sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sam:master
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules
..
compare: sam:bitcoin
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules

No commits in common. "master" and "bitcoin" have entirely different histories.
master ... bitcoin

52 changed files with 370 additions and 1077 deletions
Show Stats Expand all files Collapse all files

0
.gitignore vendored
View File

77
flake.lock
View File

@ -46,11 +46,11 @@
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
@ -230,11 +230,11 @@
]
},
"locked": {
"lastModified": 1729104314,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"lastModified": 1727854478,
"narHash": "sha256-/odH2nUMAwkMgOS2nG2z0exLQNJS4S2LfMW0teqU7co=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"rev": "5f58871c9657b5fc0a7f65670fe2ba99c26c1d79",
"type": "github"
},
"original": {
@ -348,11 +348,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1730403150,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"lastModified": 1727649413,
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
"type": "github"
},
"original": {
@ -412,11 +412,11 @@
]
},
"locked": {
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"lastModified": 1727707210,
"narHash": "sha256-8XZp5XO2FC6INZEZ2WlwErtvFVpl45ACn8CJ2hfTA0Y=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"rev": "f61d5f2051a387a15817007220e9fb3bbead57b3",
"type": "github"
},
"original": {
@ -426,12 +426,13 @@
}
},
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1730130467,
"narHash": "sha256-mcyG1iu8hNmkDjgDEdFQyCZ3bBxBHFKd4nxT8NreMmY=",
"lastModified": 1728169228,
"narHash": "sha256-WT6kWWqMQE4KBdziZ/uuJ9sPcVg+6QJoOdBPdKAD0gI=",
"ref": "refs/heads/master",
"rev": "c82ff6f7e995503acabb9cf2478e5b4e401968ce",
"revCount": 188,
"rev": "e9709bbb9adc91fb6b4dab5b16e15546cc596695",
"revCount": 165,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},
@ -473,11 +474,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1729973466,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
@ -505,11 +506,11 @@
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"lastModified": 1728018373,
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
"type": "github"
},
"original": {
@ -521,16 +522,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730481737,
"narHash": "sha256-HaUCfqLIFX/4wiSKkKKSTwUNmZd1EMy+lGB+faadQXU=",
"lastModified": 1728067476,
"narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f18ab3b08f56abc54bcc2ef9bbca627d45926fee",
"rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.05",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -549,11 +550,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1729945968,
"narHash": "sha256-4u+nbBSMuXWGCtXxUPPEflRm54+y/HLIbhIep9do8Ew=",
"lastModified": 1728083208,
"narHash": "sha256-jaoWQm2+oAUDU1ft+RWrxcgc/4lHGE0AkZlIBiVjQiQ=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "c05ac01070425ed0797b1ff678dc690c333cea74",
"rev": "e246bd57da2a09b18b0667f7de40dc1c55a94667",
"type": "github"
},
"original": {
@ -565,11 +566,11 @@
},
"nur": {
"locked": {
"lastModified": 1730472538,
"narHash": "sha256-3m4OVGKsbPzMlnS0gVptIZBRlxgqQz+WhfwT+rT823Y=",
"lastModified": 1728121595,
"narHash": "sha256-e9kRLdv2D4Lk6obeLEzm/m2TYcnZuMnVtqtQUKBCMVs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "52c21ec8fde46366b1a5555e18d854ee18012ac8",
"rev": "b638dbc3cd5ecae15140d2de7897dc9395cd128e",
"type": "github"
},
"original": {
@ -602,11 +603,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1729999681,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"lastModified": 1727734513,
"narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"rev": "3198a242e547939c5e659353551b0668ec150268",
"type": "github"
},
"original": {
@ -638,11 +639,11 @@
]
},
"locked": {
"lastModified": 1729613947,
"narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=",
"lastModified": 1727984844,
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "aac86347fb5063960eccb19493e0cadcdb4205ca",
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64",
"type": "github"
},
"original": {

165
flake.nix
View File

@ -3,7 +3,7 @@
inputs = {
# Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/release-24.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# NUR
@ -53,84 +53,99 @@
nix-secrets = {
url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git";
inputs = {};
flake = false;
};
};
outputs = {
self,
nixpkgs,
home-manager,
...
} @ inputs: let
inherit (self) outputs;
systems = [
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
inherit (nixpkgs) lib;
configVars = import ./vars {inherit inputs lib;};
specialArgs = {
inherit
inputs
outputs
configVars
;
};
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays {inherit inputs;};
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
outputs =
{ self
, nixpkgs
, home-manager
, ...
} @ inputs:
let
inherit (self) outputs;
systems = [
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
specialArgs = { inherit inputs outputs; };
in
{
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
# System level configs
nixosConfigurations = {
bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/bootstrap
];
};
sparky = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/sparky
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
semita = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/semita
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
merlin = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
citadel = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/citadel
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
# System level configs
nixosConfigurations = {
nixdev = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nixdev
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
fileserver = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/fileserver
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/bootstrap
];
};
sparky = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/sparky
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
semita = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/semita
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
nebula = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
citadel = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/citadel
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
};
};
};
}

6
home/citadel.nix
View File

@ -1,4 +1,4 @@
{config, pkgs, ...}: {
{config, ...}: {
imports = [
# Import users
./users/sam
@ -15,10 +15,6 @@
./common/optional/yazi.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";

6
home/common/core/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, inputs, outputs, lib, ... }:
{ pkgs, inputs, outputs, ... }:
{
imports = [
inputs.nix-colors.homeManagerModules.default
@ -18,15 +18,13 @@
ripgrep
fzf
eza
bat
killall
pciutils
tree
jq
coreutils
btop
htop
postgresql_16
postgresql
libqalculate
tmux
;

2
home/common/core/nixvim/default.nix
View File

@ -25,11 +25,9 @@
pkgs.shellharden
pkgs.shfmt
pkgs.stylua
pkgs.glow
];
programs.nixvim = {
enable = true;
package = pkgs.neovim-unwrapped;
enableMan = true; # install man pages for nixvim options
clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers
globals.mapleader = " ";

63
home/common/core/nixvim/keymaps.nix
View File

@ -1,11 +1,13 @@
{
programs.nixvim.keymaps = [
programs.nixvim.keymaps = [
# Switching buffers
{
mode = ["n"];
action = "<C-w>h";
key = "<S-h>";
options = {silent = true;};
options = {
silent = true;
};
}
{
mode = ["n"];
@ -50,6 +52,35 @@ programs.nixvim.keymaps = [
options = {noremap = true;};
}
# Telescope Plugin
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
# paste over selected text without yanking it
{
mode = ["v"];
@ -82,33 +113,5 @@ programs.nixvim.keymaps = [
action = ": resize +1<CR>";
options = {noremap = true;};
}
# indent line in or out
{
mode = ["v"];
key = "<";
action = "<gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = ">";
action = ">gv";
options = {noremap = true;};
}
# move selected line up or down
{
mode = ["v"];
key = "J";
action = ":m '>+1<CR>gv=gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = "K";
action = ":m '<-2<CR>gv=gv";
options = {noremap = true;};
}
];
}

22
home/common/core/nixvim/plugins/cmp.nix
View File

@ -3,7 +3,6 @@
cmp-emoji = { enable = true; };
cmp = {
enable = true;
cmdline = {};
settings = {
autoEnableSources = true;
experimental = { ghost_text = true; };
@ -12,7 +11,7 @@
fetchingTimeout = 200;
maxViewEntries = 30;
};
snippet = { expand = "function(args) require('luasnip').lsp_expand(args.body) end"; };
snippet = { expand = "luasnip"; };
formatting = {
fields = [ "kind" "abbr" "menu" ];
format = ''
@ -44,10 +43,14 @@
};
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping.select_prev_item()";
"<C-j>" = "cmp.mapping.select_next_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-e>" = "cmp.mapping.abort()";
"<C-b>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = true })";
};
};
};
@ -55,7 +58,7 @@
cmp-buffer = { enable = true; };
cmp-path = { enable = true; }; # file system paths
cmp_luasnip = { enable = true; }; # snippets
cmp-cmdline = { enable = true; }; # autocomplete for cmdline
cmp-cmdline = { enable = false; }; # autocomplete for cmdline
};
programs.nixvim.extraConfigLua = ''
luasnip = require("luasnip")
@ -91,15 +94,22 @@
-- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline({'/', "?" }, {
mapping = cmp.mapping.preset.cmdline(),
sources = {
{ name = 'buffer' }
}
})
-- Set configuration for specific filetype.
cmp.setup.filetype('gitcommit', {
sources = cmp.config.sources({
{ name = 'cmp_git' }, -- You can specify the `cmp_git` source if you were installed it.
}, {
{ name = 'buffer' },
})
})
-- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({
{ name = 'path' }
}, {

12
home/common/core/nixvim/plugins/conform.nix
View File

@ -38,16 +38,4 @@
}
'';
programs.nixvim.keymaps = [
# format document with Conform
{
mode = ["n"];
key = "<leader>cf";
action = "<CMD>Format<CR>";
options = {
silent = true;
desc = "Conform auto-format document";
};
}
];
}

35
home/common/core/nixvim/plugins/default.nix
View File

@ -5,7 +5,6 @@
}: let
user = config.home.username;
in {
imports = [
./cmp.nix
./colorizer.nix
@ -33,18 +32,6 @@ in {
pkgs.vimPlugins.vim-dadbod-ui
pkgs.vimPlugins.vim-dadbod-completion
pkgs.vimPlugins.fugitive
(pkgs.vimUtils.buildVimPlugin
{
name = "glow.nvim";
src = pkgs.fetchFromGitHub {
owner = "ellisonleao";
repo = "glow.nvim";
rev = "238070a";
sha256 = "sha256-GsNcASzVvY0066kak2nvUY5luzanoBclqcUOsODww8g=";
};
})
(pkgs.vimUtils.buildVimPlugin
{
name = "buffer_manager.nvim";
@ -71,18 +58,6 @@ in {
pkgs.vimPlugins.vim-devicons
];
programs.nixvim.extraConfigLua = ''
-- function to read api key from secrets file
local function read_api_key(file_path)
local file = io.open(file_path, "r")
if file then
local api_key = file:read("*all")
file:close()
return api_key
else
error("Failed to open file: " .. file_path)
end
end
-- buffer_manager.nvim
local opts = {noremap = true}
@ -109,16 +84,6 @@ in {
}
)
require('glow').setup({
border = "shadow",
style = "dark",
pager = false,
width = 80,
height = 100,
width_ratio = 0.7,
height_ratio = 0.7,
})
-- Custom color for modified buffers
vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" })

1
home/common/core/nixvim/plugins/harpoon.nix
View File

@ -3,7 +3,6 @@
enable = true;
keymaps = {
toggleQuickMenu = "<leader>h";
addFile = "<leader>a";
};
};
}

17
home/common/core/nixvim/plugins/lsp.nix
View File

@ -1,25 +1,10 @@
{ osConfig , ... }:
let
hostname = osConfig.networking.hostName;
in
{
programs.nixvim.plugins = {
lsp = {
enable = true;
servers = {
lua-ls = {enable = true;};
nixd = {
enable = true;
cmd = ["nixd"];
settings = {
nixpkgs.expr = "import <nixpkgs> { }";
options = {
nixos.expr = "(builtins.getFlake \"/etc/nixos\").nixosConfigurations.${hostname}.options";
# TODO get home-manager options working when hm imported as submodule
# home_manager.expr = "(builtins.getFlake \"github:nix-community/home-manager\").homeConfigurations.${hostname}.options";
};
};
};
nixd = {enable = true;};
bashls = {enable = true;};
pyright = {enable = true;};
html = {enable = true;};

4
home/common/core/nixvim/plugins/oil.nix
View File

@ -1,9 +1,5 @@
{
programs.nixvim.plugins.oil = {
enable = true;
settings = {
columns = ["icon"];
view_options.show_hidden = true;
};
};
}

44
home/common/core/nixvim/plugins/telescope.nix
View File

@ -3,48 +3,4 @@
enable = true;
extensions.fzy-native.enable = true;
};
programs.nixvim.keymaps = [
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# grep string under cursor
mode = ["n"];
key = "<Leader>fs";
action = "<cmd>Telescope string_grep<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
{
# show recently opened files
mode = ["n"];
key = "<Leader>fo";
action = "<cmd>Telescope oldfiles<CR>";
options = {noremap = true;};
}
];
}

3
home/common/core/zsh.nix
View File

@ -9,9 +9,6 @@
shellAliases = {
ll = "ls -l";
src = "cd ~/.local/share/src";
no = "cd /etc/nixos";
cat = "bat --decorations=never";
ls = "eza";
};
history.size = 10000;
history.path = "${config.xdg.dataHome}/zsh/history";

14
home/common/optional/desktop/common/default.nix
View File

@ -15,20 +15,8 @@
pkgs.kcolorchooser
pkgs.zotero
pkgs.transmission
pkgs.qgis
pkgs.mpv
pkgs.gnome.simple-scan
pkgs.pandoc
pkgs.texlive.combined.scheme-small
pkgs.libreoffice-fresh
pkgs.hunspell
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en_US
pkgs.set_wm_class
pkgs.xorg.xkill
pkgs.krita
pkgs.R
pkgs.gimp
pkgs.gajim
];
}

76
home/common/optional/desktop/common/firefox.nix
View File

@ -1,53 +1,38 @@
{
pkgs,
config,
configVars,
...
}: let
{ pkgs, config, ... }:
let
user = config.home.username;
jellyfinIp = configVars.networking.addresses.jellyfin.ip;
jellyfinPort = configVars.networking.addresses.jellyfin.port;
bitcoinNodeIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
in {
in
{
programs.firefox = {
enable = true;
profiles.${user} = {
search = {
force = true;
default = "Searx";
order = ["Searx" "DuckDuckGo"];
order = [ "Searx" "DuckDuckGo" ];
engines = {
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"];
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}];
urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"];
definedAliases = [ "@nw" ];
};
"Searx" = {
urls = [{template = "http://10.0.10.35:8855/?q={searchTerms}";}];
urls = [{ template = "http://10.0.10.35:8855/?q={searchTerms}"; }];
iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@searx"];
definedAliases = [ "@searx" ];
};
"Bing".metaData.hidden = true;
"Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
@ -56,22 +41,16 @@ in {
bookmarks = [
{
name = "toolbar";
toolbar = true;
bookmarks = [
{
name = "Jellyfin";
url = "http://${jellyfinIp}:${jellyfinPort}";
}
{
name = "Mempool";
url = "http://${bitcoinNodeIp}:${toString mempoolPort}";
}
{
name = "Nixos Package Search";
url = "https://search.nixos.org/packages";
}
];
name = "wikipedia";
tags = [ "wiki" ];
keyword = "wiki";
url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go";
}
{
name = "bitlab21";
tags = [ "bitcoin" ];
keyword = "bitcoin";
url = "https://bitlab21.com";
}
];
@ -96,6 +75,7 @@ in {
privacy-badger
zotero-connector
];
};
};
}

13
home/common/optional/desktop/common/kodi.nix
View File

@ -1,13 +0,0 @@
{
pkgs,
...
}: {
programs.kodi = {
enable = true;
package = pkgs.kodi.withPackages (kodiPkgs:
with kodiPkgs; [
netflix
jellycon
]);
};
}

5
home/common/optional/desktop/common/x11/default.nix
View File

@ -11,9 +11,4 @@
pkgs.feh
];
programs.chromium = {
enable = true;
package = pkgs.brave;
};
}

2
home/common/optional/desktop/dwm/default.nix
View File

@ -31,8 +31,6 @@
./scripts/aichat-wrapper.nix
./scripts/dmenu-wifi.nix
./scripts/battery-status.nix
./scripts/dmenu-set-wm-class.nix
./scripts/key-remaps.nix
];
home.packages = [

13
home/common/optional/desktop/dwm/scripts/dmenu-set-wm-class.nix
View File

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-set-wm-class" ''
${libnotify}/bin/notify-send "Set Window Class" "Select window..."
winid=$(${xorg.xwininfo}/bin/xwininfo | grep "Window id:" | grep -o "0x[0-9a-fA-F]*")
class=$(${xorg.xprop}/bin/xprop -id "$winid" WM_CLASS | grep -o "\".*\"$")
new_class=$( echo "" | ${dmenu}/bin/dmenu -p "Selected: $class. Set class name of window:")
[ -z "$new_class" ] && ${libnotify}/bin/notify-send "Set Window Class" "Nothing set, exiting" && exit
${set_wm_class}/bin/set_wm_class "$winid" "$new_class"
'')
];
}

11
home/common/optional/desktop/dwm/scripts/key-remaps.nix
View File

@ -1,11 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
(writeShellScriptBin "key-remaps" ''
${xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
${xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
${xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
${xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
${xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
'')
];
}

3
home/common/optional/desktop/dwm/sxhkdrc.nix
View File

@ -26,9 +26,6 @@
control + F7
emoji-picker
control + F4
dmenu-set-wm-class
'';
};
}

4
home/common/optional/desktop/dwm/xinitrc.nix
View File

@ -1,4 +1,4 @@
{...}: {
{pkgs, ...}: {
# TODO: configure x11 to look in .config/x11
home.file.".xinitrc" = {
recursive = true;
@ -7,7 +7,7 @@
picom -b --config ~/.config/picom/picom.conf
xrdb -merge ~/.Xresources
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd key-remaps"
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd"
for program in $autostart; do
pidof -sx "$program" || "$program" &

7
home/common/optional/git.nix
View File

@ -1,13 +1,10 @@
{ pkgs, configVars, ... }:
let
email = configVars.email.user;
in
{ pkgs, ... }:
{
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Sam";
userEmail = "${email}";
userEmail = "samual.shop@proton.me";
aliases = { };
extraConfig = {
pull.rebase = false;

14
home/fileserver.nix Normal file
View File

@ -0,0 +1,14 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
}

13
home/nebula.nix Normal file
View File

@ -0,0 +1,13 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

29
home/nixdev.nix Normal file
View File

@ -0,0 +1,29 @@
{ ...
}: {
imports = [
# Import users
./users/sam
./common/core
./common/optional/desktop/hyprland
./common/optional/desktop/waybar.nix
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
# ------
# | DP-1
# ------
monitors = [
{
name = "Virtual-1";
width = 2048;
height = 1152;
x = 0;
workspace = "1";
primary = true;
}
];
}

4
home/semita.nix
View File

@ -20,10 +20,6 @@
./common/optional/transmission.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";

1
home/sparky.nix
View File

@ -11,7 +11,6 @@
./common/optional/git.nix
./common/optional/syncthing.nix
./common/optional/desktop/cinnamon
./common/optional/desktop/common/kodi.nix
];

107
hosts/citadel/default.nix
View File

@ -3,7 +3,6 @@
lib,
pkgs,
config,
configVars,
...
}: let
# Disko setup
@ -16,8 +15,6 @@
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
@ -53,8 +50,6 @@ in {
../common/optional/printing.nix
../common/optional/backlight.nix
../common/optional/xmodmap-arrow-remaps.nix
../common/optional/nix-ld.nix
../common/optional/gaming.nix
];
boot = {
@ -72,34 +67,15 @@ in {
};
};
swapDevices = [
{
device = "/.swapvol/swapfile";
size = 32 * 1024;
}
];
services = {
libinput.touchpad.accelSpeed = "0.5";
xserver = {
xkb.options = "caps:swapescape";
dpi = 196;
upscaleDefaultCursor = true;
# FIXME this doesnt work for some reason
# displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" ''
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
# '';
};
};
# fix cpu throttling on Lenovo Thinkpad
# see: https://github.com/erpalma/throttled
services.throttled.enable = true;
environment.variables = {
GDK_SCALE = "2.2";
GDK_DPI_SCALE = "0.8";
@ -108,16 +84,16 @@ in {
XCURSOR_SIZE = "64";
};
# services.tlp = {
# enable = true;
# settings = {
# CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
# CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#
# START_CHARGE_THRESH_BAT0 = 50;
# STOP_CHARGE_THRESH_BAT0 = 95;
# };
# };
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
START_CHARGE_THRESH_BAT0 = 50;
STOP_CHARGE_THRESH_BAT0 = 95;
};
};
hardware = {
bluetooth = {
@ -130,72 +106,11 @@ in {
];
};
# nvidia
hardware.opengl = {
enable = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
nvidiaPersistenced = true;
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = true;
# FIXME issue with stable nvidia driver and latest linux kernel
# use mkDriver to specify newer nvidia driver that is compatible
# see: https://github.com/NixOS/nixpkgs/issues/341844#issuecomment-2351075413
# and https://discourse.nixos.org/t/builder-for-nvidia-x11-550-78-6-10-drv-failed-with-exit-code-2/49360/32
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "555.58.02";
sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM=";
sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8=";
openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY=";
settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw=";
};
};
# https://bbs.archlinux.org/viewtopic.php?id=297276 for NVreg_EnableGpuFirmware fix
# https://discourse.nixos.org/t/how-to-use-nvidia-prime-offload-to-run-the-x-server-on-the-integrated-board/9091/15
# for udev rules to disable dGPU when not in use
boot.extraModprobeConfig = ''
options nvidia NVreg_DynamicPowerManagement=0x02
options nvidia NVreg_EnableGpuFirmware=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
networking = {
hostName = "citadel";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
nameservers = ["10.0.10.60" "8.8.8.8"];
};
services.libinput.enable = true;

7
hosts/common/core/default.nix
View File

@ -37,19 +37,12 @@ in
};
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [
pkgs.rsync
pkgs.curl
pkgs.just
pkgs.git
pkgs.vim
pkgs.linuxKernel.packages.linux_zen.cpupower
];
system.stateVersion = "24.05";

16
hosts/common/core/sops.nix
View File

@ -1,13 +1,13 @@
{
lib,
inputs,
config,
...
}: let
{ pkgs, lib, inputs, config, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = config.environment.persistence ? "/persist";
in {
hostname = config.networking.hostName;
in
{
imports = [
inputs.sops-nix.nixosModules.sops
];
@ -17,7 +17,7 @@ in {
validateSopsFiles = false;
age = {
sshKeyPaths = ["${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"];
sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ];
};
secrets = {
"passwords/root".neededForUsers = true;

12
hosts/common/optional/dwm.nix
View File

@ -12,12 +12,12 @@
windowManager.dwm = {
enable = true;
package = pkgs.dwm.overrideAttrs {
# src = /home/sam/.local/share/src/dwm;
src = pkgs.fetchgit {
url = "https://git.bitlab21.com/sam/dwm";
rev = "3e0601b29d879e589703239e064f0baaabb3474b";
sha256 = "sha256-7Hq0vo6YnXKhEUdKjvaAeKodq2l8wwJRzCYJfdHDNMQ=";
};
#src = /home/sam/.local/share/src/dwm;
src = pkgs.fetchgit {
url = "https://git.bitlab21.com/sam/dwm";
rev = "49dd30c0d9970ce480ada51dfcaac1a071804c64";
sha256 = "0ywca25a1pdjvb4cgv5gx36x3yd6922pqvn9a5f60lcn5fv2a96n";
};
};
};
};

3
hosts/common/optional/gaming.nix
View File

@ -9,6 +9,7 @@
# Steam
mangohud
gamemode
gamescope
# WINE
wine
@ -40,9 +41,11 @@
programs.steam = {
enable = true;
gamescopeSession.enable = true;
};
programs.gamemode.enable = true;
programs.gamescope.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {

21
hosts/common/optional/nix-ld.nix
View File

@ -1,21 +0,0 @@
{ lib, pkgs, ... }:
{
# Using non-Nix Python Packages with Binaries on NixOS https://github.com/mcdonc/.nixconfig/blob/e7885ad18b7980f221e59a21c91b8eb02795b541/videos/pydev/script.rst
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib # numpy
libgcc # sqlalchemy
expat # pyosmium
# that's where the shared libs go, you can find which one you need using
# nix-locate --top-level libstdc++.so.6 (replace this with your lib)
# ^ this requires `nix-index` pkg
];
environment.variables = {
NIX_LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib";
NIX_LD="/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH=lib.mkForce "$NIX_LD_LIBRARY_PATH";
};
}

274
hosts/common/optional/nixos-containers/baseddata-worker.nix
View File

@ -1,274 +0,0 @@
{
lib,
pkgs,
configVars,
inputs,
config,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "bd-worker";
containerIp = configVars.networking.addresses.bd-worker.ip;
mongodbIp = configVars.networking.addresses.mongodb.ip;
mongodbPort = toString configVars.networking.addresses.mongodb.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
postgresIp = configVars.networking.addresses.postgres.ip;
postgresPort = toString configVars.networking.addresses.postgres.port;
bitcoindIp = configVars.networking.addresses.bitcoin-node.ip;
bitcoindPort = toString configVars.networking.addresses.bitcoin-node.services.bitcoind.port;
#secrets
sshKeyFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."ssh_keys/baseddata-models-access/id_ed25519".path;
notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path;
notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path;
recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path;
mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path;
mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path;
mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path;
postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path;
bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path;
bitcoindRPCPassword= lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
baseddataEnv = "dev";
in {
sops.secrets = {
"ssh_keys/baseddata-models-access/id_ed25519" = {};
"comms/xmpp/notifybot/username" = {};
"comms/xmpp/notifybot/password" = {};
"comms/xmpp/mrsu/username" = {};
"software/mongodb/baseddata/auth" = {};
"software/mongodb/baseddata/username" = {};
"software/mongodb/baseddata/password" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/bitcoind/username" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/root/.ssh/id_ed25519" = {
hostPath = "${sshKeyFile}";
isReadOnly = true;
};
"/run/secrets/notifybotUsername" = {
hostPath = "${notifybotUsername}";
isReadOnly = true;
};
"/run/secrets/notifybotPassword" = {
hostPath = "${notifybotPwd}";
isReadOnly = true;
};
"/run/secrets/recipientUsername" = {
hostPath = "${recipientUsername}";
isReadOnly = true;
};
"/run/secrets/mongoclientAuth" = {
hostPath = "${mongoclientAuth}";
isReadOnly = true;
};
"/run/secrets/mongoclientUser" = {
hostPath = "${mongoclientUser}";
isReadOnly = true;
};
"/run/secrets/mongoclientPassword" = {
hostPath = "${mongoclientPassword}";
isReadOnly = true;
};
"/run/secrets/postgresPassword" = {
hostPath = "${postgresPassword}";
isReadOnly = true;
};
"/run/secrets/postgresUser" = {
hostPath = "${postgresUser}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCPassword" = {
hostPath = "${bitcoindRPCPassword}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCUsername" = {
hostPath = "${bitcoindRPCUsername}";
isReadOnly = true;
};
"/media/baseddata-data" = {
hostPath = "/media/main-ssd/baseddata-data";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
4200
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = [
pkgs.vim
pkgs.git
pkgs.python311
pkgs.poetry
pkgs.aria2
pkgs.osmctools
pkgs.osmium-tool
];
environment.variables = {
BASEDDATA_ENVIRONMENT = "dev";
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
};
systemd.services.baseddata-deploy-service = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
description = "Initiates deployment of application and builds python environment using Poetry";
environment = {
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
ExecStart = pkgs.writeShellScript "baseddata-deploy-service" ''
GITCMD="${pkgs.openssh}/bin/ssh -i /root/.ssh/id_ed25519"
if [ ! -d "/srv/baseddata-models" ]; then
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git clone --branch $BASEDDATA_ENVIRONMENT git@git.bitlab21.com:sam/baseddata-models.git /srv/baseddata-models
else
cd /srv/baseddata-models
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git stash --include-untracked
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git pull
fi
cd /srv/baseddata-models
mkdir .venv
${pkgs.poetry}/bin/poetry install
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-prefect-server = {
wantedBy = ["multi-user.target"];
after = ["baseddata-deploy-service.target"];
description = "Initates the Prefect server";
environment = {
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
WorkingDirectory = "/srv/baseddata-models";
ExecStart = pkgs.writeShellScript "baseddata-prefect-server" ''
# run prefect server
.venv/bin/prefect server start --host 0.0.0.0
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-serve-flows = {
wantedBy = ["multi-user.target"];
after = ["baseddata-prefect-server.target"];
description = "Serves the Prefect flows";
environment = {
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
Environment = "PATH=/run/current-system/sw/bin/";
WorkingDirectory = "/srv/baseddata-models";
ExecStartPre = "${pkgs.coreutils}/bin/timeout 120 ${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat-openbsd}/bin/nc -z ${containerIp} 4200; do sleep 3; done'";
ExecStart = pkgs.writeShellScript "baseddata-serve-flows" ''
# set prefect environment variables
.venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite
.venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite
.venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite
.venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite
.venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite
.venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite
.venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite
.venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite
.venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite
.venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite
.venv/bin/prefect variable set "postgres_pwd" $(cat /run/secrets/postgresPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_password" $(cat /run/secrets/bitcoindRPCPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_username" $(cat /run/secrets/bitcoindRPCUsername) --overwrite
.venv/bin/prefect variable set "bitcoind_ip" ${bitcoindIp} --overwrite
.venv/bin/prefect variable set "bitcoind_port" ${bitcoindPort} --overwrite
.venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite
.venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite
.venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite
.venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite
# serve flows
.venv/bin/python automation/flows/serve-flows.py
'';
Restart = "on-failure";
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib
libgcc
];
programs.ssh.knownHosts = {
"git.bitlab21.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

16
hosts/common/optional/nixos-containers/jellyfin.nix
View File

@ -1,18 +1,16 @@
{
lib,
pkgs,
configVars,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "jellyfin";
containerIp = configVars.networking.addresses.jellyfin.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
container_name = "jellyfin";
container_ip = "10.0.10.6";
in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
"/var/lib/nixos-containers/${container_name}"
];
};
@ -20,7 +18,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
containers.${container_name} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -42,17 +40,17 @@ in {
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"address" = "${container_ip}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
8096
5432
];
};
useHostResolvConf = lib.mkForce false;

98
hosts/common/optional/nixos-containers/mongodb.nix
View File

@ -1,98 +0,0 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "mongodb";
containerIp = configVars.networking.addresses.mongodb.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
# "/var/db/mongodb" = {
# hostPath = "/media/main-ssd/mongodb";
# isReadOnly = false;
# };
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
27017
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
mongosh
];
# allow unfree packages
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.mongodb
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
services.mongodb = {
enable = true;
# enableAuth = true;
# initialRootPassword = mongodbPasswordPath;
bind_ip = "0.0.0.0";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

20
hosts/common/optional/nixos-containers/nix-bitcoin.nix
View File

@ -2,7 +2,6 @@
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
@ -10,11 +9,8 @@
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
container_name = "bitcoin-node";
container_ip = "10.0.10.4";
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
@ -27,7 +23,7 @@ in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
"/var/lib/nixos-containers/${container_name}"
];
};
@ -35,7 +31,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
containers.${container_name} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -89,8 +85,8 @@ in {
jq
];
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ];
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [ { "address" = "${container_ip}"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
@ -124,7 +120,7 @@ in {
rpc = {
address = "0.0.0.0";
threads = 6;
allowip = allowip;
allowip = ["10.0.0.0/8"];
users = let
name = "bitcoin";
in {
@ -147,7 +143,7 @@ in {
enable = true;
electrumServer = "electrs";
frontend = {
port = mempoolPort;
port = 4080;
address = "0.0.0.0";
};
};

23
hosts/common/optional/nixos-containers/postgres.nix
View File

@ -2,16 +2,13 @@
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
postgresPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/postgres/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "postgres";
containerIp = configVars.networking.addresses.postgres.ip;
subnetIp = configVars.networking.addresses.subnet.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
container_name = "postgres";
container_ip = "10.0.10.5";
in {
sops.secrets = {
"software/postgres/postgres/password" = {
@ -21,7 +18,7 @@ in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
"/var/lib/nixos-containers/${container_name}"
];
};
@ -29,7 +26,7 @@ in {
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
containers.${container_name} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
@ -47,10 +44,10 @@ in {
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"address" = "${container_ip}";
"prefixLength" = 24;
}
];
@ -74,7 +71,6 @@ in {
enableJIT = true;
package = pkgs.postgresql_16;
extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
enableTCPIP = true;
settings = {
max_worker_processes = "12";
max_parallel_workers = "8";
@ -86,11 +82,8 @@ in {
maintenance_work_mem = "64MB";
};
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all postgres peer
host all all ${subnetIp}/24 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
#type database DBuser auth-method
local all all trust
'';
};

10
hosts/common/optional/printing.nix
View File

@ -1,10 +1,4 @@
{
pkgs,
configVars,
...
}: let
serverIp = configVars.networking.addresses.merlin.ip;
in {
{pkgs, ...}: {
services = {
udev.packages = [pkgs.sane-airscan];
printing = {
@ -22,7 +16,7 @@ in {
sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
netConf = "${serverIp}";
netConf = "10.0.10.2";
};
printers = {
ensurePrinters = [

30
hosts/common/users/sam/default.nix
View File

@ -3,7 +3,6 @@
inputs,
config,
lib,
configVars,
...
}: let
hostname = config.networking.hostName;
@ -11,7 +10,6 @@
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml";
baseddataPostgresIp = configVars.networking.addresses.postgres.ip;
username = "sam";
in {
users.users.${username} = {
@ -29,7 +27,7 @@ in {
"podman"
];
};
services.tailscale.enable = true;
sops.secrets = {
"passwords/${username}" = {
sopsFile = "${secretsFile}";
@ -57,8 +55,6 @@ in {
"software/postgres/bitcoin/password" = {};
"software/postgres/bitcoin/ip" = {};
"software/postgres/bitcoin/username" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/zotero/username" = {};
"software/zotero/password" = {};
"software/zotero/guid" = {};
@ -89,10 +85,6 @@ in {
{
"url": "postgresql://${config.sops.placeholder."software/postgres/bitcoin/username"}:${config.sops.placeholder."software/postgres/bitcoin/password"}@${config.sops.placeholder."software/postgres/bitcoin/ip"}/bitcoin",
"name": "bitcoin"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata/user_username"}:${config.sops.placeholder."software/postgres/baseddata/user_password"}@${baseddataPostgresIp}/baseddata",
"name": "baseddata"
}
]
'';
@ -107,23 +99,23 @@ in {
target: dev
outputs:
dev:
dbname: dev_baseddata
host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
dbname: dev_baseddata_models
host: ${config.sops.placeholder."software/postgres/baseddata_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
user: ${config.sops.placeholder."software/postgres/baseddata_models/username"}
prod:
dbname: baseddata
host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
dbname: baseddata_models
host: ${config.sops.placeholder."software/postgres/baseddata_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata_models/password"}'
port: 5432
schema: models
threads: 6
type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
user: ${config.sops.placeholder."software/postgres/baseddata_models/username"}
'';
};
@ -160,4 +152,8 @@ in {
${username} = import ../../../../home/${hostname}.nix;
};
};
environment.systemPackages = [
#inputs.sqlfmt.packages.x86_64-linux.sqlfmt
];
}

2
hosts/merlin/default.nix → hosts/nebula/default.nix
View File

@ -37,7 +37,7 @@ in
};
networking = {
hostName = "merlin";
hostName = "nebula";
networkmanager.enable = true;
enableIPv6 = false;
};

0
hosts/merlin/hardware-configuration.nix → hosts/nebula/hardware-configuration.nix
View File

19
hosts/semita/default.nix
View File

@ -2,7 +2,6 @@
inputs,
lib,
pkgs,
configVars,
...
}: let
# Disko setup
@ -15,10 +14,6 @@
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
semitaIp = configVars.networking.addresses.semita.ip;
in {
imports = [
# Create users for this host
@ -55,9 +50,6 @@ in {
../common/optional/nixos-containers/nix-bitcoin.nix
../common/optional/nixos-containers/postgres.nix
../common/optional/nixos-containers/jellyfin.nix
../common/optional/nixos-containers/baseddata-worker.nix
../common/optional/nixos-containers/mongodb.nix
../common/optional/nix-ld.nix
];
fileSystems."/media/main-ssd" = {
@ -99,11 +91,6 @@ in {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
@ -120,8 +107,8 @@ in {
networking = {
hostName = "semita";
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
defaultGateway = "${gatewayIp}";
nameservers = ["10.0.10.60" "10.0.10.1" "8.8.8.8"];
defaultGateway = "10.0.10.1";
useDHCP = false;
bridges = {
br0 = {
@ -131,7 +118,7 @@ in {
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "${semitaIp}";
"address" = "10.0.10.3";
"prefixLength" = 24;
}
];

70
hosts/sparky/default.nix
View File

@ -1,52 +1,37 @@
{
inputs,
config,
lib,
configVars,
...
}: let
{ inputs, config, lib, pkgs, outputs, ... }:
let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
../common/users/media
in
{
imports =
[
# Create users for this host
../common/users/media
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
# Impermanence
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
# Import core options
./hardware-configuration.nix
../common/core
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/openssh.nix
../common/optional/persistence.nix
../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix
../common/optional/printing.nix
];
# Import optional options
../common/optional/openssh.nix
../common/optional/persistence.nix
../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix
../common/optional/printing.nix
];
boot = {
loader = {
@ -55,13 +40,12 @@ in {
timeout = 3;
};
};
boot.kernelParams = ["i915.enable_psr=0"];
boot.kernelParams = [ "i915.enable_psr=0" ];
networking = {
hostName = "sparky";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
nixpkgs.config.allowUnfreePredicate = pkg:
@ -77,7 +61,7 @@ in {
services.xserver = {
enable = true;
videoDrivers = ["nvidia"];
videoDrivers = [ "nvidia" ];
displayManager.lightdm.enable = true;
exportConfiguration = true;
deviceSection = ''

5
justfile
View File

@ -14,11 +14,6 @@ rebuild-system:
git add *.nix
sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname)
# test full system rebuild from flake (stages changes and automatically detects host)
rebuild-system-test:
git add *.nix
sudo nixos-rebuild test --option eval-cache false --flake .#$(hostname)
# updates all flake inputs for system
update-flake:
nix flake update

1
pkgs/default.nix
View File

@ -6,5 +6,4 @@ pkgs: {
nsxiv = pkgs.callPackage ./nsxiv {};
sqlfmt = pkgs.callPackage ./sqlfmt {};
kunst = pkgs.callPackage ./kunst {};
set_wm_class = pkgs.callPackage ./set_wm_class {};
}

35
pkgs/set_wm_class/default.nix
View File

@ -1,35 +0,0 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
, pkg-config ? pkgs.pkg-config
, libX11 ? pkgs.xorg.libX11
}:
pkgs.stdenv.mkDerivation {
pname = "set_wm_class";
name = "set_wm_class";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "set_wm_class";
rev = "b39fb4b360";
sha256 = "sha256-5z2YQof4jbfa1dQll5GLt2OL54UhDKZ4Dzzte7vT0zM=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libX11
];
buildPhase = ''
make
'';
installPhase = ''
mkdir -p $out/bin
mv set_wm_class $out/bin
'';
}

4
pkgs/st/default.nix
View File

@ -12,8 +12,8 @@ pkgs.stdenv.mkDerivation {
domain = "git.bitlab21.com";
owner = "sam";
repo = "st";
rev = "0e926487c85227aad9eed6667b91e149018014b8";
sha256 = "sha256-aUquoUotLKJDxOISIcx0RUybNvBrytc7+EF7PE1MRJU=";
rev = "31e0ba8cb2086fb12741afc5fc3dfd938ca1f59b";
sha256 = "sha256-dbkXFbNr/lJveMeR7qXo7jGgF5+79S9vqKsLM7XM250=";
};
nativeBuildInputs = [

8
vars/default.nix
View File

@ -1,8 +0,0 @@
{ inputs, ... }:
{
inherit (inputs.nix-secrets)
networking
email
;
}