alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Misc updates

Browse source
This commit is contained in:
alejandro-angulo 2025-03-31 22:33:40 -07:00
parent 0b5ca6d22c
commit f51256c3ae
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
5 changed files with 127 additions and 288 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

235
flake.lock
View file

@ -27,20 +27,14 @@
},
"catppuccin": {
"inputs": {
"catppuccin-v1_1": "catppuccin-v1_1",
"catppuccin-v1_2": "catppuccin-v1_2",
"home-manager": "home-manager",
"home-manager-stable": "home-manager-stable",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nuscht-search": "nuscht-search"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1736957255,
"narHash": "sha256-qZZ/K5XheRMjCNYgle90QESuys0PIFJNPJJswMJ0GEA=",
"lastModified": 1741732420,
"narHash": "sha256-szO/TCc+UrjEtxi4K3GyoAv5/DKDkUeRtpTZTJY+zI4=",
"owner": "catppuccin",
"repo": "nix",
"rev": "f06fcadf9a61b6581b392e72f230fa6783fe36e4",
"rev": "a3f70463fb5e3df32d2d52a2705606db03843de2",
"type": "github"
},
"original": {
@ -49,34 +43,6 @@
"type": "github"
}
},
"catppuccin-v1_1": {
"locked": {
"lastModified": 1734055249,
"narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=",
"rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7",
"revCount": 326,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz"
}
},
"catppuccin-v1_2": {
"locked": {
"lastModified": 1734734291,
"narHash": "sha256-CFX4diEQHKvZYjnhf7TLg20m3ge1O4vqgplsk/Kuaek=",
"rev": "1e4c3803b8da874ff75224ec8512cb173036bbd8",
"revCount": 344,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.1/0193e646-1107-7f69-a402-f2a3988ecf1d/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
@ -209,7 +175,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
@ -227,7 +193,7 @@
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_3"
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1715533576,
@ -248,24 +214,6 @@
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
@ -334,58 +282,15 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"catppuccin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1736508663,
"narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=",
"lastModified": 1741701235,
"narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-stable": {
"inputs": {
"nixpkgs": [
"catppuccin",
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737188535,
"narHash": "sha256-O2ttwW1/dUc/Y+Rf48Njtr4tZpRJhy8FhafikekIjMY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1e36429705f9af2d00a517ba46a4f21ef8a8194f",
"rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
"type": "github"
},
"original": {
@ -395,7 +300,7 @@
"type": "github"
}
},
"home-manager_3": {
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixvim",
@ -418,34 +323,6 @@
}
},
"ixx": {
"inputs": {
"flake-utils": [
"catppuccin",
"nuscht-search",
"flake-utils"
],
"nixpkgs": [
"catppuccin",
"nuscht-search",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"repo": "ixx",
"type": "github"
}
},
"ixx_2": {
"inputs": {
"flake-utils": [
"nixvim",
@ -520,11 +397,11 @@
]
},
"locked": {
"lastModified": 1737057290,
"narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
"lastModified": 1740947705,
"narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
"rev": "507911df8c35939050ae324caccc7cf4ffb76565",
"type": "github"
},
"original": {
@ -535,11 +412,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1736978406,
"narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=",
"lastModified": 1741325094,
"narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "b678606690027913f3434dea3864e712b862dde5",
"rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16",
"type": "github"
},
"original": {
@ -551,11 +428,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"lastModified": 1741246872,
"narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"rev": "10069ef4cf863633f57238f179a0297de84bd8d3",
"type": "github"
},
"original": {
@ -577,29 +454,13 @@
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1736061677,
"narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1737062831,
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"lastModified": 1741513245,
"narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
"type": "github"
},
"original": {
@ -654,7 +515,7 @@
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"home-manager": "home-manager_3",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_3",
"nuschtosSearch": "nuschtosSearch",
@ -674,33 +535,10 @@
"type": "github"
}
},
"nuscht-search": {
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"nixpkgs": [
"catppuccin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735854821,
"narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=",
"owner": "NuschtOS",
"repo": "search",
"rev": "836908e3bddd837ae0f13e215dd48767aee355f0",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx_2",
"nixpkgs": [
"nixvim",
"nixvim",
@ -724,11 +562,11 @@
"powerlevel10k": {
"flake": false,
"locked": {
"lastModified": 1736162665,
"narHash": "sha256-6tWuayZgQd9pUrD3xKlUSmOFQCgZ96G3DB8ojgZ/a78=",
"lastModified": 1738157299,
"narHash": "sha256-isxgLWpbBuNoETXCOlJ4nwGSxMwCjoVF5D0dMZWtM5s=",
"owner": "romkatv",
"repo": "powerlevel10k",
"rev": "3e2053a9341fe4cf5ab69909d3f39d53b1dfe772",
"rev": "8fa10f43a0f65a5e15417128be63e68e1d5b1f66",
"type": "github"
},
"original": {
@ -743,7 +581,7 @@
"agenix": "agenix",
"catppuccin": "catppuccin",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
@ -835,21 +673,6 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -874,7 +697,7 @@
},
"utils": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,

33
modules/nixos/services/homeassistant/default.nix
View file

@ -4,12 +4,19 @@
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.${namespace}.services.homeassistant;
hass_cfg = config.services.home-assistant;
in {
in
{
options.${namespace}.services.homeassistant = {
enable = mkEnableOption "home assistant";
acmeCertName = mkOption {
@ -25,14 +32,24 @@ in {
config = mkIf cfg.enable {
services.home-assistant = {
enable = true;
extraPackages = python3packages:
with python3packages; [
extraPackages =
python3packages: with python3packages; [
# postgresql support
psycopg2
# homekit support
hap-python
];
extraComponents = [
"3_day_blinds"
"motion_blinds"
"opower"
"smud"
"cast"
"homekit_controller"
"hue"
"met"
"mqtt"
@ -46,10 +63,10 @@ in {
];
config = {
default_config = {};
default_config = { };
http = {
use_x_forwarded_for = true;
trusted_proxies = ["127.0.0.1"];
trusted_proxies = [ "127.0.0.1" ];
};
recorder.db_url = "postgresql://@/hass";
@ -75,7 +92,7 @@ in {
};
services.postgresql = {
ensureDatabases = ["hass"];
ensureDatabases = [ "hass" ];
ensureUsers = [
{
name = "hass";

70
modules/nixos/services/nextcloud/default.nix
View file

@ -3,7 +3,8 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.aa.services.nextcloud;
secrets = config.age.secrets;
@ -15,7 +16,8 @@
group = "nextcloud";
};
};
in {
in
{
options.aa.services.nextcloud = with lib; {
enable = mkEnableOption "nextcloud";
acmeCertName = mkOption {
@ -29,28 +31,30 @@ in {
};
config = lib.mkIf cfg.enable {
age.secrets = builtins.listToAttrs (builtins.map (attrs: mkNextcloudSecret attrs) [
{
name = "restic/password";
path = ../../../../secrets/nextcloud_restic_password.age;
}
{
name = "restic/env";
path = ../../../../secrets/nextcloud_restic_env.age;
}
{
name = "restic/repo";
path = ../../../../secrets/nextcloud_restic_repo.age;
}
{
name = "nextcloud_admin";
path = ../../../../secrets/nextcloud_admin.age;
}
]);
age.secrets = builtins.listToAttrs (
builtins.map (attrs: mkNextcloudSecret attrs) [
{
name = "restic/password";
path = ../../../../secrets/nextcloud_restic_password.age;
}
{
name = "restic/env";
path = ../../../../secrets/nextcloud_restic_env.age;
}
{
name = "restic/repo";
path = ../../../../secrets/nextcloud_restic_repo.age;
}
{
name = "nextcloud_admin";
path = ../../../../secrets/nextcloud_admin.age;
}
]
);
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
package = pkgs.nextcloud31;
hostName = "nextcloud.kilonull.com";
https = true;
database.createLocally = true;
@ -75,16 +79,18 @@ in {
};
# nextcloud module configures nginx, just need to specify SSL stuffs here
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = lib.mkIf (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} =
lib.mkIf (cfg.acmeCertName != "")
{
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
services.restic.backups = {
nextcloud = {
user = "nextcloud";
initialize = true;
paths = [config.services.nextcloud.datadir];
paths = [ config.services.nextcloud.datadir ];
environmentFile = secrets."restic/env".path;
repositoryFile = secrets."restic/repo".path;
passwordFile = secrets."restic/password".path;
@ -93,10 +99,18 @@ in {
Persistent = true;
RandomizedDelaySec = "5h";
};
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 9001"];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 9001"
];
};
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

25
systems/x86_64-linux/gospel/default.nix
View file

@ -2,7 +2,8 @@
config,
pkgs,
...
}: {
}:
{
imports = [
./hardware-configuration.nix
./zfs.nix
@ -62,7 +63,10 @@
system.zfs.enable = true;
system.monitoring.enable = true;
user.extraGroups = ["dialout" "libvirtd"];
user.extraGroups = [
"dialout"
"libvirtd"
];
};
services.udev.packages = [
@ -110,12 +114,18 @@
programs.virt-manager.enable = true;
boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv6l-linux"
];
networking = {
hostName = "gospel";
useDHCP = false;
defaultGateway = "192.168.113.1";
nameservers = ["192.168.113.13" "1.1.1.1"];
networkmanager.enable = true;
nameservers = [
"192.168.113.1"
"1.1.1.1"
];
interfaces.eno1.ipv4.addresses = [
{
address = "192.168.113.69"; # nice
@ -123,6 +133,11 @@
}
];
};
programs.winbox = {
enable = true;
openFirewall = true;
};
programs.nm-applet.enable = true;
time.timeZone = "America/Los_Angeles";

52
systems/x86_64-linux/node/default.nix
View file

@ -3,7 +3,8 @@
pkgs,
lib,
...
}: {
}:
{
imports = [
./hardware-configuration.nix
./zfs.nix
@ -24,10 +25,6 @@
configureServerRouting = true;
};
services.openssh.enable = true;
services.adguardhome = {
enable = true;
acmeCertName = "kilonull.com";
};
services.nextcloud = {
enable = true;
acmeCertName = "kilonull.com";
@ -75,32 +72,16 @@
apps.yubikey.enable = true;
};
# Rewrite specific to this machine (didn't want to put this in my adguardhome
# module incase I want to reuse it for something else later)
services.adguardhome.settings.filtering.rewrites = [
{
domain = "octoprint.kilonull.com";
answer = "192.168.113.42";
}
{
domain = "hydra.kilonull.com";
answer = "192.168.113.69";
}
{
domain = "cache.kilonull.com";
answer = "192.168.113.69";
}
{
domain = "*.kilonull.com";
answer = "192.168.113.13";
}
];
services.avahi = {
enable = true;
nssmdns4 = true;
};
security.pam.sshAgentAuth = {
enable = true;
# Addresses issue 31611
# See: https://github.com/NixOS/nixpkgs/issues/31611
authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"];
authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
};
security.pam.services.${config.aa.user.name}.sshAgentAuth = true;
@ -115,7 +96,10 @@
hostName = "node";
useDHCP = false;
defaultGateway = "192.168.113.1";
nameservers = ["127.0.0.1" "1.1.1.1"];
nameservers = [
"192.168.113.1"
"1.1.1.1"
];
interfaces.enp7s0.ipv4.addresses = [
{
address = "192.168.113.13";
@ -124,20 +108,6 @@
];
};
# Running own DNS resolver on same system. This prevents DNS issues with ACME
systemd.services = let
dependency = ["adguardhome.service"];
in
lib.mapAttrs'
(name: _:
lib.nameValuePair "acme-${name}" {
after = dependency;
preStart = ''
sleep 10
'';
})
config.security.acme.certs;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [