diff --git a/README.md b/README.md index a7a7871..3f41d8d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # NixOS Configuration -A full set of configuration files managed via NixOS. This project follows the general structure of https://github.com/tiredofit/nixos-config +A full set of configuration files managed via NixOS. This project is an extension of the [Auxolotl system template](https://git.auxolotl.org/auxolotl/templates). > [!WARNING] > DO NOT DOWNLOAD AND RUN `nixos-rebuild` ON THIS REPOSITORY! These are my personal configuration files. I invite you to look through them, modify them, and take inspiration from them, but if you run `nixos-rebuild`, it _will completely overwrite your current system_! @@ -33,7 +33,7 @@ sudo nixos-rebuild switch --flake .#Shura ### Running updates -All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config. +All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config. Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`. @@ -76,7 +76,7 @@ To enable root builds on a host, add this to its config: nix.distributedBuilds = true; ``` -For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/base/nix.nix`](https://github.com/8bitbuddhist/nix-configuration/blob/b816d821636f9d30be905af80fe578c25ce74b92/modules/base/nix.nix#L41). +For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/system/nix.nix`](https://code.8bitbuddhism.com/aires/nix-configuration/src/commit/433821ef0c46f08855a041c3aa97143a954564f5/modules/system/nix.nix#L57). ##### Pushing a build to a remote system @@ -125,12 +125,12 @@ To add a new host: ### Layout -This config uses two systems: Flakes, and Home-manager. +This config uses two main systems: Flakes, and Home-manager. - Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined. - Home-manager configs live in the `users/` folders. - Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `aux.system.ui.flatpak.enable = true;`. - - After adding a new module, make sure to `git add` it. + - After adding a new module, make sure to `git add` it before running `nixos-rebuild`. ### Features diff --git a/flake.lock b/flake.lock index b26501a..184296c 100644 --- a/flake.lock +++ b/flake.lock @@ -248,11 +248,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719145664, - "narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=", + "lastModified": 1719322773, + "narHash": "sha256-BqPxtFwXrpJQDh65NOIHX99pz2rtIMshG9Mt2xnnc5c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e", + "rev": "caabc425565bbd5c8640630b0bf6974961a49242", "type": "github" }, "original": { diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 57d0336..788a0f4 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -83,6 +83,8 @@ in airsonic = { enable = true; home = "${services-root}/airsonic-advanced"; + domain = config.secrets.networking.primaryDomain; + url = config.secrets.services.airsonic.url; }; autoUpgrade = { enable = false; # Don't update the system... @@ -104,6 +106,8 @@ in forgejo = { enable = true; home = "${services-root}/forgejo"; + domain = config.secrets.networking.primaryDomain; + url = config.secrets.services.forgejo.url; actions = { enable = true; token = config.secrets.services.forgejo.runner-token; @@ -136,15 +140,6 @@ in extraConfig = "proxy_ssl_server_name on;"; }; }; - "${config.secrets.services.forgejo.url}" = { - useACMEHost = config.secrets.networking.primaryDomain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; - extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts - }; - }; }; }; ssh = { @@ -152,8 +147,15 @@ in ports = [ config.secrets.hosts.haven.ssh.port ]; }; virtualization = { - enable = true; - user = "aires"; + host = { + enable = true; + user = "aires"; + vmBuilds = { + enable = true; + cores = 3; + ram = 4096; + }; + }; }; }; users.aires = { diff --git a/hosts/Khanda/default.nix b/hosts/Khanda/default.nix index 4f097fb..516fac2 100644 --- a/hosts/Khanda/default.nix +++ b/hosts/Khanda/default.nix @@ -54,7 +54,10 @@ in # Change how long old generations are kept for. retentionPeriod = "14d"; - services.autoUpgrade.enable = false; + services = { + autoUpgrade.enable = false; + virtualization.enable = true; + }; ui = { desktops.gnome.enable = true; diff --git a/hosts/Shura/default.nix b/hosts/Shura/default.nix index b290fbf..dfc9db0 100644 --- a/hosts/Shura/default.nix +++ b/hosts/Shura/default.nix @@ -66,12 +66,26 @@ in # Keep old generations for one week. retentionPeriod = "7d"; - # Run daily automatic updates. - services.autoUpgrade = { - enable = true; - configDir = config.secrets.nixConfigFolder; - onCalendar = "daily"; - user = config.users.users.aires.name; + services = { + # Run daily automatic updates. + autoUpgrade = { + enable = true; + configDir = config.secrets.nixConfigFolder; + onCalendar = "daily"; + user = config.users.users.aires.name; + }; + # Install virtual machine management tools + virtualization = { + enable = true; + host = { + user = "aires"; + vmBuilds = { + enable = true; + cores = 4; + ram = 4096; + }; + }; + }; }; ui = { flatpak = { @@ -107,9 +121,6 @@ in }; }; - # Enable virtual machine manager - programs.virt-manager.enable = true; - # Move files into target system systemd.tmpfiles.rules = [ # Use gremlin user's monitor config for GDM (defined above) @@ -123,9 +134,4 @@ in "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:34:30:47:37:AB/info - - - - ${vitrix-pdp-pro-bluetooth}" ]; - # Configure the virtual machine created by nixos-rebuild build-vm - virtualisation.vmVariant.virtualisation = { - memorySize = 4096; - cores = 4; - }; } diff --git a/modules/apps/development.nix b/modules/apps/development.nix index e0969d4..f8c46b6 100644 --- a/modules/apps/development.nix +++ b/modules/apps/development.nix @@ -19,9 +19,10 @@ with lib; config = mkMerge [ (mkIf cfg.enable { - aux.system.ui.flatpak.enable = true; - - services.flatpak.packages = [ "com.vscodium.codium" ]; + aux.system.ui.flatpak = { + enable = true; + packages = [ "com.vscodium.codium" ]; + }; }) (mkIf cfg.kubernetes.enable { environment.systemPackages = with pkgs; [ diff --git a/modules/apps/dj.nix b/modules/apps/dj.nix index 18a762b..1a3391c 100644 --- a/modules/apps/dj.nix +++ b/modules/apps/dj.nix @@ -10,8 +10,9 @@ with lib; }; config = mkIf cfg.enable { - aux.system.ui.flatpak.enable = true; - - services.flatpak.packages = [ "org.mixxx.Mixxx" ]; + aux.system.ui.flatpak = { + enable = true; + packages = [ "org.mixxx.Mixxx" ]; + }; }; } diff --git a/modules/apps/gaming.nix b/modules/apps/gaming.nix index 3649641..c71f059 100644 --- a/modules/apps/gaming.nix +++ b/modules/apps/gaming.nix @@ -21,17 +21,19 @@ with lib; }; config = mkIf cfg.enable { - aux.system.ui.flatpak.enable = true; - services.flatpak.packages = [ - "gg.minion.Minion" - "com.valvesoftware.Steam" - "org.firestormviewer.FirestormViewer" - ]; + aux.system.ui.flatpak = { + enable = true; + packages = [ + "gg.minion.Minion" + "com.valvesoftware.Steam" + "org.firestormviewer.FirestormViewer" + ]; + }; # Enable Xbox controller driver (XPadNeo) hardware.xpadneo.enable = true; # Add script to restart xpadneo in case of issues - environment.systemPackages = [ reset-controllers-script ]; + aux.system.packages = [ reset-controllers-script ]; }; } diff --git a/modules/apps/media.nix b/modules/apps/media.nix index 21e0e2d..31b2dae 100644 --- a/modules/apps/media.nix +++ b/modules/apps/media.nix @@ -10,9 +10,8 @@ with lib; }; config = mkIf cfg.enable { - aux.system.ui.flatpak.enable = true; - - services.flatpak = { + aux.system.ui.flatpak = { + enable = true; packages = [ "com.calibre_ebook.calibre" "com.github.unrud.VideoDownloader" diff --git a/modules/apps/office.nix b/modules/apps/office.nix index 32a0583..d7cd286 100644 --- a/modules/apps/office.nix +++ b/modules/apps/office.nix @@ -10,11 +10,12 @@ with lib; }; config = mkIf cfg.enable { - aux.system.ui.flatpak.enable = true; - - services.flatpak.packages = [ - "org.onlyoffice.desktopeditors" - "us.zoom.Zoom" - ]; + aux.system.ui.flatpak = { + enable = true; + packages = [ + "org.onlyoffice.desktopeditors" + "us.zoom.Zoom" + ]; + }; }; } diff --git a/modules/apps/social.nix b/modules/apps/social.nix index 9e8ec03..9999bab 100644 --- a/modules/apps/social.nix +++ b/modules/apps/social.nix @@ -15,13 +15,15 @@ with lib; }; config = mkIf cfg.enable { - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - # Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1 - beeper - ]; + aux.system = { + allowUnfree = true; + ui.flatpak = { + enable = true; + packages = [ "com.discordapp.Discord" ]; + }; + }; - aux.system.ui.flatpak.enable = true; - services.flatpak.packages = [ "com.discordapp.Discord" ]; + # Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1 + environment.systemPackages = [ pkgs.beeper ]; }; } diff --git a/modules/services/airsonic.nix b/modules/services/airsonic.nix index a78a69a..619efac 100644 --- a/modules/services/airsonic.nix +++ b/modules/services/airsonic.nix @@ -17,6 +17,18 @@ in type = lib.types.str; description = "Where to store Airsonic's files"; }; + domain = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The root domain that Airsonic will be hosted on."; + example = "example.com"; + }; + url = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The complete URL where Airsonic is hosted."; + example = "https://forgejo.example.com"; + }; }; }; @@ -25,8 +37,8 @@ in users.users.airsonic.extraGroups = [ "media" ]; services = { - nginx.virtualHosts."${config.secrets.services.airsonic.url}" = { - useACMEHost = config.secrets.networking.primaryDomain; + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:4040"; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 92c302c..cd23191 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -71,6 +71,16 @@ in useWizard = true; } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; + extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts + }; + }; + # Enable runner for CI actions gitea-actions-runner = lib.mkIf cfg.actions.enable { package = pkgs.forgejo-actions-runner; diff --git a/modules/services/virtualization.nix b/modules/services/virtualization.nix index 1488382..d3390ed 100644 --- a/modules/services/virtualization.nix +++ b/modules/services/virtualization.nix @@ -12,40 +12,64 @@ in { options = { aux.system.services.virtualization = { - enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this host."); - user = lib.mkOption { - default = ""; - type = lib.types.str; - description = "The default user to add as a KVM admin."; - }; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation = { - libvirtd = { - enable = true; - qemu = { - package = pkgs.qemu_kvm; - swtpm.enable = true; - ovmf.enable = true; - ovmf.packages = [ pkgs.OVMFFull.fd ]; + enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host."); + host = { + enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting."); + user = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The default user to add as a KVM admin."; + }; + vmBuilds = { + enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host."); + cores = lib.mkOption { + type = lib.types.int; + description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2."; + default = 2; + }; + ram = lib.mkOption { + type = lib.types.int; + description = "How much RAM (in MB) to assign to `nixos-rebuild build-vm` builds. Defaults to 2GB."; + default = 2048; + }; }; }; - spiceUSBRedirection.enable = true; + }; - - users.users.${cfg.user}.extraGroups = [ "libvirtd" ]; - - environment.systemPackages = with pkgs; [ - spice - spice-gtk - spice-protocol - virt-viewer - ]; - programs.virt-manager.enable = true; - - # Allow the default bridge interface to access the network - networking.firewall.trustedInterfaces = [ "virbr0" ]; }; + + config = lib.mkMerge [ + ({ programs.virt-manager.enable = cfg.enable; }) + (lib.mkIf (cfg.host.enable || cfg.host.vmBuilds.enable) { + virtualisation = { + libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [ pkgs.OVMFFull.fd ]; + }; + }; + spiceUSBRedirection.enable = true; + }; + + users.users.${cfg.host.user}.extraGroups = [ "libvirtd" ]; + + environment.systemPackages = with pkgs; [ + spice + spice-gtk + spice-protocol + ]; + + # Allow the default bridge interface to access the network + networking.firewall.trustedInterfaces = [ "virbr0" ]; + }) + (lib.mkIf cfg.host.vmBuilds.enable { + virtualisation.vmVariant.virtualisation = { + memorySize = cfg.host.vmBuilds.ram; + cores = cfg.host.vmBuilds.cores; + }; + }) + ]; } diff --git a/modules/ui/desktops/common.nix b/modules/ui/desktops/common.nix index 0ed5e3a..812783b 100644 --- a/modules/ui/desktops/common.nix +++ b/modules/ui/desktops/common.nix @@ -77,6 +77,9 @@ in # Enable touchpad support (enabled by default in most desktop managers, buuuut just in case). libinput.enable = true; + + # Enable printing support. + printing.enable = true; }; # Support for AppImage files diff --git a/modules/ui/desktops/gnome.nix b/modules/ui/desktops/gnome.nix index e50a5ca..f10e92f 100644 --- a/modules/ui/desktops/gnome.nix +++ b/modules/ui/desktops/gnome.nix @@ -52,8 +52,6 @@ in "org.gnome.World.Secrets" "org.gtk.Gtk3theme.Adwaita-dark" ]; - - printing.enable = true; }; environment = { @@ -104,11 +102,5 @@ in platformTheme = "gnome"; style = "adwaita-dark"; }; - - # Support for AppImage files - programs.appimage = { - enable = true; - binfmt = true; - }; }; } diff --git a/modules/ui/flatpak.nix b/modules/ui/flatpak.nix index 91a4aeb..9a08e0e 100644 --- a/modules/ui/flatpak.nix +++ b/modules/ui/flatpak.nix @@ -21,6 +21,16 @@ with lib; default = [ ]; example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]"; }; + remotes = lib.mkOption { + description = "The list of remote Flatpak repos to pull from. Includes Flathub by default."; + type = lib.types.listOf lib.types.attrs; + default = [ + { + name = "flathub"; + location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; + } + ]; + }; }; }; @@ -36,12 +46,7 @@ with lib; update.onActivation = true; # Add remote(s) - remotes = [ - { - name = "flathub"; - location = "https://dl.flathub.org/repo/flathub.flatpakrepo"; - } - ]; + remotes = cfg.remotes; # Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak packages = cfg.packages;