Compare commits
2 commits
6ab9a35136
...
38c0c493f2
Author | SHA1 | Date | |
---|---|---|---|
Aires | 38c0c493f2 | ||
Aires | 86f7864f8f |
14
flake.lock
14
flake.lock
|
@ -297,11 +297,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1725407940,
|
||||
"narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
|
||||
"lastModified": 1725693463,
|
||||
"narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
|
||||
"rev": "68e7dce0a6532e876980764167ad158174402c6f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -378,11 +378,11 @@
|
|||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1725641701,
|
||||
"narHash": "sha256-bTnYSs06iwnS6a1jYLpwjwVpFcP/iDs/6q5gnFcO+sQ=",
|
||||
"lastModified": 1725813930,
|
||||
"narHash": "sha256-UxqJm3MlHVrPofm/4Z1dR9Xpo49Xc0HGQ/Mg/bQ5oqI=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "25576ffa753b96e2289380feb81d3ed82e00cbc7",
|
||||
"revCount": 68,
|
||||
"rev": "2e559fbe36dc49c3ea63cc9856b899eb9269950f",
|
||||
"revCount": 69,
|
||||
"type": "git",
|
||||
"url": "file:./secrets"
|
||||
},
|
||||
|
|
|
@ -36,10 +36,6 @@ in
|
|||
networking.hostName = hostName;
|
||||
|
||||
###*** Configure your system below this line. ***###
|
||||
# Set your time zone.
|
||||
# To see all available timezones, run `timedatectl list-timezones`.
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
# Build Nix packages for other hosts.
|
||||
# Runs every day at 4 AM
|
||||
systemd = {
|
||||
|
@ -174,7 +170,6 @@ in
|
|||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
virtualHosts = {
|
||||
"${config.secrets.networking.domains.primary}" = {
|
||||
default = true;
|
||||
|
@ -223,7 +218,7 @@ in
|
|||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
home = "${services-root}/syncthing/aires";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,8 +7,6 @@ let
|
|||
|
||||
# Where to store service files
|
||||
services-root = "/storage/services";
|
||||
# Script to start services
|
||||
start-services = pkgs.writeShellScriptBin "start-services" (builtins.readFile ./start-services.sh);
|
||||
|
||||
# Credentials for interacting with the Namecheap API
|
||||
namecheapCredentials = {
|
||||
|
@ -37,10 +35,6 @@ in
|
|||
networking.hostName = hostName;
|
||||
|
||||
###*** Configure your system below this line. ***###
|
||||
# Set your time zone.
|
||||
# To see all available timezones, run `timedatectl list-timezones`.
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
# Build Nix packages for other hosts.
|
||||
# Runs every day at 4 AM
|
||||
systemd = {
|
||||
|
@ -87,8 +81,6 @@ in
|
|||
# Enable GPU support.
|
||||
gpu.amd.enable = true;
|
||||
|
||||
packages = [ start-services ];
|
||||
|
||||
# Enable support for primary RAID array
|
||||
raid.storage.enable = true;
|
||||
|
||||
|
@ -171,7 +163,6 @@ in
|
|||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
virtualHosts = {
|
||||
"${config.secrets.networking.domains.primary}" = {
|
||||
default = true;
|
||||
|
@ -217,7 +208,7 @@ in
|
|||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
autostart = false;
|
||||
home = "${services-root}/syncthing/aires";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -41,23 +41,4 @@ in
|
|||
size = 16384;
|
||||
};
|
||||
};
|
||||
|
||||
# Automatically scrub the RAID array monthly
|
||||
systemd.services."raid-scrub" = {
|
||||
description = "Periodically scrub RAID volumes for errors.";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
script = "echo check > /sys/block/md127/md/sync_action";
|
||||
};
|
||||
systemd.timers."raid-scrub" = {
|
||||
description = "Periodically scrub RAID volumes for errors.";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "monthly";
|
||||
Persistent = true;
|
||||
Unit = "raid-scrub.service";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
#!/bin/sh
|
||||
# Script to unlock the /storage partition and start up services that depend on it.
|
||||
|
||||
# check if the current user is root
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script must be run as root" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Unlock and mount storage directory if we haven't already
|
||||
if [ -e "/dev/mapper/storage" ]; then
|
||||
echo "Storage partition already mounted."
|
||||
else
|
||||
echo "Unlocking storage partition..."
|
||||
cryptsetup luksOpen /dev/md/Sapana storage
|
||||
mount /dev/mapper/storage /storage
|
||||
echo "Storage partition mounted."
|
||||
fi
|
||||
|
||||
echo "Starting services..."
|
||||
systemctl restart deluged.service delugeweb.service duplicacy-web.service forgejo.service jellyfin.service
|
||||
systemctl --machine aires@.host --user start syncthing.service
|
||||
systemctl restart nginx.service
|
||||
echo "Services started. $(hostname) is ready to go!"
|
||||
|
||||
exit 0
|
|
@ -12,10 +12,6 @@ in
|
|||
networking.hostName = hostName;
|
||||
|
||||
###*** Configure your system below this line. ***###
|
||||
# Set your time zone.
|
||||
# To see all available timezones, run `timedatectl list-timezones`.
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
# Configure the system.
|
||||
aux.system = {
|
||||
# Enable to allow unfree (e.g. closed source) packages.
|
||||
|
@ -80,12 +76,7 @@ in
|
|||
|
||||
users.aires = {
|
||||
enable = true;
|
||||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
autostart = true;
|
||||
};
|
||||
};
|
||||
services.syncthing.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -12,7 +12,17 @@ in
|
|||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
system.stateVersion = stateVersion;
|
||||
networking.hostName = hostName;
|
||||
networking = {
|
||||
hostName = hostName;
|
||||
|
||||
# Connect to the network automagically
|
||||
networkmanager.enable = lib.mkForce false;
|
||||
wireless.networks = {
|
||||
"${config.secrets.networking.networks.home.SSID}" = {
|
||||
psk = "${config.secrets.networking.networks.home.password}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
aux.system = {
|
||||
bootloader.enable = false; # Bootloader configured in hardware-configuration.nix
|
||||
|
@ -30,16 +40,4 @@ in
|
|||
};
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
time.timeZone = "America/New_York";
|
||||
|
||||
# Connect to the network automagically
|
||||
networking = {
|
||||
networkmanager.enable = lib.mkForce false;
|
||||
wireless.networks = {
|
||||
"${config.secrets.networking.networks.home.SSID}" = {
|
||||
psk = "${config.secrets.networking.networks.home.password}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@ in
|
|||
enable = true;
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
autostart = true;
|
||||
home = "/home/aires/.config/syncthing";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.apps.writing.enable = lib.mkEnableOption (lib.mdDoc "Enables writing and editing tools");
|
||||
aux.system.apps.writing.enable = lib.mkEnableOption "Enables writing and editing tools";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -8,19 +8,12 @@
|
|||
|
||||
{
|
||||
config = {
|
||||
# Install ZSH for all users
|
||||
programs.zsh.enable = true;
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
|
||||
aux.system = {
|
||||
packages = with pkgs; [
|
||||
# Install base packages
|
||||
aux.system.packages = with pkgs; [
|
||||
fastfetch # Show a neat system statistics screen when opening a terminal
|
||||
htop
|
||||
mdadm # RAID management
|
||||
nh # Nix Helper: https://github.com/viperML/nh
|
||||
htop # System monitor
|
||||
zellij # Terminal multiplexer
|
||||
];
|
||||
};
|
||||
|
||||
# Allow packages from the unstable repo by using 'pkgs.unstable'
|
||||
nixpkgs.overlays = [
|
||||
|
@ -33,14 +26,17 @@
|
|||
];
|
||||
|
||||
programs = {
|
||||
# Install ZSH for all users
|
||||
zsh.enable = true;
|
||||
|
||||
# Enable NH, an alternative nixos-rebuild frontend.
|
||||
# https://github.com/viperML/nh
|
||||
nh = {
|
||||
enable = true;
|
||||
flake = "${config.secrets.nixConfigFolder}";
|
||||
};
|
||||
# Do some additional Nano configuration
|
||||
# Configure nano
|
||||
nano.nanorc = ''
|
||||
set linenumbers
|
||||
set tabsize 4
|
||||
set softwrap
|
||||
set autoindent
|
||||
|
@ -48,6 +44,7 @@
|
|||
'';
|
||||
};
|
||||
|
||||
services.fail2ban.enable = true;
|
||||
# Set ZSH as the default shell
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.myModule = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables this example module.");
|
||||
enable = lib.mkEnableOption "Enables this example module.";
|
||||
attributes = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.attrs;
|
||||
|
|
|
@ -6,9 +6,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.acme = {
|
||||
enable = lib.mkEnableOption (
|
||||
lib.mdDoc "Enable the ACME client (for Let's Encrypt TLS certificates)."
|
||||
);
|
||||
enable = lib.mkEnableOption "Enable the ACME client (for Let's Encrypt TLS certificates).";
|
||||
certs = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.attrs;
|
||||
|
|
|
@ -10,7 +10,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.airsonic = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Airsonic Advanced media streaming service.");
|
||||
enable = lib.mkEnableOption "Enables Airsonic Advanced media streaming service.";
|
||||
home = lib.mkOption {
|
||||
default = "/var/lib/airsonic";
|
||||
type = lib.types.str;
|
||||
|
|
|
@ -7,7 +7,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.autoUpgrade = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables automatic system updates.");
|
||||
enable = lib.mkEnableOption "Enables automatic system updates.";
|
||||
branches = lib.mkOption {
|
||||
type = lib.types.attrs;
|
||||
description = "Which local and remote branches to compare.";
|
||||
|
@ -31,9 +31,7 @@ in
|
|||
type = lib.types.bool;
|
||||
description = "If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is useful to catch up on missed runs of the service when the system was powered down.";
|
||||
};
|
||||
pushUpdates = lib.mkEnableOption (
|
||||
lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
|
||||
);
|
||||
pushUpdates = lib.mkEnableOption "Updates the flake.lock file and pushes it back to the repo.";
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The user who owns the configDir.";
|
||||
|
|
|
@ -10,9 +10,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.services.boinc.enable = lib.mkEnableOption (
|
||||
lib.mdDoc "Enables BOINC distributed computing service."
|
||||
);
|
||||
aux.system.services.boinc.enable = lib.mkEnableOption "Enables BOINC distributed computing service.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -24,7 +24,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.forgejo = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service.");
|
||||
enable = lib.mkEnableOption "Enables Forgejo Git hosting service.";
|
||||
domain = lib.mkOption {
|
||||
default = "/var/lib/forgejo";
|
||||
type = lib.types.str;
|
||||
|
@ -44,7 +44,7 @@ in
|
|||
example = "https://forgejo.example.com";
|
||||
};
|
||||
actions = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables a local Forgejo Actions runner.");
|
||||
enable = lib.mkEnableOption "Enables a local Forgejo Actions runner.";
|
||||
token = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.home-assistant = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Home Assistant.");
|
||||
enable = lib.mkEnableOption "Enables Home Assistant.";
|
||||
domain = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
|
|
|
@ -14,7 +14,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.jellyfin = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the Jellyfin media streaming service.");
|
||||
enable = lib.mkEnableOption "Enables the Jellyfin media streaming service.";
|
||||
home = lib.mkOption {
|
||||
default = "/var/lib/jellyfin";
|
||||
type = lib.types.str;
|
||||
|
|
|
@ -6,8 +6,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.nginx = {
|
||||
autostart = lib.mkEnableOption (lib.mdDoc "Whether to autostart Nginx at boot.");
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enable the Nginx web server.");
|
||||
enable = lib.mkEnableOption "Enable the Nginx web server.";
|
||||
|
||||
virtualHosts = lib.mkOption {
|
||||
default = { };
|
||||
|
@ -37,8 +36,5 @@ in
|
|||
443
|
||||
];
|
||||
};
|
||||
|
||||
# Disable autostart if configured
|
||||
systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.ssh = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables SSH server.");
|
||||
enable = lib.mkEnableOption "Enables SSH server.";
|
||||
ports = lib.mkOption {
|
||||
default = [ 22 ];
|
||||
type = lib.types.listOf lib.types.int;
|
||||
|
|
|
@ -12,16 +12,16 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.services.virtualization = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtualization tools on this host.");
|
||||
enable = lib.mkEnableOption "Enables virtualization tools on this host.";
|
||||
host = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables virtual machine hosting.");
|
||||
enable = lib.mkEnableOption "Enables virtual machine hosting.";
|
||||
user = lib.mkOption {
|
||||
default = "";
|
||||
type = lib.types.str;
|
||||
description = "The default user to add as a KVM admin.";
|
||||
};
|
||||
vmBuilds = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables builds via `nixos-rebuild build-vm` on this host.");
|
||||
enable = lib.mkEnableOption "Enables builds via `nixos-rebuild build-vm` on this host.";
|
||||
cores = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = "How many cores to assign to `nixos-rebuild build-vm` builds. Defaults to 2.";
|
||||
|
|
|
@ -13,7 +13,7 @@ in
|
|||
|
||||
options = {
|
||||
aux.system.bluetooth = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables bluetooth");
|
||||
enable = lib.mkEnableOption "Enables bluetooth.";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -21,8 +21,8 @@ in
|
|||
default = true;
|
||||
};
|
||||
|
||||
secureboot.enable = lib.mkEnableOption (lib.mdDoc "Enables Secureboot support.");
|
||||
tpm2.enable = lib.mkEnableOption (lib.mdDoc "Enables TPM2 support.");
|
||||
secureboot.enable = lib.mkEnableOption "Enables Secureboot support (please read the README before enabling!).";
|
||||
tpm2.enable = lib.mkEnableOption "Enables TPM2 support.";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -34,8 +34,10 @@ in
|
|||
bootspec.enable = true;
|
||||
|
||||
# Use Lanzaboote in place of systemd-boot.
|
||||
loader.systemd-boot.enable = false;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
loader = {
|
||||
systemd-boot.enable = false;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
|
@ -46,9 +48,8 @@ in
|
|||
# Set up TPM if enabled. See https://wiki.nixos.org/wiki/TPM
|
||||
(lib.mkIf (cfg.tpm2.enable) {
|
||||
boot.initrd = {
|
||||
# Enable systemd for TPM auto-unlocking
|
||||
# Enable modules and support for TPM auto-unlocking
|
||||
systemd.enable = true;
|
||||
|
||||
availableKernelModules = [ "tpm_crb" ];
|
||||
kernelModules = [ "tpm_crb" ];
|
||||
};
|
||||
|
|
|
@ -9,7 +9,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.filesystem = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables standard BTRFS subvolumes and parameters.");
|
||||
enable = lib.mkEnableOption "Enables standard BTRFS subvolumes and parameters.";
|
||||
partitions = {
|
||||
boot = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
|
@ -28,7 +28,7 @@ in
|
|||
default = true;
|
||||
};
|
||||
swapFile = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the creation of a swap file.");
|
||||
enable = lib.mkEnableOption "Enables the creation of a swap file.";
|
||||
size = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = "The size of the swap file to create in MB (defaults to 8192, or ~8 gigabytes).";
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.gpu.amd.enable = lib.mkEnableOption (lib.mdDoc "Enables AMD GPU support.");
|
||||
aux.system.gpu.amd.enable = lib.mkEnableOption "Enables AMD GPU support.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.gpu.intel.enable = lib.mkEnableOption (lib.mdDoc "Enables Intel GPU support.");
|
||||
aux.system.gpu.intel.enable = lib.mkEnableOption "Enables Intel GPU support.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -19,7 +19,8 @@ in
|
|||
|
||||
environment.variables.VDPAU_DRIVER = "va_gl";
|
||||
|
||||
hardware.opengl.extraPackages = with pkgs; [
|
||||
hardware.opengl = {
|
||||
extraPackages = with pkgs; [
|
||||
(
|
||||
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
|
||||
vaapiIntel
|
||||
|
@ -30,7 +31,7 @@ in
|
|||
intel-media-driver
|
||||
];
|
||||
|
||||
hardware.opengl.extraPackages32 = with pkgs.driversi686Linux; [
|
||||
extraPackages32 = with pkgs.driversi686Linux; [
|
||||
(
|
||||
if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then
|
||||
vaapiIntel
|
||||
|
@ -41,4 +42,5 @@ in
|
|||
intel-media-driver
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,12 +11,10 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.gpu.nvidia = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables Nvidia GPU support.");
|
||||
enable = lib.mkEnableOption "Enables Nvidia GPU support.";
|
||||
hybrid = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables hybrid GPU support.");
|
||||
sync = lib.mkEnableOption (
|
||||
lib.mdDoc "Enables sync mode for faster performance at the cost of higher battery usage."
|
||||
);
|
||||
enable = lib.mkEnableOption "Enables hybrid GPU support.";
|
||||
sync = lib.mkEnableOption "Enables sync mode for faster performance at the cost of higher battery usage.";
|
||||
busIDs = {
|
||||
nvidia = lib.mkOption {
|
||||
description = "The bus ID for your Nvidia GPU.";
|
||||
|
@ -57,9 +55,9 @@ in
|
|||
aux.system.allowUnfree = true;
|
||||
|
||||
services.xserver.videoDrivers = lib.mkDefault [ "nvidia" ];
|
||||
hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau ];
|
||||
|
||||
hardware.nvidia = {
|
||||
hardware = {
|
||||
opengl.extraPackages = with pkgs; [ vaapiVdpau ];
|
||||
nvidia = {
|
||||
modesetting.enable = true;
|
||||
nvidiaSettings = config.aux.system.ui.desktops.enable;
|
||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||
|
@ -78,4 +76,5 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -12,4 +12,8 @@
|
|||
nftables.enable = true;
|
||||
firewall.enable = true;
|
||||
};
|
||||
|
||||
# Enable fail2ban by default
|
||||
# https://github.com/fail2ban/fail2ban
|
||||
services.fail2ban.enable = true;
|
||||
}
|
||||
|
|
|
@ -11,13 +11,15 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install.");
|
||||
aux.system.retentionPeriod = lib.mkOption {
|
||||
aux.system = {
|
||||
allowUnfree = lib.mkEnableOption "Allow unfree packages to install.";
|
||||
retentionPeriod = lib.mkOption {
|
||||
description = "How long to retain NixOS generations. Defaults to one month.";
|
||||
type = lib.types.str;
|
||||
default = "monthly";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
nixpkgs.config.allowUnfree = cfg.allowUnfree;
|
||||
nix = {
|
||||
|
@ -33,15 +35,15 @@ in
|
|||
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
|
||||
|
||||
# Only allow these users to use Nix
|
||||
allowed-users = [
|
||||
"root"
|
||||
config.users.users.aires.name
|
||||
allowed-users = with config.users.users; [
|
||||
root.name
|
||||
aires.name
|
||||
];
|
||||
|
||||
# Avoid signature verification messages when doing remote builds
|
||||
trusted-users = [
|
||||
config.users.users.aires.name
|
||||
] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ config.users.users.gremlin.name ];
|
||||
trusted-users =
|
||||
with config.users.users;
|
||||
[ aires.name ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ gremlin.name ];
|
||||
};
|
||||
|
||||
# Enable periodic nix store optimization
|
||||
|
@ -63,10 +65,10 @@ in
|
|||
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||||
|
||||
# Configure remote build machines
|
||||
# To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
|
||||
# To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
|
||||
buildMachines = [
|
||||
{
|
||||
hostName = "dimaga";
|
||||
hostName = "hevana";
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
|
|
|
@ -19,6 +19,40 @@ in
|
|||
ARRAY /dev/md/Sapana metadata=1.2 UUID=51076daf:efdb34dd:bce48342:3b549fcb
|
||||
MAILADDR ${config.secrets.users.aires.email}
|
||||
'';
|
||||
|
||||
# Auto-unlock RAID array with a key file
|
||||
environment.etc."crypttab".text = ''
|
||||
storage /dev/md/Sapana ${config.secrets.devices.storage.keyFile.path} nofail,keyfile-timeout=5s
|
||||
'';
|
||||
fileSystems."/storage" = {
|
||||
device = "/dev/mapper/storage";
|
||||
# Keep booting even if the array fails to unlock
|
||||
options = [
|
||||
"nofail"
|
||||
"x-systemd.device-timeout=5s"
|
||||
];
|
||||
};
|
||||
|
||||
# Automatically scrub the array monthly
|
||||
systemd = {
|
||||
services."raid-scrub" = {
|
||||
description = "Periodically scrub RAID volumes for errors.";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
script = "echo check > /sys/block/md127/md/sync_action";
|
||||
};
|
||||
timers."raid-scrub" = {
|
||||
description = "Periodically scrub RAID volumes for errors.";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "monthly";
|
||||
Persistent = true;
|
||||
Unit = "raid-scrub.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
@ -46,7 +46,7 @@ in
|
|||
environment.systemPackages = cfg.corePackages ++ cfg.packages;
|
||||
|
||||
services = {
|
||||
# Automatically set the timezone
|
||||
# Automatically set the timezone based on location
|
||||
automatic-timezoned.enable = true;
|
||||
geoclue2.enableDemoAgent = lib.mkForce true;
|
||||
|
||||
|
|
|
@ -12,10 +12,8 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.ui.audio = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables audio.");
|
||||
enableLowLatency = lib.mkEnableOption (
|
||||
lib.mdDoc "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup."
|
||||
);
|
||||
enable = lib.mkEnableOption "Enables audio.";
|
||||
enableLowLatency = lib.mkEnableOption "Enables low-latency audio (may cause crackling) per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup.";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -29,10 +27,12 @@ in
|
|||
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
alsa = {
|
||||
enable = true;
|
||||
support32Bit = true;
|
||||
};
|
||||
|
||||
# Reduce audio latency per https://wiki.nixos.org/wiki/PipeWire#Low-latency_setup
|
||||
extraConfig.pipewire = lib.mkIf cfg.enableLowLatency {
|
||||
|
|
|
@ -5,9 +5,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.ui.desktops.budgie.enable = lib.mkEnableOption (
|
||||
lib.mdDoc "Enables the Budgie desktop environment."
|
||||
);
|
||||
aux.system.ui.desktops.budgie.enable = lib.mkEnableOption "Enables the Budgie desktop environment.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -12,7 +12,7 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.ui.desktops = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables base desktop environment support.");
|
||||
enable = lib.mkEnableOption "Enables base desktop environment support.";
|
||||
xkb = lib.mkOption {
|
||||
description = "The keyboard layout to use by default. Defaults to us.";
|
||||
type = lib.types.attrs;
|
||||
|
|
|
@ -13,10 +13,8 @@ in
|
|||
|
||||
options = {
|
||||
aux.system.ui.desktops.gnome = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the Gnome Desktop Environment.");
|
||||
tripleBuffering.enable = lib.mkEnableOption (
|
||||
lib.mdDoc "(Experimental) Enables dynamic triple buffering"
|
||||
);
|
||||
enable = lib.mkEnableOption "Enables the Gnome Desktop Environment.";
|
||||
tripleBuffering.enable = lib.mkEnableOption "(Experimental) Enables dynamic triple buffering";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -89,7 +87,7 @@ in
|
|||
gnomeExtensions.alphabetical-app-grid
|
||||
gnomeExtensions.appindicator
|
||||
gnomeExtensions.dash-to-panel
|
||||
gnomeExtensions.forge
|
||||
gnomeExtensions.random-wallpaper
|
||||
# Themeing
|
||||
gnome.gnome-themes-extra
|
||||
papirus-icon-theme
|
||||
|
|
|
@ -5,9 +5,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption (
|
||||
lib.mdDoc "Enables the Hyprland desktop environment."
|
||||
);
|
||||
aux.system.ui.desktops.hyprland.enable = lib.mkEnableOption "Enables the Hyprland desktop environment.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -12,8 +12,8 @@ in
|
|||
{
|
||||
options = {
|
||||
aux.system.ui.desktops.kde = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Enables the KDE Desktop Environment.");
|
||||
useX11 = lib.mkEnableOption (lib.mdDoc "Uses X11 instead of Wayland.");
|
||||
enable = lib.mkEnableOption "Enables the KDE Desktop Environment.";
|
||||
useX11 = lib.mkEnableOption "Uses X11 instead of Wayland.";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -5,9 +5,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
aux.system.ui.desktops.xfce.enable = lib.mkEnableOption (
|
||||
lib.mdDoc "Enables the XFCE desktop environment."
|
||||
);
|
||||
aux.system.ui.desktops.xfce.enable = lib.mkEnableOption "Enables the XFCE desktop environment.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -29,9 +29,7 @@ in
|
|||
}
|
||||
];
|
||||
};
|
||||
useBindFS = lib.mkEnableOption {
|
||||
description = "Whether to use a BindFS mount to support custom themes and cursors. May cause performance issues.";
|
||||
};
|
||||
useBindFS = lib.mkEnableOption "Whether to use a BindFS mount to support custom themes and cursors. May cause performance issues.";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -18,10 +18,10 @@ in
|
|||
services.syncthing = {
|
||||
enable = lib.mkEnableOption "Enables Syncthing";
|
||||
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
|
||||
autostart = lib.mkOption {
|
||||
default = true;
|
||||
type = lib.types.bool;
|
||||
description = "Whether to auto-start Syncthing on boot";
|
||||
home = lib.mkOption {
|
||||
default = "${config.users.users.aires.home}/.config/syncthing";
|
||||
type = lib.types.str;
|
||||
description = "Where to store Syncthing's configuration files";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -62,16 +62,6 @@ in
|
|||
username = "aires";
|
||||
homeDirectory = "/home/aires";
|
||||
|
||||
# Install extra packages, specifically gnome extensions
|
||||
packages = lib.mkIf config.aux.system.ui.desktops.gnome.enable [
|
||||
pkgs.gnomeExtensions.wallpaper-slideshow
|
||||
];
|
||||
|
||||
# Set environment variables
|
||||
sessionVariables = {
|
||||
KUBECONFIG = "/home/aires/.kube/config";
|
||||
};
|
||||
|
||||
# Create .face file
|
||||
file.".face".source = ./face.png;
|
||||
};
|
||||
|
@ -114,19 +104,6 @@ in
|
|||
loginExtra = "fastfetch";
|
||||
};
|
||||
};
|
||||
|
||||
# Gnome settings specific to aires on Shura
|
||||
/*
|
||||
dconf.settings = lib.mkIf (config.networking.hostName == "Shura") {
|
||||
"org/gnome/desktop/interface" = {
|
||||
# Increase font scaling;
|
||||
text-scaling-factor = 1.3;
|
||||
|
||||
# Dark mode
|
||||
color-scheme = "prefer-dark";
|
||||
};
|
||||
};
|
||||
*/
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -158,15 +135,12 @@ in
|
|||
enable = true;
|
||||
extraOptions = [
|
||||
"--gui-address=0.0.0.0:8080"
|
||||
"--home=${config.users.users.aires.home}/.config/syncthing"
|
||||
"--home=${cfg.services.syncthing.home}"
|
||||
"--no-default-folder"
|
||||
];
|
||||
};
|
||||
|
||||
# Override the default Syncthing settings so it doesn't start on boot
|
||||
systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
|
||||
wantedBy = lib.mkForce { };
|
||||
};
|
||||
systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home;
|
||||
};
|
||||
})
|
||||
]
|
||||
|
|
|
@ -17,10 +17,10 @@ in
|
|||
services.syncthing = {
|
||||
enable = lib.mkEnableOption "Enables Syncthing";
|
||||
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
|
||||
autostart = lib.mkOption {
|
||||
default = true;
|
||||
type = lib.types.bool;
|
||||
description = "Whether to auto-start Syncthing on boot";
|
||||
home = lib.mkOption {
|
||||
default = "${config.users.users.gremlin.home}/.config/syncthing";
|
||||
type = lib.types.str;
|
||||
description = "Where to store Syncthing's configuration files";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -126,15 +126,12 @@ in
|
|||
enable = true;
|
||||
extraOptions = [
|
||||
"--gui-address=0.0.0.0:8081"
|
||||
"--home=${config.users.users.gremlin.home}/.config/syncthing"
|
||||
"--home=${cfg.services.syncthing.home}"
|
||||
"--no-default-folder"
|
||||
];
|
||||
};
|
||||
|
||||
# Override the default Syncthing settings so it doesn't start on boot
|
||||
systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
|
||||
wantedBy = lib.mkForce { };
|
||||
};
|
||||
systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home;
|
||||
};
|
||||
})
|
||||
];
|
||||
|
|
|
@ -13,16 +13,18 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.groups."media" = {
|
||||
gid = 1001;
|
||||
};
|
||||
|
||||
users.users.media = {
|
||||
users = {
|
||||
users.media = {
|
||||
isNormalUser = false;
|
||||
isSystemUser = true;
|
||||
description = "Media manager";
|
||||
uid = 1001;
|
||||
group = "media";
|
||||
};
|
||||
|
||||
groups."media" = {
|
||||
gid = 1001;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
|||
Subproject commit 25576ffa753b96e2289380feb81d3ed82e00cbc7
|
||||
Subproject commit 2e559fbe36dc49c3ea63cc9856b899eb9269950f
|
Loading…
Reference in a new issue