1
0
Fork 0

Compare commits

..

No commits in common. "38c0c493f25ef0c44f972c83c24504fa2e242fc9" and "6ab9a35136406a437ab32dba72b66890301d3174" have entirely different histories.

43 changed files with 276 additions and 198 deletions

View file

@ -297,11 +297,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1725693463, "lastModified": 1725407940,
"narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=", "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "68e7dce0a6532e876980764167ad158174402c6f", "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -378,11 +378,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1725813930, "lastModified": 1725641701,
"narHash": "sha256-UxqJm3MlHVrPofm/4Z1dR9Xpo49Xc0HGQ/Mg/bQ5oqI=", "narHash": "sha256-bTnYSs06iwnS6a1jYLpwjwVpFcP/iDs/6q5gnFcO+sQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "2e559fbe36dc49c3ea63cc9856b899eb9269950f", "rev": "25576ffa753b96e2289380feb81d3ed82e00cbc7",
"revCount": 69, "revCount": 68,
"type": "git", "type": "git",
"url": "file:./secrets" "url": "file:./secrets"
}, },

View file

@ -36,6 +36,10 @@ in
networking.hostName = hostName; networking.hostName = hostName;
###*** Configure your system below this line. ***### ###*** Configure your system below this line. ***###
# Set your time zone.
# To see all available timezones, run `timedatectl list-timezones`.
time.timeZone = "America/New_York";
# Build Nix packages for other hosts. # Build Nix packages for other hosts.
# Runs every day at 4 AM # Runs every day at 4 AM
systemd = { systemd = {
@ -170,6 +174,7 @@ in
}; };
nginx = { nginx = {
enable = true; enable = true;
autostart = false;
virtualHosts = { virtualHosts = {
"${config.secrets.networking.domains.primary}" = { "${config.secrets.networking.domains.primary}" = {
default = true; default = true;
@ -218,7 +223,7 @@ in
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
home = "${services-root}/syncthing/aires"; autostart = false;
}; };
}; };
}; };

View file

@ -7,6 +7,8 @@ let
# Where to store service files # Where to store service files
services-root = "/storage/services"; services-root = "/storage/services";
# Script to start services
start-services = pkgs.writeShellScriptBin "start-services" (builtins.readFile ./start-services.sh);
# Credentials for interacting with the Namecheap API # Credentials for interacting with the Namecheap API
namecheapCredentials = { namecheapCredentials = {
@ -35,6 +37,10 @@ in
networking.hostName = hostName; networking.hostName = hostName;
###*** Configure your system below this line. ***### ###*** Configure your system below this line. ***###
# Set your time zone.
# To see all available timezones, run `timedatectl list-timezones`.
time.timeZone = "America/New_York";
# Build Nix packages for other hosts. # Build Nix packages for other hosts.
# Runs every day at 4 AM # Runs every day at 4 AM
systemd = { systemd = {
@ -81,6 +87,8 @@ in
# Enable GPU support. # Enable GPU support.
gpu.amd.enable = true; gpu.amd.enable = true;
packages = [ start-services ];
# Enable support for primary RAID array # Enable support for primary RAID array
raid.storage.enable = true; raid.storage.enable = true;
@ -163,6 +171,7 @@ in
}; };
nginx = { nginx = {
enable = true; enable = true;
autostart = false;
virtualHosts = { virtualHosts = {
"${config.secrets.networking.domains.primary}" = { "${config.secrets.networking.domains.primary}" = {
default = true; default = true;
@ -208,7 +217,7 @@ in
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
home = "${services-root}/syncthing/aires"; autostart = false;
}; };
}; };
}; };

View file

@ -41,4 +41,23 @@ in
size = 16384; size = 16384;
}; };
}; };
# Automatically scrub the RAID array monthly
systemd.services."raid-scrub" = {
description = "Periodically scrub RAID volumes for errors.";
serviceConfig = {
Type = "oneshot";
User = "root";
};
script = "echo check > /sys/block/md127/md/sync_action";
};
systemd.timers."raid-scrub" = {
description = "Periodically scrub RAID volumes for errors.";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "monthly";
Persistent = true;
Unit = "raid-scrub.service";
};
};
} }

View file

@ -0,0 +1,26 @@
#!/bin/sh
# Script to unlock the /storage partition and start up services that depend on it.
# check if the current user is root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Unlock and mount storage directory if we haven't already
if [ -e "/dev/mapper/storage" ]; then
echo "Storage partition already mounted."
else
echo "Unlocking storage partition..."
cryptsetup luksOpen /dev/md/Sapana storage
mount /dev/mapper/storage /storage
echo "Storage partition mounted."
fi
echo "Starting services..."
systemctl restart deluged.service delugeweb.service duplicacy-web.service forgejo.service jellyfin.service
systemctl --machine aires@.host --user start syncthing.service
systemctl restart nginx.service
echo "Services started. $(hostname) is ready to go!"
exit 0

View file

@ -12,6 +12,10 @@ in
networking.hostName = hostName; networking.hostName = hostName;
###*** Configure your system below this line. ***### ###*** Configure your system below this line. ***###
# Set your time zone.
# To see all available timezones, run `timedatectl list-timezones`.
time.timeZone = "America/New_York";
# Configure the system. # Configure the system.
aux.system = { aux.system = {
# Enable to allow unfree (e.g. closed source) packages. # Enable to allow unfree (e.g. closed source) packages.
@ -76,7 +80,12 @@ in
users.aires = { users.aires = {
enable = true; enable = true;
services.syncthing.enable = true; services = {
syncthing = {
enable = true;
autostart = true;
};
};
}; };
}; };

View file

@ -12,17 +12,7 @@ in
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
system.stateVersion = stateVersion; system.stateVersion = stateVersion;
networking = { networking.hostName = hostName;
hostName = hostName;
# Connect to the network automagically
networkmanager.enable = lib.mkForce false;
wireless.networks = {
"${config.secrets.networking.networks.home.SSID}" = {
psk = "${config.secrets.networking.networks.home.password}";
};
};
};
aux.system = { aux.system = {
bootloader.enable = false; # Bootloader configured in hardware-configuration.nix bootloader.enable = false; # Bootloader configured in hardware-configuration.nix
@ -40,4 +30,16 @@ in
}; };
nix.distributedBuilds = true; nix.distributedBuilds = true;
time.timeZone = "America/New_York";
# Connect to the network automagically
networking = {
networkmanager.enable = lib.mkForce false;
wireless.networks = {
"${config.secrets.networking.networks.home.SSID}" = {
psk = "${config.secrets.networking.networks.home.password}";
};
};
};
} }

View file

@ -34,7 +34,7 @@ in
enable = true; enable = true;
services.syncthing = { services.syncthing = {
enable = true; enable = true;
home = "/home/aires/.config/syncthing"; autostart = true;
}; };
}; };
}; };

View file

@ -10,7 +10,7 @@ let
in in
{ {
options = { options = {
aux.system.apps.writing.enable = lib.mkEnableOption "Enables writing and editing tools"; aux.system.apps.writing.enable = lib.mkEnableOption (lib.mdDoc "Enables writing and editing tools");
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -8,12 +8,19 @@
{ {
config = { config = {
# Install base packages # Install ZSH for all users
aux.system.packages = with pkgs; [ programs.zsh.enable = true;
fastfetch # Show a neat system statistics screen when opening a terminal users.defaultUserShell = pkgs.zsh;
htop # System monitor
zellij # Terminal multiplexer aux.system = {
]; packages = with pkgs; [
fastfetch # Show a neat system statistics screen when opening a terminal
htop
mdadm # RAID management
nh # Nix Helper: https://github.com/viperML/nh
zellij # Terminal multiplexer
];
};
# Allow packages from the unstable repo by using 'pkgs.unstable' # Allow packages from the unstable repo by using 'pkgs.unstable'
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -26,17 +33,14 @@
]; ];
programs = { programs = {
# Install ZSH for all users
zsh.enable = true;
# Enable NH, an alternative nixos-rebuild frontend. # Enable NH, an alternative nixos-rebuild frontend.
# https://github.com/viperML/nh
nh = { nh = {
enable = true; enable = true;
flake = "${config.secrets.nixConfigFolder}"; flake = "${config.secrets.nixConfigFolder}";
}; };
# Configure nano # Do some additional Nano configuration
nano.nanorc = '' nano.nanorc = ''
set linenumbers
set tabsize 4 set tabsize 4
set softwrap set softwrap
set autoindent set autoindent
@ -44,7 +48,6 @@
''; '';
}; };
# Set ZSH as the default shell services.fail2ban.enable = true;
users.defaultUserShell = pkgs.zsh;
}; };
} }

View file

@ -7,7 +7,7 @@ in
{ {
options = { options = {
aux.system.services.myModule = { aux.system.services.myModule = {
enable = lib.mkEnableOption "Enables this example module."; enable = lib.mkEnableOption (lib.mdDoc "Enables this example module.");
attributes = lib.mkOption { attributes = lib.mkOption {
default = { }; default = { };
type = lib.types.attrs; type = lib.types.attrs;

View file

@ -6,7 +6,9 @@ in
{ {
options = { options = {
aux.system.services.acme = { aux.system.services.acme = {
enable = lib.mkEnableOption "Enable the ACME client (for Let's Encrypt TLS certificates)."; enable = lib.mkEnableOption (
lib.mdDoc "Enable the ACME client (for Let's Encrypt TLS certificates)."
);
certs = lib.mkOption { certs = lib.mkOption {
default = { }; default = { };
type = lib.types.attrs; type = lib.types.attrs;

View file

@ -10,7 +10,7 @@ in
{ {
options = { options = {
aux.system.services.airsonic = { aux.system.services.airsonic = {
enable = lib.mkEnableOption "Enables Airsonic Advanced media streaming service."; enable = lib.mkEnableOption (lib.mdDoc "Enables Airsonic Advanced media streaming service.");
home = lib.mkOption { home = lib.mkOption {
default = "/var/lib/airsonic"; default = "/var/lib/airsonic";
type = lib.types.str; type = lib.types.str;

View file

@ -7,7 +7,7 @@ in
{ {
options = { options = {
aux.system.services.autoUpgrade = { aux.system.services.autoUpgrade = {
enable = lib.mkEnableOption "Enables automatic system updates."; enable = lib.mkEnableOption (lib.mdDoc "Enables automatic system updates.");
branches = lib.mkOption { branches = lib.mkOption {
type = lib.types.attrs; type = lib.types.attrs;
description = "Which local and remote branches to compare."; description = "Which local and remote branches to compare.";
@ -31,7 +31,9 @@ in
type = lib.types.bool; type = lib.types.bool;
description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down."; description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
}; };
pushUpdates = lib.mkEnableOption "Updates the flake.lock file and pushes it back to the repo."; pushUpdates = lib.mkEnableOption (
lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
);
user = lib.mkOption { user = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "The user who owns the configDir."; description = "The user who owns the configDir.";

View file

@ -10,7 +10,9 @@ let
in in
{ {
options = { options = {
aux.system.services.boinc.enable = lib.mkEnableOption "Enables BOINC distributed computing service."; aux.system.services.boinc.enable = lib.mkEnableOption (
lib.mdDoc "Enables BOINC distributed computing service."
);
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -24,7 +24,7 @@ in
{ {
options = { options = {
aux.system.services.forgejo = { aux.system.services.forgejo = {
enable = lib.mkEnableOption "Enables Forgejo Git hosting service."; enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
domain = lib.mkOption { domain = lib.mkOption {
default = "/var/lib/forgejo"; default = "/var/lib/forgejo";
type = lib.types.str; type = lib.types.str;
@ -44,7 +44,7 @@ in
example = "https://forgejo.example.com"; example = "https://forgejo.example.com";
}; };
actions = { actions = {
enable = lib.mkEnableOption "Enables a local Forgejo Actions runner."; enable = lib.mkEnableOption (lib.mdDoc "Enables a local Forgejo Actions runner.");
token = lib.mkOption { token = lib.mkOption {
default = ""; default = "";
type = lib.types.str; type = lib.types.str;

View file

@ -11,7 +11,7 @@ in
{ {
options = { options = {
aux.system.services.home-assistant = { aux.system.services.home-assistant = {
enable = lib.mkEnableOption "Enables Home Assistant."; enable = lib.mkEnableOption (lib.mdDoc "Enables Home Assistant.");
domain = lib.mkOption { domain = lib.mkOption {
default = ""; default = "";
type = lib.types.str; type = lib.types.str;

View file

@ -14,7 +14,7 @@ in
{ {
options = { options = {
aux.system.services.jellyfin = { aux.system.services.jellyfin = {
enable = lib.mkEnableOption "Enables the Jellyfin media streaming service."; enable = lib.mkEnableOption (lib.mdDoc "Enables the Jellyfin media streaming service.");
home = lib.mkOption { home = lib.mkOption {
default = "/var/lib/jellyfin"; default = "/var/lib/jellyfin";
type = lib.types.str; type = lib.types.str;

View file

@ -6,7 +6,8 @@ in
{ {
options = { options = {
aux.system.services.nginx = { aux.system.services.nginx = {
enable = lib.mkEnableOption "Enable the Nginx web server."; autostart = lib.mkEnableOption (lib.mdDoc "Whether to autostart Nginx at boot.");
enable = lib.mkEnableOption (lib.mdDoc "Enable the Nginx web server.");
virtualHosts = lib.mkOption { virtualHosts = lib.mkOption {
default = { }; default = { };
@ -36,5 +37,8 @@ in
443 443
]; ];
}; };
# Disable autostart if configured
systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
}; };
} }

View file

@ -6,7 +6,7 @@ in
{ {
options = { options = {
aux.system.services.ssh = { aux.system.services.ssh = {
enable = lib.mkEnableOption "Enables SSH server."; enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
ports = lib.mkOption { ports = lib.mkOption {
default = [ 22 ]; default = [ 22 ];
type = lib.types.listOf lib.types.int; type = lib.types.listOf lib.types.int;

View file

@ -12,16 +12,16 @@ in
{ {
options = { options = {
aux.system.services.virtualization = { aux.system.services.virtualization = {
enable = lib.mkEnableOption "Enables virtualization tools on this host."; enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host.");
host = { host = {
enable = lib.mkEnableOption "Enables virtual machine hosting."; enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting.");
user = lib.mkOption { user = lib.mkOption {
default = ""; default = "";
type = lib.types.str; type = lib.types.str;
description = "The default user to add as a KVM admin."; description = "The default user to add as a KVM admin.";
}; };
vmBuilds = { vmBuilds = {
enable = lib.mkEnableOption "Enables builds via `nixos-rebuild build-vm` on this host."; enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host.");
cores = lib.mkOption { cores = lib.mkOption {
type = lib.types.int; type = lib.types.int;
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2."; description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";

View file

@ -13,7 +13,7 @@ in
options = { options = {
aux.system.bluetooth = { aux.system.bluetooth = {
enable = lib.mkEnableOption "Enables bluetooth."; enable = lib.mkEnableOption (lib.mdDoc "Enables bluetooth");
}; };
}; };

View file

@ -21,8 +21,8 @@ in
default = true; default = true;
}; };
secureboot.enable = lib.mkEnableOption "Enables Secureboot support (please read the README before enabling!)."; secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support.");
tpm2.enable = lib.mkEnableOption "Enables TPM2 support."; tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support.");
}; };
}; };
@ -34,10 +34,8 @@ in
bootspec.enable = true; bootspec.enable = true;
# Use Lanzaboote in place of systemd-boot. # Use Lanzaboote in place of systemd-boot.
loader = { loader.systemd-boot.enable = false;
systemd-boot.enable = false; loader.efi.canTouchEfiVariables = true;
efi.canTouchEfiVariables = true;
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
@ -48,8 +46,9 @@ in
# Set up TPM if enabled. See https://wiki.nixos.org/wiki/TPM # Set up TPM if enabled. See https://wiki.nixos.org/wiki/TPM
(lib.mkIf (cfg.tpm2.enable) { (lib.mkIf (cfg.tpm2.enable) {
boot.initrd = { boot.initrd = {
# Enable modules and support for TPM auto-unlocking # Enable systemd for TPM auto-unlocking
systemd.enable = true; systemd.enable = true;
availableKernelModules = [ "tpm_crb" ]; availableKernelModules = [ "tpm_crb" ];
kernelModules = [ "tpm_crb" ]; kernelModules = [ "tpm_crb" ];
}; };

View file

@ -9,7 +9,7 @@ in
{ {
options = { options = {
aux.system.filesystem = { aux.system.filesystem = {
enable = lib.mkEnableOption "Enables standard BTRFS subvolumes and parameters."; enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters.");
partitions = { partitions = {
boot = lib.mkOption { boot = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -28,7 +28,7 @@ in
default = true; default = true;
}; };
swapFile = { swapFile = {
enable = lib.mkEnableOption "Enables the creation of a swap file."; enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file.");
size = lib.mkOption { size = lib.mkOption {
type = lib.types.int; type = lib.types.int;
description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes)."; description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes).";

View file

@ -10,7 +10,7 @@ let
in in
{ {
options = { options = {
aux.system.gpu.amd.enable = lib.mkEnableOption "Enables AMD GPU support."; aux.system.gpu.amd.enable = lib.mkEnableOption (lib.mdDoc "Enables AMD GPU support.");
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -10,7 +10,7 @@ let
in in
{ {
options = { options = {
aux.system.gpu.intel.enable = lib.mkEnableOption "Enables Intel GPU support."; aux.system.gpu.intel.enable = lib.mkEnableOption (lib.mdDoc "Enables Intel GPU support.");
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -19,28 +19,26 @@ in
environment.variables.VDPAU_DRIVER = "va_gl"; environment.variables.VDPAU_DRIVER = "va_gl";
hardware.opengl = { hardware.opengl.extraPackages = with pkgs; [
extraPackages = with pkgs; [ (
( if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then vaapiIntel
vaapiIntel else
else intel-vaapi-driver
intel-vaapi-driver )
) libvdpau-va-gl
libvdpau-va-gl intel-media-driver
intel-media-driver ];
];
extraPackages32 = with pkgs.driversi686Linux; [ hardware.opengl.extraPackages32 = with pkgs.driversi686Linux; [
( (
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
vaapiIntel vaapiIntel
else else
intel-vaapi-driver intel-vaapi-driver
) )
libvdpau-va-gl libvdpau-va-gl
intel-media-driver intel-media-driver
]; ];
};
}; };
} }

View file

@ -11,10 +11,12 @@ in
{ {
options = { options = {
aux.system.gpu.nvidia = { aux.system.gpu.nvidia = {
enable = lib.mkEnableOption "Enables Nvidia GPU support."; enable = lib.mkEnableOption (lib.mdDoc "Enables Nvidia GPU support.");
hybrid = { hybrid = {
enable = lib.mkEnableOption "Enables hybrid GPU support."; enable = lib.mkEnableOption (lib.mdDoc "Enables hybrid GPU support.");
sync = lib.mkEnableOption "Enables sync mode for faster performance at the cost of higher battery usage."; sync = lib.mkEnableOption (
lib.mdDoc "Enables sync mode for faster performance at the cost of higher battery usage."
);
busIDs = { busIDs = {
nvidia = lib.mkOption { nvidia = lib.mkOption {
description = "The bus ID for your Nvidia GPU."; description = "The bus ID for your Nvidia GPU.";
@ -55,25 +57,24 @@ in
aux.system.allowUnfree = true; aux.system.allowUnfree = true;
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ]; services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
hardware = { hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau ];
opengl.extraPackages = with pkgs; [ vaapiVdpau ];
nvidia = {
modesetting.enable = true;
nvidiaSettings = config.aux.system.ui.desktops.enable;
package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = lib.mkIf cfg.hybrid.enable {
offload = lib.mkIf (!cfg.hybrid.sync) { hardware.nvidia = {
enable = true; modesetting.enable = true;
enableOffloadCmd = true; # Provides `nvidia-offload` command. nvidiaSettings = config.aux.system.ui.desktops.enable;
}; package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = lib.mkIf cfg.hybrid.enable {
sync.enable = cfg.hybrid.sync; offload = lib.mkIf (!cfg.hybrid.sync) {
enable = true;
nvidiaBusId = cfg.hybrid.busIDs.nvidia; enableOffloadCmd = true; # Provides `nvidia-offload` command.
intelBusId = cfg.hybrid.busIDs.intel;
amdgpuBusId = cfg.hybrid.busIDs.amd;
}; };
sync.enable = cfg.hybrid.sync;
nvidiaBusId = cfg.hybrid.busIDs.nvidia;
intelBusId = cfg.hybrid.busIDs.intel;
amdgpuBusId = cfg.hybrid.busIDs.amd;
}; };
}; };
}; };

View file

@ -12,8 +12,4 @@
nftables.enable = true; nftables.enable = true;
firewall.enable = true; firewall.enable = true;
}; };
# Enable fail2ban by default
# https://github.com/fail2ban/fail2ban
services.fail2ban.enable = true;
} }

View file

@ -11,13 +11,11 @@ let
in in
{ {
options = { options = {
aux.system = { aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install.");
allowUnfree = lib.mkEnableOption "Allow unfree packages to install."; aux.system.retentionPeriod = lib.mkOption {
retentionPeriod = lib.mkOption { description = "How long to retain NixOS generations. Defaults to one month.";
description = "How long to retain NixOS generations. Defaults to one month."; type = lib.types.str;
type = lib.types.str; default = "monthly";
default = "monthly";
};
}; };
}; };
config = { config = {
@ -35,15 +33,15 @@ in
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Only allow these users to use Nix # Only allow these users to use Nix
allowed-users = with config.users.users; [ allowed-users = [
root.name "root"
aires.name config.users.users.aires.name
]; ];
# Avoid signature verification messages when doing remote builds # Avoid signature verification messages when doing remote builds
trusted-users = trusted-users = [
with config.users.users; config.users.users.aires.name
[ aires.name ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ gremlin.name ]; ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ config.users.users.gremlin.name ];
}; };
# Enable periodic nix store optimization # Enable periodic nix store optimization
@ -65,10 +63,10 @@ in
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
# Configure remote build machines # Configure remote build machines
# To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config # To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
buildMachines = [ buildMachines = [
{ {
hostName = "hevana"; hostName = "dimaga";
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"

View file

@ -19,40 +19,6 @@ in
ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb
MAILADDR ${config.secrets.users.aires.email} MAILADDR ${config.secrets.users.aires.email}
''; '';
# Auto-unlock RAID array with a key file
environment.etc."crypttab".text = ''
storage /dev/md/Sapana ${config.secrets.devices.storage.keyFile.path} nofail,keyfile-timeout=5s
'';
fileSystems."/storage" = {
device = "/dev/mapper/storage";
# Keep booting even if the array fails to unlock
options = [
"nofail"
"x-systemd.device-timeout=5s"
];
};
# Automatically scrub the array monthly
systemd = {
services."raid-scrub" = {
description = "Periodically scrub RAID volumes for errors.";
serviceConfig = {
Type = "oneshot";
User = "root";
};
script = "echo check > /sys/block/md127/md/sync_action";
};
timers."raid-scrub" = {
description = "Periodically scrub RAID volumes for errors.";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "monthly";
Persistent = true;
Unit = "raid-scrub.service";
};
};
};
}) })
]; ];
} }

View file

@ -46,7 +46,7 @@ in
environment.systemPackages = cfg.corePackages ++ cfg.packages; environment.systemPackages = cfg.corePackages ++ cfg.packages;
services = { services = {
# Automatically set the timezone based on location # Automatically set the timezone
automatic-timezoned.enable = true; automatic-timezoned.enable = true;
geoclue2.enableDemoAgent = lib.mkForce true; geoclue2.enableDemoAgent = lib.mkForce true;

View file

@ -12,8 +12,10 @@ in
{ {
options = { options = {
aux.system.ui.audio = { aux.system.ui.audio = {
enable = lib.mkEnableOption "Enables audio."; enable = lib.mkEnableOption (lib.mdDoc "Enables audio.");
enableLowLatency = lib.mkEnableOption "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup."; enableLowLatency = lib.mkEnableOption (
lib.mdDoc "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup."
);
}; };
}; };
@ -27,12 +29,10 @@ in
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
# Reduce audio latency per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup # Reduce audio latency per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup
extraConfig.pipewire = lib.mkIf cfg.enableLowLatency { extraConfig.pipewire = lib.mkIf cfg.enableLowLatency {

View file

@ -5,7 +5,9 @@ let
in in
{ {
options = { options = {
aux.system.ui.desktops.budgie.enable = lib.mkEnableOption "Enables the Budgie desktop environment."; aux.system.ui.desktops.budgie.enable = lib.mkEnableOption (
lib.mdDoc "Enables the Budgie desktop environment."
);
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -12,7 +12,7 @@ in
{ {
options = { options = {
aux.system.ui.desktops = { aux.system.ui.desktops = {
enable = lib.mkEnableOption "Enables base desktop environment support."; enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support.");
xkb = lib.mkOption { xkb = lib.mkOption {
description = "The keyboard layout to use by default. Defaults to us."; description = "The keyboard layout to use by default. Defaults to us.";
type = lib.types.attrs; type = lib.types.attrs;

View file

@ -13,8 +13,10 @@ in
options = { options = {
aux.system.ui.desktops.gnome = { aux.system.ui.desktops.gnome = {
enable = lib.mkEnableOption "Enables the Gnome Desktop Environment."; enable = lib.mkEnableOption (lib.mdDoc "Enables the Gnome Desktop Environment.");
tripleBuffering.enable = lib.mkEnableOption "(Experimental) Enables dynamic triple buffering"; tripleBuffering.enable = lib.mkEnableOption (
lib.mdDoc "(Experimental) Enables dynamic triple buffering"
);
}; };
}; };
@ -87,7 +89,7 @@ in
gnomeExtensions.alphabetical-app-grid gnomeExtensions.alphabetical-app-grid
gnomeExtensions.appindicator gnomeExtensions.appindicator
gnomeExtensions.dash-to-panel gnomeExtensions.dash-to-panel
gnomeExtensions.random-wallpaper gnomeExtensions.forge
# Themeing # Themeing
gnome.gnome-themes-extra gnome.gnome-themes-extra
papirus-icon-theme papirus-icon-theme

View file

@ -5,7 +5,9 @@ let
in in
{ {
options = { options = {
aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption "Enables the Hyprland desktop environment."; aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption (
lib.mdDoc "Enables the Hyprland desktop environment."
);
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -12,8 +12,8 @@ in
{ {
options = { options = {
aux.system.ui.desktops.kde = { aux.system.ui.desktops.kde = {
enable = lib.mkEnableOption "Enables the KDE Desktop Environment."; enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment.");
useX11 = lib.mkEnableOption "Uses X11 instead of Wayland."; useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland.");
}; };
}; };

View file

@ -5,7 +5,9 @@ let
in in
{ {
options = { options = {
aux.system.ui.desktops.xfce.enable = lib.mkEnableOption "Enables the XFCE desktop environment."; aux.system.ui.desktops.xfce.enable = lib.mkEnableOption (
lib.mdDoc "Enables the XFCE desktop environment."
);
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {

View file

@ -29,7 +29,9 @@ in
} }
]; ];
}; };
useBindFS = lib.mkEnableOption "Whether to use a BindFS mount to support custom themes and cursors. May cause performance issues."; useBindFS = lib.mkEnableOption {
description = "Whether to use a BindFS mount to support custom themes and cursors. May cause performance issues.";
};
}; };
}; };

View file

@ -18,10 +18,10 @@ in
services.syncthing = { services.syncthing = {
enable = lib.mkEnableOption "Enables Syncthing"; enable = lib.mkEnableOption "Enables Syncthing";
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application"; enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
home = lib.mkOption { autostart = lib.mkOption {
default = "${config.users.users.aires.home}/.config/syncthing"; default = true;
type = lib.types.str; type = lib.types.bool;
description = "Where to store Syncthing's configuration files"; description = "Whether to auto-start Syncthing on boot";
}; };
}; };
}; };
@ -62,6 +62,16 @@ in
username = "aires"; username = "aires";
homeDirectory = "/home/aires"; homeDirectory = "/home/aires";
# Install extra packages, specifically gnome extensions
packages = lib.mkIf config.aux.system.ui.desktops.gnome.enable [
pkgs.gnomeExtensions.wallpaper-slideshow
];
# Set environment variables
sessionVariables = {
KUBECONFIG = "/home/aires/.kube/config";
};
# Create .face file # Create .face file
file.".face".source = ./face.png; file.".face".source = ./face.png;
}; };
@ -104,6 +114,19 @@ in
loginExtra = "fastfetch"; loginExtra = "fastfetch";
}; };
}; };
# Gnome settings specific to aires on Shura
/*
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
"org/gnome/desktop/interface" = {
# Increase font scaling;
text-scaling-factor = 1.3;
# Dark mode
color-scheme = "prefer-dark";
};
};
*/
}; };
} }
@ -135,12 +158,15 @@ in
enable = true; enable = true;
extraOptions = [ extraOptions = [
"--gui-address=0.0.0.0:8080" "--gui-address=0.0.0.0:8080"
"--home=${cfg.services.syncthing.home}" "--home=${config.users.users.aires.home}/.config/syncthing"
"--no-default-folder" "--no-default-folder"
]; ];
}; };
systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home; # Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
wantedBy = lib.mkForce { };
};
}; };
}) })
] ]

View file

@ -17,10 +17,10 @@ in
services.syncthing = { services.syncthing = {
enable = lib.mkEnableOption "Enables Syncthing"; enable = lib.mkEnableOption "Enables Syncthing";
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application"; enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
home = lib.mkOption { autostart = lib.mkOption {
default = "${config.users.users.gremlin.home}/.config/syncthing"; default = true;
type = lib.types.str; type = lib.types.bool;
description = "Where to store Syncthing's configuration files"; description = "Whether to auto-start Syncthing on boot";
}; };
}; };
}; };
@ -126,12 +126,15 @@ in
enable = true; enable = true;
extraOptions = [ extraOptions = [
"--gui-address=0.0.0.0:8081" "--gui-address=0.0.0.0:8081"
"--home=${cfg.services.syncthing.home}" "--home=${config.users.users.gremlin.home}/.config/syncthing"
"--no-default-folder" "--no-default-folder"
]; ];
}; };
systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home; # Override the default Syncthing settings so it doesn't start on boot
systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
wantedBy = lib.mkForce { };
};
}; };
}) })
]; ];

View file

@ -13,18 +13,16 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users = { users.groups."media" = {
users.media = { gid = 1001;
isNormalUser = false; };
isSystemUser = true;
description = "Media manager";
uid = 1001;
group = "media";
};
groups."media" = { users.users.media = {
gid = 1001; isNormalUser = false;
}; isSystemUser = true;
description = "Media manager";
uid = 1001;
group = "media";
}; };
}; };
} }

@ -1 +1 @@
Subproject commit 2e559fbe36dc49c3ea63cc9856b899eb9269950f Subproject commit 25576ffa753b96e2289380feb81d3ed82e00cbc7