Reworking moar modules
This commit is contained in:
parent
433821ef0c
commit
2eaa08b0a1
10
README.md
10
README.md
|
@ -1,6 +1,6 @@
|
|||
# NixOS Configuration
|
||||
|
||||
A full set of configuration files managed via NixOS. This project follows the general structure of https://github.com/tiredofit/nixos-config
|
||||
A full set of configuration files managed via NixOS. This project is an extension of the [Auxolotl system template](https://git.auxolotl.org/auxolotl/templates).
|
||||
|
||||
> [!WARNING]
|
||||
> DO NOT DOWNLOAD AND RUN `nixos-rebuild` ON THIS REPOSITORY! These are my personal configuration files. I invite you to look through them, modify them, and take inspiration from them, but if you run `nixos-rebuild`, it _will completely overwrite your current system_!
|
||||
|
@ -33,7 +33,7 @@ sudo nixos-rebuild switch --flake .#Shura
|
|||
|
||||
### Running updates
|
||||
|
||||
All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
|
||||
All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
|
||||
|
||||
Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
|
||||
|
||||
|
@ -76,7 +76,7 @@ To enable root builds on a host, add this to its config:
|
|||
nix.distributedBuilds = true;
|
||||
```
|
||||
|
||||
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/base/nix.nix`](https://github.com/8bitbuddhist/nix-configuration/blob/b816d821636f9d30be905af80fe578c25ce74b92/modules/base/nix.nix#L41).
|
||||
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/system/nix.nix`](https://code.8bitbuddhism.com/aires/nix-configuration/src/commit/433821ef0c46f08855a041c3aa97143a954564f5/modules/system/nix.nix#L57).
|
||||
|
||||
##### Pushing a build to a remote system
|
||||
|
||||
|
@ -125,12 +125,12 @@ To add a new host:
|
|||
|
||||
### Layout
|
||||
|
||||
This config uses two systems: Flakes, and Home-manager.
|
||||
This config uses two main systems: Flakes, and Home-manager.
|
||||
|
||||
- Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined.
|
||||
- Home-manager configs live in the `users/` folders.
|
||||
- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `aux.system.ui.flatpak.enable = true;`.
|
||||
- After adding a new module, make sure to `git add` it.
|
||||
- After adding a new module, make sure to `git add` it before running `nixos-rebuild`.
|
||||
|
||||
### Features
|
||||
|
||||
|
|
|
@ -248,11 +248,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1719145664,
|
||||
"narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=",
|
||||
"lastModified": 1719322773,
|
||||
"narHash": "sha256-BqPxtFwXrpJQDh65NOIHX99pz2rtIMshG9Mt2xnnc5c=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e",
|
||||
"rev": "caabc425565bbd5c8640630b0bf6974961a49242",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -83,6 +83,8 @@ in
|
|||
airsonic = {
|
||||
enable = true;
|
||||
home = "${services-root}/airsonic-advanced";
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
url = config.secrets.services.airsonic.url;
|
||||
};
|
||||
autoUpgrade = {
|
||||
enable = false; # Don't update the system...
|
||||
|
@ -104,6 +106,8 @@ in
|
|||
forgejo = {
|
||||
enable = true;
|
||||
home = "${services-root}/forgejo";
|
||||
domain = config.secrets.networking.primaryDomain;
|
||||
url = config.secrets.services.forgejo.url;
|
||||
actions = {
|
||||
enable = true;
|
||||
token = config.secrets.services.forgejo.runner-token;
|
||||
|
@ -136,15 +140,6 @@ in
|
|||
extraConfig = "proxy_ssl_server_name on;";
|
||||
};
|
||||
};
|
||||
"${config.secrets.services.forgejo.url}" = {
|
||||
useACMEHost = config.secrets.networking.primaryDomain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
ssh = {
|
||||
|
@ -152,8 +147,15 @@ in
|
|||
ports = [ config.secrets.hosts.haven.ssh.port ];
|
||||
};
|
||||
virtualization = {
|
||||
host = {
|
||||
enable = true;
|
||||
user = "aires";
|
||||
vmBuilds = {
|
||||
enable = true;
|
||||
cores = 3;
|
||||
ram = 4096;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
users.aires = {
|
||||
|
|
|
@ -54,7 +54,10 @@ in
|
|||
# Change how long old generations are kept for.
|
||||
retentionPeriod = "14d";
|
||||
|
||||
services.autoUpgrade.enable = false;
|
||||
services = {
|
||||
autoUpgrade.enable = false;
|
||||
virtualization.enable = true;
|
||||
};
|
||||
|
||||
ui = {
|
||||
desktops.gnome.enable = true;
|
||||
|
|
|
@ -66,13 +66,27 @@ in
|
|||
# Keep old generations for one week.
|
||||
retentionPeriod = "7d";
|
||||
|
||||
services = {
|
||||
# Run daily automatic updates.
|
||||
services.autoUpgrade = {
|
||||
autoUpgrade = {
|
||||
enable = true;
|
||||
configDir = config.secrets.nixConfigFolder;
|
||||
onCalendar = "daily";
|
||||
user = config.users.users.aires.name;
|
||||
};
|
||||
# Install virtual machine management tools
|
||||
virtualization = {
|
||||
enable = true;
|
||||
host = {
|
||||
user = "aires";
|
||||
vmBuilds = {
|
||||
enable = true;
|
||||
cores = 4;
|
||||
ram = 4096;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
ui = {
|
||||
flatpak = {
|
||||
# Enable Flatpak support.
|
||||
|
@ -107,9 +121,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# Enable virtual machine manager
|
||||
programs.virt-manager.enable = true;
|
||||
|
||||
# Move files into target system
|
||||
systemd.tmpfiles.rules = [
|
||||
# Use gremlin user's monitor config for GDM (defined above)
|
||||
|
@ -123,9 +134,4 @@ in
|
|||
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:34:30:47:37:AB/info - - - - ${vitrix-pdp-pro-bluetooth}"
|
||||
];
|
||||
|
||||
# Configure the virtual machine created by nixos-rebuild build-vm
|
||||
virtualisation.vmVariant.virtualisation = {
|
||||
memorySize = 4096;
|
||||
cores = 4;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -19,9 +19,10 @@ with lib;
|
|||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
aux.system.ui.flatpak.enable = true;
|
||||
|
||||
services.flatpak.packages = [ "com.vscodium.codium" ];
|
||||
aux.system.ui.flatpak = {
|
||||
enable = true;
|
||||
packages = [ "com.vscodium.codium" ];
|
||||
};
|
||||
})
|
||||
(mkIf cfg.kubernetes.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
@ -10,8 +10,9 @@ with lib;
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
aux.system.ui.flatpak.enable = true;
|
||||
|
||||
services.flatpak.packages = [ "org.mixxx.Mixxx" ];
|
||||
aux.system.ui.flatpak = {
|
||||
enable = true;
|
||||
packages = [ "org.mixxx.Mixxx" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -21,17 +21,19 @@ with lib;
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
aux.system.ui.flatpak.enable = true;
|
||||
services.flatpak.packages = [
|
||||
aux.system.ui.flatpak = {
|
||||
enable = true;
|
||||
packages = [
|
||||
"gg.minion.Minion"
|
||||
"com.valvesoftware.Steam"
|
||||
"org.firestormviewer.FirestormViewer"
|
||||
];
|
||||
};
|
||||
|
||||
# Enable Xbox controller driver (XPadNeo)
|
||||
hardware.xpadneo.enable = true;
|
||||
|
||||
# Add script to restart xpadneo in case of issues
|
||||
environment.systemPackages = [ reset-controllers-script ];
|
||||
aux.system.packages = [ reset-controllers-script ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,9 +10,8 @@ with lib;
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
aux.system.ui.flatpak.enable = true;
|
||||
|
||||
services.flatpak = {
|
||||
aux.system.ui.flatpak = {
|
||||
enable = true;
|
||||
packages = [
|
||||
"com.calibre_ebook.calibre"
|
||||
"com.github.unrud.VideoDownloader"
|
||||
|
|
|
@ -10,11 +10,12 @@ with lib;
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
aux.system.ui.flatpak.enable = true;
|
||||
|
||||
services.flatpak.packages = [
|
||||
aux.system.ui.flatpak = {
|
||||
enable = true;
|
||||
packages = [
|
||||
"org.onlyoffice.desktopeditors"
|
||||
"us.zoom.Zoom"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,13 +15,15 @@ with lib;
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
|
||||
beeper
|
||||
];
|
||||
aux.system = {
|
||||
allowUnfree = true;
|
||||
ui.flatpak = {
|
||||
enable = true;
|
||||
packages = [ "com.discordapp.Discord" ];
|
||||
};
|
||||
};
|
||||
|
||||
aux.system.ui.flatpak.enable = true;
|
||||
services.flatpak.packages = [ "com.discordapp.Discord" ];
|
||||
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
|
||||
environment.systemPackages = [ pkgs.beeper ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,6 +17,18 @@ in
|
|||
type = lib.types.str;
|
||||
description = "Where to store Airsonic's files";
|
||||
};
|
||||
domain = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "The root domain that Airsonic will be hosted on.";
|
||||
example = "example.com";
|
||||
};
|
||||
url = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "The complete URL where Airsonic is hosted.";
|
||||
example = "https://forgejo.example.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -25,8 +37,8 @@ in
|
|||
users.users.airsonic.extraGroups = [ "media" ];
|
||||
|
||||
services = {
|
||||
nginx.virtualHosts."${config.secrets.services.airsonic.url}" = {
|
||||
useACMEHost = config.secrets.networking.primaryDomain;
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4040";
|
||||
|
|
|
@ -71,6 +71,16 @@ in
|
|||
useWizard = true;
|
||||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
||||
};
|
||||
};
|
||||
|
||||
# Enable runner for CI actions
|
||||
gitea-actions-runner = lib.mkIf cfg.actions.enable {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
|
|
|
@ -12,16 +12,35 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.virtualization = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this host.");
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host.");
|
||||
host = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting.");
|
||||
user = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "The default user to add as a KVM admin.";
|
||||
};
|
||||
vmBuilds = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host.");
|
||||
cores = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";
|
||||
default = 2;
|
||||
};
|
||||
ram = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = "How much RAM (in MB) to assign to `nixos-rebuild build-vm` builds. Defaults to 2GB.";
|
||||
default = 2048;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
({ programs.virt-manager.enable = cfg.enable; })
|
||||
(lib.mkIf (cfg.host.enable || cfg.host.vmBuilds.enable) {
|
||||
virtualisation = {
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
|
@ -35,17 +54,22 @@ in
|
|||
spiceUSBRedirection.enable = true;
|
||||
};
|
||||
|
||||
users.users.${cfg.user}.extraGroups = [ "libvirtd" ];
|
||||
users.users.${cfg.host.user}.extraGroups = [ "libvirtd" ];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
spice
|
||||
spice-gtk
|
||||
spice-protocol
|
||||
virt-viewer
|
||||
];
|
||||
programs.virt-manager.enable = true;
|
||||
|
||||
# Allow the default bridge interface to access the network
|
||||
networking.firewall.trustedInterfaces = [ "virbr0" ];
|
||||
})
|
||||
(lib.mkIf cfg.host.vmBuilds.enable {
|
||||
virtualisation.vmVariant.virtualisation = {
|
||||
memorySize = cfg.host.vmBuilds.ram;
|
||||
cores = cfg.host.vmBuilds.cores;
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -77,6 +77,9 @@ in
|
|||
|
||||
# Enable touchpad support (enabled by default in most desktop managers, buuuut just in case).
|
||||
libinput.enable = true;
|
||||
|
||||
# Enable printing support.
|
||||
printing.enable = true;
|
||||
};
|
||||
|
||||
# Support for AppImage files
|
||||
|
|
|
@ -52,8 +52,6 @@ in
|
|||
"org.gnome.World.Secrets"
|
||||
"org.gtk.Gtk3theme.Adwaita-dark"
|
||||
];
|
||||
|
||||
printing.enable = true;
|
||||
};
|
||||
|
||||
environment = {
|
||||
|
@ -104,11 +102,5 @@ in
|
|||
platformTheme = "gnome";
|
||||
style = "adwaita-dark";
|
||||
};
|
||||
|
||||
# Support for AppImage files
|
||||
programs.appimage = {
|
||||
enable = true;
|
||||
binfmt = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -21,6 +21,16 @@ with lib;
|
|||
default = [ ];
|
||||
example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]";
|
||||
};
|
||||
remotes = lib.mkOption {
|
||||
description = "The list of remote Flatpak repos to pull from. Includes Flathub by default.";
|
||||
type = lib.types.listOf lib.types.attrs;
|
||||
default = [
|
||||
{
|
||||
name = "flathub";
|
||||
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -36,12 +46,7 @@ with lib;
|
|||
update.onActivation = true;
|
||||
|
||||
# Add remote(s)
|
||||
remotes = [
|
||||
{
|
||||
name = "flathub";
|
||||
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
|
||||
}
|
||||
];
|
||||
remotes = cfg.remotes;
|
||||
|
||||
# Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
|
||||
packages = cfg.packages;
|
||||
|
|
Loading…
Reference in a new issue