1
0
Fork 0

Reworking moar modules

This commit is contained in:
Aires 2024-06-25 14:13:15 -04:00
parent 433821ef0c
commit 2eaa08b0a1
17 changed files with 174 additions and 111 deletions

View file

@ -1,6 +1,6 @@
# NixOS Configuration
A full set of configuration files managed via NixOS. This project follows the general structure of https://github.com/tiredofit/nixos-config
A full set of configuration files managed via NixOS. This project is an extension of the [Auxolotl system template](https://git.auxolotl.org/auxolotl/templates).
> [!WARNING]
> DO NOT DOWNLOAD AND RUN `nixos-rebuild` ON THIS REPOSITORY! These are my personal configuration files. I invite you to look through them, modify them, and take inspiration from them, but if you run `nixos-rebuild`, it _will completely overwrite your current system_!
@ -33,7 +33,7 @@ sudo nixos-rebuild switch --flake .#Shura
### Running updates
All hosts are configured to run automatic daily updates (see `modules/base/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
All hosts are configured to run automatic daily updates (see `modules/system/system.nix`). You can disable this by adding `aux.system.services.autoUpgrade = false;` to a hosts config.
Automatic updates work by `git pull`ing the latest version of the Repo from Forgejo. This repo gets updated nightly by Haven, which updates the `flake.lock` file and pushes it back up to Forgejo. Only one host needs to do this, and you can enable this feature on a host using `aux.system.services.autoUpgrade.pushUpdates = true;`.
@ -76,7 +76,7 @@ To enable root builds on a host, add this to its config:
nix.distributedBuilds = true;
```
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/base/nix.nix`](https://github.com/8bitbuddhist/nix-configuration/blob/b816d821636f9d30be905af80fe578c25ce74b92/modules/base/nix.nix#L41).
For hosts where `nix.distributedBuilds` is true, this repo automatically gives the local root user SSH access to an unprivileged user on the build systems. This is configured in `nix-secrets`, but the build systems are defined in [`modules/system/nix.nix`](https://code.8bitbuddhism.com/aires/nix-configuration/src/commit/433821ef0c46f08855a041c3aa97143a954564f5/modules/system/nix.nix#L57).
##### Pushing a build to a remote system
@ -125,12 +125,12 @@ To add a new host:
### Layout
This config uses two systems: Flakes, and Home-manager.
This config uses two main systems: Flakes, and Home-manager.
- Flakes are the entrypoint, via `flake.nix`. This is where Flake inputs and Flake-specific options get defined.
- Home-manager configs live in the `users/` folders.
- Modules are stored in `modules`. All of these files are automatically imported (except home-manager modules); you simply enable the ones you want to use, and disable the ones you don't. For example, to install Flatpak, set `aux.system.ui.flatpak.enable = true;`.
- After adding a new module, make sure to `git add` it.
- After adding a new module, make sure to `git add` it before running `nixos-rebuild`.
### Features

View file

@ -248,11 +248,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1719145664,
"narHash": "sha256-+0bBlerLxsHUJcKPDWZM1wL3V9bzCFjz+VyRTG8fnUA=",
"lastModified": 1719322773,
"narHash": "sha256-BqPxtFwXrpJQDh65NOIHX99pz2rtIMshG9Mt2xnnc5c=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "c3e48cbd88414f583ff08804eb57b0da4c194f9e",
"rev": "caabc425565bbd5c8640630b0bf6974961a49242",
"type": "github"
},
"original": {

View file

@ -83,6 +83,8 @@ in
airsonic = {
enable = true;
home = "${services-root}/airsonic-advanced";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.airsonic.url;
};
autoUpgrade = {
enable = false; # Don't update the system...
@ -104,6 +106,8 @@ in
forgejo = {
enable = true;
home = "${services-root}/forgejo";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.forgejo.url;
actions = {
enable = true;
token = config.secrets.services.forgejo.runner-token;
@ -136,15 +140,6 @@ in
extraConfig = "proxy_ssl_server_name on;";
};
};
"${config.secrets.services.forgejo.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
};
};
ssh = {
@ -152,8 +147,15 @@ in
ports = [ config.secrets.hosts.haven.ssh.port ];
};
virtualization = {
host = {
enable = true;
user = "aires";
vmBuilds = {
enable = true;
cores = 3;
ram = 4096;
};
};
};
};
users.aires = {

View file

@ -54,7 +54,10 @@ in
# Change how long old generations are kept for.
retentionPeriod = "14d";
services.autoUpgrade.enable = false;
services = {
autoUpgrade.enable = false;
virtualization.enable = true;
};
ui = {
desktops.gnome.enable = true;

View file

@ -66,13 +66,27 @@ in
# Keep old generations for one week.
retentionPeriod = "7d";
services = {
# Run daily automatic updates.
services.autoUpgrade = {
autoUpgrade = {
enable = true;
configDir = config.secrets.nixConfigFolder;
onCalendar = "daily";
user = config.users.users.aires.name;
};
# Install virtual machine management tools
virtualization = {
enable = true;
host = {
user = "aires";
vmBuilds = {
enable = true;
cores = 4;
ram = 4096;
};
};
};
};
ui = {
flatpak = {
# Enable Flatpak support.
@ -107,9 +121,6 @@ in
};
};
# Enable virtual machine manager
programs.virt-manager.enable = true;
# Move files into target system
systemd.tmpfiles.rules = [
# Use gremlin user's monitor config for GDM (defined above)
@ -123,9 +134,4 @@ in
"L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:34:30:47:37:AB/info - - - - ${vitrix-pdp-pro-bluetooth}"
];
# Configure the virtual machine created by nixos-rebuild build-vm
virtualisation.vmVariant.virtualisation = {
memorySize = 4096;
cores = 4;
};
}

View file

@ -19,9 +19,10 @@ with lib;
config = mkMerge [
(mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [ "com.vscodium.codium" ];
aux.system.ui.flatpak = {
enable = true;
packages = [ "com.vscodium.codium" ];
};
})
(mkIf cfg.kubernetes.enable {
environment.systemPackages = with pkgs; [

View file

@ -10,8 +10,9 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [ "org.mixxx.Mixxx" ];
aux.system.ui.flatpak = {
enable = true;
packages = [ "org.mixxx.Mixxx" ];
};
};
}

View file

@ -21,17 +21,19 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [
aux.system.ui.flatpak = {
enable = true;
packages = [
"gg.minion.Minion"
"com.valvesoftware.Steam"
"org.firestormviewer.FirestormViewer"
];
};
# Enable Xbox controller driver (XPadNeo)
hardware.xpadneo.enable = true;
# Add script to restart xpadneo in case of issues
environment.systemPackages = [ reset-controllers-script ];
aux.system.packages = [ reset-controllers-script ];
};
}

View file

@ -10,9 +10,8 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak = {
aux.system.ui.flatpak = {
enable = true;
packages = [
"com.calibre_ebook.calibre"
"com.github.unrud.VideoDownloader"

View file

@ -10,11 +10,12 @@ with lib;
};
config = mkIf cfg.enable {
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [
aux.system.ui.flatpak = {
enable = true;
packages = [
"org.onlyoffice.desktopeditors"
"us.zoom.Zoom"
];
};
};
}

View file

@ -15,13 +15,15 @@ with lib;
};
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
beeper
];
aux.system = {
allowUnfree = true;
ui.flatpak = {
enable = true;
packages = [ "com.discordapp.Discord" ];
};
};
aux.system.ui.flatpak.enable = true;
services.flatpak.packages = [ "com.discordapp.Discord" ];
# Check Beeper Flatpak status here: https://github.com/daegalus/beeper-flatpak-wip/issues/1
environment.systemPackages = [ pkgs.beeper ];
};
}

View file

@ -17,6 +17,18 @@ in
type = lib.types.str;
description = "Where to store Airsonic's files";
};
domain = lib.mkOption {
default = "";
type = lib.types.str;
description = "The root domain that Airsonic will be hosted on.";
example = "example.com";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where Airsonic is hosted.";
example = "https://forgejo.example.com";
};
};
};
@ -25,8 +37,8 @@ in
users.users.airsonic.extraGroups = [ "media" ];
services = {
nginx.virtualHosts."${config.secrets.services.airsonic.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4040";

View file

@ -71,6 +71,16 @@ in
useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;

View file

@ -12,16 +12,35 @@ in
{
options = {
aux.system.services.virtualization = {
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization hosting tools on this host.");
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host.");
host = {
enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting.");
user = lib.mkOption {
default = "";
type = lib.types.str;
description = "The default user to add as a KVM admin.";
};
vmBuilds = {
enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host.");
cores = lib.mkOption {
type = lib.types.int;
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";
default = 2;
};
ram = lib.mkOption {
type = lib.types.int;
description = "How much RAM (in MB) to assign to `nixos-rebuild build-vm` builds. Defaults to 2GB.";
default = 2048;
};
};
};
config = lib.mkIf cfg.enable {
};
};
config = lib.mkMerge [
({ programs.virt-manager.enable = cfg.enable; })
(lib.mkIf (cfg.host.enable || cfg.host.vmBuilds.enable) {
virtualisation = {
libvirtd = {
enable = true;
@ -35,17 +54,22 @@ in
spiceUSBRedirection.enable = true;
};
users.users.${cfg.user}.extraGroups = [ "libvirtd" ];
users.users.${cfg.host.user}.extraGroups = [ "libvirtd" ];
environment.systemPackages = with pkgs; [
spice
spice-gtk
spice-protocol
virt-viewer
];
programs.virt-manager.enable = true;
# Allow the default bridge interface to access the network
networking.firewall.trustedInterfaces = [ "virbr0" ];
})
(lib.mkIf cfg.host.vmBuilds.enable {
virtualisation.vmVariant.virtualisation = {
memorySize = cfg.host.vmBuilds.ram;
cores = cfg.host.vmBuilds.cores;
};
})
];
}

View file

@ -77,6 +77,9 @@ in
# Enable touchpad support (enabled by default in most desktop managers, buuuut just in case).
libinput.enable = true;
# Enable printing support.
printing.enable = true;
};
# Support for AppImage files

View file

@ -52,8 +52,6 @@ in
"org.gnome.World.Secrets"
"org.gtk.Gtk3theme.Adwaita-dark"
];
printing.enable = true;
};
environment = {
@ -104,11 +102,5 @@ in
platformTheme = "gnome";
style = "adwaita-dark";
};
# Support for AppImage files
programs.appimage = {
enable = true;
binfmt = true;
};
};
}

View file

@ -21,6 +21,16 @@ with lib;
default = [ ];
example = lib.literalExpression "[ \"com.valvesoftware.Steam\" ]";
};
remotes = lib.mkOption {
description = "The list of remote Flatpak repos to pull from. Includes Flathub by default.";
type = lib.types.listOf lib.types.attrs;
default = [
{
name = "flathub";
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
}
];
};
};
};
@ -36,12 +46,7 @@ with lib;
update.onActivation = true;
# Add remote(s)
remotes = [
{
name = "flathub";
location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
}
];
remotes = cfg.remotes;
# Install base Flatpaks. For details, see https://github.com/gmodena/nix-flatpak
packages = cfg.packages;