Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:main
Branches Tags
Kabbone:main Kabbone:refactor
..
compare: Kabbone:c496cd67cf670e487d0e43d90df4b4c8ed7cc413
Branches Tags
Kabbone:main Kabbone:refactor

5 Commits
main ... c496cd67cf

Author SHA1 Message Date
Kabbone
c496cd67cf test hydra jobs 2024-05-20 10:47:26 +02:00
Kabbone
ff266458cc test hydra jobs 2024-05-20 10:45:14 +02:00
Kabbone
8b319073bf test hydra jobs 2024-05-20 10:43:26 +02:00
Kabbone
d8155a1747 test hydra jobs 2024-05-20 10:40:18 +02:00
Kabbone
dddd8b5fe3 test hydra jobs 2024-05-20 10:29:52 +02:00
202 changed files with 6160 additions and 10815 deletions
Expand all files Collapse all files

3
.gitattributes vendored
View File

@@ -1,3 +0,0 @@
*.jpg filter=lfs diff=lfs merge=lfs -text
*.svg filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text

6
.githooks/pre-commit
View File

@@ -1,6 +0,0 @@
#!/usr/bin/env bash
nix fmt .
git diff --exit-code || {
echo "Formatter changed files — review with 'git diff', then re-stage and commit."
exit 1
}

108
CLAUDE.md
View File

@@ -1,108 +0,0 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## What This Repo Is
A NixOS flake configuration managing multiple hosts (desktops, laptops, servers). All hosts share common settings via `hosts/configuration_common.nix` and are assembled in `hosts/default.nix`.
## Common Commands
```bash
# Format all nix files
nix fmt
# Build a host configuration (no activation)
nixos-rebuild build --flake .#<host>
# Switch the current host
sudo nixos-rebuild switch --flake .#<host>
# Build a custom package
nix build .#<package>
# Edit an age-encrypted secret
agenix -e secrets/<path>.age
# Re-key all secrets after adding a new host key to secrets/secrets.nix
agenix -r
```
## Architecture
### Entry Points
- `flake.nix` — defines inputs (nixpkgs stable=25.11, unstable, home-manager, agenix, lanzaboote, jovian-nixos, microvm, impermanence, noctalia) and calls `hosts/default.nix` for `nixosConfigurations`
- `hosts/default.nix` — instantiates every host via `lib.nixosSystem`; contains the `mkHM` helper that wires home-manager into a host's modules list
### Host Structure
Each host lives in `hosts/<name>/`:
- `default.nix` — imports either `../../modules/desktop` or `../../modules/server`, sets the module options (`myDesktop.*` / `myServer.*`), and adds host-specific settings
- `home.nix` — host-specific home-manager config (merged with `hosts/home.nix` for desktops or `hosts/home_server.nix` for servers)
- `hardware-configuration.nix` — generated hardware config
Shared host-level files:
- `hosts/configuration_common.nix` — applied to every host: SSH (key-only, no root), locale, nix GC/settings, zsh, fonts, auto-upgrade flake URL
- `hosts/home.nix` — desktop home-manager base
- `hosts/home_server.nix` — server home-manager base
### Module System
Two top-level NixOS modules expose all major knobs as typed options:
**`modules/desktop/default.nix`** — `myDesktop.*`
- `windowManager`: `"niri"` (default) | `"sway"` | `"kde"`
- `cpu`: `"amd"` | `"intel"` | `"none"` — selects KVM kernel params
- `virtualisation.enable` — podman (docker-compat) + qemu/libvirt + virt-manager
- `syncthing.{enable,devices,folders}`
- `openrgb.{enable,motherboard}`
- `laptop.{enable,lidSwitch,hibernateDelaySec}`
- `nitrokey.enable`
- `niri.hotkeyVariant`: `"default"` | `"lifebook"`
- `git.signingKey` — SSH key for commit signing
- `extraSystemPackages`
**`modules/server/default.nix`** — `myServer.*`
- `sshPort` (default 2220)
- `virtualisation.{enable,cpu}` — podman only (no libvirt)
- `fail2ban.enable`
- `autoUpgrade.enable` (default true)
- `uid`, `sudoRequiresPassword`, `extraGroups`, `extraSystemPackages`
Service bundles are imported as lists in host `default.nix`:
- `modules/services/server/` — kabtop services (gitea, nextcloud, matrix, coturn, hydra, mealie, etc.)
- `modules/services/nas/` — jupiter services (nfs, vaultwarden, syncthing, paperless)
- `modules/services/dmz/` — dmz services (gitea runner microVM)
- `modules/services/kabtopci/` — kabtopci services (hydra, gitea runner)
- `modules/services/nasbackup/` — nasbak backup jobs
### Secrets (agenix)
`secrets/secrets.nix` declares which age public keys (users + host SSH keys) can decrypt each `.age` file. Add a new host: add its `ssh-ed25519` host key to `secrets/secrets.nix` in the relevant groups, then run `agenix -r` to re-key.
### Custom Packages & Overlays
- `packages/` — custom packages (e.g. `corosync-qdevice`), imported at `flake.nix` level
- `overlays/` — nixpkgs overlays applied globally
- Per-host overlays: set `nixpkgs.overlays` inside the host's `default.nix` so only that host is affected
### Disk Layouts
`disko/` contains reusable disko modules: `btrfs.nix`, `btrfs_luks.nix`, `nas_luks.nix` — referenced during initial install.
## Active Hosts
| Host | Role | WM / Notes |
|---|---|---|
| hades | Desktop | niri, AMD, Secure Boot (lanzaboote) |
| lifebook | Laptop | niri, Intel, Secure Boot |
| steamdeck | Gaming | KDE/Jovian-NixOS, Secure Boot |
| kabtop | Main server | gitea, nextcloud, matrix+bridges, coturn, hydra, mealie |
| kabtopci | CI server | hydra, nix-serve |
| jupiter | NAS | nfs, vaultwarden, syncthing, paperless |
| dmz | DMZ | gitea Actions homerunner microVM |
| nasbak | NAS backup | — |
| kubemaster-1 | K8s master | — |
See `SERVICES.md` for port-level service details per host.

16
disko/btrfs.nix
View File

@@ -13,7 +13,7 @@
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
extraArgs = ["-n" "NIXBOOT"]; extraArgs = [ "-n NIXBOOT" ];
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [
"defaults" "defaults"
@@ -24,31 +24,31 @@
size = "100%"; size = "100%";
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f" "-L" "NIXROOT"]; extraArgs = [ "-f -L NIXROOT" ];
subvolumes = { subvolumes = {
"@" = { "@" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@home" = { "@home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@nix" = { "@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@srv" = { "@srv" = {
mountpoint = "/srv"; mountpoint = "/srv";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@var" = { "@var" = {
mountpoint = "/var"; mountpoint = "/var";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@swap" = { "@swap" = {
mountpoint = "/swap"; mountpoint = "/swap";

20
disko/btrfs_luks.nix
View File

@@ -13,7 +13,7 @@
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
extraArgs = ["-n NIXBOOT"]; extraArgs = [ "-n NIXBOOT" ];
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ mountOptions = [
"defaults" "defaults"
@@ -33,35 +33,31 @@
}; };
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f -L NIXROOT"]; extraArgs = [ "-f -L NIXROOT" ];
subvolumes = { subvolumes = {
"@" = { "@" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@home" = { "@home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@nix" = { "@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@opt" = {
mountpoint = "/opt";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"];
}; };
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@srv" = { "@srv" = {
mountpoint = "/srv"; mountpoint = "/srv";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@var" = { "@var" = {
mountpoint = "/var"; mountpoint = "/var";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@swap" = { "@swap" = {
mountpoint = "/swap"; mountpoint = "/swap";

11
disko/mount.sh
View File

@@ -1,11 +0,0 @@
#!/usr/bin/env bash
disk="/dev/vda"
mountpoint="/mnt"
mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap

16
disko/nas_luks.nix
View File

@@ -20,20 +20,20 @@
}; };
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f -L NAS-RAID"]; extraArgs = [ "-f -L NAS-RAID" ];
subvolumes = { subvolumes = {
"@" = { "@" = {
mountpoint = "/mnt/Pluto"; mountpoint = "/mnt/Pluto";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@/Backups" = {}; "@/Backups";
"@/Media" = {}; "@/Media";
"@/Games" = {}; "@/Games";
"@/IT" = {}; "@/IT";
"@/Rest" = {}; "@/Rest";
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = ["compress=zstd" "noatime" "ssd" "discard=async"]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
}; };
}; };

544
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1715290355,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -24,12 +24,18 @@
} }
}, },
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1777242778, "lastModified": 1711299236,
"narHash": "sha256-VWTeqWeb8Sel/QiWyaPvCa9luAbcGawR+Rw09FJoHz0=", "narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "ad8b31ad0ba8448bd958d7a5d50d811dc5d271c0", "rev": "880573f80d09e18a11713f402b9e6172a085449f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -46,11 +52,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744478979, "lastModified": 1700795494,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -60,19 +66,182 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": { "devshell": {
"flake": false, "inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1767039857, "lastModified": 1713532798,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "NixOS", "owner": "numtide",
"repo": "flake-compat", "repo": "devshell",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
@@ -80,7 +249,29 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"pre-commit", "pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs" "nixpkgs"
] ]
}, },
@@ -106,11 +297,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745494811, "lastModified": 1703113217,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -126,11 +317,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777679572, "lastModified": 1715930644,
"narHash": "sha256-egYNbRrkn+6SwTHinhdb6WUfzzdC3nXfCRqS321VylY=", "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9cb587ade2aa1b4a7257f0238d41072690b0ca4f", "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -146,16 +337,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1775425411, "lastModified": 1715381426,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.11", "ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@@ -163,16 +354,16 @@
"home-manager_3": { "home-manager_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"impermanence", "nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1768598210, "lastModified": 1715930644,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -182,16 +373,12 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs"
},
"locked": { "locked": {
"lastModified": 1769548169, "lastModified": 1708968331,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -208,11 +395,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777614199, "lastModified": 1716107076,
"narHash": "sha256-k8fgidVoDNQTZWGLdhe6kLgpsLcydhPzal5YKVwxD2U=", "narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "79f3e3cc5c643138b7b3405c42681451be85d838", "rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -224,18 +411,21 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit": "pre-commit", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1777299656, "lastModified": 1713369831,
"narHash": "sha256-c0r3xXp2+xFJwkryS+nhyQwoACbFzSt4C1TVs3QMh8E=", "narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "079c608988c2747db3902c9de033572cd50e8656", "rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -247,25 +437,47 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1776340739, "lastModified": 1715787097,
"narHash": "sha256-s4FDictJlPtY6Shd6scG5hgrDMiHth09+svtvTA5NLA=", "narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=",
"owner": "microvm-nix", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "2f2f62fdfdca2750e3399f66bd03986ab967e5ca", "rev": "fa673bf8656fe6f28253b83971a36999bc9995d2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "microvm-nix", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715901937,
"narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -274,11 +486,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729697500, "lastModified": 1690328911,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "nix-github-actions", "repo": "nix-github-actions",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -290,11 +502,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1776983936, "lastModified": 1716034089,
"narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=", "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61", "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -306,27 +518,43 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1768564909, "lastModified": 1716061101,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1777578337, "lastModified": 1715961556,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -336,81 +564,84 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixvim": {
"locked": {
"lastModified": 1777428379,
"narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "755f5aa91337890c432639c60b6064bb7fe67769",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"noctalia": {
"inputs": { "inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs-unstable"
], ],
"noctalia-qs": "noctalia-qs" "pre-commit-hooks": "pre-commit-hooks",
},
"locked": {
"lastModified": 1777427472,
"narHash": "sha256-kqcfLdxb+CqTroMErCScvx6YQcZYJcf6X+z5I8kBJK8=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "9f8dd48c8df5ab1f7f87ddf9842627e1e5682186",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"type": "github"
}
},
"noctalia-qs": {
"inputs": {
"nixpkgs": [
"noctalia",
"nixpkgs"
],
"systems": "systems_2",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1777380063, "lastModified": 1716125991,
"narHash": "sha256-q5mWOEICcZzr+KnjIwDHV9EXiBxOC9cnBpxZbDAViU8=", "narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
"owner": "noctalia-dev", "owner": "nix-community",
"repo": "noctalia-qs", "repo": "nixvim",
"rev": "8742a7a748c43bf44eb6862a8ebd3591ed71502d", "rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "noctalia-dev", "owner": "nix-community",
"repo": "noctalia-qs", "repo": "nixvim",
"type": "github" "type": "github"
} }
}, },
"pre-commit": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_3",
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1776796298, "lastModified": 1715870890,
"narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -429,24 +660,28 @@
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"noctalia": "noctalia" "nixvim": "nixvim"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1777173302, "lastModified": 1711246447,
"narHash": "sha256-ERiu3cbxvnTDxiDcimRA7af7xp6x1y0sRyLGm28Qzz8=", "narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "aaec8c50baeaf2f2ba653e8aae71778a2bbbac94", "rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -458,11 +693,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772189877, "lastModified": 1708358594,
"narHash": "sha256-i1p90Rgssb//aNiTDFq46ZG/fk3LmyRLChtp/9lddyA=", "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "fe39e122d898f66e89ffa17d4f4209989ccb5358", "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 1255, "revCount": 614,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@@ -488,33 +723,62 @@
}, },
"systems_2": { "systems_2": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1681028828,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default-linux", "repo": "default",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "nix-systems",
"repo": "default-linux", "repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"noctalia", "nixvim",
"noctalia-qs",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1775636079, "lastModified": 1715940852,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github" "type": "github"
}, },
"original": { "original": {

155
flake.nix
View File

@@ -2,110 +2,73 @@
# https://github.com/MatthiasBenaets/nixos-config # https://github.com/MatthiasBenaets/nixos-config
# https://www.youtube.com/watch?v=AGVXJ-TIv3Y # https://www.youtube.com/watch?v=AGVXJ-TIv3Y
# #
# flake.nix * # flake.nix *
# ├─ ./hosts # ├─ ./hosts
# │ └─ default.nix # │ └─ default.nix
{ {
description = "Kabbone's personal NixOS Flake config"; description = "Kabbone's peronal NixOS Flake config";
inputs = { inputs = # All flake references used to build my NixOS setup. These are dependencies.
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = { microvm = {
url = "github:microvm-nix/microvm.nix"; url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = { # User Package Management
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
impermanence.url = "github:nix-community/impermanence"; outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
rec {
home-manager = { user = "kabbone";
# User Package Management userdmz = "diablo";
url = "github:nix-community/home-manager/release-25.11"; userserver = "mephisto";
inputs.nixpkgs.follows = "nixpkgs"; location = "$HOME/.setup";
nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true;
}
);
hydraJobs."steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
}; };
home-manager-unstable = {
# User Package Management
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
home-manager-unstable,
agenix,
jovian-nixos,
microvm,
impermanence,
lanzaboote,
noctalia,
...
} @ inputs: let
systems = [
# "aarch64-linux"
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system: import ./packages {pkgs = nixpkgs.legacyPackages.${system};});
# Formatter for your nix files, available through 'nix fmt'
# Other options beside 'alejandra' include 'nixpkgs-fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
# Your custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;};
# Reusable nixos modules you might want to export
# These are usually stuff you would upstream into nixpkgs
#nixosModules = import ./modules/kabbone;
# Reusable home-manager modules you might want to export
# These are usually stuff you would upstream into home-manager
#homeManagerModules = import ./modules/home-manager;
nixosConfigurations = ( # NixOS configurations
import ./hosts {
# Imports ./hosts/default.nix
inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here.
}
);
hydraJobs = {
"steamdeck" = self.nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = self.nixosConfigurations.hades.config.system.build.toplevel;
"nasbak" = self.nixosConfigurations.nasbak.config.system.build.toplevel;
"jupiter" = self.nixosConfigurations.jupiter.config.system.build.toplevel;
"lifebook" = self.nixosConfigurations.lifebook.config.system.build.toplevel;
"kabtop" = self.nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = self.nixosConfigurations.dmz.config.system.build.toplevel;
};
};
} }

132
hosts/configuration_common.nix
View File

@@ -1,132 +0,0 @@
#
# Common configuration shared by all hosts (desktop and server).
# Imported by configuration_desktop.nix and configuration_server.nix.
#
{
config,
lib,
pkgs,
inputs,
user,
location,
agenix,
...
}: {
imports = [
../modules/hardware/hydraCache.nix
];
users.users.${user} = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
time.timeZone = "Europe/Berlin";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_TIME = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
fonts.packages = with pkgs; [
carlito
vegur
source-code-pro
font-awesome
hack-font
corefonts
intel-one-mono
cascadia-code
];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [
vim
git
killall
pciutils
usbutils
wget
bind
dig
agenix.packages.${pkgs.system}.default
cryptsetup
powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
];
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
programs.zsh.enable = true;
nix = {
settings = {
auto-optimise-store = true;
allowed-users = ["@wheel"];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
security = {
sudo.execWheelOnly = true;
pki.certificateFiles = [
./rootCA.pem
];
};
system = {
stateVersion = "23.05";
autoUpgrade = {
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
};
};
}

200
hosts/configuration_desktop.nix Normal file
View File

@@ -0,0 +1,200 @@
#
# Main system configuration. More information available in configuration.nix(5) man page.
#
# flake.nix
# ├─ ./hosts
# │ └─ configuration.nix *
# └─ ./modules
# └─ ./editors
# └─ ./nvim
# └─ default.nix
#
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{
imports = # Import window or display manager.
[
#../modules/editors/nvim # ! Comment this out on first install !
];
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
shell = pkgs.zsh; # Default shell
uid = 2000;
# initialPassword = "password95";
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
time.timeZone = "Europe/Berlin"; # Time zone and internationalisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { # Extra locale settings that need to be overwritten
LC_TIME = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us"; # or us/azerty/etc
};
security = {
rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem
];
#tpm2 = {
# enable = true;
# pkcs11.enable = true;
# tctiEnvironment.enable = true;
# };
};
sound = { # ALSA sound enable
#enable = true;
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
enable = true;
};
};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
vegur # NixOS
source-code-pro
font-awesome # Icons
hack-font
corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
git
killall
pciutils
usbutils
wget
powertop
cpufrequtils
lm_sensors
libva-utils
at-spi2-core
bind
dig
qmk-udev-rules
gptfdisk
agenix.packages.x86_64-linux.default
age-plugin-yubikey
pwgen
cryptsetup
powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
sbctl
];
};
services = {
pipewire = { # Sound
enable = true;
alsa = {
enable = true;
# support32Bit = true;
};
pulse.enable = true;
wireplumber.enable = true;
};
openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip>
# public:
# - port forward 22 TCP to server
# - in case you want to use the domain name insted of the ip:
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
# extraConfig = ''
# HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
};
pcscd.enable = true;
yubikey-agent.enable = true;
udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
# List:
# com.obsproject.Studio
# com.parsecgaming.parsec
# com.usebottles.bottles
gvfs.enable = true;
fwupd.enable = true;
};
#xdg.portal = { # Required for flatpak
# enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
#};
nix = { # Nix Package Manager settings
settings ={
auto-optimise-store = true; # Optimise syslinks
};
gc = { # Automatic garbage collection
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable; # Enable nixFlakes on system
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
system = { # NixOS settings
autoUpgrade = { # Allow auto update
enable = true;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
#channel = "https://nixos.org/channels/nixos-unstable";
};
stateVersion = "23.05";
};
}

163
hosts/configuration_server.nix
View File

@@ -1,44 +1,149 @@
# #
# Server configuration. Imports configuration_common.nix for shared settings. # Main system configuration. More information available in configuration.nix(5) man page.
# Service modules are imported per-host.
# #
# flake.nix
# ├─ ./hosts
# │ └─ configuration.nix *
# └─ ./modules
# └─ ./editors
# └─ ./nvim
# └─ default.nix
#
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
config,
lib,
pkgs,
inputs,
user,
location,
agenix,
...
}: {
imports = [
./configuration_common.nix
];
users.users.${user} = {
imports = # Import window or display manager.
[
#../modules/editors/nvim # ! Comment this out on first install !
];
users.users.${user} = { # System User
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ];
shell = pkgs.zsh; # Default shell
uid = 3000; uid = 3000;
extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"]; # initialPassword = "password95";
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.
time.timeZone = "Europe/Berlin"; # Time zone and internationalisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { # Extra locale settings that need to be overwritten
LC_TIME = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
};
}; };
security.sudo.wheelNeedsPassword = true; console = {
font = "Lat2-Terminus16";
keyMap = "us"; # or us/azerty/etc
};
environment.systemPackages = with pkgs; [ security.rtkit.enable = true;
ffmpeg security.pki.certificateFiles = [
smartmontools ./rootCA.pem
htop
]; ];
services.openssh = { fonts.packages = with pkgs; [ # Fonts
ports = [2220]; carlito # NixOS
openFirewall = true; vegur # NixOS
source-code-pro
cascadia-code
font-awesome # Icons
hack-font
corefonts # MS
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
];
environment = {
variables = {
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
git
killall
pciutils
usbutils
wget
powertop
cpufrequtils
lm_sensors
bind
dig
agenix.packages.x86_64-linux.default
ffmpeg
smartmontools
powerline
powerline-fonts
powerline-symbols
tree
btop
htop
direnv
];
}; };
nix.extraOptions = '' services = {
keep-outputs = true openssh = { # SSH: secure shell (remote connection to shell of server)
keep-derivations = true enable = true; # local: $ ssh <user>@<ip>
''; settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
ports = [ 2220 ];
openFirewall = true;
};
system.autoUpgrade.enable = true; #flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
};
nix = { # Nix Package Manager settings
settings ={
auto-optimise-store = true; # Optimise syslinks
};
gc = { # Automatic garbage collection
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
package = pkgs.nixVersions.stable; # Enable nixFlakes on system
extraOptions = ''
experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
'';
};
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
system = { # NixOS settings
autoUpgrade = { # Allow auto update
enable = true;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
};
stateVersion = "23.05";
};
} }

402
hosts/default.nix
View File

@@ -1,252 +1,230 @@
# #
# These are the different profiles that can be used when building NixOS. # These are the different profiles that can be used when building NixOS.
# #
# flake.nix # flake.nix
# └─ ./hosts # └─ ./hosts
# ├─ default.nix * # ├─ default.nix *
# ├─ configuration_common.nix # ├─ configuration.nix
# ├─ configuration_desktop.nix
# ├─ configuration_server.nix
# ├─ home.nix # ├─ home.nix
# └─ ./desktop OR ./laptop OR ./vm # └─ ./desktop OR ./laptop OR ./vm
# ├─ ./default.nix # ├─ ./default.nix
# └─ ./home.nix # └─ ./home.nix
# #
{
lib,
inputs,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
home-manager-unstable,
agenix,
jovian-nixos,
microvm,
impermanence,
lanzaboote,
...
}: let
# Default user — desktop hosts share this; server hosts may override per-host
# by passing a different `user` value in their own specialArgs block.
defaultUser = "kabbone";
location = builtins.getEnv "HOME" + "/.setup";
system = "x86_64-linux"; { lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
pkgs-unstable = import nixpkgs-unstable { let
inherit system; system = "x86_64-linux"; # System architecture
config.allowUnfree = true;
};
pkgs-kabbone = import ../packages {
inherit system;
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
};
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true; # Allow proprietary software
# Prefer host-specific overlays over a global one here.
# Set nixpkgs.overlays inside the host's own module (e.g. hosts/desktop/default.nix)
# so only that host's pkgs is affected. Packages can be imported inline —
# no specialArgs needed. See hosts/desktop/default.nix for an example.
}; };
# Helper: returns [hm-module, config-attrset] for the modules list. lib = nixpkgs.lib;
# hm - the home-manager flake input to use (stable or unstable) users.defaultShell = "pkgs.zsh";
# user - the username whose home-manager config to build
# hmImports - list of home.nix paths for this host in
mkHM = hm: user: hmImports: [ {
hm.nixosModules.home-manager desktop = lib.nixosSystem { # Desktop profile
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit user;};
home-manager.users.${user}.imports = hmImports;
}
];
in {
hades = lib.nixosSystem {
# Desktop profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; modules = [
user = defaultUser; agenix.nixosModules.default
}; microvm.nixosModules.host
modules = lanzaboote.nixosModules.lanzaboote
[ #nixvim.nixosModules.nixvim
agenix.nixosModules.default ./desktop
microvm.nixosModules.host ./configuration_desktop.nix
lanzaboote.nixosModules.lanzaboote ../modules/hardware/remoteBuilder.nix
./desktop # myDesktop options set inside nixos-hardware.nixosModules.common-cpu-amd
./configuration_common.nix nixos-hardware.nixosModules.common-gpu-amd
../modules/hardware/remoteBuilder.nix nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd home-manager.nixosModules.home-manager {
] home-manager.useGlobalPkgs = true;
++ (mkHM home-manager defaultUser [./home.nix ./desktop/home.nix]); home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./desktop/home.nix)];
};
}
];
}; };
lifebook = lib.nixosSystem { laptop = lib.nixosSystem { # Laptop profile
# Laptop profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix; };
inherit inputs location nixos-hardware agenix lanzaboote; modules = [
user = defaultUser; agenix.nixosModules.default
}; ./laptop
modules = ./configuration_desktop.nix
[ ../modules/hardware/remoteClient.nix
agenix.nixosModules.default nixos-hardware.nixosModules.common-cpu-intel
lanzaboote.nixosModules.lanzaboote nixos-hardware.nixosModules.common-gpu-intel
./lifebook # myDesktop options set inside nixos-hardware.nixosModules.common-pc-ssd
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel home-manager.nixosModules.home-manager {
nixos-hardware.nixosModules.common-pc-ssd home-manager.useGlobalPkgs = true;
] home-manager.useUserPackages = true;
++ (mkHM home-manager defaultUser [./home.nix ./lifebook/home.nix]); home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
};
}
];
}; };
steamdeck = nixpkgs-unstable.lib.nixosSystem { steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
# steamdeck profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; };
inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; modules = [
user = defaultUser; agenix.nixosModules.default
}; jovian-nixos.nixosModules.default
modules = lanzaboote.nixosModules.lanzaboote
[ ./steamdeck
agenix.nixosModules.default ./configuration_desktop.nix
jovian-nixos.nixosModules.default ../modules/hardware/remoteClient.nix
lanzaboote.nixosModules.lanzaboote nixos-hardware.nixosModules.common-cpu-amd
./steamdeck nixos-hardware.nixosModules.common-gpu-amd
./configuration_common.nix nixos-hardware.nixosModules.common-pc-ssd
]
++ (mkHM home-manager-unstable defaultUser [./home.nix ./steamdeck/home.nix]); home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)];
};
}
];
}; };
kabtop = lib.nixosSystem { server = lib.nixosSystem { # Desktop profile
# Server profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
inherit inputs location nixos-hardware agenix impermanence; modules = [
user = defaultUser; agenix.nixosModules.default
}; microvm.nixosModules.host
modules = ./server
[ ./configuration_server.nix
agenix.nixosModules.default nixos-hardware.nixosModules.common-cpu-amd
microvm.nixosModules.host nixos-hardware.nixosModules.common-pc-ssd
./kabtop
./configuration_common.nix home-manager.nixosModules.home-manager {
nixos-hardware.nixosModules.common-cpu-amd home-manager.useGlobalPkgs = true;
nixos-hardware.nixosModules.common-pc-ssd home-manager.useUserPackages = true;
] home-manager.extraSpecialArgs = { inherit user; };
++ (mkHM home-manager defaultUser [./home_server.nix ./kabtop/home.nix]); home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
};
}
];
}; };
nasbak = lib.nixosSystem { kabtop = lib.nixosSystem { # Desktop profile
# Server profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
inherit inputs location nixos-hardware agenix; modules = [
user = defaultUser; agenix.nixosModules.default
}; microvm.nixosModules.host
modules = ./kabtop
[ ./configuration_server.nix
agenix.nixosModules.default nixos-hardware.nixosModules.common-cpu-amd
./nasbackup nixos-hardware.nixosModules.common-pc-ssd
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel home-manager.nixosModules.home-manager {
nixos-hardware.nixosModules.common-pc-ssd home-manager.useGlobalPkgs = true;
] home-manager.useUserPackages = true;
++ (mkHM home-manager defaultUser [./home_server.nix ./nasbackup/home.nix]); home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
};
}
];
}; };
jupiter = lib.nixosSystem { nasbak = lib.nixosSystem { # Desktop profile
# Server profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix; };
inherit inputs location nixos-hardware agenix; modules = [
user = defaultUser; agenix.nixosModules.default
}; ./nasbackup
modules = ./configuration_desktop.nix
[ ../modules/hardware/remoteClient.nix
agenix.nixosModules.default nixos-hardware.nixosModules.common-cpu-intel
./jupiter nixos-hardware.nixosModules.common-pc-ssd
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel home-manager.nixosModules.home-manager {
nixos-hardware.nixosModules.common-pc-ssd home-manager.useGlobalPkgs = true;
] home-manager.useUserPackages = true;
++ (mkHM home-manager defaultUser [./home_server.nix ./jupiter/home.nix]); home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./nasbackup/home.nix)];
};
}
];
}; };
kabtopci = lib.nixosSystem { jupiter = lib.nixosSystem { # Desktop profile
# Server profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix; };
inherit inputs location nixos-hardware agenix impermanence; modules = [
user = defaultUser; agenix.nixosModules.default
}; ./jupiter
modules = ./configuration_desktop.nix
[ ../modules/hardware/remoteClient.nix
agenix.nixosModules.default nixos-hardware.nixosModules.common-cpu-intel
microvm.nixosModules.host nixos-hardware.nixosModules.common-pc-ssd
./kabtopci
./configuration_common.nix home-manager.nixosModules.home-manager {
nixos-hardware.nixosModules.common-pc-ssd home-manager.useGlobalPkgs = true;
] home-manager.useUserPackages = true;
++ (mkHM home-manager defaultUser [./home_server.nix ./kabtopci/home.nix]); home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./jupiter/home.nix)];
};
}
];
}; };
kubemaster-1 = lib.nixosSystem { dmz = lib.nixosSystem { # Desktop profile
# Server profile
inherit system; inherit system;
specialArgs = { specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
inherit inputs location nixos-hardware agenix impermanence; modules = [
user = defaultUser; agenix.nixosModules.default
}; microvm.nixosModules.host
modules = ./dmz
[ ./configuration_server.nix
agenix.nixosModules.default nixos-hardware.nixosModules.common-pc-ssd
microvm.nixosModules.host
./kubemaster-1 home-manager.nixosModules.home-manager {
./configuration_common.nix home-manager.useGlobalPkgs = true;
nixos-hardware.nixosModules.common-cpu-intel home-manager.useUserPackages = true;
nixos-hardware.nixosModules.common-pc-ssd home-manager.extraSpecialArgs = { inherit user; };
] home-manager.users.${user} = {
++ (mkHM home-manager defaultUser [./home_server.nix ./kubemaster-1/home.nix]); imports = [(import ./home_server.nix)] ++ [(import ./dmz/home.nix)];
};
}
];
}; };
dmz = lib.nixosSystem { # vm = lib.nixosSystem { # VM profile
# Server profile # inherit system;
inherit system; # specialArgs = { inherit inputs user location; };
specialArgs = { # modules = [
inherit inputs location nixos-hardware agenix impermanence; # ./vm
user = defaultUser; # ./configuration.nix
}; #
modules = # home-manager.nixosModules.home-manager {
[ # home-manager.useGlobalPkgs = true;
agenix.nixosModules.default # home-manager.useUserPackages = true;
microvm.nixosModules.host # home-manager.extraSpecialArgs = { inherit user; };
./dmz # home-manager.users.${user} = {
./configuration_common.nix # imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
nixos-hardware.nixosModules.common-pc-ssd # };
] # }
++ (mkHM home-manager defaultUser [./home_server.nix ./dmz/home.nix]); # ];
}; # };
# vm = lib.nixosSystem { # VM profile
# inherit system;
# specialArgs = { inherit inputs user location; };
# modules = [
# ./vm
# ./configuration.nix
#
# (mkHM home-manager [ ./home.nix ./vm/home.nix ])
# ];
# };
} }

141
hosts/desktop/default.nix
View File

@@ -1,62 +1,103 @@
# #
# Hades desktop — system configuration # Specific system configuration settings for desktop
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, nixvim, ... }:
{ {
lib, imports = # For now, if applying to other system, swap files
pkgs, [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
inputs, [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
... (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
}: { [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
# Example: host-specific overlays — only hades gets these packages in its pkgs. (import ../../modules/hardware); # Hardware devices
# nixpkgs.overlays = [
# (final: prev: {
# # pull a single package from unstable (no specialArgs needed)
# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
# # pull a package from pkgs-kabbone (inline import, no specialArgs needed)
# corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
# })
# ];
imports = [ boot = { # Boot options
./hardware-configuration.nix
../../modules/desktop
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.openrgb.enable = true;
myDesktop.openrgb.motherboard = "amd";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";};
"lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = ["jupiter.home.opel-online.de" "lifebook.home.opel-online.de"];
ignorePerms = false;
};
};
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true; efi = {
efi.efiSysMountPoint = "/boot"; canTouchEfiVariables = true;
timeout = 1; efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
}; };
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
}; };
environment.systemPackages = [pkgs.linux-firmware]; # hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
} }

223
hosts/desktop/hardware-configuration.nix
View File

@@ -10,21 +10,17 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[(modulesPath + "/installer/scan/not-detected.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; {
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; imports =
boot.kernelModules = ["kvm-amd" "nct6775"]; [ (modulesPath + "/installer/scan/not-detected.nix")] ++
boot.extraModulePackages = []; [( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
@@ -38,148 +34,109 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [pkgs.lz4 pkgs.mbuffer]; instances = {
instances = { hf = {
hf = { onCalendar = "hourly";
onCalendar = "hourly"; settings = {
settings = { incremental = "yes";
incremental = "yes"; snapshot_create = "ondemand";
snapshot_create = "ondemand"; snapshot_dir = "@snapshots";
snapshot_dir = "@snapshots"; timestamp_format = "long";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = { volume = {
"/mnt/snapshots/root" = { "/mnt/snapshots/root" = {
snapshot_create = "always"; snapshot_create = "always";
subvolume = { subvolume = {
"@home" = {}; "@home" = {};
};
};
};
}; };
};
}; };
};
}; };
bak = { };
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all"; fileSystems."/" =
target_preserve_min = "no"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
target_preserve = "4w 3d"; fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
}; };
};
systemd.timers = { fileSystems."/home" =
btrbk-bak = { { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
after = ["network-online.target"]; fsType = "btrfs";
requires = ["network-online.target"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
}; };
};
fileSystems."/" = { fileSystems."/srv" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
}; };
fileSystems."/home" = { fileSystems."/nix" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
}; };
fileSystems."/srv" = { fileSystems."/swap" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
}; };
fileSystems."/nix" = { fileSystems."/mnt/snapshots/root" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
}; };
fileSystems."/swap" = { fileSystems."/boot" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "btrfs"; fsType = "vfat";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; };
};
fileSystems."/mnt/snapshots/root" = { fileSystems."/mnt/Pluto" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2"; { device = "jupiter:/Pluto";
fsType = "btrfs"; fsType = "nfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
fileSystems."/boot" = { fileSystems."/mnt/Mars" =
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1"; { device = "jupiter:/Mars";
fsType = "vfat"; fsType = "nfs";
}; options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Pluto" = {
device = "jupiter:/Pluto";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" = {
device = "jupiter:/Mars";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [{device = "/swap/swapfile";}];
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "hades"; hostName = "hades";
networkmanager = { networkmanager = {
enable = true; enable = false;
};
firewall = {
enable = true;
allowedUDPPorts = [24727];
allowedTCPPorts = [24727];
}; };
}; };
# systemd.network = { systemd.network = {
# enable = true; enable = true;
# networks = { networks = {
# "10-lan" = { "10-lan" = {
# matchConfig.Name = "eno1"; matchConfig.Name = "enp34s0";
# ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
# domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
# networkConfig = { networkConfig = {
# DHCP = "yes"; DHCP = "yes";
# IPv6AcceptRA = true; IPv6AcceptRA = true;
# }; };
# }; };
# }; };
# }; };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true; #powerManagement.powertop.enable = true;

71
hosts/desktop/home.nix
View File

@@ -1,26 +1,61 @@
# #
# Hades desktop — home-manager host-specific additions # Home-manager configuration for laptop
# (WM home config is loaded by modules/desktop based on myDesktop.windowManager) #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # cmds / theme options
];
home.packages = with pkgs; [ { pkgs, ... }:
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
pulsemixer
nitrokey-app
kicad
];
services = { {
blueman-applet.enable = true; imports =
network-manager-applet.enable = true; [
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
#freecad # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
nheko
pulsemixer
#yubioath-flutter
nitrokey-app
kicad
yuzu-mainline
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
}; };
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

68
hosts/dmz/default.nix
View File

@@ -1,46 +1,60 @@
# #
# DMZ — demilitarised zone server configuration # Specific system configuration settings for desktop
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{ {
config, imports = # For now, if applying to other system, swap files
pkgs, [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
user, [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
agenix, [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
impermanence, (import ../../modules/services/dmz) ++ # Server Services
... (import ../../modules/hardware); # Hardware devices
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/dmz);
# ── Server module options ─────────────────────────────────────────────── boot = { # Boot options
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi = {
efi.efiSysMountPoint = "/boot"; canTouchEfiVariables = true;
timeout = 1; efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
}; };
}; };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
services = { services = {
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

146
hosts/dmz/hardware-configuration.nix
View File

@@ -10,21 +10,17 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; {
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; imports =
boot.kernelModules = ["kvm-intel"]; [ (modulesPath + "/profiles/qemu-guest.nix")
boot.extraModulePackages = []; ];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
@@ -37,74 +33,72 @@
]; ];
}; };
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
swapDevices = [];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = ["192.168.101.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.101.1"
];
};
}; };
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
swapDevices = [ ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
}; };
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "dmz"; hostName = "dmz";
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = []; allowedUDPPorts = [ ];
allowedTCPPorts = [80 443]; allowedTCPPorts = [ ];
}; };
}; };
} }

19
hosts/dmz/home.nix
View File

@@ -10,16 +10,22 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
home = { { pkgs, ... }:
# Specific packages for laptop
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
#auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
@@ -29,4 +35,5 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

90
hosts/fuji/default.nix
View File

@@ -1,90 +0,0 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{
config,
nixpkgs,
pkgs,
user,
lib,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)]
++ # Window Manager
(import ../../modules/wm/virtualisation)
++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)]
++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = {
# Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = {
# EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = {
# Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = {
# Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

141
hosts/fuji/hardware-configuration.nix
View File

@@ -1,141 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[(modulesPath + "/installer/scan/not-detected.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [{device = "/swap/swapfile";}];
networking = {
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
};
firewall = {
enable = true;
#allowedUDPPorts = [ 24727 ];
#allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = ["192.168.2.1"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

42
hosts/fuji/home.nix
View File

@@ -1,42 +0,0 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
#nheko
pulsemixer
];
};
services = {
# Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

142
hosts/home.nix
View File

@@ -14,130 +14,122 @@
# └─ ./shell # └─ ./shell
# └─ default.nix # └─ default.nix
# #
{
config, { config, lib, pkgs, user, ... }:
lib,
pkgs, {
user, imports = # Home Manager Modules
... (import ../modules/editors) ++
}: { (import ../modules/programs) ++
imports = (import ../modules/programs/configs) ++
(import ../modules/editors) (import ../modules/services) ++
++ (import ../modules/programs) (import ../modules/shell);
++ (import ../modules/programs/configs)
++ (import ../modules/services)
++ (import ../modules/shell);
home = { home = {
username = "${user}"; username = "${user}";
homeDirectory = "/home/${user}"; homeDirectory = "/home/${user}";
packages = with pkgs; [ packages = with pkgs; [
# Terminal # Terminal
pfetch # Minimal fetch pfetch # Minimal fetch
ranger # File Manager ranger # File Manager
gnupg # sign and authorize 2nd Fac gnupg # sign and authorize 2nd Fac
xdg-utils xdg-utils
steam steam
wakelan wakelan
# dev ols # dev ols
gcc gcc
gnumake gnumake
gnupatch gnupatch
gnulib gnulib
screen
yubioath-flutter yubioath-flutter
nitrokey-app nitrokey-app
claude-code
tailscale tailscale
wireguard-tools wireguard-tools
# VideAudio # VideAudio
mpv # Media Player mpv # Media Player
youtube-dl
# Apps # Apps
qalculate-qt galculator
tdesktop
hdparm hdparm
python3 python3Full
android-tools android-tools
#calibre calibre
mtpfs mtpfs
vimiv-qt vimiv-qt
freecad freecad
discord
vesktop
element-desktop
# Fileanagement # Fileanagement
kdePackages.ark #okular # PDF viewer
pcmanfm # File Manager #gnome.file-roller # Archive Manager
rsync # Syncer $ rsync -r dir1/ dir2/ ark
unzip # Zip files pcmanfm # File Manager
unrar # Rar files rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files
unrar # Rar files
papirus-icon-theme papirus-icon-theme
arc-theme
# General configuration # Genel configuration
keepassxc keepassxc
libreoffice libreoffice
gimp
# Flatpak # Flatpak
prusa-slicer
#vscodium #vscodium
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
vscodeExtensions = with vscode-extensions; [ vscodeExtensions = with vscode-extensions; [
vscodevim.vim vscodevim.vim
github.copilot github.copilot
#ms-python.python #ms-python.python
ms-vscode.cpptools ms-vscode.cpptools
catppuccin.catppuccin-vsc-icons dracula-theme.theme-dracula
catppuccin.catppuccin-vsc catppuccin.catppuccin-vsc
]; catppuccin.catppuccin-vsc-icons
];
}) })
sdkmanager
]; ];
file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg; file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
# pointerCursor = { # This will set cursor systemwide so applications can not choose their own pointerCursor = { # This will set cursor systemwide so applications can not choose their own
# name = "Dracula-cursors"; name = "Dracula-cursors";
# package = pkgs.dracula-theme; package = pkgs.dracula-theme;
# size = 16; size = 16;
# gtk.enable = true; gtk.enable = true;
# }; };
stateVersion = "23.05"; stateVersion = "23.05";
}; };
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
alacritty = {
settings.font.size = 11;
};
}; };
# gtk = { # Theming
# enable = true; # gtk = { # Theming
# theme = { # enable = true;
# name = "Dracula"; # theme = {
# package = pkgs.dracula-theme; # name = "Dracula";
# }; # package = pkgs.dracula-theme;
# iconTheme = { # };
# name = "Papirus-Dark"; # iconTheme = {
# package = pkgs.papirus-icon-theme; # name = "Papirus-Dark";
# }; # package = pkgs.papirus-icon-theme;
# font = { # };
# name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium # font = {
# }; # Cursor is declared under home.pointerCursor # name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium
# }; # }; # Cursor is declared under home.pointerCursor
# };
systemd.user.services.mpris-proxy = { systemd.user.services.mpris-proxy = {
Unit.Description = "Mpris proxy"; Unit.Description = "Mpris proxy";
Unit.After = ["network.target" "sound.target"]; Unit.After = [ "network.target" "sound.target" ];
Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy"; Service.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
Install.WantedBy = ["default.target"]; Install.WantedBy = [ "default.target" ];
}; };
} }

32
hosts/home_server.nix
View File

@@ -14,17 +14,12 @@
# └─ ./shell # └─ ./shell
# └─ default.nix # └─ default.nix
# #
{
config, { config, lib, pkgs, user, ... }:
lib,
pkgs, {
user, imports = # Home Manager Modules
... (import ../modules/editors) ++
}: {
imports =
# Home Manager Modules
(import ../modules/editors)
++
#(import ../modules/programs) ++ #(import ../modules/programs) ++
#(import ../modules/programs/configs) ++ #(import ../modules/programs/configs) ++
#(import ../modules/services) ++ #(import ../modules/services) ++
@@ -36,23 +31,24 @@
packages = with pkgs; [ packages = with pkgs; [
# Terminal # Terminal
pfetch # Minimal fetch pfetch # Minimal fetch
ranger # File Manager ranger # File Manager
gnupg # sign and authorize 2nd Fac gnupg # sign and authorize 2nd Fac
#xdg-utils #xdg-utils
# Video/Audio # Video/Audio
#libva-utils # vainfo #libva-utils # vainfo
# Apps # Apps
hdparm hdparm
python3 python3Full
# File Management # File Management
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
#unzip # Zip files #unzip # Zip files
#unrar # Rar files #unrar # Rar files
]; ];
stateVersion = "23.11"; stateVersion = "23.11";
}; };

84
hosts/jupiter/default.nix
View File

@@ -1,62 +1,74 @@
# #
# Jupiter — NAS server configuration # Specific system configuration settings for desktop
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{ {
config, imports = # For now, if applying to other ssystem, swap files
pkgs, [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
inputs, #(import ../../modules/wm/virtualisation) ++ # Docker
user, (import ../../modules/services/nas) ++ # Server Services
... (import ../../modules/hardware); # Hardware devices
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/nas);
# ── Server module options ─────────────────────────────────────────────── boot = { # Boot options
# No virtualisation on the NAS
# ── Host-specific settings ──────────────────────────────────────────────
# Example: host-specific overlay — only jupiter gets these packages in its pkgs.
# nixpkgs.overlays = [
# (final: prev: {
# corosync-qdevice = (import ../../packages { pkgs = prev; }).corosync-qdevice;
# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
# })
# ];
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi = {
efi.efiSysMountPoint = "/boot"; canTouchEfiVariables = true;
timeout = 1; efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
}; };
}; };
programs = { # environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
services = { services = {
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

340
hosts/jupiter/hardware-configuration.nix
View File

@@ -10,22 +10,18 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[(modulesPath + "/profiles/qemu-guest.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; {
boot.initrd.kernelModules = []; imports =
[(modulesPath + "/profiles/qemu-guest.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.initrd.secrets = { boot.initrd.secrets = {
"/root/NASKeyfile" = "/root/NASKeyfile" =
/root/NASKeyfile; /root/NASKeyfile;
}; };
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
NAS-RAID1 = { NAS-RAID1 = {
@@ -37,8 +33,8 @@
keyFile = "/root/NASKeyfile"; keyFile = "/root/NASKeyfile";
}; };
}; };
boot.kernelModules = []; boot.kernelModules = [ ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
@@ -54,174 +50,173 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [pkgs.lz4 pkgs.mbuffer]; instances = {
instances = { hf = {
hf = { onCalendar = "hourly";
onCalendar = "hourly"; settings = {
settings = { incremental = "yes";
incremental = "yes"; snapshot_create = "ondemand";
snapshot_create = "ondemand"; snapshot_dir = "@snapshots";
snapshot_dir = "@snapshots"; timestamp_format = "long";
timestamp_format = "long";
snapshot_preserve = "2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
volume = {
"/mnt/snapshots/Mars" = {
snapshot_create = "always";
subvolume = {
"@nas" = {};
};
};
};
};
};
lf = {
onCalendar = "daily";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
volume = { snapshot_preserve = "2m 2w 5d";
"/mnt/snapshots/root" = { snapshot_preserve_min = "latest";
snapshot_create = "always";
subvolume = { volume = {
"@" = {}; "/mnt/snapshots/Pluto" = {
"@home" = {}; snapshot_create = "always";
subvolume = {
"@" = {};
"@/Backups" = {};
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
}; };
};
}; };
volume = {
"/mnt/snapshots/Mars" = {
snapshot_create = "always";
subvolume = {
"@nas" = {};
};
};
};
};
}; };
lf = { };
onCalendar = "daily";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d"; fileSystems."/" =
snapshot_preserve_min = "latest"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
volume = { options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
"/mnt/snapshots/Pluto" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@/Backups" = {};
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
};
};
}; };
};
fileSystems."/" = { fileSystems."/home" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/mnt/snapshots/Mars" = {
device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/mnt/snapshots/Pluto" = {
device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = ["compress=zstd:8,noatime,subvolid=5"];
};
fileSystems."/mnt/Pluto" = {
device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = ["compress=zstd:8,noatime,subvol=@"];
};
fileSystems."/mnt/Mars" = {
device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/export/Pluto" = {
device = "/mnt/Pluto";
options = ["bind"];
};
fileSystems."/export/Mars" = {
device = "/mnt/Mars";
options = ["bind"];
};
swapDevices = [{device = "/swap/swapfile";}];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = ["192.168.2.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IPv6PrivacyExtensions = false;
};
ipv6AcceptRAConfig = {
DHCPv6Client = "always";
UseDNS = true;
};
dhcpV4Config = {
UseDNS = true;
};
dhcpV6Config = {
UseDNS = true;
};
};
}; };
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Mars" =
{ device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd:8,noatime,subvolid=5" ];
};
fileSystems."/mnt/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd:8,noatime,subvol=@" ];
};
fileSystems."/mnt/Mars" =
{ device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/export/Pluto" =
{ device = "/mnt/Pluto";
options = [ "bind" ];
};
fileSystems."/export/Mars" =
{ device = "/mnt/Mars";
options = [ "bind" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = { networking = {
hostName = "jupiter"; hostName = "jupiter";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
useDHCP = false; # For versatility sake, manually edit IP on nm-applet. networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];
@@ -233,9 +228,10 @@
powerManagement = { powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave"; cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true; powertop.enable = true;
#scsiLinkPolicy = "med_power_with_dipm"; scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = '' powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
''; '';
}; };
} }

19
hosts/jupiter/home.nix
View File

@@ -10,16 +10,22 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
home = { { pkgs, ... }:
# Specific packages for laptop
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
#auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
@@ -29,4 +35,5 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

135
hosts/kabtop/default.nix
View File

@@ -1,61 +1,112 @@
# #
# Kabtop — server configuration # Specific system configuration settings for desktop
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{ {
config, imports = # For now, if applying to other system, swap files
pkgs, [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
user, [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
agenix, [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
impermanence, (import ../../modules/services/server) ++ # Server Services
... (import ../../modules/hardware); # Hardware devices
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/server);
# ── Server module options ─────────────────────────────────────────────── boot = { # Boot options
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
myServer.fail2ban.enable = true;
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
grub = { loader = { # EFI Boot
grub = {
enable = true; enable = true;
device = "/dev/sda"; device = "/dev/sda";
};
timeout = 1; # Grub auto select time
};
};
environment = {
etc = {
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
};
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
}; };
timeout = 1;
}; };
}; };
environment.etc = { programs = { # No xbacklight, this is the alterantive
"fail2ban/filter.d/open-webui.conf" = { zsh.enable = true;
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
};
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
programs = {
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
services.qemuGuest.enable = true; services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
} }

189
hosts/kabtop/hardware-configuration.nix
View File

@@ -10,21 +10,17 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod"]; {
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; imports =
boot.kernelModules = ["kvm-amd"]; [ (modulesPath + "/profiles/qemu-guest.nix")
boot.extraModulePackages = []; ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
@@ -38,112 +34,109 @@
}; };
services.btrbk = { services.btrbk = {
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
settings = { settings = {
incremental = "yes"; incremental = "yes";
snapshot_create = "ondemand"; snapshot_create = "ondemand";
snapshot_dir = "@snapshots"; snapshot_dir = "@snapshots";
timestamp_format = "long"; timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = { volume = {
"/mnt/snapshots/root" = { "/mnt/snapshots/root" = {
snapshot_create = "always"; snapshot_create = "always";
subvolume = { subvolume = {
"@" = {}; "@" = {};
"@home" = {}; "@home" = {};
"@var" = {}; };
};
};
}; };
};
}; };
};
}; };
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
}; };
};
fileSystems."/" = { fileSystems."/home" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
}; };
fileSystems."/home" = { fileSystems."/srv" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
}; };
fileSystems."/srv" = { fileSystems."/var" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
}; };
fileSystems."/var" = { fileSystems."/nix" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
}; };
fileSystems."/nix" = { fileSystems."/swap" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
}; };
fileSystems."/swap" = { fileSystems."/mnt/snapshots/root" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
}; };
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
#swapDevices = [ { device = "/swap/swapfile"; } ]; #swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = []; swapDevices = [ ];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "kabtop"; hostName = "kabtop";
domain = "kabtop.de"; domain = "kabtop.de";
networkmanager = { networkmanager = {
enable = false; enable = false;
}; };
interfaces = {
ens18 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "37.44.215.182";
prefixLength = 24;
} ];
ipv6.addresses = [ {
address = "2a13:7e80:0:ef::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "37.44.215.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = []; allowedUDPPorts = [ ];
allowedTCPPorts = [80 443]; allowedTCPPorts = [ 80 443 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
address = [
"37.44.215.182/24"
"2a13:7e80:0:ef::2/64"
];
routes = [
{Gateway = "37.44.215.1";}
{Gateway = "fe80::1";}
];
dns = [
"9.9.9.9"
"2620:fe::fe"
];
};
}; };
}; };

19
hosts/kabtop/home.nix
View File

@@ -10,16 +10,22 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
home = { { pkgs, ... }:
# Specific packages for laptop
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
#auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
@@ -29,4 +35,5 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

34
hosts/kabtopci/default.nix
View File

@@ -1,34 +0,0 @@
#
# Kabtopci — CI server configuration
#
{
config,
pkgs,
user,
agenix,
impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/kabtopci);
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1;
};
};
}

115
hosts/kabtopci/hardware-configuration.nix
View File

@@ -1,115 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
swapDevices = [];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [
{
address = "195.90.221.87";
prefixLength = 22;
}
];
ipv6.addresses = [
{
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
}
];
};
};
defaultGateway = "195.90.220.1";
defaultGateway6 = {
address = "2a00:6800:3::1";
interface = "ens3";
};
nameservers = ["9.9.9.9" "2620:fe::fe"];
firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

43
hosts/kubemaster-1/default.nix
View File

@@ -1,43 +0,0 @@
#
# Kubemaster-1 — Kubernetes master server configuration
#
{
config,
pkgs,
user,
agenix,
impermanence,
...
}: {
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/kubemaster);
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
}

120
hosts/kubemaster-1/hardware-configuration.nix
View File

@@ -1,120 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/var" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
swapDevices = [];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp0s31f6";
ntp = ["192.168.2.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.2.1"
];
};
};
};
networking = {
useDHCP = false; # Deprecated
hostName = "kubemaster-1";
firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/e036f437-bc91-4398-b182-7cf5724e23a2
'';
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

105
hosts/laptop/default.nix Normal file
View File

@@ -0,0 +1,105 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
# simple-scan
intel-media-driver
# alacritty
];
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
tlp = {
enable = true; # TLP and auto-cpufreq for power management
settings = {
USB_DENYLIST="fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510";
};
};
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
#auto-cpufreq.enable = true;
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
tailscale.enable = true;
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

169
hosts/laptop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,169 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
kernelModules = [ "i915" "kvm_intel" ];
systemd.enable = true;
luks = {
devices."root" = {
device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
allowDiscards = true;
};
};
};
kernelModules = [ "kvm-intel" ];
extraModprobeConfig = ''
options i915 enable_guc=3 enable_fbc=1 fastboot=1
'';
kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
tmp.useTmpfs = true;
};
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "nbf5";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
interfaces = {
wlan0 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
#ipv4.addresses = [ {
# address = "192.168.0.51";
# prefixLength = 24;
#} ];
};
};
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = "loose";
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "schedutil";
powertop.enable = true;
};
}

57
hosts/laptop/home.nix Normal file
View File

@@ -0,0 +1,57 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

60
hosts/lifebook/default.nix
View File

@@ -1,60 +0,0 @@
#
# Lifebook laptop — system configuration
#
{
lib,
pkgs,
user,
...
}: {
imports = [
./hardware-configuration.nix
../../modules/desktop
];
# ── Desktop module options ──────────────────────────────────────────────
myDesktop.windowManager = "niri";
myDesktop.niri.hotkeyVariant = "lifebook";
myDesktop.cpu = "intel";
myDesktop.virtualisation.enable = true;
myDesktop.laptop.enable = true;
myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
myDesktop.laptop.hibernateDelaySec = "1h";
myDesktop.git.signingKey = "/home/${user}/.ssh/id_ed25519_sk_rk_blackred";
myDesktop.syncthing.enable = true;
myDesktop.syncthing.devices = {
"jupiter.home.opel-online.de" = {id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR";};
"hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";};
};
myDesktop.syncthing.folders = {
"Sync" = {
path = "/home/kabbone/Sync";
devices = ["jupiter.home.opel-online.de" "hades.home.opel-online.de"];
ignorePerms = false;
};
};
myDesktop.extraSystemPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
];
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = ["${./patched-SSDT4}"];
loader = {
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
}

261
hosts/lifebook/hardware-configuration.nix
View File

@@ -1,261 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports =
[(modulesPath + "/installer/scan/not-detected.nix")]
++ [(import ../../modules/hardware/backup.nix)];
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci"];
kernelModules = ["i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1"];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = ["kvm-intel"];
kernelParams = ["luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force"];
extraModprobeConfig = ''
options i915 force_probe=!9a49
options xe force_probe=9a49
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
extraPackages = [pkgs.lz4 pkgs.mbuffer];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
tuned = {
enable = true;
profiles = {
balanced_powertop = {
main = {
include = "balanced";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "enabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "enabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "enabled";
};
};
balanced-battery_powertop = {
main = {
include = "balanced-battery";
};
sysfs = {
"/sys/class/net/wlan0/device/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb3/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb1/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-9/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb4/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-10/power/wakeup" = "disabled";
"/sys/bus/usb/devices/usb2/power/wakeup" = "disabled";
"/sys/bus/usb/devices/3-5/power/wakeup" = "disabled";
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
after = ["network-online.target"];
requires = ["network-online.target"];
};
};
fileSystems."/" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/opt" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
};
fileSystems."/var" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/mnt/Pluto" = {
device = "jupiter.home.opel-online.de:/Pluto";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" = {
device = "jupiter.home.opel-online.de:/Mars";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [{device = "/swap/swapfile";}];
networking = {
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = false;
enable = true;
allowedUDPPorts = [24727 51820];
allowedTCPPorts = [24727];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# powerManagement = {
# powertop.enable = true;
# };
}

26
hosts/lifebook/home.nix
View File

@@ -1,26 +0,0 @@
#
# Lifebook laptop — home-manager host-specific additions
# (WM home config is loaded by modules/desktop based on myDesktop.windowManager)
#
{pkgs, ...}: {
imports = [
../../modules/home.nix # cmds / theme options
];
home.packages = with pkgs; [
libreoffice
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
intel-gpu-tools
pulsemixer
];
services = {
blueman-applet.enable = true;
network-manager-applet.enable = true;
};
xsession.preferStatusNotifierItems = true;
}

BIN
hosts/lifebook/patched-SSDT4
View File

Binary file not shown.

74
hosts/nas/default.nix Normal file
View File

@@ -0,0 +1,74 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
(import ../../modules/wm/virtualisation) ++ # Docker
(import ../../modules/services/nas) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

255
hosts/nas/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,255 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.initrd.secrets = {
"/root/NASKeyfile" =
/root/NASKeyfile;
};
boot.initrd.luks.devices = {
NAS-RAID1 = {
device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
keyFile = "/root/NASKeyfile";
};
NAS-RAID2 = {
device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
keyFile = "/root/NASKeyfile";
};
};
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
"/mnt/Pluto"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
"@nas/Home" = {};
};
};
};
};
};
lf = {
onCalendar = "daily";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/Pluto" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@/Backups" = {};
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Mars" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
};
fileSystems."/mnt/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,noatime,subvol=@" ];
};
fileSystems."/mnt/Mars" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/export/Pluto" =
{ device = "/mnt/Pluto";
options = [ "bind" ];
};
fileSystems."/export/Mars" =
{ device = "/mnt/Mars";
options = [ "bind" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
vswitches = {
vs0 = {
interfaces = {
enp0s31f6 = { };
lo1 = {
type = "internal";
};
enp0s31f6iot = {
type = "internal";
vlan = 100;
};
};
};
};
useDHCP = false; # Deprecated
hostName = "nas";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
# enp0s31f6 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
lo1 = {
useDHCP = true;
macAddress = "f6:14:f3:7b:1f:f7";
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "lo1";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
#};
};
systemd.services = {
"ovsdb".partOf = [ "network-setup.service" ];
"ovs-vswitchd".partOf = [ "network-setup.service" ];
"network-addresses-lo1" = {
requires = [ "network-setup.service" ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
'';
};
}

19
hosts/kabtopci/home.nix → hosts/nas/home.nix
View File

@@ -10,16 +10,22 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
home = { { pkgs, ... }:
# Specific packages for laptop
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
#auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
@@ -29,4 +35,5 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

66
hosts/nasbackup/default.nix
View File

@@ -1,52 +1,66 @@
# #
# Nasbak — NAS backup server configuration # Specific system configuration settings for desktop
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{ {
config, imports = # For now, if applying to other system, swap files
pkgs, [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
user, #[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
... (import ../../modules/services/nasbackup) ++ # Server Services
}: { (import ../../modules/hardware); # Hardware devices
imports =
[
./hardware-configuration.nix
../../modules/server
]
++ (import ../../modules/services/nasbackup);
# ── Server module options ─────────────────────────────────────────────── boot = { # Boot options
# No virtualisation on the backup NAS
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = {
loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi = {
efi.efiSysMountPoint = "/boot"; canTouchEfiVariables = true;
timeout = 1; efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
}; };
}; };
programs = { programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
services = { services = {
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
}; };
} }

339
hosts/nasbackup/hardware-configuration.nix
View File

@@ -1,3 +1,4 @@
# Hardware settings for Teclast F5 10" Laptop # Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2 # NixOS @ sda2
# #
@@ -9,22 +10,18 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; {
boot.initrd.kernelModules = ["vfio_pci" "vfio" "vfio_iommu_type1"]; imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.initrd.secrets = { boot.initrd.secrets = {
"/root/NASKeyfile" = "/root/NASKeyfile" =
/root/NASKeyfile; /root/NASKeyfile;
}; };
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
NAS-RAID1 = { NAS-RAID1 = {
@@ -38,8 +35,8 @@
bypassWorkqueues = true; bypassWorkqueues = true;
}; };
}; };
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
@@ -54,167 +51,182 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [pkgs.lz4 pkgs.mbuffer]; extraPackages = [ pkgs.lz4 ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
settings = { settings = {
incremental = "yes"; incremental = "yes";
snapshot_create = "ondemand"; snapshot_create = "ondemand";
snapshot_dir = "@snapshots"; snapshot_dir = "@snapshots";
timestamp_format = "long"; timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = { volume = {
"/mnt/snapshots/root" = { "/mnt/snapshots/root" = {
snapshot_create = "always"; snapshot_create = "always";
subvolume = { subvolume = {
"@" = {}; "@" = {};
"@home" = {}; "@home" = {};
};
};
};
}; };
};
}; };
}; bak = {
}; onCalendar = "weekly";
bak = { settings = {
onCalendar = "weekly"; stream_compress = "lz4";
settings = { incremental = "yes";
stream_buffer = "265m"; snapshot_create = "no";
stream_compress = "lz4"; snapshot_dir = "@snapshots";
incremental = "yes"; timestamp_format = "long";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all"; snapshot_preserve_min = "all";
target_preserve_min = "no"; target_preserve_min = "no";
target_preserve = "4w 2m"; target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk"; ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk"; ssh_user = "btrbk";
volume = { volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = { "ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
subvolume = { target = "/mnt/nas/Backups/Mars";
"@nas" = { subvolume = {
target = "/mnt/nas/Backups/Mars"; "@nas" = {};
}; };
"@hades/@home" = { };
target = "/mnt/nas/Backups/Hades"; };
snapshot_dir = "@snapshots/@hades"; volume = {
}; "ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
"@lifebook/@home" = { target = "/mnt/nas/Backups/Pluto";
target = "/mnt/nas/Backups/Lifebook"; subvolume = {
snapshot_dir = "@snapshots/@lifebook"; "@/Games" = {};
}; "@/IT" = {};
# "@steamdeck/@home" = { "@/Media" = {};
# target = "/mnt/nas/Backups/Steamdeck"; "@/Pictures" = {};
# snapshot_dir = "@snapshots/@steamdeck"; "@/Rest" = {};
# }; };
};
};
}; };
};
}; };
volume = { # lf = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = { # onCalendar = "daily";
target = "/mnt/nas/Backups/Pluto"; # settings = {
subvolume = { # incremental = "yes";
"@/Games" = {}; # snapshot_create = "ondemand";
"@/IT" = {}; # snapshot_dir = "@snapshots";
"@/Media" = {}; # timestamp_format = "long";
"@/Pictures" = {}; #
"@/Rest" = {}; # snapshot_preserve = "2m 2w 5d";
}; # snapshot_preserve_min = "latest";
}; #
}; # volume = {
}; # "/mnt/snapshots/Pluto" = {
# snapshot_create = "always";
# subvolume = {
# "@" = {};
# "@/Backups" = {};
# "@/Games" = {};
# "@/IT" = {};
# "@/Media" = {};
# "@/Pictures" = {};
# "@/Rest" = {};
# };
# };
# };
# };
# };
}; };
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
}; };
};
systemd.services = { fileSystems."/home" =
btrbk-bak = { { device = "/dev/disk/by-label/NIXROOT";
after = ["network-online.target"]; fsType = "btrfs";
requires = ["network-online.target"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
}; };
};
fileSystems."/" = { fileSystems."/srv" =
device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
# fileSystems."/mnt/snapshots/Pluto" =
# { device = "/dev/disk/by-label/NAS-RAID";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
# };
#
fileSystems."/mnt/nas" = {
device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs";
options = ["compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [{device = "/swap/swapfile";}];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
ntp = ["192.168.2.1"];
domains = ["home.opel-online.de"];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
}; };
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
}; };
# fileSystems."/mnt/snapshots/Pluto" =
# { device = "/dev/disk/by-label/NAS-RAID";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
# };
#
fileSystems."/mnt/nas" =
{ device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = { networking = {
hostName = "nasbak"; hostName = "nasbak";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
useDHCP = false; # For versatility sake, manually edit IP on nm-applet. networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];
@@ -226,9 +238,10 @@
powerManagement = { powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave"; cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true; powertop.enable = true;
# powerUpCommands = '' # powerUpCommands = ''
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 # ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2 # ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
# ''; # '';
}; };
} }

19
hosts/nasbackup/home.nix
View File

@@ -10,16 +10,22 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
home = { { pkgs, ... }:
# Specific packages for laptop
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
#auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
@@ -29,4 +35,5 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

94
hosts/nbf5/default.nix
View File

@@ -1,94 +0,0 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{
config,
pkgs,
user,
...
}: {
imports =
# For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)]
++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
# [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)]
++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)]
++ # kvm module options
(import ../../modules/hardware)
++ (import ../../modules/services/printer); # Hardware devices
boot = {
# Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = {
# EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
environment = {
systemPackages = with pkgs; [
intel-media-driver
];
};
programs = {
# No xbacklight, this is the alterantive
light.enable = true;
};
services = {
tlp = {
enable = true; # TLP and auto-cpufreq for power management
settings = {
USB_DENYLIST = "fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510";
};
};
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = {
# Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = {
# Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

160
hosts/nbf5/hardware-configuration.nix
View File

@@ -1,160 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc"];
kernelModules = ["i915" "kvm_intel"];
systemd.enable = true;
luks = {
devices."root" = {
device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
allowDiscards = true;
};
};
};
kernelModules = ["kvm-intel"];
extraModprobeConfig = ''
options i915 enable_guc=3 enable_fbc=1 fastboot=1
'';
kernelParams = ["mitigations=off" "luks.options=fido2-device=auto"];
tmp.useTmpfs = true;
};
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
};
fileSystems."/home" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
};
fileSystems."/srv" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
};
fileSystems."/opt" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
};
fileSystems."/nix" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
};
fileSystems."/mnt/snapshots/root" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
fileSystems."/mnt/Pluto" = {
device = "jupiter:/Pluto";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
fileSystems."/mnt/Mars" = {
device = "jupiter:/Mars";
fsType = "nfs";
options = ["noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [];
networking = {
useDHCP = false; # Deprecated
hostName = "nbf5";
wireless = {
iwd.enable = true;
interfaces = ["wlan0"];
};
interfaces = {
wlan0 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
};
};
firewall = {
enable = true;
#allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [80 443];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "schedutil";
powertop.enable = true;
};
}

48
hosts/nbf5/home.nix
View File

@@ -1,48 +0,0 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{pkgs, ...}: {
imports = [
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = {
# Specific packages for laptop
packages = with pkgs; [
# Applications
firefox
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = {
# Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

101
hosts/server/default.nix Normal file
View File

@@ -0,0 +1,101 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
(import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/sda";
};
timeout = 1; # Grub auto select time
};
};
environment = {
etc = {
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
}

138
hosts/server/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,138 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
#swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtop";
domain = "kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens18 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "45.142.114.153";
prefixLength = 24;
} ];
ipv6.addresses = [ {
address = "2a00:ccc1:101:19D::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
#hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/kubemaster-1/home.nix → hosts/server/home.nix
View File

@@ -10,16 +10,22 @@
# └─ ./hyprland # └─ ./hyprland
# └─ hyprland.nix # └─ hyprland.nix
# #
{pkgs, ...}: {
imports = [
../../modules/home.nix # Window Manager
];
home = { { pkgs, ... }:
# Specific packages for laptop
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
#auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
@@ -29,4 +35,5 @@
programs = { programs = {
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
} }

115
hosts/steamdeck/default.nix
View File

@@ -1,53 +1,92 @@
# #
# Steamdeck — system configuration # Specific system configuration settings for desktop
# #
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, jovian-nixos, lib, ... }:
{ {
lib, imports = # For now, if applying to other system, swap files
pkgs, [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
user, [(import ../../modules/wm/steam/default.nix)] ++ # jovian steam
jovian-nixos, [(import ../../modules/wm/kde/default.nix)] ++ # Window Manager
... (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
}: { [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
imports = [ (import ../../modules/hardware); # Hardware devices
./hardware-configuration.nix
../../modules/desktop
../../modules/wm/steam
];
# ── Desktop module options ────────────────────────────────────────────── boot = { # Boot options
myDesktop.windowManager = "kde"; loader = { # EFI Boot
myDesktop.cpu = "amd";
myDesktop.virtualisation.enable = true;
myDesktop.nitrokey.enable = true;
specialisation = {
sway.configuration = {
imports = [(import ../../modules/wm/sway)];
jovian.steam.enable = lib.mkForce false;
services.desktopManager.plasma6.enable = lib.mkForce false;
};
};
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
loader = {
systemd-boot.enable = lib.mkForce false; systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true; efi = {
efi.efiSysMountPoint = "/boot"; canTouchEfiVariables = true;
timeout = 1; efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
}; };
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
}; };
services.printing = { # hardware.sane = { # Used for scanning with Xsane
enable = true; # enable = false;
drivers = [pkgs.gutenprint]; # extraBackends = [ pkgs.sane-airscan ];
# };
hardware = {
nitrokey.enable = true;
}; };
services.tailscale.enable = true; # environment = {
# systemPackages = with pkgs; [
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryFlavor = "curses";
};
};
services = {
# blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
tailscale.enable = true;
};
security.pam.sshAgentAuth.enable = true; security.pam.sshAgentAuth.enable = true;
} }

287
hosts/steamdeck/hardware-configuration.nix
View File

@@ -10,180 +10,145 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/installer/scan/not-detected.nix")
pkgs, ];
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = { boot = {
initrd = { initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci"]; availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = []; kernelModules = [ ];
systemd.enable = true; systemd.enable = true;
luks = { luks = {
devices."crypted" = { devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true; allowDiscards = true;
bypassWorkqueues = true; bypassWorkqueues = true;
}; };
}; };
}; };
kernelModules = ["kvm-amd" "amdgpu"]; kernelModules = [ "kvm-amd" "amdgpu" ];
kernelParams = ["luks.options=fido2-device=auto"]; kernelParams = [ "luks.options=fido2-device=auto" ];
tmp.useTmpfs = false; tmp.useTmpfs = false;
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
}; };
zramSwap.enable = true; zramSwap.enable = true;
services = { services = {
btrfs.autoScrub = { btrfs.autoScrub = {
enable = true; enable = true;
interval = "monthly"; interval = "monthly";
fileSystems = [ fileSystems = [
"/" "/"
]; ];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
}; };
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
}; };
};
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
fileSystems."/" = { fileSystems."/boot" =
device = "/dev/mapper/crypted"; { device = "/dev/disk/by-label/NIXBOOT";
fsType = "btrfs"; fsType = "vfat";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"]; };
};
fileSystems."/boot" = { fileSystems."/home" =
device = "/dev/disk/by-label/NIXBOOT"; { device = "/dev/mapper/crypted";
fsType = "vfat"; fsType = "btrfs";
}; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/home" = { fileSystems."/nix" =
device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
}; };
fileSystems."/nix" = { fileSystems."/srv" =
device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
}; };
fileSystems."/srv" = { fileSystems."/swap" =
device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
}; };
fileSystems."/swap" = { fileSystems."/opt" =
device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
}; };
fileSystems."/opt" = { fileSystems."/mnt/snapshots/root" =
device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
}; };
fileSystems."/mnt/snapshots/root" = { # fileSystems."/sdcard" =
device = "/dev/mapper/crypted"; # { device = "/dev/disk/by-label/sdcard";
fsType = "btrfs"; # fsType = "ext4";
options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"]; # options = [ "nofail,noauto,users,x-systemd.automount" ];
}; # };
# fileSystems."/sdcard" = fileSystems."/mnt/Pluto" =
# { device = "/dev/disk/by-label/sdcard"; { device = "jupiter:/Pluto";
# fsType = "ext4"; fsType = "nfs";
# options = [ "nofail,noauto,users,x-systemd.automount" ]; options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
# }; };
fileSystems."/mnt/Pluto" = { fileSystems."/mnt/Mars" =
device = "jupiter:/Pluto"; { device = "jupiter:/Mars";
fsType = "nfs"; fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"]; options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
fileSystems."/mnt/Mars" = {
device = "jupiter:/Mars";
fsType = "nfs";
options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
};
swapDevices = [{device = "/swap/swapfile";}]; swapDevices = [ { device = "/swap/swapfile"; } ];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "steamdeck"; hostName = "steamdeck";
wireless.iwd.enable = true; wireless.iwd.enable = true;
networkmanager = { networkmanager = {
@@ -193,22 +158,22 @@
powersave = false; powersave = false;
}; };
}; };
# interfaces = { # interfaces = {
# wlan0 = { # wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet. # useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ { # #ipv4.addresses = [ {
# # address = "192.168.0.51"; # # address = "192.168.0.51";
# # prefixLength = 24; # # prefixLength = 24;
# #} ]; # #} ];
# }; # };
# }; # };
#defaultGateway = "192.168.0.1"; #defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ]; #nameservers = [ "192.168.0.4" ];
firewall = { firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
enable = true; # enable = false;
allowedUDPPorts = [24727]; # #allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [24727]; # #allowedTCPPorts = [ 53 80 443 9443 ];
}; };
}; };

50
hosts/steamdeck/home.nix
View File

@@ -1,27 +1,55 @@
# #
# Home-manager configuration for steamdeck # Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
# #
{pkgs, ...}: {
specialisation = {
sway.configuration = {
imports = [(import ../../modules/wm/sway/home.nix)];
};
};
{ pkgs, ... }:
{
imports = imports =
[(import ../../modules/home.nix)] [
++ [(import ../../modules/wm/steam/home.nix)]; ../../modules/wm/steam/home.nix # Window Manager
../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
libreoffice # Applications
libreoffice # Office packages
#firefox
chromium chromium
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
pulsemixer pulsemixer
#yuzu-early-access
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
};
xsession.preferStatusNotifierItems = true; xsession.preferStatusNotifierItems = true;
} }

52
hosts/vm/hardware-configuration.nix
View File

@@ -1,40 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/profiles/qemu-guest.nix")
pkgs, ];
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-label/nixos"; { device = "/dev/disk/by-label/nixos";
fsType = "btrfs"; fsType = "btrfs";
options = ["compress=zstd,space_cache=v2,ssd,noatime"]; options = [ "compress=zstd,space_cache=v2,ssd,noatime" ];
}; };
# fileSystems."/home" = # fileSystems."/home" =
# { device = "/dev/disk/by-label/root"; # { device = "/dev/disk/by-label/root";
# fsType = "btrfs"; # fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ]; # options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
# }; # };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-label/BOOT"; { device = "/dev/disk/by-label/BOOT";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

552
modules/desktop/default.nix
View File

@@ -1,552 +0,0 @@
#
# Desktop module — import this instead of manual WM/virtualisation imports.
#
# Usage in hosts/<hostname>/default.nix:
#
# imports = [
# ./hardware-configuration.nix
# ../../modules/desktop
# ];
#
# myDesktop.windowManager = "niri"; # niri (default) | sway | kde
# myDesktop.cpu = "amd"; # amd | intel | none (default)
#
# myDesktop.virtualisation.enable = true;
#
# myDesktop.syncthing.enable = true;
# myDesktop.syncthing.devices = { "jupiter.home.example.de" = { id = "XXXXX-..."; }; };
# myDesktop.syncthing.folders = { "Sync" = { path = "/home/user/Sync"; devices = [...]; }; };
#
# myDesktop.openrgb.enable = true;
# myDesktop.openrgb.motherboard = "amd"; # or "intel"
#
# myDesktop.laptop.enable = true;
# myDesktop.laptop.lidSwitch = "suspend-then-hibernate";
# myDesktop.laptop.hibernateDelaySec = "1h";
#
# myDesktop.nitrokey.enable = true;
#
# myDesktop.extraSystemPackages = with pkgs; [ some-tool ];
#
{
config,
lib,
pkgs,
inputs,
user,
...
}: let
cfg = config.myDesktop;
in {
# Hardware modules that are always useful on desktops (bluetooth, …)
imports = import ../hardware;
# ── Options ──────────────────────────────────────────────────────────────
options.myDesktop = with lib; {
windowManager = mkOption {
type = types.enum ["niri" "sway" "kde"];
default = "niri";
description = "Window manager / desktop environment for this host.";
};
cpu = mkOption {
type = types.enum ["amd" "intel" "none"];
default = "none";
description = "CPU type selects the matching KVM kernel parameters.";
};
virtualisation.enable =
mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)";
syncthing = {
enable = mkEnableOption "syncthing continuous file synchronisation";
devices = mkOption {
type = types.attrs;
default = {};
example =
literalExpression
''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }'';
description = "Syncthing peer devices.";
};
folders = mkOption {
type = types.attrs;
default = {};
example =
literalExpression
''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }'';
description = "Syncthing shared folders.";
};
};
openrgb = {
enable = mkEnableOption "OpenRGB RGB motherboard control";
motherboard = mkOption {
type = types.str;
default = "amd";
description = "Motherboard vendor string passed to OpenRGB (amd or intel).";
};
};
laptop = {
enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)";
lidSwitch = mkOption {
type = types.str;
default = "suspend-then-hibernate";
description = "systemd-logind action on lid close.";
};
hibernateDelaySec = mkOption {
type = types.str;
default = "1h";
description = "Delay before transitioning from suspend to hibernate.";
};
};
nitrokey.enable = mkEnableOption "Nitrokey hardware security key support";
niri.hotkeyVariant = mkOption {
type = types.enum ["default" "lifebook"];
default = "default";
description = "Niri hotkey variant to deploy selects binds/<variant>.kdl.";
};
git.signingKey = mkOption {
type = types.str;
default = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
description = "SSH key used for git commit signing on this host.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base desktop config (replaces configuration_desktop.nix) ───────────
{
users.users.${user} = {
isNormalUser = true;
uid = 2000;
extraGroups = [
"wheel"
"video"
"audio"
"camera"
"networkmanager"
"lp"
"kvm"
"libvirtd"
"adb"
"dialout"
"tss"
];
};
security = {
pam.services.login.enableGnomeKeyring = true;
# swaylock PAM is harmless on non-sway WMs
pam.services.swaylock = {};
rtkit.enable = true;
};
environment.systemPackages = with pkgs;
[
file
powertop
cpufrequtils
lm_sensors
libva-utils
at-spi2-core
qmk-udev-rules
gptfdisk
age-plugin-yubikey
pwgen
sbctl
ausweisapp
e2fsprogs
orca-slicer
]
++ cfg.extraSystemPackages;
nixpkgs.config.permittedInsecurePackages = ["mbedtls-2.28.10"];
services = {
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
pcscd.enable = true;
yubikey-agent.enable = true;
udev.packages = with pkgs; [yubikey-personalization nitrokey-udev-rules];
flatpak.enable = true;
gvfs.enable = true;
fwupd.enable = true;
blueman.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
programs.dconf.enable = true;
system.autoUpgrade.enable = false;
home-manager.users.${user}.programs.git.signing.key =
cfg.git.signingKey;
}
# ── Niri ───────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "niri") {
environment = {
systemPackages = with pkgs; [
alacritty
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
swaylock
swayidle
slurp
grim
lxqt.lxqt-openssh-askpass
clinfo
glib
brightnessctl
playerctl
xwayland-satellite
breeze-hacked-cursor-theme
pwvucontrol
];
loginShellInit = ''
export GTK_IM_MODULE="simple"
export ELECTRON_OZONE_PLATFORM_HINT="auto"
export NIXOS_OZONE_WL="1"
export WLR_RENDERER="vulkan"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
services = {
iio-niri.enable = false;
greetd = {
enable = true;
useTextGreeter = true;
settings.default_session.command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
};
tuned.enable = true;
upower.enable = true;
};
programs = {
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
# Noctalia shell + niri home config via home-manager
home-manager.users.${user} = {
imports = [
inputs.noctalia.homeModules.default
../wm/niri/home.nix
];
xdg.configFile."niri/binds.kdl".source =
../wm/niri/binds/${cfg.niri.hotkeyVariant}.kdl;
services = {
mako.enable = true;
polkit-gnome.enable = true;
};
programs = {
fuzzel.enable = true;
noctalia-shell = {
enable = true;
settings = {
appLauncher.terminalCommand = "alacritty -e";
bar = {
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{
id = "ControlCenter";
useDistroLogo = true;
}
{
hideUnoccupied = false;
id = "Workspace";
labelMode = "index";
showApplications = true;
}
{id = "ActiveWindow";}
];
center = [
{
formatHorizontal = "HH:mm\\ndd-MM-yy";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true;
}
];
right = [
{id = "MediaMini";}
{
id = "SystemMonitor";
showNetworkStats = true;
compactMode = false;
}
{id = "WiFi";}
{id = "Bluetooth";}
{
id = "Battery";
displayMode = "icon-always";
hideIfNotDetected = true;
}
{
id = "Volume";
displayMode = "alwaysShow";
}
{
id = "NotificationHistory";
hideWhenZero = true;
}
{id = "Tray";}
];
};
};
colorSchemes.predefinedScheme = "Catppuccin";
general = {
avatarImage = "/home/${user}/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
};
location = {
monthBeforeDay = true;
name = "Munich, Germany";
showWeekNumberInCalendar = true;
firstDayOfWeek = 0;
};
wallpaper = {
enabled = true;
overviewEnabled = false;
directory = "/home/${user}/.setup/modules/themes/";
};
brightness = {
enforceMinimum = true;
brightnessStep = 5;
};
controlCenter.shortcuts.left = [
{id = "WiFi";}
{id = "Bluetooth";}
{id = "ScreenRecorder";}
{id = "PowerProfile";}
{id = "KeepAwake";}
];
dock.enabled = false;
sessionMenu.enableCountdown = false;
templates = {
fuzzel = true;
alacritty = true;
qt = true;
gtk = true;
discord = true;
code = true;
telegram = true;
niri = true;
firefox = true;
};
};
};
};
home.file.".cache/noctalia/wallpapers.json".text = builtins.toJSON {
defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg";
};
};
})
# ── Sway ───────────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "sway") {
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
exec sway
fi
'';
systemPackages = with pkgs; [
xdg-desktop-portal-wlr
sway
swaylock
swayidle
slurp
grim
bemenu
lxqt.lxqt-openssh-askpass
clinfo
waybar
glib
];
};
programs = {
sway = {
enable = true;
extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND="1"
export MOZ_WEBRENDER="1"
export WLR_RENDERER="vulkan"
export XDG_SESSION_TYPE="wayland"
export GTK_THEME="Arc"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
home-manager.users.${user}.imports = [
../wm/sway/home.nix
../wm/waybar.nix # sway uses waybar for the bar
];
})
# ── KDE Plasma ─────────────────────────────────────────────────────────
(lib.mkIf (cfg.windowManager == "kde") {
environment.systemPackages = with pkgs; [
kdePackages.discover
maliit-keyboard
maliit-framework
kdePackages.ksshaskpass
];
programs.ssh = {
enableAskPassword = true;
askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
};
services = {
packagekit.enable = true;
desktopManager.plasma6.enable = true;
udev.packages = with pkgs; [gnome-settings-daemon];
};
qt.platformTheme = "kde";
home-manager.users.${user}.imports = [../wm/kde/home.nix];
})
# ── Virtualisation (podman/docker-compat + qemu/libvirt) ───────────────
(lib.mkIf cfg.virtualisation.enable {
users.groups = {
docker.members = [user];
libvirtd.members = ["root" user];
};
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
libvirtd = {
enable = true;
onShutdown = "shutdown";
qemu.runAsRoot = false;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
virt-viewer
qemu
OVMF
OVMF-cloud-hypervisor
gvfs
cloud-hypervisor
];
})
# ── KVM AMD ──────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "amd") {
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
'';
})
# ── KVM Intel ────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.cpu == "intel") {
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
'';
})
# ── Syncthing ──────────────────────────────────────────────────────────
(lib.mkIf cfg.syncthing.enable {
services.syncthing = {
enable = true;
group = "users";
user = user;
dataDir = "/home/${user}/Sync";
configDir = "/home/${user}/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = cfg.syncthing.devices;
folders = cfg.syncthing.folders;
};
};
})
# ── OpenRGB ────────────────────────────────────────────────────────────
(lib.mkIf cfg.openrgb.enable {
services.hardware.openrgb = {
enable = true;
motherboard = cfg.openrgb.motherboard;
};
})
# ── Laptop ─────────────────────────────────────────────────────────────
(lib.mkIf cfg.laptop.enable {
systemd.sleep.extraConfig = "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
services.logind.settings.Login.HandleLidSwitch =
cfg.laptop.lidSwitch;
})
# ── Nitrokey ───────────────────────────────────────────────────────────
(lib.mkIf cfg.nitrokey.enable {
hardware.nitrokey.enable = true;
})
];
}

1
modules/editors/default.nix
View File

@@ -9,6 +9,7 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./nvim ./nvim
] ]

21
modules/editors/nvim/config/default.nix
View File

@@ -1,15 +1,16 @@
{nvim, ...}: { { nvim, ... }:
{
# Import all your configuration modules here # Import all your configuration modules here
programs.nixvim = { programs.nixvim = {
enable = true; enable = true;
colorschemes.gruvbox.enable = true; colorschemes.gruvbox.enable = true;
imports = [ imports = [
./bufferline.nix ./bufferline.nix
./plugins.nix ./plugins.nix
./options.nix ./options.nix
./keymaps.nix ./keymaps.nix
./highlight.nix ./highlight.nix
]; ];
}; };
} }

18
modules/editors/nvim/config/options.nix
View File

@@ -1,14 +1,14 @@
{ {
config = { config = {
globals.mapleader = " "; globals.mapleader = " ";
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
opts = { opts = {
number = true; # Show line numbers number = true; # Show line numbers
relativenumber = true; # Show relative line numbers relativenumber = true; # Show relative line numbers
shiftwidth = 2; # Tab width should be 2 shiftwidth = 2; # Tab width should be 2
};
}; };
};
} }

82
modules/editors/nvim/config/plugins.nix
View File

@@ -1,51 +1,51 @@
{ {
plugins = { plugins = {
lualine.enable = true; lualine.enable = true;
cmp = { cmp = {
enable = true; enable = true;
autoEnableSources = true; autoEnableSources = true;
settings = { settings = {
sources = [ sources = [
{name = "nvim_lsp";} {name = "nvim_lsp";}
{name = "path";} {name = "path";}
{name = "buffer";} {name = "buffer";}
{name = "luasnip";} {name = "luasnip";}
]; ];
mapping = { mapping = {
"<C-d>" = "cmp.mapping.scroll_docs(-4)"; "<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)"; "<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()"; "<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()"; "<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ select = true })"; "<CR>" = "cmp.mapping.confirm({ select = true })";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; "<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
};
};
}; };
};
};
lsp = { lsp = {
enable = true; enable = true;
servers = { servers = {
tsserver.enable = true; tsserver.enable = true;
lua-ls = { lua-ls = {
enable = true; enable = true;
settings.telemetry.enable = false; settings.telemetry.enable = false;
};
# rust-analyzer = {
# enable = true;
# installCargo = true;
# };
};
}; };
# rust-analyzer = {
# enable = true; telescope.enable = true;
# installCargo = true;
# }; treesitter.enable = true;
};
luasnip.enable = true;
}; };
telescope.enable = true;
treesitter.enable = true;
luasnip.enable = true;
};
} }

281
modules/editors/nvim/default.nix
View File

@@ -1,9 +1,13 @@
# #
# Neovim # Neovim
# #
{pkgs, ...}: {
{ pkgs, ... }:
{
home = { home = {
packages = [pkgs.gnvim]; packages = [ pkgs.gnvim ];
}; };
programs = { programs = {
@@ -13,147 +17,146 @@
vimAlias = true; vimAlias = true;
vimdiffAlias = true; vimdiffAlias = true;
withNodeJs = true; withNodeJs = true;
withRuby = true;
withPython3 = true;
# plugins = with pkgs.vimPlugins; [ # plugins = with pkgs.vimPlugins; [
# #
# # Syntax # # Syntax
# #vim-nix # #vim-nix
# #vim-markdown # #vim-markdown
# #
# # Quality of life # # Quality of life
# vim-lastplace # Opens document where you left it # vim-lastplace # Opens document where you left it
# auto-pairs # Print double quotes/brackets/etc. # auto-pairs # Print double quotes/brackets/etc.
# vim-gitgutter # See uncommitted changes of file :GitGutterEnable # vim-gitgutter # See uncommitted changes of file :GitGutterEnable
# #
# # File Tree # # File Tree
# nerdtree # File Manager - set in extraConfig to F6 # nerdtree # File Manager - set in extraConfig to F6
# #
# # Customization # # Customization
# wombat256-vim # Color scheme for lightline # wombat256-vim # Color scheme for lightline
# srcery-vim # Color scheme for text # srcery-vim # Color scheme for text
# #
# lightline-vim # Info bar at bottom # lightline-vim # Info bar at bottom
# indent-blankline-nvim # Indentation lines # indent-blankline-nvim # Indentation lines
# #
# # Syntax # # Syntax
# nvim-treesitter.withAllGrammars # nvim-treesitter.withAllGrammars
# # finder # # finder
# telescope-nvim # telescope-nvim
# # completion # # completion
# nvim-cmp # nvim-cmp
# # status line # # status line
# lualine-nvim # lualine-nvim
# # indent # # indent
# indent-blankline-nvim # indent-blankline-nvim
# ]; # ];
# extraPackages = with pkgs; [ extraPackages = with pkgs; [
# ripgrep ripgrep
# fd fd
# nodejs nodejs
# nodePackages.npm nodePackages.npm
# ]; ];
# extraConfig = '' # extraConfig = ''
# set expandtab # set expandtab
# set shiftwidth=4 # set shiftwidth=4
# set tabstop=4 # set tabstop=4
# ''; # '';
# extraLuaConfig = '' # extraLuaConfig = ''
# vim.g.mapleader = ' ' # vim.g.mapleader = ' '
# vim.g.maplocalleader = ' ' # vim.g.maplocalleader = ' '
# #
# -- Set highlight on search # -- Set highlight on search
# vim.o.hlsearch = false # vim.o.hlsearch = false
# #
# -- Make line numbers default # -- Make line numbers default
# vim.wo.number = true # vim.wo.number = true
# #
# -- Enable mouse mode # -- Enable mouse mode
# vim.o.mouse = 'a' # vim.o.mouse = 'a'
# #
# -- Sync clipboard between OS and Neovim. # -- Sync clipboard between OS and Neovim.
# -- Remove this option if you want your OS clipboard to remain independent. # -- Remove this option if you want your OS clipboard to remain independent.
# -- See `:help 'clipboard'` # -- See `:help 'clipboard'`
# vim.o.clipboard = 'unnamedplus' # vim.o.clipboard = 'unnamedplus'
# #
# -- Enable break indent # -- Enable break indent
# vim.o.breakindent = true # vim.o.breakindent = true
# #
# -- Save undo history # -- Save undo history
# vim.o.undofile = true # vim.o.undofile = true
# #
# -- Case insensitive searching UNLESS /C or capital in search # -- Case insensitive searching UNLESS /C or capital in search
# vim.o.ignorecase = true # vim.o.ignorecase = true
# vim.o.smartcase = true # vim.o.smartcase = true
# #
# -- Keep signcolumn on by default # -- Keep signcolumn on by default
# vim.wo.signcolumn = 'yes' # vim.wo.signcolumn = 'yes'
# #
# -- Decrease update time # -- Decrease update time
# vim.o.updatetime = 250 # vim.o.updatetime = 250
# vim.o.timeout = true # vim.o.timeout = true
# vim.o.timeoutlen = 300 # vim.o.timeoutlen = 300
# #
# -- Set completeopt to have a better completion experience # -- Set completeopt to have a better completion experience
# vim.o.completeopt = 'menuone,noselect' # vim.o.completeopt = 'menuone,noselect'
# #
# -- NOTE: You should make sure your terminal supports this # -- NOTE: You should make sure your terminal supports this
# vim.o.termguicolors = true # vim.o.termguicolors = true
# #
# -- [[ Highlight on yank ]] # -- [[ Highlight on yank ]]
# -- See `:help vim.highlight.on_yank()` # -- See `:help vim.highlight.on_yank()`
# local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true }) # local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true })
# vim.api.nvim_create_autocmd('TextYankPost', { # vim.api.nvim_create_autocmd('TextYankPost', {
# callback = function() # callback = function()
# vim.highlight.on_yank() # vim.highlight.on_yank()
# end, # end,
# group = highlight_group, # group = highlight_group,
# pattern = '*', # pattern = '*',
# }) # })
# #
# -- [[ Configure Telescope ]] # -- [[ Configure Telescope ]]
# -- See `:help telescope` and `:help telescope.setup()` # -- See `:help telescope` and `:help telescope.setup()`
# require('telescope').setup { # require('telescope').setup {
# defaults = { # defaults = {
# mappings = { # mappings = {
# i = { # i = {
# ['<C-u>'] = false, # ['<C-u>'] = false,
# ['<C-d>'] = false, # ['<C-d>'] = false,
# }, # },
# }, # },
# }, # },
# } # }
# #
# -- Enable telescope fzf native, if installed # -- Enable telescope fzf native, if installed
# pcall(require('telescope').load_extension, 'fzf') # pcall(require('telescope').load_extension, 'fzf')
# #
# -- See `:help telescope.builtin` # -- See `:help telescope.builtin`
# vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' }) # vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' })
# vim.keymap.set('n', '<leader><space>', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' }) # vim.keymap.set('n', '<leader><space>', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' })
# vim.keymap.set('n', '<leader>/', function() # vim.keymap.set('n', '<leader>/', function()
# -- You can pass additional configuration to telescope to change theme, layout, etc. # -- You can pass additional configuration to telescope to change theme, layout, etc.
# require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown { # require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown {
# winblend = 10, # winblend = 10,
# previewer = false, # previewer = false,
# }) # })
# end, { desc = '[/] Fuzzily search in current buffer' }) # end, { desc = '[/] Fuzzily search in current buffer' })
# #
# vim.keymap.set('n', '<leader>gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' }) # vim.keymap.set('n', '<leader>gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' })
# vim.keymap.set('n', '<leader>sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' }) # vim.keymap.set('n', '<leader>sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' })
# vim.keymap.set('n', '<leader>sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' }) # vim.keymap.set('n', '<leader>sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' })
# vim.keymap.set('n', '<leader>sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' }) # vim.keymap.set('n', '<leader>sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' })
# vim.keymap.set('n', '<leader>sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' }) # vim.keymap.set('n', '<leader>sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' })
# vim.keymap.set('n', '<leader>sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' }) # vim.keymap.set('n', '<leader>sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' })
# require("indent_blankline").setup { # require("indent_blankline").setup {
# -- for example, context is off by default, use this to turn it on # -- for example, context is off by default, use this to turn it on
# show_current_context = true, # show_current_context = true,
# show_current_context_start = true, # show_current_context_start = true,
# } # }
# ''; # '';
}; };
}; };
} }

114
modules/hardware/autoaspm.py
View File

@@ -1,114 +0,0 @@
#!/usr/bin/env python3
# Original bash script by Luis R. Rodriguez
# Re-written in Python by z8
# Re-re-written to patch supported devices automatically by notthebee
import re
import subprocess
import os
import platform
from enum import Enum
class ASPM(Enum):
DISABLED = 0b00
L0s = 0b01
L1 = 0b10
L0sL1 = 0b11
def run_prerequisites():
if platform.system() != "Linux":
raise OSError("This script only runs on Linux-based systems")
if not os.environ.get("SUDO_UID") and os.geteuid() != 0:
raise PermissionError("This script needs root privileges to run")
lspci_detected = subprocess.run(["which", "lspci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
if lspci_detected.returncode > 0:
raise Exception("lspci not detected. Please install pciutils")
lspci_detected = subprocess.run(["which", "setpci"], stdout = subprocess.DEVNULL, stderr = subprocess.DEVNULL)
if lspci_detected.returncode > 0:
raise Exception("setpci not detected. Please install pciutils")
def get_device_name(addr):
p = subprocess.Popen([
"lspci",
"-s",
addr,
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return p.communicate()[0].splitlines()[0].decode()
def read_all_bytes(device):
all_bytes = bytearray()
device_name = get_device_name(device)
p = subprocess.Popen([
"lspci",
"-s",
device,
"-xxx"
], stdout= subprocess.PIPE, stderr=subprocess.PIPE)
ret = p.communicate()
ret = ret[0].decode()
for line in ret.splitlines():
if not device_name in line and ": " in line:
all_bytes.extend(bytearray.fromhex(line.split(": ")[1]))
if len(all_bytes) < 256:
exit()
return all_bytes
def find_byte_to_patch(bytes, pos):
pos = bytes[pos]
if bytes[pos] != 0x10:
pos += 0x1
return find_byte_to_patch(bytes, pos)
else:
pos += 0x10
return pos
def patch_byte(device, position, value):
subprocess.Popen([
"setpci",
"-s",
device,
f"{hex(position)}.B={hex(value)}"
]).communicate()
def patch_device(addr, aspm_value):
endpoint_bytes = read_all_bytes(addr)
byte_position_to_patch = find_byte_to_patch(endpoint_bytes, 0x34)
if int(endpoint_bytes[byte_position_to_patch]) & 0b11 != aspm_value.value:
patched_byte = int(endpoint_bytes[byte_position_to_patch])
patched_byte = patched_byte >> 2
patched_byte = patched_byte << 2
patched_byte = patched_byte | aspm_value.value
patch_byte(addr, byte_position_to_patch, patched_byte)
print(f"{addr}: Enabled ASPM {aspm_value.name}")
else:
print(f"{addr}: Already has ASPM {aspm_value.name} enabled")
def list_supported_devices():
pcie_addr_regex = r"([0-9a-f]{2}:[0-9a-f]{2}.[0-9a-f])"
lspci = subprocess.run("lspci -vv", shell=True, capture_output=True).stdout
lspci_arr = re.split(pcie_addr_regex, str(lspci))[1:]
lspci_arr = [ x+y for x,y in zip(lspci_arr[0::2], lspci_arr[1::2]) ]
aspm_devices = {}
for dev in lspci_arr:
device_addr = re.findall(pcie_addr_regex, dev)[0]
if "ASPM" not in dev or "ASPM not supported" in dev:
continue
aspm_support = re.findall(r"ASPM (L[L0-1s ]*),", dev)
if aspm_support:
aspm_devices.update({device_addr: ASPM[aspm_support[0].replace(" ", "")]})
return aspm_devices
def main():
run_prerequisites()
for device, aspm_mode in list_supported_devices().items():
patch_device(device, aspm_mode)
if __name__ == "__main__":
main()

16
modules/hardware/backup.nix
View File

@@ -1,19 +1,15 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
services.btrbk = { services.btrbk = {
sshAccess = [ sshAccess = [
{ {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = ["source" "info" "send"]; roles = [ "source" "info" "send" ];
}
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = ["target" "info" "receive" "delete"];
} }
]; ];
extraPackages = [ pkgs.lz4 ];
}; };
} }

10
modules/hardware/bluetooth.nix
View File

@@ -1,17 +1,17 @@
# #
# Bluetooth # Bluetooth
# #
{pkgs, ...}: {
{ pkgs, ... }:
{
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
hsphfpd.enable = false; # HSP & HFP daemon hsphfpd.enable = false; # HSP & HFP daemon
settings = { settings = {
General = { General = {
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
}; };
}; };
}; };
environment.systemPackages = with pkgs; [
zmkBATx
];
} }

20
modules/hardware/hydraCache.nix
View File

@@ -1,20 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
nix = {
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
];
extra-substituters = [
"https://cache.home.opel-online.de"
"https://steamdeck.cachix.org"
"https://cache.ci.kabtop.de"
];
};
};
}

18
modules/hardware/remoteBuilder.nix
View File

@@ -1,21 +1,17 @@
{ pkgs, config, ... }:
{ {
pkgs, users.users.nixremote = { # System User
config, isNormalUser = true;
... extraGroups = [ "kvm" ];
}: { shell = pkgs.zsh; # Default shell
users.users.nixremote = {
# System User
isSystemUser = true;
group = "nixremote";
extraGroups = ["kvm"];
uid = 1001; uid = 1001;
# initialPassword = "password95";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
]; ];
}; };
users.groups.nixremote = {};
nix.settings.trusted-users = [ nix.settings.trusted-users = [
"nixremote" "nixremote"
]; ];

34
modules/hardware/remoteClient.nix
View File

@@ -1,24 +1,20 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
nix = { nix = {
distributedBuilds = false; distributedBuilds = false;
buildMachines = [ buildMachines = [ {
{ hostName = "hades";
hostName = "hades"; system = "x86_64-linux";
system = "x86_64-linux"; supportedFeatures = [ "kvm" "big-parallel" ];
supportedFeatures = ["kvm" "big-parallel"]; sshUser = "nixremote";
sshUser = "nixremote"; sshKey = config.age.secrets."keys/nixremote".path;
sshKey = config.age.secrets."keys/nixremote".path; maxJobs = 1;
maxJobs = 1; speedFactor = 4;
speedFactor = 4; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; protocol = "ssh-ng";
protocol = "ssh-ng"; } ];
}
];
settings = { settings = {
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII=" "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
@@ -28,7 +24,7 @@
]; ];
}; };
}; };
age.secrets."keys/nixremote" = { age.secrets."keys/nixremote" = {
file = ../../secrets/keys/nixremote.age; file = ../../secrets/keys/nixremote.age;
owner = "root"; owner = "root";

78
modules/home.nix
View File

@@ -1,75 +1,31 @@
{ lib, options, ... }:
{ {
lib,
options,
...
}: {
options = with lib; { options = with lib; {
cmds = { cmds = {
shell = mkOption { shell = mkOption { type = types.str; default = "zsh"; };
type = types.str; fetch = mkOption { type = types.str; default = "hyfetch"; };
default = "zsh"; editor = mkOption { type = types.str; default = "nvim"; };
};
fetch = mkOption {
type = types.str;
default = "hyfetch";
};
editor = mkOption {
type = types.str;
default = "nvim";
};
wm = mkOption { wm = mkOption { type = types.str; default = "sway"; };
type = types.str;
default = "sway";
};
terminal = mkOption { terminal = mkOption { type = types.str; default = "alacritty"; };
type = types.str; menu = mkOption { type = types.str; default = "rofi -show drun -show-icons"; };
default = "alacritty";
};
menu = mkOption {
type = types.str;
default = "rofi -show drun -show-icons";
};
lock = mkOption { lock = mkOption { type = types.str; default = "locksway"; };
type = types.str;
default = "locksway";
};
notifications = { notifications = {
volume = mkOption { volume = mkOption { type = types.str; default = "volume-notify"; };
type = types.str; brightness = mkOption { type = types.str; default = "brightness-notify"; };
default = "volume-notify";
};
brightness = mkOption {
type = types.str;
default = "brightness-notify";
};
}; };
}; };
is-wayland = mkOption { is-wayland = mkOption { type = types.bool; default = true; };
type = types.bool;
default = true;
};
theme = { theme = {
theme = mkOption { theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
type = types.str; icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
default = "catppuccin-mocha"; font = mkOption { type = types.str; default = "Cascadia Code 11"; };
}; wallpaper = mkOption { type = types.str; default = ""; };
icon-theme = mkOption {
type = types.str;
default = "Papirus-Dark";
};
font = mkOption {
type = types.str;
default = "Cascadia Code 11";
};
wallpaper = mkOption {
type = types.str;
default = "";
};
}; };
}; };
} }

72
modules/kabbone/corosync-qdevice.nix
View File

@@ -1,72 +0,0 @@
{
lib,
config,
pkgs,
pkgs-kabbone,
...
}: let
cfg = config.services.corosync-qnetd;
dataDir = "/var/run/corosync-qnetd";
in {
# interface
options.services.corosync-qnetd = {
enable = lib.mkEnableOption "corosync-qnetd";
package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" {};
extraOptions = lib.mkOption {
type = with lib.types; listOf str;
default = [];
description = "Additional options with which to start corosync-qnetd.";
};
};
# implementation
# implementation
config = lib.mkIf cfg.enable {
environment.systemPackages = [cfg.package];
users.users.coroqnetd = {
isSystemUser = true;
group = "coroqnetd";
home = dataDir;
description = "Corosync-qnetd Service User";
};
users.groups.coroqnetd = {};
# environment.etc."corosync/corosync-qnetd.conf".text = ''
# totem {
# version: 2
# secauth: on
# cluster_name: ${cfg.clusterName}
# transport: knet
# }
# logging {
# to_syslog: yes
# }
# '';
systemd.packages = [cfg.package];
systemd.services.corosync-qnetd = {
serviceConfig = {
User = "coroqnetd";
StateDirectory = "corosync-qnetd";
StateDirectoryMode = "0700";
};
};
environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != []) ''
COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}"
'';
};
meta = {
#buildDocsInSandbox = false;
#doc = ./mautrix-whatsapp.md;
maintainers = with lib.maintainers; [
kabbone
];
};
}

32
modules/kabbone/mautrix-whatsapp.md
View File

@@ -1,32 +0,0 @@
# Mautrix-Whatsapp {#module-services-mautrix-whatsapp}
[Mautrix-Whatsapp](https://github.com/mautrix/whatsapp) is a Matrix-Whatsapp puppeting bridge.
## Configuration {#module-services-mautrix-whatsapp-configuration}
1. Set [](#opt-services.mautrix-whatsapp.enable) to `true`. The service will use
SQLite by default.
2. To create your configuration check the default configuration for
[](#opt-services.mautrix-whatsapp.settings). To obtain the complete default
configuration, run
`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c default.yaml -e"`.
::: {.warning}
Mautrix-Whatsapp allows for some options like `encryption.pickle_key`,
`provisioning.shared_secret`, allow the value `generate` to be set.
Since the configuration file is regenerated on every start of the
service, the generated values would be discarded and might break your
installation. Instead, set those values via
[](#opt-services.mautrix-whatsapp.environmentFile).
:::
## Migrating from an older configuration {#module-services-mautrix-whatsapp-migrate-configuration}
With Mautrix-Whatsapp v0.7.0 the configuration has been rearranged. Mautrix-Whatsapp
performs an automatic configuration migration so your pre-0.7.0 configuration
should just continue to work.
In case you want to update your NixOS configuration, compare the migrated configuration
at `/var/lib/mautrix-whatsapp/config.yaml` with the default configuration
(`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c example.yaml -e"`) and
update your module configuration accordingly.

275
modules/kabbone/mautrix-whatsapp.nix
View File

@@ -1,275 +0,0 @@
{
lib,
config,
pkgs,
...
}: let
cfg = config.services.kabbone_mautrix-whatsapp;
dataDir = "/var/lib/mautrix-whatsapp";
registrationFile = "${dataDir}/whatsapp-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
settingsFormat = pkgs.formats.json {};
appservicePort = 29318;
# to be used with a list of lib.mkIf values
optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
defaultConfig = {
network = {
displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
identity_change_notices = true;
history_sync = {
request_full_sync = true;
};
};
bridge = {
command_prefix = "!wa";
relay.enabled = true;
permissions."*" = "relay";
};
database = {
type = "sqlite3";
uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate";
};
homeserver.address = "http://localhost:8448";
appservice = {
hostname = "[::]";
port = appservicePort;
id = "whatsapp";
bot = {
username = "whatsappbot";
displayname = "WhatsApp Bridge Bot";
};
as_token = "";
hs_token = "";
username_template = "whatsapp_{{.}}";
};
double_puppet = {
servers = {};
secrets = {};
};
# By default, the following keys/secrets are set to `generate`. This would break when the service
# is restarted, since the previously generated configuration will be overwritten everytime.
# If encryption is enabled, it's recommended to set those keys via `environmentFile`.
encryption.pickle_key = "";
provisioning.shared_secret = "";
public_media.signing_key = "";
direct_media.server_key = "";
logging = {
min_level = "info";
writers = lib.singleton {
type = "stdout";
format = "pretty-colored";
time_format = " ";
};
};
};
in {
options.services.kabbone_mautrix-whatsapp = {
enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
package = lib.mkPackageOption pkgs "mautrix-whatsapp" {};
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
type = settingsFormat.type;
default = defaultConfig;
description = ''
{file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in the example configuration.
Get an example configuration by executing `mautrix-whatsapp -c example.yaml --generate-example-config`
Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set.
'';
example = {
bridge = {
private_chat_portal_meta = true;
mute_only_on_create = false;
permissions = {
"example.com" = "user";
};
};
database = {
type = "postgres";
uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql";
};
homeserver = {
address = "http://[::1]:8008";
domain = "my-domain.tld";
};
appservice = {
id = "whatsapp";
ephemeral_events = false;
};
matrix.message_status_events = true;
provisioning = {
shared_secret = "disable";
};
backfill.enabled = true;
encryption = {
allow = true;
default = true;
require = true;
pickle_key = "$ENCRYPTION_PICKLE_KEY";
};
};
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
File containing environment variables to be passed to the mautrix-signal service.
If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,
then its value will be used in the configuration file for the option
`double_puppet.secrets` without leaking it to the store, using the configured
`homeserver.domain` as key.
'';
};
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default =
(lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (optional config.services.matrix-conduit.enable "conduit.service")
'';
description = ''
List of systemd units to require and wait for when starting the application service.
'';
};
registerToSynapse = lib.mkOption {
type = lib.types.bool;
default = config.services.matrix-synapse.enable;
defaultText = lib.literalExpression ''
config.services.matrix-synapse.enable
'';
description = ''
Whether to add the bridge's app service registration file to
`services.matrix-synapse.settings.app_service_config_files`.
'';
};
};
config = lib.mkIf cfg.enable {
users.users.mautrix-whatsapp = {
isSystemUser = true;
group = "mautrix-whatsapp";
home = dataDir;
description = "Mautrix-Whatsapp bridge user";
};
users.groups.mautrix-whatsapp = {};
services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [registrationFile];
};
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = ["mautrix-whatsapp"];
};
# Note: this is defined here to avoid the docs depending on `config`
services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
with config.services; [
(lib.mkIf matrix-synapse.enable (mkDefaults {
domain = matrix-synapse.settings.server_name;
}))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address = "http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]
);
systemd.services.kabbone_mautrix-whatsapp = {
description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
wantedBy = ["multi-user.target"];
wants = ["network-online.target"] ++ cfg.serviceDependencies;
after = ["network-online.target"] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages
path = [pkgs.ffmpeg-headless];
preStart = ''
# substitute the settings file by environment variables
# in this case read from EnvironmentFile
test -f '${settingsFile}' && rm -f '${settingsFile}'
old_umask=$(umask)
umask 0177
${pkgs.envsubst}/bin/envsubst \
-o '${settingsFile}' \
-i '${settingsFileUnsubstituted}'
umask $old_umask
# generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then
${cfg.package}/bin/mautrix-whatsapp \
--generate-registration \
--config='${settingsFile}' \
--registration='${registrationFile}'
fi
chmod 640 ${registrationFile}
umask 0177
# 1. Overwrite registration tokens in config
# 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET
# is set, set it as the login shared secret value for the configured
# homeserver domain.
${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
| .[0].appservice.hs_token = .[1].hs_token
| .[0]
| if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \
'${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
mv '${settingsFile}.tmp' '${settingsFile}'
umask $old_umask
'';
serviceConfig = {
User = "mautrix-whatsapp";
Group = "mautrix-whatsapp";
EnvironmentFile = cfg.environmentFile;
StateDirectory = baseNameOf dataDir;
WorkingDirectory = dataDir;
ExecStart = ''
${cfg.package}/bin/mautrix-whatsapp \
--config='${settingsFile}' \
--registration='${registrationFile}'
'';
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
Restart = "on-failure";
RestartSec = "30s";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = ["@system-service"];
Type = "simple";
UMask = 27;
};
restartTriggers = [settingsFileUnsubstituted];
};
};
meta = {
#buildDocsInSandbox = false;
#doc = ./mautrix-whatsapp.md;
maintainers = with lib.maintainers; [
kabbone
];
};
}

32
modules/programs/alacritty.nix Normal file
View File

@@ -0,0 +1,32 @@
#
# Terminal Emulator
#
# Hardcoded as terminal for rofi and doom emacs
{ pkgs, ... }:
{
home.packages = [ pkgs.alacritty ];
programs = {
alacritty = {
enable = true;
package = pkgs.alacritty;
settings = {
font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "FiraCode Nerd Font";
normal.family = "Cascadia Code";
#normal.family = "Intel One Mono";
#bold = { style = "Bold"; };
# size = 8;
};
offset = { # Positioning
x = -1;
y = 0;
};
};
};
};
}

3
modules/programs/configs/default.nix
View File

@@ -9,6 +9,7 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./mpv.nix ./mpv.nix
] ]

17
modules/programs/configs/mpv.nix
View File

@@ -9,14 +9,17 @@
# └─ ./configs # └─ ./configs
# └─ mpv.nix * # └─ mpv.nix *
# #
{pkgs, ...}: {
{ pkgs, ... }:
{
home.file = { home.file = {
".config/mpv/mpv.conf".text = '' ".config/mpv/mpv.conf".text = ''
hwdec=vaapi hwdec=vaapi
vo=gpu vo=gpu
hwdec-codecs=all hwdec-codecs=all
gpu-context=wayland gpu-context=wayland
#profile=gpu-hq #profile=gpu-hq
''; '';
}; };
} }

20
modules/programs/default.nix
View File

@@ -1,3 +1,21 @@
#
# Apps
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./apps
# └─ default.nix *
# └─ ...
#
[ [
./firefox.nix ./alacritty.nix
./rofi.nix
./firefox.nix
#./waybar.nix
#./games.nix
] ]
# Waybar.nix is pulled from modules/wm/..
# Games.nix is pulled from desktop/default.nix

300
modules/programs/firefox.nix
View File

@@ -1,167 +1,167 @@
# #
# Firefox Brower Emulator # Firefox Brower Emulator
# #
{ pkgs, ... }:
{ {
pkgs,
config,
...
}: {
#home.packages = [ pkgs.firefox-wayland ]; #home.packages = [ pkgs.firefox-wayland ];
programs = { programs = {
firefox = { firefox = {
enable = true; enable = true;
configPath = "${config.xdg.configHome}/mozilla/firefox";
#package = pkgs.wrapFirefox pkgs.firefox-unwrapped { #package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
#forceWayland = true; #forceWayland = true;
# extraPolicies = { # extraPolicies = {
# ExtensionSettings = {}; # ExtensionSettings = {};
# }; # };
#}; #};
# package = pkgs.firefox-wayland; package = pkgs.firefox-wayland;
# profiles.kabbone = { # profiles.kabbone = {
# #id = 271987; # #id = 271987;
# name = "kabbone"; # name = "kabbone";
# isDefault = true; # isDefault = true;
# settings = { # settings = {
# "media.ffmpeg.vaapi.enabled" = true; # "media.ffmpeg.vaapi.enabled" = true;
# "gfx.webrender.all" = true; # "gfx.webrender.all" = true;
# "browser.contentblocking.category" = "strict"; # "browser.contentblocking.category" = "strict";
# "browser.search.region" = "DE"; # "browser.search.region" = "DE";
# "extensions.active.ThemeID" = "dreamer-bold-colorway@mozilla.org"; # "extensions.active.ThemeID" = "dreamer-bold-colorway@mozilla.org";
# "media.autoplay.default" = 0; # "media.autoplay.default" = 0;
# "security.enterprise_roots.enabled" = true; # "security.enterprise_roots.enabled" = true;
# "widget.gtk.overlay-scrollbars.enabled" = true; # "widget.gtk.overlay-scrollbars.enabled" = true;
# "signon.rememberSignons" = false; # "signon.rememberSignons" = false;
# "extensions.formautofill.creditCards.enabled" = false; # "extensions.formautofill.creditCards.enabled" = false;
# "datareporting.healthreport.uploadEnabled" = false; # "datareporting.healthreport.uploadEnabled" = false;
# "browser.urlbar.placeholderName" = "DuckDuckGo"; # "browser.urlbar.placeholderName" = "DuckDuckGo";
# "browser.urlbar.placeholderName.private" = "DuckDuckGo"; # "browser.urlbar.placeholderName.private" = "DuckDuckGo";
# "browser.theme.toolbar-theme" = 0; # "browser.theme.toolbar-theme" = 0;
# }; # };
# #
# userChrome = '' # userChrome = ''
# /* Hide tab bar in FF Quantum */ # /* Hide tab bar in FF Quantum */
# @-moz-document url("chrome://browser/content/browser.xul") { # @-moz-document url("chrome://browser/content/browser.xul") {
# #TabsToolbar { # #TabsToolbar {
# visibility: collapse !important; # visibility: collapse !important;
# margin-bottom: 21px !important; # margin-bottom: 21px !important;
# } # }
# #
# #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header { # #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
# visibility: collapse !important; # visibility: collapse !important;
# } # }
# } # }
# ''; # '';
# #
# search = { # search = {
# engines = { # engines = {
# "Nix Packages" = { # "Nix Packages" = {
# urls = [{ # urls = [{
# template = "https://search.nixos.org/packages"; # template = "https://search.nixos.org/packages";
# params = [ # params = [
# { name = "type"; value = "packages"; } # { name = "type"; value = "packages"; }
# { name = "query"; value = "{searchTerms}"; } # { name = "query"; value = "{searchTerms}"; }
# ]; # ];
# }]; # }];
# #
# icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; # icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
# definedAliases = [ "@np" ]; # definedAliases = [ "@np" ];
# }; # };
# #
# "NixOS Wiki" = { # "NixOS Wiki" = {
# urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
# iconUpdateURL = "https://nixos.wiki/favicon.png"; # iconUpdateURL = "https://nixos.wiki/favicon.png";
# updateInterval = 24 * 60 * 60 * 1000; # every day # updateInterval = 24 * 60 * 60 * 1000; # every day
# definedAliases = [ "@nw" ]; # definedAliases = [ "@nw" ];
# }; # };
# }; # };
# #
# order = [ "DuckDuckGo" ]; # order = [ "DuckDuckGo" ];
# default = "DuckDuckGo"; # default = "DuckDuckGo";
# }; # };
# #
# bookmarks = [ # bookmarks = [
# { # {
# name = "Kabtop Nextcloud"; # name = "Kabtop Nextcloud";
# url = "https://cloud.kabtop.de/"; # url = "https://cloud.kabtop.de/";
# } # }
# { # {
# name = "Home Assistant"; # name = "Home Assistant";
# url = "https://hass.home.opel-online.de/"; # url = "https://hass.home.opel-online.de/";
# } # }
# { # {
# name = "Netflix"; # name = "Netflix";
# url = "https://netflix.com/browse"; # url = "https://netflix.com/browse";
# } # }
# { # {
# name = "YouTube"; # name = "YouTube";
# url = "https://youtube.com/"; # url = "https://youtube.com/";
# } # }
# { # {
# name = "Kicker"; # name = "Kicker";
# url = "https://kicker.de/"; # url = "https://kicker.de/";
# } # }
# { # {
# name = "Chilloutzone"; # name = "Chilloutzone";
# url = "https://chilloutzone.net/"; # url = "https://chilloutzone.net/";
# } # }
# { # {
# name = "myDealZ"; # name = "myDealZ";
# url = "https://mydealz.de/"; # url = "https://mydealz.de/";
# } # }
# { # {
# name = "Kabtop Git"; # name = "Kabtop Git";
# url = "https://git.kabtop.de/"; # url = "https://git.kabtop.de/";
# } # }
# { # {
# name = "Spotify"; # name = "Spotify";
# url = "https://open.spotify.com/"; # url = "https://open.spotify.com/";
# } # }
# { # {
# name = "Tech"; # name = "Tech";
# bookmarks = [ # bookmarks = [
# { # {
# name = "Golem"; # name = "Golem";
# url = "https://golem.de/"; # url = "https://golem.de/";
# } # }
# { # {
# name = "Heise"; # name = "Heise";
# url = "https://heise.de/"; # url = "https://heise.de/";
# } # }
# { # {
# name = "Phoronix"; # name = "Phoronix";
# url = "https://phoronix.com/"; # url = "https://phoronix.com/";
# } # }
# ]; # ];
# } # }
# { # {
# name = "Foren"; # name = "Foren";
# bookmarks = [ # bookmarks = [
# { # {
# name = "Archlinux-en"; # name = "Archlinux-en";
# url = "https://archlinux.org/"; # url = "https://archlinux.org/";
# } # }
# { # {
# name = "Archlinux-ARM"; # name = "Archlinux-ARM";
# url = "https://archlinuxarm.org/"; # url = "https://archlinuxarm.org/";
# } # }
# { # {
# name = "Archlinux-de"; # name = "Archlinux-de";
# url = "https://archlinux.de/"; # url = "https://archlinux.de/";
# } # }
# ]; # ];
# } # }
# ]; # ];
# }; # };
# #
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [ # extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# honey # honey
# keepassxc-browser # keepassxc-browser
# multi-account-containers # multi-account-containers
# netflix-1080p # netflix-1080p
# ublock-origin # ublock-origin
# ]; # ];
}; };
}; };
} }

119
modules/programs/rofi.nix Normal file
View File

@@ -0,0 +1,119 @@
#
# System Menu
#
{ config, lib, pkgs, ... }:
let
inherit (config.lib.formats.rasi) mkLiteral; # Theme.rasi alternative. Add Theme here
colors = import ../themes/colors.nix;
in
{
programs = {
rofi = {
enable = true;
terminal = "${pkgs.alacritty}/bin/alacritty"; # Alacritty is default terminal emulator
location = "center";
theme = with colors.scheme.doom; {
"*" = {
bg0 = mkLiteral "#${bg}";
bg1 = mkLiteral "#414868";
fg0 = mkLiteral "#${text}";
fg1 = mkLiteral "#${text-alt}";
background-color = mkLiteral "transparent";
text-color = mkLiteral "@fg0";
margin = 0;
padding = 0;
spacing = 0;
};
"element-icon, element-text, scrollbar" = {
cursor = mkLiteral "pointer";
};
"window" = {
location = mkLiteral "northwest";
width = mkLiteral "280px";
x-offset = mkLiteral "8px";
y-offset = mkLiteral "24px";
background-color = mkLiteral "@bg0";
border = mkLiteral "1px";
border-color = mkLiteral "@bg1";
border-radius = mkLiteral "6px";
};
"inputbar" = {
spacing = mkLiteral "8px";
padding = mkLiteral "4px 8px";
children = mkLiteral "[ icon-search, entry ]";
#background-color = mkLiteral "@bg0";
background-color = mkLiteral "@bg0";
};
"icon-search, entry, element-icon, element-text" = {
vertical-align = mkLiteral "0.5";
};
"icon-search" = {
expand = false;
filename = mkLiteral "[ search-symbolic ]";
size = mkLiteral "14px";
};
"textbox" = {
padding = mkLiteral "4px 8px";
background-color = mkLiteral "@bg0";
};
"listview" = {
padding = mkLiteral "4px 0px";
lines = 12;
columns = 1;
scrollbar = true;
fixed-height = false;
dynamic = true;
};
"element" = {
padding = mkLiteral "4px 8px";
spacing = mkLiteral "8px";
};
"element normal urgent" = {
text-color = mkLiteral "@fg1";
};
"element normal active" = {
text-color = mkLiteral "@fg1";
};
"element selected" = {
text-color = mkLiteral "@bg0"; #1
background-color = mkLiteral "@fg1";
};
"element selected urgent" = {
background-color = mkLiteral "@fg1";
};
"element-icon" = {
size = mkLiteral "0.8em";
};
"element-text" = {
text-color = mkLiteral "inherit";
};
"scrollbar" = {
handle-width = mkLiteral "4px";
handle-color = mkLiteral "@fg1";
padding = mkLiteral "0 4px";
};
};
};
};
}

151
modules/server/default.nix
View File

@@ -1,151 +0,0 @@
#
# Server module — import this instead of configuration_server.nix + manual virtualisation imports.
#
# Usage in hosts/<hostname>/default.nix:
#
# imports = [
# ./hardware-configuration.nix
# ../../modules/server
# ];
#
# myServer.virtualisation.enable = true;
# myServer.virtualisation.cpu = "amd"; # amd | intel | none (default)
#
# myServer.sshPort = 2220; # default
# myServer.fail2ban.enable = true;
#
# myServer.extraSystemPackages = with pkgs; [ some-tool ];
#
{
config,
lib,
pkgs,
user,
...
}: let
cfg = config.myServer;
in {
# ── Options ──────────────────────────────────────────────────────────────
options.myServer = with lib; {
uid = mkOption {
type = types.int;
default = 3000;
description = "UID for the server user.";
};
sshPort = mkOption {
type = types.port;
default = 2220;
description = "Port openssh listens on.";
};
sudoRequiresPassword = mkOption {
type = types.bool;
default = true;
description = "Whether wheel users must enter a password for sudo.";
};
autoUpgrade.enable = mkOption {
type = types.bool;
default = true;
description = "Enable automatic NixOS upgrades (inherits flake URL from configuration_common.nix).";
};
virtualisation = {
enable = mkEnableOption "container/VM stack (podman with docker-compat, KVM tuning)";
cpu = mkOption {
type = types.enum ["amd" "intel" "none"];
default = "none";
description = "CPU type selects KVM kernel parameters when virtualisation is enabled.";
};
};
extraGroups = mkOption {
type = types.listOf types.str;
default = [];
description = "Additional groups for the server user beyond the defaults.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
fail2ban = {
enable = mkEnableOption "fail2ban intrusion prevention";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base server config ────────────────────────────────────────────────
{
users.users.${user} = {
isNormalUser = true;
uid = cfg.uid;
extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"] ++ cfg.extraGroups;
};
security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword;
environment.systemPackages = with pkgs;
[
ffmpeg
smartmontools
htop
]
++ cfg.extraSystemPackages;
services.openssh = {
ports = [cfg.sshPort];
openFirewall = true;
};
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
system.autoUpgrade.enable = cfg.autoUpgrade.enable;
}
# ── Virtualisation (podman/docker-compat) ─────────────────────────────
(lib.mkIf cfg.virtualisation.enable {
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
users.groups.docker.members = [user];
})
# ── KVM AMD ─────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "amd") {
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
'';
})
# ── KVM Intel ───────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "intel") {
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
'';
})
# ── Fail2ban ──────────────────────────────────────────────────────────
(lib.mkIf cfg.fail2ban.enable {
services.fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings.findtime = "15m";
};
})
];
}

24
modules/services/default.nix
View File

@@ -1,3 +1,25 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[ [
./keyring.nix ./dunst.nix
./flameshot.nix
#./picom.nix
#./polybar.nix
#./sxhkd.nix
#./udiskie.nix
#./redshift.nix
./kanshi.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

5
modules/services/dmz/default.nix
View File

@@ -9,10 +9,11 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./microvm.nix ./microvm.nix
# ./hydra.nix ./hydra.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

113
modules/services/dmz/gitea_runner.nix
View File

@@ -1,63 +1,60 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}: {
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = ["192.168.101.1"];
#containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = { {
homerunner = { virtualisation = {
enable = true; podman ={
url = "https://git.kabtop.de"; enable = true;
name = "Homerunner"; autoPrune.enable = true;
tokenFile = config.age.secrets."services/gitea/homerunner-token".path; dockerCompat = true;
labels = [ };
"home" containers.containersConf.settings = {
"debian-latest:docker://node:18-bullseye" # podman seems to not work with systemd-resolved
"ubuntu-latest:docker://node:16-bullseye" containers.dns_servers = [ "192.168.101.1" ];
"ubuntu-22.04:docker://node:16-bullseye" #containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
}; };
}; };
};
age.secrets."services/gitea/homerunner-token" = { services.gitea-actions-runner.instances = {
file = ../../../secrets/services/gitea/homerunner-token.age; homerunner = {
owner = "gitea-runner"; enable = true;
}; url = "https://git.kabtop.de";
name = "Homerunner";
tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
labels = [
"home"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/homerunner-token" = {
file = ../../../secrets/services/gitea/homerunner-token.age;
owner = "gitea-runner";
};
} }

89
modules/services/dmz/hydra.nix
View File

@@ -1,92 +1,11 @@
{ lib, config, pkgs, ... }:
{ {
lib, services.hydra = {
config,
pkgs,
...
}: {
services = {
hydra = {
enable = true; enable = true;
hydraURL = "https://hydra.home.opel-online.de"; hydraURL = "http://localhost:3000";
listenHost = "127.0.0.1";
notificationSender = "hydra@localhost"; notificationSender = "hydra@localhost";
useSubstitutes = true; useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
}; };
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
} }

124
modules/services/dmz/microvm.nix
View File

@@ -1,55 +1,48 @@
{ { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
config, let
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner"; name = "gitea-runner";
in { in
{
microvm = { microvm = {
autostart = [ autostart = [
name name
]; ];
vms = { vms = {
${name} = { ${name} = {
inherit pkgs; inherit pkgs;
config = { config = {
imports = imports =
[agenix.nixosModules.default] [ agenix.nixosModules.default ] ++
++ [impermanence.nixosModules.impermanence] [ impermanence.nixosModules.impermanence ] ++
++ [(./gitea_runner.nix)]; [( ./gitea_runner.nix )];
networking = { networking = {
hostName = "${name}"; hostName = "${name}";
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = []; allowedUDPPorts = [ ];
allowedTCPPorts = []; allowedTCPPorts = [ ];
}; };
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = "*"; matchConfig.Name = "*";
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
}; };
};
}; };
};
}; };
users.users.${user} = { users.users.${user} = { # System User
# System User
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
uid = 2000; uid = 2000;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
@@ -63,37 +56,34 @@ in {
enable = true; enable = true;
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
hostKeys = [ hostKeys = [
{ {
path = "/persist/etc/ssh/ssh_host_ed25519_key"; path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519"; type = "ed25519";
} }
{ {
path = "/persist/etc/ssh/ssh_host_rsa_key"; path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa"; type = "rsa";
bits = 4096; bits = 4096;
} }];
];
}; };
}; };
fileSystems."/persist".neededForBoot = lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [ # Default packages install system-wide
# Default packages install system-wide bash
bash coreutils
coreutils curl
curl gawk
gawk gitMinimal
gitMinimal gnused
gnused nodejs
nodejs wget
wget
]; ];
persistence."/persist" = { persistence."/persist" = {
directories = [ directories = [
"/var/log" "/var/log"
"/var/lib/nixos"
"/var/lib/private" "/var/lib/private"
]; ];
@@ -105,34 +95,30 @@ in {
microvm = { microvm = {
hypervisor = "cloud-hypervisor"; hypervisor = "cloud-hypervisor";
vsock.cid = 3;
vcpu = 4; vcpu = 4;
mem = 4096; mem = 4096;
interfaces = [ interfaces = [
{ {
type = "macvtap"; type = "macvtap";
id = "vm-${name}"; id = "vm-${name}";
mac = "04:00:00:00:00:01"; mac = "04:00:00:00:00:01";
macvtap = { macvtap = {
link = "ens18"; link = "enp6s18";
mode = "bridge"; mode = "bridge";
}; };
} } ];
]; shares = [{
shares = [ source = "/nix/store";
{ mountPoint = "/nix/.ro-store";
source = "/nix/store"; tag = "ro-store";
mountPoint = "/nix/.ro-store"; proto = "virtiofs";
tag = "ro-store"; }
proto = "virtiofs"; {
} source = "/etc/vm-persist/${name}";
{ mountPoint = "/persist";
source = "/etc/vm-persist/${name}"; tag = "persist";
mountPoint = "/persist"; proto = "virtiofs";
tag = "persist"; }];
proto = "virtiofs";
}
];
#writableStoreOverlay = "/nix/.rw-store"; #writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true; #storeOnDisk = true;
}; };

76
modules/services/dunst.nix Normal file
View File

@@ -0,0 +1,76 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
let
colors = import ../themes/colors.nix; # Import colors theme
dunst-volume-notification = pkgs.writeShellScriptBin "volume-notify" ''
if [ "$(pulsemixer --get-mute)" = "0" ]; then dunstify -u low -r 1 " 🔊 $(pulsemixer --get-volume | awk '{print $1}')%"
else dunstify -u low -r 1 "🔈 Muted"; fi
'';
dunst-brightness-notification = pkgs.writeShellScriptBin "brightness-notify" ''
dunstify -u low -r 1 " $(light -G)%"
'';
in
{
cmds.notifications.volume = "volume-notify";
cmds.notifications.brightness = "brightness-notify";
home.packages = [
dunst-volume-notification
dunst-brightness-notification
pkgs.libnotify
];
services.dunst = {
enable = true;
settings = {
global = {
monitor = 0;
follow = "keyboard";
indicate_hidden = "yes";
shrink = true;
transparency = 0;
origin = "top-center";
offset = "0x20";
seperator_height = 0;
padding = 12;
horizontal_padding = 20;
frame_width = 4;
seperator_color = "auto";
font = "${config.theme.font}";
markup = "full";
format = "<span foreground='#b3cfa7'><b>%s</b>%p</span>\n%b";
alignment = "center";
show_age_threshold = 60;
word_wrap = "yes";
ellipsize = "middle";
ignore_newline = "no";
stack_duplicates = true;
hide_duplicate_count = true;
show_indicators = "yes";
icon_position = "off";
sticky_history = "yes";
history_length = 20;
always_run_script = true;
browser = "/usr/bin/xdg-open";
corner_radius = 12;
force_xinerama = false;
mouse_left_click = "close_current";
mouse_middle_click = "do_action";
mouse_right_click = "close_all";
progress_bar_min_width = "200";
enable_recursive_icon_lookup = true;
};
urgency_low.timeout = 4;
urgency_normal.timeout = 8;
urgency_critical.timeout = 0;
};
};
xdg.dataFile."dbus-1/services/org.knopwob.dunst.service".source = "${pkgs.dunst}/share/dbus-1/services/org.knopwob.dunst.service";
}

22
modules/services/flameshot.nix Normal file
View File

@@ -0,0 +1,22 @@
#
# Screenshots
#
{ pkgs, user, ... }:
{
services = { # sxhkd shortcut = Printscreen button (Print)
flameshot = {
enable = true;
settings = {
General = { # Settings
savePath = "/home/${user}/";
saveAsFileExtension = ".png";
uiColor = "#2d0096";
showHelp = "false";
disabledTrayIcon = "true"; # Hide from systray
};
};
};
};
}

18
modules/services/kabtopci/default.nix
View File

@@ -1,18 +0,0 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

62
modules/services/kabtopci/gitea_runner.nix
View File

@@ -1,62 +0,0 @@
{
lib,
config,
pkgs,
...
}: {
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = ["8.8.8.8" "8.8.4.4"];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

84
modules/services/kabtopci/hydra.nix
View File

@@ -1,84 +0,0 @@
{
lib,
config,
pkgs,
...
}: {
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

141
modules/services/kabtopci/microvm.nix
View File

@@ -1,141 +0,0 @@
{
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[agenix.nixosModules.default]
++ [impermanence.nixosModules.impermanence]
++ [(./gitea_runner.nix)];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = {
# System User
isNormalUser = true;
extraGroups = ["wheel"];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [
# Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
}
];
shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}
];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

37
modules/services/kanshi.nix Normal file
View File

@@ -0,0 +1,37 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.kanshi = {
enable = true;
profiles = {
undocked = {
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
];
};
#docked_c = {
# outputs = [
# { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
# { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
# ];
#};
docked_c = {
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
docked_triple = {
outputs = [
{ criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
{ criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
};
};
}

16
modules/services/keyring.nix
View File

@@ -1,16 +0,0 @@
#
# Screenshots
#
{
pkgs,
user,
...
}: {
services = {
# sxhkd shortcut = Printscreen button (Print)
gnome-keyring = {
enable = true;
};
};
home.packages = with pkgs; [gcr seahorse];
}

18
modules/services/kubemaster/default.nix
View File

@@ -1,18 +0,0 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
# ./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

7
modules/services/nas/default.nix
View File

@@ -9,13 +9,10 @@
# └─ default.nix * # └─ default.nix *
# └─ ... # └─ ...
# #
[ [
./nfs.nix ./nfs.nix
./nginx.nix
./vaultwarden.nix
./syncthing.nix
./paperless.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables # redshift temporarely disables

25
modules/services/nas/nfs.nix
View File

@@ -1,23 +1,18 @@
{ {config, pkgs, lib, ...}: {
config,
pkgs,
lib,
...
}: {
# enable nfs # enable nfs
services.nfs.server = rec { services.nfs.server = rec {
enable = true; enable = true;
exports = '' exports = ''
/export 192.168.2.0/24(rw,fsid=0,no_subtree_check) /export 192.168.2.0/24(rw,fsid=0,no_subtree_check)
/export/Pluto 192.168.2.0/24(rw,no_subtree_check) /export/Pluto 192.168.2.0/24(rw,no_subtree_check)
/export/Mars 192.168.2.0/24(rw,no_subtree_check) /export/Mars 192.168.2.0/24(rw,no_subtree_check)
''; '';
createMountPoints = true; createMountPoints = true;
}; };
# open the firewall # open the firewall
networking.firewall = { networking.firewall = {
interfaces.ens18 = { interfaces.enp6s18 = {
allowedTCPPorts = [2049]; allowedTCPPorts = [ 2049 ];
}; };
}; };
} }

91
modules/services/nas/nginx.nix
View File

@@ -1,91 +0,0 @@
#
# System notifications
#
{
config,
lib,
pkgs,
...
}: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
appendHttpConfig = ''
proxy_cache_path /mnt/Pluto/nix-cache
levels=1:2
keys_zone=nix_cache:10m
max_size=100g
inactive=14d
use_temp_path=off;
'';
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
extraConfig = ''
proxy_pass https://cache.ci.kabtop.de;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host cache.ci.kabtop.de;
proxy_cache nix_cache;
proxy_cache_valid 200 14d;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating;
proxy_cache_lock on;
proxy_cache_lock_timeout 1h;
add_header X-Cache-Status $upstream_cache_status;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 1m;
proxy_max_temp_file_size 0;
'';
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
systemd.services.nginx.serviceConfig.ReadWritePaths = ["/mnt/Pluto/nix-cache"];
networking.firewall = {
enable = true;
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

39
modules/services/nas/paperless.nix
View File

@@ -1,39 +0,0 @@
#
# System notifications
#
{
config,
lib,
pkgs,
...
}: {
services.paperless = {
enable = true;
domain = "paperless.home.opel-online.de";
passwordFile = config.age.secrets."services/paperless/pwFile".path;
# environmentFile = config.age.secrets."services/paperless/environment".path;
configureTika = true;
settings = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
services.nginx = {
virtualHosts = {
"paperless.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
};
};
};
age.secrets."services/paperless/pwFile" = {
file = ../../../secrets/services/paperless/pwFile.age;
owner = "paperless";
};
}

55
modules/services/nas/syncthing.nix
View File

@@ -1,55 +0,0 @@
#
# System notifications
#
{
config,
lib,
pkgs,
...
}: {
services.syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";};
"lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
};
folders = {
"Sync" = {
# Name of folder in Syncthing, also the folder ID
path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = ["hades.home.opel-online.de" "lifebook.home.opel-online.de"]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
services.nginx = {
virtualHosts = {
"syncthing.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
recommendedProxySettings = false;
proxyPass = "http://${toString config.services.syncthing.guiAddress}";
extraConfig = ''
proxy_set_header Host localhost;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
};
};
};
};
}

39
modules/services/nas/vaultwarden.nix
View File

@@ -1,39 +0,0 @@
#
# System notifications
#
{
config,
lib,
pkgs,
...
}: {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
environmentFile = config.age.secrets."services/vaultwarden/environment".path;
config = {
DOMAIN = "https://vault.home.opel-online.de";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
services.nginx = {
virtualHosts = {
"vault.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
age.secrets."services/vaultwarden/environment" = {
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
};
}

Some files were not shown because too many files have changed in this diff Show More