alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Reformatted with nixfmt

Browse source
This commit is contained in:
alejandro-angulo 2025-03-31 22:34:25 -07:00
parent f51256c3ae
commit 3f16537322
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
80 changed files with 1454 additions and 992 deletions
flake.nix
homes
aarch64-linux/alejandro@pi4
default.nix
x86_64-linux
alejandro@git
default.nix
alejandro@gospel
default.nix
alejandro@minimal
default.nix
alejandro@node
default.nix
modules
home
apps
bat
default.nix
btop
default.nix
tmux
default.nix
fonts
default.nix
home
default.nix
programs
firefox
default.nix
fuzzel
default.nix
fzf
default.nix
gpg
default.nix
k9s
default.nix
kitty
default.nix
neovim
default.nix
rofi
default.nix
swaylock
default.nix
waybar
default.nix
yazi
default.nix
zoxide
default.nix
services
gammastep
default.nix
playerctld
default.nix
swayidle
default.nix
swaync
default.nix
tools
direnv
default.nix
eza
default.nix
git
default.nix
zsh
default.nix
nixos
apps
steam
default.nix
yubikey
default.nix
archetypes/workstation
default.nix
hardware
audio
default.nix
bluetooth
default.nix
logitech
default.nix
tlp
default.nix
home
default.nix
nix
default.nix
programs/android-studio
default.nix
security/acme
default.nix
services
adguardhome
default.nix
forgejo
default.nix
grafana
default.nix
hydra
default.nix
loki
default.nix
minio
default.nix
mosquitto
default.nix
nix-serve
default.nix
octoprint
default.nix
openssh
default.nix
printing
default.nix
prometheus
default.nix
promtail
default.nix
tailscale
default.nix
teslamate
default.nix
suites
desktop
default.nix
development
default.nix
gaming
default.nix
utils
default.nix
system
fonts
default.nix
monitoring
default.nix
zfs
default.nix
user
default.nix
overlays/neovim
default.nix
packages/teslamate
default.nixmix.nix
secrets
age-yubikey-identity-508106ce.txtsecrets.nix
systems
aarch64-linux/pi4
default.nix
x86_64-do/minimal
default.nix
x86_64-linux
carbon
hardware-configuration-zfs.nixzfs.nix
git
default.nix
gospel
hardware-configuration.nixzfs.nix
node
hardware-configuration.nixzfs.nix
x86_64-vm/virt
default.nix

90
flake.nix
View file

@ -35,7 +35,8 @@
powerlevel10k.flake = false; powerlevel10k.flake = false;
}; };
outputs = inputs: outputs =
inputs:
inputs.snowfall-lib.mkFlake { inputs.snowfall-lib.mkFlake {
inherit inputs; inherit inputs;
src = ./.; src = ./.;
@ -51,7 +52,7 @@
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
]; ];
homes.modules = with inputs; [catppuccin.homeManagerModules.catppuccin]; homes.modules = with inputs; [ catppuccin.homeManagerModules.catppuccin ];
deploy.nodes = { deploy.nodes = {
node = { node = {
@ -60,7 +61,7 @@
user = "root"; user = "root";
sshUser = "alejandro"; sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node;
sshOpts = ["-A"]; sshOpts = [ "-A" ];
}; };
}; };
@ -70,56 +71,59 @@
user = "root"; user = "root";
sshUser = "alejandro"; sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.git; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.git;
sshOpts = ["-A"]; sshOpts = [ "-A" ];
}; };
}; };
pi4 = let pi4 =
system = "aarch64-linux"; let
pkgs = import inputs.nixpkgs {inherit system;}; system = "aarch64-linux";
deployPkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs { inherit system; };
inherit system; deployPkgs = import inputs.nixpkgs {
overlays = [ inherit system;
inputs.deploy-rs.overlay overlays = [
(self: super: { inputs.deploy-rs.overlay
deploy-rs = { (self: super: {
inherit (pkgs) deploy-rs; deploy-rs = {
lib = inputs.deploy-rs.lib; inherit (pkgs) deploy-rs;
}; lib = inputs.deploy-rs.lib;
}) };
]; })
];
};
in
{
hostname = "pi4";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
# Usually deploy from an x86_64 machine and don't want to bother
# trying to build an aarch64 derivation
remoteBuild = true;
};
}; };
in {
hostname = "pi4";
profiles.system = {
user = "root";
sshUser = "alejandro";
path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4;
# Usually deploy from an x86_64 machine and don't want to bother
# trying to build an aarch64 derivation
remoteBuild = true;
};
};
}; };
# TODO: Re-enable this when I figure out how to prevent needing to build # TODO: Re-enable this when I figure out how to prevent needing to build
# dependencies for architectures other than the host machine # dependencies for architectures other than the host machine
# checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib; # checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) inputs.deploy-rs.lib;
hydraJobs = let hydraJobs =
systems_to_build = [ let
"gospel" systems_to_build = [
"node" "gospel"
"carbon" "node"
]; "carbon"
in { ];
# Only have a builder for x86_64-linux atm in
packages = inputs.self.packages.x86_64-linux; {
# Only have a builder for x86_64-linux atm
packages = inputs.self.packages.x86_64-linux;
systems = inputs.nixpkgs.lib.attrsets.genAttrs systems_to_build ( systems = inputs.nixpkgs.lib.attrsets.genAttrs systems_to_build (
name: name: inputs.self.nixosConfigurations."${name}".config.system.build.toplevel
inputs.self.nixosConfigurations."${name}".config.system.build.toplevel );
); };
};
}; };
} }

3
homes/aarch64-linux/alejandro@pi4/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
aa = { aa = {
apps = { apps = {
bat.enable = true; bat.enable = true;

3
homes/x86_64-linux/alejandro@git/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
aa = { aa = {
installDefaults = false; installDefaults = false;

3
homes/x86_64-linux/alejandro@gospel/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
aa.isHeadless = false; aa.isHeadless = false;
services.spotifyd = { services.spotifyd = {
enable = true; enable = true;

3
homes/x86_64-linux/alejandro@minimal/default.nix
View file

@ -1,3 +1,4 @@
{...}: { { ... }:
{
aa.installDefaults = false; aa.installDefaults = false;
} }

3
homes/x86_64-linux/alejandro@node/default.nix
View file

@ -1,2 +1,3 @@
{...}: { { ... }:
{
} }

6
modules/home/apps/bat/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.apps.bat; cfg = config.${namespace}.apps.bat;
in { in
{
options.${namespace}.apps.bat = { options.${namespace}.apps.bat = {
enable = mkEnableOption "bat"; enable = mkEnableOption "bat";
}; };

6
modules/home/apps/btop/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.apps.btop; cfg = config.${namespace}.apps.btop;
in { in
{
options.${namespace}.apps.btop = { options.${namespace}.apps.btop = {
enable = mkEnableOption "btop"; enable = mkEnableOption "btop";
}; };

10
modules/home/apps/tmux/default.nix
View file

@ -4,7 +4,8 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption; inherit (lib) mkEnableOption;
inherit (pkgs) tmuxPlugins; inherit (pkgs) tmuxPlugins;
@ -20,13 +21,14 @@
} }
]; ];
}; };
in { in
{
options.${namespace}.apps.tmux = { options.${namespace}.apps.tmux = {
enable = mkEnableOption "tmux"; enable = mkEnableOption "tmux";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = [pkgs.tmux-sessionizer]; home.packages = [ pkgs.tmux-sessionizer ];
catppuccin.tmux = { catppuccin.tmux = {
enable = true; enable = true;
@ -102,6 +104,6 @@ in {
''; '';
}; };
xdg.configFile."tms/config.toml".source = (pkgs.formats.toml {}).generate "tms-config" tmsConfig; xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig;
}; };
} }

14
modules/home/fonts/default.nix
View file

@ -4,9 +4,11 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.fonts; cfg = config.${namespace}.fonts;
in { in
{
options.${namespace}.fonts = { options.${namespace}.fonts = {
enable = lib.mkEnableOption "font config"; enable = lib.mkEnableOption "font config";
}; };
@ -24,10 +26,10 @@ in {
fonts.fontconfig = { fonts.fontconfig = {
enable = true; enable = true;
defaultFonts = { defaultFonts = {
monospace = ["Hack Nerd Font"]; monospace = [ "Hack Nerd Font" ];
emoji = ["Noto Color Emoji"]; emoji = [ "Noto Color Emoji" ];
serif = ["Noto Serif"]; serif = [ "Noto Serif" ];
sansSerif = ["Noto Sans"]; sansSerif = [ "Noto Sans" ];
}; };
}; };
}; };

21
modules/home/home/default.nix
View file

@ -1,10 +1,11 @@
{ {
config, config,
lib, lib,
osConfig ? {}, osConfig ? { },
namespace, namespace,
... ...
}: { }:
{
options.${namespace} = { options.${namespace} = {
isHeadless = lib.mkOption { isHeadless = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@ -20,15 +21,13 @@
}; };
config = lib.mkMerge [ config = lib.mkMerge [
( (lib.mkIf (!config.${namespace}.isHeadless) {
lib.mkIf (!config.${namespace}.isHeadless) { ${namespace} = {
${namespace} = { programs.firefox.enable = true;
programs.firefox.enable = true; programs.kitty.enable = true;
programs.kitty.enable = true; windowManagers.sway.enable = true;
windowManagers.sway.enable = true; };
}; })
}
)
(lib.mkIf (config.${namespace}.installDefaults) { (lib.mkIf (config.${namespace}.installDefaults) {
${namespace} = { ${namespace} = {
apps = { apps = {

6
modules/home/programs/firefox/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.firefox; cfg = config.${namespace}.programs.firefox;
in { in
{
options.${namespace}.programs.firefox = { options.${namespace}.programs.firefox = {
enable = mkEnableOption "firefox"; enable = mkEnableOption "firefox";
}; };

8
modules/home/programs/fuzzel/default.nix
View file

@ -4,15 +4,17 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.fuzzel; cfg = config.${namespace}.programs.fuzzel;
in { in
{
options.${namespace}.programs.fuzzel = { options.${namespace}.programs.fuzzel = {
enable = lib.mkEnableOption "fuzzel"; enable = lib.mkEnableOption "fuzzel";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = [pkgs.bemoji]; home.packages = [ pkgs.bemoji ];
catppuccin.fuzzel.enable = true; catppuccin.fuzzel.enable = true;
programs.fuzzel.enable = true; programs.fuzzel.enable = true;

6
modules/home/programs/fzf/default.nix
View file

@ -3,9 +3,11 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.fzf; cfg = config.${namespace}.programs.fzf;
in { in
{
options.${namespace}.programs.fzf = { options.${namespace}.programs.fzf = {
enable = lib.mkEnableOption "fzf"; enable = lib.mkEnableOption "fzf";
}; };

10
modules/home/programs/gpg/default.nix
View file

@ -5,11 +5,13 @@
namespace, namespace,
system, system,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.gpg; cfg = config.${namespace}.programs.gpg;
in { in
{
options.${namespace}.programs.gpg = { options.${namespace}.programs.gpg = {
enable = mkEnableOption "gpg"; enable = mkEnableOption "gpg";
}; };
@ -33,9 +35,7 @@ in {
services.gpg-agent = mkIf (system == "x86_64-linux") { services.gpg-agent = mkIf (system == "x86_64-linux") {
enable = true; enable = true;
pinentryPackage = pinentryPackage =
if config.${namespace}.windowManagers.sway.enable if config.${namespace}.windowManagers.sway.enable then pkgs.pinentry-qt else pkgs.pinentry-curses;
then pkgs.pinentry-qt
else pkgs.pinentry-curses;
enableZshIntegration = true; enableZshIntegration = true;
enableSshSupport = true; enableSshSupport = true;
sshKeys = [ sshKeys = [

6
modules/home/programs/k9s/default.nix
View file

@ -3,9 +3,11 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.k9s; cfg = config.${namespace}.programs.k9s;
in { in
{
options.${namespace}.programs.k9s = { options.${namespace}.programs.k9s = {
enable = lib.mkEnableOption "k9s"; enable = lib.mkEnableOption "k9s";
}; };

6
modules/home/programs/kitty/default.nix
View file

@ -4,11 +4,13 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.kitty; cfg = config.${namespace}.programs.kitty;
in { in
{
options.${namespace}.programs.kitty = { options.${namespace}.programs.kitty = {
enable = mkEnableOption "kitty"; enable = mkEnableOption "kitty";
}; };

36
modules/home/programs/neovim/default.nix
View file

@ -4,9 +4,11 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.neovim; cfg = config.${namespace}.programs.neovim;
in { in
{
options.${namespace}.programs.neovim = { options.${namespace}.programs.neovim = {
enable = lib.mkEnableOption "neovim"; enable = lib.mkEnableOption "neovim";
lazygit.enable = lib.mkOption { lazygit.enable = lib.mkOption {
@ -21,19 +23,21 @@ in {
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (
{home.packages = [pkgs.neovim];} lib.mkMerge [
(lib.mkIf cfg.lazygit.enable { { home.packages = [ pkgs.neovim ]; }
programs.zsh.shellAliases = { (lib.mkIf cfg.lazygit.enable {
nvim = "${pkgs.neovim}/bin/nvim --listen /tmp/nvim-server.pipe"; programs.zsh.shellAliases = {
}; nvim = "${pkgs.neovim}/bin/nvim --listen /tmp/nvim-server.pipe";
};
programs.lazygit.settings.os = { programs.lazygit.settings.os = {
editCommand = "nvim"; editCommand = "nvim";
editCommandTemplate = '' editCommandTemplate = ''
{{editor}} --server /tmp/nvim-server.pipe --remote-tab {{filename}} {{editor}} --server /tmp/nvim-server.pipe --remote-tab {{filename}}
''; '';
}; };
}) })
]); ]
);
} }

8
modules/home/programs/rofi/default.nix
View file

@ -4,11 +4,13 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.rofi; cfg = config.${namespace}.programs.rofi;
in { in
{
options.${namespace}.programs.rofi = { options.${namespace}.programs.rofi = {
enable = mkEnableOption "rofi"; enable = mkEnableOption "rofi";
}; };
@ -19,7 +21,7 @@ in {
# TODO: How to ensure this font is installed? # TODO: How to ensure this font is installed?
font = "Hack Nerd Font 10"; font = "Hack Nerd Font 10";
catppuccin.enable = true; catppuccin.enable = true;
plugins = [pkgs.rofi-emoji]; plugins = [ pkgs.rofi-emoji ];
extraConfig = { extraConfig = {
show-icons = true; show-icons = true;
modi = "window,run,ssh,emoji"; modi = "window,run,ssh,emoji";

6
modules/home/programs/swaylock/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.programs.swaylock; cfg = config.${namespace}.programs.swaylock;
in { in
{
options.${namespace}.programs.swaylock = { options.${namespace}.programs.swaylock = {
enable = mkEnableOption "swaylock"; enable = mkEnableOption "swaylock";
}; };

44
modules/home/programs/waybar/default.nix
View file

@ -4,11 +4,18 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
inherit (lib) mkIf mkEnableOption mkOption types; let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.programs.waybar; cfg = config.${namespace}.programs.waybar;
in { in
{
options.aa.programs.waybar = { options.aa.programs.waybar = {
enable = mkEnableOption "waybar"; enable = mkEnableOption "waybar";
@ -33,8 +40,8 @@ in {
layer = "top"; layer = "top";
position = "bottom"; position = "bottom";
height = 20; height = 20;
modules-left = ["sway/workspaces"]; modules-left = [ "sway/workspaces" ];
modules-center = ["clock"]; modules-center = [ "clock" ];
modules-right = [ modules-right = [
"idle_inhibitor" "idle_inhibitor"
"temperature" "temperature"
@ -76,7 +83,11 @@ in {
temperature = { temperature = {
critical-threshold = 80; critical-threshold = 80;
format = "{icon}{temperatureC}°C"; format = "{icon}{temperatureC}°C";
format-icons = [" " " " " "]; format-icons = [
" "
" "
" "
];
thermal-zone = cfg.thermal-zone; thermal-zone = cfg.thermal-zone;
}; };
@ -99,7 +110,11 @@ in {
phone = " "; phone = " ";
portable = " "; portable = " ";
car = " "; car = " ";
default = [" " " " " "]; default = [
" "
" "
" "
];
}; };
tooltip-format = "{desc}, {volume}%"; tooltip-format = "{desc}, {volume}%";
# TODO: Figure out how to get pactl binary? # TODO: Figure out how to get pactl binary?
@ -118,7 +133,13 @@ in {
format-charging = "󰂄 {capacity}%"; format-charging = "󰂄 {capacity}%";
format-plugged = " "; format-plugged = " ";
format-alt = "{time} {icon}"; format-alt = "{time} {icon}";
format-icons = [" " " " " " " " " "]; format-icons = [
" "
" "
" "
" "
" "
];
}; };
memory = { memory = {
@ -127,7 +148,10 @@ in {
backlight = { backlight = {
format = "{icon} {percent}%"; format = "{icon} {percent}%";
format-icons = ["󰃞`" "󰃚"]; format-icons = [
"󰃞`"
"󰃚"
];
on-scroll-up = "light -A 1"; on-scroll-up = "light -A 1";
on-scroll-down = "light -U 1"; on-scroll-down = "light -U 1";
}; };
@ -168,6 +192,6 @@ in {
]; ];
}; };
wayland.windowManager.sway.config.bars = []; wayland.windowManager.sway.config.bars = [ ];
}; };
} }

6
modules/home/programs/yazi/default.nix
View file

@ -3,9 +3,11 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.yazi; cfg = config.${namespace}.programs.yazi;
in { in
{
options.${namespace}.programs.yazi = { options.${namespace}.programs.yazi = {
enable = lib.mkEnableOption "yazi"; enable = lib.mkEnableOption "yazi";
}; };

10
modules/home/programs/zoxide/default.nix
View file

@ -4,19 +4,21 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.zoxide; cfg = config.${namespace}.programs.zoxide;
in { in
{
options.${namespace}.programs.zoxide = { options.${namespace}.programs.zoxide = {
enable = lib.mkEnableOption "zoxide"; enable = lib.mkEnableOption "zoxide";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = [pkgs.zoxide]; home.packages = [ pkgs.zoxide ];
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;
options = ["--cmd cd"]; options = [ "--cmd cd" ];
}; };
}; };
} }

6
modules/home/services/gammastep/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.gammastep; cfg = config.${namespace}.services.gammastep;
in { in
{
options.${namespace}.services.gammastep = { options.${namespace}.services.gammastep = {
enable = mkEnableOption "gammastep"; enable = mkEnableOption "gammastep";
}; };

8
modules/home/services/playerctld/default.nix
View file

@ -4,17 +4,19 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.playerctld; cfg = config.${namespace}.services.playerctld;
in { in
{
options.${namespace}.services.playerctld = { options.${namespace}.services.playerctld = {
enable = mkEnableOption "playerctl"; enable = mkEnableOption "playerctl";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = [pkgs.playerctl]; home.packages = [ pkgs.playerctl ];
services.playerctld.enable = true; services.playerctld.enable = true;
}; };
} }

8
modules/home/services/swayidle/default.nix
View file

@ -4,17 +4,19 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.swayidle; cfg = config.${namespace}.services.swayidle;
in { in
{
options.${namespace}.services.swayidle = { options.${namespace}.services.swayidle = {
enable = mkEnableOption "swayidle"; enable = mkEnableOption "swayidle";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = [pkgs.swayidle]; home.packages = [ pkgs.swayidle ];
services.swayidle = { services.swayidle = {
enable = true; enable = true;

15
modules/home/services/swaync/default.nix
View file

@ -4,22 +4,29 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.swaync; cfg = config.${namespace}.services.swaync;
in { in
{
options.${namespace}.services.swaync = { options.${namespace}.services.swaync = {
enable = mkEnableOption "sway notification center"; enable = mkEnableOption "sway notification center";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = [pkgs.libnotify]; home.packages = [ pkgs.libnotify ];
services.swaync = { services.swaync = {
enable = true; enable = true;
settings = { settings = {
widgets = ["title" "dnd" "notifications" "mpris"]; widgets = [
"title"
"dnd"
"notifications"
"mpris"
];
}; };
}; };

6
modules/home/tools/direnv/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.tools.direnv; cfg = config.${namespace}.tools.direnv;
in { in
{
options.${namespace}.tools.direnv = { options.${namespace}.tools.direnv = {
enable = mkEnableOption "direnv"; enable = mkEnableOption "direnv";
}; };

6
modules/home/tools/eza/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.tools.eza; cfg = config.${namespace}.tools.eza;
in { in
{
options.${namespace}.tools.eza = { options.${namespace}.tools.eza = {
enable = mkEnableOption "eza"; enable = mkEnableOption "eza";
}; };

6
modules/home/tools/git/default.nix
View file

@ -4,11 +4,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption mkDefault; inherit (lib) mkIf mkEnableOption mkDefault;
cfg = config.${namespace}.tools.git; cfg = config.${namespace}.tools.git;
in { in
{
options.${namespace}.tools.git = { options.${namespace}.tools.git = {
enable = mkEnableOption "git"; enable = mkEnableOption "git";
userName = lib.options.mkOption { userName = lib.options.mkOption {

6
modules/home/tools/zsh/default.nix
View file

@ -5,11 +5,13 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.tools.zsh; cfg = config.${namespace}.tools.zsh;
in { in
{
options.${namespace}.tools.zsh = { options.${namespace}.tools.zsh = {
enable = mkEnableOption "zsh"; enable = mkEnableOption "zsh";
}; };

6
modules/nixos/apps/steam/default.nix
View file

@ -3,9 +3,11 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
cfg = config.aa.apps.steam; cfg = config.aa.apps.steam;
in { in
{
options.aa.apps.steam = { options.aa.apps.steam = {
enable = lib.options.mkEnableOption "steam"; enable = lib.options.mkEnableOption "steam";
}; };

6
modules/nixos/apps/yubikey/default.nix
View file

@ -3,11 +3,13 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.aa.apps.yubikey; cfg = config.aa.apps.yubikey;
in { in
{
options.aa.apps.yubikey = { options.aa.apps.yubikey = {
enable = mkEnableOption "yubikey"; enable = mkEnableOption "yubikey";
}; };

6
modules/nixos/archetypes/workstation/default.nix
View file

@ -2,11 +2,13 @@
config, config,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.aa.archetypes.workstation; cfg = config.aa.archetypes.workstation;
in { in
{
options.aa.archetypes.workstation = { options.aa.archetypes.workstation = {
enable = mkEnableOption "workstation archetype"; enable = mkEnableOption "workstation archetype";
}; };

8
modules/nixos/hardware/audio/default.nix
View file

@ -3,17 +3,19 @@
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.aa.hardware.audio; cfg = config.aa.hardware.audio;
in { in
{
options.aa.hardware.audio = { options.aa.hardware.audio = {
enable = mkEnableOption "audio"; enable = mkEnableOption "audio";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [pamixer]; environment.systemPackages = with pkgs; [ pamixer ];
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;

6
modules/nixos/hardware/bluetooth/default.nix
View file

@ -2,11 +2,13 @@
config, config,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.aa.hardware.bluetooth; cfg = config.aa.hardware.bluetooth;
in { in
{
options.aa.hardware.bluetooth = { options.aa.hardware.bluetooth = {
enable = mkEnableOption "bluetooth"; enable = mkEnableOption "bluetooth";
}; };

14
modules/nixos/hardware/logitech/default.nix
View file

@ -4,12 +4,14 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.logitech; cfg = config.${namespace}.hardware.logitech;
username = config.${namespace}.user.name; username = config.${namespace}.user.name;
in { in
{
options.${namespace}.hardware.logitech = { options.${namespace}.hardware.logitech = {
enable = mkEnableOption "logitech devices"; enable = mkEnableOption "logitech devices";
}; };
@ -22,13 +24,15 @@ in {
systemd.user.services.solaar = { systemd.user.services.solaar = {
description = "Linux device manager for Logitech devices"; description = "Linux device manager for Logitech devices";
documentation = ["https://pwr-solaar.github.io/Solaar/"]; documentation = [ "https://pwr-solaar.github.io/Solaar/" ];
partOf = ["graphical-session.target"]; partOf = [ "graphical-session.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.solaar}/bin/solaar -w hide"; ExecStart = "${pkgs.solaar}/bin/solaar -w hide";
}; };
}; };
systemd.user.services.solaar.wantedBy = mkIf config.home-manager.users.${username}.wayland.windowManager.sway.enable ["sway-session.target"]; systemd.user.services.solaar.wantedBy =
mkIf config.home-manager.users.${username}.wayland.windowManager.sway.enable
[ "sway-session.target" ];
}; };
} }

6
modules/nixos/hardware/tlp/default.nix
View file

@ -2,11 +2,13 @@
config, config,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.aa.hardware.tlp; cfg = config.aa.hardware.tlp;
in { in
{
options.aa.hardware.tlp = { options.aa.hardware.tlp = {
enable = mkEnableOption "tlp"; enable = mkEnableOption "tlp";
}; };

17
modules/nixos/home/default.nix
View file

@ -5,10 +5,12 @@
inputs, inputs,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkAliasDefinitions mkOption; inherit (lib) mkAliasDefinitions mkOption;
inherit (lib.types) attrs; inherit (lib.types) attrs;
in { in
{
imports = with inputs; [ imports = with inputs; [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
]; ];
@ -16,22 +18,22 @@ in {
options.${namespace}.home = { options.${namespace}.home = {
file = mkOption { file = mkOption {
type = attrs; type = attrs;
default = {}; default = { };
description = "A set of files to be manged by home-manager's <option>home.file</option> option."; description = "A set of files to be manged by home-manager's <option>home.file</option> option.";
}; };
configFile = mkOption { configFile = mkOption {
type = attrs; type = attrs;
default = {}; default = { };
description = "A set of files to be managed by home-manager's <option>xdg.configFile</option>."; description = "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
}; };
dataFile = mkOption { dataFile = mkOption {
type = attrs; type = attrs;
default = {}; default = { };
description = "A set of files to be managed by home-manager's <option>xdg.dataFile</option>."; description = "A set of files to be managed by home-manager's <option>xdg.dataFile</option>.";
}; };
extraOptions = mkOption { extraOptions = mkOption {
type = attrs; type = attrs;
default = {}; default = { };
description = "Options to pass directly to home-manager."; description = "Options to pass directly to home-manager.";
}; };
}; };
@ -50,8 +52,7 @@ in {
home-manager = { home-manager = {
useUserPackages = true; useUserPackages = true;
users.${config.aa.user.name} = users.${config.aa.user.name} = mkAliasDefinitions options.aa.home.extraOptions;
mkAliasDefinitions options.aa.home.extraOptions;
}; };
}; };
} }

77
modules/nixos/nix/default.nix
View file

@ -3,12 +3,19 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
inherit (lib) mkIf mkEnableOption mkOption types; let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.aa.nix; cfg = config.aa.nix;
selfHostedCacheHost = "https://cache.kilonull.com/"; selfHostedCacheHost = "https://cache.kilonull.com/";
in { in
{
options.aa.nix = { options.aa.nix = {
enable = mkEnableOption "manage nix configuration."; enable = mkEnableOption "manage nix configuration.";
package = mkOption { package = mkOption {
@ -26,37 +33,43 @@ in {
nixfmt-rfc-style nixfmt-rfc-style
]; ];
nix = let nix =
users = ["root" config.aa.user.name]; let
in { users = [
package = cfg.package; "root"
config.aa.user.name
];
in
{
package = cfg.package;
settings = { settings = {
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
trusted-users = users; trusted-users = users;
allowed-users = users; allowed-users = users;
builders-use-substitutes = cfg.useSelfhostedCache; builders-use-substitutes = cfg.useSelfhostedCache;
substituters = substituters =
if cfg.useSelfhostedCache if cfg.useSelfhostedCache then
then [ [
# TESTING # TESTING
"https://minio.kilonull.com/nix-store" "https://minio.kilonull.com/nix-store"
selfHostedCacheHost selfHostedCacheHost
] ]
else []; else
trusted-public-keys = [ ];
mkIf cfg.useSelfhostedCache trusted-public-keys = mkIf cfg.useSelfhostedCache [
["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="]; "gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="
];
};
# TODO: Configure distributedBuilds and buildMachines?
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 30d";
};
}; };
# TODO: Configure distributedBuilds and buildMachines?
gc = {
automatic = lib.mkDefault true;
dates = lib.mkDefault "weekly";
options = lib.mkDefault "--delete-older-than 30d";
};
};
}; };
} }

10
modules/nixos/programs/android-studio/default.nix
View file

@ -4,18 +4,20 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.programs.android-studio; cfg = config.${namespace}.programs.android-studio;
in { in
{
options.${namespace}.programs.android-studio = { options.${namespace}.programs.android-studio = {
enable = lib.mkEnableOption "Android Studio"; enable = lib.mkEnableOption "Android Studio";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
${namespace}.user.extraGroups = ["kvm"]; ${namespace}.user.extraGroups = [ "kvm" ];
programs.adb.enable = true; programs.adb.enable = true;
environment.systemPackages = [pkgs.android-studio]; environment.systemPackages = [ pkgs.android-studio ];
}; };
} }

15
modules/nixos/security/acme/default.nix
View file

@ -3,11 +3,18 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
inherit (lib) mkOption mkEnableOption mkIf types; let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.aa.security.acme; cfg = config.aa.security.acme;
in { in
{
options.aa.security.acme = { options.aa.security.acme = {
enable = mkEnableOption "Automatic Certificate Management Environment (ACME)"; enable = mkEnableOption "Automatic Certificate Management Environment (ACME)";
useStaging = mkOption { useStaging = mkOption {
@ -53,7 +60,7 @@ in {
# own DNS to make `lego` happy (will resolve names to a public IP). # own DNS to make `lego` happy (will resolve names to a public IP).
dnsResolver = "1.1.1.1:53"; dnsResolver = "1.1.1.1:53";
credentialsFile = cfg.dnsCredentialsFile; credentialsFile = cfg.dnsCredentialsFile;
extraDomainNames = mkIf cfg.isWildcard [("*." + cfg.domainName)]; extraDomainNames = mkIf cfg.isWildcard [ ("*." + cfg.domainName) ];
}; };
}; };
}; };

13
modules/nixos/services/adguardhome/default.nix
View file

@ -3,11 +3,18 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
inherit (lib) mkIf mkEnableOption mkOption types; let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.adguardhome; cfg = config.${namespace}.services.adguardhome;
in { in
{
options.${namespace}.services.adguardhome = { options.${namespace}.services.adguardhome = {
enable = mkEnableOption "adguardhome"; enable = mkEnableOption "adguardhome";
acmeCertName = mkOption { acmeCertName = mkOption {

13
modules/nixos/services/forgejo/default.nix
View file

@ -4,12 +4,19 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
inherit (lib) mkIf mkEnableOption mkOption types; let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.forgejo; cfg = config.${namespace}.services.forgejo;
forgejo_cfg = config.services.forgejo; forgejo_cfg = config.services.forgejo;
in { in
{
options.${namespace}.services.forgejo = { options.${namespace}.services.forgejo = {
enable = mkEnableOption "forgejo"; enable = mkEnableOption "forgejo";
domain = mkOption { domain = mkOption {

18
modules/nixos/services/grafana/default.nix
View file

@ -4,13 +4,20 @@
pkgs, pkgs,
namespace, namespace,
... ...
}: let }:
inherit (lib) mkIf mkEnableOption mkOption types; let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.grafana; cfg = config.${namespace}.services.grafana;
server_settings = config.services.grafana.settings.server; server_settings = config.services.grafana.settings.server;
grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards; grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards;
in { in
{
options.${namespace}.services.grafana = { options.${namespace}.services.grafana = {
enable = mkEnableOption "grafana"; enable = mkEnableOption "grafana";
acmeCertName = mkOption { acmeCertName = mkOption {
@ -120,7 +127,10 @@ in {
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [80 443]; allowedTCPPorts = [
80
443
];
}; };
}; };
} }

13
modules/nixos/services/hydra/default.nix
View file

@ -3,9 +3,11 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.services.hydra; cfg = config.${namespace}.services.hydra;
in { in
{
options.${namespace}.services.hydra = with lib; { options.${namespace}.services.hydra = with lib; {
enable = mkEnableOption "hydra"; enable = mkEnableOption "hydra";
hostname = mkOption { hostname = mkOption {
@ -72,7 +74,7 @@ in {
enable = true; enable = true;
hydraURL = "https://${cfg.hostname}"; hydraURL = "https://${cfg.hostname}";
notificationSender = "hydra@localhost"; notificationSender = "hydra@localhost";
buildMachinesFiles = []; buildMachinesFiles = [ ];
useSubstitutes = true; useSubstitutes = true;
extraConfig = '' extraConfig = ''
store_uri = s3://${cfg.s3Bucket}?compression=zstd&parallel-compression=true&write-nar-listing=1&ls-compression=br&log-compression=br&scheme=${cfg.s3Scheme}&endpoint=${cfg.s3Endpoint}&secret-key=${cfg.secretKeyPath} store_uri = s3://${cfg.s3Bucket}?compression=zstd&parallel-compression=true&write-nar-listing=1&ls-compression=br&log-compression=br&scheme=${cfg.s3Scheme}&endpoint=${cfg.s3Endpoint}&secret-key=${cfg.secretKeyPath}
@ -103,7 +105,10 @@ in {
"hydra" "hydra"
"hydra-www" "hydra-www"
]; ];
allowed-uris = ["github:" "git+https://git.alejandr0angul0.dev/"]; allowed-uris = [
"github:"
"git+https://git.alejandr0angul0.dev/"
];
}; };
}; };
} }

8
modules/nixos/services/loki/default.nix
View file

@ -3,10 +3,12 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.services.loki; cfg = config.${namespace}.services.loki;
loki = config.services.loki; loki = config.services.loki;
in { in
{
options.${namespace}.services.loki = with lib; { options.${namespace}.services.loki = with lib; {
enable = mkEnableOption "loki"; enable = mkEnableOption "loki";
}; };
@ -102,7 +104,7 @@ in {
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [loki.configuration.server.http_listen_port]; allowedTCPPorts = [ loki.configuration.server.http_listen_port ];
}; };
}; };
} }

6
modules/nixos/services/minio/default.nix
View file

@ -3,9 +3,11 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
cfg = config.${namespace}.services.minio; cfg = config.${namespace}.services.minio;
in { in
{
options.${namespace}.services.minio = with lib; { options.${namespace}.services.minio = with lib; {
enable = mkEnableOption "minio"; enable = mkEnableOption "minio";
acmeCertName = mkOption { acmeCertName = mkOption {

10
modules/nixos/services/mosquitto/default.nix
View file

@ -2,9 +2,11 @@
config, config,
lib, lib,
... ...
}: let }:
let
cfg = config.aa.services.mosquitto; cfg = config.aa.services.mosquitto;
in { in
{
options.aa.services.mosquitto = with lib; { options.aa.services.mosquitto = with lib; {
enable = mkEnableOption "home assistant"; enable = mkEnableOption "home assistant";
}; };
@ -36,7 +38,7 @@ in {
passwordFile = config.age.secrets.theengs_ble_mqtt.path; passwordFile = config.age.secrets.theengs_ble_mqtt.path;
}; };
teslamate = { teslamate = {
acl = ["readwrite teslamate/#"]; acl = [ "readwrite teslamate/#" ];
passwordFile = config.age.secrets.teslamate_mqtt.path; passwordFile = config.age.secrets.teslamate_mqtt.path;
}; };
}; };
@ -44,6 +46,6 @@ in {
]; ];
}; };
networking.firewall.allowedTCPPorts = [1883]; networking.firewall.allowedTCPPorts = [ 1883 ];
}; };
} }

19
modules/nixos/services/nix-serve/default.nix
View file

@ -3,9 +3,11 @@
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
cfg = config.aa.services.nix-serve; cfg = config.aa.services.nix-serve;
in { in
{
options.aa.services.nix-serve = with lib; { options.aa.services.nix-serve = with lib; {
enable = mkEnableOption "nix-serve"; enable = mkEnableOption "nix-serve";
domain_name = mkOption { domain_name = mkOption {
@ -28,11 +30,11 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
nix.settings = { nix.settings = {
allowed-users = ["nix-serve"]; allowed-users = [ "nix-serve" ];
trusted-users = ["nix-serve"]; trusted-users = [ "nix-serve" ];
}; };
environment.systemPackages = [pkgs.nix-serve]; environment.systemPackages = [ pkgs.nix-serve ];
services = { services = {
nix-serve = { nix-serve = {
@ -45,7 +47,7 @@ in {
enable = true; enable = true;
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" =
{ {
serverAliases = ["${cfg.subdomain_name}"]; serverAliases = [ "${cfg.subdomain_name}" ];
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port}; proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host; proxy_set_header Host $host;
@ -61,7 +63,10 @@ in {
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [80 443]; allowedTCPPorts = [
80
443
];
}; };
}; };
} }

11
modules/nixos/services/octoprint/default.nix
View file

@ -2,9 +2,11 @@
config, config,
lib, lib,
... ...
}: let }:
let
cfg = config.aa.services.octoprint; cfg = config.aa.services.octoprint;
in { in
{
options.aa.services.octoprint = with lib; { options.aa.services.octoprint = with lib; {
enable = mkEnableOption "octoprint"; enable = mkEnableOption "octoprint";
acmeCertName = mkOption { acmeCertName = mkOption {
@ -39,6 +41,9 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [
80
443
];
}; };
} }

22
modules/nixos/services/openssh/default.nix
View file

@ -3,17 +3,25 @@
lib, lib,
format, format,
... ...
}: let }:
inherit (lib) mkIf mkEnableOption mkOption mkDefault types; let
inherit (lib)
mkIf
mkEnableOption
mkOption
mkDefault
types
;
cfg = config.aa.services.openssh; cfg = config.aa.services.openssh;
default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2"; default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
in { in
{
options.aa.services.openssh = { options.aa.services.openssh = {
enable = mkEnableOption "ssh"; enable = mkEnableOption "ssh";
authorizedKeys = mkOption { authorizedKeys = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [default-key]; default = [ default-key ];
description = "The public keys to authorize"; description = "The public keys to authorize";
}; };
}; };
@ -23,11 +31,7 @@ in {
enable = true; enable = true;
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = mkDefault ( PermitRootLogin = mkDefault (if format == "install-iso" then "yes" else "no");
if format == "install-iso"
then "yes"
else "no"
);
}; };
}; };

6
modules/nixos/services/printing/default.nix
View file

@ -2,9 +2,11 @@
config, config,
lib, lib,
... ...
}: let }:
let
cfg = config.aa.apps.steam; cfg = config.aa.apps.steam;
in { in
{
options.aa.services.printing = with lib; { options.aa.services.printing = with lib; {
enable = mkEnableOption "printing"; enable = mkEnableOption "printing";
}; };

10
modules/nixos/services/prometheus/default.nix
View file

@ -2,12 +2,14 @@
config, config,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkIf; inherit (lib) mkIf;
cfg = config.aa.services.prometheus; cfg = config.aa.services.prometheus;
exporters = config.services.prometheus.exporters; exporters = config.services.prometheus.exporters;
in { in
{
options.aa.services.prometheus = with lib; { options.aa.services.prometheus = with lib; {
enable = mkEnableOption "prometheus"; enable = mkEnableOption "prometheus";
enableServer = mkOption { enableServer = mkOption {
@ -28,7 +30,7 @@ in {
exporters = { exporters = {
node = { node = {
enable = cfg.enableNodeExporter; enable = cfg.enableNodeExporter;
enabledCollectors = ["systemd"]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
openFirewall = true; openFirewall = true;
}; };
@ -52,7 +54,7 @@ in {
}; };
networking.firewall = mkIf cfg.enableServer { networking.firewall = mkIf cfg.enableServer {
allowedTCPPorts = [config.services.prometheus.port]; allowedTCPPorts = [ config.services.prometheus.port ];
}; };
}; };
} }

8
modules/nixos/services/promtail/default.nix
View file

@ -2,9 +2,11 @@
config, config,
lib, lib,
... ...
}: let }:
let
cfg = config.aa.services.promtail; cfg = config.aa.services.promtail;
in { in
{
options.aa.services.promtail = with lib; { options.aa.services.promtail = with lib; {
enable = mkEnableOption "promtail"; enable = mkEnableOption "promtail";
}; };
@ -38,7 +40,7 @@ in {
}; };
relabel_configs = [ relabel_configs = [
{ {
source_labels = ["__journal__systemd_unit"]; source_labels = [ "__journal__systemd_unit" ];
target_label = "unit"; target_label = "unit";
} }
]; ];

18
modules/nixos/services/tailscale/default.nix
View file

@ -3,11 +3,13 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkIf; inherit (lib) mkIf;
cfg = config.aa.services.tailscale; cfg = config.aa.services.tailscale;
in { in
{
options.aa.services.tailscale = with lib; { options.aa.services.tailscale = with lib; {
enable = mkEnableOption "tailscale"; enable = mkEnableOption "tailscale";
configureClientRouting = mkOption { configureClientRouting = mkOption {
@ -35,18 +37,14 @@ in {
tailscale tailscale
tailscale-systray tailscale-systray
]; ];
networking.firewall.allowedUDPPorts = [config.services.tailscale.port]; networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = mkIf (cfg.configureClientRouting || cfg.configureServerRouting) ( useRoutingFeatures = mkIf (cfg.configureClientRouting || cfg.configureServerRouting) (
if (cfg.configureClientRouting && cfg.configureServerRouting) if (cfg.configureClientRouting && cfg.configureServerRouting) then
then "both" "both"
else else
( (if cfg.configureClientRouting then "client" else "server")
if cfg.configureClientRouting
then "client"
else "server"
)
); );
}; };
}; };

21
modules/nixos/services/teslamate/default.nix
View file

@ -2,9 +2,11 @@
config, config,
lib, lib,
... ...
}: let }:
let
cfg = config.aa.services.teslamate; cfg = config.aa.services.teslamate;
in { in
{
options.aa.services.teslamate = with lib; { options.aa.services.teslamate = with lib; {
enable = mkEnableOption "teslamate"; enable = mkEnableOption "teslamate";
@ -104,7 +106,7 @@ in {
backend = "docker"; backend = "docker";
containers."teslamate" = { containers."teslamate" = {
image = "teslamate/teslamate:1.32"; image = "teslamate/teslamate:1.32";
environmentFiles = ["/var/lib/teslamate/env"]; environmentFiles = [ "/var/lib/teslamate/env" ];
environment = { environment = {
# TODO: Make this configurable # TODO: Make this configurable
PORT = "4000"; PORT = "4000";
@ -116,9 +118,12 @@ in {
MQTT_USERNAME = "teslamate"; MQTT_USERNAME = "teslamate";
TZ = "America/Los_Angeles"; TZ = "America/Los_Angeles";
}; };
extraOptions = ["--cap-drop=all" "--network=host"]; extraOptions = [
"--cap-drop=all"
"--network=host"
];
# TODO: Make this configurable # TODO: Make this configurable
ports = ["4000:4000"]; ports = [ "4000:4000" ];
}; };
}; };
@ -126,12 +131,12 @@ in {
isSystemUser = true; isSystemUser = true;
group = cfg.group; group = cfg.group;
}; };
users.groups.${cfg.group} = {}; users.groups.${cfg.group} = { };
services.postgresql = lib.optionalAttrs cfg.database.createDatabase { services.postgresql = lib.optionalAttrs cfg.database.createDatabase {
enable = lib.mkDefault true; enable = lib.mkDefault true;
ensureDatabases = [cfg.database.name]; ensureDatabases = [ cfg.database.name ];
ensureUsers = [ ensureUsers = [
{ {
name = cfg.database.user; name = cfg.database.user;
@ -157,6 +162,6 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [4000]; networking.firewall.allowedTCPPorts = [ 4000 ];
}; };
} }

8
modules/nixos/suites/desktop/default.nix
View file

@ -3,11 +3,13 @@
lib, lib,
namespace, namespace,
... ...
}: let }:
let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.suites.desktop; cfg = config.${namespace}.suites.desktop;
in { in
{
options.${namespace}.suites.desktop = { options.${namespace}.suites.desktop = {
enable = mkEnableOption "common desktop configuration"; enable = mkEnableOption "common desktop configuration";
}; };
@ -19,7 +21,7 @@ in {
# The following fixes an issue with using swaylcock as a home module # The following fixes an issue with using swaylcock as a home module
# Workaround for https://github.com/NixOS/nixpkgs/issues/158025 # Workaround for https://github.com/NixOS/nixpkgs/issues/158025
# This comment specifically: https://github.com/NixOS/nixpkgs/issues/158025#issuecomment-1344766809 # This comment specifically: https://github.com/NixOS/nixpkgs/issues/158025#issuecomment-1344766809
security.pam.services.swaylock = {}; security.pam.services.swaylock = { };
# Required for GUIs (like sway) to work correctly. # Required for GUIs (like sway) to work correctly.
hardware.graphics.enable = true; hardware.graphics.enable = true;

6
modules/nixos/suites/development/default.nix
View file

@ -3,10 +3,12 @@
lib, lib,
pkgs, pkgs,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.aa.suites.development; cfg = config.aa.suites.development;
in { in
{
options.aa.suites.development = { options.aa.suites.development = {
enable = mkEnableOption "common configuration"; enable = mkEnableOption "common configuration";
}; };

6
modules/nixos/suites/gaming/default.nix
View file

@ -5,9 +5,11 @@
pkgs, pkgs,
... ...
}: }:
with lib; let with lib;
let
cfg = config.aa.suites.gaming; cfg = config.aa.suites.gaming;
in { in
{
options.aa.suites.gaming = with lib.types; { options.aa.suites.gaming = with lib.types; {
enable = mkEnableOption "gaming configuration"; enable = mkEnableOption "gaming configuration";
}; };

8
modules/nixos/suites/utils/default.nix
View file

@ -4,11 +4,13 @@
pkgs, pkgs,
inputs, inputs,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.aa.suites.utils; cfg = config.aa.suites.utils;
in { in
{
options.aa.suites.utils = { options.aa.suites.utils = {
enable = mkEnableOption "common configuration"; enable = mkEnableOption "common configuration";
}; };
@ -38,6 +40,6 @@ in {
usbutils usbutils
wget wget
]) ])
++ [inputs.agenix.packages.x86_64-linux.default]; ++ [ inputs.agenix.packages.x86_64-linux.default ];
}; };
} }

6
modules/nixos/system/fonts/default.nix
View file

@ -5,9 +5,11 @@
lib, lib,
... ...
}: }:
with lib; let with lib;
let
cfg = config.aa.system.fonts; cfg = config.aa.system.fonts;
in { in
{
options.aa.system.fonts = with types; { options.aa.system.fonts = with types; {
enable = mkEnableOption "manage fonts"; enable = mkEnableOption "manage fonts";
}; };

6
modules/nixos/system/monitoring/default.nix
View file

@ -3,11 +3,13 @@
pkgs, pkgs,
lib, lib,
... ...
}: let }:
let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.aa.system.monitoring; cfg = config.aa.system.monitoring;
in { in
{
options.aa.system.monitoring = { options.aa.system.monitoring = {
enable = mkEnableOption "monitoring"; enable = mkEnableOption "monitoring";
}; };

8
modules/nixos/system/zfs/default.nix
View file

@ -5,16 +5,18 @@
lib, lib,
... ...
}: }:
with lib; let with lib;
let
cfg = config.aa.system.zfs; cfg = config.aa.system.zfs;
in { in
{
options.aa.system.zfs = with types; { options.aa.system.zfs = with types; {
enable = mkEnableOption "zfs"; enable = mkEnableOption "zfs";
# TODO: Introduce a zfsOnRoot option # TODO: Introduce a zfsOnRoot option
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [pkgs.zfs-prune-snapshots]; environment.systemPackages = [ pkgs.zfs-prune-snapshots ];
services.zfs = { services.zfs = {
autoScrub.enable = true; autoScrub.enable = true;

31
modules/nixos/user/default.nix
View file

@ -5,9 +5,11 @@
lib, lib,
... ...
}: }:
with lib; let with lib;
let
cfg = config.aa.user; cfg = config.aa.user;
in { in
{
options.aa.user = with types; { options.aa.user = with types; {
name = mkOption { name = mkOption {
type = str; type = str;
@ -26,12 +28,15 @@ in {
}; };
extraGroups = mkOption { extraGroups = mkOption {
type = listOf str; type = listOf str;
default = ["video" "networkmanager"]; default = [
"video"
"networkmanager"
];
description = "Groups to for the user to be assigned."; description = "Groups to for the user to be assigned.";
}; };
extraOptions = mkOption { extraOptions = mkOption {
type = attrs; type = attrs;
default = {}; default = { };
description = "Extra options passed to <option>users.users.<name></option>."; description = "Extra options passed to <option>users.users.<name></option>.";
}; };
}; };
@ -42,19 +47,17 @@ in {
# Refer to modules/tools/zsh/default.nix # Refer to modules/tools/zsh/default.nix
programs.zsh.enable = true; programs.zsh.enable = true;
users.users.${cfg.name} = users.users.${cfg.name} = {
{ isNormalUser = true;
isNormalUser = true;
inherit (cfg) name; inherit (cfg) name;
home = "/home/${cfg.name}"; home = "/home/${cfg.name}";
group = "users"; group = "users";
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = ["wheel"] ++ cfg.extraGroups; extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} } // cfg.extraOptions;
// cfg.extraOptions;
}; };
} }

3
overlays/neovim/default.nix
View file

@ -1,3 +1,4 @@
{nixvim, ...}: (final: prev: { { nixvim, ... }:
(final: prev: {
neovim = nixvim.packages.${prev.system}.default; neovim = nixvim.packages.${prev.system}.default;
}) })

82
packages/teslamate/default.nix
View file

@ -7,7 +7,8 @@
nodejs, nodejs,
breakpointHook, breakpointHook,
... ...
}: let }:
let
pname = "teslamate"; pname = "teslamate";
version = "1.28.2"; version = "1.28.2";
@ -23,29 +24,29 @@
overrides = ( overrides = (
final: prev: final: prev:
(lib.mapAttrs (lib.mapAttrs (
(_: value: _: value:
value.override { value.override {
appConfigPath = src + "/config"; appConfigPath = src + "/config";
})
prev)
// {
ex_cldr = prev.ex_cldr.overrideAttrs (old: rec {
# Copied from https://github.com/NixOS/nixpkgs/blob/d8fd23629b3910e8bdbd313e29532d3e33dd73d5/pkgs/servers/mobilizon/default.nix#L34-L47
version = "2.37.5";
# We have to use the GitHub sources, as it otherwise tries to download
# the locales at build time.
src = fetchFromGitHub {
owner = "elixir-cldr";
repo = "cldr";
rev = "v${version}";
sha256 = "sha256-T5Qvuo+xPwpgBsqHNZYnTCA4loToeBn1LKTMsDcCdYs=";
};
postInstall = ''
cp $src/priv/cldr/locales/* $out/lib/erlang/lib/ex_cldr-${old.version}/priv/cldr/locales/
'';
});
} }
) prev)
// {
ex_cldr = prev.ex_cldr.overrideAttrs (old: rec {
# Copied from https://github.com/NixOS/nixpkgs/blob/d8fd23629b3910e8bdbd313e29532d3e33dd73d5/pkgs/servers/mobilizon/default.nix#L34-L47
version = "2.37.5";
# We have to use the GitHub sources, as it otherwise tries to download
# the locales at build time.
src = fetchFromGitHub {
owner = "elixir-cldr";
repo = "cldr";
rev = "v${version}";
sha256 = "sha256-T5Qvuo+xPwpgBsqHNZYnTCA4loToeBn1LKTMsDcCdYs=";
};
postInstall = ''
cp $src/priv/cldr/locales/* $out/lib/erlang/lib/ex_cldr-${old.version}/priv/cldr/locales/
'';
});
}
); );
}; };
@ -54,7 +55,7 @@
inherit version; inherit version;
src = "${src}/assets"; src = "${src}/assets";
npmDepsHash = "sha256-h92i/cRf4I0c4vUc6oBt5T4yvM0JNQMkoDy2YHcVWS4="; npmDepsHash = "sha256-h92i/cRf4I0c4vUc6oBt5T4yvM0JNQMkoDy2YHcVWS4=";
patches = [./deploy_output.patch]; patches = [ ./deploy_output.patch ];
dontNpmBuild = true; dontNpmBuild = true;
installPhase = '' installPhase = ''
runHook preinstall runHook preinstall
@ -74,20 +75,25 @@
''; '';
}; };
in in
beamPackages.mixRelease { beamPackages.mixRelease {
inherit pname version src mixNixDeps; inherit
pname
version
src
mixNixDeps
;
nativeBuildInputs = [nodejs]; nativeBuildInputs = [ nodejs ];
preBuild = '' preBuild = ''
mkdir -p priv/static/assets mkdir -p priv/static/assets
# assets patched to write to scripts/deploy_output # assets patched to write to scripts/deploy_output
cp -r ${assets}/scripts/deploy_output ./priv/static/assets cp -r ${assets}/scripts/deploy_output ./priv/static/assets
''; '';
postBuild = '' postBuild = ''
# for external task you need a workaround for the no deps check flag # for external task you need a workaround for the no deps check flag
# https://github.com/phoenixframework/phoenix/issues/2690 # https://github.com/phoenixframework/phoenix/issues/2690
mix do deps.loadpaths --no-deps-check phx.digest, release --overwrite mix do deps.loadpaths --no-deps-check phx.digest, release --overwrite
''; '';
} }

1257
packages/teslamate/mix.nix
View file

File diff suppressed because it is too large Load diff

7
secrets/age-yubikey-identity-508106ce.txt Normal file
View file

@ -0,0 +1,7 @@
# Serial: 20472382, Slot: 1
# Name: age_alejandro
# Created: Fri, 30 Jun 2023 03:32:36 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Always (A physical touch is required for every decryption)
# Recipient: age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25
AGE-PLUGIN-YUBIKEY-18E3RSQVZ2ZQSDNS67QTTC

79
secrets/secrets.nix
View file

@ -9,18 +9,69 @@ let
proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl"; proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN"; git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN";
}; };
in { in
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy]; {
"gitea-runner-gospel.age".publicKeys = [users.me machines.gospel]; "cf_dns_kilonull.age".publicKeys = [
"hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; users.me
"hydra-aws-creds.age".publicKeys = [users.me machines.gospel]; machines.node
"nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel]; machines.gospel
"nextcloud_restic_env.age".publicKeys = [users.me machines.node]; machines.pi4
"nextcloud_restic_password.age".publicKeys = [users.me machines.node]; machines.proxy
"nextcloud_restic_repo.age".publicKeys = [users.me machines.node]; ];
"tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update "gitea-runner-gospel.age".publicKeys = [
"teslamate_db.age".publicKeys = [users.me machines.node machines.gospel]; users.me
"teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel]; machines.gospel
"teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel]; ];
"theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel]; "hass_mqtt.age".publicKeys = [
users.me
machines.pi4
machines.node
machines.gospel
];
"hydra-aws-creds.age".publicKeys = [
users.me
machines.gospel
];
"nextcloud_admin.age".publicKeys = [
users.me
machines.node
machines.gospel
];
"nextcloud_restic_env.age".publicKeys = [
users.me
machines.node
];
"nextcloud_restic_password.age".publicKeys = [
users.me
machines.node
];
"nextcloud_restic_repo.age".publicKeys = [
users.me
machines.node
];
"tailscale_git_server.age".publicKeys = [
users.me
machines.git
]; # This key expires, might have to update
"teslamate_db.age".publicKeys = [
users.me
machines.node
machines.gospel
];
"teslamate_encryption.age".publicKeys = [
users.me
machines.node
machines.gospel
];
"teslamate_mqtt.age".publicKeys = [
users.me
machines.pi4
machines.node
machines.gospel
];
"theengs_ble_mqtt.age".publicKeys = [
users.me
machines.pi4
machines.gospel
];
} }

11
systems/aarch64-linux/pi4/default.nix
View file

@ -4,7 +4,8 @@
inputs, inputs,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix") (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
@ -15,8 +16,7 @@
# See here: https://github.com/NixOS/nixpkgs/issues/109280#issuecomment-973636212 # See here: https://github.com/NixOS/nixpkgs/issues/109280#issuecomment-973636212
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: super: { (final: super: {
makeModulesClosure = x: makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
super.makeModulesClosure (x // {allowMissing = true;});
}) })
]; ];
@ -57,7 +57,10 @@
hostName = "pi4"; hostName = "pi4";
useDHCP = false; useDHCP = false;
defaultGateway = "192.168.113.1"; defaultGateway = "192.168.113.1";
nameservers = ["192.168.113.13" "1.1.1.1"]; nameservers = [
"192.168.113.13"
"1.1.1.1"
];
interfaces.end0.ipv4.addresses = [ interfaces.end0.ipv4.addresses = [
{ {
address = "192.168.113.42"; address = "192.168.113.42";

3
systems/x86_64-do/minimal/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
aa = { aa = {
nix.enable = true; nix.enable = true;

87
systems/x86_64-linux/carbon/hardware-configuration-zfs.nix
View file

@ -7,104 +7,151 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-intel"]; "nvme"
boot.extraModulePackages = []; "usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "rpool_/nixos/ROOT/default"; device = "rpool_/nixos/ROOT/default";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "bpool_/nixos/BOOT/default"; device = "bpool_/nixos/BOOT/default";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "rpool_/nixos/DATA/default/home"; device = "rpool_/nixos/DATA/default/home";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/root" = { fileSystems."/root" = {
device = "rpool_/nixos/DATA/default/root"; device = "rpool_/nixos/DATA/default/root";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/srv" = { fileSystems."/srv" = {
device = "rpool_/nixos/DATA/default/srv"; device = "rpool_/nixos/DATA/default/srv";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/usr/local" = { fileSystems."/usr/local" = {
device = "rpool_/nixos/DATA/default/usr/local"; device = "rpool_/nixos/DATA/default/usr/local";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/var/log" = { fileSystems."/var/log" = {
device = "rpool_/nixos/DATA/default/var/log"; device = "rpool_/nixos/DATA/default/var/log";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/var/spool" = { fileSystems."/var/spool" = {
device = "rpool_/nixos/DATA/default/var/spool"; device = "rpool_/nixos/DATA/default/var/spool";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "rpool_/nixos/DATA/local/nix"; device = "rpool_/nixos/DATA/local/nix";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/state" = { fileSystems."/state" = {
device = "rpool_/nixos/DATA/default/state"; device = "rpool_/nixos/DATA/default/state";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/etc/nixos" = { fileSystems."/etc/nixos" = {
device = "/state/etc/nixos"; device = "/state/etc/nixos";
fsType = "none"; fsType = "none";
options = ["bind"]; options = [ "bind" ];
}; };
fileSystems."/etc/cryptkey.d" = { fileSystems."/etc/cryptkey.d" = {
device = "/state/etc/cryptkey.d"; device = "/state/etc/cryptkey.d";
fsType = "none"; fsType = "none";
options = ["bind"]; options = [ "bind" ];
}; };
fileSystems."/boot/efis/nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX1K539085-part1" = { fileSystems."/boot/efis/nvme-SAMSUNG_MZVLW256HEHP-000L7_S35ENX1K539085-part1" = {
device = "/dev/disk/by-uuid/F429-235F"; device = "/dev/disk/by-uuid/F429-235F";
fsType = "vfat"; fsType = "vfat";
options = ["x-systemd.idle-timeout=1min" "x-systemd.automount" "noauto"]; options = [
"x-systemd.idle-timeout=1min"
"x-systemd.automount"
"noauto"
];
}; };
fileSystems."/boot/efis/nvme-WDC_PC_SN520_SDAPTUW-512G_182747800010-part1" = { fileSystems."/boot/efis/nvme-WDC_PC_SN520_SDAPTUW-512G_182747800010-part1" = {
device = "/dev/disk/by-uuid/F429-AB41"; device = "/dev/disk/by-uuid/F429-AB41";
fsType = "vfat"; fsType = "vfat";
options = ["x-systemd.idle-timeout=1min" "x-systemd.automount" "noauto"]; options = [
"x-systemd.idle-timeout=1min"
"x-systemd.automount"
"noauto"
];
}; };
fileSystems."/var/lib/docker" = { fileSystems."/var/lib/docker" = {
device = "rpool_/nixos/DATA/default/var/lib/docker"; device = "rpool_/nixos/DATA/default/var/lib/docker";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

5
systems/x86_64-linux/carbon/zfs.nix
View file

@ -1,5 +1,6 @@
{pkgs, ...}: { { pkgs, ... }:
boot.supportedFilesystems = ["zfs"]; {
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "b2d25606"; networking.hostId = "b2d25606";
boot.zfs.devNodes = "/dev/disk/by-id"; boot.zfs.devNodes = "/dev/disk/by-id";
swapDevices = [ swapDevices = [

10
systems/x86_64-linux/git/default.nix
View file

@ -2,11 +2,13 @@
inputs, inputs,
config, config,
... ...
}: let }:
let
domain = "git.alejandr0angul0.dev"; domain = "git.alejandr0angul0.dev";
secrets = config.age.secrets; secrets = config.age.secrets;
in { in
imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"]; {
imports = [ "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix" ];
age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age; age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
@ -38,7 +40,7 @@ in {
services.tailscale = { services.tailscale = {
authKeyFile = secrets.authKeyFile.path; authKeyFile = secrets.authKeyFile.path;
extraUpFlags = ["--ssh"]; extraUpFlags = [ "--ssh" ];
}; };
security.acme = { security.acme = {

38
systems/x86_64-linux/gospel/hardware-configuration.nix
View file

@ -6,37 +6,57 @@
lib, lib,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-intel"]; "ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = { fileSystems."/" = {
device = "rpool/nixos/root"; device = "rpool/nixos/root";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "rpool/nixos/home"; device = "rpool/nixos/home";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/var/lib" = { fileSystems."/var/lib" = {
device = "rpool/nixos/var/lib"; device = "rpool/nixos/var/lib";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/var/log" = { fileSystems."/var/log" = {
device = "rpool/nixos/var/log"; device = "rpool/nixos/var/log";
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = [
"zfsutil"
"X-mount.mkdir"
];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
@ -44,7 +64,7 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

5
systems/x86_64-linux/gospel/zfs.nix
View file

@ -1,5 +1,6 @@
{...}: { { ... }:
boot.supportedFilesystems = ["zfs"]; {
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "f8616592"; networking.hostId = "f8616592";
boot.loader.efi.canTouchEfiVariables = false; boot.loader.efi.canTouchEfiVariables = false;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

20
systems/x86_64-linux/node/hardware-configuration.nix
View file

@ -7,15 +7,23 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: { }:
{
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; boot.initrd.availableKernelModules = [
boot.initrd.kernelModules = []; "xhci_pci"
boot.kernelModules = ["kvm-amd"]; "ahci"
boot.extraModulePackages = []; "nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
@ -27,7 +35,7 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

7
systems/x86_64-linux/node/zfs.nix
View file

@ -2,8 +2,9 @@
config, config,
pkgs, pkgs,
... ...
}: { }:
boot.supportedFilesystems = ["zfs"]; {
boot.zfs.extraPools = ["tank"]; boot.supportedFilesystems = [ "zfs" ];
boot.zfs.extraPools = [ "tank" ];
networking.hostId = "db616c9e"; networking.hostId = "db616c9e";
} }

11
systems/x86_64-vm/virt/default.nix
View file

@ -3,8 +3,9 @@
lib, lib,
... ...
}: }:
with lib; { with lib;
virtualisation.qemu.options = ["-vga qxl"]; {
virtualisation.qemu.options = [ "-vga qxl" ];
# For sway to work with home manager # For sway to work with home manager
security.polkit.enable = true; security.polkit.enable = true;
@ -23,7 +24,7 @@ with lib; {
users.users.virt = { users.users.virt = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = [ "wheel" ];
hashedPassword = "$6$nOlwKVf1u0Wt//zU$43xhafbe2CAWTjOemAUm1J1Dpw7to0ZTbGhFk7CkVTRB3E80a1lhhQ175VnkcJ/X1HI6lsyV8fNMc3GF7JTAP0"; hashedPassword = "$6$nOlwKVf1u0Wt//zU$43xhafbe2CAWTjOemAUm1J1Dpw7to0ZTbGhFk7CkVTRB3E80a1lhhQ175VnkcJ/X1HI6lsyV8fNMc3GF7JTAP0";
}; };
@ -31,6 +32,8 @@ with lib; {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
wayland-utils wayland-utils
]; ];
variables = {"WLR_RENDERER_ALLOW_SOFTWARE" = "1";}; variables = {
"WLR_RENDERER_ALLOW_SOFTWARE" = "1";
};
}; };
} }