Compare commits

...

54 Commits

Author SHA1 Message Date
Sam 2ef417b6b1 Update NVIDIA configuration and add cpupower package
- Enable nvidiaPersistenced and add udev rules for NVIDIA devices in citadel/default.nix
- Add boot.extraModprobeConfig for NVreg_DynamicPowerManagement and NVreg_EnableGpuFirmware
- Include the cpupower package in common/core/default.nix
2024-11-13 12:09:17 +00:00
Sam 592309f30a add kodi for sparky 2024-11-12 23:07:22 +00:00
Sam c85215b5b4 add throttled to citadel 2024-11-12 21:18:21 +00:00
Sam d224d55c1a add nvidia and prime to citadel 2024-11-12 19:41:27 +00:00
Sam cdc75090ff Add keymaps and settings for nixvim plugins
- Add Conform auto-format document keymap in conform.nix
- Enable and configure Oil plugin settings in oil.nix
- Update Telescope keymaps definition in telescope.nix
2024-11-12 18:21:15 +00:00
Sam 2d78446105 Refactor Telescope keymaps to dedicated telescope plugin file
- Remove Telescope keymaps from keymaps.nix
- Add Telescope keymaps to telescope.nix
- Include new keymap for grep string under cursor and recently opened files
2024-11-12 17:03:53 +00:00
Sam d058b2cf72 Update nixvim keymaps and harpoon plugin
- Add indentation and line movement keymaps in visual mode
- Add keymap for adding files in harpoon plugin
2024-11-12 16:09:09 +00:00
Sam 86c59bb27b Add Gajim to default packages and new Prefect variable
- Add `pkgs.gajim` to the list of default packages in `default.nix`
- Introduce a new Prefect variable `wdpa_dir` in `baseddata-worker.nix`
- Set the value of `wdpa_dir` to `/media/baseddata-data/wdpa
2024-11-06 16:33:28 +00:00
Sam ac6a9d2c21 merge 2024-11-05 15:21:23 +00:00
Sam a154d2df79 Update default.nix to include R package 2024-11-05 15:20:35 +00:00
Sam a95ac4ef25 Update default.nix and dwm.nix with new packages and revisions
- Add pkgs.gimp to default.nix
- Update dwm.nix with new revision and sha256
2024-11-05 15:19:32 +00:00
Sam de5c1edf1b revert user variables removal 2024-11-04 15:57:32 +00:00
Sam ac5833c8af revert neovim to stable 2024-11-04 15:54:26 +00:00
Sam b9c0b70fc8 rm parrot.nvim 2024-11-04 15:53:53 +00:00
Sam b2f849d80b Update desktop packages and add spell-checking support
- Replace libreoffice with libreoffice-qt
- Add hunspell and hunspell dictionaries for en-gb and en_US
2024-11-04 15:33:41 +00:00
Sam 4d0335d99a Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-11-03 21:27:10 +00:00
Sam ec7f879c6d Add Krita and update DWM source
- Add Krita to the default.nix package list
- Update DWM source URL and revision in dwm.nix
- Modify DWM source SHA256 checksum in dwm.nix
2024-11-03 21:27:07 +00:00
Sam 2c44487796 Add swap devices and update Prefect variables
- Add swap devices configuration to citadel and semita hosts
- Update Prefect variable for OSM directory in baseddata-worker
- Set swap device size to 32*1024 for both citadel and semita hosts
2024-11-03 21:03:12 +00:00
Sam 45ee82da0e Add glow plugin and update prefect variable
- Add 'pkgs.glow' to 'default.nix'
- Add and configure 'glow.nvim' plugin in 'plugins/default.nix'
- Update 'postgres_dbname' variable to 'baseddata' in 'baseddata-worker.nix'
2024-11-02 14:00:30 +00:00
Sam 5d0b1b9be7 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-11-01 22:17:35 +00:00
Sam 7be587d7b1 Update Postgres configuration and remove system packages
- Update Postgres configuration for dev and prod environments:
  - Change dbname from `dev_baseddata_models` to `dev_baseddata` and `baseddata_models` to `baseddata`
  - Replace host variable with `${baseddataPostgresIp}`
  - Update user and password placeholders to new paths
- Remove `environment.systemPackages` configuration
2024-11-01 22:17:24 +00:00
Sam 7e4f15496f rm flake.lock to gitignore 2024-11-01 17:38:25 +00:00
Sam 9a26bbe7c5 add flake.lock to gitignore 2024-11-01 17:37:34 +00:00
Sam d725852387 add flake.lock to gitignore 2024-11-01 17:37:23 +00:00
Sam 4bee1bffbd flake.lock 2024-11-01 17:33:29 +00:00
Sam 8561f44963 update flake.lock 2024-10-28 17:52:45 +00:00
Sam dde54c9aa7 Add lib to configuration 2024-10-28 17:52:29 +00:00
Sam 16436da1e4 Update nixvim configuration to use unstable Neovim package 2024-10-28 17:51:42 +00:00
Sam 13dad7b532 Update: Add Mistral API key and Parrot.nvim plugin
- Introduce Mistral API key
- Add Parrot.nvim plugin
- Implement a function to read the API key from a secrets file
- Set up Parrot.nvim with Mistral provider and custom hooks for code assistance and git commit generation
2024-10-28 17:46:09 +00:00
Sam a9f321a847 update flake 2024-10-28 13:45:55 +00:00
Sam 7cffeffca9 Add bitcoind configuration and prefect variables
- Add bitcoind IP and port configuration variables
- Update prefect variables for bitcoind ip and port
- Maintain existing configurations for other services
2024-10-25 10:31:52 +01:00
Sam 70a788f588 Add bitcoind RPC credentials and update prefect variables
- Add bitcoind RPC username and password to secrets and environment variables
- Update prefect variables to include bitcoin RPC username and password
- Add new read-only host paths for bitcoind RPC username and password
2024-10-25 10:18:15 +01:00
Sam 4e6f1f6f01 update flake 2024-10-24 15:22:35 +01:00
Sam 8242c29cf7 Refactor flake.nix and add key remaps script
- Refactor `flake.nix` to simplify the `outputs` section and remove redundant configurations
- Update `lsp.nix` to use hostname for NixOS and Home Manager configurations.
- Add `key-remaps.nix` script to `dwm` configuration and update `xinitrc.nix` to include it in autostart.
- Comment out non-functional `displayManager.sessionCommands` in `citadel/default.nix`.
2024-10-24 15:14:34 +01:00
Sam bd3f24056e modify nixvim
- add config for nixd
- fix luasnip call func in cmp
- enable autocomplete in cmp- cmdline
- add cmp-cmdline mapping
2024-10-23 22:34:35 +01:00
Sam 71ac9901dd disable tlp for citadel 2024-10-23 19:06:08 +01:00
Sam b106d1cb6e add nix-ld for citadel and semita 2024-10-19 13:33:51 +01:00
Sam ca9dff8442 modify baseddata-worker variables 2024-10-19 13:27:30 +01:00
Sam 2516f9de21 removed unused hosts 2024-10-14 18:54:48 +01:00
Sam a9fc820d61 brave 2024-10-14 18:46:13 +01:00
Sam c255cdbb2c chromium, kemaps, cli commands 2024-10-14 16:57:01 +01:00
Sam 6f4187b95e new postgres connection dbui 2024-10-14 09:48:33 +01:00
Sam 89141ff555 dwm-taglabels 2024-10-12 16:26:10 +01:00
Sam e6c3917942 small changes and updates 2024-10-12 00:19:40 +01:00
Sam 2793c3cfe0 small modification to postgres container 2024-10-12 00:19:24 +01:00
Sam 2005bc293f rm worker container 2024-10-12 00:19:07 +01:00
Sam d9fce8a1c9 new containers for mongodb and bd-worker 2024-10-12 00:18:37 +01:00
Sam 37768683d7 minor modifications to containers 2024-10-10 01:37:37 +01:00
Sam 3092630c08 add firefox bookmarks 2024-10-10 01:37:18 +01:00
Sam dbd3dd5584 update flake secrets 2024-10-10 01:37:05 +01:00
Sam 92fb9f5519 non-Nix Python Packages with Binaries on NixOS 2024-10-10 01:36:50 +01:00
Sam 00d5c7db47 install libreoffice on desktops 2024-10-10 01:36:08 +01:00
Sam 8eeea08472 add script runner container called worker 2024-10-10 01:35:45 +01:00
Sam 5430e70bd4 add vars networking.addresses from nix-secrets 2024-10-07 14:19:27 +01:00
52 changed files with 1077 additions and 370 deletions

0
.gitignore vendored Normal file
View File

View File

@ -46,11 +46,11 @@
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
@ -230,11 +230,11 @@
]
},
"locked": {
"lastModified": 1727854478,
"narHash": "sha256-/odH2nUMAwkMgOS2nG2z0exLQNJS4S2LfMW0teqU7co=",
"lastModified": 1729104314,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "5f58871c9657b5fc0a7f65670fe2ba99c26c1d79",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"type": "github"
},
"original": {
@ -348,11 +348,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1727649413,
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
"lastModified": 1730403150,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"type": "github"
},
"original": {
@ -412,11 +412,11 @@
]
},
"locked": {
"lastModified": 1727707210,
"narHash": "sha256-8XZp5XO2FC6INZEZ2WlwErtvFVpl45ACn8CJ2hfTA0Y=",
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "f61d5f2051a387a15817007220e9fb3bbead57b3",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"type": "github"
},
"original": {
@ -426,13 +426,12 @@
}
},
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1728169228,
"narHash": "sha256-WT6kWWqMQE4KBdziZ/uuJ9sPcVg+6QJoOdBPdKAD0gI=",
"lastModified": 1730130467,
"narHash": "sha256-mcyG1iu8hNmkDjgDEdFQyCZ3bBxBHFKd4nxT8NreMmY=",
"ref": "refs/heads/master",
"rev": "e9709bbb9adc91fb6b4dab5b16e15546cc596695",
"revCount": 165,
"rev": "c82ff6f7e995503acabb9cf2478e5b4e401968ce",
"revCount": 188,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},
@ -474,11 +473,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"lastModified": 1729973466,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github"
},
"original": {
@ -506,11 +505,11 @@
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1728018373,
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github"
},
"original": {
@ -522,16 +521,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1728067476,
"narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=",
"lastModified": 1730481737,
"narHash": "sha256-HaUCfqLIFX/4wiSKkKKSTwUNmZd1EMy+lGB+faadQXU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030",
"rev": "f18ab3b08f56abc54bcc2ef9bbca627d45926fee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -550,11 +549,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1728083208,
"narHash": "sha256-jaoWQm2+oAUDU1ft+RWrxcgc/4lHGE0AkZlIBiVjQiQ=",
"lastModified": 1729945968,
"narHash": "sha256-4u+nbBSMuXWGCtXxUPPEflRm54+y/HLIbhIep9do8Ew=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "e246bd57da2a09b18b0667f7de40dc1c55a94667",
"rev": "c05ac01070425ed0797b1ff678dc690c333cea74",
"type": "github"
},
"original": {
@ -566,11 +565,11 @@
},
"nur": {
"locked": {
"lastModified": 1728121595,
"narHash": "sha256-e9kRLdv2D4Lk6obeLEzm/m2TYcnZuMnVtqtQUKBCMVs=",
"lastModified": 1730472538,
"narHash": "sha256-3m4OVGKsbPzMlnS0gVptIZBRlxgqQz+WhfwT+rT823Y=",
"owner": "nix-community",
"repo": "NUR",
"rev": "b638dbc3cd5ecae15140d2de7897dc9395cd128e",
"rev": "52c21ec8fde46366b1a5555e18d854ee18012ac8",
"type": "github"
},
"original": {
@ -603,11 +602,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1727734513,
"narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=",
"lastModified": 1729999681,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "3198a242e547939c5e659353551b0668ec150268",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github"
},
"original": {
@ -639,11 +638,11 @@
]
},
"locked": {
"lastModified": 1727984844,
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=",
"lastModified": 1729613947,
"narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64",
"rev": "aac86347fb5063960eccb19493e0cadcdb4205ca",
"type": "github"
},
"original": {

View File

@ -3,7 +3,7 @@
inputs = {
# Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs.url = "github:nixos/nixpkgs/release-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# NUR
@ -53,53 +53,38 @@
nix-secrets = {
url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git";
flake = false;
inputs = {};
};
};
outputs =
{ self
, nixpkgs
, home-manager
, ...
} @ inputs:
let
outputs = {
self,
nixpkgs,
home-manager,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
specialArgs = { inherit inputs outputs; };
in
{
inherit (nixpkgs) lib;
configVars = import ./vars {inherit inputs lib;};
specialArgs = {
inherit
inputs
outputs
configVars
;
};
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
overlays = import ./overlays {inherit inputs;};
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
# System level configs
nixosConfigurations = {
nixdev = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nixdev
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
fileserver = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/fileserver
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
@ -126,7 +111,7 @@
}
];
};
nebula = nixpkgs.lib.nixosSystem {
merlin = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula

View File

@ -1,4 +1,4 @@
{config, ...}: {
{config, pkgs, ...}: {
imports = [
# Import users
./users/sam
@ -15,6 +15,10 @@
./common/optional/yazi.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";

View File

@ -1,4 +1,4 @@
{ pkgs, inputs, outputs, ... }:
{ pkgs, inputs, outputs, lib, ... }:
{
imports = [
inputs.nix-colors.homeManagerModules.default
@ -18,13 +18,15 @@
ripgrep
fzf
eza
bat
killall
pciutils
tree
jq
coreutils
btop
htop
postgresql
postgresql_16
libqalculate
tmux
;

View File

@ -25,9 +25,11 @@
pkgs.shellharden
pkgs.shfmt
pkgs.stylua
pkgs.glow
];
programs.nixvim = {
enable = true;
package = pkgs.neovim-unwrapped;
enableMan = true; # install man pages for nixvim options
clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers
globals.mapleader = " ";

View File

@ -5,9 +5,7 @@
mode = ["n"];
action = "<C-w>h";
key = "<S-h>";
options = {
silent = true;
};
options = {silent = true;};
}
{
mode = ["n"];
@ -52,35 +50,6 @@
options = {noremap = true;};
}
# Telescope Plugin
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
# paste over selected text without yanking it
{
mode = ["v"];
@ -113,5 +82,33 @@
action = ": resize +1<CR>";
options = {noremap = true;};
}
# indent line in or out
{
mode = ["v"];
key = "<";
action = "<gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = ">";
action = ">gv";
options = {noremap = true;};
}
# move selected line up or down
{
mode = ["v"];
key = "J";
action = ":m '>+1<CR>gv=gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = "K";
action = ":m '<-2<CR>gv=gv";
options = {noremap = true;};
}
];
}

View File

@ -3,6 +3,7 @@
cmp-emoji = { enable = true; };
cmp = {
enable = true;
cmdline = {};
settings = {
autoEnableSources = true;
experimental = { ghost_text = true; };
@ -11,7 +12,7 @@
fetchingTimeout = 200;
maxViewEntries = 30;
};
snippet = { expand = "luasnip"; };
snippet = { expand = "function(args) require('luasnip').lsp_expand(args.body) end"; };
formatting = {
fields = [ "kind" "abbr" "menu" ];
format = ''
@ -43,14 +44,10 @@
};
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<C-j>" = "cmp.mapping.select_next_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-e>" = "cmp.mapping.abort()";
"<S-Tab>" = "cmp.mapping.select_prev_item()";
"<C-b>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = true })";
};
};
};
@ -58,7 +55,7 @@
cmp-buffer = { enable = true; };
cmp-path = { enable = true; }; # file system paths
cmp_luasnip = { enable = true; }; # snippets
cmp-cmdline = { enable = false; }; # autocomplete for cmdline
cmp-cmdline = { enable = true; }; # autocomplete for cmdline
};
programs.nixvim.extraConfigLua = ''
luasnip = require("luasnip")
@ -94,22 +91,15 @@
-- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline({'/', "?" }, {
mapping = cmp.mapping.preset.cmdline(),
sources = {
{ name = 'buffer' }
}
})
-- Set configuration for specific filetype.
cmp.setup.filetype('gitcommit', {
sources = cmp.config.sources({
{ name = 'cmp_git' }, -- You can specify the `cmp_git` source if you were installed it.
}, {
{ name = 'buffer' },
})
})
-- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({
{ name = 'path' }
}, {

View File

@ -38,4 +38,16 @@
}
'';
programs.nixvim.keymaps = [
# format document with Conform
{
mode = ["n"];
key = "<leader>cf";
action = "<CMD>Format<CR>";
options = {
silent = true;
desc = "Conform auto-format document";
};
}
];
}

View File

@ -5,6 +5,7 @@
}: let
user = config.home.username;
in {
imports = [
./cmp.nix
./colorizer.nix
@ -32,6 +33,18 @@ in {
pkgs.vimPlugins.vim-dadbod-ui
pkgs.vimPlugins.vim-dadbod-completion
pkgs.vimPlugins.fugitive
(pkgs.vimUtils.buildVimPlugin
{
name = "glow.nvim";
src = pkgs.fetchFromGitHub {
owner = "ellisonleao";
repo = "glow.nvim";
rev = "238070a";
sha256 = "sha256-GsNcASzVvY0066kak2nvUY5luzanoBclqcUOsODww8g=";
};
})
(pkgs.vimUtils.buildVimPlugin
{
name = "buffer_manager.nvim";
@ -58,6 +71,18 @@ in {
pkgs.vimPlugins.vim-devicons
];
programs.nixvim.extraConfigLua = ''
-- function to read api key from secrets file
local function read_api_key(file_path)
local file = io.open(file_path, "r")
if file then
local api_key = file:read("*all")
file:close()
return api_key
else
error("Failed to open file: " .. file_path)
end
end
-- buffer_manager.nvim
local opts = {noremap = true}
@ -84,6 +109,16 @@ in {
}
)
require('glow').setup({
border = "shadow",
style = "dark",
pager = false,
width = 80,
height = 100,
width_ratio = 0.7,
height_ratio = 0.7,
})
-- Custom color for modified buffers
vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" })

View File

@ -3,6 +3,7 @@
enable = true;
keymaps = {
toggleQuickMenu = "<leader>h";
addFile = "<leader>a";
};
};
}

View File

@ -1,10 +1,25 @@
{ osConfig , ... }:
let
hostname = osConfig.networking.hostName;
in
{
programs.nixvim.plugins = {
lsp = {
enable = true;
servers = {
lua-ls = {enable = true;};
nixd = {enable = true;};
nixd = {
enable = true;
cmd = ["nixd"];
settings = {
nixpkgs.expr = "import <nixpkgs> { }";
options = {
nixos.expr = "(builtins.getFlake \"/etc/nixos\").nixosConfigurations.${hostname}.options";
# TODO get home-manager options working when hm imported as submodule
# home_manager.expr = "(builtins.getFlake \"github:nix-community/home-manager\").homeConfigurations.${hostname}.options";
};
};
};
bashls = {enable = true;};
pyright = {enable = true;};
html = {enable = true;};

View File

@ -1,5 +1,9 @@
{
programs.nixvim.plugins.oil = {
enable = true;
settings = {
columns = ["icon"];
view_options.show_hidden = true;
};
};
}

View File

@ -3,4 +3,48 @@
enable = true;
extensions.fzy-native.enable = true;
};
programs.nixvim.keymaps = [
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# grep string under cursor
mode = ["n"];
key = "<Leader>fs";
action = "<cmd>Telescope string_grep<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
{
# show recently opened files
mode = ["n"];
key = "<Leader>fo";
action = "<cmd>Telescope oldfiles<CR>";
options = {noremap = true;};
}
];
}

View File

@ -9,6 +9,9 @@
shellAliases = {
ll = "ls -l";
src = "cd ~/.local/share/src";
no = "cd /etc/nixos";
cat = "bat --decorations=never";
ls = "eza";
};
history.size = 10000;
history.path = "${config.xdg.dataHome}/zsh/history";

View File

@ -15,8 +15,20 @@
pkgs.kcolorchooser
pkgs.zotero
pkgs.transmission
pkgs.qgis
pkgs.mpv
pkgs.gnome.simple-scan
pkgs.pandoc
pkgs.texlive.combined.scheme-small
pkgs.libreoffice-fresh
pkgs.hunspell
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en_US
pkgs.set_wm_class
pkgs.xorg.xkill
pkgs.krita
pkgs.R
pkgs.gimp
pkgs.gajim
];
}

View File

@ -1,8 +1,15 @@
{ pkgs, config, ... }:
let
user = config.home.username;
in
{
pkgs,
config,
configVars,
...
}: let
user = config.home.username;
jellyfinIp = configVars.networking.addresses.jellyfin.ip;
jellyfinPort = configVars.networking.addresses.jellyfin.port;
bitcoinNodeIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
in {
programs.firefox = {
enable = true;
profiles.${user} = {
@ -12,13 +19,21 @@ in
order = ["Searx" "DuckDuckGo"];
engines = {
"Nix Packages" = {
urls = [{
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
}];
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
};
@ -41,16 +56,22 @@ in
bookmarks = [
{
name = "wikipedia";
tags = [ "wiki" ];
keyword = "wiki";
url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go";
name = "toolbar";
toolbar = true;
bookmarks = [
{
name = "Jellyfin";
url = "http://${jellyfinIp}:${jellyfinPort}";
}
{
name = "bitlab21";
tags = [ "bitcoin" ];
keyword = "bitcoin";
url = "https://bitlab21.com";
name = "Mempool";
url = "http://${bitcoinNodeIp}:${toString mempoolPort}";
}
{
name = "Nixos Package Search";
url = "https://search.nixos.org/packages";
}
];
}
];
@ -75,7 +96,6 @@ in
privacy-badger
zotero-connector
];
};
};
}

View File

@ -0,0 +1,13 @@
{
pkgs,
...
}: {
programs.kodi = {
enable = true;
package = pkgs.kodi.withPackages (kodiPkgs:
with kodiPkgs; [
netflix
jellycon
]);
};
}

View File

@ -11,4 +11,9 @@
pkgs.feh
];
programs.chromium = {
enable = true;
package = pkgs.brave;
};
}

View File

@ -31,6 +31,8 @@
./scripts/aichat-wrapper.nix
./scripts/dmenu-wifi.nix
./scripts/battery-status.nix
./scripts/dmenu-set-wm-class.nix
./scripts/key-remaps.nix
];
home.packages = [

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-set-wm-class" ''
${libnotify}/bin/notify-send "Set Window Class" "Select window..."
winid=$(${xorg.xwininfo}/bin/xwininfo | grep "Window id:" | grep -o "0x[0-9a-fA-F]*")
class=$(${xorg.xprop}/bin/xprop -id "$winid" WM_CLASS | grep -o "\".*\"$")
new_class=$( echo "" | ${dmenu}/bin/dmenu -p "Selected: $class. Set class name of window:")
[ -z "$new_class" ] && ${libnotify}/bin/notify-send "Set Window Class" "Nothing set, exiting" && exit
${set_wm_class}/bin/set_wm_class "$winid" "$new_class"
'')
];
}

View File

@ -0,0 +1,11 @@
{pkgs, ...}: {
home.packages = with pkgs; [
(writeShellScriptBin "key-remaps" ''
${xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
${xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
${xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
${xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
${xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
'')
];
}

View File

@ -26,6 +26,9 @@
control + F7
emoji-picker
control + F4
dmenu-set-wm-class
'';
};
}

View File

@ -1,4 +1,4 @@
{pkgs, ...}: {
{...}: {
# TODO: configure x11 to look in .config/x11
home.file.".xinitrc" = {
recursive = true;
@ -7,7 +7,7 @@
picom -b --config ~/.config/picom/picom.conf
xrdb -merge ~/.Xresources
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd"
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd key-remaps"
for program in $autostart; do
pidof -sx "$program" || "$program" &

View File

@ -1,10 +1,13 @@
{ pkgs, ... }:
{ pkgs, configVars, ... }:
let
email = configVars.email.user;
in
{
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Sam";
userEmail = "samual.shop@proton.me";
userEmail = "${email}";
aliases = { };
extraConfig = {
pull.rebase = false;

View File

@ -1,14 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
}

View File

@ -1,13 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

View File

@ -1,29 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/sam
./common/core
./common/optional/desktop/hyprland
./common/optional/desktop/waybar.nix
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
# ------
# | DP-1
# ------
monitors = [
{
name = "Virtual-1";
width = 2048;
height = 1152;
x = 0;
workspace = "1";
primary = true;
}
];
}

View File

@ -20,6 +20,10 @@
./common/optional/transmission.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";

View File

@ -11,6 +11,7 @@
./common/optional/git.nix
./common/optional/syncthing.nix
./common/optional/desktop/cinnamon
./common/optional/desktop/common/kodi.nix
];

View File

@ -3,6 +3,7 @@
lib,
pkgs,
config,
configVars,
...
}: let
# Disko setup
@ -15,6 +16,8 @@
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
@ -50,6 +53,8 @@ in {
../common/optional/printing.nix
../common/optional/backlight.nix
../common/optional/xmodmap-arrow-remaps.nix
../common/optional/nix-ld.nix
../common/optional/gaming.nix
];
boot = {
@ -67,15 +72,34 @@ in {
};
};
swapDevices = [
{
device = "/.swapvol/swapfile";
size = 32 * 1024;
}
];
services = {
libinput.touchpad.accelSpeed = "0.5";
xserver = {
xkb.options = "caps:swapescape";
dpi = 196;
upscaleDefaultCursor = true;
# FIXME this doesnt work for some reason
# displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" ''
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
# '';
};
};
# fix cpu throttling on Lenovo Thinkpad
# see: https://github.com/erpalma/throttled
services.throttled.enable = true;
environment.variables = {
GDK_SCALE = "2.2";
GDK_DPI_SCALE = "0.8";
@ -84,16 +108,16 @@ in {
XCURSOR_SIZE = "64";
};
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
START_CHARGE_THRESH_BAT0 = 50;
STOP_CHARGE_THRESH_BAT0 = 95;
};
};
# services.tlp = {
# enable = true;
# settings = {
# CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
# CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#
# START_CHARGE_THRESH_BAT0 = 50;
# STOP_CHARGE_THRESH_BAT0 = 95;
# };
# };
hardware = {
bluetooth = {
@ -106,11 +130,72 @@ in {
];
};
# nvidia
hardware.opengl = {
enable = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
nvidiaPersistenced = true;
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = true;
# FIXME issue with stable nvidia driver and latest linux kernel
# use mkDriver to specify newer nvidia driver that is compatible
# see: https://github.com/NixOS/nixpkgs/issues/341844#issuecomment-2351075413
# and https://discourse.nixos.org/t/builder-for-nvidia-x11-550-78-6-10-drv-failed-with-exit-code-2/49360/32
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "555.58.02";
sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM=";
sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8=";
openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY=";
settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw=";
};
};
# https://bbs.archlinux.org/viewtopic.php?id=297276 for NVreg_EnableGpuFirmware fix
# https://discourse.nixos.org/t/how-to-use-nvidia-prime-offload-to-run-the-x-server-on-the-integrated-board/9091/15
# for udev rules to disable dGPU when not in use
boot.extraModprobeConfig = ''
options nvidia NVreg_DynamicPowerManagement=0x02
options nvidia NVreg_EnableGpuFirmware=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
networking = {
hostName = "citadel";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["10.0.10.60" "8.8.8.8"];
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
services.libinput.enable = true;

View File

@ -37,12 +37,19 @@ in
};
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [
pkgs.rsync
pkgs.curl
pkgs.just
pkgs.git
pkgs.vim
pkgs.linuxKernel.packages.linux_zen.cpupower
];
system.stateVersion = "24.05";

View File

@ -1,13 +1,13 @@
{ pkgs, lib, inputs, config, ... }:
let
{
lib,
inputs,
config,
...
}: let
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = config.environment.persistence ? "/persist";
hostname = config.networking.hostName;
in
{
in {
imports = [
inputs.sops-nix.nixosModules.sops
];

View File

@ -15,8 +15,8 @@
# src = /home/sam/.local/share/src/dwm;
src = pkgs.fetchgit {
url = "https://git.bitlab21.com/sam/dwm";
rev = "49dd30c0d9970ce480ada51dfcaac1a071804c64";
sha256 = "0ywca25a1pdjvb4cgv5gx36x3yd6922pqvn9a5f60lcn5fv2a96n";
rev = "3e0601b29d879e589703239e064f0baaabb3474b";
sha256 = "sha256-7Hq0vo6YnXKhEUdKjvaAeKodq2l8wwJRzCYJfdHDNMQ=";
};
};
};

View File

@ -9,7 +9,6 @@
# Steam
mangohud
gamemode
gamescope
# WINE
wine
@ -41,11 +40,9 @@
programs.steam = {
enable = true;
gamescopeSession.enable = true;
};
programs.gamemode.enable = true;
programs.gamescope.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {

View File

@ -0,0 +1,21 @@
{ lib, pkgs, ... }:
{
# Using non-Nix Python Packages with Binaries on NixOS https://github.com/mcdonc/.nixconfig/blob/e7885ad18b7980f221e59a21c91b8eb02795b541/videos/pydev/script.rst
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib # numpy
libgcc # sqlalchemy
expat # pyosmium
# that's where the shared libs go, you can find which one you need using
# nix-locate --top-level libstdc++.so.6 (replace this with your lib)
# ^ this requires `nix-index` pkg
];
environment.variables = {
NIX_LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib";
NIX_LD="/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH=lib.mkForce "$NIX_LD_LIBRARY_PATH";
};
}

View File

@ -0,0 +1,274 @@
{
lib,
pkgs,
configVars,
inputs,
config,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "bd-worker";
containerIp = configVars.networking.addresses.bd-worker.ip;
mongodbIp = configVars.networking.addresses.mongodb.ip;
mongodbPort = toString configVars.networking.addresses.mongodb.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
postgresIp = configVars.networking.addresses.postgres.ip;
postgresPort = toString configVars.networking.addresses.postgres.port;
bitcoindIp = configVars.networking.addresses.bitcoin-node.ip;
bitcoindPort = toString configVars.networking.addresses.bitcoin-node.services.bitcoind.port;
#secrets
sshKeyFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."ssh_keys/baseddata-models-access/id_ed25519".path;
notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path;
notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path;
recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path;
mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path;
mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path;
mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path;
postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path;
bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path;
bitcoindRPCPassword= lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
baseddataEnv = "dev";
in {
sops.secrets = {
"ssh_keys/baseddata-models-access/id_ed25519" = {};
"comms/xmpp/notifybot/username" = {};
"comms/xmpp/notifybot/password" = {};
"comms/xmpp/mrsu/username" = {};
"software/mongodb/baseddata/auth" = {};
"software/mongodb/baseddata/username" = {};
"software/mongodb/baseddata/password" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/bitcoind/username" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/root/.ssh/id_ed25519" = {
hostPath = "${sshKeyFile}";
isReadOnly = true;
};
"/run/secrets/notifybotUsername" = {
hostPath = "${notifybotUsername}";
isReadOnly = true;
};
"/run/secrets/notifybotPassword" = {
hostPath = "${notifybotPwd}";
isReadOnly = true;
};
"/run/secrets/recipientUsername" = {
hostPath = "${recipientUsername}";
isReadOnly = true;
};
"/run/secrets/mongoclientAuth" = {
hostPath = "${mongoclientAuth}";
isReadOnly = true;
};
"/run/secrets/mongoclientUser" = {
hostPath = "${mongoclientUser}";
isReadOnly = true;
};
"/run/secrets/mongoclientPassword" = {
hostPath = "${mongoclientPassword}";
isReadOnly = true;
};
"/run/secrets/postgresPassword" = {
hostPath = "${postgresPassword}";
isReadOnly = true;
};
"/run/secrets/postgresUser" = {
hostPath = "${postgresUser}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCPassword" = {
hostPath = "${bitcoindRPCPassword}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCUsername" = {
hostPath = "${bitcoindRPCUsername}";
isReadOnly = true;
};
"/media/baseddata-data" = {
hostPath = "/media/main-ssd/baseddata-data";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
4200
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = [
pkgs.vim
pkgs.git
pkgs.python311
pkgs.poetry
pkgs.aria2
pkgs.osmctools
pkgs.osmium-tool
];
environment.variables = {
BASEDDATA_ENVIRONMENT = "dev";
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
};
systemd.services.baseddata-deploy-service = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
description = "Initiates deployment of application and builds python environment using Poetry";
environment = {
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
ExecStart = pkgs.writeShellScript "baseddata-deploy-service" ''
GITCMD="${pkgs.openssh}/bin/ssh -i /root/.ssh/id_ed25519"
if [ ! -d "/srv/baseddata-models" ]; then
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git clone --branch $BASEDDATA_ENVIRONMENT git@git.bitlab21.com:sam/baseddata-models.git /srv/baseddata-models
else
cd /srv/baseddata-models
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git stash --include-untracked
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git pull
fi
cd /srv/baseddata-models
mkdir .venv
${pkgs.poetry}/bin/poetry install
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-prefect-server = {
wantedBy = ["multi-user.target"];
after = ["baseddata-deploy-service.target"];
description = "Initates the Prefect server";
environment = {
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
WorkingDirectory = "/srv/baseddata-models";
ExecStart = pkgs.writeShellScript "baseddata-prefect-server" ''
# run prefect server
.venv/bin/prefect server start --host 0.0.0.0
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-serve-flows = {
wantedBy = ["multi-user.target"];
after = ["baseddata-prefect-server.target"];
description = "Serves the Prefect flows";
environment = {
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
Environment = "PATH=/run/current-system/sw/bin/";
WorkingDirectory = "/srv/baseddata-models";
ExecStartPre = "${pkgs.coreutils}/bin/timeout 120 ${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat-openbsd}/bin/nc -z ${containerIp} 4200; do sleep 3; done'";
ExecStart = pkgs.writeShellScript "baseddata-serve-flows" ''
# set prefect environment variables
.venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite
.venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite
.venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite
.venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite
.venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite
.venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite
.venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite
.venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite
.venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite
.venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite
.venv/bin/prefect variable set "postgres_pwd" $(cat /run/secrets/postgresPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_password" $(cat /run/secrets/bitcoindRPCPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_username" $(cat /run/secrets/bitcoindRPCUsername) --overwrite
.venv/bin/prefect variable set "bitcoind_ip" ${bitcoindIp} --overwrite
.venv/bin/prefect variable set "bitcoind_port" ${bitcoindPort} --overwrite
.venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite
.venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite
.venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite
.venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite
# serve flows
.venv/bin/python automation/flows/serve-flows.py
'';
Restart = "on-failure";
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib
libgcc
];
programs.ssh.knownHosts = {
"git.bitlab21.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -1,16 +1,18 @@
{
lib,
pkgs,
configVars,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
container_name = "jellyfin";
container_ip = "10.0.10.6";
containerName = "jellyfin";
containerIp = configVars.networking.addresses.jellyfin.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${container_name}"
"/var/lib/nixos-containers/${containerName}"
];
};
@ -18,7 +20,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${container_name} = {
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -40,17 +42,17 @@ in {
...
}: {
networking = {
defaultGateway = "10.0.10.1";
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${container_ip}";
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
5432
8096
];
};
useHostResolvConf = lib.mkForce false;

View File

@ -0,0 +1,98 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "mongodb";
containerIp = configVars.networking.addresses.mongodb.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
# "/var/db/mongodb" = {
# hostPath = "/media/main-ssd/mongodb";
# isReadOnly = false;
# };
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
27017
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
mongosh
];
# allow unfree packages
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.mongodb
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
services.mongodb = {
enable = true;
# enableAuth = true;
# initialRootPassword = mongodbPasswordPath;
bind_ip = "0.0.0.0";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -2,6 +2,7 @@
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
@ -9,8 +10,11 @@
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
container_name = "bitcoin-node";
container_ip = "10.0.10.4";
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
@ -23,7 +27,7 @@ in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${container_name}"
"/var/lib/nixos-containers/${containerName}"
];
};
@ -31,7 +35,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${container_name} = {
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -85,8 +89,8 @@ in {
jq
];
networking = {
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [ { "address" = "${container_ip}"; "prefixLength" = 24; } ];
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
@ -120,7 +124,7 @@ in {
rpc = {
address = "0.0.0.0";
threads = 6;
allowip = ["10.0.0.0/8"];
allowip = allowip;
users = let
name = "bitcoin";
in {
@ -143,7 +147,7 @@ in {
enable = true;
electrumServer = "electrs";
frontend = {
port = 4080;
port = mempoolPort;
address = "0.0.0.0";
};
};

View File

@ -2,13 +2,16 @@
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
postgresPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/postgres/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
container_name = "postgres";
container_ip = "10.0.10.5";
containerName = "postgres";
containerIp = configVars.networking.addresses.postgres.ip;
subnetIp = configVars.networking.addresses.subnet.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
@ -18,7 +21,7 @@ in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${container_name}"
"/var/lib/nixos-containers/${containerName}"
];
};
@ -26,7 +29,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${container_name} = {
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -44,10 +47,10 @@ in {
...
}: {
networking = {
defaultGateway = "10.0.10.1";
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${container_ip}";
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
@ -71,6 +74,7 @@ in {
enableJIT = true;
package = pkgs.postgresql_16;
extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
enableTCPIP = true;
settings = {
max_worker_processes = "12";
max_parallel_workers = "8";
@ -82,8 +86,11 @@ in {
maintenance_work_mem = "64MB";
};
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
#type database DBuser origin-address auth-method
local all postgres peer
host all all ${subnetIp}/24 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
'';
};

View File

@ -1,4 +1,10 @@
{pkgs, ...}: {
{
pkgs,
configVars,
...
}: let
serverIp = configVars.networking.addresses.merlin.ip;
in {
services = {
udev.packages = [pkgs.sane-airscan];
printing = {
@ -16,7 +22,7 @@
sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
netConf = "10.0.10.2";
netConf = "${serverIp}";
};
printers = {
ensurePrinters = [

View File

@ -3,6 +3,7 @@
inputs,
config,
lib,
configVars,
...
}: let
hostname = config.networking.hostName;
@ -10,6 +11,7 @@
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
baseddataPostgresIp = configVars.networking.addresses.postgres.ip;
username = "sam";
in {
users.users.${username} = {
@ -27,7 +29,7 @@ in {
"podman"
];
};
services.tailscale.enable = true;
sops.secrets = {
"passwords/${username}" = {
sopsFile = "${secretsFile}";
@ -55,6 +57,8 @@ in {
"software/postgres/bitcoin/password" = {};
"software/postgres/bitcoin/ip" = {};
"software/postgres/bitcoin/username" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/zotero/username" = {};
"software/zotero/password" = {};
"software/zotero/guid" = {};
@ -85,6 +89,10 @@ in {
{
"url": "postgresql://${config.sops.placeholder."software/postgres/bitcoin/username"}:${config.sops.placeholder."software/postgres/bitcoin/password"}@${config.sops.placeholder."software/postgres/bitcoin/ip"}/bitcoin",
"name": "bitcoin"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata/user_username"}:${config.sops.placeholder."software/postgres/baseddata/user_password"}@${baseddataPostgresIp}/baseddata",
"name": "baseddata"
}
]
'';
@ -99,23 +107,23 @@ in {
target: dev
outputs:
dev:
dbname: dev_baseddata_models
host: ${config.sops.placeholder."software/postgres/baseddata_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata_models/password"}'
dbname: dev_baseddata
host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata_models/username"}
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
prod:
dbname: baseddata_models
host: ${config.sops.placeholder."software/postgres/baseddata_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata_models/password"}'
dbname: baseddata
host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata_models/username"}
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
'';
};
@ -152,8 +160,4 @@ in {
${username} = import ../../../../home/${hostname}.nix;
};
};
environment.systemPackages = [
#inputs.sqlfmt.packages.x86_64-linux.sqlfmt
];
}

View File

@ -37,7 +37,7 @@ in
};
networking = {
hostName = "nebula";
hostName = "merlin";
networkmanager.enable = true;
enableIPv6 = false;
};

View File

@ -2,6 +2,7 @@
inputs,
lib,
pkgs,
configVars,
...
}: let
# Disko setup
@ -14,6 +15,10 @@
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
semitaIp = configVars.networking.addresses.semita.ip;
in {
imports = [
# Create users for this host
@ -50,6 +55,9 @@ in {
../common/optional/nixos-containers/nix-bitcoin.nix
../common/optional/nixos-containers/postgres.nix
../common/optional/nixos-containers/jellyfin.nix
../common/optional/nixos-containers/baseddata-worker.nix
../common/optional/nixos-containers/mongodb.nix
../common/optional/nix-ld.nix
];
fileSystems."/media/main-ssd" = {
@ -91,6 +99,11 @@ in {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
@ -107,8 +120,8 @@ in {
networking = {
hostName = "semita";
nameservers = ["10.0.10.60" "10.0.10.1" "8.8.8.8"];
defaultGateway = "10.0.10.1";
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
defaultGateway = "${gatewayIp}";
useDHCP = false;
bridges = {
br0 = {
@ -118,7 +131,7 @@ in {
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "10.0.10.3";
"address" = "${semitaIp}";
"prefixLength" = 24;
}
];

View File

@ -1,24 +1,40 @@
{ inputs, config, lib, pkgs, outputs, ... }:
let
{
inputs,
config,
lib,
configVars,
...
}: let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
impermanence = true;
in
{
imports =
[
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
../common/users/media
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options
./hardware-configuration.nix
@ -30,7 +46,6 @@ in
../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix
../common/optional/printing.nix
];
boot = {
@ -46,6 +61,7 @@ in
hostName = "sparky";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
nixpkgs.config.allowUnfreePredicate = pkg:

View File

@ -14,6 +14,11 @@ rebuild-system:
git add *.nix
sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname)
# test full system rebuild from flake (stages changes and automatically detects host)
rebuild-system-test:
git add *.nix
sudo nixos-rebuild test --option eval-cache false --flake .#$(hostname)
# updates all flake inputs for system
update-flake:
nix flake update

View File

@ -6,4 +6,5 @@ pkgs: {
nsxiv = pkgs.callPackage ./nsxiv {};
sqlfmt = pkgs.callPackage ./sqlfmt {};
kunst = pkgs.callPackage ./kunst {};
set_wm_class = pkgs.callPackage ./set_wm_class {};
}

View File

@ -0,0 +1,35 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
, pkg-config ? pkgs.pkg-config
, libX11 ? pkgs.xorg.libX11
}:
pkgs.stdenv.mkDerivation {
pname = "set_wm_class";
name = "set_wm_class";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "set_wm_class";
rev = "b39fb4b360";
sha256 = "sha256-5z2YQof4jbfa1dQll5GLt2OL54UhDKZ4Dzzte7vT0zM=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libX11
];
buildPhase = ''
make
'';
installPhase = ''
mkdir -p $out/bin
mv set_wm_class $out/bin
'';
}

View File

@ -12,8 +12,8 @@ pkgs.stdenv.mkDerivation {
domain = "git.bitlab21.com";
owner = "sam";
repo = "st";
rev = "31e0ba8cb2086fb12741afc5fc3dfd938ca1f59b";
sha256 = "sha256-dbkXFbNr/lJveMeR7qXo7jGgF5+79S9vqKsLM7XM250=";
rev = "0e926487c85227aad9eed6667b91e149018014b8";
sha256 = "sha256-aUquoUotLKJDxOISIcx0RUybNvBrytc7+EF7PE1MRJU=";
};
nativeBuildInputs = [

8
vars/default.nix Normal file
View File

@ -0,0 +1,8 @@
{ inputs, ... }:
{
inherit (inputs.nix-secrets)
networking
email
;
}