aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Reworking moar modules

Browse source
This commit is contained in:
Aires 2024-06-25 14:13:15 -04:00
parent 433821ef0c
commit 2eaa08b0a1
17 changed files with 174 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -1,6 +1,6 @@
# NixOS Configuration
A full set of configuration files managed via NixOS. This project follows the general structure of https://github.com/tiredofit/nixos-config
A full set of configuration files managed via NixOS. This project is an extension of the [Auxolotl system template](https://git.auxolotl.org/auxolotl/templates).
> [!WARNING]
> DO NOT DOWNLOAD AND RUN `nixos-rebuild` ON THIS REPOSITORY! These are my personal configuration files. I invite you to look through them, modify them, and take inspiration from them, but if you run `nixos-rebuild`, it _will completely overwrite your current system_!
@ -33,7 +33,7 @@ sudo nixos-rebuild switch --flake .#Shura
### Running updates
All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
@ -76,7 +76,7 @@ To enable root builds on a host, add this to its config:
nix.distributedBuilds = true;
```
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/base/nix.nix`](https://github.com/8bitbuddhist/nix-configuration/blob/b816d821636f9d30be905af80fe578c25ce74b92/modules/base/nix.nix#L41).
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/system/nix.nix`](https://code.8bitbuddhism.com/aires/nix-configuration/src/commit/433821ef0c46f08855a041c3aa97143a954564f5/modules/system/nix.nix#L57).
##### Pushing a build to a remote system
@ -125,12 +125,12 @@ To add a new host:
### Layout
This config uses two systems: Flakes, and Home-manager.
This config uses two main systems: Flakes, and Home-manager.
- Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined.
- Home-manager configs live in the `users/` folders.
- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `aux.system.ui.flatpak.enable = true;`.
- After adding a new module, make sure to `git add` it.
- After adding a new module, make sure to `git add` it before running `nixos-rebuild`.
### Features

6
flake.lock
View file

@ -248,11 +248,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1719145664,
"narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=",
"lastModified": 1719322773,
"narHash": "sha256-BqPxtFwXrpJQDh65NOIHX99pz2rtIMshG9Mt2xnnc5c=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e",
"rev": "caabc425565bbd5c8640630b0bf6974961a49242",
"type": "github"
},
"original": {

24
hosts/Haven/default.nix
View file

@ -83,6 +83,8 @@ in
airsonic = {
enable = true;
home = "${services-root}/airsonic-advanced";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.airsonic.url;
};
autoUpgrade = {
enable = false; # Don't update the system...
@ -104,6 +106,8 @@ in
forgejo = {
enable = true;
home = "${services-root}/forgejo";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.forgejo.url;
actions = {
enable = true;
token = config.secrets.services.forgejo.runner-token;
@ -136,15 +140,6 @@ in
extraConfig = "proxy_ssl_server_name on;";
};
};
"${config.secrets.services.forgejo.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
};
};
ssh = {
@ -152,8 +147,15 @@ in
ports = [ config.secrets.hosts.haven.ssh.port ];
};
virtualization = {
enable = true;
user = "aires";
host = {
enable = true;
user = "aires";
vmBuilds = {
enable = true;
cores = 3;
ram = 4096;
};
};
};
};
users.aires = {

5
hosts/Khanda/default.nix
View file

@ -54,7 +54,10 @@ in
# Change how long old generations are kept for.
retentionPeriod = "14d";
services.autoUpgrade.enable = false;
services = {
autoUpgrade.enable = false;
virtualization.enable = true;
};
ui = {
desktops.gnome.enable = true;

34
hosts/Shura/default.nix
View file

@ -66,12 +66,26 @@ in
# Keep old generations for one week.
retentionPeriod = "7d";
# Run daily automatic updates.
services.autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
services = {
# Run daily automatic updates.
autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};
# Install virtual machine management tools
virtualization = {
enable = true;
host = {
user = "aires";
vmBuilds = {
enable = true;
cores = 4;
ram = 4096;
};
};
};
};
ui = {
flatpak = {
@ -107,9 +121,6 @@ in
};
};
# Enable virtual machine manager
programs.virt-manager.enable = true;
# Move files into target system
systemd.tmpfiles.rules = [
# Use gremlin user's monitor config for GDM (defined above)
@ -123,9 +134,4 @@ in
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:34:30:47:37:AB/info - - - - ${vitrix-pdp-pro-bluetooth}"
];
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
};
}

7
modules/apps/development.nix
View file

@ -19,9 +19,10 @@ with lib;
config = mkMerge [
(mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [ "com.vscodium.codium" ];
aux.system.ui.flatpak = {
enable = true;
packages = [ "com.vscodium.codium" ];
};
})
(mkIf cfg.kubernetes.enable {
environment.systemPackages = with pkgs; [

7
modules/apps/dj.nix
View file

@ -10,8 +10,9 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [ "org.mixxx.Mixxx" ];
aux.system.ui.flatpak = {
enable = true;
packages = [ "org.mixxx.Mixxx" ];
};
};
}

16
modules/apps/gaming.nix
View file

@ -21,17 +21,19 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [
"gg.minion.Minion"
"com.valvesoftware.Steam"
"org.firestormviewer.FirestormViewer"
];
aux.system.ui.flatpak = {
enable = true;
packages = [
"gg.minion.Minion"
"com.valvesoftware.Steam"
"org.firestormviewer.FirestormViewer"
];
};
# Enable Xbox controller driver (XPadNeo)
hardware.xpadneo.enable = true;
# Add script to restart xpadneo in case of issues
environment.systemPackages = [ reset-controllers-script ];
aux.system.packages = [ reset-controllers-script ];
};
}

5
modules/apps/media.nix
View file

@ -10,9 +10,8 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak = {
aux.system.ui.flatpak = {
enable = true;
packages = [
"com.calibre_ebook.calibre"
"com.github.unrud.VideoDownloader"

13
modules/apps/office.nix
View file

@ -10,11 +10,12 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [
"org.onlyoffice.desktopeditors"
"us.zoom.Zoom"
];
aux.system.ui.flatpak = {
enable = true;
packages = [
"org.onlyoffice.desktopeditors"
"us.zoom.Zoom"
];
};
};
}

16
modules/apps/social.nix
View file

@ -15,13 +15,15 @@ with lib;
};
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
beeper
];
aux.system = {
allowUnfree = true;
ui.flatpak = {
enable = true;
packages = [ "com.discordapp.Discord" ];
};
};
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [ "com.discordapp.Discord" ];
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
environment.systemPackages = [ pkgs.beeper ];
};
}

16
modules/services/airsonic.nix
View file

@ -17,6 +17,18 @@ in
type = lib.types.str;
description = "Where to store Airsonic's files";
};
domain = lib.mkOption {
default = "";
type = lib.types.str;
description = "The root domain that Airsonic will be hosted on.";
example = "example.com";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where Airsonic is hosted.";
example = "https://forgejo.example.com";
};
};
};
@ -25,8 +37,8 @@ in
users.users.airsonic.extraGroups = [ "media" ];
services = {
nginx.virtualHosts."${config.secrets.services.airsonic.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4040";

10
modules/services/forgejo.nix
View file

@ -71,6 +71,16 @@ in
useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;

88
modules/services/virtualization.nix
View file

@ -12,40 +12,64 @@ in
{
options = {
aux.system.services.virtualization = {
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this host.");
user = lib.mkOption {
default = "";
type = lib.types.str;
description = "The default user to add as a KVM admin.";
};
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host.");
host = {
enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting.");
user = lib.mkOption {
default = "";
type = lib.types.str;
description = "The default user to add as a KVM admin.";
};
vmBuilds = {
enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host.");
cores = lib.mkOption {
type = lib.types.int;
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";
default = 2;
};
ram = lib.mkOption {
type = lib.types.int;
description = "How much RAM (in MB) to assign to `nixos-rebuild build-vm` builds. Defaults to 2GB.";
default = 2048;
};
};
};
spiceUSBRedirection.enable = true;
};
users.users.${cfg.user}.extraGroups = [ "libvirtd" ];
environment.systemPackages = with pkgs; [
spice
spice-gtk
spice-protocol
virt-viewer
];
programs.virt-manager.enable = true;
# Allow the default bridge interface to access the network
networking.firewall.trustedInterfaces = [ "virbr0" ];
};
config = lib.mkMerge [
({ programs.virt-manager.enable = cfg.enable; })
(lib.mkIf (cfg.host.enable || cfg.host.vmBuilds.enable) {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
};
};
spiceUSBRedirection.enable = true;
};
users.users.${cfg.host.user}.extraGroups = [ "libvirtd" ];
environment.systemPackages = with pkgs; [
spice
spice-gtk
spice-protocol
];
# Allow the default bridge interface to access the network
networking.firewall.trustedInterfaces = [ "virbr0" ];
})
(lib.mkIf cfg.host.vmBuilds.enable {
virtualisation.vmVariant.virtualisation = {
memorySize = cfg.host.vmBuilds.ram;
cores = cfg.host.vmBuilds.cores;
};
})
];
}

3
modules/ui/desktops/common.nix
View file

@ -77,6 +77,9 @@ in
# Enable touchpad support (enabled by default in most desktop managers, buuuut just in case).
libinput.enable = true;
# Enable printing support.
printing.enable = true;
};
# Support for AppImage files

8
modules/ui/desktops/gnome.nix
View file

@ -52,8 +52,6 @@ in
"org.gnome.World.Secrets"
"org.gtk.Gtk3theme.Adwaita-dark"
];
printing.enable = true;
};
environment = {
@ -104,11 +102,5 @@ in
platformTheme = "gnome";
style = "adwaita-dark";
};
# Support for AppImage files
programs.appimage = {
enable = true;
binfmt = true;
};
};
}

17
modules/ui/flatpak.nix
View file

@ -21,6 +21,16 @@ with lib;
default = [ ];
example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]";
};
remotes = lib.mkOption {
description = "The list of remote Flatpak repos to pull from. Includes Flathub by default.";
type = lib.types.listOf lib.types.attrs;
default = [
{
name = "flathub";
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
}
];
};
};
};
@ -36,12 +46,7 @@ with lib;
update.onActivation = true;
# Add remote(s)
remotes = [
{
name = "flathub";
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
}
];
remotes = cfg.remotes;
# Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
packages = cfg.packages;