pluto"; - fsType = "nfs"; - options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Pluto" = { + device = "jupiter:/Pluto"; + fsType = "nfs"; + options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - fileSystems."/mnt/Mars" = - { device = "jupiter:/Mars"; - fsType = "nfs"; - options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Mars" = { + device = "jupiter:/Mars"; + fsType = "nfs"; + options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; + swapDevices = [{device = "/swap/swapfile";}]; - swapDevices = [ { device = "/swap/swapfile"; } ]; - networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "hades"; networkmanager = { enable = true; }; firewall = { enable = true; - allowedUDPPorts = [ 24727 ]; - allowedTCPPorts = [ 24727 ]; + allowedUDPPorts = [24727]; + allowedTCPPorts = [24727]; }; }; -# systemd.network = { -# enable = true; -# networks = { -# "10-lan" = { -# matchConfig.Name = "eno1"; -# ntp = [ "192.168.2.1" ]; -# domains = [ "home.opel-online.de" ]; -# networkConfig = { -# DHCP = "yes"; -# IPv6AcceptRA = true; -# }; -# }; -# }; -# }; + # systemd.network = { + # enable = true; + # networks = { + # "10-lan" = { + # matchConfig.Name = "eno1"; + # ntp = [ "192.168.2.1" ]; + # domains = [ "home.opel-online.de" ]; + # networkConfig = { + # DHCP = "yes"; + # IPv6AcceptRA = true; + # }; + # }; + # }; + # }; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; #powerManagement.powertop.enable = true; diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index af426c8..f67d8df 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -2,12 +2,9 @@ # Hades desktop — home-manager host-specific additions # (WM home config is loaded by modules/desktop based on myDesktop.windowManager) # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { imports = [ - ../../modules/home.nix # cmds / theme options + ../../modules/home.nix # cmds / theme options ]; home.packages = with pkgs; [ @@ -21,7 +18,7 @@ ]; services = { - blueman-applet.enable = true; + blueman-applet.enable = true; network-manager-applet.enable = true; }; diff --git a/hosts/dmz/default.nix b/hosts/dmz/default.nix index 793147f..fbe5b58 100644 --- a/hosts/dmz/default.nix +++ b/hosts/dmz/default.nix @@ -1,38 +1,44 @@ # # DMZ — demilitarised zone server configuration # - -{ config, pkgs, user, agenix, impermanence, ... }: - { - imports = [ - ./hardware-configuration.nix - ../../modules/server - ] ++ (import ../../modules/services/dmz); + config, + pkgs, + user, + agenix, + impermanence, + ... +}: { + imports = + [ + ./hardware-configuration.nix + ../../modules/server + ] + ++ (import ../../modules/services/dmz); # ── Server module options ─────────────────────────────────────────────── myServer.virtualisation.enable = true; - myServer.virtualisation.cpu = "intel"; + myServer.virtualisation.cpu = "intel"; # ── Host-specific settings ────────────────────────────────────────────── boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { - systemd-boot.enable = true; + systemd-boot.enable = true; efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot"; - timeout = 1; + efi.efiSysMountPoint = "/boot"; + timeout = 1; }; }; services = { qemuGuest.enable = true; avahi = { - enable = true; + enable = true; nssmdns4 = true; - publish = { - enable = true; - addresses = true; + publish = { + enable = true; + addresses = true; userServices = true; }; }; diff --git a/hosts/dmz/hardware-configuration.nix b/hosts/dmz/hardware-configuration.nix index fff60bf..920a289 100644 --- a/hosts/dmz/hardware-configuration.nix +++ b/hosts/dmz/hardware-configuration.nix @@ -10,17 +10,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -33,75 +37,74 @@ ]; }; - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/var" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ]; - }; + fileSystems."/var" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; + + swapDevices = []; - swapDevices = [ ]; - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "ens18"; - ntp = [ "192.168.101.1" ]; - domains = [ "home.opel-online.de" ]; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - dns = [ - "192.168.101.1" - ]; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "ens18"; + ntp = ["192.168.101.1"]; + domains = ["home.opel-online.de"]; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + dns = [ + "192.168.101.1" + ]; }; + }; }; networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "dmz"; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = []; + allowedTCPPorts = [80 443]; }; }; - } diff --git a/hosts/dmz/home.nix b/hosts/dmz/home.nix index a086573..8ff2173 100644 --- a/hosts/dmz/home.nix +++ b/hosts/dmz/home.nix @@ -10,16 +10,13 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications @@ -32,5 +29,4 @@ programs = { alacritty.settings.font.size = 11; }; - } diff --git a/hosts/fuji/default.nix b/hosts/fuji/default.nix index e864b63..61e8703 100644 --- a/hosts/fuji/default.nix +++ b/hosts/fuji/default.nix @@ -5,7 +5,7 @@ # ├─ ./hosts # │ └─ ./laptop # │ ├─ default.nix * -# │ └─ hardware-configuration.nix +# │ └─ hardware-configuration.nix # └─ ./modules # ├─ ./desktop # │ └─ ./hyprland @@ -16,63 +16,75 @@ # └─ ./hardware # └─ default.nix # - -{ config, nixpkgs, pkgs, user, lib, ... }: - { - imports = # For now, if applying to other system, swap files - [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix - [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager - (import ../../modules/wm/virtualisation) ++ # libvirt + Docker - [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options - (import ../../modules/hardware); # Hardware devices + config, + nixpkgs, + pkgs, + user, + lib, + ... +}: { + imports = + # For now, if applying to other system, swap files + [(import ./hardware-configuration.nix)] + ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix + [(import ../../modules/wm/sway/default.nix)] + ++ # Window Manager + (import ../../modules/wm/virtualisation) + ++ # libvirt + Docker + [(import ../../modules/wm/virtualisation/kvm-amd.nix)] + ++ # kvm module options + (import ../../modules/hardware); # Hardware devices - boot = { # Boot options + boot = { + # Boot options kernelPackages = pkgs.linuxPackages_latest; - loader = { # EFI Boot + loader = { + # EFI Boot systemd-boot.enable = lib.mkForce false; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot"; }; - timeout = 1; # Grub auto select time + timeout = 1; # Grub auto select time }; lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; + enable = true; + pkiBundle = "/etc/secureboot"; }; }; -# hardware.sane = { # Used for scanning with Xsane -# enable = false; -# extraBackends = [ pkgs.sane-airscan ]; -# }; -# hardware = { -# nitrokey.enable = true; -# }; + # hardware.sane = { # Used for scanning with Xsane + # enable = false; + # extraBackends = [ pkgs.sane-airscan ]; + # }; + # hardware = { + # nitrokey.enable = true; + # }; -# environment = { -# systemPackages = with pkgs; [ -## simple-scan -## intel-media-driver -## alacritty -# ]; -# }; + # environment = { + # systemPackages = with pkgs; [ + ## simple-scan + ## intel-media-driver + ## alacritty + # ]; + # }; services = { #auto-cpufreq.enable = true; blueman.enable = true; - avahi = { # Needed to find wireless printer + avahi = { + # Needed to find wireless printer enable = true; nssmdns4 = true; - publish = { # Needed for detecting the scanner + publish = { + # Needed for detecting the scanner enable = true; addresses = true; userServices = true; }; }; }; - } diff --git a/hosts/fuji/hardware-configuration.nix b/hosts/fuji/hardware-configuration.nix index 67f7080..71f0c6c 100644 --- a/hosts/fuji/hardware-configuration.nix +++ b/hosts/fuji/hardware-configuration.nix @@ -10,17 +10,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = - [ (modulesPath + "/installer/scan/not-detected.nix")] ++ - [( import ../../modules/hardware/backup.nix )]; + [(modulesPath + "/installer/scan/not-detected.nix")] + ++ [(import ../../modules/hardware/backup.nix)]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -34,77 +38,76 @@ }; services.btrbk = { - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@home" = {}; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@home" = {}; }; + }; }; + }; }; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; + fsType = "vfat"; + }; + swapDevices = [{device = "/swap/swapfile";}]; - swapDevices = [ { device = "/swap/swapfile"; } ]; - networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "fuji"; networkmanager = { enable = false; @@ -117,17 +120,17 @@ }; systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "eno1"; - ntp = [ "192.168.2.1" ]; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "eno1"; + ntp = ["192.168.2.1"]; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; }; + }; }; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/fuji/home.nix b/hosts/fuji/home.nix index 6945c1c..5ca118b 100644 --- a/hosts/fuji/home.nix +++ b/hosts/fuji/home.nix @@ -10,18 +10,15 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + #../../modules/wm/hyprland/home.nix # Window Manager + #../../modules/wm/kde/home.nix # Window Manager + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - #../../modules/wm/hyprland/home.nix # Window Manager - #../../modules/wm/kde/home.nix # Window Manager - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications #firefox @@ -35,11 +32,11 @@ ]; }; - services = { # Applets - #blueman-applet.enable = true; # Bluetooth - network-manager-applet.enable = true; # Network + services = { + # Applets + #blueman-applet.enable = true; # Bluetooth + network-manager-applet.enable = true; # Network }; xsession.preferStatusNotifierItems = true; - } diff --git a/hosts/home.nix b/hosts/home.nix index aae9a18..1966446 100644 --- a/hosts/home.nix +++ b/hosts/home.nix @@ -14,32 +14,35 @@ # └─ ./shell # └─ default.nix # - -{ config, lib, pkgs, user, ... }: - -{ +{ + config, + lib, + pkgs, + user, + ... +}: { imports = - (import ../modules/editors) ++ - (import ../modules/programs) ++ - (import ../modules/programs/configs) ++ - (import ../modules/services) ++ - (import ../modules/shell); + (import ../modules/editors) + ++ (import ../modules/programs) + ++ (import ../modules/programs/configs) + ++ (import ../modules/services) + ++ (import ../modules/shell); home = { username = "${user}"; homeDirectory = "/home/${user}"; packages = with pkgs; [ -# Terminal - pfetch # Minimal fetch - ranger # File Manager - gnupg # sign and authorize 2nd Fac + # Terminal + pfetch # Minimal fetch + ranger # File Manager + gnupg # sign and authorize 2nd Fac xdg-utils steam wakelan -# dev ols + # dev ols gcc gnumake gnupatch @@ -52,10 +55,10 @@ tailscale wireguard-tools -# VideAudio - mpv # Media Player + # VideAudio + mpv # Media Player -# Apps + # Apps qalculate-qt hdparm python3 @@ -68,16 +71,16 @@ vesktop element-desktop -# Fileanagement + # Fileanagement kdePackages.ark - pcmanfm # File Manager - rsync # Syncer $ rsync -r dir1/ dir2/ - unzip # Zip files - unrar # Rar files + pcmanfm # File Manager + rsync # Syncer $ rsync -r dir1/ dir2/ + unzip # Zip files + unrar # Rar files papirus-icon-theme arc-theme -# General configuration + # General configuration keepassxc libreoffice gimp @@ -85,15 +88,15 @@ # Flatpak #vscodium (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with vscode-extensions; [ - vscodevim.vim - github.copilot - #ms-python.python - ms-vscode.cpptools - catppuccin.catppuccin-vsc-icons - catppuccin.catppuccin-vsc - ]; + vscode = vscodium; + vscodeExtensions = with vscode-extensions; [ + vscodevim.vim + github.copilot + #ms-python.python + ms-vscode.cpptools + catppuccin.catppuccin-vsc-icons + catppuccin.catppuccin-vsc + ]; }) sdkmanager @@ -101,12 +104,12 @@ file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/lockwall".source = ../modules/themes/lockwall.jpg; -# pointerCursor = { # This will set cursor systemwide so applications can not choose their own -# name = "Dracula-cursors"; -# package = pkgs.dracula-theme; -# size = 16; -# gtk.enable = true; -# }; + # pointerCursor = { # This will set cursor systemwide so applications can not choose their own + # name = "Dracula-cursors"; + # package = pkgs.dracula-theme; + # size = 16; + # gtk.enable = true; + # }; stateVersion = "23.05"; }; @@ -117,25 +120,24 @@ }; }; - -# gtk = { # Theming -# enable = true; -# theme = { -# name = "Dracula"; -# package = pkgs.dracula-theme; -# }; -# iconTheme = { -# name = "Papirus-Dark"; -# package = pkgs.papirus-icon-theme; -# }; -# font = { -# name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium -# }; # Cursor is declared under home.pointerCursor -# }; + # gtk = { # Theming + # enable = true; + # theme = { + # name = "Dracula"; + # package = pkgs.dracula-theme; + # }; + # iconTheme = { + # name = "Papirus-Dark"; + # package = pkgs.papirus-icon-theme; + # }; + # font = { + # name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium + # }; # Cursor is declared under home.pointerCursor + # }; systemd.user.services.mpris-proxy = { Unit.Description = "Mpris proxy"; - Unit.After = [ "network.target" "sound.target" ]; + Unit.After = ["network.target" "sound.target"]; Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy"; - Install.WantedBy = [ "default.target" ]; + Install.WantedBy = ["default.target"]; }; } diff --git a/hosts/home_server.nix b/hosts/home_server.nix index 0acf167..e044030 100644 --- a/hosts/home_server.nix +++ b/hosts/home_server.nix @@ -14,12 +14,17 @@ # └─ ./shell # └─ default.nix # - -{ config, lib, pkgs, user, ... }: - -{ - imports = # Home Manager Modules - (import ../modules/editors) ++ +{ + config, + lib, + pkgs, + user, + ... +}: { + imports = + # Home Manager Modules + (import ../modules/editors) + ++ #(import ../modules/programs) ++ #(import ../modules/programs/configs) ++ #(import ../modules/services) ++ @@ -31,12 +36,12 @@ packages = with pkgs; [ # Terminal - pfetch # Minimal fetch - ranger # File Manager - gnupg # sign and authorize 2nd Fac - + pfetch # Minimal fetch + ranger # File Manager + gnupg # sign and authorize 2nd Fac + #xdg-utils - + # Video/Audio #libva-utils # vainfo @@ -45,10 +50,9 @@ python3 # File Management - rsync # Syncer $ rsync -r dir1/ dir2/ + rsync # Syncer $ rsync -r dir1/ dir2/ #unzip # Zip files #unrar # Rar files - ]; stateVersion = "23.11"; }; diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index bff8050..3a83c88 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -1,55 +1,60 @@ # # Jupiter — NAS server configuration # - -{ config, pkgs, inputs, user, ... }: - { - imports = [ - ./hardware-configuration.nix - ../../modules/server - ] ++ (import ../../modules/services/nas); + config, + pkgs, + inputs, + user, + ... +}: { + imports = + [ + ./hardware-configuration.nix + ../../modules/server + ] + ++ (import ../../modules/services/nas); # ── Server module options ─────────────────────────────────────────────── # No virtualisation on the NAS # ── Host-specific settings ────────────────────────────────────────────── -# Example: host-specific overlay — only jupiter gets these packages in its pkgs. -# nixpkgs.overlays = [ -# (final: prev: { -# corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice; -# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox; -# }) -# ]; + # Example: host-specific overlay — only jupiter gets these packages in its pkgs. + # nixpkgs.overlays = [ + # (final: prev: { + # corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice; + # firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox; + # }) + # ]; boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { - systemd-boot.enable = true; + systemd-boot.enable = true; efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot"; - timeout = 1; + efi.efiSysMountPoint = "/boot"; + timeout = 1; }; }; programs = { ssh.startAgent = false; gnupg.agent = { - enable = false; + enable = false; enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-curses; + pinentryPackage = pkgs.pinentry-curses; }; }; services = { qemuGuest.enable = true; avahi = { - enable = true; + enable = true; nssmdns4 = true; - publish = { - enable = true; - addresses = true; + publish = { + enable = true; + addresses = true; userServices = true; }; }; diff --git a/hosts/jupiter/hardware-configuration.nix b/hosts/jupiter/hardware-configuration.nix index 971c549..835a445 100644 --- a/hosts/jupiter/hardware-configuration.nix +++ b/hosts/jupiter/hardware-configuration.nix @@ -10,18 +10,22 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = - [(modulesPath + "/profiles/qemu-guest.nix")] ++ - [( import ../../modules/hardware/backup.nix )]; + [(modulesPath + "/profiles/qemu-guest.nix")] + ++ [(import ../../modules/hardware/backup.nix)]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; + boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; boot.initrd.secrets = { "/root/NASKeyfile" = - /root/NASKeyfile; + /root/NASKeyfile; }; boot.initrd.luks.devices = { NAS-RAID1 = { @@ -33,8 +37,8 @@ keyFile = "/root/NASKeyfile"; }; }; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.kernelModules = []; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -50,174 +54,174 @@ }; services.btrbk = { - extraPackages = [ pkgs.lz4 pkgs.mbuffer ]; - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + extraPackages = [pkgs.lz4 pkgs.mbuffer]; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@" = {}; - "@home" = {}; - }; - }; - }; - volume = { - "/mnt/snapshots/Mars" = { - snapshot_create = "always"; - subvolume = { - "@nas" = {}; - }; - }; - }; - }; - }; - lf = { - onCalendar = "daily"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + snapshot_preserve = "2w 5d 5h"; + snapshot_preserve_min = "latest"; - snapshot_preserve = "2m 2w 5d"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/Pluto" = { - snapshot_create = "always"; - subvolume = { - "@" = {}; - "@/Backups" = {}; - "@/Games" = {}; - "@/IT" = {}; - "@/Media" = {}; - "@/Pictures" = {}; - "@/Rest" = {}; - }; - }; - }; + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@" = {}; + "@home" = {}; }; + }; }; + volume = { + "/mnt/snapshots/Mars" = { + snapshot_create = "always"; + subvolume = { + "@nas" = {}; + }; + }; + }; + }; }; + lf = { + onCalendar = "daily"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; + + snapshot_preserve = "2m 2w 5d"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/Pluto" = { + snapshot_create = "always"; + subvolume = { + "@" = {}; + "@/Backups" = {}; + "@/Games" = {}; + "@/IT" = {}; + "@/Media" = {}; + "@/Pictures" = {}; + "@/Rest" = {}; + }; + }; + }; + }; + }; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; - fileSystems."/mnt/snapshots/Mars" = - { device = "/dev/disk/by-label/MARS"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/Mars" = { + device = "/dev/disk/by-label/MARS"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; - fileSystems."/mnt/snapshots/Pluto" = - { device = "/dev/disk/by-label/NAS-RAID"; - fsType = "btrfs"; - options = [ "compress=zstd:8,noatime,subvolid=5" ]; - }; + fileSystems."/mnt/snapshots/Pluto" = { + device = "/dev/disk/by-label/NAS-RAID"; + fsType = "btrfs"; + options = ["compress=zstd:8,noatime,subvolid=5"]; + }; - fileSystems."/mnt/Pluto" = - { device = "/dev/disk/by-label/NAS-RAID"; - fsType = "btrfs"; - options = [ "compress=zstd:8,noatime,subvol=@" ]; - }; + fileSystems."/mnt/Pluto" = { + device = "/dev/disk/by-label/NAS-RAID"; + fsType = "btrfs"; + options = ["compress=zstd:8,noatime,subvol=@"]; + }; - fileSystems."/mnt/Mars" = - { device = "/dev/disk/by-label/MARS"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ]; - }; + fileSystems."/mnt/Mars" = { + device = "/dev/disk/by-label/MARS"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/NIXBOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; + + fileSystems."/export/Pluto" = { + device = "/mnt/Pluto"; + options = ["bind"]; + }; + + fileSystems."/export/Mars" = { + device = "/mnt/Mars"; + options = ["bind"]; + }; + + swapDevices = [{device = "/swap/swapfile";}]; - fileSystems."/export/Pluto" = - { device = "/mnt/Pluto"; - options = [ "bind" ]; - }; - - fileSystems."/export/Mars" = - { device = "/mnt/Mars"; - options = [ "bind" ]; - }; - - swapDevices = [ { device = "/swap/swapfile"; } ]; - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "ens18"; - ntp = [ "192.168.2.1" ]; - domains = [ "home.opel-online.de" ]; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - IPv6PrivacyExtensions=false; - }; - ipv6AcceptRAConfig = { - DHCPv6Client = "always"; - UseDNS = true; - }; - dhcpV4Config = { - UseDNS = true; - }; - dhcpV6Config = { - UseDNS = true; - }; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "ens18"; + ntp = ["192.168.2.1"]; + domains = ["home.opel-online.de"]; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + IPv6PrivacyExtensions = false; + }; + ipv6AcceptRAConfig = { + DHCPv6Client = "always"; + UseDNS = true; + }; + dhcpV4Config = { + UseDNS = true; + }; + dhcpV6Config = { + UseDNS = true; + }; }; + }; }; networking = { hostName = "jupiter"; domain = "home.opel-online.de"; - useDHCP = false; # For versatility sake, manually edit IP on nm-applet. + useDHCP = false; # For versatility sake, manually edit IP on nm-applet. #firewall = { # enable = false; # #allowedUDPPorts = [ 53 67 ]; @@ -234,5 +238,4 @@ ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 ''; }; - } diff --git a/hosts/jupiter/home.nix b/hosts/jupiter/home.nix index a086573..8ff2173 100644 --- a/hosts/jupiter/home.nix +++ b/hosts/jupiter/home.nix @@ -10,16 +10,13 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications @@ -32,5 +29,4 @@ programs = { alacritty.settings.font.size = 11; }; - } diff --git a/hosts/kabtop/default.nix b/hosts/kabtop/default.nix index d236d91..15e5bed 100644 --- a/hosts/kabtop/default.nix +++ b/hosts/kabtop/default.nix @@ -1,19 +1,25 @@ # # Kabtop — server configuration # - -{ config, pkgs, user, agenix, impermanence, ... }: - { - imports = [ - ./hardware-configuration.nix - ../../modules/server - ] ++ (import ../../modules/services/server); + config, + pkgs, + user, + agenix, + impermanence, + ... +}: { + imports = + [ + ./hardware-configuration.nix + ../../modules/server + ] + ++ (import ../../modules/services/server); # ── Server module options ─────────────────────────────────────────────── myServer.virtualisation.enable = true; - myServer.virtualisation.cpu = "amd"; - myServer.fail2ban.enable = true; + myServer.virtualisation.cpu = "amd"; + myServer.fail2ban.enable = true; # ── Host-specific settings ────────────────────────────────────────────── boot = { @@ -30,24 +36,24 @@ environment.etc = { "fail2ban/filter.d/open-webui.conf" = { source = ../../modules/services/server/fail2ban/filter/open-webui.conf; - mode = "0444"; + mode = "0444"; }; "fail2ban/filter.d/gitea.conf" = { source = ../../modules/services/server/fail2ban/filter/gitea.conf; - mode = "0444"; + mode = "0444"; }; "fail2ban/filter.d/nextcloud.conf" = { source = ../../modules/services/server/fail2ban/filter/nextcloud.conf; - mode = "0444"; + mode = "0444"; }; }; programs = { ssh.startAgent = false; gnupg.agent = { - enable = true; - enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-curses; + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-curses; }; }; diff --git a/hosts/kabtop/hardware-configuration.nix b/hosts/kabtop/hardware-configuration.nix index fde2538..157c347 100644 --- a/hosts/kabtop/hardware-configuration.nix +++ b/hosts/kabtop/hardware-configuration.nix @@ -10,17 +10,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -34,81 +38,80 @@ }; services.btrbk = { - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@" = {}; - "@home" = {}; - "@var" = {}; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@" = {}; + "@home" = {}; + "@var" = {}; }; + }; }; + }; }; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/var" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ]; - }; + fileSystems."/var" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; - - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; #swapDevices = [ { device = "/swap/swapfile"; } ]; - swapDevices = [ ]; - + swapDevices = []; + networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "kabtop"; domain = "kabtop.de"; networkmanager = { @@ -116,34 +119,33 @@ }; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = []; + allowedTCPPorts = [80 443]; }; }; systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "ens18"; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "ens18"; - address = [ - "37.44.215.182/24" - "2a13:7e80:0:ef::2/64" - ]; + address = [ + "37.44.215.182/24" + "2a13:7e80:0:ef::2/64" + ]; - routes = [ - { Gateway = "37.44.215.1"; } - { Gateway = "fe80::1"; } - ]; + routes = [ + {Gateway = "37.44.215.1";} + {Gateway = "fe80::1";} + ]; - dns = [ - "9.9.9.9" - "2620:fe::fe" - ]; - }; + dns = [ + "9.9.9.9" + "2620:fe::fe" + ]; }; + }; }; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/kabtop/home.nix b/hosts/kabtop/home.nix index a086573..8ff2173 100644 --- a/hosts/kabtop/home.nix +++ b/hosts/kabtop/home.nix @@ -10,16 +10,13 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications @@ -32,5 +29,4 @@ programs = { alacritty.settings.font.size = 11; }; - } diff --git a/hosts/kabtopci/default.nix b/hosts/kabtopci/default.nix index 427b016..f234f9f 100644 --- a/hosts/kabtopci/default.nix +++ b/hosts/kabtopci/default.nix @@ -1,18 +1,24 @@ # # Kabtopci — CI server configuration # - -{ config, pkgs, user, agenix, impermanence, ... }: - { - imports = [ - ./hardware-configuration.nix - ../../modules/server - ] ++ (import ../../modules/services/kabtopci); + config, + pkgs, + user, + agenix, + impermanence, + ... +}: { + imports = + [ + ./hardware-configuration.nix + ../../modules/server + ] + ++ (import ../../modules/services/kabtopci); # ── Server module options ─────────────────────────────────────────────── myServer.virtualisation.enable = true; - myServer.virtualisation.cpu = "amd"; + myServer.virtualisation.cpu = "amd"; # ── Host-specific settings ────────────────────────────────────────────── boot = { diff --git a/hosts/kabtopci/hardware-configuration.nix b/hosts/kabtopci/hardware-configuration.nix index 1ef67ee..b60f1b3 100644 --- a/hosts/kabtopci/hardware-configuration.nix +++ b/hosts/kabtopci/hardware-configuration.nix @@ -10,16 +10,19 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix")]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + boot.kernelModules = []; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -32,46 +35,46 @@ ]; }; - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/var" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ]; - }; + fileSystems."/var" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; + + swapDevices = []; - swapDevices = [ ]; - networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "kabtopci"; domain = "ci.kabtop.de"; networkmanager = { @@ -79,15 +82,19 @@ }; interfaces = { ens3 = { - useDHCP = false; # For versatility sake, manually edit IP on nm-applet. - ipv4.addresses = [ { + useDHCP = false; # For versatility sake, manually edit IP on nm-applet. + ipv4.addresses = [ + { address = "195.90.221.87"; prefixLength = 22; - } ]; - ipv6.addresses = [ { + } + ]; + ipv6.addresses = [ + { address = "2a00:6800:3:d5b::2"; prefixLength = 64; - } ]; + } + ]; }; }; defaultGateway = "195.90.220.1"; @@ -96,11 +103,11 @@ interface = "ens3"; }; - nameservers = [ "9.9.9.9" "2620:fe::fe" ]; + nameservers = ["9.9.9.9" "2620:fe::fe"]; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = []; + allowedTCPPorts = [80 443]; }; }; diff --git a/hosts/kabtopci/home.nix b/hosts/kabtopci/home.nix index a086573..8ff2173 100644 --- a/hosts/kabtopci/home.nix +++ b/hosts/kabtopci/home.nix @@ -10,16 +10,13 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications @@ -32,5 +29,4 @@ programs = { alacritty.settings.font.size = 11; }; - } diff --git a/hosts/kubemaster-1/default.nix b/hosts/kubemaster-1/default.nix index 6e4f152..d012e3c 100644 --- a/hosts/kubemaster-1/default.nix +++ b/hosts/kubemaster-1/default.nix @@ -1,36 +1,42 @@ # # Kubemaster-1 — Kubernetes master server configuration # - -{ config, pkgs, user, agenix, impermanence, ... }: - { - imports = [ - ./hardware-configuration.nix - ../../modules/server - ] ++ (import ../../modules/services/kubemaster); + config, + pkgs, + user, + agenix, + impermanence, + ... +}: { + imports = + [ + ./hardware-configuration.nix + ../../modules/server + ] + ++ (import ../../modules/services/kubemaster); # ── Server module options ─────────────────────────────────────────────── myServer.virtualisation.enable = true; - myServer.virtualisation.cpu = "intel"; + myServer.virtualisation.cpu = "intel"; # ── Host-specific settings ────────────────────────────────────────────── boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { - systemd-boot.enable = true; + systemd-boot.enable = true; efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot"; - timeout = 1; + efi.efiSysMountPoint = "/boot"; + timeout = 1; }; }; services.avahi = { - enable = true; + enable = true; nssmdns4 = true; - publish = { - enable = true; - addresses = true; + publish = { + enable = true; + addresses = true; userServices = true; }; }; diff --git a/hosts/kubemaster-1/hardware-configuration.nix b/hosts/kubemaster-1/hardware-configuration.nix index f64a825..440887b 100644 --- a/hosts/kubemaster-1/hardware-configuration.nix +++ b/hosts/kubemaster-1/hardware-configuration.nix @@ -10,17 +10,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -33,74 +37,74 @@ ]; }; - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/var" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ]; - }; + fileSystems."/var" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; + + swapDevices = []; - swapDevices = [ ]; - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "enp0s31f6"; - ntp = [ "192.168.2.1" ]; - domains = [ "home.opel-online.de" ]; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - dns = [ - "192.168.2.1" - ]; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "enp0s31f6"; + ntp = ["192.168.2.1"]; + domains = ["home.opel-online.de"]; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + dns = [ + "192.168.2.1" + ]; }; + }; }; networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "kubemaster-1"; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = []; + allowedTCPPorts = [80 443]; }; }; @@ -113,5 +117,4 @@ ''; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - } diff --git a/hosts/kubemaster-1/home.nix b/hosts/kubemaster-1/home.nix index a086573..8ff2173 100644 --- a/hosts/kubemaster-1/home.nix +++ b/hosts/kubemaster-1/home.nix @@ -10,16 +10,13 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications @@ -32,5 +29,4 @@ programs = { alacritty.settings.font.size = 11; }; - } diff --git a/hosts/lifebook/default.nix b/hosts/lifebook/default.nix index a9e53e2..092a9d4 100644 --- a/hosts/lifebook/default.nix +++ b/hosts/lifebook/default.nix @@ -1,36 +1,38 @@ # # Lifebook laptop — system configuration # - -{ lib, pkgs, user, ... }: - { + lib, + pkgs, + user, + ... +}: { imports = [ ./hardware-configuration.nix ../../modules/desktop ]; # ── Desktop module options ────────────────────────────────────────────── - myDesktop.windowManager = "niri"; - myDesktop.niri.hotkeyVariant = "lifebook"; - myDesktop.cpu = "intel"; + myDesktop.windowManager = "niri"; + myDesktop.niri.hotkeyVariant = "lifebook"; + myDesktop.cpu = "intel"; myDesktop.virtualisation.enable = true; - myDesktop.laptop.enable = true; - myDesktop.laptop.lidSwitch = "suspend-then-hibernate"; + myDesktop.laptop.enable = true; + myDesktop.laptop.lidSwitch = "suspend-then-hibernate"; myDesktop.laptop.hibernateDelaySec = "1h"; myDesktop.git.signingKey = "/home/${user}/.ssh/id_ed25519_sk_rk_blackred"; - myDesktop.syncthing.enable = true; + myDesktop.syncthing.enable = true; myDesktop.syncthing.devices = { - "jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; }; - "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; }; + "jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";}; + "hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";}; }; myDesktop.syncthing.folders = { "Sync" = { - path = "/home/kabbone/Sync"; - devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; + path = "/home/kabbone/Sync"; + devices = ["jupiter.home.opel-online.de" "hades.home.opel-online.de"]; ignorePerms = false; }; }; @@ -42,16 +44,16 @@ # ── Host-specific settings ────────────────────────────────────────────── boot = { - kernelPackages = pkgs.linuxPackages_latest; - initrd.prepend = [ "${./patched-SSDT4}" ]; + kernelPackages = pkgs.linuxPackages_latest; + initrd.prepend = ["${./patched-SSDT4}"]; loader = { - systemd-boot.enable = lib.mkForce false; + systemd-boot.enable = lib.mkForce false; efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot"; - timeout = 1; + timeout = 1; }; lanzaboote = { - enable = true; + enable = true; pkiBundle = "/etc/secureboot"; }; }; diff --git a/hosts/lifebook/hardware-configuration.nix b/hosts/lifebook/hardware-configuration.nix index 7fc0006..42962fd 100644 --- a/hosts/lifebook/hardware-configuration.nix +++ b/hosts/lifebook/hardware-configuration.nix @@ -10,222 +10,222 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = - [ (modulesPath + "/installer/scan/not-detected.nix")] ++ - [( import ../../modules/hardware/backup.nix )]; + [(modulesPath + "/installer/scan/not-detected.nix")] + ++ [(import ../../modules/hardware/backup.nix)]; boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; - kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ]; - systemd.enable = true; - luks = { - devices."crypted" = { - device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; - allowDiscards = true; - bypassWorkqueues = true; - }; - }; - }; + initrd = { + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci"]; + kernelModules = ["i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1"]; + systemd.enable = true; + luks = { + devices."crypted" = { + device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; + allowDiscards = true; + bypassWorkqueues = true; + }; + }; + }; - kernelModules = [ "kvm-intel" ]; - kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ]; - extraModprobeConfig = '' - options i915 force_probe=!9a49 - options xe force_probe=9a49 - ''; - tmp.useTmpfs = false; - tmp.cleanOnBoot = true; + kernelModules = ["kvm-intel"]; + kernelParams = ["luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force"]; + extraModprobeConfig = '' + options i915 force_probe=!9a49 + options xe force_probe=9a49 + ''; + tmp.useTmpfs = false; + tmp.cleanOnBoot = true; }; zramSwap.enable = true; - services = { - btrfs.autoScrub = { - enable = true; - interval = "monthly"; - fileSystems = [ - "/" - ]; - }; - udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" - ''; + btrfs.autoScrub = { + enable = true; + interval = "monthly"; + fileSystems = [ + "/" + ]; + }; + udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" + ''; - btrbk = { - extraPackages = [ pkgs.lz4 pkgs.mbuffer ]; - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + btrbk = { + extraPackages = [pkgs.lz4 pkgs.mbuffer]; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@home" = {}; - }; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@home" = {}; + }; }; - bak = { - onCalendar = "daily"; - settings = { - stream_buffer = "256m"; - stream_compress = "lz4"; - incremental = "yes"; - snapshot_create = "no"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; - - snapshot_preserve_min = "all"; - target_preserve_min = "no"; - target_preserve = "4w 3d"; - - ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; - ssh_user = "btrbk"; - - volume = { - "/mnt/snapshots/root" = { - subvolume = { - "@home" = {}; - }; - target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook"; - }; - }; - }; - }; - }; - }; - - tuned = { - enable = true; - profiles = { - balanced_powertop = { - main = { - include = "balanced"; - }; - sysfs = { - "/sys/class/net/wlan0/device/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/usb3/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/usb1/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/3-9/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/usb4/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/3-10/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/usb2/power/wakeup" = "enabled"; - "/sys/bus/usb/devices/3-5/power/wakeup" = "enabled"; }; }; - balanced-battery_powertop = { - main = { - include = "balanced-battery"; - }; - sysfs = { - "/sys/class/net/wlan0/device/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/usb3/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/usb1/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/3-9/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/usb4/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/3-10/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/usb2/power/wakeup" = "disabled"; - "/sys/bus/usb/devices/3-5/power/wakeup" = "disabled"; + }; + bak = { + onCalendar = "daily"; + settings = { + stream_buffer = "256m"; + stream_compress = "lz4"; + incremental = "yes"; + snapshot_create = "no"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; + + snapshot_preserve_min = "all"; + target_preserve_min = "no"; + target_preserve = "4w 3d"; + + ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; + ssh_user = "btrbk"; + + volume = { + "/mnt/snapshots/root" = { + subvolume = { + "@home" = {}; + }; + target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook"; + }; }; }; }; }; - }; - - systemd.timers = { - btrbk-bak = { - after = [ "network-online.target" ]; - requires = [ "network-online.target" ]; + }; + + tuned = { + enable = true; + profiles = { + balanced_powertop = { + main = { + include = "balanced"; + }; + sysfs = { + "/sys/class/net/wlan0/device/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/usb3/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/usb1/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/3-9/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/usb4/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/3-10/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/usb2/power/wakeup" = "enabled"; + "/sys/bus/usb/devices/3-5/power/wakeup" = "enabled"; + }; + }; + balanced-battery_powertop = { + main = { + include = "balanced-battery"; + }; + sysfs = { + "/sys/class/net/wlan0/device/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/usb3/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/usb1/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/3-9/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/usb4/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/3-10/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/usb2/power/wakeup" = "disabled"; + "/sys/bus/usb/devices/3-5/power/wakeup" = "disabled"; + }; + }; }; + }; }; - fileSystems."/" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; + systemd.timers = { + btrbk-bak = { + after = ["network-online.target"]; + requires = ["network-online.target"]; }; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/NIXBOOT"; - fsType = "vfat"; - }; + fileSystems."/" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; - fileSystems."/nix" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/opt" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/var" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ]; - }; + fileSystems."/opt" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/var" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; + }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; - fileSystems."/mnt/Pluto" = - { device = "jupiter.home.opel-online.de:/Pluto"; - fsType = "nfs"; - options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Pluto" = { + device = "jupiter.home.opel-online.de:/Pluto"; + fsType = "nfs"; + options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - fileSystems."/mnt/Mars" = - { device = "jupiter.home.opel-online.de:/Mars"; - fsType = "nfs"; - options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Mars" = { + device = "jupiter.home.opel-online.de:/Mars"; + fsType = "nfs"; + options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - - swapDevices = [ { device = "/swap/swapfile"; } ]; - + swapDevices = [{device = "/swap/swapfile";}]; networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "lifebook"; wireless.iwd.enable = true; networkmanager = { @@ -235,27 +235,27 @@ powersave = true; }; }; -# interfaces = { -# wlan0 = { -# useDHCP = true; # For versatility sake, manually edit IP on nm-applet. -# #ipv4.addresses = [ { -# # address = "192.168.0.51"; -# # prefixLength = 24; -# #} ]; -# }; -# }; + # interfaces = { + # wlan0 = { + # useDHCP = true; # For versatility sake, manually edit IP on nm-applet. + # #ipv4.addresses = [ { + # # address = "192.168.0.51"; + # # prefixLength = 24; + # #} ]; + # }; + # }; #defaultGateway = "192.168.0.1"; #nameservers = [ "192.168.0.4" ]; firewall = { checkReversePath = false; enable = true; - allowedUDPPorts = [ 24727 51820 ]; - allowedTCPPorts = [ 24727 ]; + allowedUDPPorts = [24727 51820]; + allowedTCPPorts = [24727]; }; }; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -# powerManagement = { -# powertop.enable = true; -# }; + # powerManagement = { + # powertop.enable = true; + # }; } diff --git a/hosts/lifebook/home.nix b/hosts/lifebook/home.nix index 6bb5504..b19e6d1 100644 --- a/hosts/lifebook/home.nix +++ b/hosts/lifebook/home.nix @@ -2,12 +2,9 @@ # Lifebook laptop — home-manager host-specific additions # (WM home config is loaded by modules/desktop based on myDesktop.windowManager) # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { imports = [ - ../../modules/home.nix # cmds / theme options + ../../modules/home.nix # cmds / theme options ]; home.packages = with pkgs; [ @@ -21,7 +18,7 @@ ]; services = { - blueman-applet.enable = true; + blueman-applet.enable = true; network-manager-applet.enable = true; }; diff --git a/hosts/nasbackup/default.nix b/hosts/nasbackup/default.nix index 22de471..0272eee 100644 --- a/hosts/nasbackup/default.nix +++ b/hosts/nasbackup/default.nix @@ -1,14 +1,18 @@ # # Nasbak — NAS backup server configuration # - -{ config, pkgs, user, ... }: - { - imports = [ - ./hardware-configuration.nix - ../../modules/server - ] ++ (import ../../modules/services/nasbackup); + config, + pkgs, + user, + ... +}: { + imports = + [ + ./hardware-configuration.nix + ../../modules/server + ] + ++ (import ../../modules/services/nasbackup); # ── Server module options ─────────────────────────────────────────────── # No virtualisation on the backup NAS @@ -17,30 +21,30 @@ boot = { kernelPackages = pkgs.linuxPackages_latest; loader = { - systemd-boot.enable = true; + systemd-boot.enable = true; efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot"; - timeout = 1; + efi.efiSysMountPoint = "/boot"; + timeout = 1; }; }; programs = { ssh.startAgent = false; gnupg.agent = { - enable = false; + enable = false; enableSSHSupport = true; - pinentryPackage = pkgs.pinentry-curses; + pinentryPackage = pkgs.pinentry-curses; }; }; services = { qemuGuest.enable = true; avahi = { - enable = true; + enable = true; nssmdns4 = true; - publish = { - enable = true; - addresses = true; + publish = { + enable = true; + addresses = true; userServices = true; }; }; diff --git a/hosts/nasbackup/hardware-configuration.nix b/hosts/nasbackup/hardware-configuration.nix index 2e21bd1..058d759 100644 --- a/hosts/nasbackup/hardware-configuration.nix +++ b/hosts/nasbackup/hardware-configuration.nix @@ -1,4 +1,3 @@ - # Hardware settings for Teclast F5 10" Laptop # NixOS @ sda2 # @@ -10,18 +9,22 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; boot.initrd.secrets = { "/root/NASKeyfile" = - /root/NASKeyfile; + /root/NASKeyfile; }; boot.initrd.luks.devices = { NAS-RAID1 = { @@ -35,8 +38,8 @@ bypassWorkqueues = true; }; }; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; boot.tmp.useTmpfs = false; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -51,168 +54,167 @@ }; services.btrbk = { - extraPackages = [ pkgs.lz4 pkgs.mbuffer ]; - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + extraPackages = [pkgs.lz4 pkgs.mbuffer]; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@" = {}; - "@home" = {}; - }; - }; - }; - }; - }; - bak = { - onCalendar = "weekly"; - settings = { - stream_buffer = "265m"; - stream_compress = "lz4"; - incremental = "yes"; - snapshot_create = "no"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; - - snapshot_preserve_min = "all"; - target_preserve_min = "no"; - target_preserve = "4w 2m"; - archive_preserve_min = "no"; - archive_preserve = "4w 2m"; - - ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk"; - ssh_user = "btrbk"; - - volume = { - "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = { - subvolume = { - "@nas" = { - target = "/mnt/nas/Backups/Mars"; - }; - "@hades/@home" = { - target = "/mnt/nas/Backups/Hades"; - snapshot_dir = "@snapshots/@hades"; - }; - "@lifebook/@home" = { - target = "/mnt/nas/Backups/Lifebook"; - snapshot_dir = "@snapshots/@lifebook"; - }; -# "@steamdeck/@home" = { -# target = "/mnt/nas/Backups/Steamdeck"; -# snapshot_dir = "@snapshots/@steamdeck"; -# }; - }; - }; - }; - volume = { - "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = { - target = "/mnt/nas/Backups/Pluto"; - subvolume = { - "@/Games" = {}; - "@/IT" = {}; - "@/Media" = {}; - "@/Pictures" = {}; - "@/Rest" = {}; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@" = {}; + "@home" = {}; }; + }; }; + }; }; + bak = { + onCalendar = "weekly"; + settings = { + stream_buffer = "265m"; + stream_compress = "lz4"; + incremental = "yes"; + snapshot_create = "no"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; + + snapshot_preserve_min = "all"; + target_preserve_min = "no"; + target_preserve = "4w 2m"; + archive_preserve_min = "no"; + archive_preserve = "4w 2m"; + + ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk"; + ssh_user = "btrbk"; + + volume = { + "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = { + subvolume = { + "@nas" = { + target = "/mnt/nas/Backups/Mars"; + }; + "@hades/@home" = { + target = "/mnt/nas/Backups/Hades"; + snapshot_dir = "@snapshots/@hades"; + }; + "@lifebook/@home" = { + target = "/mnt/nas/Backups/Lifebook"; + snapshot_dir = "@snapshots/@lifebook"; + }; + # "@steamdeck/@home" = { + # target = "/mnt/nas/Backups/Steamdeck"; + # snapshot_dir = "@snapshots/@steamdeck"; + # }; + }; + }; + }; + volume = { + "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = { + target = "/mnt/nas/Backups/Pluto"; + subvolume = { + "@/Games" = {}; + "@/IT" = {}; + "@/Media" = {}; + "@/Pictures" = {}; + "@/Rest" = {}; + }; + }; + }; + }; + }; + }; }; systemd.services = { - btrbk-bak = { - after = [ "network-online.target" ]; - requires = [ "network-online.target" ]; - }; + btrbk-bak = { + after = ["network-online.target"]; + requires = ["network-online.target"]; + }; }; - - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; - - fileSystems."/srv" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; - - fileSystems."/swap" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; - - fileSystems."/mnt/snapshots/root" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; }; -# fileSystems."/mnt/snapshots/Pluto" = -# { device = "/dev/disk/by-label/NAS-RAID"; -# fsType = "btrfs"; -# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ]; -# }; -# - fileSystems."/mnt/nas" = - { device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b"; - fsType = "btrfs"; - options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/NIXBOOT"; - fsType = "vfat"; - }; + fileSystems."/srv" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; + + fileSystems."/swap" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; + + fileSystems."/mnt/snapshots/root" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; + + # fileSystems."/mnt/snapshots/Pluto" = + # { device = "/dev/disk/by-label/NAS-RAID"; + # fsType = "btrfs"; + # options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ]; + # }; + # + fileSystems."/mnt/nas" = { + device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b"; + fsType = "btrfs"; + options = ["compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; + + swapDevices = [{device = "/swap/swapfile";}]; - swapDevices = [ { device = "/swap/swapfile"; } ]; - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "ens18"; - ntp = [ "192.168.2.1" ]; - domains = [ "home.opel-online.de" ]; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "ens18"; + ntp = ["192.168.2.1"]; + domains = ["home.opel-online.de"]; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; }; + }; }; networking = { hostName = "nasbak"; domain = "home.opel-online.de"; - useDHCP = false; # For versatility sake, manually edit IP on nm-applet. + useDHCP = false; # For versatility sake, manually edit IP on nm-applet. #firewall = { # enable = false; # #allowedUDPPorts = [ 53 67 ]; @@ -224,10 +226,9 @@ powerManagement = { cpuFreqGovernor = lib.mkDefault "powersave"; powertop.enable = true; -# powerUpCommands = '' -# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 -# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2 -# ''; + # powerUpCommands = '' + # ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 + # ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2 + # ''; }; - } diff --git a/hosts/nasbackup/home.nix b/hosts/nasbackup/home.nix index a086573..8ff2173 100644 --- a/hosts/nasbackup/home.nix +++ b/hosts/nasbackup/home.nix @@ -10,16 +10,13 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications @@ -32,5 +29,4 @@ programs = { alacritty.settings.font.size = 11; }; - } diff --git a/hosts/nbf5/default.nix b/hosts/nbf5/default.nix index 1cbadb1..dc27330 100644 --- a/hosts/nbf5/default.nix +++ b/hosts/nbf5/default.nix @@ -5,7 +5,7 @@ # ├─ ./hosts # │ └─ ./laptop # │ ├─ default.nix * -# │ └─ hardware-configuration.nix +# │ └─ hardware-configuration.nix # └─ ./modules # ├─ ./desktop # │ └─ ./hyprland @@ -16,57 +16,69 @@ # └─ ./hardware # └─ default.nix # - -{ config, pkgs, user, ... }: - { - imports = # For now, if applying to other system, swap files - [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix + config, + pkgs, + user, + ... +}: { + imports = + # For now, if applying to other system, swap files + [(import ./hardware-configuration.nix)] + ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix + #[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager - # [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager - [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker - [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options - (import ../../modules/hardware) ++ - (import ../../modules/services/printer); # Hardware devices + # [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager + [(import ../../modules/wm/virtualisation/docker.nix)] + ++ # Docker + [(import ../../modules/wm/virtualisation/kvm-intel.nix)] + ++ # kvm module options + (import ../../modules/hardware) + ++ (import ../../modules/services/printer); # Hardware devices - boot = { # Boot options + boot = { + # Boot options kernelPackages = pkgs.linuxPackages_latest; - loader = { # EFI Boot + loader = { + # EFI Boot systemd-boot.enable = true; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot"; }; - timeout = 1; # Grub auto select time + timeout = 1; # Grub auto select time }; }; environment = { systemPackages = with pkgs; [ - intel-media-driver + intel-media-driver ]; }; - programs = { # No xbacklight, this is the alterantive + programs = { + # No xbacklight, this is the alterantive light.enable = true; }; services = { tlp = { - enable = true; # TLP and auto-cpufreq for power management + enable = true; # TLP and auto-cpufreq for power management settings = { - USB_DENYLIST="fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510"; + USB_DENYLIST = "fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510"; }; }; - logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed + logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed #auto-cpufreq.enable = true; blueman.enable = true; - avahi = { # Needed to find wireless printer + avahi = { + # Needed to find wireless printer enable = true; nssmdns4 = true; - publish = { # Needed for detecting the scanner + publish = { + # Needed for detecting the scanner enable = true; addresses = true; userServices = true; @@ -75,8 +87,8 @@ }; #temporary bluetooth fix -# systemd.tmpfiles.rules = [ -# "d /var/lib/bluetooth 700 root root - -" -# ]; -# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"]; + # systemd.tmpfiles.rules = [ + # "d /var/lib/bluetooth 700 root root - -" + # ]; + # systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"]; } diff --git a/hosts/nbf5/hardware-configuration.nix b/hosts/nbf5/hardware-configuration.nix index 0cb1389..2dfe1a2 100644 --- a/hosts/nbf5/hardware-configuration.nix +++ b/hosts/nbf5/hardware-configuration.nix @@ -10,32 +10,36 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; boot = { - initrd = { - availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; - kernelModules = [ "i915" "kvm_intel" ]; - systemd.enable = true; - luks = { - devices."root" = { - device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5"; - allowDiscards = true; - }; - }; - }; + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc"]; + kernelModules = ["i915" "kvm_intel"]; + systemd.enable = true; + luks = { + devices."root" = { + device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5"; + allowDiscards = true; + }; + }; + }; - kernelModules = [ "kvm-intel" ]; - extraModprobeConfig = '' - options i915 enable_guc=3 enable_fbc=1 fastboot=1 - ''; - kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ]; - tmp.useTmpfs = true; + kernelModules = ["kvm-intel"]; + extraModprobeConfig = '' + options i915 enable_guc=3 enable_fbc=1 fastboot=1 + ''; + kernelParams = ["mitigations=off" "luks.options=fido2-device=auto"]; + tmp.useTmpfs = true; }; zramSwap.enable = true; @@ -49,110 +53,108 @@ }; services.btrbk = { - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@home" = {}; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@home" = {}; }; + }; }; + }; }; + }; }; - fileSystems."/" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/home" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/opt" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ]; - }; + fileSystems."/opt" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; - fileSystems."/mnt/Pluto" = - { device = "jupiter:/Pluto"; - fsType = "nfs"; - options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Pluto" = { + device = "jupiter:/Pluto"; + fsType = "nfs"; + options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - fileSystems."/mnt/Mars" = - { device = "jupiter:/Mars"; - fsType = "nfs"; - options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Mars" = { + device = "jupiter:/Mars"; + fsType = "nfs"; + options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - - swapDevices = [ ]; - + swapDevices = []; networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "nbf5"; wireless = { iwd.enable = true; - interfaces = [ "wlan0" ]; + interfaces = ["wlan0"]; }; interfaces = { wlan0 = { - useDHCP = true; # For versatility sake, manually edit IP on nm-applet. + useDHCP = true; # For versatility sake, manually edit IP on nm-applet. }; }; firewall = { enable = true; #allowedUDPPorts = [ 53 67 ]; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [80 443]; }; }; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; powerManagement = { cpuFreqGovernor = lib.mkDefault "schedutil"; - powertop.enable = true; + powertop.enable = true; }; } diff --git a/hosts/nbf5/home.nix b/hosts/nbf5/home.nix index 4fa3b9f..cafb12d 100644 --- a/hosts/nbf5/home.nix +++ b/hosts/nbf5/home.nix @@ -10,26 +10,23 @@ # └─ ./hyprland # └─ hyprland.nix # +{pkgs, ...}: { + imports = [ + #../../modules/wm/hyprland/home.nix # Window Manager + #../../modules/wm/sway/home.nix # Window Manager + ../../modules/home.nix # Window Manager + ]; -{ pkgs, ... }: - -{ - imports = - [ - #../../modules/wm/hyprland/home.nix # Window Manager - #../../modules/wm/sway/home.nix # Window Manager - ../../modules/home.nix # Window Manager - ]; - - home = { # Specific packages for laptop + home = { + # Specific packages for laptop packages = with pkgs; [ # Applications firefox intel-gpu-tools pulsemixer - + # Display - light # xorg.xbacklight not supported. Other option is just use xrandr. + light # xorg.xbacklight not supported. Other option is just use xrandr. # Power Management #auto-cpufreq # Power management @@ -41,11 +38,11 @@ alacritty.settings.font.size = 11; }; - services = { # Applets - blueman-applet.enable = true; # Bluetooth - network-manager-applet.enable = true; # Network + services = { + # Applets + blueman-applet.enable = true; # Bluetooth + network-manager-applet.enable = true; # Network }; xsession.preferStatusNotifierItems = true; - } diff --git a/hosts/steamdeck/default.nix b/hosts/steamdeck/default.nix index 468ad57..4e4e722 100644 --- a/hosts/steamdeck/default.nix +++ b/hosts/steamdeck/default.nix @@ -1,10 +1,13 @@ # # Steamdeck — system configuration # - -{ lib, pkgs, user, jovian-nixos, ... }: - { + lib, + pkgs, + user, + jovian-nixos, + ... +}: { imports = [ ./hardware-configuration.nix ../../modules/desktop @@ -12,15 +15,15 @@ ]; # ── Desktop module options ────────────────────────────────────────────── - myDesktop.windowManager = "kde"; - myDesktop.cpu = "amd"; + myDesktop.windowManager = "kde"; + myDesktop.cpu = "amd"; myDesktop.virtualisation.enable = true; - myDesktop.nitrokey.enable = true; + myDesktop.nitrokey.enable = true; specialisation = { sway.configuration = { - imports = [ (import ../../modules/wm/sway) ]; - jovian.steam.enable = lib.mkForce false; + imports = [(import ../../modules/wm/sway)]; + jovian.steam.enable = lib.mkForce false; services.desktopManager.plasma6.enable = lib.mkForce false; }; }; @@ -28,20 +31,20 @@ # ── Host-specific settings ────────────────────────────────────────────── boot = { loader = { - systemd-boot.enable = lib.mkForce false; + systemd-boot.enable = lib.mkForce false; efi.canTouchEfiVariables = true; - efi.efiSysMountPoint = "/boot"; - timeout = 1; + efi.efiSysMountPoint = "/boot"; + timeout = 1; }; lanzaboote = { - enable = true; + enable = true; pkiBundle = "/etc/secureboot"; }; }; services.printing = { - enable = true; - drivers = [ pkgs.gutenprint ]; + enable = true; + drivers = [pkgs.gutenprint]; }; services.tailscale.enable = true; diff --git a/hosts/steamdeck/hardware-configuration.nix b/hosts/steamdeck/hardware-configuration.nix index 241556a..5e0eef9 100644 --- a/hosts/steamdeck/hardware-configuration.nix +++ b/hosts/steamdeck/hardware-configuration.nix @@ -10,178 +10,180 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; boot = { - initrd = { - availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; - kernelModules = [ ]; - systemd.enable = true; - luks = { - devices."crypted" = { - device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; - allowDiscards = true; - bypassWorkqueues = true; - }; - }; - }; + initrd = { + availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci"]; + kernelModules = []; + systemd.enable = true; + luks = { + devices."crypted" = { + device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; + allowDiscards = true; + bypassWorkqueues = true; + }; + }; + }; - kernelModules = [ "kvm-amd" "amdgpu" ]; - kernelParams = [ "luks.options=fido2-device=auto" ]; - tmp.useTmpfs = false; - tmp.cleanOnBoot = true; + kernelModules = ["kvm-amd" "amdgpu"]; + kernelParams = ["luks.options=fido2-device=auto"]; + tmp.useTmpfs = false; + tmp.cleanOnBoot = true; }; zramSwap.enable = true; services = { - btrfs.autoScrub = { - enable = true; - interval = "monthly"; - fileSystems = [ - "/" - ]; - }; - udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" - ''; + btrfs.autoScrub = { + enable = true; + interval = "monthly"; + fileSystems = [ + "/" + ]; + }; + udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" + ''; - btrbk = { - instances = { - hf = { - onCalendar = "hourly"; - settings = { - incremental = "yes"; - snapshot_create = "ondemand"; - snapshot_dir = "@snapshots"; - timestamp_format = "long"; + btrbk = { + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; - snapshot_preserve = "2m 2w 5d 5h"; - snapshot_preserve_min = "latest"; - - volume = { - "/mnt/snapshots/root" = { - snapshot_create = "always"; - subvolume = { - "@home" = {}; - }; - }; - }; - }; + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@home" = {}; + }; }; -# bak = { -# onCalendar = "daily"; -# settings = { -# stream_buffer = "256m"; -# stream_compress = "lz4"; -# incremental = "yes"; -# snapshot_create = "no"; -# snapshot_dir = "@snapshots"; -# timestamp_format = "long"; -# -# snapshot_preserve_min = "all"; -# target_preserve_min = "no"; -# target_preserve = "2m 4w 3d"; -# -# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; -# ssh_user = "btrbk"; -# -# volume = { -# "/mnt/snapshots/root" = { -# subvolume = { -# "@home" = {}; -# }; -# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck"; -# }; -# }; -# }; -# }; + }; }; + }; + # bak = { + # onCalendar = "daily"; + # settings = { + # stream_buffer = "256m"; + # stream_compress = "lz4"; + # incremental = "yes"; + # snapshot_create = "no"; + # snapshot_dir = "@snapshots"; + # timestamp_format = "long"; + # + # snapshot_preserve_min = "all"; + # target_preserve_min = "no"; + # target_preserve = "2m 4w 3d"; + # + # ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas"; + # ssh_user = "btrbk"; + # + # volume = { + # "/mnt/snapshots/root" = { + # subvolume = { + # "@home" = {}; + # }; + # target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck"; + # }; + # }; + # }; + # }; }; + }; }; -# -# systemd.timers = { -# btrbk-bak = { -# requires = [ "network-online.target" ]; -# }; -# }; + # + # systemd.timers = { + # btrbk-bak = { + # requires = [ "network-online.target" ]; + # }; + # }; - fileSystems."/" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/NIXBOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; - fileSystems."/home" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; + }; - fileSystems."/nix" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; + }; - fileSystems."/srv" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; - }; + fileSystems."/srv" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; + }; - fileSystems."/swap" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; - }; + fileSystems."/swap" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; + }; - fileSystems."/opt" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ]; - }; + fileSystems."/opt" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; + }; - fileSystems."/mnt/snapshots/root" = - { device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; - }; + fileSystems."/mnt/snapshots/root" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; + }; -# fileSystems."/sdcard" = -# { device = "/dev/disk/by-label/sdcard"; -# fsType = "ext4"; -# options = [ "nofail,noauto,users,x-systemd.automount" ]; -# }; + # fileSystems."/sdcard" = + # { device = "/dev/disk/by-label/sdcard"; + # fsType = "ext4"; + # options = [ "nofail,noauto,users,x-systemd.automount" ]; + # }; - fileSystems."/mnt/Pluto" = - { device = "jupiter:/Pluto"; - fsType = "nfs"; - options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Pluto" = { + device = "jupiter:/Pluto"; + fsType = "nfs"; + options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - fileSystems."/mnt/Mars" = - { device = "jupiter:/Mars"; - fsType = "nfs"; - options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; - }; + fileSystems."/mnt/Mars" = { + device = "jupiter:/Mars"; + fsType = "nfs"; + options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; + }; - - swapDevices = [ { device = "/swap/swapfile"; } ]; - + swapDevices = [{device = "/swap/swapfile";}]; networking = { - useDHCP = false; # Deprecated + useDHCP = false; # Deprecated hostName = "steamdeck"; wireless.iwd.enable = true; networkmanager = { @@ -191,22 +193,22 @@ powersave = false; }; }; -# interfaces = { -# wlan0 = { -# useDHCP = true; # For versatility sake, manually edit IP on nm-applet. -# #ipv4.addresses = [ { -# # address = "192.168.0.51"; -# # prefixLength = 24; -# #} ]; -# }; -# }; + # interfaces = { + # wlan0 = { + # useDHCP = true; # For versatility sake, manually edit IP on nm-applet. + # #ipv4.addresses = [ { + # # address = "192.168.0.51"; + # # prefixLength = 24; + # #} ]; + # }; + # }; #defaultGateway = "192.168.0.1"; #nameservers = [ "192.168.0.4" ]; firewall = { checkReversePath = "loose"; enable = true; - allowedUDPPorts = [ 24727 ]; - allowedTCPPorts = [ 24727 ]; + allowedUDPPorts = [24727]; + allowedTCPPorts = [24727]; }; }; diff --git a/hosts/steamdeck/home.nix b/hosts/steamdeck/home.nix index 371896d..5ed6e3c 100644 --- a/hosts/steamdeck/home.nix +++ b/hosts/steamdeck/home.nix @@ -1,19 +1,16 @@ # # Home-manager configuration for steamdeck # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { specialisation = { sway.configuration = { - imports = [ (import ../../modules/wm/sway/home.nix) ]; + imports = [(import ../../modules/wm/sway/home.nix)]; }; }; imports = - [ (import ../../modules/home.nix) ] ++ - [ (import ../../modules/wm/steam/home.nix) ]; + [(import ../../modules/home.nix)] + ++ [(import ../../modules/wm/steam/home.nix)]; home = { packages = with pkgs; [ diff --git a/hosts/vm/hardware-configuration.nix b/hosts/vm/hardware-configuration.nix index 0c6c110..13ede6f 100644 --- a/hosts/vm/hardware-configuration.nix +++ b/hosts/vm/hardware-configuration.nix @@ -1,36 +1,40 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "btrfs"; - options = [ "compress=zstd,space_cache=v2,ssd,noatime" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "btrfs"; + options = ["compress=zstd,space_cache=v2,ssd,noatime"]; + }; -# fileSystems."/home" = -# { device = "/dev/disk/by-label/root"; -# fsType = "btrfs"; -# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ]; -# }; + # fileSystems."/home" = + # { device = "/dev/disk/by-label/root"; + # fsType = "btrfs"; + # options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ]; + # }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index 47ca5b8..cc11a53 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -28,29 +28,31 @@ # # myDesktop.extraSystemPackages = with pkgs; [ some-tool ]; # - -{ config, lib, pkgs, inputs, user, ... }: - -let - cfg = config.myDesktop; -in { + config, + lib, + pkgs, + inputs, + user, + ... +}: let + cfg = config.myDesktop; +in { # Hardware modules that are always useful on desktops (bluetooth, …) - imports = (import ../hardware); + imports = import ../hardware; # ── Options ────────────────────────────────────────────────────────────── options.myDesktop = with lib; { - windowManager = mkOption { - type = types.enum [ "niri" "sway" "kde" ]; - default = "niri"; + type = types.enum ["niri" "sway" "kde"]; + default = "niri"; description = "Window manager / desktop environment for this host."; }; cpu = mkOption { - type = types.enum [ "amd" "intel" "none" ]; - default = "none"; + type = types.enum ["amd" "intel" "none"]; + default = "none"; description = "CPU type — selects the matching KVM kernel parameters."; }; @@ -58,42 +60,44 @@ in mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)"; syncthing = { - enable = mkEnableOption "syncthing continuous file synchronisation"; + enable = mkEnableOption "syncthing continuous file synchronisation"; devices = mkOption { - type = types.attrs; + type = types.attrs; default = {}; - example = literalExpression + example = + literalExpression ''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }''; description = "Syncthing peer devices."; }; folders = mkOption { - type = types.attrs; + type = types.attrs; default = {}; - example = literalExpression + example = + literalExpression ''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }''; description = "Syncthing shared folders."; }; }; openrgb = { - enable = mkEnableOption "OpenRGB RGB motherboard control"; + enable = mkEnableOption "OpenRGB RGB motherboard control"; motherboard = mkOption { - type = types.str; - default = "amd"; + type = types.str; + default = "amd"; description = "Motherboard vendor string passed to OpenRGB (amd or intel)."; }; }; laptop = { - enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)"; - lidSwitch = mkOption { - type = types.str; - default = "suspend-then-hibernate"; + enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)"; + lidSwitch = mkOption { + type = types.str; + default = "suspend-then-hibernate"; description = "systemd-logind action on lid close."; }; - hibernateDelaySec = mkOption { - type = types.str; - default = "1h"; + hibernateDelaySec = mkOption { + type = types.str; + default = "1h"; description = "Delay before transitioning from suspend to hibernate."; }; }; @@ -101,20 +105,20 @@ in nitrokey.enable = mkEnableOption "Nitrokey hardware security key support"; niri.hotkeyVariant = mkOption { - type = types.enum [ "default" "lifebook" ]; - default = "default"; + type = types.enum ["default" "lifebook"]; + default = "default"; description = "Niri hotkey variant to deploy — selects binds/.kdl."; }; git.signingKey = mkOption { - type = types.str; - default = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; + type = types.str; + default = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; description = "SSH key used for git commit signing on this host."; }; extraSystemPackages = mkOption { - type = types.listOf types.package; - default = []; + type = types.listOf types.package; + default = []; description = "Additional system packages specific to this host."; }; }; @@ -122,15 +126,23 @@ in # ── Configuration ──────────────────────────────────────────────────────── config = lib.mkMerge [ - # ── Base desktop config (replaces configuration_desktop.nix) ─────────── { users.users.${user} = { isNormalUser = true; - uid = 2000; - extraGroups = [ - "wheel" "video" "audio" "camera" "networkmanager" - "lp" "kvm" "libvirtd" "adb" "dialout" "tss" + uid = 2000; + extraGroups = [ + "wheel" + "video" + "audio" + "camera" + "networkmanager" + "lp" + "kvm" + "libvirtd" + "adb" + "dialout" + "tss" ]; }; @@ -138,7 +150,7 @@ in pam.services.login.enableGnomeKeyring = true; # swaylock PAM is harmless on non-sway WMs pam.services.swaylock = {}; - rtkit.enable = true; + rtkit.enable = true; }; environment.systemPackages = with pkgs; @@ -157,37 +169,37 @@ in ausweisapp e2fsprogs orca-slicer - ] + ] ++ cfg.extraSystemPackages; - nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ]; + nixpkgs.config.permittedInsecurePackages = ["mbedtls-2.28.10"]; services = { pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; + enable = true; + alsa.enable = true; + pulse.enable = true; wireplumber.enable = true; }; - pcscd.enable = true; + pcscd.enable = true; yubikey-agent.enable = true; - udev.packages = with pkgs; [ yubikey-personalization nitrokey-udev-rules ]; - flatpak.enable = true; - gvfs.enable = true; - fwupd.enable = true; - blueman.enable = true; + udev.packages = with pkgs; [yubikey-personalization nitrokey-udev-rules]; + flatpak.enable = true; + gvfs.enable = true; + fwupd.enable = true; + blueman.enable = true; avahi = { - enable = true; - nssmdns4 = true; - publish = { - enable = true; - addresses = true; + enable = true; + nssmdns4 = true; + publish = { + enable = true; + addresses = true; userServices = true; }; }; }; - programs.dconf.enable = true; + programs.dconf.enable = true; system.autoUpgrade.enable = false; home-manager.users.${user}.programs.git.signing.key = @@ -226,20 +238,18 @@ in services = { iio-niri.enable = false; greetd = { - enable = true; - useTextGreeter = true; - settings.default_session.command = - "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session"; + enable = true; + useTextGreeter = true; + settings.default_session.command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session"; }; - tuned.enable = true; + tuned.enable = true; upower.enable = true; }; programs = { - niri.enable = true; - ssh.enableAskPassword = true; - ssh.askPassword = - "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; + niri.enable = true; + ssh.enableAskPassword = true; + ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; }; # Noctalia shell + niri home config via home-manager @@ -253,7 +263,7 @@ in ../wm/niri/binds/${cfg.niri.hotkeyVariant}.kdl; services = { - mako.enable = true; + mako.enable = true; polkit-gnome.enable = true; }; @@ -261,37 +271,60 @@ in fuzzel.enable = true; noctalia-shell = { - enable = true; + enable = true; settings = { appLauncher.terminalCommand = "alacritty -e"; bar = { - density = "compact"; - position = "top"; + density = "compact"; + position = "top"; showCapsule = false; widgets = { left = [ - { id = "ControlCenter"; useDistroLogo = true; } - { hideUnoccupied = false; id = "Workspace"; - labelMode = "index"; showApplications = true; } - { id = "ActiveWindow"; } + { + id = "ControlCenter"; + useDistroLogo = true; + } + { + hideUnoccupied = false; + id = "Workspace"; + labelMode = "index"; + showApplications = true; + } + {id = "ActiveWindow";} ]; center = [ - { formatHorizontal = "HH:mm\\ndd-MM-yy"; - formatVertical = "HH mm"; - id = "Clock"; - useMonospacedFont = true; - usePrimaryColor = true; } + { + formatHorizontal = "HH:mm\\ndd-MM-yy"; + formatVertical = "HH mm"; + id = "Clock"; + useMonospacedFont = true; + usePrimaryColor = true; + } ]; right = [ - { id = "MediaMini"; } - { id = "SystemMonitor"; showNetworkStats = true; compactMode = false; } - { id = "WiFi"; } - { id = "Bluetooth"; } - { id = "Battery"; displayMode = "icon-always"; hideIfNotDetected = true; } - { id = "Volume"; displayMode = "alwaysShow"; } - { id = "NotificationHistory"; hideWhenZero = true; } - { id = "Tray"; } + {id = "MediaMini";} + { + id = "SystemMonitor"; + showNetworkStats = true; + compactMode = false; + } + {id = "WiFi";} + {id = "Bluetooth";} + { + id = "Battery"; + displayMode = "icon-always"; + hideIfNotDetected = true; + } + { + id = "Volume"; + displayMode = "alwaysShow"; + } + { + id = "NotificationHistory"; + hideWhenZero = true; + } + {id = "Tray";} ]; }; }; @@ -299,22 +332,22 @@ in colorSchemes.predefinedScheme = "Catppuccin"; general = { - avatarImage = "/home/${user}/.face"; - radiusRatio = 0.2; - lockOnSusepnd = true; + avatarImage = "/home/${user}/.face"; + radiusRatio = 0.2; + lockOnSusepnd = true; }; location = { - monthBeforeDay = true; - name = "Munich, Germany"; + monthBeforeDay = true; + name = "Munich, Germany"; showWeekNumberInCalendar = true; - firstDayOfWeek = 0; + firstDayOfWeek = 0; }; wallpaper = { - enabled = true; + enabled = true; overviewEnabled = false; - directory = "/home/${user}/.setup/modules/themes/"; + directory = "/home/${user}/.setup/modules/themes/"; }; brightness = { @@ -323,26 +356,26 @@ in }; controlCenter.shortcuts.left = [ - { id = "WiFi"; } - { id = "Bluetooth"; } - { id = "ScreenRecorder"; } - { id = "PowerProfile"; } - { id = "KeepAwake"; } + {id = "WiFi";} + {id = "Bluetooth";} + {id = "ScreenRecorder";} + {id = "PowerProfile";} + {id = "KeepAwake";} ]; - dock.enabled = false; + dock.enabled = false; sessionMenu.enableCountdown = false; templates = { - fuzzel = true; + fuzzel = true; alacritty = true; - qt = true; - gtk = true; - discord = true; - code = true; + qt = true; + gtk = true; + discord = true; + code = true; telegram = true; - niri = true; - firefox = true; + niri = true; + firefox = true; }; }; }; @@ -379,7 +412,7 @@ in programs = { sway = { - enable = true; + enable = true; extraSessionCommands = '' export MOZ_ENABLE_WAYLAND="1" export MOZ_WEBRENDER="1" @@ -390,19 +423,18 @@ in ''; }; ssh.enableAskPassword = true; - ssh.askPassword = - "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; + ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; }; xdg.portal = { - enable = true; - wlr.enable = true; - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + enable = true; + wlr.enable = true; + extraPortals = [pkgs.xdg-desktop-portal-gtk]; }; home-manager.users.${user}.imports = [ ../wm/sway/home.nix - ../wm/waybar.nix # sway uses waybar for the bar + ../wm/waybar.nix # sway uses waybar for the bar ]; }) @@ -417,36 +449,36 @@ in programs.ssh = { enableAskPassword = true; - askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass"; + askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass"; }; services = { - packagekit.enable = true; - desktopManager.plasma6.enable = true; - udev.packages = with pkgs; [ gnome-settings-daemon ]; + packagekit.enable = true; + desktopManager.plasma6.enable = true; + udev.packages = with pkgs; [gnome-settings-daemon]; }; qt.platformTheme = "kde"; - home-manager.users.${user}.imports = [ ../wm/kde/home.nix ]; + home-manager.users.${user}.imports = [../wm/kde/home.nix]; }) # ── Virtualisation (podman/docker-compat + qemu/libvirt) ─────────────── (lib.mkIf cfg.virtualisation.enable { users.groups = { - docker.members = [ user ]; - libvirtd.members = [ "root" user ]; + docker.members = [user]; + libvirtd.members = ["root" user]; }; virtualisation = { podman = { - enable = true; + enable = true; autoPrune.enable = true; - dockerCompat = true; + dockerCompat = true; }; libvirtd = { - enable = true; - onShutdown = "shutdown"; + enable = true; + onShutdown = "shutdown"; qemu.runAsRoot = false; }; spiceUSBRedirection.enable = true; @@ -482,13 +514,13 @@ in # ── Syncthing ────────────────────────────────────────────────────────── (lib.mkIf cfg.syncthing.enable { services.syncthing = { - enable = true; - group = "users"; - user = user; - dataDir = "/home/${user}/Sync"; - configDir = "/home/${user}/.config/syncthing"; - overrideDevices = true; - overrideFolders = true; + enable = true; + group = "users"; + user = user; + dataDir = "/home/${user}/Sync"; + configDir = "/home/${user}/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; openDefaultPorts = true; settings = { devices = cfg.syncthing.devices; @@ -500,15 +532,14 @@ in # ── OpenRGB ──────────────────────────────────────────────────────────── (lib.mkIf cfg.openrgb.enable { services.hardware.openrgb = { - enable = true; + enable = true; motherboard = cfg.openrgb.motherboard; }; }) # ── Laptop ───────────────────────────────────────────────────────────── (lib.mkIf cfg.laptop.enable { - systemd.sleep.extraConfig = - "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}"; + systemd.sleep.extraConfig = "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}"; services.logind.settings.Login.HandleLidSwitch = cfg.laptop.lidSwitch; }) @@ -517,6 +548,5 @@ in (lib.mkIf cfg.nitrokey.enable { hardware.nitrokey.enable = true; }) - ]; } diff --git a/modules/editors/default.nix b/modules/editors/default.nix index b3ba59d..89995b4 100644 --- a/modules/editors/default.nix +++ b/modules/editors/default.nix @@ -9,7 +9,6 @@ # └─ default.nix * # └─ ... # - [ ./nvim ] diff --git a/modules/editors/nvim/config/default.nix b/modules/editors/nvim/config/default.nix index 99e52af..8eff256 100644 --- a/modules/editors/nvim/config/default.nix +++ b/modules/editors/nvim/config/default.nix @@ -1,16 +1,15 @@ -{ nvim, ... }: -{ +{nvim, ...}: { # Import all your configuration modules here programs.nixvim = { - enable = true; - colorschemes.gruvbox.enable = true; + enable = true; + colorschemes.gruvbox.enable = true; - imports = [ - ./bufferline.nix - ./plugins.nix - ./options.nix - ./keymaps.nix - ./highlight.nix - ]; + imports = [ + ./bufferline.nix + ./plugins.nix + ./options.nix + ./keymaps.nix + ./highlight.nix + ]; }; } diff --git a/modules/editors/nvim/config/options.nix b/modules/editors/nvim/config/options.nix index cdfab64..f69a9b5 100644 --- a/modules/editors/nvim/config/options.nix +++ b/modules/editors/nvim/config/options.nix @@ -1,14 +1,14 @@ { - config = { - globals.mapleader = " "; - viAlias = true; - vimAlias = true; + config = { + globals.mapleader = " "; + viAlias = true; + vimAlias = true; - opts = { - number = true; # Show line numbers - relativenumber = true; # Show relative line numbers + opts = { + number = true; # Show line numbers + relativenumber = true; # Show relative line numbers - shiftwidth = 2; # Tab width should be 2 - }; + shiftwidth = 2; # Tab width should be 2 }; + }; } diff --git a/modules/editors/nvim/config/plugins.nix b/modules/editors/nvim/config/plugins.nix index d075bdf..e1d1f47 100644 --- a/modules/editors/nvim/config/plugins.nix +++ b/modules/editors/nvim/config/plugins.nix @@ -1,51 +1,51 @@ { - plugins = { - lualine.enable = true; + plugins = { + lualine.enable = true; - cmp = { - enable = true; - autoEnableSources = true; - settings = { - sources = [ - {name = "nvim_lsp";} - {name = "path";} - {name = "buffer";} - {name = "luasnip";} - ]; + cmp = { + enable = true; + autoEnableSources = true; + settings = { + sources = [ + {name = "nvim_lsp";} + {name = "path";} + {name = "buffer";} + {name = "luasnip";} + ]; - mapping = { - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = "cmp.mapping.complete()"; - "" = "cmp.mapping.close()"; - "" = "cmp.mapping.confirm({ select = true })"; - "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; - "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; - }; - }; + mapping = { + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = "cmp.mapping.complete()"; + "" = "cmp.mapping.close()"; + "" = "cmp.mapping.confirm({ select = true })"; + "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; + "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; }; - - lsp = { - enable = true; - - servers = { - tsserver.enable = true; - - lua-ls = { - enable = true; - settings.telemetry.enable = false; - }; -# rust-analyzer = { -# enable = true; -# installCargo = true; -# }; - }; - }; - - telescope.enable = true; - - treesitter.enable = true; - - luasnip.enable = true; + }; }; + + lsp = { + enable = true; + + servers = { + tsserver.enable = true; + + lua-ls = { + enable = true; + settings.telemetry.enable = false; + }; + # rust-analyzer = { + # enable = true; + # installCargo = true; + # }; + }; + }; + + telescope.enable = true; + + treesitter.enable = true; + + luasnip.enable = true; + }; } diff --git a/modules/editors/nvim/default.nix b/modules/editors/nvim/default.nix index dcf89e1..e94bb09 100644 --- a/modules/editors/nvim/default.nix +++ b/modules/editors/nvim/default.nix @@ -1,13 +1,9 @@ # # Neovim # - -{ pkgs, ... }: - -{ - +{pkgs, ...}: { home = { - packages = [ pkgs.gnvim ]; + packages = [pkgs.gnvim]; }; programs = { @@ -20,145 +16,144 @@ withRuby = true; withPython3 = true; -# plugins = with pkgs.vimPlugins; [ -# -# # Syntax -# #vim-nix -# #vim-markdown -# -# # Quality of life -# vim-lastplace # Opens document where you left it -# auto-pairs # Print double quotes/brackets/etc. -# vim-gitgutter # See uncommitted changes of file :GitGutterEnable -# -# # File Tree -# nerdtree # File Manager - set in extraConfig to F6 -# -# # Customization -# wombat256-vim # Color scheme for lightline -# srcery-vim # Color scheme for text -# -# lightline-vim # Info bar at bottom -# indent-blankline-nvim # Indentation lines -# -# # Syntax -# nvim-treesitter.withAllGrammars -# # finder -# telescope-nvim -# # completion -# nvim-cmp -# # status line -# lualine-nvim -# # indent -# indent-blankline-nvim -# ]; + # plugins = with pkgs.vimPlugins; [ + # + # # Syntax + # #vim-nix + # #vim-markdown + # + # # Quality of life + # vim-lastplace # Opens document where you left it + # auto-pairs # Print double quotes/brackets/etc. + # vim-gitgutter # See uncommitted changes of file :GitGutterEnable + # + # # File Tree + # nerdtree # File Manager - set in extraConfig to F6 + # + # # Customization + # wombat256-vim # Color scheme for lightline + # srcery-vim # Color scheme for text + # + # lightline-vim # Info bar at bottom + # indent-blankline-nvim # Indentation lines + # + # # Syntax + # nvim-treesitter.withAllGrammars + # # finder + # telescope-nvim + # # completion + # nvim-cmp + # # status line + # lualine-nvim + # # indent + # indent-blankline-nvim + # ]; -# extraPackages = with pkgs; [ -# ripgrep -# fd -# nodejs -# nodePackages.npm -# ]; + # extraPackages = with pkgs; [ + # ripgrep + # fd + # nodejs + # nodePackages.npm + # ]; -# extraConfig = '' -# set expandtab -# set shiftwidth=4 -# set tabstop=4 -# ''; + # extraConfig = '' + # set expandtab + # set shiftwidth=4 + # set tabstop=4 + # ''; -# extraLuaConfig = '' -# vim.g.mapleader = ' ' -# vim.g.maplocalleader = ' ' -# -# -- Set highlight on search -# vim.o.hlsearch = false -# -# -- Make line numbers default -# vim.wo.number = true -# -# -- Enable mouse mode -# vim.o.mouse = 'a' -# -# -- Sync clipboard between OS and Neovim. -# -- Remove this option if you want your OS clipboard to remain independent. -# -- See `:help 'clipboard'` -# vim.o.clipboard = 'unnamedplus' -# -# -- Enable break indent -# vim.o.breakindent = true -# -# -- Save undo history -# vim.o.undofile = true -# -# -- Case insensitive searching UNLESS /C or capital in search -# vim.o.ignorecase = true -# vim.o.smartcase = true -# -# -- Keep signcolumn on by default -# vim.wo.signcolumn = 'yes' -# -# -- Decrease update time -# vim.o.updatetime = 250 -# vim.o.timeout = true -# vim.o.timeoutlen = 300 -# -# -- Set completeopt to have a better completion experience -# vim.o.completeopt = 'menuone,noselect' -# -# -- NOTE: You should make sure your terminal supports this -# vim.o.termguicolors = true -# -# -- [[ Highlight on yank ]] -# -- See `:help vim.highlight.on_yank()` -# local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true }) -# vim.api.nvim_create_autocmd('TextYankPost', { -# callback = function() -# vim.highlight.on_yank() -# end, -# group = highlight_group, -# pattern = '*', -# }) -# -# -- [[ Configure Telescope ]] -# -- See `:help telescope` and `:help telescope.setup()` -# require('telescope').setup { -# defaults = { -# mappings = { -# i = { -# [''] = false, -# [''] = false, -# }, -# }, -# }, -# } -# -# -- Enable telescope fzf native, if installed -# pcall(require('telescope').load_extension, 'fzf') -# -# -- See `:help telescope.builtin` -# vim.keymap.set('n', '?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' }) -# vim.keymap.set('n', '', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' }) -# vim.keymap.set('n', '/', function() -# -- You can pass additional configuration to telescope to change theme, layout, etc. -# require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown { -# winblend = 10, -# previewer = false, -# }) -# end, { desc = '[/] Fuzzily search in current buffer' }) -# -# vim.keymap.set('n', 'gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' }) -# vim.keymap.set('n', 'sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' }) -# vim.keymap.set('n', 'sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' }) -# vim.keymap.set('n', 'sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' }) -# vim.keymap.set('n', 'sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' }) -# vim.keymap.set('n', 'sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' }) -# require("indent_blankline").setup { -# -- for example, context is off by default, use this to turn it on -# show_current_context = true, -# show_current_context_start = true, -# } -# ''; + # extraLuaConfig = '' + # vim.g.mapleader = ' ' + # vim.g.maplocalleader = ' ' + # + # -- Set highlight on search + # vim.o.hlsearch = false + # + # -- Make line numbers default + # vim.wo.number = true + # + # -- Enable mouse mode + # vim.o.mouse = 'a' + # + # -- Sync clipboard between OS and Neovim. + # -- Remove this option if you want your OS clipboard to remain independent. + # -- See `:help 'clipboard'` + # vim.o.clipboard = 'unnamedplus' + # + # -- Enable break indent + # vim.o.breakindent = true + # + # -- Save undo history + # vim.o.undofile = true + # + # -- Case insensitive searching UNLESS /C or capital in search + # vim.o.ignorecase = true + # vim.o.smartcase = true + # + # -- Keep signcolumn on by default + # vim.wo.signcolumn = 'yes' + # + # -- Decrease update time + # vim.o.updatetime = 250 + # vim.o.timeout = true + # vim.o.timeoutlen = 300 + # + # -- Set completeopt to have a better completion experience + # vim.o.completeopt = 'menuone,noselect' + # + # -- NOTE: You should make sure your terminal supports this + # vim.o.termguicolors = true + # + # -- [[ Highlight on yank ]] + # -- See `:help vim.highlight.on_yank()` + # local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true }) + # vim.api.nvim_create_autocmd('TextYankPost', { + # callback = function() + # vim.highlight.on_yank() + # end, + # group = highlight_group, + # pattern = '*', + # }) + # + # -- [[ Configure Telescope ]] + # -- See `:help telescope` and `:help telescope.setup()` + # require('telescope').setup { + # defaults = { + # mappings = { + # i = { + # [''] = false, + # [''] = false, + # }, + # }, + # }, + # } + # + # -- Enable telescope fzf native, if installed + # pcall(require('telescope').load_extension, 'fzf') + # + # -- See `:help telescope.builtin` + # vim.keymap.set('n', '?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' }) + # vim.keymap.set('n', '', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' }) + # vim.keymap.set('n', '/', function() + # -- You can pass additional configuration to telescope to change theme, layout, etc. + # require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown { + # winblend = 10, + # previewer = false, + # }) + # end, { desc = '[/] Fuzzily search in current buffer' }) + # + # vim.keymap.set('n', 'gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' }) + # vim.keymap.set('n', 'sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' }) + # vim.keymap.set('n', 'sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' }) + # vim.keymap.set('n', 'sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' }) + # vim.keymap.set('n', 'sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' }) + # vim.keymap.set('n', 'sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' }) + # require("indent_blankline").setup { + # -- for example, context is off by default, use this to turn it on + # show_current_context = true, + # show_current_context_start = true, + # } + # ''; }; }; } - diff --git a/modules/hardware/backup.nix b/modules/hardware/backup.nix index 434b7ee..5f68176 100644 --- a/modules/hardware/backup.nix +++ b/modules/hardware/backup.nix @@ -1,17 +1,18 @@ - - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.btrbk = { sshAccess = [ { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq"; - roles = [ "source" "info" "send" ]; + roles = ["source" "info" "send"]; } { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG"; - roles = [ "target" "info" "receive" "delete" ]; + roles = ["target" "info" "receive" "delete"]; } ]; }; diff --git a/modules/hardware/bluetooth.nix b/modules/hardware/bluetooth.nix index a1f70d2..1b74c79 100644 --- a/modules/hardware/bluetooth.nix +++ b/modules/hardware/bluetooth.nix @@ -1,13 +1,10 @@ # # Bluetooth # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { hardware.bluetooth = { enable = true; - hsphfpd.enable = false; # HSP & HFP daemon + hsphfpd.enable = false; # HSP & HFP daemon settings = { General = { Enable = "Source,Sink,Media,Socket"; diff --git a/modules/hardware/hydraCache.nix b/modules/hardware/hydraCache.nix index 4b9e21c..de37cd0 100644 --- a/modules/hardware/hydraCache.nix +++ b/modules/hardware/hydraCache.nix @@ -1,12 +1,14 @@ - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { nix = { settings = { extra-trusted-public-keys = [ "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII=" - "steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc=" + "steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc=" ]; extra-substituters = [ "https://cache.home.opel-online.de" @@ -15,5 +17,4 @@ ]; }; }; - } diff --git a/modules/hardware/remoteBuilder.nix b/modules/hardware/remoteBuilder.nix index 29c1f48..87cdcda 100644 --- a/modules/hardware/remoteBuilder.nix +++ b/modules/hardware/remoteBuilder.nix @@ -1,10 +1,13 @@ -{ pkgs, config, ... }: - { - users.users.nixremote = { # System User + pkgs, + config, + ... +}: { + users.users.nixremote = { + # System User isSystemUser = true; group = "nixremote"; - extraGroups = [ "kvm" ]; + extraGroups = ["kvm"]; uid = 1001; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" diff --git a/modules/hardware/remoteClient.nix b/modules/hardware/remoteClient.nix index c2ec457..0b301cd 100644 --- a/modules/hardware/remoteClient.nix +++ b/modules/hardware/remoteClient.nix @@ -1,20 +1,24 @@ - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { nix = { distributedBuilds = false; - buildMachines = [ { - hostName = "hades"; - system = "x86_64-linux"; - supportedFeatures = [ "kvm" "big-parallel" ]; - sshUser = "nixremote"; - sshKey = config.age.secrets."keys/nixremote".path; - maxJobs = 1; - speedFactor = 4; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; - protocol = "ssh-ng"; - } ]; + buildMachines = [ + { + hostName = "hades"; + system = "x86_64-linux"; + supportedFeatures = ["kvm" "big-parallel"]; + sshUser = "nixremote"; + sshKey = config.age.secrets."keys/nixremote".path; + maxJobs = 1; + speedFactor = 4; + publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; + protocol = "ssh-ng"; + } + ]; settings = { extra-trusted-public-keys = [ "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII=" @@ -24,7 +28,7 @@ ]; }; }; - + age.secrets."keys/nixremote" = { file = ../../secrets/keys/nixremote.age; owner = "root"; diff --git a/modules/home.nix b/modules/home.nix index f447d74..f2486f0 100644 --- a/modules/home.nix +++ b/modules/home.nix @@ -1,31 +1,75 @@ -{ lib, options, ... }: - { + lib, + options, + ... +}: { options = with lib; { cmds = { - shell = mkOption { type = types.str; default = "zsh"; }; - fetch = mkOption { type = types.str; default = "hyfetch"; }; - editor = mkOption { type = types.str; default = "nvim"; }; + shell = mkOption { + type = types.str; + default = "zsh"; + }; + fetch = mkOption { + type = types.str; + default = "hyfetch"; + }; + editor = mkOption { + type = types.str; + default = "nvim"; + }; - wm = mkOption { type = types.str; default = "sway"; }; + wm = mkOption { + type = types.str; + default = "sway"; + }; - terminal = mkOption { type = types.str; default = "alacritty"; }; - menu = mkOption { type = types.str; default = "rofi -show drun -show-icons"; }; + terminal = mkOption { + type = types.str; + default = "alacritty"; + }; + menu = mkOption { + type = types.str; + default = "rofi -show drun -show-icons"; + }; - lock = mkOption { type = types.str; default = "locksway"; }; + lock = mkOption { + type = types.str; + default = "locksway"; + }; notifications = { - volume = mkOption { type = types.str; default = "volume-notify"; }; - brightness = mkOption { type = types.str; default = "brightness-notify"; }; + volume = mkOption { + type = types.str; + default = "volume-notify"; + }; + brightness = mkOption { + type = types.str; + default = "brightness-notify"; + }; }; }; - is-wayland = mkOption { type = types.bool; default = true; }; - + is-wayland = mkOption { + type = types.bool; + default = true; + }; + theme = { - theme = mkOption { type = types.str; default = "catppuccin-mocha"; }; - icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; }; - font = mkOption { type = types.str; default = "Cascadia Code 11"; }; - wallpaper = mkOption { type = types.str; default = ""; }; + theme = mkOption { + type = types.str; + default = "catppuccin-mocha"; + }; + icon-theme = mkOption { + type = types.str; + default = "Papirus-Dark"; + }; + font = mkOption { + type = types.str; + default = "Cascadia Code 11"; + }; + wallpaper = mkOption { + type = types.str; + default = ""; + }; }; }; } diff --git a/modules/kabbone/corosync-qdevice.nix b/modules/kabbone/corosync-qdevice.nix index 1cd32b9..bc42b8a 100644 --- a/modules/kabbone/corosync-qdevice.nix +++ b/modules/kabbone/corosync-qdevice.nix @@ -4,20 +4,18 @@ pkgs, pkgs-kabbone, ... -}: -let +}: let cfg = config.services.corosync-qnetd; dataDir = "/var/run/corosync-qnetd"; -in -{ +in { # interface options.services.corosync-qnetd = { enable = lib.mkEnableOption "corosync-qnetd"; - package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" { }; + package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" {}; extraOptions = lib.mkOption { type = with lib.types; listOf str; - default = [ ]; + default = []; description = "Additional options with which to start corosync-qnetd."; }; }; @@ -26,7 +24,7 @@ in # implementation config = lib.mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; + environment.systemPackages = [cfg.package]; users.users.coroqnetd = { isSystemUser = true; @@ -35,23 +33,22 @@ in description = "Corosync-qnetd Service User"; }; - users.groups.coroqnetd = { }; + users.groups.coroqnetd = {}; - # environment.etc."corosync/corosync-qnetd.conf".text = '' - # totem { - # version: 2 - # secauth: on - # cluster_name: ${cfg.clusterName} - # transport: knet - # } + # environment.etc."corosync/corosync-qnetd.conf".text = '' + # totem { + # version: 2 + # secauth: on + # cluster_name: ${cfg.clusterName} + # transport: knet + # } + # logging { + # to_syslog: yes + # } + # ''; - # logging { - # to_syslog: yes - # } - # ''; - - systemd.packages = [ cfg.package ]; + systemd.packages = [cfg.package]; systemd.services.corosync-qnetd = { serviceConfig = { User = "coroqnetd"; @@ -60,7 +57,7 @@ in }; }; - environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != [ ]) '' + environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != []) '' COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}" ''; }; diff --git a/modules/kabbone/mautrix-whatsapp.nix b/modules/kabbone/mautrix-whatsapp.nix index 446d89a..1be50a5 100644 --- a/modules/kabbone/mautrix-whatsapp.nix +++ b/modules/kabbone/mautrix-whatsapp.nix @@ -3,14 +3,13 @@ config, pkgs, ... -}: -let +}: let cfg = config.services.kabbone_mautrix-whatsapp; dataDir = "/var/lib/mautrix-whatsapp"; registrationFile = "${dataDir}/whatsapp-registration.yaml"; settingsFile = "${dataDir}/config.yaml"; settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings; - settingsFormat = pkgs.formats.json { }; + settingsFormat = pkgs.formats.json {}; appservicePort = 29318; # to be used with a list of lib.mkIf values @@ -47,8 +46,8 @@ let username_template = "whatsapp_{{.}}"; }; double_puppet = { - servers = { }; - secrets = { }; + servers = {}; + secrets = {}; }; # By default, the following keys/secrets are set to `generate`. This would break when the service # is restarted, since the previously generated configuration will be overwritten everytime. @@ -66,13 +65,11 @@ let }; }; }; - -in -{ +in { options.services.kabbone_mautrix-whatsapp = { enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge"; - package = lib.mkPackageOption pkgs "mautrix-whatsapp" { }; + package = lib.mkPackageOption pkgs "mautrix-whatsapp" {}; settings = lib.mkOption { apply = lib.recursiveUpdate defaultConfig; @@ -159,7 +156,6 @@ in }; config = lib.mkIf cfg.enable { - users.users.mautrix-whatsapp = { isSystemUser = true; group = "mautrix-whatsapp"; @@ -167,19 +163,18 @@ in description = "Mautrix-Whatsapp bridge user"; }; - users.groups.mautrix-whatsapp = { }; + users.groups.mautrix-whatsapp = {}; services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - settings.app_service_config_files = [ registrationFile ]; + settings.app_service_config_files = [registrationFile]; }; systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { - serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ]; + serviceConfig.SupplementaryGroups = ["mautrix-whatsapp"]; }; # Note: this is defined here to avoid the docs depending on `config` services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf ( - with config.services; - [ + with config.services; [ (lib.mkIf matrix-synapse.enable (mkDefaults { domain = matrix-synapse.settings.server_name; })) @@ -193,11 +188,11 @@ in systemd.services.kabbone_mautrix-whatsapp = { description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge."; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ] ++ cfg.serviceDependencies; - after = [ "network-online.target" ] ++ cfg.serviceDependencies; + wantedBy = ["multi-user.target"]; + wants = ["network-online.target"] ++ cfg.serviceDependencies; + after = ["network-online.target"] ++ cfg.serviceDependencies; # ffmpeg is required for conversion of voice messages - path = [ pkgs.ffmpeg-headless ]; + path = [pkgs.ffmpeg-headless]; preStart = '' # substitute the settings file by environment variables @@ -263,11 +258,11 @@ in RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallErrorNumber = "EPERM"; - SystemCallFilter = [ "@system-service" ]; + SystemCallFilter = ["@system-service"]; Type = "simple"; UMask = 27; }; - restartTriggers = [ settingsFileUnsubstituted ]; + restartTriggers = [settingsFileUnsubstituted]; }; }; meta = { diff --git a/modules/programs/configs/default.nix b/modules/programs/configs/default.nix index 832f57e..304745a 100644 --- a/modules/programs/configs/default.nix +++ b/modules/programs/configs/default.nix @@ -9,7 +9,6 @@ # └─ default.nix * # └─ ... # - [ - ./mpv.nix + ./mpv.nix ] diff --git a/modules/programs/configs/mpv.nix b/modules/programs/configs/mpv.nix index 1d1ab25..59c625a 100644 --- a/modules/programs/configs/mpv.nix +++ b/modules/programs/configs/mpv.nix @@ -9,17 +9,14 @@ # └─ ./configs # └─ mpv.nix * # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { home.file = { ".config/mpv/mpv.conf".text = '' - hwdec=vaapi - vo=gpu - hwdec-codecs=all - gpu-context=wayland - #profile=gpu-hq - ''; + hwdec=vaapi + vo=gpu + hwdec-codecs=all + gpu-context=wayland + #profile=gpu-hq + ''; }; } diff --git a/modules/programs/firefox.nix b/modules/programs/firefox.nix index 81ee431..fa4ec28 100644 --- a/modules/programs/firefox.nix +++ b/modules/programs/firefox.nix @@ -1,12 +1,11 @@ # # Firefox Brower Emulator # - - -{ pkgs, config, ... }: - { - + pkgs, + config, + ... +}: { #home.packages = [ pkgs.firefox-wayland ]; programs = { @@ -14,155 +13,155 @@ enable = true; configPath = "${config.xdg.configHome}/mozilla/firefox"; #package = pkgs.wrapFirefox pkgs.firefox-unwrapped { - #forceWayland = true; + #forceWayland = true; # extraPolicies = { # ExtensionSettings = {}; # }; #}; -# package = pkgs.firefox-wayland; -# profiles.kabbone = { -# #id = 271987; -# name = "kabbone"; -# isDefault = true; -# settings = { -# "media.ffmpeg.vaapi.enabled" = true; -# "gfx.webrender.all" = true; -# "browser.contentblocking.category" = "strict"; -# "browser.search.region" = "DE"; -# "extensions.active.ThemeID" = "dreamer-bold-colorway@mozilla.org"; -# "media.autoplay.default" = 0; -# "security.enterprise_roots.enabled" = true; -# "widget.gtk.overlay-scrollbars.enabled" = true; -# "signon.rememberSignons" = false; -# "extensions.formautofill.creditCards.enabled" = false; -# "datareporting.healthreport.uploadEnabled" = false; -# "browser.urlbar.placeholderName" = "DuckDuckGo"; -# "browser.urlbar.placeholderName.private" = "DuckDuckGo"; -# "browser.theme.toolbar-theme" = 0; -# }; -# -# userChrome = '' -# /* Hide tab bar in FF Quantum */ -# @-moz-document url("chrome://browser/content/browser.xul") { -# #TabsToolbar { -# visibility: collapse !important; -# margin-bottom: 21px !important; -# } -# -# #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header { -# visibility: collapse !important; -# } -# } -# ''; -# -# search = { -# engines = { -# "Nix Packages" = { -# urls = [{ -# template = "https://search.nixos.org/packages"; -# params = [ -# { name = "type"; value = "packages"; } -# { name = "query"; value = "{searchTerms}"; } -# ]; -# }]; -# -# icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; -# definedAliases = [ "@np" ]; -# }; -# -# "NixOS Wiki" = { -# urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; -# iconUpdateURL = "https://nixos.wiki/favicon.png"; -# updateInterval = 24 * 60 * 60 * 1000; # every day -# definedAliases = [ "@nw" ]; -# }; -# }; -# -# order = [ "DuckDuckGo" ]; -# default = "DuckDuckGo"; -# }; -# -# bookmarks = [ -# { -# name = "Kabtop Nextcloud"; -# url = "https://cloud.kabtop.de/"; -# } -# { -# name = "Home Assistant"; -# url = "https://hass.home.opel-online.de/"; -# } -# { -# name = "Netflix"; -# url = "https://netflix.com/browse"; -# } -# { -# name = "YouTube"; -# url = "https://youtube.com/"; -# } -# { -# name = "Kicker"; -# url = "https://kicker.de/"; -# } -# { -# name = "Chilloutzone"; -# url = "https://chilloutzone.net/"; -# } -# { -# name = "myDealZ"; -# url = "https://mydealz.de/"; -# } -# { -# name = "Kabtop Git"; -# url = "https://git.kabtop.de/"; -# } -# { -# name = "Spotify"; -# url = "https://open.spotify.com/"; -# } -# { -# name = "Tech"; -# bookmarks = [ -# { -# name = "Golem"; -# url = "https://golem.de/"; -# } -# { -# name = "Heise"; -# url = "https://heise.de/"; -# } -# { -# name = "Phoronix"; -# url = "https://phoronix.com/"; -# } -# ]; -# } -# { -# name = "Foren"; -# bookmarks = [ -# { -# name = "Archlinux-en"; -# url = "https://archlinux.org/"; -# } -# { -# name = "Archlinux-ARM"; -# url = "https://archlinuxarm.org/"; -# } -# { -# name = "Archlinux-de"; -# url = "https://archlinux.de/"; -# } -# ]; -# } -# ]; -# }; -# -# extensions = with pkgs.nur.repos.rycee.firefox-addons; [ -# honey -# keepassxc-browser -# multi-account-containers -# netflix-1080p -# ublock-origin -# ]; + # package = pkgs.firefox-wayland; + # profiles.kabbone = { + # #id = 271987; + # name = "kabbone"; + # isDefault = true; + # settings = { + # "media.ffmpeg.vaapi.enabled" = true; + # "gfx.webrender.all" = true; + # "browser.contentblocking.category" = "strict"; + # "browser.search.region" = "DE"; + # "extensions.active.ThemeID" = "dreamer-bold-colorway@mozilla.org"; + # "media.autoplay.default" = 0; + # "security.enterprise_roots.enabled" = true; + # "widget.gtk.overlay-scrollbars.enabled" = true; + # "signon.rememberSignons" = false; + # "extensions.formautofill.creditCards.enabled" = false; + # "datareporting.healthreport.uploadEnabled" = false; + # "browser.urlbar.placeholderName" = "DuckDuckGo"; + # "browser.urlbar.placeholderName.private" = "DuckDuckGo"; + # "browser.theme.toolbar-theme" = 0; + # }; + # + # userChrome = '' + # /* Hide tab bar in FF Quantum */ + # @-moz-document url("chrome://browser/content/browser.xul") { + # #TabsToolbar { + # visibility: collapse !important; + # margin-bottom: 21px !important; + # } + # + # #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header { + # visibility: collapse !important; + # } + # } + # ''; + # + # search = { + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # + # icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # }; + # + # order = [ "DuckDuckGo" ]; + # default = "DuckDuckGo"; + # }; + # + # bookmarks = [ + # { + # name = "Kabtop Nextcloud"; + # url = "https://cloud.kabtop.de/"; + # } + # { + # name = "Home Assistant"; + # url = "https://hass.home.opel-online.de/"; + # } + # { + # name = "Netflix"; + # url = "https://netflix.com/browse"; + # } + # { + # name = "YouTube"; + # url = "https://youtube.com/"; + # } + # { + # name = "Kicker"; + # url = "https://kicker.de/"; + # } + # { + # name = "Chilloutzone"; + # url = "https://chilloutzone.net/"; + # } + # { + # name = "myDealZ"; + # url = "https://mydealz.de/"; + # } + # { + # name = "Kabtop Git"; + # url = "https://git.kabtop.de/"; + # } + # { + # name = "Spotify"; + # url = "https://open.spotify.com/"; + # } + # { + # name = "Tech"; + # bookmarks = [ + # { + # name = "Golem"; + # url = "https://golem.de/"; + # } + # { + # name = "Heise"; + # url = "https://heise.de/"; + # } + # { + # name = "Phoronix"; + # url = "https://phoronix.com/"; + # } + # ]; + # } + # { + # name = "Foren"; + # bookmarks = [ + # { + # name = "Archlinux-en"; + # url = "https://archlinux.org/"; + # } + # { + # name = "Archlinux-ARM"; + # url = "https://archlinuxarm.org/"; + # } + # { + # name = "Archlinux-de"; + # url = "https://archlinux.de/"; + # } + # ]; + # } + # ]; + # }; + # + # extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + # honey + # keepassxc-browser + # multi-account-containers + # netflix-1080p + # ublock-origin + # ]; }; }; } diff --git a/modules/server/default.nix b/modules/server/default.nix index df05ce4..e34e151 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -16,90 +16,91 @@ # # myServer.extraSystemPackages = with pkgs; [ some-tool ]; # - -{ config, lib, pkgs, user, ... }: - -let - cfg = config.myServer; -in { + config, + lib, + pkgs, + user, + ... +}: let + cfg = config.myServer; +in { # ── Options ────────────────────────────────────────────────────────────── options.myServer = with lib; { - uid = mkOption { - type = types.int; - default = 3000; + type = types.int; + default = 3000; description = "UID for the server user."; }; sshPort = mkOption { - type = types.port; - default = 2220; + type = types.port; + default = 2220; description = "Port openssh listens on."; }; sudoRequiresPassword = mkOption { - type = types.bool; - default = true; + type = types.bool; + default = true; description = "Whether wheel users must enter a password for sudo."; }; autoUpgrade.enable = mkOption { - type = types.bool; - default = true; + type = types.bool; + default = true; description = "Enable automatic NixOS upgrades (inherits flake URL from configuration_common.nix)."; }; virtualisation = { enable = mkEnableOption "container/VM stack (podman with docker-compat, KVM tuning)"; - cpu = mkOption { - type = types.enum [ "amd" "intel" "none" ]; - default = "none"; + cpu = mkOption { + type = types.enum ["amd" "intel" "none"]; + default = "none"; description = "CPU type — selects KVM kernel parameters when virtualisation is enabled."; }; }; extraGroups = mkOption { - type = types.listOf types.str; - default = []; + type = types.listOf types.str; + default = []; description = "Additional groups for the server user beyond the defaults."; }; extraSystemPackages = mkOption { - type = types.listOf types.package; - default = []; + type = types.listOf types.package; + default = []; description = "Additional system packages specific to this host."; }; fail2ban = { enable = mkEnableOption "fail2ban intrusion prevention"; }; - }; # ── Configuration ──────────────────────────────────────────────────────── config = lib.mkMerge [ - # ── Base server config ──────────────────────────────────────────────── { users.users.${user} = { isNormalUser = true; - uid = cfg.uid; - extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ] ++ cfg.extraGroups; + uid = cfg.uid; + extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"] ++ cfg.extraGroups; }; security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword; - environment.systemPackages = with pkgs; [ - ffmpeg - smartmontools - htop - ] ++ cfg.extraSystemPackages; + environment.systemPackages = with pkgs; + [ + ffmpeg + smartmontools + htop + ] + ++ cfg.extraSystemPackages; services.openssh = { - ports = [ cfg.sshPort ]; + ports = [cfg.sshPort]; openFirewall = true; }; @@ -114,12 +115,12 @@ in # ── Virtualisation (podman/docker-compat) ───────────────────────────── (lib.mkIf cfg.virtualisation.enable { virtualisation.podman = { - enable = true; + enable = true; autoPrune.enable = true; - dockerCompat = true; + dockerCompat = true; }; - users.groups.docker.members = [ user ]; + users.groups.docker.members = [user]; }) # ── KVM – AMD ───────────────────────────────────────────────────────── @@ -141,11 +142,10 @@ in # ── Fail2ban ────────────────────────────────────────────────────────── (lib.mkIf cfg.fail2ban.enable { services.fail2ban = { - enable = true; - maxretry = 5; + enable = true; + maxretry = 5; jails.DEFAULT.settings.findtime = "15m"; }; }) - ]; } diff --git a/modules/services/dmz/default.nix b/modules/services/dmz/default.nix index 4add8ff..650d5ab 100644 --- a/modules/services/dmz/default.nix +++ b/modules/services/dmz/default.nix @@ -9,11 +9,10 @@ # └─ default.nix * # └─ ... # - [ ./microvm.nix -# ./hydra.nix + # ./hydra.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/dmz/gitea_runner.nix b/modules/services/dmz/gitea_runner.nix index bd3a8ce..a7ef7ec 100644 --- a/modules/services/dmz/gitea_runner.nix +++ b/modules/services/dmz/gitea_runner.nix @@ -1,60 +1,63 @@ -{ lib, config, pkgs, ... }: - { - virtualisation = { - podman ={ - enable = true; - autoPrune.enable = true; - dockerCompat = true; - }; - containers.containersConf.settings = { - # podman seems to not work with systemd-resolved - containers.dns_servers = [ "192.168.101.1" ]; - #containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + lib, + config, + pkgs, + ... +}: { + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + containers.containersConf.settings = { + # podman seems to not work with systemd-resolved + containers.dns_servers = ["192.168.101.1"]; + #containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + }; + }; + + services.gitea-actions-runner.instances = { + homerunner = { + enable = true; + url = "https://git.kabtop.de"; + name = "Homerunner"; + tokenFile = config.age.secrets."services/gitea/homerunner-token".path; + labels = [ + "home" + "debian-latest:docker://node:18-bullseye" + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + "ubuntu-18.04:docker://node:16-buster" + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + ]; + settings = { + # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; + # the default network that also respects our dns server settings + container.network = "host"; + container.privileged = false; + # container.valid_volumes = [ + # "/nix" + # "${storeDeps}/bin" + # "${storeDeps}/etc/ssl" + # ]; }; }; + }; - services.gitea-actions-runner.instances = { - homerunner = { - enable = true; - url = "https://git.kabtop.de"; - name = "Homerunner"; - tokenFile = config.age.secrets."services/gitea/homerunner-token".path; - labels = [ - "home" - "debian-latest:docker://node:18-bullseye" - "ubuntu-latest:docker://node:16-bullseye" - "ubuntu-22.04:docker://node:16-bullseye" - "ubuntu-20.04:docker://node:16-bullseye" - "ubuntu-18.04:docker://node:16-buster" - "native:host" - ]; - hostPackages = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ]; - settings = { - # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; - # the default network that also respects our dns server settings - container.network = "host"; - container.privileged = false; - # container.valid_volumes = [ - # "/nix" - # "${storeDeps}/bin" - # "${storeDeps}/etc/ssl" - # ]; - }; - }; - }; - - age.secrets."services/gitea/homerunner-token" = { - file = ../../../secrets/services/gitea/homerunner-token.age; - owner = "gitea-runner"; - }; + age.secrets."services/gitea/homerunner-token" = { + file = ../../../secrets/services/gitea/homerunner-token.age; + owner = "gitea-runner"; + }; } diff --git a/modules/services/dmz/hydra.nix b/modules/services/dmz/hydra.nix index 53bd3f9..a9d5204 100644 --- a/modules/services/dmz/hydra.nix +++ b/modules/services/dmz/hydra.nix @@ -1,91 +1,92 @@ -{ lib, config, pkgs, ... }: - { - services = { - hydra = { - enable = true; - hydraURL = "https://hydra.home.opel-online.de"; - listenHost = "127.0.0.1"; - notificationSender = "hydra@localhost"; - useSubstitutes = true; - minimumDiskFree = 30; - }; - nix-serve = { - enable = true; - port = 5001; - bindAddress = "127.0.0.1"; - secretKeyFile = config.age.secrets."keys/nixsign".path; - }; - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts = { - "home.opel-online.de" = { - enableACME = true; - forceSSL = true; - default = true; - locations."/".return = "503"; - }; - "hydra.home.opel-online.de" = { - useACMEHost = "home.opel-online.de"; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - proxy_set_header X-Forwarded-Port 443; - ''; - }; - }; - "cache.home.opel-online.de" = { - useACMEHost = "home.opel-online.de"; - forceSSL = true; - locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; - }; - }; - }; + lib, + config, + pkgs, + ... +}: { + services = { + hydra = { + enable = true; + hydraURL = "https://hydra.home.opel-online.de"; + listenHost = "127.0.0.1"; + notificationSender = "hydra@localhost"; + useSubstitutes = true; + minimumDiskFree = 30; }; - - security.acme = { - acceptTerms = true; - defaults = { - email = "webmaster@opel-online.de"; - #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - dnsResolver = "9.9.9.9:53"; - }; - certs = { + nix-serve = { + enable = true; + port = 5001; + bindAddress = "127.0.0.1"; + secretKeyFile = config.age.secrets."keys/nixsign".path; + }; + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts = { "home.opel-online.de" = { - domain = "*.home.opel-online.de"; - dnsProvider = "netcup"; - environmentFile = config.age.secrets."services/acme/opel-online".path; - webroot = null; + enableACME = true; + forceSSL = true; + default = true; + locations."/".return = "503"; + }; + "hydra.home.opel-online.de" = { + useACMEHost = "home.opel-online.de"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3000"; + extraConfig = '' + proxy_set_header X-Forwarded-Port 443; + ''; + }; + }; + "cache.home.opel-online.de" = { + useACMEHost = "home.opel-online.de"; + forceSSL = true; + locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; }; }; }; - - nix = { - settings = { - trusted-users = [ - "hydra" - ]; - allowed-uris = "http:// https://"; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "webmaster@opel-online.de"; + #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + dnsResolver = "9.9.9.9:53"; + }; + certs = { + "home.opel-online.de" = { + domain = "*.home.opel-online.de"; + dnsProvider = "netcup"; + environmentFile = config.age.secrets."services/acme/opel-online".path; + webroot = null; }; + }; + }; - extraOptions = '' - secret-key-files = ${config.age.secrets."keys/nixsign".path} - ''; - }; - - age.secrets."keys/nixsign" = { - file = ../../../secrets/keys/nixservepriv.age; - owner = "hydra"; - }; - age.secrets."services/acme/opel-online" = { - file = ../../../secrets/services/acme/opel-online.age; - owner = "acme"; + nix = { + settings = { + trusted-users = [ + "hydra" + ]; + allowed-uris = "http:// https://"; }; + extraOptions = '' + secret-key-files = ${config.age.secrets."keys/nixsign".path} + ''; + }; + age.secrets."keys/nixsign" = { + file = ../../../secrets/keys/nixservepriv.age; + owner = "hydra"; + }; + age.secrets."services/acme/opel-online" = { + file = ../../../secrets/services/acme/opel-online.age; + owner = "acme"; + }; } diff --git a/modules/services/dmz/microvm.nix b/modules/services/dmz/microvm.nix index e7411e5..06737ac 100644 --- a/modules/services/dmz/microvm.nix +++ b/modules/services/dmz/microvm.nix @@ -1,48 +1,55 @@ -{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }: -let - name = "gitea-runner"; -in { + config, + microvm, + lib, + pkgs, + user, + agenix, + impermanence, + ... +}: let + name = "gitea-runner"; +in { microvm = { autostart = [ name ]; vms = { ${name} = { - inherit pkgs; config = { - imports = - [ agenix.nixosModules.default ] ++ - [ impermanence.nixosModules.impermanence ] ++ - [( ./gitea_runner.nix )]; + imports = + [agenix.nixosModules.default] + ++ [impermanence.nixosModules.impermanence] + ++ [(./gitea_runner.nix)]; networking = { hostName = "${name}"; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ ]; + allowedUDPPorts = []; + allowedTCPPorts = []; }; }; systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "*"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "*"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; }; + }; }; - users.users.${user} = { # System User + users.users.${user} = { + # System User isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" @@ -56,30 +63,32 @@ in enable = true; settings.PasswordAuthentication = false; hostKeys = [ - { + { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; - } - { + } + { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; - }]; + } + ]; }; }; fileSystems."/persist".neededForBoot = lib.mkForce true; environment = { - systemPackages = with pkgs; [ # Default packages install system-wide - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget + systemPackages = with pkgs; [ + # Default packages install system-wide + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget ]; persistence."/persist" = { directories = [ @@ -100,27 +109,30 @@ in vcpu = 4; mem = 4096; interfaces = [ - { - type = "macvtap"; - id = "vm-${name}"; - mac = "04:00:00:00:00:01"; - macvtap = { + { + type = "macvtap"; + id = "vm-${name}"; + mac = "04:00:00:00:00:01"; + macvtap = { link = "ens18"; mode = "bridge"; - }; - } ]; - shares = [{ - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - { - source = "/etc/vm-persist/${name}"; - mountPoint = "/persist"; - tag = "persist"; - proto = "virtiofs"; - }]; + }; + } + ]; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/etc/vm-persist/${name}"; + mountPoint = "/persist"; + tag = "persist"; + proto = "virtiofs"; + } + ]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; diff --git a/modules/services/kabtopci/default.nix b/modules/services/kabtopci/default.nix index ac77f44..31549c7 100644 --- a/modules/services/kabtopci/default.nix +++ b/modules/services/kabtopci/default.nix @@ -9,11 +9,10 @@ # └─ default.nix * # └─ ... # - [ -# ./microvm.nix + # ./microvm.nix ./hydra.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/kabtopci/gitea_runner.nix b/modules/services/kabtopci/gitea_runner.nix index d2b018d..7ed4ce5 100644 --- a/modules/services/kabtopci/gitea_runner.nix +++ b/modules/services/kabtopci/gitea_runner.nix @@ -1,59 +1,62 @@ -{ lib, config, pkgs, ... }: - { - virtualisation = { - podman ={ - enable = true; - autoPrune.enable = true; - dockerCompat = true; - }; - containers.containersConf.settings = { - # podman seems to not work with systemd-resolved - containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + lib, + config, + pkgs, + ... +}: { + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + containers.containersConf.settings = { + # podman seems to not work with systemd-resolved + containers.dns_servers = ["8.8.8.8" "8.8.4.4"]; + }; + }; + + services.gitea-actions-runner.instances = { + cirunner = { + enable = true; + url = "https://git.kabtop.de"; + name = "CI Kabtop runner"; + tokenFile = config.age.secrets."services/gitea/cirunner-token".path; + labels = [ + "ci" + "debian-latest:docker://node:18-bullseye" + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + "ubuntu-18.04:docker://node:16-buster" + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + ]; + settings = { + # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; + # the default network that also respects our dns server settings + container.network = "host"; + container.privileged = false; + # container.valid_volumes = [ + # "/nix" + # "${storeDeps}/bin" + # "${storeDeps}/etc/ssl" + # ]; }; }; + }; - services.gitea-actions-runner.instances = { - cirunner = { - enable = true; - url = "https://git.kabtop.de"; - name = "CI Kabtop runner"; - tokenFile = config.age.secrets."services/gitea/cirunner-token".path; - labels = [ - "ci" - "debian-latest:docker://node:18-bullseye" - "ubuntu-latest:docker://node:16-bullseye" - "ubuntu-22.04:docker://node:16-bullseye" - "ubuntu-20.04:docker://node:16-bullseye" - "ubuntu-18.04:docker://node:16-buster" - "native:host" - ]; - hostPackages = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ]; - settings = { - # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; - # the default network that also respects our dns server settings - container.network = "host"; - container.privileged = false; - # container.valid_volumes = [ - # "/nix" - # "${storeDeps}/bin" - # "${storeDeps}/etc/ssl" - # ]; - }; - }; - }; - - age.secrets."services/gitea/cirunner-token" = { - file = ../../../secrets/services/gitea/cirunner-token.age; - owner = "gitea-runner"; - }; + age.secrets."services/gitea/cirunner-token" = { + file = ../../../secrets/services/gitea/cirunner-token.age; + owner = "gitea-runner"; + }; } diff --git a/modules/services/kabtopci/hydra.nix b/modules/services/kabtopci/hydra.nix index 333e54e..6be51c7 100644 --- a/modules/services/kabtopci/hydra.nix +++ b/modules/services/kabtopci/hydra.nix @@ -1,82 +1,84 @@ -{ lib, config, pkgs, ... }: - { - services = { - hydra = { - enable = true; - hydraURL = "https://hydra.ci.kabtop.de"; - listenHost = "127.0.0.1"; - notificationSender = "hydra@kabtop.de"; - useSubstitutes = true; - minimumDiskFree = 8; - }; - nix-serve = { - enable = true; - port = 5001; - bindAddress = "127.0.0.1"; - secretKeyFile = config.age.secrets."keys/nixsign".path; - }; - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts = { - "ci.kabtop.de" = { - enableACME = true; - forceSSL = true; - default = true; - locations."/".return = "503"; - }; - "hydra.ci.kabtop.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - proxy_set_header X-Forwarded-Port 443; - ''; - }; - }; - "cache.ci.kabtop.de" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + lib, + config, + pkgs, + ... +}: { + services = { + hydra = { + enable = true; + hydraURL = "https://hydra.ci.kabtop.de"; + listenHost = "127.0.0.1"; + notificationSender = "hydra@kabtop.de"; + useSubstitutes = true; + minimumDiskFree = 8; + }; + nix-serve = { + enable = true; + port = 5001; + bindAddress = "127.0.0.1"; + secretKeyFile = config.age.secrets."keys/nixsign".path; + }; + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts = { + "ci.kabtop.de" = { + enableACME = true; + forceSSL = true; + default = true; + locations."/".return = "503"; + }; + "hydra.ci.kabtop.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3000"; + extraConfig = '' + proxy_set_header X-Forwarded-Port 443; + ''; }; }; + "cache.ci.kabtop.de" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; }; }; + }; - security.acme = { - acceptTerms = true; - defaults = { - email = "webmaster@kabtop.de"; - webroot = "/var/lib/acme/acme-challenge"; - #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - }; + security.acme = { + acceptTerms = true; + defaults = { + email = "webmaster@kabtop.de"; + webroot = "/var/lib/acme/acme-challenge"; + #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; }; - - nix = { - settings = { - trusted-users = [ - "hydra" - ]; - allowed-uris = [ - "github:" - "https://github.com/" - "git+ssh://github.com/" - ]; - }; + }; - extraOptions = '' - secret-key-files = ${config.age.secrets."keys/nixsign".path} - ''; - }; - - age.secrets."keys/nixsign" = { - file = ../../../secrets/keys/nixservepriv.age; - owner = "hydra"; + nix = { + settings = { + trusted-users = [ + "hydra" + ]; + allowed-uris = [ + "github:" + "https://github.com/" + "git+ssh://github.com/" + ]; }; + extraOptions = '' + secret-key-files = ${config.age.secrets."keys/nixsign".path} + ''; + }; + + age.secrets."keys/nixsign" = { + file = ../../../secrets/keys/nixservepriv.age; + owner = "hydra"; + }; } diff --git a/modules/services/kabtopci/microvm.nix b/modules/services/kabtopci/microvm.nix index 8f1b828..db15984 100644 --- a/modules/services/kabtopci/microvm.nix +++ b/modules/services/kabtopci/microvm.nix @@ -1,48 +1,55 @@ -{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }: -let - name = "gitea-runner"; -in { + config, + microvm, + lib, + pkgs, + user, + agenix, + impermanence, + ... +}: let + name = "gitea-runner"; +in { microvm = { autostart = [ name ]; vms = { ${name} = { - inherit pkgs; config = { - imports = - [ agenix.nixosModules.default ] ++ - [ impermanence.nixosModules.impermanence ] ++ - [( ./gitea_runner.nix )]; + imports = + [agenix.nixosModules.default] + ++ [impermanence.nixosModules.impermanence] + ++ [(./gitea_runner.nix)]; networking = { hostName = "${name}"; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ ]; + allowedUDPPorts = []; + allowedTCPPorts = []; }; }; systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "*"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "*"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; }; + }; }; - users.users.${user} = { # System User + users.users.${user} = { + # System User isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" @@ -56,30 +63,32 @@ in enable = true; settings.PasswordAuthentication = false; hostKeys = [ - { + { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; - } - { + } + { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; - }]; + } + ]; }; }; fileSystems."/persist".neededForBoot = lib.mkForce true; environment = { - systemPackages = with pkgs; [ # Default packages install system-wide - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget + systemPackages = with pkgs; [ + # Default packages install system-wide + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget ]; persistence."/persist" = { directories = [ @@ -100,23 +109,26 @@ in mem = 3096; #kernel = pkgs.linuxKernel.packages.linux_latest; interfaces = [ - { - type = "user"; - id = "vm-${name}"; - mac = "04:00:00:00:00:02"; - } ]; - shares = [{ - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - { - source = "/etc/vm-persist/${name}"; - mountPoint = "/persist"; - tag = "persist"; - proto = "virtiofs"; - }]; + { + type = "user"; + id = "vm-${name}"; + mac = "04:00:00:00:00:02"; + } + ]; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/etc/vm-persist/${name}"; + mountPoint = "/persist"; + tag = "persist"; + proto = "virtiofs"; + } + ]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; diff --git a/modules/services/keyring.nix b/modules/services/keyring.nix index d2e8e3c..5271cd9 100644 --- a/modules/services/keyring.nix +++ b/modules/services/keyring.nix @@ -1,14 +1,16 @@ # # Screenshots # - -{ pkgs, user, ... }: - { - services = { # sxhkd shortcut = Printscreen button (Print) + pkgs, + user, + ... +}: { + services = { + # sxhkd shortcut = Printscreen button (Print) gnome-keyring = { enable = true; }; }; - home.packages = with pkgs; [ gcr seahorse ]; + home.packages = with pkgs; [gcr seahorse]; } diff --git a/modules/services/kubemaster/default.nix b/modules/services/kubemaster/default.nix index 7beb421..0ea84a6 100644 --- a/modules/services/kubemaster/default.nix +++ b/modules/services/kubemaster/default.nix @@ -9,11 +9,10 @@ # └─ default.nix * # └─ ... # - [ -# ./microvm.nix -# ./hydra.nix + # ./microvm.nix + # ./hydra.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/nas/default.nix b/modules/services/nas/default.nix index 7f9df27..061ab3d 100644 --- a/modules/services/nas/default.nix +++ b/modules/services/nas/default.nix @@ -9,7 +9,6 @@ # └─ default.nix * # └─ ... # - [ ./nfs.nix ./nginx.nix @@ -17,6 +16,6 @@ ./syncthing.nix ./paperless.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/nas/nfs.nix b/modules/services/nas/nfs.nix index 0425808..6febc66 100644 --- a/modules/services/nas/nfs.nix +++ b/modules/services/nas/nfs.nix @@ -1,18 +1,23 @@ -{config, pkgs, lib, ...}: { +{ + config, + pkgs, + lib, + ... +}: { # enable nfs services.nfs.server = rec { - enable = true; - exports = '' - /export 192.168.2.0/24(rw,fsid=0,no_subtree_check) - /export/Pluto 192.168.2.0/24(rw,no_subtree_check) - /export/Mars 192.168.2.0/24(rw,no_subtree_check) - ''; - createMountPoints = true; + enable = true; + exports = '' + /export 192.168.2.0/24(rw,fsid=0,no_subtree_check) + /export/Pluto 192.168.2.0/24(rw,no_subtree_check) + /export/Mars 192.168.2.0/24(rw,no_subtree_check) + ''; + createMountPoints = true; }; # open the firewall networking.firewall = { interfaces.ens18 = { - allowedTCPPorts = [ 2049 ]; + allowedTCPPorts = [2049]; }; }; } diff --git a/modules/services/nas/nginx.nix b/modules/services/nas/nginx.nix index e06a8fd..22ee6bb 100644 --- a/modules/services/nas/nginx.nix +++ b/modules/services/nas/nginx.nix @@ -1,10 +1,12 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.nginx = { enable = true; recommendedProxySettings = true; @@ -56,13 +58,12 @@ }; }; }; - security.acme = { acceptTerms = true; defaults = { email = "webmaster@opel-online.de"; -# server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; dnsResolver = "9.9.9.9:53"; }; certs = { @@ -75,17 +76,16 @@ }; }; - systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/mnt/Pluto/nix-cache" ]; + systemd.services.nginx.serviceConfig.ReadWritePaths = ["/mnt/Pluto/nix-cache"]; networking.firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = []; + allowedTCPPorts = [80 443]; }; age.secrets."services/acme/opel-online" = { file = ../../../secrets/services/acme/opel-online.age; owner = "acme"; }; - } diff --git a/modules/services/nas/paperless.nix b/modules/services/nas/paperless.nix index 36c95aa..ccdb5ea 100644 --- a/modules/services/nas/paperless.nix +++ b/modules/services/nas/paperless.nix @@ -1,15 +1,17 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.paperless = { enable = true; domain = "paperless.home.opel-online.de"; passwordFile = config.age.secrets."services/paperless/pwFile".path; -# environmentFile = config.age.secrets."services/paperless/environment".path; + # environmentFile = config.age.secrets."services/paperless/environment".path; configureTika = true; settings = { PAPERLESS_OCR_LANGUAGE = "deu+eng"; @@ -31,8 +33,7 @@ }; age.secrets."services/paperless/pwFile" = { - file = ../../../secrets/services/paperless/pwFile.age; - owner = "paperless"; + file = ../../../secrets/services/paperless/pwFile.age; + owner = "paperless"; }; - } diff --git a/modules/services/nas/syncthing.nix b/modules/services/nas/syncthing.nix index 99263b2..e26954f 100644 --- a/modules/services/nas/syncthing.nix +++ b/modules/services/nas/syncthing.nix @@ -1,29 +1,32 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.syncthing = { enable = true; group = "users"; user = "kabbone"; dataDir = "/home/${config.services.syncthing.user}/Sync"; configDir = "/home/${config.services.syncthing.user}/.config/syncthing"; - overrideDevices = true; # overrides any devices added or deleted through the WebUI - overrideFolders = true; # overrides any folders added or deleted through the WebUI + overrideDevices = true; # overrides any devices added or deleted through the WebUI + overrideFolders = true; # overrides any folders added or deleted through the WebUI openDefaultPorts = true; settings = { devices = { - "hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; }; - "lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; }; + "hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";}; + "lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";}; }; folders = { - "Sync" = { # Name of folder in Syncthing, also the folder ID - path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing - devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with - ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. + "Sync" = { + # Name of folder in Syncthing, also the folder ID + path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing + devices = ["hades.home.opel-online.de" "lifebook.home.opel-online.de"]; # Which devices to share the folder with + ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder. }; }; }; @@ -35,19 +38,18 @@ useACMEHost = "home.opel-online.de"; forceSSL = true; locations."/" = { - recommendedProxySettings = false; - proxyPass = "http://${toString config.services.syncthing.guiAddress}"; + recommendedProxySettings = false; + proxyPass = "http://${toString config.services.syncthing.guiAddress}"; extraConfig = '' - proxy_set_header Host localhost; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; + proxy_set_header Host localhost; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; ''; }; }; }; }; - } diff --git a/modules/services/nas/vaultwarden.nix b/modules/services/nas/vaultwarden.nix index 0d6f2e8..bac211b 100644 --- a/modules/services/nas/vaultwarden.nix +++ b/modules/services/nas/vaultwarden.nix @@ -1,10 +1,12 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.vaultwarden = { enable = true; dbBackend = "sqlite"; @@ -31,8 +33,7 @@ }; age.secrets."services/vaultwarden/environment" = { - file = ../../../secrets/services/vaultwarden/environment.age; - owner = "vaultwarden"; + file = ../../../secrets/services/vaultwarden/environment.age; + owner = "vaultwarden"; }; - } diff --git a/modules/services/nasbackup/default.nix b/modules/services/nasbackup/default.nix index 1c98c3a..d5f6a98 100644 --- a/modules/services/nasbackup/default.nix +++ b/modules/services/nasbackup/default.nix @@ -9,10 +9,9 @@ # └─ default.nix * # └─ ... # - [ -# ./nfs.nix + # ./nfs.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/printer/default.nix b/modules/services/printer/default.nix index a1f2117..4d79e59 100644 --- a/modules/services/printer/default.nix +++ b/modules/services/printer/default.nix @@ -9,10 +9,9 @@ # └─ default.nix * # └─ ... # - [ ./klipper.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/printer/klipper.nix b/modules/services/printer/klipper.nix index 268f3a2..6c252f4 100644 --- a/modules/services/printer/klipper.nix +++ b/modules/services/printer/klipper.nix @@ -1,101 +1,103 @@ -{ lib, config, pkgs, ... }: - { - environment = { - systemPackages = with pkgs; [ - klipperscreen - ]; + lib, + config, + pkgs, + ... +}: { + environment = { + systemPackages = with pkgs; [ + klipperscreen + ]; + }; + + services = { + klipper = { + enable = true; + user = "moonraker"; + group = "moonraker"; + configFile = ./printer.cfg; + mutableConfig = true; + configDir = "/var/lib/moonraker/config"; + firmwares."sovol06" = { + serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0"; + enableKlipperFlash = true; + enable = true; + configFile = ./firmware.conf; + }; }; - services = { - klipper = { - enable = true; - user = "moonraker"; - group = "moonraker"; - configFile = ./printer.cfg; - mutableConfig = true; - configDir = "/var/lib/moonraker/config"; - firmwares."sovol06" = { - serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0"; - enableKlipperFlash = true; - enable = true; - configFile = ./firmware.conf; - }; + mainsail = { + enable = true; + nginx = { + enableACME = false; + #useACMEHost = "home.opel-online.de"; + serverName = "nbf5.home.opel-online.de"; + #onlySSL = true; + #listenAddresses = [ "0.0.0.0" "::" ]; + #forceSSL = true; }; - - mainsail = { - enable = true; - nginx = { - enableACME = false; - #useACMEHost = "home.opel-online.de"; - serverName = "nbf5.home.opel-online.de"; - #onlySSL = true; - #listenAddresses = [ "0.0.0.0" "::" ]; - #forceSSL = true; - }; - }; - - moonraker = { - enable = true; - allowSystemControl = true; - address = "0.0.0.0"; - settings = { - authorization = { - force_logins = true; - cors_domains = [ - "*://nbf5.home.opel-online.de" - "*.local" - ]; - trusted_clients = [ - "127.0.0.0/8" - "192.168.2.0/24" - ]; - }; - file_manager = { - enable_object_processing = true; - }; - }; - }; - -# nginx = { -# enable = true; -# recommendedProxySettings = true; -# recommendedTlsSettings = true; -# recommendedGzipSettings = true; -# recommendedOptimisation = true; -# virtualHosts = { -# "ci.kabtop.de" = { -# enableACME = true; -# forceSSL = true; -# default = true; -# locations."/".return = "503"; -# }; -# "hydra.ci.kabtop.de" = { -# enableACME = true; -# forceSSL = true; -# locations."/" = { -# proxyPass = "http://localhost:3000"; -# extraConfig = '' -# proxy_set_header X-Forwarded-Port 443; -# ''; -# }; -# }; -# "cache.ci.kabtop.de" = { -# enableACME = true; -# forceSSL = true; -# locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; -# }; -# }; -# }; -# }; -# -# security.acme = { -# acceptTerms = true; -# defaults = { -# email = "webmaster@kabtop.de"; -# webroot = "/var/lib/acme/acme-challenge"; -# #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; -# }; }; - + + moonraker = { + enable = true; + allowSystemControl = true; + address = "0.0.0.0"; + settings = { + authorization = { + force_logins = true; + cors_domains = [ + "*://nbf5.home.opel-online.de" + "*.local" + ]; + trusted_clients = [ + "127.0.0.0/8" + "192.168.2.0/24" + ]; + }; + file_manager = { + enable_object_processing = true; + }; + }; + }; + + # nginx = { + # enable = true; + # recommendedProxySettings = true; + # recommendedTlsSettings = true; + # recommendedGzipSettings = true; + # recommendedOptimisation = true; + # virtualHosts = { + # "ci.kabtop.de" = { + # enableACME = true; + # forceSSL = true; + # default = true; + # locations."/".return = "503"; + # }; + # "hydra.ci.kabtop.de" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://localhost:3000"; + # extraConfig = '' + # proxy_set_header X-Forwarded-Port 443; + # ''; + # }; + # }; + # "cache.ci.kabtop.de" = { + # enableACME = true; + # forceSSL = true; + # locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + # }; + # }; + # }; + # }; + # + # security.acme = { + # acceptTerms = true; + # defaults = { + # email = "webmaster@kabtop.de"; + # webroot = "/var/lib/acme/acme-challenge"; + # #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + # }; + }; } diff --git a/modules/services/printer/nginx.nix b/modules/services/printer/nginx.nix index 2b1fec2..7aa43f8 100644 --- a/modules/services/printer/nginx.nix +++ b/modules/services/printer/nginx.nix @@ -1,10 +1,12 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.nginx = { enable = true; recommendedProxySettings = true; @@ -20,13 +22,12 @@ }; }; }; - security.acme = { acceptTerms = true; defaults = { email = "webmaster@opel-online.de"; -# server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; dnsResolver = "9.9.9.9:53"; }; certs = { @@ -41,13 +42,12 @@ networking.firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = []; + allowedTCPPorts = [80 443]; }; age.secrets."services/acme/opel-online" = { file = ../../../secrets/services/acme/opel-online.age; owner = "acme"; }; - } diff --git a/modules/services/server/coturn.nix b/modules/services/server/coturn.nix index af2f7d8..62f48ac 100644 --- a/modules/services/server/coturn.nix +++ b/modules/services/server/coturn.nix @@ -1,4 +1,9 @@ -{config, pkgs, lib, ...}: { +{ + config, + pkgs, + lib, + ... +}: { # enable coturn services.coturn = rec { enable = true; @@ -43,21 +48,24 @@ # open the firewall networking.firewall = { interfaces.ens18 = let - range = with config.services.coturn; [ { - from = min-port; - to = max-port; - } ]; - in - { + range = with config.services.coturn; [ + { + from = min-port; + to = max-port; + } + ]; + in { allowedUDPPortRanges = range; - allowedUDPPorts = [ 3478 ]; + allowedUDPPorts = [3478]; allowedTCPPortRanges = range; - allowedTCPPorts = [ 3478 5349 ]; + allowedTCPPorts = [3478 5349]; }; }; # get a certificate security.acme.certs.${config.services.coturn.realm} = { - /* insert here the right configuration to obtain a certificate */ + /* + insert here the right configuration to obtain a certificate + */ postRun = "systemctl restart coturn.service"; group = "turnserver"; }; @@ -67,7 +75,7 @@ #}; age.secrets."services/coturn/static-auth" = { - file = ../../../secrets/services/coturn/static-auth.age; - owner = "turnserver"; + file = ../../../secrets/services/coturn/static-auth.age; + owner = "turnserver"; }; } diff --git a/modules/services/server/default.nix b/modules/services/server/default.nix index 17b2130..5094646 100644 --- a/modules/services/server/default.nix +++ b/modules/services/server/default.nix @@ -9,7 +9,6 @@ # └─ default.nix * # └─ ... # - [ ./postgresql.nix ./gitea.nix @@ -19,8 +18,8 @@ ./coturn.nix ./hydra.nix ./mealie.nix -# ./ollama.nix + # ./ollama.nix ] - # picom, polybar and sxhkd are pulled from desktop module # redshift temporarely disables + diff --git a/modules/services/server/gitea.nix b/modules/services/server/gitea.nix index 4795373..25e4eda 100644 --- a/modules/services/server/gitea.nix +++ b/modules/services/server/gitea.nix @@ -1,10 +1,12 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { services.gitea = { enable = true; dump.enable = false; @@ -19,56 +21,56 @@ appName = "Kabtop Git"; mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path; settings = { - server = { - ROOT_URL = "https://git.kabtop.de"; - HTTP_ADDR = "localhost"; - DOMAIN = "git.kabtop.de"; - SSH_PORT = 2220; - ENABLE_GZIP = true; - LFS_START_SERVER = true; - LFS_ALLOW_PURE_SSH = true; - }; - security = { - MIN_PASSWORD_LENGTH = 12; - PASSWORD_CHECK_PWN = true; - PASSWORD_HASH_ALGO = "argon2"; - }; -# oauth2 = { -# ENABLE = true; -# #JWT_SECRET = "secret123"; -# }; - repository = { - MAX_CREATION_LIMIT = 100; - }; - ui = { - SHOW_USER_EMAIL = false; - DEFAULT_THEME = "gitea-dark"; - }; -# openid = { -# ENABLE_OPENID_SIGNIN = true; -# WHITELISTED_URIS = "https://auth.kabtop.de"; -# }; -# oauth2_client = { -# ENABLE_AUTO_REGISTRATION = true; -# }; - time = { - DEFAULT_UI_LOCATION = "Europe/Berlin"; - }; - other = { - SHOW_FOOTER_VERSION = false; - }; + server = { + ROOT_URL = "https://git.kabtop.de"; + HTTP_ADDR = "localhost"; + DOMAIN = "git.kabtop.de"; + SSH_PORT = 2220; + ENABLE_GZIP = true; + LFS_START_SERVER = true; + LFS_ALLOW_PURE_SSH = true; + }; + security = { + MIN_PASSWORD_LENGTH = 12; + PASSWORD_CHECK_PWN = true; + PASSWORD_HASH_ALGO = "argon2"; + }; + # oauth2 = { + # ENABLE = true; + # #JWT_SECRET = "secret123"; + # }; + repository = { + MAX_CREATION_LIMIT = 100; + }; + ui = { + SHOW_USER_EMAIL = false; + DEFAULT_THEME = "gitea-dark"; + }; + # openid = { + # ENABLE_OPENID_SIGNIN = true; + # WHITELISTED_URIS = "https://auth.kabtop.de"; + # }; + # oauth2_client = { + # ENABLE_AUTO_REGISTRATION = true; + # }; + time = { + DEFAULT_UI_LOCATION = "Europe/Berlin"; + }; + other = { + SHOW_FOOTER_VERSION = false; + }; - session.COOKIE_SECURE = true; - service = { - REGISTER_EMAIL_CONFIRM = true; - DISABLE_REGISTRATION = true; - }; - actions = { - ENABLED = true; - }; - indexer = { - REPO_INDEXER_ENABLED = false; - }; + session.COOKIE_SECURE = true; + service = { + REGISTER_EMAIL_CONFIRM = true; + DISABLE_REGISTRATION = true; + }; + actions = { + ENABLED = true; + }; + indexer = { + REPO_INDEXER_ENABLED = false; + }; }; }; @@ -87,11 +89,11 @@ }; }; age.secrets."services/gitea/mailerPassword" = { - file = ../../../secrets/services/gitea/mailerPassword.age; - owner = "gitea"; + file = ../../../secrets/services/gitea/mailerPassword.age; + owner = "gitea"; }; age.secrets."services/gitea/databasePassword" = { - file = ../../../secrets/services/gitea/databasePassword.age; - owner = "gitea"; + file = ../../../secrets/services/gitea/databasePassword.age; + owner = "gitea"; }; } diff --git a/modules/services/server/gitea_runner.nix b/modules/services/server/gitea_runner.nix index 0380ec4..a05057f 100644 --- a/modules/services/server/gitea_runner.nix +++ b/modules/services/server/gitea_runner.nix @@ -1,59 +1,62 @@ -{ lib, config, pkgs, ... }: - { - virtualisation = { - podman ={ - enable = true; - autoPrune.enable = true; - dockerCompat = true; - }; - containers.containersConf.settings = { - # podman seems to not work with systemd-resolved - containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; + lib, + config, + pkgs, + ... +}: { + virtualisation = { + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + containers.containersConf.settings = { + # podman seems to not work with systemd-resolved + containers.dns_servers = ["8.8.8.8" "8.8.4.4"]; + }; + }; + + services.gitea-actions-runner.instances = { + serverrunner = { + enable = true; + url = "https://git.kabtop.de"; + name = "Server runner"; + tokenFile = config.age.secrets."services/gitea/serverrunner-token".path; + labels = [ + "server" + "debian-latest:docker://node:18-bullseye" + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + "ubuntu-18.04:docker://node:16-buster" + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + ]; + settings = { + # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; + # the default network that also respects our dns server settings + container.network = "host"; + container.privileged = false; + # container.valid_volumes = [ + # "/nix" + # "${storeDeps}/bin" + # "${storeDeps}/etc/ssl" + # ]; }; }; + }; - services.gitea-actions-runner.instances = { - serverrunner = { - enable = true; - url = "https://git.kabtop.de"; - name = "Server runner"; - tokenFile = config.age.secrets."services/gitea/serverrunner-token".path; - labels = [ - "server" - "debian-latest:docker://node:18-bullseye" - "ubuntu-latest:docker://node:16-bullseye" - "ubuntu-22.04:docker://node:16-bullseye" - "ubuntu-20.04:docker://node:16-bullseye" - "ubuntu-18.04:docker://node:16-buster" - "native:host" - ]; - hostPackages = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ]; - settings = { - # container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; - # the default network that also respects our dns server settings - container.network = "host"; - container.privileged = false; - # container.valid_volumes = [ - # "/nix" - # "${storeDeps}/bin" - # "${storeDeps}/etc/ssl" - # ]; - }; - }; - }; - - age.secrets."services/gitea/serverrunner-token" = { - file = ../../../secrets/services/gitea/serverrunner-token.age; - owner = "gitea-runner"; - }; + age.secrets."services/gitea/serverrunner-token" = { + file = ../../../secrets/services/gitea/serverrunner-token.age; + owner = "gitea-runner"; + }; } diff --git a/modules/services/server/hydra.nix b/modules/services/server/hydra.nix index 7d2b01a..1f253e9 100644 --- a/modules/services/server/hydra.nix +++ b/modules/services/server/hydra.nix @@ -1,77 +1,79 @@ -{ lib, config, pkgs, ... }: - { - services = { - hydra = { - enable = true; - hydraURL = "https://hydra.ci.kabtop.de"; - listenHost = "127.0.0.1"; - port = 3001; - notificationSender = "hydra@kabtop.de"; - useSubstitutes = true; - minimumDiskFree = 50; - maxServers = 10; - }; - nix-serve = { - enable = true; - port = 5001; - bindAddress = "127.0.0.1"; - secretKeyFile = config.age.secrets."keys/nixsign".path; - }; - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts = { - "ci.kabtop.de" = { - enableACME = true; - forceSSL = true; - default = true; - locations."/".return = "503"; - }; - "hydra.ci.kabtop.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:3001"; - extraConfig = '' - proxy_set_header X-Forwarded-Port 443; - ''; - }; - }; - "cache.ci.kabtop.de" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + lib, + config, + pkgs, + ... +}: { + services = { + hydra = { + enable = true; + hydraURL = "https://hydra.ci.kabtop.de"; + listenHost = "127.0.0.1"; + port = 3001; + notificationSender = "hydra@kabtop.de"; + useSubstitutes = true; + minimumDiskFree = 50; + maxServers = 10; + }; + nix-serve = { + enable = true; + port = 5001; + bindAddress = "127.0.0.1"; + secretKeyFile = config.age.secrets."keys/nixsign".path; + }; + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts = { + "ci.kabtop.de" = { + enableACME = true; + forceSSL = true; + default = true; + locations."/".return = "503"; + }; + "hydra.ci.kabtop.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3001"; + extraConfig = '' + proxy_set_header X-Forwarded-Port 443; + ''; }; }; + "cache.ci.kabtop.de" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; }; }; + }; - nix = { - settings = { - cores = 5; - max-jobs = 1; - trusted-users = [ - "hydra" - ]; - allowed-uris = [ - "github:" - "https://github.com/" - "git+ssh://github.com/" - ]; - }; - - extraOptions = '' - secret-key-files = ${config.age.secrets."keys/nixsign".path} - ''; - }; - - age.secrets."keys/nixsign" = { - file = ../../../secrets/keys/nixservepriv.age; - owner = "hydra"; + nix = { + settings = { + cores = 5; + max-jobs = 1; + trusted-users = [ + "hydra" + ]; + allowed-uris = [ + "github:" + "https://github.com/" + "git+ssh://github.com/" + ]; }; + extraOptions = '' + secret-key-files = ${config.age.secrets."keys/nixsign".path} + ''; + }; + + age.secrets."keys/nixsign" = { + file = ../../../secrets/keys/nixservepriv.age; + owner = "hydra"; + }; } diff --git a/modules/services/server/jitsi.nix b/modules/services/server/jitsi.nix index 24c347c..4079652 100644 --- a/modules/services/server/jitsi.nix +++ b/modules/services/server/jitsi.nix @@ -1,46 +1,48 @@ - -{ config, pkgs, ... }: { - services.jitsi-meet = { - enable = true; - hostName = "meet.kabtop.de"; - config = { - enableWelcomePage = false; - prejoinPageEnabled = true; - defaultLang = "en"; - }; - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; + config, + pkgs, + ... +}: { + services.jitsi-meet = { + enable = true; + hostName = "meet.kabtop.de"; + config = { + enableWelcomePage = false; + prejoinPageEnabled = true; + defaultLang = "en"; }; - #services.jibri = { - # enable = true; - # config = { - # recording = { - # recordings-directory = "/var/lib/jitsi-meet-recordings"; - # }; - # ffmpeg = { - # #framerate = 30; - # #video-encode-preset = "veryfast"; # https://trac.ffmpeg.org/wiki/Encode/H.264#a2.Chooseapresetandtune - # h264-constant-rate-factor = 21; # https://trac.ffmpeg.org/wiki/Encode/H.264#a1.ChooseaCRFvalue - # }; - # }; - #}; - services.jitsi-videobridge = { - enable = true; - openFirewall = true; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; }; + }; + #services.jibri = { + # enable = true; + # config = { + # recording = { + # recordings-directory = "/var/lib/jitsi-meet-recordings"; + # }; + # ffmpeg = { + # #framerate = 30; + # #video-encode-preset = "veryfast"; # https://trac.ffmpeg.org/wiki/Encode/H.264#a2.Chooseapresetandtune + # h264-constant-rate-factor = 21; # https://trac.ffmpeg.org/wiki/Encode/H.264#a1.ChooseaCRFvalue + # }; + # }; + #}; + services.jitsi-videobridge = { + enable = true; + openFirewall = true; + }; - services.prosody.extraConfig = '' - log = "/var/log/prosody/prosody.log" - ''; - systemd.tmpfiles.rules = [ - "d /var/log/prosody - prosody prosody" - #"d ${config.services.jibri.config.recording.recordings-directory} 0750 jibri jibri -" - ]; + services.prosody.extraConfig = '' + log = "/var/log/prosody/prosody.log" + ''; + systemd.tmpfiles.rules = [ + "d /var/log/prosody - prosody prosody" + #"d ${config.services.jibri.config.recording.recordings-directory} 0750 jibri jibri -" + ]; - security.acme.defaults.email = "webmaster@kabtop.de"; - security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; - security.acme.acceptTerms = true; + security.acme.defaults.email = "webmaster@kabtop.de"; + security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; + security.acme.acceptTerms = true; } diff --git a/modules/services/server/matrix.nix b/modules/services/server/matrix.nix index 3ac2e44..64e655f 100644 --- a/modules/services/server/matrix.nix +++ b/modules/services/server/matrix.nix @@ -1,10 +1,12 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let fqdn = "matrix.${config.networking.domain}"; clientConfig = { "m.homeserver".base_url = "https://${fqdn}"; @@ -24,230 +26,237 @@ in { recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { - "${config.networking.domain}" = { + "${config.networking.domain}" = { enableACME = true; forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - locations."/_matrix".proxyPass = "http://localhost:8008"; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + locations."/_matrix".proxyPass = "http://localhost:8008"; }; "${fqdn}" = { enableACME = true; forceSSL = true; - locations."/health".proxyPass = "http://localhost:8008"; - locations."/_matrix".proxyPass = "http://localhost:8008"; - locations."/_synapse/client".proxyPass = "http://localhost:8008"; - locations."/".extraConfig = '' + locations."/health".proxyPass = "http://localhost:8008"; + locations."/_matrix".proxyPass = "http://localhost:8008"; + locations."/_synapse/client".proxyPass = "http://localhost:8008"; + locations."/".extraConfig = '' return 404; ''; }; -# "element.${config.networking.domain}" = { -# enableACME = true; -# forceSSL = true; -# -# root = pkgs.element-web.override { -# conf = { -# default_server_config = clientConfig; -# }; -# }; -# }; + # "element.${config.networking.domain}" = { + # enableACME = true; + # forceSSL = true; + # + # root = pkgs.element-web.override { + # conf = { + # default_server_config = clientConfig; + # }; + # }; + # }; }; }; - imports = [ ../../kabbone/mautrix-whatsapp.nix ]; + imports = [../../kabbone/mautrix-whatsapp.nix]; services.matrix-synapse = { enable = true; settings = { - server_name = config.networking.domain; - public_baseurl = "https://matrix.${config.networking.domain}"; - listeners = [ - { port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" ]; compress = true; } - { names = [ "federation" ]; compress = false; } - ]; - } - ]; + server_name = config.networking.domain; + public_baseurl = "https://matrix.${config.networking.domain}"; + listeners = [ + { + port = 8008; + bind_addresses = ["::1"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client"]; + compress = true; + } + { + names = ["federation"]; + compress = false; + } + ]; + } + ]; }; extraConfigFiles = [ - config.age.secrets."services/matrix/synapse.yml".path + config.age.secrets."services/matrix/synapse.yml".path ]; }; systemd.services = { - matrix-synapse = { - requires = [ "postgresql.service" ]; - }; + matrix-synapse = { + requires = ["postgresql.service"]; + }; }; services = { - mautrix-telegram = { - enable = true; - registerToSynapse = true; - environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = "kabtop.de"; - }; - appservice = { - hostname = "127.0.0.1"; - provisioning.enabled = false; - id = "telegram"; - public = { - enabled = false; - }; - }; - bridge = { - sync_channel_members = true; - startup_sync = true; - public_portals = true; - double_puppet_server_map = { - "kabtop.de" = "https://kabtop.de"; - }; - encryption = { - allow = true; - default = true; - verification_levels = { - receive = "cross-signed-untrusted"; - send = "cross-signed-untrusted"; - }; - }; - private_chat_portal_meta = "default"; - backfill = { - disable_notifications = true; - }; - permissions = { - "@kabbone:kabtop.de" = "admin"; - }; - }; - logging = { - loggers = { - mau = { - level = "WARN"; - }; - telethon = { - level = "WARN"; - }; - }; - root = { - handlers = [ - "console" - ]; - level = "WARN"; - }; - }; + mautrix-telegram = { + enable = true; + registerToSynapse = true; + environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = "kabtop.de"; + }; + appservice = { + hostname = "127.0.0.1"; + provisioning.enabled = false; + id = "telegram"; + public = { + enabled = false; }; - }; - mautrix-signal = { - enable = true; - registerToSynapse = true; - environmentFile = config.age.secrets."services/matrix/mautrix-signal.env".path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = "kabtop.de"; - }; - appservice = { - hostname = "127.0.0.1"; - id = "signal"; - as_token = "$MAUTRIX_SIGNAL_AS_TOKEN"; - hs_token = "$MAUTRIX_SIGNAL_HS_TOKEN"; - }; - database = { - type = "postgres"; - uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE"; - }; - encryption = { - allow = true; - default = true; - verification_levels = { - receive = "cross-signed-untrusted"; - send = "cross-signed-untrusted"; - }; - pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY"; - }; - backfill = { - enabled = true; - }; - bridge = { - permissions = { - "@kabbone:kabtop.de" = "admin"; - }; - }; - logging = { - min_level = "warn"; - writers = [ - { - format = "pretty-colored"; - type = "stdout"; - } - ]; - }; + }; + bridge = { + sync_channel_members = true; + startup_sync = true; + public_portals = true; + double_puppet_server_map = { + "kabtop.de" = "https://kabtop.de"; }; - }; - kabbone_mautrix-whatsapp = { - enable = true; - registerToSynapse = true; - environmentFile = config.age.secrets."services/matrix/mautrix-whatsapp.env".path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = "kabtop.de"; - }; - appservice = { - hostname = "127.0.0.1"; - id = "whatsapp"; - as_token = "$MAUTRIX_WHATSAPP_AS_TOKEN"; - hs_token = "$MAUTRIX_WHATSAPP_HS_TOKEN"; - }; - database = { - type = "postgres"; - uri = "$MAUTRIX_WHATSAPP_APPSERVICE_DATABASE"; - }; - encryption = { - allow = true; - default = true; - verification_levels = { - receive = "cross-signed-untrusted"; - send = "cross-signed-untrusted"; - }; - pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY"; - }; - network = { - history_sync.request_full_sync = true; - }; - bridge = { - permissions = { - "@kabbone:kabtop.de" = "admin"; - }; - }; - logging = { - min_level = "warn"; - }; + encryption = { + allow = true; + default = true; + verification_levels = { + receive = "cross-signed-untrusted"; + send = "cross-signed-untrusted"; + }; }; + private_chat_portal_meta = "default"; + backfill = { + disable_notifications = true; + }; + permissions = { + "@kabbone:kabtop.de" = "admin"; + }; + }; + logging = { + loggers = { + mau = { + level = "WARN"; + }; + telethon = { + level = "WARN"; + }; + }; + root = { + handlers = [ + "console" + ]; + level = "WARN"; + }; + }; }; + }; + mautrix-signal = { + enable = true; + registerToSynapse = true; + environmentFile = config.age.secrets."services/matrix/mautrix-signal.env".path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = "kabtop.de"; + }; + appservice = { + hostname = "127.0.0.1"; + id = "signal"; + as_token = "$MAUTRIX_SIGNAL_AS_TOKEN"; + hs_token = "$MAUTRIX_SIGNAL_HS_TOKEN"; + }; + database = { + type = "postgres"; + uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE"; + }; + encryption = { + allow = true; + default = true; + verification_levels = { + receive = "cross-signed-untrusted"; + send = "cross-signed-untrusted"; + }; + pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY"; + }; + backfill = { + enabled = true; + }; + bridge = { + permissions = { + "@kabbone:kabtop.de" = "admin"; + }; + }; + logging = { + min_level = "warn"; + writers = [ + { + format = "pretty-colored"; + type = "stdout"; + } + ]; + }; + }; + }; + kabbone_mautrix-whatsapp = { + enable = true; + registerToSynapse = true; + environmentFile = config.age.secrets."services/matrix/mautrix-whatsapp.env".path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = "kabtop.de"; + }; + appservice = { + hostname = "127.0.0.1"; + id = "whatsapp"; + as_token = "$MAUTRIX_WHATSAPP_AS_TOKEN"; + hs_token = "$MAUTRIX_WHATSAPP_HS_TOKEN"; + }; + database = { + type = "postgres"; + uri = "$MAUTRIX_WHATSAPP_APPSERVICE_DATABASE"; + }; + encryption = { + allow = true; + default = true; + verification_levels = { + receive = "cross-signed-untrusted"; + send = "cross-signed-untrusted"; + }; + pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY"; + }; + network = { + history_sync.request_full_sync = true; + }; + bridge = { + permissions = { + "@kabbone:kabtop.de" = "admin"; + }; + }; + logging = { + min_level = "warn"; + }; + }; + }; }; age.secrets."services/matrix/synapse.yml" = { - file = ../../../secrets/services/matrix/synapse.age; - owner = "matrix-synapse"; + file = ../../../secrets/services/matrix/synapse.age; + owner = "matrix-synapse"; }; age.secrets."services/matrix/mautrix-telegram.env" = { - file = ../../../secrets/services/matrix/mautrix-telegram.age; - owner = "mautrix-telegram"; + file = ../../../secrets/services/matrix/mautrix-telegram.age; + owner = "mautrix-telegram"; }; age.secrets."services/matrix/mautrix-whatsapp.env" = { - file = ../../../secrets/services/matrix/mautrix-whatsapp.age; - owner = "mautrix-whatsapp"; + file = ../../../secrets/services/matrix/mautrix-whatsapp.age; + owner = "mautrix-whatsapp"; }; age.secrets."services/matrix/mautrix-signal.env" = { - file = ../../../secrets/services/matrix/mautrix-signal.age; - owner = "mautrix-signal"; + file = ../../../secrets/services/matrix/mautrix-signal.age; + owner = "mautrix-signal"; }; } diff --git a/modules/services/server/mealie.nix b/modules/services/server/mealie.nix index 0c2612c..a3b5806 100644 --- a/modules/services/server/mealie.nix +++ b/modules/services/server/mealie.nix @@ -1,36 +1,36 @@ - -{ config, pkgs, ... }: { - - services.mealie = { - enable = true; - listenAddress = "127.0.0.1"; - credentialsFile = config.age.secrets."services/mealie/credentialsFile".path; - settings = { - ALLOW_SIGNUP = "false"; - DB_ENGINE = "postgres"; - TZ = "Europe/Berlin"; - }; + config, + pkgs, + ... +}: { + services.mealie = { + enable = true; + listenAddress = "127.0.0.1"; + credentialsFile = config.age.secrets."services/mealie/credentialsFile".path; + settings = { + ALLOW_SIGNUP = "false"; + DB_ENGINE = "postgres"; + TZ = "Europe/Berlin"; }; + }; - services.nginx = { - enable = true; - virtualHosts = { - "mealie.kabtop.de" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:9000"; - }; + services.nginx = { + enable = true; + virtualHosts = { + "mealie.kabtop.de" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:9000"; }; }; + }; - age.secrets."services/mealie/credentialsFile" = { - file = ../../../secrets/services/mealie/credentialsFile.age; - owner = "mealie"; - }; - - security.acme.defaults.email = "webmaster@kabtop.de"; - security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; - security.acme.acceptTerms = true; + age.secrets."services/mealie/credentialsFile" = { + file = ../../../secrets/services/mealie/credentialsFile.age; + owner = "mealie"; + }; + security.acme.defaults.email = "webmaster@kabtop.de"; + security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; + security.acme.acceptTerms = true; } diff --git a/modules/services/server/microvm.nix b/modules/services/server/microvm.nix index da719aa..572d74d 100644 --- a/modules/services/server/microvm.nix +++ b/modules/services/server/microvm.nix @@ -1,48 +1,55 @@ -{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }: -let - name = "gitea-runner"; -in { + config, + microvm, + lib, + pkgs, + user, + agenix, + impermanence, + ... +}: let + name = "gitea-runner"; +in { microvm = { autostart = [ name ]; vms = { ${name} = { - inherit pkgs; config = { - imports = - [ agenix.nixosModules.default ] ++ - [ impermanence.nixosModules.impermanence ] ++ - [( ./gitea_runner.nix )]; + imports = + [agenix.nixosModules.default] + ++ [impermanence.nixosModules.impermanence] + ++ [(./gitea_runner.nix)]; networking = { hostName = "${name}"; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ ]; + allowedUDPPorts = []; + allowedTCPPorts = []; }; }; systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "*"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "*"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; }; + }; }; - users.users.${user} = { # System User + users.users.${user} = { + # System User isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; uid = 2000; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" @@ -56,30 +63,32 @@ in enable = true; settings.PasswordAuthentication = false; hostKeys = [ - { + { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; - } - { + } + { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; - }]; + } + ]; }; }; fileSystems."/persist".neededForBoot = lib.mkForce true; environment = { - systemPackages = with pkgs; [ # Default packages install system-wide - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget + systemPackages = with pkgs; [ + # Default packages install system-wide + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget ]; persistence."/persist" = { directories = [ @@ -100,23 +109,26 @@ in mem = 4096; #kernel = pkgs.linuxKernel.packages.linux_latest; interfaces = [ - { - type = "user"; - id = "vm-${name}"; - mac = "04:00:00:00:00:01"; - } ]; - shares = [{ - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - { - source = "/etc/vm-persist/${name}"; - mountPoint = "/persist"; - tag = "persist"; - proto = "virtiofs"; - }]; + { + type = "user"; + id = "vm-${name}"; + mac = "04:00:00:00:00:01"; + } + ]; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/etc/vm-persist/${name}"; + mountPoint = "/persist"; + tag = "persist"; + proto = "virtiofs"; + } + ]; #writableStoreOverlay = "/nix/.rw-store"; #storeOnDisk = true; }; diff --git a/modules/services/server/nextcloud.nix b/modules/services/server/nextcloud.nix index 5026008..e16aad6 100644 --- a/modules/services/server/nextcloud.nix +++ b/modules/services/server/nextcloud.nix @@ -1,35 +1,37 @@ - -{ config, pkgs, ... }: { - services.nextcloud = { - enable = true; - hostName = "cloud.kabtop.de"; - https = true; - package = pkgs.nextcloud32; - database.createLocally = false; - notify_push.enable = false; - enableImagemagick = true; - maxUploadSize = "512M"; - caching = { - redis = true; - apcu = true; - }; - imaginary.enable = true; - settings = { - log_type = "file"; - logfile = "nextcloud.log"; - overwriteprotocol = "https"; - default_phone_region = "DE"; + config, + pkgs, + ... +}: { + services.nextcloud = { + enable = true; + hostName = "cloud.kabtop.de"; + https = true; + package = pkgs.nextcloud32; + database.createLocally = false; + notify_push.enable = false; + enableImagemagick = true; + maxUploadSize = "512M"; + caching = { + redis = true; + apcu = true; + }; + imaginary.enable = true; + settings = { + log_type = "file"; + logfile = "nextcloud.log"; + overwriteprotocol = "https"; + default_phone_region = "DE"; - redis = { - host = "/run/redis-nextcloud/redis.sock"; - port = 0; - }; - "memcache.local" = "\\OC\\Memcache\\APCu"; - "memcache.distributed" = "\\OC\\Memcache\\Redis"; - "memcache.locking" = "\\OC\\Memcache\\Redis"; - "enable_previews" = true; - "enabledPreviewproviders" = " + redis = { + host = "/run/redis-nextcloud/redis.sock"; + port = 0; + }; + "memcache.local" = "\\OC\\Memcache\\APCu"; + "memcache.distributed" = "\\OC\\Memcache\\Redis"; + "memcache.locking" = "\\OC\\Memcache\\Redis"; + "enable_previews" = true; + "enabledPreviewproviders" = " array ( 'OC\Preview\PNG', 'OC\Preview\JPEG', @@ -43,57 +45,56 @@ 'OC\Preview\Krita', 'OC\Preview\HEIC', )"; - "maintenance_window_start" = "1"; - }; - config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "localhost"; - dbname = "nextclouddb"; - adminuser = "kabbone"; - adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path; - dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path; - }; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; + "maintenance_window_start" = "1"; }; - - services.redis = { - vmOverCommit = true; - servers.nextcloud = { - enable = true; - user = "nextcloud"; - port = 0; - }; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "localhost"; + dbname = "nextclouddb"; + adminuser = "kabbone"; + adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path; + dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path; }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; - services.nginx = { + services.redis = { + vmOverCommit = true; + servers.nextcloud = { enable = true; - virtualHosts = { - "${config.services.nextcloud.hostName}" = { - enableACME = true; - forceSSL = true; - }; + user = "nextcloud"; + port = 0; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "${config.services.nextcloud.hostName}" = { + enableACME = true; + forceSSL = true; }; }; + }; - age.secrets."services/nextcloud/dbpassFile" = { - file = ../../../secrets/services/nextcloud/dbpassFile.age; - owner = "nextcloud"; - }; - age.secrets."services/nextcloud/adminpassFile" = { - file = ../../../secrets/services/nextcloud/adminpassFile.age; - owner = "nextcloud"; - }; + age.secrets."services/nextcloud/dbpassFile" = { + file = ../../../secrets/services/nextcloud/dbpassFile.age; + owner = "nextcloud"; + }; + age.secrets."services/nextcloud/adminpassFile" = { + file = ../../../secrets/services/nextcloud/adminpassFile.age; + owner = "nextcloud"; + }; - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - }; - - security.acme.defaults.email = "webmaster@kabtop.de"; - security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; - security.acme.acceptTerms = true; + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; + security.acme.defaults.email = "webmaster@kabtop.de"; + security.acme.defaults.webroot = "/var/lib/acme/acme-challenge"; + security.acme.acceptTerms = true; } diff --git a/modules/services/server/ollama.nix b/modules/services/server/ollama.nix index cce9acd..fbfe992 100644 --- a/modules/services/server/ollama.nix +++ b/modules/services/server/ollama.nix @@ -1,9 +1,10 @@ - -{ config, pkgs, ... }: -let - ollamahostname = "llm.kabtop.de"; -in { + config, + pkgs, + ... +}: let + ollamahostname = "llm.kabtop.de"; +in { virtualisation.oci-containers.containers."open-webui" = { autoStart = true; image = "ghcr.io/open-webui/open-webui:ollama"; @@ -11,17 +12,17 @@ in "/var/lib/open-webui:/app/backend/data" ]; hostname = "open-webui"; - ports = [ "8081:8080" ]; + ports = ["8081:8080"]; }; services = { nginx = { virtualHosts = { - ${ollamahostname} = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:8081"; - }; + ${ollamahostname} = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:8081"; + }; }; }; }; diff --git a/modules/services/server/postgresql.nix b/modules/services/server/postgresql.nix index 090bfd8..a8808b0 100644 --- a/modules/services/server/postgresql.nix +++ b/modules/services/server/postgresql.nix @@ -1,37 +1,39 @@ # # System notifications # - -{ config, lib, pkgs, ... }: - { -# imports = [ ./postgresql_upgrade.nix ]; + config, + lib, + pkgs, + ... +}: { + # imports = [ ./postgresql_upgrade.nix ]; services.postgresql = { enable = true; package = pkgs.postgresql_16; settings = { - max_connections = 200; - listen_addresses = "localhost"; - password_encryption = "scram-sha-256"; - shared_buffers = "4GB"; - work_mem = "2GB"; - maintenance_work_mem = "500MB"; - autovacuum_work_mem = -1; - log_timezone = "Europe/Berlin"; - timezone = "Europe/Berlin"; + max_connections = 200; + listen_addresses = "localhost"; + password_encryption = "scram-sha-256"; + shared_buffers = "4GB"; + work_mem = "2GB"; + maintenance_work_mem = "500MB"; + autovacuum_work_mem = -1; + log_timezone = "Europe/Berlin"; + timezone = "Europe/Berlin"; }; authentication = pkgs.lib.mkOverride 14 '' - local all postgres peer - host giteadb gitea localhost scram-sha-256 - host nextclouddb nextcloud localhost scram-sha-256 - host synapsedb synapse localhost scram-sha-256 - host whatsappdb mautrixwa localhost scram-sha-256 - host telegramdb mautrixtele localhost scram-sha-256 - host signaldb mautrixsignal localhost scram-sha-256 - host mealie mealie localhost scram-sha-256 - host onlyoffice onlyoffice localhost scram-sha-256 - local onlyoffice onlyoffice peer - local hydra all ident map=hydra-users + local all postgres peer + host giteadb gitea localhost scram-sha-256 + host nextclouddb nextcloud localhost scram-sha-256 + host synapsedb synapse localhost scram-sha-256 + host whatsappdb mautrixwa localhost scram-sha-256 + host telegramdb mautrixtele localhost scram-sha-256 + host signaldb mautrixsignal localhost scram-sha-256 + host mealie mealie localhost scram-sha-256 + host onlyoffice onlyoffice localhost scram-sha-256 + local onlyoffice onlyoffice peer + local hydra all ident map=hydra-users ''; identMap = '' hydra-users hydra hydra @@ -47,8 +49,7 @@ services.postgresqlBackup.enable = true; age.secrets."services/postgresql/initScript.sql" = { - file = ../../../secrets/services/postgresql/initScript.age; - owner = "postgres"; + file = ../../../secrets/services/postgresql/initScript.age; + owner = "postgres"; }; - } diff --git a/modules/services/server/postgresql_upgrade.nix b/modules/services/server/postgresql_upgrade.nix index e77f6c3..d70923b 100644 --- a/modules/services/server/postgresql_upgrade.nix +++ b/modules/services/server/postgresql_upgrade.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { environment.systemPackages = [ (let # XXX specify the postgresql package you'd like to upgrade to. @@ -8,26 +12,27 @@ # pp.plv8 ]); cfg = config.services.postgresql; - in pkgs.writeScriptBin "upgrade-pg-cluster" '' - set -eux - # XXX it's perhaps advisable to stop all services that depend on postgresql - systemctl stop postgresql + in + pkgs.writeScriptBin "upgrade-pg-cluster" '' + set -eux + # XXX it's perhaps advisable to stop all services that depend on postgresql + systemctl stop postgresql - export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" - export NEWBIN="${newPostgres}/bin" + export NEWBIN="${newPostgres}/bin" - export OLDDATA="${cfg.dataDir}" - export OLDBIN="${cfg.package}/bin" + export OLDDATA="${cfg.dataDir}" + export OLDBIN="${cfg.package}/bin" - install -d -m 0700 -o postgres -g postgres "$NEWDATA" - cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs} - sudo -u postgres $NEWBIN/pg_upgrade \ - --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir $OLDBIN --new-bindir $NEWBIN \ - "$@" - '') + sudo -u postgres $NEWBIN/pg_upgrade \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-bindir $OLDBIN --new-bindir $NEWBIN \ + "$@" + '') ]; } diff --git a/modules/services/server/woodpecker.nix b/modules/services/server/woodpecker.nix index 53ddbb8..3d61370 100644 --- a/modules/services/server/woodpecker.nix +++ b/modules/services/server/woodpecker.nix @@ -1,11 +1,14 @@ # # CI/CD Woodpecker # - -{ config, lib, pkgs, ... }: - { - environment.systemPackages = with pkgs; [ # Default packages install system-wide + config, + lib, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + # Default packages install system-wide woodpecker-server woodpecker-cli ]; @@ -28,35 +31,35 @@ systemd.services = { woodpecker-server = { description = "CI/CD Pipeline Server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - requires = [ "postgresql.service" ]; + wantedBy = ["multi-user.target"]; + after = ["network.target" "postgresql.service"]; + requires = ["postgresql.service"]; script = "${pkgs.woodpecker-server}/bin/woodpecker-server"; serviceConfig = { - User="woodpecker"; - Group="woodpecker"; - Environment="HOME=/var/lib/woodpecker"; - EnvironmentFile=config.age.secrets."services/woodpecker/environment".path; - ReadWritePaths="/var/lib/woodpecker /var/log/woodpecker"; - NoNewPrivileges=true; - MemoryDenyWriteExecute=true; - PrivateDevices=true; - PrivateTmp=true; - ProtectHome=true; - ProtectSystem="strict"; - ProtectControlGroups=true; - RestrictSUIDSGID=true; - RestrictRealtime=true; - LockPersonality=true; - ProtectKernelLogs=true; - ProtectKernelTunables=true; - ProtectHostname=true; - ProtectKernelModules=true; - PrivateUsers=true; - ProtectClock=true; - SystemCallArchitectures="native"; - SystemCallErrorNumber="EPERM"; - SystemCallFilter="@system-service"; + User = "woodpecker"; + Group = "woodpecker"; + Environment = "HOME=/var/lib/woodpecker"; + EnvironmentFile = config.age.secrets."services/woodpecker/environment".path; + ReadWritePaths = "/var/lib/woodpecker /var/log/woodpecker"; + NoNewPrivileges = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + LockPersonality = true; + ProtectKernelLogs = true; + ProtectKernelTunables = true; + ProtectHostname = true; + ProtectKernelModules = true; + PrivateUsers = true; + ProtectClock = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = "@system-service"; }; }; }; @@ -81,9 +84,7 @@ }; age.secrets."services/woodpecker/environment" = { - file = ../../../secrets/services/woodpecker/environment.age; - owner = "woodpecker"; + file = ../../../secrets/services/woodpecker/environment.age; + owner = "woodpecker"; }; - } - diff --git a/modules/shell/default.nix b/modules/shell/default.nix index 2a5f400..bcc6a87 100644 --- a/modules/shell/default.nix +++ b/modules/shell/default.nix @@ -9,7 +9,6 @@ # └─ default.nix * # └─ ... # - [ ./git.nix ./tmux.nix diff --git a/modules/shell/tmux.nix b/modules/shell/tmux.nix index f559d0d..5c0d729 100644 --- a/modules/shell/tmux.nix +++ b/modules/shell/tmux.nix @@ -1,10 +1,7 @@ # # Tmux # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { programs = { tmux = { enable = true; @@ -17,24 +14,24 @@ shortcut = "Space"; baseIndex = 1; plugins = with pkgs.tmuxPlugins; [ - yank - sidebar -# { - # plugin = dracula; - # extraConfig = " - # set -g @dracula-show-powerline true - # set -g @dracula-plugins 'git cpu-usage ram-usage battery time' - # set -g @dracula-border-contrast true - # "; -# plugin = catppuccin; -# extraConfig = " -# set -g @catppuccin_flavour 'macchiato' -# set -g @catppuccin_window_tabs_enabled 'on' -# set -g @catppuccin_host 'on' -# set -g @catppuccin_user 'on' -# set -g @catppuccin_date_time '%Y-%m-%d %H:%M' -# "; -# } + yank + sidebar + # { + # plugin = dracula; + # extraConfig = " + # set -g @dracula-show-powerline true + # set -g @dracula-plugins 'git cpu-usage ram-usage battery time' + # set -g @dracula-border-contrast true + # "; + # plugin = catppuccin; + # extraConfig = " + # set -g @catppuccin_flavour 'macchiato' + # set -g @catppuccin_window_tabs_enabled 'on' + # set -g @catppuccin_host 'on' + # set -g @catppuccin_user 'on' + # set -g @catppuccin_date_time '%Y-%m-%d %H:%M' + # "; + # } ]; extraConfig = '' set -g mouse on @@ -45,7 +42,7 @@ bind-key v split-window -v -c "#{pane_current_path}" unbind '"' unbind '%' - + # moving between windows with vim movement keys bind m select-pane -L bind n select-pane -D @@ -55,19 +52,19 @@ # moving between windows with vim movement keys bind -r C-m select-window -t :- bind -r C-i select-window -t :+ - + # Vim style X clipboard integration↲ bind-key -T copy-mode-vi 'v' send-keys -X begin-selection bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle bind-key -T copy-mode-vi 'y' send-keys -X copy-selection-and-cancel bind-key P run "xsel -o | tmux load-buffer - ; tmux paste-buffer" - + # resize panes with vim movement keys bind -r M resize-pane -L 5 bind -r N resize-pane -D 5 bind -r E resize-pane -U 5 bind -r I resize-pane -R 5 - + # bindings for pane joining and breaking bind < split-window -h \; choose-window 'kill-pane ; join-pane -hs %%' bind > break-pane -d diff --git a/modules/shell/zsh.nix b/modules/shell/zsh.nix index 4dd2e25..bd38f39 100644 --- a/modules/shell/zsh.nix +++ b/modules/shell/zsh.nix @@ -1,39 +1,37 @@ # # Shell # - -{ pkgs, ... }: - -{ +{pkgs, ...}: { programs = { zsh = { enable = true; - autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options + autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options syntaxHighlighting.enable = true; history.size = 10000; - oh-my-zsh = { # Extra plugins for zsh + oh-my-zsh = { + # Extra plugins for zsh enable = true; - plugins = [ "git" ]; + plugins = ["git"]; #custom = "$HOME/.config/zsh_nix/custom"; }; initContent = '' - if [[ $WAYLAND_DISPLAY ]]; then - [[ $- != *i* ]] && return - [[ -z "$TMUX" ]] && (tmux attach || tmux new-session) - fi + if [[ $WAYLAND_DISPLAY ]]; then + [[ $- != *i* ]] && return + [[ -z "$TMUX" ]] && (tmux attach || tmux new-session) + fi - # Spaceship - source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup - autoload -U promptinit; promptinit -# source $HOME/.config/shell/shell_init - # Hook direnv -# emulate zsh -c "$(direnv hook zsh)" - # Swag - pfetch # Show fetch logo on terminal start - eval "$(direnv hook zsh)" - eval "$(ssh-agent)" + # Spaceship + source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup + autoload -U promptinit; promptinit + # source $HOME/.config/shell/shell_init + # Hook direnv + # emulate zsh -c "$(direnv hook zsh)" + # Swag + pfetch # Show fetch logo on terminal start + eval "$(direnv hook zsh)" + eval "$(ssh-agent)" ''; }; }; diff --git a/modules/wm/default.nix b/modules/wm/default.nix index 6faa521..bb4176c 100644 --- a/modules/wm/default.nix +++ b/modules/wm/default.nix @@ -1,16 +1,29 @@ -{ pkgs, lib, config, ... }: -with lib; { - # NOTE: Dynamic imports based on option values are not supported in NixOS modules. - # To conditionally load a WM, either import all WM modules and use mkIf in each, - # or select the WM module directly in the host configuration. - imports = []; + pkgs, + lib, + config, + ... +}: +with lib; { + # NOTE: Dynamic imports based on option values are not supported in NixOS modules. + # To conditionally load a WM, either import all WM modules and use mkIf in each, + # or select the WM module directly in the host configuration. + imports = []; - options = { - desktop = { - wm = mkOption { type = types.str; default = "sway"; }; - taskbar = mkOption { type = types.str; default = "waybar"; }; - launcher = mkOption { type = types.str; default = "bemenu"; }; - }; + options = { + desktop = { + wm = mkOption { + type = types.str; + default = "sway"; + }; + taskbar = mkOption { + type = types.str; + default = "waybar"; + }; + launcher = mkOption { + type = types.str; + default = "bemenu"; + }; }; + }; } diff --git a/modules/wm/kde/home.nix b/modules/wm/kde/home.nix index 2b59f0f..335bfbb 100644 --- a/modules/wm/kde/home.nix +++ b/modules/wm/kde/home.nix @@ -10,8 +10,10 @@ # └─ ./gnome # └─ home.nix * # - -{ config, lib, pkgs, ... }: { - + config, + lib, + pkgs, + ... +}: { } diff --git a/modules/wm/niri/home.nix b/modules/wm/niri/home.nix index a147580..4b16728 100644 --- a/modules/wm/niri/home.nix +++ b/modules/wm/niri/home.nix @@ -10,18 +10,20 @@ # └─ ./sway # └─ home.nix * # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { programs = { swaylock = { enable = true; settings = { - color = "000000"; - image = "$HOME/.config/lockwall"; - indicator-caps-lock = true; - show-keyboard-layout = true; + color = "000000"; + image = "$HOME/.config/lockwall"; + indicator-caps-lock = true; + show-keyboard-layout = true; }; }; }; @@ -30,12 +32,24 @@ swayidle = { enable = true; events = [ - { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; } - { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; } + { + event = "before-sleep"; + command = "${pkgs.swaylock}/bin/swaylock"; + } + { + event = "lock"; + command = "${pkgs.swaylock}/bin/swaylock -fF"; + } ]; timeouts = [ - { timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; } - { timeout = 600; command = "${pkgs.niri}/bin/niri msg action power-off-monitors"; } + { + timeout = 300; + command = "${pkgs.swaylock}/bin/swaylock -fF"; + } + { + timeout = 600; + command = "${pkgs.niri}/bin/niri msg action power-off-monitors"; + } ]; }; }; @@ -43,5 +57,4 @@ xdg.configFile = { "niri/config.kdl".source = ./config.kdl; }; - } diff --git a/modules/wm/steam/default.nix b/modules/wm/steam/default.nix index ac56a2e..a11db21 100644 --- a/modules/wm/steam/default.nix +++ b/modules/wm/steam/default.nix @@ -10,33 +10,37 @@ # └─ ./gnome # └─ default.nix * # -{ config, lib, user, pkgs, jovian-nixos, ... }: - { - imports = [ - (jovian-nixos + "/modules") - ]; + config, + lib, + user, + pkgs, + jovian-nixos, + ... +}: { + imports = [ + (jovian-nixos + "/modules") + ]; - jovian = { - steam = { - enable = true; - user = "kabbone"; - autoStart = true; - desktopSession = "plasma"; - }; - devices.steamdeck = { - enable = true; - }; - decky-loader.enable = true; + jovian = { + steam = { + enable = true; + user = "kabbone"; + autoStart = true; + desktopSession = "plasma"; }; - - hardware.graphics = { - enable = true; - enable32Bit = true; + devices.steamdeck = { + enable = true; }; + decky-loader.enable = true; + }; - environment.systemPackages = with pkgs; [ - steamdeck-firmware - ]; + hardware.graphics = { + enable = true; + enable32Bit = true; + }; + environment.systemPackages = with pkgs; [ + steamdeck-firmware + ]; } diff --git a/modules/wm/steam/home.nix b/modules/wm/steam/home.nix index 96b9113..a139a27 100644 --- a/modules/wm/steam/home.nix +++ b/modules/wm/steam/home.nix @@ -10,9 +10,12 @@ # └─ ./steam # └─ home.nix * # - -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { home = { packages = with pkgs; [ steam diff --git a/modules/wm/sway/default.nix b/modules/wm/sway/default.nix index 75c1a45..b5a8492 100644 --- a/modules/wm/sway/default.nix +++ b/modules/wm/sway/default.nix @@ -10,18 +10,22 @@ # └─ ./hyprland # └─ hyprland.nix * # - -{ config, lib, user, pkgs, desktop, ... }: - { - imports = [ ../waybar.nix ]; + config, + lib, + user, + pkgs, + desktop, + ... +}: { + imports = [../waybar.nix]; environment = { loginShellInit = '' if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then exec sway fi - ''; # Will automatically open sway when logged into tty1 + ''; # Will automatically open sway when logged into tty1 systemPackages = with pkgs; [ xdg-desktop-portal-wlr sway @@ -42,7 +46,7 @@ programs = { sway.enable = true; - sway.extraSessionCommands = '' + sway.extraSessionCommands = '' export MOZ_ENABLE_WAYLAND="1"; export MOZ_WEBRENDER="1"; export MOZ_USE_XINPUT2="2"; @@ -65,9 +69,10 @@ security.pam.services.swaylock = {}; - xdg.portal = { # Required for flatpak with windowmanagers + xdg.portal = { + # Required for flatpak with windowmanagers enable = true; wlr.enable = true; - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + extraPortals = [pkgs.xdg-desktop-portal-gtk]; }; } diff --git a/modules/wm/sway/home.nix b/modules/wm/sway/home.nix index 8164220..058cc6d 100644 --- a/modules/wm/sway/home.nix +++ b/modules/wm/sway/home.nix @@ -10,229 +10,251 @@ # └─ ./sway # └─ home.nix * # - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { wayland.windowManager.sway = { - enable = true; - checkConfig = false; - config = rec { - menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons"; - left = "m"; - down = "n"; - up = "e"; - right = "i"; - modifier = "Mod4"; - floating.modifier = "Mod4"; - floating.titlebar = true; - - input = { - "type:keyboard" = { - xkb_layout = "us,de"; - xkb_variant = "altgr-intl,"; - xkb_options = "grp:win_space_toggle"; - }; - "type:touchpad" = { - tap = "enabled"; - natural_scroll = "disabled"; - drag = "enabled"; - dwt = "enabled"; - middle_emulation = "enabled"; - scroll_method = "two_finger"; - tap_button_map = "lmr"; - }; + enable = true; + checkConfig = false; + config = rec { + menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons"; + left = "m"; + down = "n"; + up = "e"; + right = "i"; + modifier = "Mod4"; + floating.modifier = "Mod4"; + floating.titlebar = true; + + input = { + "type:keyboard" = { + xkb_layout = "us,de"; + xkb_variant = "altgr-intl,"; + xkb_options = "grp:win_space_toggle"; }; - - output = { - "*" = { - bg = "$HOME/.config/wall fill"; - }; - #"HDMI-A-1" = { - # mode = "2560x1440"; - # pos = "0,0"; - # #scale = "1.1"; - #}; - "DP-2" = { - mode = "2560x1440"; - pos = "0,250"; - }; - "DP-3" = { - mode = "1920x1200"; - pos = "2560,0"; - transform = "90"; - }; - #"eDP-1" = { - # mode = "1920x1080"; - # #pos = "4480,0"; - # pos = "2560,0"; - # subpixel = "none"; - # scale = "1.3"; - #}; + "type:touchpad" = { + tap = "enabled"; + natural_scroll = "disabled"; + drag = "enabled"; + dwt = "enabled"; + middle_emulation = "enabled"; + scroll_method = "two_finger"; + tap_button_map = "lmr"; }; + }; - terminal = "${pkgs.alacritty}/bin/alacritty"; - - fonts = { - names = [ "Cascadia Code" ]; - size = 10.0; + output = { + "*" = { + bg = "$HOME/.config/wall fill"; }; - - colors.focused = { - background = "#212121"; - border = "#999999"; - childBorder = "#999999"; - indicator = "#999999"; - text = "#FFFFFF"; + #"HDMI-A-1" = { + # mode = "2560x1440"; + # pos = "0,0"; + # #scale = "1.1"; + #}; + "DP-2" = { + mode = "2560x1440"; + pos = "0,250"; }; - - startup = [ - { command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; } - { command = "xrdb -load ~/.Xresources"; } - # { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; } - # { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; } - # { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; } - #{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; } - { command = "${pkgs.thunderbird}/bin/thunderbird"; } - { command = "${pkgs.firefox}/bin/firefox"; } - { command = "${pkgs.element-desktop}/bin/element-desktop"; } - ]; - - workspaceAutoBackAndForth = true; - - gaps.inner = 8; - gaps.outer = 4; - gaps.smartGaps = true; - gaps.smartBorders = "on"; - - assigns = { - "workspace number 1" = [{ app_id = "thunderbird"; }]; - "workspace number 2" = [{ app_id = "firefox"; }]; - "workspace number 3" = [{ app_id = "Element"; }]; + "DP-3" = { + mode = "1920x1200"; + pos = "2560,0"; + transform = "90"; }; + #"eDP-1" = { + # mode = "1920x1080"; + # #pos = "4480,0"; + # pos = "2560,0"; + # subpixel = "none"; + # scale = "1.3"; + #}; + }; - window.commands = [ - { command = "floating enable"; criteria = { app_id = ".yubioath-flutter-wrapped"; }; } - { command = "floating enable"; criteria = { app_id = "pavucontrol"; }; } - { command = "floating enable"; criteria = { app_id = "galculator"; }; } - { command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; } - { command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; } - { command = "floating enable"; criteria = { app_id = "virt-manager"; }; } - { command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; } - { command = "floating enable"; criteria = { class = "pop-up"; }; } - ]; - - bars = [ - { command = "${pkgs.waybar}/bin/waybar"; } - ]; + terminal = "${pkgs.alacritty}/bin/alacritty"; - defaultWorkspace = "workspace number 2"; + fonts = { + names = ["Cascadia Code"]; + size = 10.0; + }; - keybindings = - let - mod = config.wayland.windowManager.sway.config.modifier; - alt = "Mod1"; - left = config.wayland.windowManager.sway.config.left; - down = config.wayland.windowManager.sway.config.down; - up = config.wayland.windowManager.sway.config.up; - right = config.wayland.windowManager.sway.config.right; - in - { - "${mod}+Escape" = "exec swaymsg exit"; # Exit Sway - "${mod}+Return" = "exec ${terminal}"; # Open terminal - "${mod}+d" = "exec ${menu}"; # Open menu - "${mod}+l" = "exec ${pkgs.swaylock}/bin/swaylock"; # Lock Screen + colors.focused = { + background = "#212121"; + border = "#999999"; + childBorder = "#999999"; + indicator = "#999999"; + text = "#FFFFFF"; + }; - "${mod}+r" = "reload"; # Reload environment - "${mod}+q" = "kill"; # Kill container + startup = [ + {command = "exec ${pkgs.rot8}/bin/rot8 -Y -k";} + {command = "xrdb -load ~/.Xresources";} + # { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; } + # { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; } + # { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; } + #{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; } + {command = "${pkgs.thunderbird}/bin/thunderbird";} + {command = "${pkgs.firefox}/bin/firefox";} + {command = "${pkgs.element-desktop}/bin/element-desktop";} + ]; - "${mod}+Shift+f" = "exec ${pkgs.pcmanfm}/bin/pcmanfm"; # File Manager + workspaceAutoBackAndForth = true; + gaps.inner = 8; + gaps.outer = 4; + gaps.smartGaps = true; + gaps.smartBorders = "on"; - "${alt}+${left}" = "workspace prev_on_output"; # Navigate to previous or next workspace on output if it exists - "${alt}+${right}" = "workspace next_on_output"; - "${alt}+Shift+${left}" = "move container to workspace prev, workspace prev"; # Move container to next available workspace and focus - "${alt}+Shift+${right}" = "move container to workspace next, workspace next"; + assigns = { + "workspace number 1" = [{app_id = "thunderbird";}]; + "workspace number 2" = [{app_id = "firefox";}]; + "workspace number 3" = [{app_id = "Element";}]; + }; - "XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled"; - "XF86AudioPlay" = "exec playerctl play-pause"; - "XF86AudioNext" = "exec playerctl next"; - "XF86AudioPrev" = "exec playerctl previous"; - "XF86AudioStop" = "exec playerctl stop"; - - # Sink volume raise optionally with --device - "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; - "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; - # Sink volume toggle mute - "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; - # Source volume toggle mute - "XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle"; - - # Capslock (If you don't want to use the backend) - #bindsym --release Caps_Lock exec swayosd-client --caps-lock; - - # Brightness raise - "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; - # Brightness lower - "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; + window.commands = [ + { + command = "floating enable"; + criteria = {app_id = ".yubioath-flutter-wrapped";}; + } + { + command = "floating enable"; + criteria = {app_id = "pavucontrol";}; + } + { + command = "floating enable"; + criteria = {app_id = "galculator";}; + } + { + command = "floating enable"; + criteria = {app_id = "com.nitrokey.";}; + } + { + command = "floating enable"; + criteria = {app_id = "org.keepassxc.KeePassXC.";}; + } + { + command = "floating enable"; + criteria = {app_id = "virt-manager";}; + } + { + command = "floating enable"; + criteria = {title = "^OpenSSH Authentication";}; + } + { + command = "floating enable"; + criteria = {class = "pop-up";}; + } + ]; + bars = [ + {command = "${pkgs.waybar}/bin/waybar";} + ]; - "${mod}+${left}" = "focus left"; - "${mod}+${down}" = "focus down"; - "${mod}+${up}" = "focus up"; - "${mod}+${right}" = "focus right"; - - "${mod}+Shift+${left}" = "move left"; - "${mod}+Shift+${down}" = "move down"; - "${mod}+Shift+${up}" = "move up"; - "${mod}+Shift+${right}" = "move right"; - - "${mod}+${alt}+${left}" = "resize grow width 10px"; - "${mod}+${alt}+${down}" = "resize shrink height 10px"; - "${mod}+${alt}+${up}" = "resize grow height 10px"; - "${mod}+${alt}+${right}" = "resize shrink width 10px"; - - "${mod}+1" = "workspace number 1"; - "${mod}+2" = "workspace number 2"; - "${mod}+3" = "workspace number 3"; - "${mod}+4" = "workspace number 4"; - "${mod}+5" = "workspace number 5"; - "${mod}+6" = "workspace number 6"; - "${mod}+7" = "workspace number 7"; - "${mod}+8" = "workspace number 8"; - "${mod}+9" = "workspace number 9"; - "${mod}+0" = "workspace number 10"; - - "${mod}+Shift+1" = "move container to workspace number 1"; - "${mod}+Shift+2" = "move container to workspace number 2"; - "${mod}+Shift+3" = "move container to workspace number 3"; - "${mod}+Shift+4" = "move container to workspace number 4"; - "${mod}+Shift+5" = "move container to workspace number 5"; - "${mod}+Shift+6" = "move container to workspace number 6"; - "${mod}+Shift+7" = "move container to workspace number 7"; - "${mod}+Shift+8" = "move container to workspace number 8"; - "${mod}+Shift+9" = "move container to workspace number 9"; - "${mod}+Shift+0" = "move container to workspace number 10"; - - "${mod}+Tab" = "workspace next"; - "${mod}+Alt+Tab" = "workspace prev"; + defaultWorkspace = "workspace number 2"; - "${mod}+k" = "splith"; - "${mod}+v" = "splitv"; - - "${mod}+b" = "layout stacking"; - "${mod}+w" = "layout tabbed"; - "${mod}+p" = "layout toggle split"; - - "${mod}+f" = "fullscreen"; - "${mod}+Shift+space" = "floating toggle"; - "${mod}+h" = "focus mode_toggle"; - "${mod}+a" = "focus parent"; - - "${mod}+Shift+minus" = "move scratchpad"; - "${mod}+minus" = "scratchpad show"; - }; - }; + keybindings = let + mod = config.wayland.windowManager.sway.config.modifier; + alt = "Mod1"; + left = config.wayland.windowManager.sway.config.left; + down = config.wayland.windowManager.sway.config.down; + up = config.wayland.windowManager.sway.config.up; + right = config.wayland.windowManager.sway.config.right; + in { + "${mod}+Escape" = "exec swaymsg exit"; # Exit Sway + "${mod}+Return" = "exec ${terminal}"; # Open terminal + "${mod}+d" = "exec ${menu}"; # Open menu + "${mod}+l" = "exec ${pkgs.swaylock}/bin/swaylock"; # Lock Screen + + "${mod}+r" = "reload"; # Reload environment + "${mod}+q" = "kill"; # Kill container + + "${mod}+Shift+f" = "exec ${pkgs.pcmanfm}/bin/pcmanfm"; # File Manager + + "${alt}+${left}" = "workspace prev_on_output"; # Navigate to previous or next workspace on output if it exists + "${alt}+${right}" = "workspace next_on_output"; + "${alt}+Shift+${left}" = "move container to workspace prev, workspace prev"; # Move container to next available workspace and focus + "${alt}+Shift+${right}" = "move container to workspace next, workspace next"; + + "XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled"; + "XF86AudioPlay" = "exec playerctl play-pause"; + "XF86AudioNext" = "exec playerctl next"; + "XF86AudioPrev" = "exec playerctl previous"; + "XF86AudioStop" = "exec playerctl stop"; + + # Sink volume raise optionally with --device + "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; + "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; + # Sink volume toggle mute + "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; + # Source volume toggle mute + "XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle"; + + # Capslock (If you don't want to use the backend) + #bindsym --release Caps_Lock exec swayosd-client --caps-lock; + + # Brightness raise + "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; + # Brightness lower + "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; + + "${mod}+${left}" = "focus left"; + "${mod}+${down}" = "focus down"; + "${mod}+${up}" = "focus up"; + "${mod}+${right}" = "focus right"; + + "${mod}+Shift+${left}" = "move left"; + "${mod}+Shift+${down}" = "move down"; + "${mod}+Shift+${up}" = "move up"; + "${mod}+Shift+${right}" = "move right"; + + "${mod}+${alt}+${left}" = "resize grow width 10px"; + "${mod}+${alt}+${down}" = "resize shrink height 10px"; + "${mod}+${alt}+${up}" = "resize grow height 10px"; + "${mod}+${alt}+${right}" = "resize shrink width 10px"; + + "${mod}+1" = "workspace number 1"; + "${mod}+2" = "workspace number 2"; + "${mod}+3" = "workspace number 3"; + "${mod}+4" = "workspace number 4"; + "${mod}+5" = "workspace number 5"; + "${mod}+6" = "workspace number 6"; + "${mod}+7" = "workspace number 7"; + "${mod}+8" = "workspace number 8"; + "${mod}+9" = "workspace number 9"; + "${mod}+0" = "workspace number 10"; + + "${mod}+Shift+1" = "move container to workspace number 1"; + "${mod}+Shift+2" = "move container to workspace number 2"; + "${mod}+Shift+3" = "move container to workspace number 3"; + "${mod}+Shift+4" = "move container to workspace number 4"; + "${mod}+Shift+5" = "move container to workspace number 5"; + "${mod}+Shift+6" = "move container to workspace number 6"; + "${mod}+Shift+7" = "move container to workspace number 7"; + "${mod}+Shift+8" = "move container to workspace number 8"; + "${mod}+Shift+9" = "move container to workspace number 9"; + "${mod}+Shift+0" = "move container to workspace number 10"; + + "${mod}+Tab" = "workspace next"; + "${mod}+Alt+Tab" = "workspace prev"; + + "${mod}+k" = "splith"; + "${mod}+v" = "splitv"; + + "${mod}+b" = "layout stacking"; + "${mod}+w" = "layout tabbed"; + "${mod}+p" = "layout toggle split"; + + "${mod}+f" = "fullscreen"; + "${mod}+Shift+space" = "floating toggle"; + "${mod}+h" = "focus mode_toggle"; + "${mod}+a" = "focus parent"; + + "${mod}+Shift+minus" = "move scratchpad"; + "${mod}+minus" = "scratchpad show"; + }; + }; systemd.enable = true; wrapperFeatures.gtk = true; extraSessionCommands = '' @@ -255,12 +277,12 @@ ''; extraConfig = '' - set $output-primary DP-2 - set $output-secondary DP-3 + set $output-primary DP-2 + set $output-secondary DP-3 - workspace 1 output $output-secondary - workspace 2 output $output-primary - workspace 3 output $output-secondary + workspace 1 output $output-secondary + workspace 2 output $output-primary + workspace 3 output $output-secondary ''; }; @@ -268,28 +290,28 @@ swaylock = { enable = true; settings = { - color = "000000"; - image = "$HOME/.config/lockwall"; - indicator-caps-lock = true; - show-keyboard-layout = true; + color = "000000"; + image = "$HOME/.config/lockwall"; + indicator-caps-lock = true; + show-keyboard-layout = true; }; }; rofi = { - enable = true; - extraConfig = { - modi = "window,drun,ssh"; - kb-primary-paste = "Control+V,Shift+Insert"; - kb-secondary-paste = "Control+v,Insert"; - }; - font = "Cascadia Code"; - location = "top-left"; - plugins = [ - pkgs.rofi-calc - pkgs.rofi-bluetooth - pkgs.pinentry-rofi - ]; - terminal = "${pkgs.alacritty}/bin/alacritty"; - theme = "arthur"; + enable = true; + extraConfig = { + modi = "window,drun,ssh"; + kb-primary-paste = "Control+V,Shift+Insert"; + kb-secondary-paste = "Control+v,Insert"; + }; + font = "Cascadia Code"; + location = "top-left"; + plugins = [ + pkgs.rofi-calc + pkgs.rofi-bluetooth + pkgs.pinentry-rofi + ]; + terminal = "${pkgs.alacritty}/bin/alacritty"; + theme = "arthur"; }; }; @@ -297,34 +319,52 @@ swayidle = { enable = true; events = [ - { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; } - { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; } - { event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } - { event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } + { + event = "before-sleep"; + command = "${pkgs.swaylock}/bin/swaylock"; + } + { + event = "lock"; + command = "${pkgs.swaylock}/bin/swaylock -fF"; + } + { + event = "after-resume"; + command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; + } + { + event = "unlock"; + command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; + } ]; timeouts = [ - { timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; } - { timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } + { + timeout = 300; + command = "${pkgs.swaylock}/bin/swaylock -fF"; + } + { + timeout = 600; + command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; + resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; + } ]; }; swayosd.enable = true; }; -# qt = { -# enable = true; -# style.package = [ -# pkgs.dracula-theme -# pkgs.dracula-icon-theme -# pkgs.catppuccin-kvantum -# pkgs.catppuccin-kde -# pkgs.catppuccin-gtk -# pkgs.qt6Packages.qtstyleplugin-kvantum -# ]; -# style.name = "kvantum"; -# platformTheme.name = "qtct"; -# }; -# xdg.configFile = { -# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue"; -# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue"; -# }; - + # qt = { + # enable = true; + # style.package = [ + # pkgs.dracula-theme + # pkgs.dracula-icon-theme + # pkgs.catppuccin-kvantum + # pkgs.catppuccin-kde + # pkgs.catppuccin-gtk + # pkgs.qt6Packages.qtstyleplugin-kvantum + # ]; + # style.name = "kvantum"; + # platformTheme.name = "qtct"; + # }; + # xdg.configFile = { + # "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue"; + # "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue"; + # }; } diff --git a/modules/wm/virtualisation/default.nix b/modules/wm/virtualisation/default.nix index ba19133..9dfa53f 100644 --- a/modules/wm/virtualisation/default.nix +++ b/modules/wm/virtualisation/default.nix @@ -10,7 +10,6 @@ # └─ ./virtualisation # └─ default.nix * # - [ ./docker.nix ./qemu.nix diff --git a/modules/wm/virtualisation/docker.nix b/modules/wm/virtualisation/docker.nix index 874584e..8c0c5f2 100644 --- a/modules/wm/virtualisation/docker.nix +++ b/modules/wm/virtualisation/docker.nix @@ -1,19 +1,21 @@ # # Docker # - -{ config, pkgs, user, ... }: - { + config, + pkgs, + user, + ... +}: { virtualisation = { podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; + enable = true; + autoPrune.enable = true; + dockerCompat = true; }; }; - users.groups.docker.members = [ "${user}" ]; + users.groups.docker.members = ["${user}"]; #environment = { # interactiveShellInit = '' @@ -21,11 +23,10 @@ # ''; # Alias to easily start container #}; -# environment.systemPackages = with pkgs; [ -# docker-compose -# ]; + # environment.systemPackages = with pkgs; [ + # docker-compose + # ]; } - # USAGE: # list images (that can be run as container): docker images # list containers (that are active): docker container ls @@ -49,4 +50,5 @@ # -v :/www/assets \ # --restart=always \ # b4bz/homer:latest -# +# + diff --git a/modules/wm/virtualisation/kvm-amd.nix b/modules/wm/virtualisation/kvm-amd.nix index adecc5d..00fb883 100644 --- a/modules/wm/virtualisation/kvm-amd.nix +++ b/modules/wm/virtualisation/kvm-amd.nix @@ -1,12 +1,14 @@ # # KVM module options amd # - -{ config, pkgs, user, ... }: - -{ # Add libvirtd and kvm to userGroups +{ + config, + pkgs, + user, + ... +}: { + # Add libvirtd and kvm to userGroups boot.extraModprobeConfig = '' options kvm_amd nested=0 avic=1 npt=1 - ''; # Needed to run OSX-KVM + ''; # Needed to run OSX-KVM } - diff --git a/modules/wm/virtualisation/kvm-intel.nix b/modules/wm/virtualisation/kvm-intel.nix index e4f2607..270d4bc 100644 --- a/modules/wm/virtualisation/kvm-intel.nix +++ b/modules/wm/virtualisation/kvm-intel.nix @@ -1,13 +1,16 @@ # -# KVM module options intel +# KVM module options intel # - -{ config, pkgs, user, ... }: - -{ # Add libvirtd and kvm to userGroups +{ + config, + pkgs, + user, + ... +}: { + # Add libvirtd and kvm to userGroups boot.extraModprobeConfig = '' options kvm_intel nested=1 options kvm_intel emulate_invalid_guest_state=0 options kvm ignore_nsrs=1 - ''; # Needed to run OSX-KVM + ''; # Needed to run OSX-KVM } diff --git a/modules/wm/virtualisation/qemu.nix b/modules/wm/virtualisation/qemu.nix index e854062..323d714 100644 --- a/modules/wm/virtualisation/qemu.nix +++ b/modules/wm/virtualisation/qemu.nix @@ -1,22 +1,25 @@ # -# Qemu/KVM with virt-manager +# Qemu/KVM with virt-manager # - -{ config, pkgs, user, ... }: - -{ # Add libvirtd and kvm to userGroups - users.groups.libvirtd.members = [ "root" "${user}" ]; +{ + config, + pkgs, + user, + ... +}: { + # Add libvirtd and kvm to userGroups + users.groups.libvirtd.members = ["root" "${user}"]; virtualisation = { libvirtd = { - enable = true; # Virtual drivers + enable = true; # Virtual drivers onShutdown = "shutdown"; #qemuPackage = pkgs.qemu_kvm; # Default qemu = { runAsRoot = false; }; }; - spiceUSBRedirection.enable = true; # USB passthrough + spiceUSBRedirection.enable = true; # USB passthrough }; programs.dconf.enable = true; @@ -27,12 +30,13 @@ qemu OVMF OVMF-cloud-hypervisor - gvfs # Used for shared folders between linux and windows + gvfs # Used for shared folders between linux and windows cloud-hypervisor ]; }; - services = { # Enable file sharing between OS + services = { + # Enable file sharing between OS gvfs.enable = true; }; } diff --git a/modules/wm/waybar.nix b/modules/wm/waybar.nix index 2f34395..66aab90 100644 --- a/modules/wm/waybar.nix +++ b/modules/wm/waybar.nix @@ -1,15 +1,19 @@ # # Bar # - -{ config, lib, user, pkgs, ...}: - { + config, + lib, + user, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ waybar ]; - home-manager.users.${user} = { # Home-manager waybar config + home-manager.users.${user} = { + # Home-manager waybar config programs.waybar = { enable = true; #systemd = { @@ -25,25 +29,25 @@ font-size: 11px; min-height: 0; } - + window#waybar { background: rgba(43, 48, 59, 0.3); border-bottom: 3px solid transparent; color: white; } - + #workspaces button { padding: 0 5px; margin: 0 3px; color: white; border-bottom: 3px solid transparent; } - + #workspaces button.focused { background: rgba(100, 114, 125, 0.2); border-bottom: 2px solid gray; } - + #mode { background: transparent; border-bottom: 2px solid gray; @@ -53,26 +57,26 @@ padding: 0 6px; margin: 0 5px; } - + #custom-vkeyboard, #custom-appkill, #custom-rotate { padding: 0px 50px; margin: 0px 0px; font-size: 20px; } - + #clock { background-color: transparent; color: white; } - + #battery { color: white; } - + #battery.charging { color: white; } - + @keyframes blink { to { background-color: rgba(1, 1, 1, 0); @@ -87,29 +91,29 @@ animation-iteration-count: infinite; animation-direction: alternate; } - + #cpu { background: transparent; border-bottom: 2px solid yellow; color: white; } - + #memory { background: transparent; border-bottom: 2px solid green; color: white; } - + #network { background: transparent; color: white } - + #network.disconnected { background: transparent; color: crimson; } - + #pulseaudio { background: transparent; color: white; @@ -118,19 +122,19 @@ #pulseaudio.muted { border-bottom: 2px solid red; } - + #tray { background-color: transparent; } - + #custom-sl.good { border-bottom: 3px solid green; } - + #custom-sl.other { border-bottom: 3px solid #F4AF39; } - + #custom-appkill { color: red; background-color: black; @@ -140,146 +144,148 @@ background-color: black; } ''; - settings = [{ - layer = "bottom"; - position = "top"; - height = 22; - tray = { spacing = 10; }; - modules-center = [ "custom/rotate" "clock" "custom/appkill" ]; - modules-left = [ "sway/mode" "sway/workspaces" "sway/window" ]; - #modules-left = [ "wlr/workspaces" ]; - modules-right = [ "idle_inhibitor" "pulseaudio" "network" "cpu" "memory" "backlight" "temperature" "battery" "tray" ]; - #modules-right = [ "cpu" "memory" "pulseaudio" "clock" "tray" ]; + settings = [ + { + layer = "bottom"; + position = "top"; + height = 22; + tray = {spacing = 10;}; + modules-center = ["custom/rotate" "clock" "custom/appkill"]; + modules-left = ["sway/mode" "sway/workspaces" "sway/window"]; + #modules-left = [ "wlr/workspaces" ]; + modules-right = ["idle_inhibitor" "pulseaudio" "network" "cpu" "memory" "backlight" "temperature" "battery" "tray"]; + #modules-right = [ "cpu" "memory" "pulseaudio" "clock" "tray" ]; - "sway/workspaces" = { - format = "{icon}"; - format-icons = { - "1"=""; - "2"=""; - "3"=""; - "4"=""; - "5"=""; + "sway/workspaces" = { + format = "{icon}"; + format-icons = { + "1" = ""; + "2" = ""; + "3" = ""; + "4" = ""; + "5" = ""; + }; + all-outputs = false; + persistent_workspaces = { + "1" = []; + "2" = []; + "3" = []; + "4" = []; + "5" = []; + }; }; - all-outputs = false; - persistent_workspaces = { - "1" = []; - "2" = []; - "3" = []; - "4" = []; - "5" = []; - }; - }; - "wlr/workspaces" = { - format = "{icon}"; - format-icons = { - "1"=""; - "2"=""; - "3"=""; - "4"=""; - "5"=""; - }; - all-outputs = true; - active-only = false; - on-click = "activate"; - }; - clock = { - format = "{:%b %d %H:%M}"; - tooltip-format = "{:%Y %B}\n{calendar}"; - format-alt = "{:%A, %B %d, %Y}"; - }; - idle_inhibitor = { + "wlr/workspaces" = { format = "{icon}"; format-icons = { - activated = ""; - deactivated = ""; + "1" = ""; + "2" = ""; + "3" = ""; + "4" = ""; + "5" = ""; }; - }; - cpu = { - format = "{usage}% "; - tooltip = false; - interval = 2; - }; - disk = { - format = "{percentage_used}% "; - path = "/"; - interval = 30; - }; - memory = { - format = "{}% "; - interval = 5; - }; - temperature = { + all-outputs = true; + active-only = false; + on-click = "activate"; + }; + clock = { + format = "{:%b %d %H:%M}"; + tooltip-format = "{:%Y %B}\n{calendar}"; + format-alt = "{:%A, %B %d, %Y}"; + }; + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + cpu = { + format = "{usage}% "; + tooltip = false; + interval = 2; + }; + disk = { + format = "{percentage_used}% "; + path = "/"; + interval = 30; + }; + memory = { + format = "{}% "; + interval = 5; + }; + temperature = { states = { - "good" = 50; - "warning" = 70; - "critical" = 80; + "good" = 50; + "warning" = 70; + "critical" = 80; }; "thermal-zone" = 2; "hwmon-path" = "/sys/class/hwmon/hwmon3/temp1_input"; "format" = "{temperatureC}°C {icon}"; "format-icons" = ["❄" "❄" "" "" ""]; - }; - backlight = { + }; + backlight = { "format" = "{percent}% {icon}"; "format-icons" = ["" ""]; "on-scroll-up" = "light -A +5%"; "on-scroll-down" = "light -U -5%"; - }; - battery = { - interval = 60; - states = { - good = 95; - warning = 20; - critical = 5; }; - format = "{capacity}% {icon}"; - format-charging = "{capacity}% "; - format-plugged = "{capacity}% "; - format-alt = "{time} {icon}"; - format-icons = ["" "" "" "" ""]; - }; - network = { - format-wifi = " {ipaddr}"; - format-ethernet = "{ifname}: {ipaddr}/{cidr} "; - format-linked = "{ifname} (No IP) 睊"; - format-disconnected = "Not connected ⚠"; - format-alt = "{ifname}: {ipaddr}/{cidr}"; - tooltip-format = "{essid} {signalStrength}%"; - on-click-right = "${pkgs.alacritty}/bin/alacritty -e nmtui"; - }; - pulseaudio = { - scroll-step = 1; - format = "{volume}% {icon} {format_source}"; - format-bluetooth = "{volume}% {icon} {format_source}"; - format-bluetooth-muted = "{volume}% {icon} {format_source}"; - format-muted = " {format_source}"; - format-source = "{volume}% "; - #format-source = ""; - format-source-muted = ""; - format-icons = { - default = [ "" "" "" ]; - headphones = ""; - handsfree = ""; - headset = ""; + battery = { + interval = 60; + states = { + good = 95; + warning = 20; + critical = 5; + }; + format = "{capacity}% {icon}"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-alt = "{time} {icon}"; + format-icons = ["" "" "" "" ""]; }; - tooltip-format = "{desc}, {volume}%"; - on-click-right = "${pkgs.pamixer}/bin/pamixer --default-source -t"; - on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; - }; - "custom/appkill" = { + network = { + format-wifi = " {ipaddr}"; + format-ethernet = "{ifname}: {ipaddr}/{cidr} "; + format-linked = "{ifname} (No IP) 睊"; + format-disconnected = "Not connected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format = "{essid} {signalStrength}%"; + on-click-right = "${pkgs.alacritty}/bin/alacritty -e nmtui"; + }; + pulseaudio = { + scroll-step = 1; + format = "{volume}% {icon} {format_source}"; + format-bluetooth = "{volume}% {icon} {format_source}"; + format-bluetooth-muted = "{volume}% {icon} {format_source}"; + format-muted = " {format_source}"; + format-source = "{volume}% "; + #format-source = ""; + format-source-muted = ""; + format-icons = { + default = ["" "" ""]; + headphones = ""; + handsfree = ""; + headset = ""; + }; + tooltip-format = "{desc}, {volume}%"; + on-click-right = "${pkgs.pamixer}/bin/pamixer --default-source -t"; + on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; + }; + "custom/appkill" = { format = " "; icon-size = 20; #on-click = "${pkgs.hyprland}/bin/hyprctl dispatch killactive ."; on-click = "${pkgs.sway}/bin/swaymsg kill"; tooltip = false; - }; - "custom/rotate" = { + }; + "custom/rotate" = { format = "♽ "; icon-size = 20; on-click = "${pkgs.sway}/bin/swaymsg output eDP-1 transform 180 clockwise"; tooltip = false; - }; - }]; + }; + } + ]; }; }; } diff --git a/overlays/default.nix b/overlays/default.nix index 7061401..d49ef78 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -6,7 +6,6 @@ mealie = final.unstable.mealie; }; - # When applied, the unstable nixpkgs set (declared in the flake inputs) will # be accessible through 'pkgs.unstable' unstable-packages = final: _prev: { @@ -16,4 +15,3 @@ }; }; } - diff --git a/packages/corosync-qdevice.nix b/packages/corosync-qdevice.nix index 4838910..5a64b10 100644 --- a/packages/corosync-qdevice.nix +++ b/packages/corosync-qdevice.nix @@ -1,20 +1,20 @@ -{ - lib, - pkgs, - stdenv -} : +{ + lib, + pkgs, + stdenv, +}: stdenv.mkDerivation rec { pname = "corosync-qdevice"; version = "3.0.3"; src = pkgs.fetchFromGitHub { - owner = "corosync"; - repo = "corosync-qdevice"; - rev = "v${version}"; - sha256 = "sha256-9FyLhcGHNW73Xao7JiODzgyDKIynEAHJUlNppX+nPfw="; + owner = "corosync"; + repo = "corosync-qdevice"; + rev = "v${version}"; + sha256 = "sha256-9FyLhcGHNW73Xao7JiODzgyDKIynEAHJUlNppX+nPfw="; }; enableParallelBuilding = true; - nativeBuildInputs = with pkgs; [ + nativeBuildInputs = with pkgs; [ autoconf automake libtool @@ -23,21 +23,21 @@ stdenv.mkDerivation rec { systemd ]; - buildInputs = with pkgs; [ + buildInputs = with pkgs; [ corosync nss ]; configurePhase = '' - ./autogen.sh - ./configure \ - --prefix=$out \ - --enable-systemd \ - --disable-upstart + ./autogen.sh + ./configure \ + --prefix=$out \ + --enable-systemd \ + --disable-upstart ''; buildPhase = '' - make + make ''; meta = { diff --git a/packages/default.nix b/packages/default.nix index 3652ec4..51ae37d 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -1,4 +1,3 @@ -{ pkgs, ... }: -{ -# corosync-qdevice = pkgs.callPackage ./corosync-qdevice.nix {}; +{pkgs, ...}: { + # corosync-qdevice = pkgs.callPackage ./corosync-qdevice.nix {}; } diff --git a/packages/result b/packages/result deleted file mode 120000 index 17bb002..0000000 --- a/packages/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/7azph9v0lqnb3imkgvdlb0p8j98wy5vy-corosync-qdevice \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e3cb58b..c7a3454 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,21 +1,20 @@ let - #kabbone = [ -# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVQmOem6iMFx1whIpF66B8jv3iWhLYyBkgsl+Bm9LhBjsIrhOBUmkvIA8w0uojxO3XFNqeeyUfsqrAW2PrsNl6JXEDlRw9oaaCH3C0daCxr76peTGxKhXek+kfQIC0HIcqAif+TdmAC3Q6TK3R2/I4yTgt0XOVbkJpOHhbR6kjyTjx1CMEVmbKgduIpeznBDOlC+iotqbchBVQKmnqJt0HNbSFxL4G1bN9UQlr8wzaSf/ZBTPU/ARfES4nrNc4vmztZmsI7clk57JKHFcf19PiMgUWMxdfW5bhMmf/7ARgrk4hZPmWmBnRK1njmFICBuWfAbDx1wnRfDVtSOxiNmMuN3pLUmB9XQCAgvC3kreFs7yDYoYPFcVUA0+AV/hRvB6ISwbsZb9qZSwAVrbnwiMb3e8SJYUb9GKFWPEjNLVYPj66mYH4Hi9FB9q76OQ1kCZthov+pAgy2S4kv0PoqDcpVZxlHsULoXokS2r9yQ/xzQopobbbTkZq4lXv79UZlyrr5zcQ7c4/ojDRxNtFmYlD/dltWWy9ZwcoKioRCFd2CSPRGTx46VClrJ0yJpNX2boyh/Av/6nsucocasLzZ9EHkctvrZQMq3u2FwCQPQ37kdY/JPYpDYKnAJMx4VgLqycbkTBnGDUbHyfVCEEBklTy35JKd73Vm3df7NNk5qA4bQ==" -# "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo=" -# "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo=" -# "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo=" -# "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo=" -# ]; - + #kabbone = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVQmOem6iMFx1whIpF66B8jv3iWhLYyBkgsl+Bm9LhBjsIrhOBUmkvIA8w0uojxO3XFNqeeyUfsqrAW2PrsNl6JXEDlRw9oaaCH3C0daCxr76peTGxKhXek+kfQIC0HIcqAif+TdmAC3Q6TK3R2/I4yTgt0XOVbkJpOHhbR6kjyTjx1CMEVmbKgduIpeznBDOlC+iotqbchBVQKmnqJt0HNbSFxL4G1bN9UQlr8wzaSf/ZBTPU/ARfES4nrNc4vmztZmsI7clk57JKHFcf19PiMgUWMxdfW5bhMmf/7ARgrk4hZPmWmBnRK1njmFICBuWfAbDx1wnRfDVtSOxiNmMuN3pLUmB9XQCAgvC3kreFs7yDYoYPFcVUA0+AV/hRvB6ISwbsZb9qZSwAVrbnwiMb3e8SJYUb9GKFWPEjNLVYPj66mYH4Hi9FB9q76OQ1kCZthov+pAgy2S4kv0PoqDcpVZxlHsULoXokS2r9yQ/xzQopobbbTkZq4lXv79UZlyrr5zcQ7c4/ojDRxNtFmYlD/dltWWy9ZwcoKioRCFd2CSPRGTx46VClrJ0yJpNX2boyh/Av/6nsucocasLzZ9EHkctvrZQMq3u2FwCQPQ37kdY/JPYpDYKnAJMx4VgLqycbkTBnGDUbHyfVCEEBklTy35JKd73Vm3df7NNk5qA4bQ==" + # "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo=" + # "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo=" + # "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo=" + # "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo=" + # ]; kabbone = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgN40HJMAlzCgIU3FaZoU+Rnn4z0++Y7Kh+hDVKCrMUBt89NqIXg2RaToOMijLvZrgpdOfIyM9Z0whLs9EOdW+CsMdThBrQv4raSBp6AFf9XPMnLLVSs3w1JZhdusToXlwAynDm2YOPI+MxhXhJ4wl8PseuMd0Oo2OpsTyjOVz609XVdbc2kBc249wXBhJ+HoJZ1ohRaq7TBwvqwij933LjGiwDXLCsz08t5ZPDwn4SToa5jheJTbcD5IbSXKlj0CP/GB2kdJJa669xsgM5rV++xltQXOp7VdHfh3Rwf/u4M564yevSboio5E4h7Jfs5/SfB/oLeWzR4gsiEjl3KYHurbzyQGo4AexQPZAJywIZS/gm6ZpaUYWCaXwKom44ZBTlyRTKIVCj0n2fueoHa5mq+4Wdi1kYuZzxPKRbJKcG/TPEZZV1t0Fp6hEUUneAvTP/glgL9ZU+N7S1HKfl9cZcgCzMckK4GwEQeVSYyREdWudL3lt2+ffIK82QCYN0712i1bfl6QIgua0fBdHQG0XTq3u2r8QyX7HdWH2IIa2JpBg9aCKQ20nZPyuQinjrmq+oUnaPgmvm8bou+ki8V6+KY/nH/QVHKa9VUXH0Y3a6ZVGGXh1YNLM77aDKqGI2h3QvI9BD77KuUEe83GWchYWpDZ9zLvauVUsHgp1W7x2Fw=="; yubic = "age1yubikey1q04plcan2003nzzd4zlnmrduw8323p4vhahe7gd5lyxcmnv306mpja0862p"; yubia = "age1yubikey1qg89sgf7ytv320e9axauhz2s2g928ettgnfsjvpv4jvp6kp6g26zqavewr6"; -#"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo="; - users = [ - kabbone - yubic - yubia + #"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo="; + users = [ + kabbone + yubic + yubia ]; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+"; @@ -26,20 +25,20 @@ let steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcbvtlL9xFq6kcvE6x20/Es5PVWMhbBvra8HjGUm4NB"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLDA3tmyCR4ogX7mgwaEhsceqALQvq9IqXhg8rF0OIi"; homerunner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5MASizLhydfxn0AWcG6LfeC4fghLTDVsLbEHDnIAhc"; - serverrunner="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfLhlJX2VlZE4myreojQ0hqCSL28kE9Y3F65uumgrSK"; - systems = [ - server - dmz - hades - nasbak - jupiter - steamdeck - laptop - homerunner - serverrunner + serverrunner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfLhlJX2VlZE4myreojQ0hqCSL28kE9Y3F65uumgrSK"; + systems = [ + server + dmz + hades + nasbak + jupiter + steamdeck + laptop + homerunner + serverrunner ]; servers = [ - server + server ]; homerunners = [ homerunner @@ -48,38 +47,37 @@ let serverrunner ]; buildClients = [ - nasbak - jupiter - steamdeck - laptop + nasbak + jupiter + steamdeck + laptop ]; buildServer = [ - server - dmz - hades + server + dmz + hades ]; homeServices = [ - jupiter - dmz + jupiter + dmz ]; -in - { - "services/postgresql/initScript.age".publicKeys = servers ++ users; - "services/coturn/static-auth.age".publicKeys = servers ++ users; - "services/matrix/synapse.age".publicKeys = servers ++ users; - "services/matrix/mautrix-telegram.age".publicKeys = servers ++ users; - "services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users; - "services/matrix/mautrix-signal.age".publicKeys = servers ++ users; - "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; - "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; - "services/gitea/databasePassword.age".publicKeys = servers ++ users; - "services/gitea/mailerPassword.age".publicKeys = servers ++ users; - "services/mealie/credentialsFile.age".publicKeys = servers ++ users; - "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; - "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; - "services/vaultwarden/environment.age".publicKeys = homeServices ++ users; - "services/paperless/pwFile.age".publicKeys = homeServices ++ users; - "services/acme/opel-online.age".publicKeys = homeServices ++ users; - "keys/nixremote.age".publicKeys = buildClients ++ users; - "keys/nixservepriv.age".publicKeys = buildServer ++ users; - } +in { + "services/postgresql/initScript.age".publicKeys = servers ++ users; + "services/coturn/static-auth.age".publicKeys = servers ++ users; + "services/matrix/synapse.age".publicKeys = servers ++ users; + "services/matrix/mautrix-telegram.age".publicKeys = servers ++ users; + "services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users; + "services/matrix/mautrix-signal.age".publicKeys = servers ++ users; + "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; + "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; + "services/gitea/databasePassword.age".publicKeys = servers ++ users; + "services/gitea/mailerPassword.age".publicKeys = servers ++ users; + "services/mealie/credentialsFile.age".publicKeys = servers ++ users; + "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; + "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; + "services/vaultwarden/environment.age".publicKeys = homeServices ++ users; + "services/paperless/pwFile.age".publicKeys = homeServices ++ users; + "services/acme/opel-online.age".publicKeys = homeServices ++ users; + "keys/nixremote.age".publicKeys = buildClients ++ users; + "keys/nixservepriv.age".publicKeys = buildServer ++ users; +}