Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

format the repo files

Browse Source
This commit is contained in:
Kabbone
2026-04-26 10:27:50 +02:00
parent 92fd97c9a2
commit b319cd93e9
116 changed files with 4726 additions and 4247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/configuration_common.nix
View File

@@ -2,10 +2,16 @@
# Common configuration shared by all hosts (desktop and server).
# Imported by configuration_desktop.nix and configuration_server.nix.
#
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{
config,
lib,
pkgs,
inputs,
user,
location,
agenix,
...
}: {
imports = [
../modules/hardware/hydraCache.nix
];
@@ -86,7 +92,7 @@
nix = {
settings = {
auto-optimise-store = true;
allowed-users = [ "@wheel" ];
allowed-users = ["@wheel"];
};
gc = {
automatic = true;

16
hosts/configuration_server.nix
View File

@@ -2,10 +2,16 @@
# Server configuration. Imports configuration_common.nix for shared settings.
# Service modules are imported per-host.
#
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{
config,
lib,
pkgs,
inputs,
user,
location,
agenix,
...
}: {
imports = [
./configuration_common.nix
];
@@ -13,7 +19,7 @@
users.users.${user} = {
isNormalUser = true;
uid = 3000;
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ];
extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"];
};
security.sudo.wheelNeedsPassword = true;
@@ -25,7 +31,7 @@
];
services.openssh = {
ports = [ 2220 ];
ports = [2220];
openFirewall = true;
};

280
hosts/default.nix
View File

@@ -12,10 +12,21 @@
# ├─ ./default.nix
# └─ ./home.nix
#
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
let
{
lib,
inputs,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
home-manager-unstable,
agenix,
jovian-nixos,
microvm,
impermanence,
lanzaboote,
...
}: let
# Default user — desktop hosts share this; server hosts may override per-host
# by passing a different `user` value in their own specialArgs block.
defaultUser = "kabbone";
@@ -30,7 +41,10 @@ let
pkgs-kabbone = import ../packages {
inherit system;
pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
};
pkgs = import nixpkgs {
@@ -51,136 +65,188 @@ let
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.extraSpecialArgs = {inherit user;};
home-manager.users.${user}.imports = hmImports;
}
];
in
{
hades = lib.nixosSystem { # Desktop profile
in {
hades = lib.nixosSystem {
# Desktop profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote
./desktop # myDesktop options set inside
./configuration_common.nix
../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home.nix ./desktop/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote
./desktop # myDesktop options set inside
./configuration_common.nix
../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home.nix ./desktop/home.nix]);
};
lifebook = lib.nixosSystem { # Laptop profile
lifebook = lib.nixosSystem {
# Laptop profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix lanzaboote; user = defaultUser; };
modules = [
agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./lifebook # myDesktop options set inside
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home.nix ./lifebook/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix lanzaboote;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./lifebook # myDesktop options set inside
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home.nix ./lifebook/home.nix]);
};
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
steamdeck = nixpkgs-unstable.lib.nixosSystem {
# steamdeck profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; user = defaultUser; };
modules = [
agenix.nixosModules.default
jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./steamdeck
./configuration_common.nix
] ++ (mkHM home-manager-unstable defaultUser [ ./home.nix ./steamdeck/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./steamdeck
./configuration_common.nix
]
++ (mkHM home-manager-unstable defaultUser [./home.nix ./steamdeck/home.nix]);
};
kabtop = lib.nixosSystem { # Server profile
kabtop = lib.nixosSystem {
# Server profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtop
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtop/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
microvm.nixosModules.host
./kabtop
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home_server.nix ./kabtop/home.nix]);
};
nasbak = lib.nixosSystem { # Server profile
nasbak = lib.nixosSystem {
# Server profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
modules = [
agenix.nixosModules.default
./nasbackup
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./nasbackup/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
./nasbackup
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home_server.nix ./nasbackup/home.nix]);
};
jupiter = lib.nixosSystem { # Server profile
jupiter = lib.nixosSystem {
# Server profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
modules = [
agenix.nixosModules.default
./jupiter
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./jupiter/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
./jupiter
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home_server.nix ./jupiter/home.nix]);
};
kabtopci = lib.nixosSystem { # Server profile
kabtopci = lib.nixosSystem {
# Server profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_common.nix
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtopci/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_common.nix
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home_server.nix ./kabtopci/home.nix]);
};
kubemaster-1 = lib.nixosSystem { # Server profile
kubemaster-1 = lib.nixosSystem {
# Server profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kubemaster-1
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kubemaster-1/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
microvm.nixosModules.host
./kubemaster-1
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home_server.nix ./kubemaster-1/home.nix]);
};
dmz = lib.nixosSystem { # Server profile
dmz = lib.nixosSystem {
# Server profile
inherit system;
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./dmz
./configuration_common.nix
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./dmz/home.nix ]);
specialArgs = {
inherit inputs location nixos-hardware agenix impermanence;
user = defaultUser;
};
modules =
[
agenix.nixosModules.default
microvm.nixosModules.host
./dmz
./configuration_common.nix
nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager defaultUser [./home_server.nix ./dmz/home.nix]);
};
# vm = lib.nixosSystem { # VM profile
# inherit system;
# specialArgs = { inherit inputs user location; };
# modules = [
# ./vm
# ./configuration.nix
#
# (mkHM home-manager [ ./home.nix ./vm/home.nix ])
# ];
# };
# vm = lib.nixosSystem { # VM profile
# inherit system;
# specialArgs = { inherit inputs user location; };
# modules = [
# ./vm
# ./configuration.nix
#
# (mkHM home-manager [ ./home.nix ./vm/home.nix ])
# ];
# };
}

32
hosts/desktop/default.nix
View File

@@ -1,10 +1,12 @@
#
# Hades desktop — system configuration
#
{ lib, pkgs, inputs, ... }:
{
lib,
pkgs,
inputs,
...
}: {
# Example: host-specific overlays — only hades gets these packages in its pkgs.
# nixpkgs.overlays = [
# (final: prev: {
@@ -21,22 +23,22 @@
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.cpu = "amd";
myDesktop.windowManager = "niri";
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.openrgb.enable = true;
myDesktop.openrgb.enable = true;
myDesktop.openrgb.motherboard = "amd";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
"jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";};
"lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ];
path = "/home/kabbone/Sync";
devices = ["jupiter.home.opel-online.de" "lifebook.home.opel-online.de"];
ignorePerms = false;
};
};
@@ -45,16 +47,16 @@
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = lib.mkForce false;
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
timeout = 1;
};
lanzaboote = {
enable = true;
enable = true;
pkiBundle = "/etc/secureboot";
};
};
environment.systemPackages = [ pkgs.linux-firmware ];
environment.systemPackages = [pkgs.linux-firmware];
}

247
hosts/desktop/hardware-configuration.nix
View File

@@ -10,17 +10,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
[(modulesPath + "/installer/scan/not-detected.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" "nct6775" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-amd" "nct6775"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -34,149 +38,148 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
extraPackages = [pkgs.lz4 pkgs.mbuffer];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
};
btrbk-bak = {
after = ["network-online.target"];
requires = ["network-online.target"];
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Pluto" = {
device = "jupiter:/Pluto";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" = {
device = "jupiter:/Mars";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [{device = "/swap/swapfile";}];
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "hades";
networkmanager = {
enable = true;
};
firewall = {
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
allowedUDPPorts = [24727];
allowedTCPPorts = [24727];
};
};
# systemd.network = {
# enable = true;
# networks = {
# "10-lan" = {
# matchConfig.Name = "eno1";
# ntp = [ "192.168.2.1" ];
# domains = [ "home.opel-online.de" ];
# networkConfig = {
# DHCP = "yes";
# IPv6AcceptRA = true;
# };
# };
# };
# };
# systemd.network = {
# enable = true;
# networks = {
# "10-lan" = {
# matchConfig.Name = "eno1";
# ntp = [ "192.168.2.1" ];
# domains = [ "home.opel-online.de" ];
# networkConfig = {
# DHCP = "yes";
# IPv6AcceptRA = true;
# };
# };
# };
# };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;

9
hosts/desktop/home.nix
View File

@@ -2,12 +2,9 @@
# Hades desktop — home-manager host-specific additions
# (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
#
{ pkgs, ... }:
{
{pkgs, ...}: {
imports = [
../../modules/home.nix # cmds / theme options
../../modules/home.nix # cmds / theme options
];
home.packages = with pkgs; [
@@ -21,7 +18,7 @@
];
services = {
blueman-applet.enable = true;
blueman-applet.enable = true;
network-manager-applet.enable = true;
};

36
hosts/dmz/default.nix
View File

@@ -1,38 +1,44 @@
#
# DMZ — demilitarised zone server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/dmz);
config,
pkgs,
user,
agenix,
impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/dmz);
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
services = {
qemuGuest.enable = true;
avahi = {
enable = true;
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};

131
hosts/dmz/hardware-configuration.nix
View File

@@ -10,17 +10,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -33,75 +37,74 @@
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
swapDevices = [];
swapDevices = [ ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.101.1"
];
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = ["192.168.101.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.101.1"
];
};
};
};
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "dmz";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
};
}

16
hosts/dmz/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
@@ -32,5 +29,4 @@
programs = {
alacritty.settings.font.size = 11;
};
}

76
hosts/fuji/default.nix
View File

@@ -5,7 +5,7 @@
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
@@ -16,63 +16,75 @@
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
config,
nixpkgs,
pkgs,
user,
lib,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)]
++ # Window Manager
(import ../../modules/wm/virtualisation)
++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)]
++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
boot = {
# Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
# EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = { # Needed to find wireless printer
avahi = {
# Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
publish = {
# Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

151
hosts/fuji/hardware-configuration.nix
View File

@@ -10,17 +10,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
[(modulesPath + "/installer/scan/not-detected.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -34,77 +38,76 @@
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [{device = "/swap/swapfile";}];
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
@@ -117,17 +120,17 @@
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = ["192.168.2.1"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

27
hosts/fuji/home.nix
View File

@@ -10,18 +10,15 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
@@ -35,11 +32,11 @@
];
};
services = { # Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
services = {
# Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

112
hosts/home.nix
View File

@@ -14,32 +14,35 @@
# └─ ./shell
# └─ default.nix
#
{ config, lib, pkgs, user, ... }:
{
{
config,
lib,
pkgs,
user,
...
}: {
imports =
(import ../modules/editors) ++
(import ../modules/programs) ++
(import ../modules/programs/configs) ++
(import ../modules/services) ++
(import ../modules/shell);
(import ../modules/editors)
++ (import ../modules/programs)
++ (import ../modules/programs/configs)
++ (import ../modules/services)
++ (import ../modules/shell);
home = {
username = "${user}";
homeDirectory = "/home/${user}";
packages = with pkgs; [
# Terminal
pfetch # Minimal fetch
ranger # File Manager
gnupg # sign and authorize 2nd Fac
# Terminal
pfetch # Minimal fetch
ranger # File Manager
gnupg # sign and authorize 2nd Fac
xdg-utils
steam
wakelan
# dev ols
# dev ols
gcc
gnumake
gnupatch
@@ -52,10 +55,10 @@
tailscale
wireguard-tools
# VideAudio
mpv # Media Player
# VideAudio
mpv # Media Player
# Apps
# Apps
qalculate-qt
hdparm
python3
@@ -68,16 +71,16 @@
vesktop
element-desktop
# Fileanagement
# Fileanagement
kdePackages.ark
pcmanfm # File Manager
rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files
unrar # Rar files
pcmanfm # File Manager
rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files
unrar # Rar files
papirus-icon-theme
arc-theme
# General configuration
# General configuration
keepassxc
libreoffice
gimp
@@ -85,15 +88,15 @@
# Flatpak
#vscodium
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
vscodevim.vim
github.copilot
#ms-python.python
ms-vscode.cpptools
catppuccin.catppuccin-vsc-icons
catppuccin.catppuccin-vsc
];
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
vscodevim.vim
github.copilot
#ms-python.python
ms-vscode.cpptools
catppuccin.catppuccin-vsc-icons
catppuccin.catppuccin-vsc
];
})
sdkmanager
@@ -101,12 +104,12 @@
file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
# pointerCursor = { # This will set cursor systemwide so applications can not choose their own
# name = "Dracula-cursors";
# package = pkgs.dracula-theme;
# size = 16;
# gtk.enable = true;
# };
# pointerCursor = { # This will set cursor systemwide so applications can not choose their own
# name = "Dracula-cursors";
# package = pkgs.dracula-theme;
# size = 16;
# gtk.enable = true;
# };
stateVersion = "23.05";
};
@@ -117,25 +120,24 @@
};
};
# gtk = { # Theming
# enable = true;
# theme = {
# name = "Dracula";
# package = pkgs.dracula-theme;
# };
# iconTheme = {
# name = "Papirus-Dark";
# package = pkgs.papirus-icon-theme;
# };
# font = {
# name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium
# }; # Cursor is declared under home.pointerCursor
# };
# gtk = { # Theming
# enable = true;
# theme = {
# name = "Dracula";
# package = pkgs.dracula-theme;
# };
# iconTheme = {
# name = "Papirus-Dark";
# package = pkgs.papirus-icon-theme;
# };
# font = {
# name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium
# }; # Cursor is declared under home.pointerCursor
# };
systemd.user.services.mpris-proxy = {
Unit.Description = "Mpris proxy";
Unit.After = [ "network.target" "sound.target" ];
Unit.After = ["network.target" "sound.target"];
Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
Install.WantedBy = [ "default.target" ];
Install.WantedBy = ["default.target"];
};
}

30
hosts/home_server.nix
View File

@@ -14,12 +14,17 @@
# └─ ./shell
# └─ default.nix
#
{ config, lib, pkgs, user, ... }:
{
imports = # Home Manager Modules
(import ../modules/editors) ++
{
config,
lib,
pkgs,
user,
...
}: {
imports =
# Home Manager Modules
(import ../modules/editors)
++
#(import ../modules/programs) ++
#(import ../modules/programs/configs) ++
#(import ../modules/services) ++
@@ -31,12 +36,12 @@
packages = with pkgs; [
# Terminal
pfetch # Minimal fetch
ranger # File Manager
gnupg # sign and authorize 2nd Fac
pfetch # Minimal fetch
ranger # File Manager
gnupg # sign and authorize 2nd Fac
#xdg-utils
# Video/Audio
#libva-utils # vainfo
@@ -45,10 +50,9 @@
python3
# File Management
rsync # Syncer $ rsync -r dir1/ dir2/
rsync # Syncer $ rsync -r dir1/ dir2/
#unzip # Zip files
#unrar # Rar files
];
stateVersion = "23.11";
};

51
hosts/jupiter/default.nix
View File

@@ -1,55 +1,60 @@
#
# Jupiter — NAS server configuration
#
{ config, pkgs, inputs, user, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/nas);
config,
pkgs,
inputs,
user,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/nas);
# ── Server module options ───────────────────────────────────────────────
# No virtualisation on the NAS
# ── Host-specific settings ──────────────────────────────────────────────
# Example: host-specific overlay — only jupiter gets these packages in its pkgs.
# nixpkgs.overlays = [
# (final: prev: {
# corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
# })
# ];
# Example: host-specific overlay — only jupiter gets these packages in its pkgs.
# nixpkgs.overlays = [
# (final: prev: {
# corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
# })
# ];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = false;
enable = false;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
qemuGuest.enable = true;
avahi = {
enable = true;
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};

311
hosts/jupiter/hardware-configuration.nix
View File

@@ -10,18 +10,22 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[(modulesPath + "/profiles/qemu-guest.nix")] ++
[( import ../../modules/hardware/backup.nix )];
[(modulesPath + "/profiles/qemu-guest.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.initrd.secrets = {
"/root/NASKeyfile" =
/root/NASKeyfile;
/root/NASKeyfile;
};
boot.initrd.luks.devices = {
NAS-RAID1 = {
@@ -33,8 +37,8 @@
keyFile = "/root/NASKeyfile";
};
};
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -50,174 +54,174 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
extraPackages = [pkgs.lz4 pkgs.mbuffer];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
volume = {
"/mnt/snapshots/Mars" = {
snapshot_create = "always";
subvolume = {
"@nas" = {};
};
};
};
};
};
lf = {
onCalendar = "daily";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2w 5d 5h";
snapshot_preserve_min = "latest";
snapshot_preserve = "2m 2w 5d";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/Pluto" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@/Backups" = {};
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
volume = {
"/mnt/snapshots/Mars" = {
snapshot_create = "always";
subvolume = {
"@nas" = {};
};
};
};
};
};
lf = {
onCalendar = "daily";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/Pluto" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@/Backups" = {};
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/mnt/snapshots/Mars" =
{ device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Mars" = {
device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/mnt/snapshots/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd:8,noatime,subvolid=5" ];
};
fileSystems."/mnt/snapshots/Pluto" = {
device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = ["compress=zstd:8,noatime,subvolid=5"];
};
fileSystems."/mnt/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd:8,noatime,subvol=@" ];
};
fileSystems."/mnt/Pluto" = {
device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = ["compress=zstd:8,noatime,subvol=@"];
};
fileSystems."/mnt/Mars" =
{ device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ];
};
fileSystems."/mnt/Mars" = {
device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/export/Pluto" = {
device = "/mnt/Pluto";
options = ["bind"];
};
fileSystems."/export/Mars" = {
device = "/mnt/Mars";
options = ["bind"];
};
swapDevices = [{device = "/swap/swapfile";}];
fileSystems."/export/Pluto" =
{ device = "/mnt/Pluto";
options = [ "bind" ];
};
fileSystems."/export/Mars" =
{ device = "/mnt/Mars";
options = [ "bind" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IPv6PrivacyExtensions=false;
};
ipv6AcceptRAConfig = {
DHCPv6Client = "always";
UseDNS = true;
};
dhcpV4Config = {
UseDNS = true;
};
dhcpV6Config = {
UseDNS = true;
};
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = ["192.168.2.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IPv6PrivacyExtensions = false;
};
ipv6AcceptRAConfig = {
DHCPv6Client = "always";
UseDNS = true;
};
dhcpV4Config = {
UseDNS = true;
};
dhcpV6Config = {
UseDNS = true;
};
};
};
};
networking = {
hostName = "jupiter";
domain = "home.opel-online.de";
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
@@ -234,5 +238,4 @@
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
'';
};
}

16
hosts/jupiter/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
@@ -32,5 +29,4 @@
programs = {
alacritty.settings.font.size = 11;
};
}

36
hosts/kabtop/default.nix
View File

@@ -1,19 +1,25 @@
#
# Kabtop — server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/server);
config,
pkgs,
user,
agenix,
impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/server);
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
myServer.fail2ban.enable = true;
myServer.virtualisation.cpu = "amd";
myServer.fail2ban.enable = true;
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
@@ -30,24 +36,24 @@
environment.etc = {
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
mode = "0444";
};
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
mode = "0444";
};
};
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
};

180
hosts/kabtop/hardware-configuration.nix
View File

@@ -10,17 +10,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -34,81 +38,80 @@
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
"@var" = {};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
"@var" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
#swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [ ];
swapDevices = [];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "kabtop";
domain = "kabtop.de";
networkmanager = {
@@ -116,34 +119,33 @@
};
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
address = [
"37.44.215.182/24"
"2a13:7e80:0:ef::2/64"
];
address = [
"37.44.215.182/24"
"2a13:7e80:0:ef::2/64"
];
routes = [
{ Gateway = "37.44.215.1"; }
{ Gateway = "fe80::1"; }
];
routes = [
{Gateway = "37.44.215.1";}
{Gateway = "fe80::1";}
];
dns = [
"9.9.9.9"
"2620:fe::fe"
];
};
dns = [
"9.9.9.9"
"2620:fe::fe"
];
};
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

16
hosts/kabtop/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
@@ -32,5 +29,4 @@
programs = {
alacritty.settings.font.size = 11;
};
}

22
hosts/kabtopci/default.nix
View File

@@ -1,18 +1,24 @@
#
# Kabtopci — CI server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/kabtopci);
config,
pkgs,
user,
agenix,
impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/kabtopci);
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
myServer.virtualisation.cpu = "amd";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {

105
hosts/kabtopci/hardware-configuration.nix
View File

@@ -10,16 +10,19 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -32,46 +35,46 @@
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
swapDevices = [];
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
@@ -79,15 +82,19 @@
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [
{
address = "195.90.221.87";
prefixLength = 22;
} ];
ipv6.addresses = [ {
}
];
ipv6.addresses = [
{
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
} ];
}
];
};
};
defaultGateway = "195.90.220.1";
@@ -96,11 +103,11 @@
interface = "ens3";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
nameservers = ["9.9.9.9" "2620:fe::fe"];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
};

16
hosts/kabtopci/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
@@ -32,5 +29,4 @@
programs = {
alacritty.settings.font.size = 11;
};
}

36
hosts/kubemaster-1/default.nix
View File

@@ -1,36 +1,42 @@
#
# Kubemaster-1 — Kubernetes master server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/kubemaster);
config,
pkgs,
user,
agenix,
impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/kubemaster);
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
services.avahi = {
enable = true;
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};

131
hosts/kubemaster-1/hardware-configuration.nix
View File

@@ -10,17 +10,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -33,74 +37,74 @@
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
swapDevices = [];
swapDevices = [ ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp0s31f6";
ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.2.1"
];
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp0s31f6";
ntp = ["192.168.2.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.2.1"
];
};
};
};
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "kubemaster-1";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
};
@@ -113,5 +117,4 @@
'';
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

16
hosts/kubemaster-1/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
@@ -32,5 +29,4 @@
programs = {
alacritty.settings.font.size = 11;
};
}

38
hosts/lifebook/default.nix
View File

@@ -1,36 +1,38 @@
#
# Lifebook laptop — system configuration
#
{ lib, pkgs, user, ... }:
{
lib,
pkgs,
user,
...
}: {
imports = [
./hardware-configuration.nix
../../modules/desktop
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.niri.hotkeyVariant = "lifebook";
myDesktop.cpu = "intel";
myDesktop.windowManager = "niri";
myDesktop.niri.hotkeyVariant = "lifebook";
myDesktop.cpu = "intel";
myDesktop.virtualisation.enable = true;
myDesktop.laptop.enable = true;
myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
myDesktop.laptop.enable = true;
myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
myDesktop.laptop.hibernateDelaySec = "1h";
myDesktop.git.signingKey = "/home/${user}/.ssh/id_ed25519_sk_rk_blackred";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
"jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";};
"hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";};
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ];
path = "/home/kabbone/Sync";
devices = ["jupiter.home.opel-online.de" "hades.home.opel-online.de"];
ignorePerms = false;
};
};
@@ -42,16 +44,16 @@
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = [ "${./patched-SSDT4}" ];
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = ["${./patched-SSDT4}"];
loader = {
systemd-boot.enable = lib.mkForce false;
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
timeout = 1;
};
lanzaboote = {
enable = true;
enable = true;
pkiBundle = "/etc/secureboot";
};
};

386
hosts/lifebook/hardware-configuration.nix
View File

@@ -10,222 +10,222 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
[(modulesPath + "/installer/scan/not-detected.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci"];
kernelModules = ["i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1"];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = ''
options i915 force_probe=!9a49
options xe force_probe=9a49
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
kernelModules = ["kvm-intel"];
kernelParams = ["luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force"];
extraModprobeConfig = ''
options i915 force_probe=!9a49
options xe force_probe=9a49
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
btrbk = {
extraPackages = [pkgs.lz4 pkgs.mbuffer];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
tuned = {
enable = true;
profiles = {
balanced_powertop = {
main = {
include = "balanced";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "enabled";
};
};
balanced-battery_powertop = {
main = {
include = "balanced-battery";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "disabled";
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
};
tuned = {
enable = true;
profiles = {
balanced_powertop = {
main = {
include = "balanced";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "enabled";
};
};
balanced-battery_powertop = {
main = {
include = "balanced-battery";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "disabled";
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
systemd.timers = {
btrbk-bak = {
after = ["network-online.target"];
requires = ["network-online.target"];
};
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/var" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/opt" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/var" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter.home.opel-online.de:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Pluto" = {
device = "jupiter.home.opel-online.de:/Pluto";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter.home.opel-online.de:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" = {
device = "jupiter.home.opel-online.de:/Mars";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [{device = "/swap/swapfile";}];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
@@ -235,27 +235,27 @@
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = false;
enable = true;
allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ];
allowedUDPPorts = [24727 51820];
allowedTCPPorts = [24727];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# powerManagement = {
# powertop.enable = true;
# };
# powerManagement = {
# powertop.enable = true;
# };
}

9
hosts/lifebook/home.nix
View File

@@ -2,12 +2,9 @@
# Lifebook laptop — home-manager host-specific additions
# (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
#
{ pkgs, ... }:
{
{pkgs, ...}: {
imports = [
../../modules/home.nix # cmds / theme options
../../modules/home.nix # cmds / theme options
];
home.packages = with pkgs; [
@@ -21,7 +18,7 @@
];
services = {
blueman-applet.enable = true;
blueman-applet.enable = true;
network-manager-applet.enable = true;
};

36
hosts/nasbackup/default.nix
View File

@@ -1,14 +1,18 @@
#
# Nasbak — NAS backup server configuration
#
{ config, pkgs, user, ... }:
{
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/nasbackup);
config,
pkgs,
user,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/nasbackup);
# ── Server module options ───────────────────────────────────────────────
# No virtualisation on the backup NAS
@@ -17,30 +21,30 @@
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = false;
enable = false;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
qemuGuest.enable = true;
avahi = {
enable = true;
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};

319
hosts/nasbackup/hardware-configuration.nix
View File

@@ -1,4 +1,3 @@
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
@@ -10,18 +9,22 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.initrd.secrets = {
"/root/NASKeyfile" =
/root/NASKeyfile;
/root/NASKeyfile;
};
boot.initrd.luks.devices = {
NAS-RAID1 = {
@@ -35,8 +38,8 @@
bypassWorkqueues = true;
};
};
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
@@ -51,168 +54,167 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
extraPackages = [pkgs.lz4 pkgs.mbuffer];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "weekly";
settings = {
stream_buffer = "265m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk";
volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
subvolume = {
"@nas" = {
target = "/mnt/nas/Backups/Mars";
};
"@hades/@home" = {
target = "/mnt/nas/Backups/Hades";
snapshot_dir = "@snapshots/@hades";
};
"@lifebook/@home" = {
target = "/mnt/nas/Backups/Lifebook";
snapshot_dir = "@snapshots/@lifebook";
};
# "@steamdeck/@home" = {
# target = "/mnt/nas/Backups/Steamdeck";
# snapshot_dir = "@snapshots/@steamdeck";
# };
};
};
};
volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto";
subvolume = {
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "weekly";
settings = {
stream_buffer = "265m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk";
volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
subvolume = {
"@nas" = {
target = "/mnt/nas/Backups/Mars";
};
"@hades/@home" = {
target = "/mnt/nas/Backups/Hades";
snapshot_dir = "@snapshots/@hades";
};
"@lifebook/@home" = {
target = "/mnt/nas/Backups/Lifebook";
snapshot_dir = "@snapshots/@lifebook";
};
# "@steamdeck/@home" = {
# target = "/mnt/nas/Backups/Steamdeck";
# snapshot_dir = "@snapshots/@steamdeck";
# };
};
};
};
volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto";
subvolume = {
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
};
};
};
};
systemd.services = {
btrbk-bak = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
};
btrbk-bak = {
after = ["network-online.target"];
requires = ["network-online.target"];
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
# fileSystems."/mnt/snapshots/Pluto" =
# { device = "/dev/disk/by-label/NAS-RAID";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
# };
#
fileSystems."/mnt/nas" =
{ device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
# fileSystems."/mnt/snapshots/Pluto" =
# { device = "/dev/disk/by-label/NAS-RAID";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
# };
#
fileSystems."/mnt/nas" = {
device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs";
options = ["compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [{device = "/swap/swapfile";}];
swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = ["192.168.2.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
hostName = "nasbak";
domain = "home.opel-online.de";
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
@@ -224,10 +226,9 @@
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
# powerUpCommands = ''
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
# '';
# powerUpCommands = ''
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
# '';
};
}

16
hosts/nasbackup/home.nix
View File

@@ -10,16 +10,13 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
@@ -32,5 +29,4 @@
programs = {
alacritty.settings.font.size = 11;
};
}

62
hosts/nbf5/default.nix
View File

@@ -5,7 +5,7 @@
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
@@ -16,57 +16,69 @@
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
config,
pkgs,
user,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
# [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware) ++
(import ../../modules/services/printer); # Hardware devices
# [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)]
++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)]
++ # kvm module options
(import ../../modules/hardware)
++ (import ../../modules/services/printer); # Hardware devices
boot = { # Boot options
boot = {
# Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
# EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
timeout = 1; # Grub auto select time
};
};
environment = {
systemPackages = with pkgs; [
intel-media-driver
intel-media-driver
];
};
programs = { # No xbacklight, this is the alterantive
programs = {
# No xbacklight, this is the alterantive
light.enable = true;
};
services = {
tlp = {
enable = true; # TLP and auto-cpufreq for power management
enable = true; # TLP and auto-cpufreq for power management
settings = {
USB_DENYLIST="fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510";
USB_DENYLIST = "fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510";
};
};
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = { # Needed to find wireless printer
avahi = {
# Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
publish = {
# Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
@@ -75,8 +87,8 @@
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

188
hosts/nbf5/hardware-configuration.nix
View File

@@ -10,32 +10,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
kernelModules = [ "i915" "kvm_intel" ];
systemd.enable = true;
luks = {
devices."root" = {
device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
allowDiscards = true;
};
};
};
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc"];
kernelModules = ["i915" "kvm_intel"];
systemd.enable = true;
luks = {
devices."root" = {
device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
allowDiscards = true;
};
};
};
kernelModules = [ "kvm-intel" ];
extraModprobeConfig = ''
options i915 enable_guc=3 enable_fbc=1 fastboot=1
'';
kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
tmp.useTmpfs = true;
kernelModules = ["kvm-intel"];
extraModprobeConfig = ''
options i915 enable_guc=3 enable_fbc=1 fastboot=1
'';
kernelParams = ["mitigations=off" "luks.options=fido2-device=auto"];
tmp.useTmpfs = true;
};
zramSwap.enable = true;
@@ -49,110 +53,108 @@
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/opt" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/opt" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Pluto" = {
device = "jupiter:/Pluto";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" = {
device = "jupiter:/Mars";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [ ];
swapDevices = [];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "nbf5";
wireless = {
iwd.enable = true;
interfaces = [ "wlan0" ];
interfaces = ["wlan0"];
};
interfaces = {
wlan0 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
};
};
firewall = {
enable = true;
#allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 80 443 ];
allowedTCPPorts = [80 443];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "schedutil";
powertop.enable = true;
powertop.enable = true;
};
}

31
hosts/nbf5/home.nix
View File

@@ -10,26 +10,23 @@
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
firefox
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
@@ -41,11 +38,11 @@
alacritty.settings.font.size = 11;
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
services = {
# Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

31
hosts/steamdeck/default.nix
View File

@@ -1,10 +1,13 @@
#
# Steamdeck — system configuration
#
{ lib, pkgs, user, jovian-nixos, ... }:
{
lib,
pkgs,
user,
jovian-nixos,
...
}: {
imports = [
./hardware-configuration.nix
../../modules/desktop
@@ -12,15 +15,15 @@
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "kde";
myDesktop.cpu = "amd";
myDesktop.windowManager = "kde";
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.nitrokey.enable = true;
myDesktop.nitrokey.enable = true;
specialisation = {
sway.configuration = {
imports = [ (import ../../modules/wm/sway) ];
jovian.steam.enable = lib.mkForce false;
imports = [(import ../../modules/wm/sway)];
jovian.steam.enable = lib.mkForce false;
services.desktopManager.plasma6.enable = lib.mkForce false;
};
};
@@ -28,20 +31,20 @@
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
loader = {
systemd-boot.enable = lib.mkForce false;
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
lanzaboote = {
enable = true;
enable = true;
pkiBundle = "/etc/secureboot";
};
};
services.printing = {
enable = true;
drivers = [ pkgs.gutenprint ];
enable = true;
drivers = [pkgs.gutenprint];
};
services.tailscale.enable = true;

310
hosts/steamdeck/hardware-configuration.nix
View File

@@ -10,178 +10,180 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci"];
kernelModules = [];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-amd" "amdgpu" ];
kernelParams = [ "luks.options=fido2-device=auto" ];
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
kernelModules = ["kvm-amd" "amdgpu"];
kernelParams = ["luks.options=fido2-device=auto"];
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
};
};
};
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
};
};
};
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/nix" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/srv" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/swap" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/opt" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
# fileSystems."/sdcard" =
# { device = "/dev/disk/by-label/sdcard";
# fsType = "ext4";
# options = [ "nofail,noauto,users,x-systemd.automount" ];
# };
# fileSystems."/sdcard" =
# { device = "/dev/disk/by-label/sdcard";
# fsType = "ext4";
# options = [ "nofail,noauto,users,x-systemd.automount" ];
# };
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Pluto" = {
device = "jupiter:/Pluto";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" = {
device = "jupiter:/Mars";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [{device = "/swap/swapfile";}];
networking = {
useDHCP = false; # Deprecated
useDHCP = false; # Deprecated
hostName = "steamdeck";
wireless.iwd.enable = true;
networkmanager = {
@@ -191,22 +193,22 @@
powersave = false;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = "loose";
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
allowedUDPPorts = [24727];
allowedTCPPorts = [24727];
};
};

11
hosts/steamdeck/home.nix
View File

@@ -1,19 +1,16 @@
#
# Home-manager configuration for steamdeck
#
{ pkgs, ... }:
{
{pkgs, ...}: {
specialisation = {
sway.configuration = {
imports = [ (import ../../modules/wm/sway/home.nix) ];
imports = [(import ../../modules/wm/sway/home.nix)];
};
};
imports =
[ (import ../../modules/home.nix) ] ++
[ (import ../../modules/wm/steam/home.nix) ];
[(import ../../modules/home.nix)]
++ [(import ../../modules/wm/steam/home.nix)];
home = {
packages = with pkgs; [

52
hosts/vm/hardware-configuration.nix
View File

@@ -1,36 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime" ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime"];
};
# fileSystems."/home" =
# { device = "/dev/disk/by-label/root";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
# };
# fileSystems."/home" =
# { device = "/dev/disk/by-label/root";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
# };
fileSystems."/boot" =
{ device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's