alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reformatted with nixfmt

Browse source
This commit is contained in:
alejandro-angulo 2025-03-31 22:34:25 -07:00
parent f51256c3ae
commit 3f16537322
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
80 changed files with 1454 additions and 992 deletions
Download patch file Download diff file Expand all files Collapse all files

90
flake.nix
View file

@ -35,7 +35,8 @@
powerlevel10k.flake = false;
};
outputs = inputs:
outputs =
inputs:
inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
@ -51,7 +52,7 @@
home-manager.nixosModules.home-manager
];
homes.modules = with inputs; [catppuccin.homeManagerModules.catppuccin];
homes.modules = with inputs; [ catppuccin.homeManagerModules.catppuccin ];
deploy.nodes = {
node = {
@ -60,7 +61,7 @@
user = "root";
sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node;
sshOpts = ["-A"];
sshOpts = [ "-A" ];
};
};
@ -70,56 +71,59 @@
user = "root";
sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.git;
sshOpts = ["-A"];
sshOpts = [ "-A" ];
};
};
pi4 = let
system = "aarch64-linux";
pkgs = import inputs.nixpkgs {inherit system;};
deployPkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.deploy-rs.overlay
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = inputs.deploy-rs.lib;
};
})
];
pi4 =
let
system = "aarch64-linux";
pkgs = import inputs.nixpkgs { inherit system; };
deployPkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.deploy-rs.overlay
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = inputs.deploy-rs.lib;
};
})
];
};
in
{
hostname = "pi4";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
# Usually deploy from an x86_64 machine and don't want to bother
# trying to build an aarch64 derivation
remoteBuild = true;
};
};
in {
hostname = "pi4";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
# Usually deploy from an x86_64 machine and don't want to bother
# trying to build an aarch64 derivation
remoteBuild = true;
};
};
};
# TODO: Re-enable this when I figure out how to prevent needing to build
# dependencies for architectures other than the host machine
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
hydraJobs = let
systems_to_build = [
"gospel"
"node"
"carbon"
];
in {
# Only have a builder for x86_64-linux atm
packages = inputs.self.packages.x86_64-linux;
hydraJobs =
let
systems_to_build = [
"gospel"
"node"
"carbon"
];
in
{
# Only have a builder for x86_64-linux atm
packages = inputs.self.packages.x86_64-linux;
systems = inputs.nixpkgs.lib.attrsets.genAttrs systems_to_build (
name:
inputs.self.nixosConfigurations."${name}".config.system.build.toplevel
);
};
systems = inputs.nixpkgs.lib.attrsets.genAttrs systems_to_build (
name: inputs.self.nixosConfigurations."${name}".config.system.build.toplevel
);
};
};
}

3
homes/aarch64-linux/alejandro@pi4/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
aa = {
apps = {
bat.enable = true;

3
homes/x86_64-linux/alejandro@git/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
aa = {
installDefaults = false;

3
homes/x86_64-linux/alejandro@gospel/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
aa.isHeadless = false;
services.spotifyd = {
enable = true;

3
homes/x86_64-linux/alejandro@minimal/default.nix
View file

@ -1,3 +1,4 @@
{...}: {
{ ... }:
{
aa.installDefaults = false;
}

3
homes/x86_64-linux/alejandro@node/default.nix
View file

@ -1,2 +1,3 @@
{...}: {
{ ... }:
{
}

6
modules/home/apps/bat/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.apps.bat;
in {
in
{
options.${namespace}.apps.bat = {
enable = mkEnableOption "bat";
};

6
modules/home/apps/btop/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.apps.btop;
in {
in
{
options.${namespace}.apps.btop = {
enable = mkEnableOption "btop";
};

10
modules/home/apps/tmux/default.nix
View file

@ -4,7 +4,8 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption;
inherit (pkgs) tmuxPlugins;
@ -20,13 +21,14 @@
}
];
};
in {
in
{
options.${namespace}.apps.tmux = {
enable = mkEnableOption "tmux";
};
config = lib.mkIf cfg.enable {
home.packages = [pkgs.tmux-sessionizer];
home.packages = [ pkgs.tmux-sessionizer ];
catppuccin.tmux = {
enable = true;
@ -102,6 +104,6 @@ in {
'';
};
xdg.configFile."tms/config.toml".source = (pkgs.formats.toml {}).generate "tms-config" tmsConfig;
xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig;
};
}

14
modules/home/fonts/default.nix
View file

@ -4,9 +4,11 @@
pkgs,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.fonts;
in {
in
{
options.${namespace}.fonts = {
enable = lib.mkEnableOption "font config";
};
@ -24,10 +26,10 @@ in {
fonts.fontconfig = {
enable = true;
defaultFonts = {
monospace = ["Hack Nerd Font"];
emoji = ["Noto Color Emoji"];
serif = ["Noto Serif"];
sansSerif = ["Noto Sans"];
monospace = [ "Hack Nerd Font" ];
emoji = [ "Noto Color Emoji" ];
serif = [ "Noto Serif" ];
sansSerif = [ "Noto Sans" ];
};
};
};

21
modules/home/home/default.nix
View file

@ -1,10 +1,11 @@
{
config,
lib,
osConfig ? {},
osConfig ? { },
namespace,
...
}: {
}:
{
options.${namespace} = {
isHeadless = lib.mkOption {
type = lib.types.bool;
@ -20,15 +21,13 @@
};
config = lib.mkMerge [
(
lib.mkIf (!config.${namespace}.isHeadless) {
${namespace} = {
programs.firefox.enable = true;
programs.kitty.enable = true;
windowManagers.sway.enable = true;
};
}
)
(lib.mkIf (!config.${namespace}.isHeadless) {
${namespace} = {
programs.firefox.enable = true;
programs.kitty.enable = true;
windowManagers.sway.enable = true;
};
})
(lib.mkIf (config.${namespace}.installDefaults) {
${namespace} = {
apps = {

6
modules/home/programs/firefox/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.firefox;
in {
in
{
options.${namespace}.programs.firefox = {
enable = mkEnableOption "firefox";
};

8
modules/home/programs/fuzzel/default.nix
View file

@ -4,15 +4,17 @@
pkgs,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.fuzzel;
in {
in
{
options.${namespace}.programs.fuzzel = {
enable = lib.mkEnableOption "fuzzel";
};
config = lib.mkIf cfg.enable {
home.packages = [pkgs.bemoji];
home.packages = [ pkgs.bemoji ];
catppuccin.fuzzel.enable = true;
programs.fuzzel.enable = true;

6
modules/home/programs/fzf/default.nix
View file

@ -3,9 +3,11 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.fzf;
in {
in
{
options.${namespace}.programs.fzf = {
enable = lib.mkEnableOption "fzf";
};

10
modules/home/programs/gpg/default.nix
View file

@ -5,11 +5,13 @@
namespace,
system,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.gpg;
in {
in
{
options.${namespace}.programs.gpg = {
enable = mkEnableOption "gpg";
};
@ -33,9 +35,7 @@ in {
services.gpg-agent = mkIf (system == "x86_64-linux") {
enable = true;
pinentryPackage =
if config.${namespace}.windowManagers.sway.enable
then pkgs.pinentry-qt
else pkgs.pinentry-curses;
if config.${namespace}.windowManagers.sway.enable then pkgs.pinentry-qt else pkgs.pinentry-curses;
enableZshIntegration = true;
enableSshSupport = true;
sshKeys = [

6
modules/home/programs/k9s/default.nix
View file

@ -3,9 +3,11 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.k9s;
in {
in
{
options.${namespace}.programs.k9s = {
enable = lib.mkEnableOption "k9s";
};

6
modules/home/programs/kitty/default.nix
View file

@ -4,11 +4,13 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.kitty;
in {
in
{
options.${namespace}.programs.kitty = {
enable = mkEnableOption "kitty";
};

36
modules/home/programs/neovim/default.nix
View file

@ -4,9 +4,11 @@
pkgs,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.neovim;
in {
in
{
options.${namespace}.programs.neovim = {
enable = lib.mkEnableOption "neovim";
lazygit.enable = lib.mkOption {
@ -21,19 +23,21 @@ in {
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{home.packages = [pkgs.neovim];}
(lib.mkIf cfg.lazygit.enable {
programs.zsh.shellAliases = {
nvim = "${pkgs.neovim}/bin/nvim --listen /tmp/nvim-server.pipe";
};
config = lib.mkIf cfg.enable (
lib.mkMerge [
{ home.packages = [ pkgs.neovim ]; }
(lib.mkIf cfg.lazygit.enable {
programs.zsh.shellAliases = {
nvim = "${pkgs.neovim}/bin/nvim --listen /tmp/nvim-server.pipe";
};
programs.lazygit.settings.os = {
editCommand = "nvim";
editCommandTemplate = ''
{{editor}} --server /tmp/nvim-server.pipe --remote-tab {{filename}}
'';
};
})
]);
programs.lazygit.settings.os = {
editCommand = "nvim";
editCommandTemplate = ''
{{editor}} --server /tmp/nvim-server.pipe --remote-tab {{filename}}
'';
};
})
]
);
}

8
modules/home/programs/rofi/default.nix
View file

@ -4,11 +4,13 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.rofi;
in {
in
{
options.${namespace}.programs.rofi = {
enable = mkEnableOption "rofi";
};
@ -19,7 +21,7 @@ in {
# TODO: How to ensure this font is installed?
font = "Hack Nerd Font 10";
catppuccin.enable = true;
plugins = [pkgs.rofi-emoji];
plugins = [ pkgs.rofi-emoji ];
extraConfig = {
show-icons = true;
modi = "window,run,ssh,emoji";

6
modules/home/programs/swaylock/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.swaylock;
in {
in
{
options.${namespace}.programs.swaylock = {
enable = mkEnableOption "swaylock";
};

44
modules/home/programs/waybar/default.nix
View file

@ -4,11 +4,18 @@
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.programs.waybar;
in {
in
{
options.aa.programs.waybar = {
enable = mkEnableOption "waybar";
@ -33,8 +40,8 @@ in {
layer = "top";
position = "bottom";
height = 20;
modules-left = ["sway/workspaces"];
modules-center = ["clock"];
modules-left = [ "sway/workspaces" ];
modules-center = [ "clock" ];
modules-right = [
"idle_inhibitor"
"temperature"
@ -76,7 +83,11 @@ in {
temperature = {
critical-threshold = 80;
format = "{icon}{temperatureC}°C";
format-icons = [" " " " " "];
format-icons = [
" "
" "
" "
];
thermal-zone = cfg.thermal-zone;
};
@ -99,7 +110,11 @@ in {
phone = " ";
portable = " ";
car = " ";
default = [" " " " " "];
default = [
" "
" "
" "
];
};
tooltip-format = "{desc}, {volume}%";
# TODO: Figure out how to get pactl binary?
@ -118,7 +133,13 @@ in {
format-charging = "󰂄 {capacity}%";
format-plugged = " ";
format-alt = "{time} {icon}";
format-icons = [" " " " " " " " " "];
format-icons = [
" "
" "
" "
" "
" "
];
};
memory = {
@ -127,7 +148,10 @@ in {
backlight = {
format = "{icon} {percent}%";
format-icons = ["󰃞`" "󰃚"];
format-icons = [
"󰃞`"
"󰃚"
];
on-scroll-up = "light -A 1";
on-scroll-down = "light -U 1";
};
@ -168,6 +192,6 @@ in {
];
};
wayland.windowManager.sway.config.bars = [];
wayland.windowManager.sway.config.bars = [ ];
};
}

6
modules/home/programs/yazi/default.nix
View file

@ -3,9 +3,11 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.yazi;
in {
in
{
options.${namespace}.programs.yazi = {
enable = lib.mkEnableOption "yazi";
};

10
modules/home/programs/zoxide/default.nix
View file

@ -4,19 +4,21 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.zoxide;
in {
in
{
options.${namespace}.programs.zoxide = {
enable = lib.mkEnableOption "zoxide";
};
config = lib.mkIf cfg.enable {
home.packages = [pkgs.zoxide];
home.packages = [ pkgs.zoxide ];
programs.zoxide = {
enable = true;
options = ["--cmd cd"];
options = [ "--cmd cd" ];
};
};
}

6
modules/home/services/gammastep/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.gammastep;
in {
in
{
options.${namespace}.services.gammastep = {
enable = mkEnableOption "gammastep";
};

8
modules/home/services/playerctld/default.nix
View file

@ -4,17 +4,19 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.playerctld;
in {
in
{
options.${namespace}.services.playerctld = {
enable = mkEnableOption "playerctl";
};
config = mkIf cfg.enable {
home.packages = [pkgs.playerctl];
home.packages = [ pkgs.playerctl ];
services.playerctld.enable = true;
};
}

8
modules/home/services/swayidle/default.nix
View file

@ -4,17 +4,19 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.swayidle;
in {
in
{
options.${namespace}.services.swayidle = {
enable = mkEnableOption "swayidle";
};
config = mkIf cfg.enable {
home.packages = [pkgs.swayidle];
home.packages = [ pkgs.swayidle ];
services.swayidle = {
enable = true;

15
modules/home/services/swaync/default.nix
View file

@ -4,22 +4,29 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.swaync;
in {
in
{
options.${namespace}.services.swaync = {
enable = mkEnableOption "sway notification center";
};
config = mkIf cfg.enable {
home.packages = [pkgs.libnotify];
home.packages = [ pkgs.libnotify ];
services.swaync = {
enable = true;
settings = {
widgets = ["title" "dnd" "notifications" "mpris"];
widgets = [
"title"
"dnd"
"notifications"
"mpris"
];
};
};

6
modules/home/tools/direnv/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.tools.direnv;
in {
in
{
options.${namespace}.tools.direnv = {
enable = mkEnableOption "direnv";
};

6
modules/home/tools/eza/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.tools.eza;
in {
in
{
options.${namespace}.tools.eza = {
enable = mkEnableOption "eza";
};

6
modules/home/tools/git/default.nix
View file

@ -4,11 +4,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption mkDefault;
cfg = config.${namespace}.tools.git;
in {
in
{
options.${namespace}.tools.git = {
enable = mkEnableOption "git";
userName = lib.options.mkOption {

6
modules/home/tools/zsh/default.nix
View file

@ -5,11 +5,13 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.tools.zsh;
in {
in
{
options.${namespace}.tools.zsh = {
enable = mkEnableOption "zsh";
};

6
modules/nixos/apps/steam/default.nix
View file

@ -3,9 +3,11 @@
pkgs,
lib,
...
}: let
}:
let
cfg = config.aa.apps.steam;
in {
in
{
options.aa.apps.steam = {
enable = lib.options.mkEnableOption "steam";
};

6
modules/nixos/apps/yubikey/default.nix
View file

@ -3,11 +3,13 @@
pkgs,
lib,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.aa.apps.yubikey;
in {
in
{
options.aa.apps.yubikey = {
enable = mkEnableOption "yubikey";
};

6
modules/nixos/archetypes/workstation/default.nix
View file

@ -2,11 +2,13 @@
config,
lib,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.archetypes.workstation;
in {
in
{
options.aa.archetypes.workstation = {
enable = mkEnableOption "workstation archetype";
};

8
modules/nixos/hardware/audio/default.nix
View file

@ -3,17 +3,19 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.aa.hardware.audio;
in {
in
{
options.aa.hardware.audio = {
enable = mkEnableOption "audio";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [pamixer];
environment.systemPackages = with pkgs; [ pamixer ];
security.rtkit.enable = true;
services.pipewire = {
enable = true;

6
modules/nixos/hardware/bluetooth/default.nix
View file

@ -2,11 +2,13 @@
config,
lib,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.hardware.bluetooth;
in {
in
{
options.aa.hardware.bluetooth = {
enable = mkEnableOption "bluetooth";
};

14
modules/nixos/hardware/logitech/default.nix
View file

@ -4,12 +4,14 @@
pkgs,
namespace,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.logitech;
username = config.${namespace}.user.name;
in {
in
{
options.${namespace}.hardware.logitech = {
enable = mkEnableOption "logitech devices";
};
@ -22,13 +24,15 @@ in {
systemd.user.services.solaar = {
description = "Linux device manager for Logitech devices";
documentation = ["https://pwr-solaar.github.io/Solaar/"];
partOf = ["graphical-session.target"];
documentation = [ "https://pwr-solaar.github.io/Solaar/" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.solaar}/bin/solaar -w hide";
};
};
systemd.user.services.solaar.wantedBy = mkIf config.home-manager.users.${username}.wayland.windowManager.sway.enable ["sway-session.target"];
systemd.user.services.solaar.wantedBy =
mkIf config.home-manager.users.${username}.wayland.windowManager.sway.enable
[ "sway-session.target" ];
};
}

6
modules/nixos/hardware/tlp/default.nix
View file

@ -2,11 +2,13 @@
config,
lib,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.aa.hardware.tlp;
in {
in
{
options.aa.hardware.tlp = {
enable = mkEnableOption "tlp";
};

17
modules/nixos/home/default.nix
View file

@ -5,10 +5,12 @@
inputs,
namespace,
...
}: let
}:
let
inherit (lib) mkAliasDefinitions mkOption;
inherit (lib.types) attrs;
in {
in
{
imports = with inputs; [
home-manager.nixosModules.home-manager
];
@ -16,22 +18,22 @@ in {
options.${namespace}.home = {
file = mkOption {
type = attrs;
default = {};
default = { };
description = "A set of files to be manged by home-manager's <option>home.file</option> option.";
};
configFile = mkOption {
type = attrs;
default = {};
default = { };
description = "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
};
dataFile = mkOption {
type = attrs;
default = {};
default = { };
description = "A set of files to be managed by home-manager's <option>xdg.dataFile</option>.";
};
extraOptions = mkOption {
type = attrs;
default = {};
default = { };
description = "Options to pass directly to home-manager.";
};
};
@ -50,8 +52,7 @@ in {
home-manager = {
useUserPackages = true;
users.${config.aa.user.name} =
mkAliasDefinitions options.aa.home.extraOptions;
users.${config.aa.user.name} = mkAliasDefinitions options.aa.home.extraOptions;
};
};
}

77
modules/nixos/nix/default.nix
View file

@ -3,12 +3,19 @@
pkgs,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.aa.nix;
selfHostedCacheHost = "https://cache.kilonull.com/";
in {
in
{
options.aa.nix = {
enable = mkEnableOption "manage nix configuration.";
package = mkOption {
@ -26,37 +33,43 @@ in {
nixfmt-rfc-style
];
nix = let
users = ["root" config.aa.user.name];
in {
package = cfg.package;
nix =
let
users = [
"root"
config.aa.user.name
];
in
{
package = cfg.package;
settings = {
experimental-features = "nix-command flakes";
trusted-users = users;
allowed-users = users;
settings = {
experimental-features = "nix-command flakes";
trusted-users = users;
allowed-users = users;
builders-use-substitutes = cfg.useSelfhostedCache;
substituters =
if cfg.useSelfhostedCache
then [
# TESTING
"https://minio.kilonull.com/nix-store"
selfHostedCacheHost
]
else [];
trusted-public-keys =
mkIf cfg.useSelfhostedCache
["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="];
builders-use-substitutes = cfg.useSelfhostedCache;
substituters =
if cfg.useSelfhostedCache then
[
# TESTING
"https://minio.kilonull.com/nix-store"
selfHostedCacheHost
]
else
[ ];
trusted-public-keys = mkIf cfg.useSelfhostedCache [
"gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="
];
};
# TODO: Configure distributedBuilds and buildMachines?
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 30d";
};
};
# TODO: Configure distributedBuilds and buildMachines?
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 30d";
};
};
};
}

10
modules/nixos/programs/android-studio/default.nix
View file

@ -4,18 +4,20 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.programs.android-studio;
in {
in
{
options.${namespace}.programs.android-studio = {
enable = lib.mkEnableOption "Android Studio";
};
config = lib.mkIf cfg.enable {
${namespace}.user.extraGroups = ["kvm"];
${namespace}.user.extraGroups = [ "kvm" ];
programs.adb.enable = true;
environment.systemPackages = [pkgs.android-studio];
environment.systemPackages = [ pkgs.android-studio ];
};
}

15
modules/nixos/security/acme/default.nix
View file

@ -3,11 +3,18 @@
lib,
namespace,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf types;
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.aa.security.acme;
in {
in
{
options.aa.security.acme = {
enable = mkEnableOption "Automatic Certificate Management Environment (ACME)";
useStaging = mkOption {
@ -53,7 +60,7 @@ in {
# own DNS to make `lego` happy (will resolve names to a public IP).
dnsResolver = "1.1.1.1:53";
credentialsFile = cfg.dnsCredentialsFile;
extraDomainNames = mkIf cfg.isWildcard [("*." + cfg.domainName)];
extraDomainNames = mkIf cfg.isWildcard [ ("*." + cfg.domainName) ];
};
};
};

13
modules/nixos/services/adguardhome/default.nix
View file

@ -3,11 +3,18 @@
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.adguardhome;
in {
in
{
options.${namespace}.services.adguardhome = {
enable = mkEnableOption "adguardhome";
acmeCertName = mkOption {

13
modules/nixos/services/forgejo/default.nix
View file

@ -4,12 +4,19 @@
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.forgejo;
forgejo_cfg = config.services.forgejo;
in {
in
{
options.${namespace}.services.forgejo = {
enable = mkEnableOption "forgejo";
domain = mkOption {

18
modules/nixos/services/grafana/default.nix
View file

@ -4,13 +4,20 @@
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.grafana;
server_settings = config.services.grafana.settings.server;
grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards;
in {
in
{
options.${namespace}.services.grafana = {
enable = mkEnableOption "grafana";
acmeCertName = mkOption {
@ -120,7 +127,10 @@ in {
};
networking.firewall = {
allowedTCPPorts = [80 443];
allowedTCPPorts = [
80
443
];
};
};
}

13
modules/nixos/services/hydra/default.nix
View file

@ -3,9 +3,11 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.services.hydra;
in {
in
{
options.${namespace}.services.hydra = with lib; {
enable = mkEnableOption "hydra";
hostname = mkOption {
@ -72,7 +74,7 @@ in {
enable = true;
hydraURL = "https://${cfg.hostname}";
notificationSender = "hydra@localhost";
buildMachinesFiles = [];
buildMachinesFiles = [ ];
useSubstitutes = true;
extraConfig = ''
store_uri = s3://${cfg.s3Bucket}?compression=zstd&parallel-compression=true&write-nar-listing=1&ls-compression=br&log-compression=br&scheme=${cfg.s3Scheme}&endpoint=${cfg.s3Endpoint}&secret-key=${cfg.secretKeyPath}
@ -103,7 +105,10 @@ in {
"hydra"
"hydra-www"
];
allowed-uris = ["github:" "git+https://git.alejandr0angul0.dev/"];
allowed-uris = [
"github:"
"git+https://git.alejandr0angul0.dev/"
];
};
};
}

8
modules/nixos/services/loki/default.nix
View file

@ -3,10 +3,12 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.services.loki;
loki = config.services.loki;
in {
in
{
options.${namespace}.services.loki = with lib; {
enable = mkEnableOption "loki";
};
@ -102,7 +104,7 @@ in {
};
networking.firewall = {
allowedTCPPorts = [loki.configuration.server.http_listen_port];
allowedTCPPorts = [ loki.configuration.server.http_listen_port ];
};
};
}

6
modules/nixos/services/minio/default.nix
View file

@ -3,9 +3,11 @@
lib,
namespace,
...
}: let
}:
let
cfg = config.${namespace}.services.minio;
in {
in
{
options.${namespace}.services.minio = with lib; {
enable = mkEnableOption "minio";
acmeCertName = mkOption {

10
modules/nixos/services/mosquitto/default.nix
View file

@ -2,9 +2,11 @@
config,
lib,
...
}: let
}:
let
cfg = config.aa.services.mosquitto;
in {
in
{
options.aa.services.mosquitto = with lib; {
enable = mkEnableOption "home assistant";
};
@ -36,7 +38,7 @@ in {
passwordFile = config.age.secrets.theengs_ble_mqtt.path;
};
teslamate = {
acl = ["readwrite teslamate/#"];
acl = [ "readwrite teslamate/#" ];
passwordFile = config.age.secrets.teslamate_mqtt.path;
};
};
@ -44,6 +46,6 @@ in {
];
};
networking.firewall.allowedTCPPorts = [1883];
networking.firewall.allowedTCPPorts = [ 1883 ];
};
}

19
modules/nixos/services/nix-serve/default.nix
View file

@ -3,9 +3,11 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.aa.services.nix-serve;
in {
in
{
options.aa.services.nix-serve = with lib; {
enable = mkEnableOption "nix-serve";
domain_name = mkOption {
@ -28,11 +30,11 @@ in {
config = lib.mkIf cfg.enable {
nix.settings = {
allowed-users = ["nix-serve"];
trusted-users = ["nix-serve"];
allowed-users = [ "nix-serve" ];
trusted-users = [ "nix-serve" ];
};
environment.systemPackages = [pkgs.nix-serve];
environment.systemPackages = [ pkgs.nix-serve ];
services = {
nix-serve = {
@ -45,7 +47,7 @@ in {
enable = true;
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" =
{
serverAliases = ["${cfg.subdomain_name}"];
serverAliases = [ "${cfg.subdomain_name}" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
@ -61,7 +63,10 @@ in {
};
networking.firewall = {
allowedTCPPorts = [80 443];
allowedTCPPorts = [
80
443
];
};
};
}

11
modules/nixos/services/octoprint/default.nix
View file

@ -2,9 +2,11 @@
config,
lib,
...
}: let
}:
let
cfg = config.aa.services.octoprint;
in {
in
{
options.aa.services.octoprint = with lib; {
enable = mkEnableOption "octoprint";
acmeCertName = mkOption {
@ -39,6 +41,9 @@ in {
};
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

22
modules/nixos/services/openssh/default.nix
View file

@ -3,17 +3,25 @@
lib,
format,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption mkDefault types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
mkDefault
types
;
cfg = config.aa.services.openssh;
default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
in {
in
{
options.aa.services.openssh = {
enable = mkEnableOption "ssh";
authorizedKeys = mkOption {
type = types.listOf types.str;
default = [default-key];
default = [ default-key ];
description = "The public keys to authorize";
};
};
@ -23,11 +31,7 @@ in {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = mkDefault (
if format == "install-iso"
then "yes"
else "no"
);
PermitRootLogin = mkDefault (if format == "install-iso" then "yes" else "no");
};
};

6
modules/nixos/services/printing/default.nix
View file

@ -2,9 +2,11 @@
config,
lib,
...
}: let
}:
let
cfg = config.aa.apps.steam;
in {
in
{
options.aa.services.printing = with lib; {
enable = mkEnableOption "printing";
};

10
modules/nixos/services/prometheus/default.nix
View file

@ -2,12 +2,14 @@
config,
lib,
...
}: let
}:
let
inherit (lib) mkIf;
cfg = config.aa.services.prometheus;
exporters = config.services.prometheus.exporters;
in {
in
{
options.aa.services.prometheus = with lib; {
enable = mkEnableOption "prometheus";
enableServer = mkOption {
@ -28,7 +30,7 @@ in {
exporters = {
node = {
enable = cfg.enableNodeExporter;
enabledCollectors = ["systemd"];
enabledCollectors = [ "systemd" ];
port = 9002;
openFirewall = true;
};
@ -52,7 +54,7 @@ in {
};
networking.firewall = mkIf cfg.enableServer {
allowedTCPPorts = [config.services.prometheus.port];
allowedTCPPorts = [ config.services.prometheus.port ];
};
};
}

8
modules/nixos/services/promtail/default.nix
View file

@ -2,9 +2,11 @@
config,
lib,
...
}: let
}:
let
cfg = config.aa.services.promtail;
in {
in
{
options.aa.services.promtail = with lib; {
enable = mkEnableOption "promtail";
};
@ -38,7 +40,7 @@ in {
};
relabel_configs = [
{
source_labels = ["__journal__systemd_unit"];
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];

18
modules/nixos/services/tailscale/default.nix
View file

@ -3,11 +3,13 @@
pkgs,
lib,
...
}: let
}:
let
inherit (lib) mkIf;
cfg = config.aa.services.tailscale;
in {
in
{
options.aa.services.tailscale = with lib; {
enable = mkEnableOption "tailscale";
configureClientRouting = mkOption {
@ -35,18 +37,14 @@ in {
tailscale
tailscale-systray
];
networking.firewall.allowedUDPPorts = [config.services.tailscale.port];
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
services.tailscale = {
enable = true;
useRoutingFeatures = mkIf (cfg.configureClientRouting || cfg.configureServerRouting) (
if (cfg.configureClientRouting && cfg.configureServerRouting)
then "both"
if (cfg.configureClientRouting && cfg.configureServerRouting) then
"both"
else
(
if cfg.configureClientRouting
then "client"
else "server"
)
(if cfg.configureClientRouting then "client" else "server")
);
};
};

21
modules/nixos/services/teslamate/default.nix
View file

@ -2,9 +2,11 @@
config,
lib,
...
}: let
}:
let
cfg = config.aa.services.teslamate;
in {
in
{
options.aa.services.teslamate = with lib; {
enable = mkEnableOption "teslamate";
@ -104,7 +106,7 @@ in {
backend = "docker";
containers."teslamate" = {
image = "teslamate/teslamate:1.32";
environmentFiles = ["/var/lib/teslamate/env"];
environmentFiles = [ "/var/lib/teslamate/env" ];
environment = {
# TODO: Make this configurable
PORT = "4000";
@ -116,9 +118,12 @@ in {
MQTT_USERNAME = "teslamate";
TZ = "America/Los_Angeles";
};
extraOptions = ["--cap-drop=all" "--network=host"];
extraOptions = [
"--cap-drop=all"
"--network=host"
];
# TODO: Make this configurable
ports = ["4000:4000"];
ports = [ "4000:4000" ];
};
};
@ -126,12 +131,12 @@ in {
isSystemUser = true;
group = cfg.group;
};
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
services.postgresql = lib.optionalAttrs cfg.database.createDatabase {
enable = lib.mkDefault true;
ensureDatabases = [cfg.database.name];
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{
name = cfg.database.user;
@ -157,6 +162,6 @@ in {
};
};
networking.firewall.allowedTCPPorts = [4000];
networking.firewall.allowedTCPPorts = [ 4000 ];
};
}

8
modules/nixos/suites/desktop/default.nix
View file

@ -3,11 +3,13 @@
lib,
namespace,
...
}: let
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.suites.desktop;
in {
in
{
options.${namespace}.suites.desktop = {
enable = mkEnableOption "common desktop configuration";
};
@ -19,7 +21,7 @@ in {
# The following fixes an issue with using swaylcock as a home module
# Workaround for https://github.com/NixOS/nixpkgs/issues/158025
# This comment specifically: https://github.com/NixOS/nixpkgs/issues/158025#issuecomment-1344766809
security.pam.services.swaylock = {};
security.pam.services.swaylock = { };
# Required for GUIs (like sway) to work correctly.
hardware.graphics.enable = true;

6
modules/nixos/suites/development/default.nix
View file

@ -3,10 +3,12 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.suites.development;
in {
in
{
options.aa.suites.development = {
enable = mkEnableOption "common configuration";
};

6
modules/nixos/suites/gaming/default.nix
View file

@ -5,9 +5,11 @@
pkgs,
...
}:
with lib; let
with lib;
let
cfg = config.aa.suites.gaming;
in {
in
{
options.aa.suites.gaming = with lib.types; {
enable = mkEnableOption "gaming configuration";
};

8
modules/nixos/suites/utils/default.nix
View file

@ -4,11 +4,13 @@
pkgs,
inputs,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.suites.utils;
in {
in
{
options.aa.suites.utils = {
enable = mkEnableOption "common configuration";
};
@ -38,6 +40,6 @@ in {
usbutils
wget
])
++ [inputs.agenix.packages.x86_64-linux.default];
++ [ inputs.agenix.packages.x86_64-linux.default ];
};
}

6
modules/nixos/system/fonts/default.nix
View file

@ -5,9 +5,11 @@
lib,
...
}:
with lib; let
with lib;
let
cfg = config.aa.system.fonts;
in {
in
{
options.aa.system.fonts = with types; {
enable = mkEnableOption "manage fonts";
};

6
modules/nixos/system/monitoring/default.nix
View file

@ -3,11 +3,13 @@
pkgs,
lib,
...
}: let
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.system.monitoring;
in {
in
{
options.aa.system.monitoring = {
enable = mkEnableOption "monitoring";
};

8
modules/nixos/system/zfs/default.nix
View file

@ -5,16 +5,18 @@
lib,
...
}:
with lib; let
with lib;
let
cfg = config.aa.system.zfs;
in {
in
{
options.aa.system.zfs = with types; {
enable = mkEnableOption "zfs";
# TODO: Introduce a zfsOnRoot option
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.zfs-prune-snapshots];
environment.systemPackages = [ pkgs.zfs-prune-snapshots ];
services.zfs = {
autoScrub.enable = true;

31
modules/nixos/user/default.nix
View file

@ -5,9 +5,11 @@
lib,
...
}:
with lib; let
with lib;
let
cfg = config.aa.user;
in {
in
{
options.aa.user = with types; {
name = mkOption {
type = str;
@ -26,12 +28,15 @@ in {
};
extraGroups = mkOption {
type = listOf str;
default = ["video" "networkmanager"];
default = [
"video"
"networkmanager"
];
description = "Groups to for the user to be assigned.";
};
extraOptions = mkOption {
type = attrs;
default = {};
default = { };
description = "Extra options passed to <option>users.users.<name></option>.";
};
};
@ -42,19 +47,17 @@ in {
# Refer to modules/tools/zsh/default.nix
programs.zsh.enable = true;
users.users.${cfg.name} =
{
isNormalUser = true;
users.users.${cfg.name} = {
isNormalUser = true;
inherit (cfg) name;
inherit (cfg) name;
home = "/home/${cfg.name}";
group = "users";
home = "/home/${cfg.name}";
group = "users";
shell = pkgs.zsh;
shell = pkgs.zsh;
extraGroups = ["wheel"] ++ cfg.extraGroups;
}
// cfg.extraOptions;
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} // cfg.extraOptions;
};
}

3
overlays/neovim/default.nix
View file

@ -1,3 +1,4 @@
{nixvim, ...}: (final: prev: {
{ nixvim, ... }:
(final: prev: {
neovim = nixvim.packages.${prev.system}.default;
})

82
packages/teslamate/default.nix
View file

@ -7,7 +7,8 @@
nodejs,
breakpointHook,
...
}: let
}:
let
pname = "teslamate";
version = "1.28.2";
@ -23,29 +24,29 @@
overrides = (
final: prev:
(lib.mapAttrs
(_: value:
value.override {
appConfigPath = src + "/config";
})
prev)
// {
ex_cldr = prev.ex_cldr.overrideAttrs (old: rec {
# Copied from https://github.com/NixOS/nixpkgs/blob/d8fd23629b3910e8bdbd313e29532d3e33dd73d5/pkgs/servers/mobilizon/default.nix#L34-L47
version = "2.37.5";
# We have to use the GitHub sources, as it otherwise tries to download
# the locales at build time.
src = fetchFromGitHub {
owner = "elixir-cldr";
repo = "cldr";
rev = "v${version}";
sha256 = "sha256-T5Qvuo+xPwpgBsqHNZYnTCA4loToeBn1LKTMsDcCdYs=";
};
postInstall = ''
cp $src/priv/cldr/locales/* $out/lib/erlang/lib/ex_cldr-${old.version}/priv/cldr/locales/
'';
});
(lib.mapAttrs (
_: value:
value.override {
appConfigPath = src + "/config";
}
) prev)
// {
ex_cldr = prev.ex_cldr.overrideAttrs (old: rec {
# Copied from https://github.com/NixOS/nixpkgs/blob/d8fd23629b3910e8bdbd313e29532d3e33dd73d5/pkgs/servers/mobilizon/default.nix#L34-L47
version = "2.37.5";
# We have to use the GitHub sources, as it otherwise tries to download
# the locales at build time.
src = fetchFromGitHub {
owner = "elixir-cldr";
repo = "cldr";
rev = "v${version}";
sha256 = "sha256-T5Qvuo+xPwpgBsqHNZYnTCA4loToeBn1LKTMsDcCdYs=";
};
postInstall = ''
cp $src/priv/cldr/locales/* $out/lib/erlang/lib/ex_cldr-${old.version}/priv/cldr/locales/
'';
});
}
);
};
@ -54,7 +55,7 @@
inherit version;
src = "${src}/assets";
npmDepsHash = "sha256-h92i/cRf4I0c4vUc6oBt5T4yvM0JNQMkoDy2YHcVWS4=";
patches = [./deploy_output.patch];
patches = [ ./deploy_output.patch ];
dontNpmBuild = true;
installPhase = ''
runHook preinstall
@ -74,20 +75,25 @@
'';
};
in
beamPackages.mixRelease {
inherit pname version src mixNixDeps;
beamPackages.mixRelease {
inherit
pname
version
src
mixNixDeps
;
nativeBuildInputs = [nodejs];
nativeBuildInputs = [ nodejs ];
preBuild = ''
mkdir -p priv/static/assets
# assets patched to write to scripts/deploy_output
cp -r ${assets}/scripts/deploy_output ./priv/static/assets
'';
preBuild = ''
mkdir -p priv/static/assets
# assets patched to write to scripts/deploy_output
cp -r ${assets}/scripts/deploy_output ./priv/static/assets
'';
postBuild = ''
# for external task you need a workaround for the no deps check flag
# https://github.com/phoenixframework/phoenix/issues/2690
mix do deps.loadpaths --no-deps-check phx.digest, release --overwrite
'';
}
postBuild = ''
# for external task you need a workaround for the no deps check flag
# https://github.com/phoenixframework/phoenix/issues/2690
mix do deps.loadpaths --no-deps-check phx.digest, release --overwrite
'';
}

1257
packages/teslamate/mix.nix
View file

File diff suppressed because it is too large Load diff

7
secrets/age-yubikey-identity-508106ce.txt Normal file
View file

@ -0,0 +1,7 @@
# Serial: 20472382, Slot: 1
# Name: age_alejandro
# Created: Fri, 30 Jun 2023 03:32:36 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Always (A physical touch is required for every decryption)
# Recipient: age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25
AGE-PLUGIN-YUBIKEY-18E3RSQVZ2ZQSDNS67QTTC

79
secrets/secrets.nix
View file

@ -9,18 +9,69 @@ let
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN";
};
in {
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy];
"gitea-runner-gospel.age".publicKeys = [users.me machines.gospel];
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
"nextcloud_restic_env.age".publicKeys = [users.me machines.node];
"nextcloud_restic_password.age".publicKeys = [users.me machines.node];
"nextcloud_restic_repo.age".publicKeys = [users.me machines.node];
"tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
"teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
"theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
in
{
"cf_dns_kilonull.age".publicKeys = [
users.me
machines.node
machines.gospel
machines.pi4
machines.proxy
];
"gitea-runner-gospel.age".publicKeys = [
users.me
machines.gospel
];
"hass_mqtt.age".publicKeys = [
users.me
machines.pi4
machines.node
machines.gospel
];
"hydra-aws-creds.age".publicKeys = [
users.me
machines.gospel
];
"nextcloud_admin.age".publicKeys = [
users.me
machines.node
machines.gospel
];
"nextcloud_restic_env.age".publicKeys = [
users.me
machines.node
];
"nextcloud_restic_password.age".publicKeys = [
users.me
machines.node
];
"nextcloud_restic_repo.age".publicKeys = [
users.me
machines.node
];
"tailscale_git_server.age".publicKeys = [
users.me
machines.git
]; # This key expires, might have to update
"teslamate_db.age".publicKeys = [
users.me
machines.node
machines.gospel
];
"teslamate_encryption.age".publicKeys = [
users.me
machines.node
machines.gospel
];
"teslamate_mqtt.age".publicKeys = [
users.me
machines.pi4
machines.node
machines.gospel
];
"theengs_ble_mqtt.age".publicKeys = [
users.me
machines.pi4
machines.gospel
];
}

11
systems/aarch64-linux/pi4/default.nix
View file

@ -4,7 +4,8 @@
inputs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
@ -15,8 +16,7 @@
# See here: https://github.com/NixOS/nixpkgs/issues/109280#issuecomment-973636212
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // {allowMissing = true;});
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
@ -57,7 +57,10 @@
hostName = "pi4";
useDHCP = false;
defaultGateway = "192.168.113.1";
nameservers = ["192.168.113.13" "1.1.1.1"];
nameservers = [
"192.168.113.13"
"1.1.1.1"
];
interfaces.end0.ipv4.addresses = [
{
address = "192.168.113.42";

3
systems/x86_64-do/minimal/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
aa = {
nix.enable = true;

87
systems/x86_64-linux/carbon/hardware-configuration-zfs.nix
View file

@ -7,104 +7,151 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool_/nixos/ROOT/default";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/boot" = {
device = "bpool_/nixos/BOOT/default";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/home" = {
device = "rpool_/nixos/DATA/default/home";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/root" = {
device = "rpool_/nixos/DATA/default/root";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/srv" = {
device = "rpool_/nixos/DATA/default/srv";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/usr/local" = {
device = "rpool_/nixos/DATA/default/usr/local";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/log" = {
device = "rpool_/nixos/DATA/default/var/log";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/spool" = {
device = "rpool_/nixos/DATA/default/var/spool";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/nix" = {
device = "rpool_/nixos/DATA/local/nix";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/state" = {
device = "rpool_/nixos/DATA/default/state";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/etc/nixos" = {
device = "/state/etc/nixos";
fsType = "none";
options = ["bind"];
options = [ "bind" ];
};
fileSystems."/etc/cryptkey.d" = {
device = "/state/etc/cryptkey.d";
fsType = "none";
options = ["bind"];
options = [ "bind" ];
};
fileSystems."/boot/efis/nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX1K539085-part1" = {
device = "/dev/disk/by-uuid/F429-235F";
fsType = "vfat";
options = ["x-systemd.idle-timeout=1min" "x-systemd.automount" "noauto"];
options = [
"x-systemd.idle-timeout=1min"
"x-systemd.automount"
"noauto"
];
};
fileSystems."/boot/efis/nvme-WDC_PC_SN520_SDAPTUW-512G_182747800010-part1" = {
device = "/dev/disk/by-uuid/F429-AB41";
fsType = "vfat";
options = ["x-systemd.idle-timeout=1min" "x-systemd.automount" "noauto"];
options = [
"x-systemd.idle-timeout=1min"
"x-systemd.automount"
"noauto"
];
};
fileSystems."/var/lib/docker" = {
device = "rpool_/nixos/DATA/default/var/lib/docker";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

5
systems/x86_64-linux/carbon/zfs.nix
View file

@ -1,5 +1,6 @@
{pkgs, ...}: {
boot.supportedFilesystems = ["zfs"];
{ pkgs, ... }:
{
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "b2d25606";
boot.zfs.devNodes = "/dev/disk/by-id";
swapDevices = [

10
systems/x86_64-linux/git/default.nix
View file

@ -2,11 +2,13 @@
inputs,
config,
...
}: let
}:
let
domain = "git.alejandr0angul0.dev";
secrets = config.age.secrets;
in {
imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
in
{
imports = [ "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix" ];
age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
@ -38,7 +40,7 @@ in {
services.tailscale = {
authKeyFile = secrets.authKeyFile.path;
extraUpFlags = ["--ssh"];
extraUpFlags = [ "--ssh" ];
};
security.acme = {

38
systems/x86_64-linux/gospel/hardware-configuration.nix
View file

@ -6,37 +6,57 @@
lib,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
device = "rpool/nixos/root";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/home" = {
device = "rpool/nixos/home";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib" = {
device = "rpool/nixos/var/lib";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/log" = {
device = "rpool/nixos/var/log";
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/boot" = {
@ -44,7 +64,7 @@
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

5
systems/x86_64-linux/gospel/zfs.nix
View file

@ -1,5 +1,6 @@
{...}: {
boot.supportedFilesystems = ["zfs"];
{ ... }:
{
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "f8616592";
boot.loader.efi.canTouchEfiVariables = false;
boot.loader.systemd-boot.enable = true;

20
systems/x86_64-linux/node/hardware-configuration.nix
View file

@ -7,15 +7,23 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
@ -27,7 +35,7 @@
fsType = "vfat";
};
swapDevices = [];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
systems/x86_64-linux/node/zfs.nix
View file

@ -2,8 +2,9 @@
config,
pkgs,
...
}: {
boot.supportedFilesystems = ["zfs"];
boot.zfs.extraPools = ["tank"];
}:
{
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.extraPools = [ "tank" ];
networking.hostId = "db616c9e";
}

11
systems/x86_64-vm/virt/default.nix
View file

@ -3,8 +3,9 @@
lib,
...
}:
with lib; {
virtualisation.qemu.options = ["-vga qxl"];
with lib;
{
virtualisation.qemu.options = [ "-vga qxl" ];
# For sway to work with home manager
security.polkit.enable = true;
@ -23,7 +24,7 @@ with lib; {
users.users.virt = {
isNormalUser = true;
extraGroups = ["wheel"];
extraGroups = [ "wheel" ];
hashedPassword = "$6$nOlwKVf1u0Wt//zU$43xhafbe2CAWTjOemAUm1J1Dpw7to0ZTbGhFk7CkVTRB3E80a1lhhQ175VnkcJ/X1HI6lsyV8fNMc3GF7JTAP0";
};
@ -31,6 +32,8 @@ with lib; {
systemPackages = with pkgs; [
wayland-utils
];
variables = {"WLR_RENDERER_ALLOW_SOFTWARE" = "1";};
variables = {
"WLR_RENDERER_ALLOW_SOFTWARE" = "1";
};
};
}