Compare commits

..

No commits in common. "master" and "bitcoin" have entirely different histories.

52 changed files with 369 additions and 1079 deletions

0
.gitignore vendored
View File

View File

@ -46,11 +46,11 @@
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
@ -230,11 +230,11 @@
]
},
"locked": {
"lastModified": 1729104314,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"lastModified": 1727854478,
"narHash": "sha256-/odH2nUMAwkMgOS2nG2z0exLQNJS4S2LfMW0teqU7co=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"rev": "5f58871c9657b5fc0a7f65670fe2ba99c26c1d79",
"type": "github"
},
"original": {
@ -348,11 +348,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1730403150,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"lastModified": 1727649413,
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
"type": "github"
},
"original": {
@ -412,11 +412,11 @@
]
},
"locked": {
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"lastModified": 1727707210,
"narHash": "sha256-8XZp5XO2FC6INZEZ2WlwErtvFVpl45ACn8CJ2hfTA0Y=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"rev": "f61d5f2051a387a15817007220e9fb3bbead57b3",
"type": "github"
},
"original": {
@ -426,12 +426,13 @@
}
},
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1730130467,
"narHash": "sha256-mcyG1iu8hNmkDjgDEdFQyCZ3bBxBHFKd4nxT8NreMmY=",
"lastModified": 1728169228,
"narHash": "sha256-WT6kWWqMQE4KBdziZ/uuJ9sPcVg+6QJoOdBPdKAD0gI=",
"ref": "refs/heads/master",
"rev": "c82ff6f7e995503acabb9cf2478e5b4e401968ce",
"revCount": 188,
"rev": "e9709bbb9adc91fb6b4dab5b16e15546cc596695",
"revCount": 165,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},
@ -473,11 +474,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1729973466,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
@ -505,11 +506,11 @@
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"lastModified": 1728018373,
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
"type": "github"
},
"original": {
@ -521,16 +522,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730481737,
"narHash": "sha256-HaUCfqLIFX/4wiSKkKKSTwUNmZd1EMy+lGB+faadQXU=",
"lastModified": 1728067476,
"narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f18ab3b08f56abc54bcc2ef9bbca627d45926fee",
"rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.05",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -549,11 +550,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1729945968,
"narHash": "sha256-4u+nbBSMuXWGCtXxUPPEflRm54+y/HLIbhIep9do8Ew=",
"lastModified": 1728083208,
"narHash": "sha256-jaoWQm2+oAUDU1ft+RWrxcgc/4lHGE0AkZlIBiVjQiQ=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "c05ac01070425ed0797b1ff678dc690c333cea74",
"rev": "e246bd57da2a09b18b0667f7de40dc1c55a94667",
"type": "github"
},
"original": {
@ -565,11 +566,11 @@
},
"nur": {
"locked": {
"lastModified": 1730472538,
"narHash": "sha256-3m4OVGKsbPzMlnS0gVptIZBRlxgqQz+WhfwT+rT823Y=",
"lastModified": 1728121595,
"narHash": "sha256-e9kRLdv2D4Lk6obeLEzm/m2TYcnZuMnVtqtQUKBCMVs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "52c21ec8fde46366b1a5555e18d854ee18012ac8",
"rev": "b638dbc3cd5ecae15140d2de7897dc9395cd128e",
"type": "github"
},
"original": {
@ -602,11 +603,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1729999681,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"lastModified": 1727734513,
"narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"rev": "3198a242e547939c5e659353551b0668ec150268",
"type": "github"
},
"original": {
@ -638,11 +639,11 @@
]
},
"locked": {
"lastModified": 1729613947,
"narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=",
"lastModified": 1727984844,
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "aac86347fb5063960eccb19493e0cadcdb4205ca",
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64",
"type": "github"
},
"original": {

165
flake.nix
View File

@ -3,7 +3,7 @@
inputs = {
# Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/release-24.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# NUR
@ -53,84 +53,99 @@
nix-secrets = {
url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git";
inputs = {};
flake = false;
};
};
outputs = {
self,
nixpkgs,
home-manager,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
inherit (nixpkgs) lib;
configVars = import ./vars {inherit inputs lib;};
specialArgs = {
inherit
inputs
outputs
configVars
;
};
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays {inherit inputs;};
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
outputs =
{ self
, nixpkgs
, home-manager
, ...
} @ inputs:
let
inherit (self) outputs;
systems = [
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
specialArgs = { inherit inputs outputs; };
in
{
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
# System level configs
nixosConfigurations = {
bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/bootstrap
];
};
sparky = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/sparky
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
semita = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/semita
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
merlin = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
citadel = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/citadel
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
# System level configs
nixosConfigurations = {
nixdev = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nixdev
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
fileserver = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/fileserver
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/bootstrap
];
};
sparky = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/sparky
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
semita = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/semita
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
nebula = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
citadel = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/citadel
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
};
};
};
}

View File

@ -1,4 +1,4 @@
{config, pkgs, ...}: {
{config, ...}: {
imports = [
# Import users
./users/sam
@ -15,10 +15,6 @@
./common/optional/yazi.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";

View File

@ -1,4 +1,4 @@
{ pkgs, inputs, outputs, lib, ... }:
{ pkgs, inputs, outputs, ... }:
{
imports = [
inputs.nix-colors.homeManagerModules.default
@ -18,15 +18,13 @@
ripgrep
fzf
eza
bat
killall
pciutils
tree
jq
coreutils
btop
htop
postgresql_16
postgresql
libqalculate
tmux
;

View File

@ -25,11 +25,9 @@
pkgs.shellharden
pkgs.shfmt
pkgs.stylua
pkgs.glow
];
programs.nixvim = {
enable = true;
package = pkgs.neovim-unwrapped;
enableMan = true; # install man pages for nixvim options
clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers
globals.mapleader = " ";

View File

@ -1,11 +1,13 @@
{
programs.nixvim.keymaps = [
programs.nixvim.keymaps = [
# Switching buffers
{
mode = ["n"];
action = "<C-w>h";
key = "<S-h>";
options = {silent = true;};
options = {
silent = true;
};
}
{
mode = ["n"];
@ -50,6 +52,35 @@ programs.nixvim.keymaps = [
options = {noremap = true;};
}
# Telescope Plugin
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
# paste over selected text without yanking it
{
mode = ["v"];
@ -82,33 +113,5 @@ programs.nixvim.keymaps = [
action = ": resize +1<CR>";
options = {noremap = true;};
}
# indent line in or out
{
mode = ["v"];
key = "<";
action = "<gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = ">";
action = ">gv";
options = {noremap = true;};
}
# move selected line up or down
{
mode = ["v"];
key = "J";
action = ":m '>+1<CR>gv=gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = "K";
action = ":m '<-2<CR>gv=gv";
options = {noremap = true;};
}
];
}

View File

@ -3,7 +3,6 @@
cmp-emoji = { enable = true; };
cmp = {
enable = true;
cmdline = {};
settings = {
autoEnableSources = true;
experimental = { ghost_text = true; };
@ -12,7 +11,7 @@
fetchingTimeout = 200;
maxViewEntries = 30;
};
snippet = { expand = "function(args) require('luasnip').lsp_expand(args.body) end"; };
snippet = { expand = "luasnip"; };
formatting = {
fields = [ "kind" "abbr" "menu" ];
format = ''
@ -44,10 +43,14 @@
};
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping.select_prev_item()";
"<C-j>" = "cmp.mapping.select_next_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-e>" = "cmp.mapping.abort()";
"<C-b>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = true })";
};
};
};
@ -55,7 +58,7 @@
cmp-buffer = { enable = true; };
cmp-path = { enable = true; }; # file system paths
cmp_luasnip = { enable = true; }; # snippets
cmp-cmdline = { enable = true; }; # autocomplete for cmdline
cmp-cmdline = { enable = false; }; # autocomplete for cmdline
};
programs.nixvim.extraConfigLua = ''
luasnip = require("luasnip")
@ -91,15 +94,22 @@
-- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline({'/', "?" }, {
mapping = cmp.mapping.preset.cmdline(),
sources = {
{ name = 'buffer' }
}
})
-- Set configuration for specific filetype.
cmp.setup.filetype('gitcommit', {
sources = cmp.config.sources({
{ name = 'cmp_git' }, -- You can specify the `cmp_git` source if you were installed it.
}, {
{ name = 'buffer' },
})
})
-- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({
{ name = 'path' }
}, {

View File

@ -38,16 +38,4 @@
}
'';
programs.nixvim.keymaps = [
# format document with Conform
{
mode = ["n"];
key = "<leader>cf";
action = "<CMD>Format<CR>";
options = {
silent = true;
desc = "Conform auto-format document";
};
}
];
}

View File

@ -5,7 +5,6 @@
}: let
user = config.home.username;
in {
imports = [
./cmp.nix
./colorizer.nix
@ -33,18 +32,6 @@ in {
pkgs.vimPlugins.vim-dadbod-ui
pkgs.vimPlugins.vim-dadbod-completion
pkgs.vimPlugins.fugitive
(pkgs.vimUtils.buildVimPlugin
{
name = "glow.nvim";
src = pkgs.fetchFromGitHub {
owner = "ellisonleao";
repo = "glow.nvim";
rev = "238070a";
sha256 = "sha256-GsNcASzVvY0066kak2nvUY5luzanoBclqcUOsODww8g=";
};
})
(pkgs.vimUtils.buildVimPlugin
{
name = "buffer_manager.nvim";
@ -71,18 +58,6 @@ in {
pkgs.vimPlugins.vim-devicons
];
programs.nixvim.extraConfigLua = ''
-- function to read api key from secrets file
local function read_api_key(file_path)
local file = io.open(file_path, "r")
if file then
local api_key = file:read("*all")
file:close()
return api_key
else
error("Failed to open file: " .. file_path)
end
end
-- buffer_manager.nvim
local opts = {noremap = true}
@ -109,16 +84,6 @@ in {
}
)
require('glow').setup({
border = "shadow",
style = "dark",
pager = false,
width = 80,
height = 100,
width_ratio = 0.7,
height_ratio = 0.7,
})
-- Custom color for modified buffers
vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" })

View File

@ -3,7 +3,6 @@
enable = true;
keymaps = {
toggleQuickMenu = "<leader>h";
addFile = "<leader>a";
};
};
}

View File

@ -1,25 +1,10 @@
{ osConfig , ... }:
let
hostname = osConfig.networking.hostName;
in
{
programs.nixvim.plugins = {
lsp = {
enable = true;
servers = {
lua-ls = {enable = true;};
nixd = {
enable = true;
cmd = ["nixd"];
settings = {
nixpkgs.expr = "import <nixpkgs> { }";
options = {
nixos.expr = "(builtins.getFlake \"/etc/nixos\").nixosConfigurations.${hostname}.options";
# TODO get home-manager options working when hm imported as submodule
# home_manager.expr = "(builtins.getFlake \"github:nix-community/home-manager\").homeConfigurations.${hostname}.options";
};
};
};
nixd = {enable = true;};
bashls = {enable = true;};
pyright = {enable = true;};
html = {enable = true;};

View File

@ -1,9 +1,5 @@
{
programs.nixvim.plugins.oil = {
enable = true;
settings = {
columns = ["icon"];
view_options.show_hidden = true;
};
};
}

View File

@ -3,48 +3,4 @@
enable = true;
extensions.fzy-native.enable = true;
};
programs.nixvim.keymaps = [
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# grep string under cursor
mode = ["n"];
key = "<Leader>fs";
action = "<cmd>Telescope grep_string<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
{
# show recently opened files
mode = ["n"];
key = "<Leader>fo";
action = "<cmd>Telescope oldfiles<CR>";
options = {noremap = true;};
}
];
}

View File

@ -9,9 +9,6 @@
shellAliases = {
ll = "ls -l";
src = "cd ~/.local/share/src";
no = "cd /etc/nixos";
cat = "bat --decorations=never";
ls = "eza";
};
history.size = 10000;
history.path = "${config.xdg.dataHome}/zsh/history";

View File

@ -15,20 +15,8 @@
pkgs.kcolorchooser
pkgs.zotero
pkgs.transmission
pkgs.qgis
pkgs.mpv
pkgs.gnome.simple-scan
pkgs.pandoc
pkgs.texlive.combined.scheme-small
pkgs.libreoffice-fresh
pkgs.hunspell
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en_US
pkgs.set_wm_class
pkgs.xorg.xkill
pkgs.krita
pkgs.R
pkgs.gimp
pkgs.gajim
];
}

View File

@ -1,53 +1,38 @@
{
pkgs,
config,
configVars,
...
}: let
{ pkgs, config, ... }:
let
user = config.home.username;
jellyfinIp = configVars.networking.addresses.jellyfin.ip;
jellyfinPort = configVars.networking.addresses.jellyfin.port;
bitcoinNodeIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
in {
in
{
programs.firefox = {
enable = true;
profiles.${user} = {
search = {
force = true;
default = "Searx";
order = ["Searx" "DuckDuckGo"];
order = [ "Searx" "DuckDuckGo" ];
engines = {
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}];
urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"];
definedAliases = [ "@nw" ];
};
"Searx" = {
urls = [{template = "http://10.0.10.35:8855/?q={searchTerms}";}];
urls = [{ template = "http://10.0.10.35:8855/?q={searchTerms}"; }];
iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@searx"];
definedAliases = [ "@searx" ];
};
"Bing".metaData.hidden = true;
"Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
@ -56,22 +41,16 @@ in {
bookmarks = [
{
name = "toolbar";
toolbar = true;
bookmarks = [
{
name = "Jellyfin";
url = "http://${jellyfinIp}:${jellyfinPort}";
}
{
name = "Mempool";
url = "http://${bitcoinNodeIp}:${toString mempoolPort}";
}
{
name = "Nixos Package Search";
url = "https://search.nixos.org/packages";
}
];
name = "wikipedia";
tags = [ "wiki" ];
keyword = "wiki";
url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go";
}
{
name = "bitlab21";
tags = [ "bitcoin" ];
keyword = "bitcoin";
url = "https://bitlab21.com";
}
];
@ -96,6 +75,7 @@ in {
privacy-badger
zotero-connector
];
};
};
}

View File

@ -1,13 +0,0 @@
{
pkgs,
...
}: {
programs.kodi = {
enable = true;
package = pkgs.kodi.withPackages (kodiPkgs:
with kodiPkgs; [
netflix
jellycon
]);
};
}

View File

@ -11,9 +11,4 @@
pkgs.feh
];
programs.chromium = {
enable = true;
package = pkgs.brave;
};
}

View File

@ -31,8 +31,6 @@
./scripts/aichat-wrapper.nix
./scripts/dmenu-wifi.nix
./scripts/battery-status.nix
./scripts/dmenu-set-wm-class.nix
./scripts/key-remaps.nix
];
home.packages = [

View File

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-set-wm-class" ''
${libnotify}/bin/notify-send "Set Window Class" "Select window..."
winid=$(${xorg.xwininfo}/bin/xwininfo | grep "Window id:" | grep -o "0x[0-9a-fA-F]*")
class=$(${xorg.xprop}/bin/xprop -id "$winid" WM_CLASS | grep -o "\".*\"$")
new_class=$( echo "" | ${dmenu}/bin/dmenu -p "Selected: $class. Set class name of window:")
[ -z "$new_class" ] && ${libnotify}/bin/notify-send "Set Window Class" "Nothing set, exiting" && exit
${set_wm_class}/bin/set_wm_class "$winid" "$new_class"
'')
];
}

View File

@ -1,11 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
(writeShellScriptBin "key-remaps" ''
${xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
${xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
${xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
${xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
${xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
'')
];
}

View File

@ -26,9 +26,6 @@
control + F7
emoji-picker
control + F4
dmenu-set-wm-class
'';
};
}

View File

@ -1,4 +1,4 @@
{...}: {
{pkgs, ...}: {
# TODO: configure x11 to look in .config/x11
home.file.".xinitrc" = {
recursive = true;
@ -7,7 +7,7 @@
picom -b --config ~/.config/picom/picom.conf
xrdb -merge ~/.Xresources
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd key-remaps"
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd"
for program in $autostart; do
pidof -sx "$program" || "$program" &

View File

@ -1,13 +1,10 @@
{ pkgs, configVars, ... }:
let
email = configVars.email.user;
in
{ pkgs, ... }:
{
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Sam";
userEmail = "${email}";
userEmail = "samual.shop@proton.me";
aliases = { };
extraConfig = {
pull.rebase = false;

14
home/fileserver.nix Normal file
View File

@ -0,0 +1,14 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
}

13
home/nebula.nix Normal file
View File

@ -0,0 +1,13 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

29
home/nixdev.nix Normal file
View File

@ -0,0 +1,29 @@
{ ...
}: {
imports = [
# Import users
./users/sam
./common/core
./common/optional/desktop/hyprland
./common/optional/desktop/waybar.nix
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
# ------
# | DP-1
# ------
monitors = [
{
name = "Virtual-1";
width = 2048;
height = 1152;
x = 0;
workspace = "1";
primary = true;
}
];
}

View File

@ -20,10 +20,6 @@
./common/optional/transmission.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";

View File

@ -11,7 +11,6 @@
./common/optional/git.nix
./common/optional/syncthing.nix
./common/optional/desktop/cinnamon
./common/optional/desktop/common/kodi.nix
];

View File

@ -3,7 +3,6 @@
lib,
pkgs,
config,
configVars,
...
}: let
# Disko setup
@ -16,8 +15,6 @@
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
@ -53,8 +50,6 @@ in {
../common/optional/printing.nix
../common/optional/backlight.nix
../common/optional/xmodmap-arrow-remaps.nix
../common/optional/nix-ld.nix
../common/optional/gaming.nix
];
boot = {
@ -72,34 +67,15 @@ in {
};
};
swapDevices = [
{
device = "/.swapvol/swapfile";
size = 32 * 1024;
}
];
services = {
libinput.touchpad.accelSpeed = "0.5";
xserver = {
xkb.options = "caps:swapescape";
dpi = 196;
upscaleDefaultCursor = true;
# FIXME this doesnt work for some reason
# displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" ''
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
# '';
};
};
# fix cpu throttling on Lenovo Thinkpad
# see: https://github.com/erpalma/throttled
services.throttled.enable = true;
environment.variables = {
GDK_SCALE = "2.2";
GDK_DPI_SCALE = "0.8";
@ -108,21 +84,16 @@ in {
XCURSOR_SIZE = "64";
};
environment.systemPackages = [
pkgs.linuxKernel.packages.linux_zen.cpupower
pkgs.lm_sensors
];
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
# services.tlp = {
# enable = true;
# settings = {
# CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
# CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#
# START_CHARGE_THRESH_BAT0 = 50;
# STOP_CHARGE_THRESH_BAT0 = 95;
# };
# };
START_CHARGE_THRESH_BAT0 = 50;
STOP_CHARGE_THRESH_BAT0 = 95;
};
};
hardware = {
bluetooth = {
@ -135,71 +106,11 @@ in {
];
};
# nvidia
hardware.opengl = {
enable = true;
};
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
nvidiaPersistenced = true;
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = true;
open = false;
nvidiaSettings = true;
# FIXME issue with stable nvidia driver and latest linux kernel
# use mkDriver to specify newer nvidia driver that is compatible
# see: https://github.com/NixOS/nixpkgs/issues/341844#issuecomment-2351075413
# and https://discourse.nixos.org/t/builder-for-nvidia-x11-550-78-6-10-drv-failed-with-exit-code-2/49360/32
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "555.58.02";
sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM=";
sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8=";
openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY=";
settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw=";
};
};
# https://bbs.archlinux.org/viewtopic.php?id=297276 for NVreg_EnableGpuFirmware fix
# https://discourse.nixos.org/t/how-to-use-nvidia-prime-offload-to-run-the-x-server-on-the-integrated-board/9091/15
# for udev rules to disable dGPU when not in use
boot.extraModprobeConfig = ''
options nvidia NVreg_EnableGpuFirmware=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
networking = {
hostName = "citadel";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
nameservers = ["10.0.10.60" "8.8.8.8"];
};
services.libinput.enable = true;

View File

@ -37,12 +37,6 @@ in
};
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [
pkgs.rsync
pkgs.curl

View File

@ -1,13 +1,13 @@
{
lib,
inputs,
config,
...
}: let
{ pkgs, lib, inputs, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = config.environment.persistence ? "/persist";
in {
hostname = config.networking.hostName;
in
{
imports = [
inputs.sops-nix.nixosModules.sops
];
@ -17,7 +17,7 @@ in {
validateSopsFiles = false;
age = {
sshKeyPaths = ["${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"];
sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ];
};
secrets = {
"passwords/root".neededForUsers = true;

View File

@ -12,12 +12,12 @@
windowManager.dwm = {
enable = true;
package = pkgs.dwm.overrideAttrs {
# src = /home/sam/.local/share/src/dwm;
src = pkgs.fetchgit {
url = "https://git.bitlab21.com/sam/dwm";
rev = "3e0601b29d879e589703239e064f0baaabb3474b";
sha256 = "sha256-7Hq0vo6YnXKhEUdKjvaAeKodq2l8wwJRzCYJfdHDNMQ=";
};
#src = /home/sam/.local/share/src/dwm;
src = pkgs.fetchgit {
url = "https://git.bitlab21.com/sam/dwm";
rev = "49dd30c0d9970ce480ada51dfcaac1a071804c64";
sha256 = "0ywca25a1pdjvb4cgv5gx36x3yd6922pqvn9a5f60lcn5fv2a96n";
};
};
};
};

View File

@ -9,6 +9,7 @@
# Steam
mangohud
gamemode
gamescope
# WINE
wine
@ -40,9 +41,11 @@
programs.steam = {
enable = true;
gamescopeSession.enable = true;
};
programs.gamemode.enable = true;
programs.gamescope.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {

View File

@ -1,21 +0,0 @@
{ lib, pkgs, ... }:
{
# Using non-Nix Python Packages with Binaries on NixOS https://github.com/mcdonc/.nixconfig/blob/e7885ad18b7980f221e59a21c91b8eb02795b541/videos/pydev/script.rst
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib # numpy
libgcc # sqlalchemy
expat # pyosmium
# that's where the shared libs go, you can find which one you need using
# nix-locate --top-level libstdc++.so.6 (replace this with your lib)
# ^ this requires `nix-index` pkg
];
environment.variables = {
NIX_LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib";
NIX_LD="/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH=lib.mkForce "$NIX_LD_LIBRARY_PATH";
};
}

View File

@ -1,274 +0,0 @@
{
lib,
pkgs,
configVars,
inputs,
config,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "bd-worker";
containerIp = configVars.networking.addresses.bd-worker.ip;
mongodbIp = configVars.networking.addresses.mongodb.ip;
mongodbPort = toString configVars.networking.addresses.mongodb.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
postgresIp = configVars.networking.addresses.postgres.ip;
postgresPort = toString configVars.networking.addresses.postgres.port;
bitcoindIp = configVars.networking.addresses.bitcoin-node.ip;
bitcoindPort = toString configVars.networking.addresses.bitcoin-node.services.bitcoind.port;
#secrets
sshKeyFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."ssh_keys/baseddata-models-access/id_ed25519".path;
notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path;
notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path;
recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path;
mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path;
mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path;
mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path;
postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path;
bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path;
bitcoindRPCPassword= lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
baseddataEnv = "dev";
in {
sops.secrets = {
"ssh_keys/baseddata-models-access/id_ed25519" = {};
"comms/xmpp/notifybot/username" = {};
"comms/xmpp/notifybot/password" = {};
"comms/xmpp/mrsu/username" = {};
"software/mongodb/baseddata/auth" = {};
"software/mongodb/baseddata/username" = {};
"software/mongodb/baseddata/password" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/bitcoind/username" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/root/.ssh/id_ed25519" = {
hostPath = "${sshKeyFile}";
isReadOnly = true;
};
"/run/secrets/notifybotUsername" = {
hostPath = "${notifybotUsername}";
isReadOnly = true;
};
"/run/secrets/notifybotPassword" = {
hostPath = "${notifybotPwd}";
isReadOnly = true;
};
"/run/secrets/recipientUsername" = {
hostPath = "${recipientUsername}";
isReadOnly = true;
};
"/run/secrets/mongoclientAuth" = {
hostPath = "${mongoclientAuth}";
isReadOnly = true;
};
"/run/secrets/mongoclientUser" = {
hostPath = "${mongoclientUser}";
isReadOnly = true;
};
"/run/secrets/mongoclientPassword" = {
hostPath = "${mongoclientPassword}";
isReadOnly = true;
};
"/run/secrets/postgresPassword" = {
hostPath = "${postgresPassword}";
isReadOnly = true;
};
"/run/secrets/postgresUser" = {
hostPath = "${postgresUser}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCPassword" = {
hostPath = "${bitcoindRPCPassword}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCUsername" = {
hostPath = "${bitcoindRPCUsername}";
isReadOnly = true;
};
"/media/baseddata-data" = {
hostPath = "/media/main-ssd/baseddata-data";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
4200
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = [
pkgs.vim
pkgs.git
pkgs.python311
pkgs.poetry
pkgs.aria2
pkgs.osmctools
pkgs.osmium-tool
];
environment.variables = {
BASEDDATA_ENVIRONMENT = "dev";
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
};
systemd.services.baseddata-deploy-service = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
description = "Initiates deployment of application and builds python environment using Poetry";
environment = {
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
ExecStart = pkgs.writeShellScript "baseddata-deploy-service" ''
GITCMD="${pkgs.openssh}/bin/ssh -i /root/.ssh/id_ed25519"
if [ ! -d "/srv/baseddata-models" ]; then
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git clone --branch $BASEDDATA_ENVIRONMENT git@git.bitlab21.com:sam/baseddata-models.git /srv/baseddata-models
else
cd /srv/baseddata-models
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git stash --include-untracked
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git pull
fi
cd /srv/baseddata-models
mkdir .venv
${pkgs.poetry}/bin/poetry install
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-prefect-server = {
wantedBy = ["multi-user.target"];
after = ["baseddata-deploy-service.target"];
description = "Initates the Prefect server";
environment = {
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
WorkingDirectory = "/srv/baseddata-models";
ExecStart = pkgs.writeShellScript "baseddata-prefect-server" ''
# run prefect server
.venv/bin/prefect server start --host 0.0.0.0
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-serve-flows = {
wantedBy = ["multi-user.target"];
after = ["baseddata-prefect-server.target"];
description = "Serves the Prefect flows";
environment = {
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
Environment = "PATH=/run/current-system/sw/bin/";
WorkingDirectory = "/srv/baseddata-models";
ExecStartPre = "${pkgs.coreutils}/bin/timeout 120 ${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat-openbsd}/bin/nc -z ${containerIp} 4200; do sleep 3; done'";
ExecStart = pkgs.writeShellScript "baseddata-serve-flows" ''
# set prefect environment variables
.venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite
.venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite
.venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite
.venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite
.venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite
.venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite
.venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite
.venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite
.venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite
.venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite
.venv/bin/prefect variable set "postgres_pwd" $(cat /run/secrets/postgresPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_password" $(cat /run/secrets/bitcoindRPCPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_username" $(cat /run/secrets/bitcoindRPCUsername) --overwrite
.venv/bin/prefect variable set "bitcoind_ip" ${bitcoindIp} --overwrite
.venv/bin/prefect variable set "bitcoind_port" ${bitcoindPort} --overwrite
.venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite
.venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite
.venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite
.venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite
# serve flows
.venv/bin/python automation/flows/serve-flows.py
'';
Restart = "on-failure";
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib
libgcc
];
programs.ssh.knownHosts = {
"git.bitlab21.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -1,18 +1,16 @@
{
lib,
pkgs,
configVars,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "jellyfin";
containerIp = configVars.networking.addresses.jellyfin.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
container_name = "jellyfin";
container_ip = "10.0.10.6";
in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
"/var/lib/nixos-containers/${container_name}"
];
};
@ -20,7 +18,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
containers.${container_name} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -42,17 +40,17 @@ in {
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"address" = "${container_ip}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
8096
5432
];
};
useHostResolvConf = lib.mkForce false;

View File

@ -1,98 +0,0 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "mongodb";
containerIp = configVars.networking.addresses.mongodb.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
# "/var/db/mongodb" = {
# hostPath = "/media/main-ssd/mongodb";
# isReadOnly = false;
# };
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
27017
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
mongosh
];
# allow unfree packages
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.mongodb
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
services.mongodb = {
enable = true;
# enableAuth = true;
# initialRootPassword = mongodbPasswordPath;
bind_ip = "0.0.0.0";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -2,7 +2,6 @@
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
@ -10,11 +9,8 @@
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
container_name = "bitcoin-node";
container_ip = "10.0.10.4";
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
@ -27,7 +23,7 @@ in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
"/var/lib/nixos-containers/${container_name}"
];
};
@ -35,7 +31,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
containers.${container_name} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -89,8 +85,8 @@ in {
jq
];
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ];
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [ { "address" = "${container_ip}"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
@ -124,7 +120,7 @@ in {
rpc = {
address = "0.0.0.0";
threads = 6;
allowip = allowip;
allowip = ["10.0.0.0/8"];
users = let
name = "bitcoin";
in {
@ -147,7 +143,7 @@ in {
enable = true;
electrumServer = "electrs";
frontend = {
port = mempoolPort;
port = 4080;
address = "0.0.0.0";
};
};

View File

@ -2,16 +2,13 @@
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
postgresPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/postgres/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "postgres";
containerIp = configVars.networking.addresses.postgres.ip;
subnetIp = configVars.networking.addresses.subnet.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
container_name = "postgres";
container_ip = "10.0.10.5";
in {
sops.secrets = {
"software/postgres/postgres/password" = {
@ -21,7 +18,7 @@ in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
"/var/lib/nixos-containers/${container_name}"
];
};
@ -29,7 +26,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
containers.${container_name} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -47,10 +44,10 @@ in {
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"address" = "${container_ip}";
"prefixLength" = 24;
}
];
@ -74,7 +71,6 @@ in {
enableJIT = true;
package = pkgs.postgresql_16;
extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
enableTCPIP = true;
settings = {
max_worker_processes = "12";
max_parallel_workers = "8";
@ -86,11 +82,8 @@ in {
maintenance_work_mem = "64MB";
};
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all postgres peer
host all all ${subnetIp}/24 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
#type database DBuser auth-method
local all all trust
'';
};

View File

@ -1,10 +1,4 @@
{
pkgs,
configVars,
...
}: let
serverIp = configVars.networking.addresses.merlin.ip;
in {
{pkgs, ...}: {
services = {
udev.packages = [pkgs.sane-airscan];
printing = {
@ -22,7 +16,7 @@ in {
sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
netConf = "${serverIp}";
netConf = "10.0.10.2";
};
printers = {
ensurePrinters = [

View File

@ -3,7 +3,6 @@
inputs,
config,
lib,
configVars,
...
}: let
hostname = config.networking.hostName;
@ -11,7 +10,6 @@
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
baseddataPostgresIp = configVars.networking.addresses.postgres.ip;
username = "sam";
in {
users.users.${username} = {
@ -29,7 +27,7 @@ in {
"podman"
];
};
services.tailscale.enable = true;
sops.secrets = {
"passwords/${username}" = {
sopsFile = "${secretsFile}";
@ -57,8 +55,6 @@ in {
"software/postgres/bitcoin/password" = {};
"software/postgres/bitcoin/ip" = {};
"software/postgres/bitcoin/username" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/zotero/username" = {};
"software/zotero/password" = {};
"software/zotero/guid" = {};
@ -89,10 +85,6 @@ in {
{
"url": "postgresql://${config.sops.placeholder."software/postgres/bitcoin/username"}:${config.sops.placeholder."software/postgres/bitcoin/password"}@${config.sops.placeholder."software/postgres/bitcoin/ip"}/bitcoin",
"name": "bitcoin"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata/user_username"}:${config.sops.placeholder."software/postgres/baseddata/user_password"}@${baseddataPostgresIp}/baseddata",
"name": "baseddata"
}
]
'';
@ -107,23 +99,23 @@ in {
target: dev
outputs:
dev:
dbname: dev_baseddata
host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
dbname: dev_baseddata_models
host: ${config.sops.placeholder."software/postgres/baseddata_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
user: ${config.sops.placeholder."software/postgres/baseddata_models/username"}
prod:
dbname: baseddata
host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
dbname: baseddata_models
host: ${config.sops.placeholder."software/postgres/baseddata_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
user: ${config.sops.placeholder."software/postgres/baseddata_models/username"}
'';
};
@ -160,4 +152,8 @@ in {
${username} = import ../../../../home/${hostname}.nix;
};
};
environment.systemPackages = [
#inputs.sqlfmt.packages.x86_64-linux.sqlfmt
];
}

View File

@ -37,7 +37,7 @@ in
};
networking = {
hostName = "merlin";
hostName = "nebula";
networkmanager.enable = true;
enableIPv6 = false;
};

View File

@ -2,7 +2,6 @@
inputs,
lib,
pkgs,
configVars,
...
}: let
# Disko setup
@ -15,10 +14,6 @@
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
semitaIp = configVars.networking.addresses.semita.ip;
in {
imports = [
# Create users for this host
@ -55,9 +50,6 @@ in {
../common/optional/nixos-containers/nix-bitcoin.nix
../common/optional/nixos-containers/postgres.nix
../common/optional/nixos-containers/jellyfin.nix
../common/optional/nixos-containers/baseddata-worker.nix
../common/optional/nixos-containers/mongodb.nix
../common/optional/nix-ld.nix
];
fileSystems."/media/main-ssd" = {
@ -99,11 +91,6 @@ in {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
@ -120,8 +107,8 @@ in {
networking = {
hostName = "semita";
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
defaultGateway = "${gatewayIp}";
nameservers = ["10.0.10.60" "10.0.10.1" "8.8.8.8"];
defaultGateway = "10.0.10.1";
useDHCP = false;
bridges = {
br0 = {
@ -131,7 +118,7 @@ in {
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "${semitaIp}";
"address" = "10.0.10.3";
"prefixLength" = 24;
}
];

View File

@ -1,52 +1,37 @@
{
inputs,
config,
lib,
configVars,
...
}: let
{ inputs, config, lib, pkgs, outputs, ... }:
let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
../common/users/media
in
{
imports =
[
# Create users for this host
../common/users/media
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
# Impermanence
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
# Import core options
./hardware-configuration.nix
../common/core
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/openssh.nix
../common/optional/persistence.nix
../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix
../common/optional/printing.nix
];
# Import optional options
../common/optional/openssh.nix
../common/optional/persistence.nix
../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix
../common/optional/printing.nix
];
boot = {
loader = {
@ -55,13 +40,12 @@ in {
timeout = 3;
};
};
boot.kernelParams = ["i915.enable_psr=0"];
boot.kernelParams = [ "i915.enable_psr=0" ];
networking = {
hostName = "sparky";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
nixpkgs.config.allowUnfreePredicate = pkg:
@ -77,7 +61,7 @@ in {
services.xserver = {
enable = true;
videoDrivers = ["nvidia"];
videoDrivers = [ "nvidia" ];
displayManager.lightdm.enable = true;
exportConfiguration = true;
deviceSection = ''

View File

@ -14,11 +14,6 @@ rebuild-system:
git add *.nix
sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname)
# test full system rebuild from flake (stages changes and automatically detects host)
rebuild-system-test:
git add *.nix
sudo nixos-rebuild test --option eval-cache false --flake .#$(hostname)
# updates all flake inputs for system
update-flake:
nix flake update

View File

@ -6,5 +6,4 @@ pkgs: {
nsxiv = pkgs.callPackage ./nsxiv {};
sqlfmt = pkgs.callPackage ./sqlfmt {};
kunst = pkgs.callPackage ./kunst {};
set_wm_class = pkgs.callPackage ./set_wm_class {};
}

View File

@ -1,35 +0,0 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
, pkg-config ? pkgs.pkg-config
, libX11 ? pkgs.xorg.libX11
}:
pkgs.stdenv.mkDerivation {
pname = "set_wm_class";
name = "set_wm_class";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "set_wm_class";
rev = "b39fb4b360";
sha256 = "sha256-5z2YQof4jbfa1dQll5GLt2OL54UhDKZ4Dzzte7vT0zM=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libX11
];
buildPhase = ''
make
'';
installPhase = ''
mkdir -p $out/bin
mv set_wm_class $out/bin
'';
}

View File

@ -12,8 +12,8 @@ pkgs.stdenv.mkDerivation {
domain = "git.bitlab21.com";
owner = "sam";
repo = "st";
rev = "0e926487c85227aad9eed6667b91e149018014b8";
sha256 = "sha256-aUquoUotLKJDxOISIcx0RUybNvBrytc7+EF7PE1MRJU=";
rev = "31e0ba8cb2086fb12741afc5fc3dfd938ca1f59b";
sha256 = "sha256-dbkXFbNr/lJveMeR7qXo7jGgF5+79S9vqKsLM7XM250=";
};
nativeBuildInputs = [

View File

@ -1,8 +0,0 @@
{ inputs, ... }:
{
inherit (inputs.nix-secrets)
networking
email
;
}