From ed7833b3e990bdbe27ba92dcb4be76ab63b283ba Mon Sep 17 00:00:00 2001 From: Alexander Szczepanski Date: Sun, 3 Nov 2024 09:13:27 +0100 Subject: [PATCH] desktop-2024-11-03-09-13-27 --- configs/browser.nix | 8 +- configs/common-server.nix | 10 +- configs/common.nix | 37 +- configs/develop.nix | 5 +- configs/docker.nix | 7 +- configs/games.nix | 9 +- configs/hardware.nix | 6 +- configs/plasma-wayland.nix | 7 +- configs/plasma.nix | 60 -- configs/printing.nix | 8 +- configs/user-gui.nix | 17 +- configs/user.nix | 43 +- configs/virtualisation.nix | 5 +- flake.nix | 167 +++-- machine/desktop/configuration.nix | 34 +- machine/desktop/hardware-configuration.nix | 37 +- machine/framework/configuration.nix | 82 ++- machine/framework/hardware-configuration.nix | 31 +- machine/mini/configuration.nix | 36 +- machine/mini/hardware-configuration.nix | 45 +- machine/nixos-libvirt/configuration.nix | 62 -- .../nixos-libvirt/hardware-configuration.nix | 31 - machine/nixos-virtualbox/configuration.nix | 17 +- .../hardware-configuration.nix | 90 ++- machine/nixos-vm.nix | 51 -- machine/vps-arm/configuration.nix | 31 +- machine/vps-arm/hardware-configuration.nix | 42 +- machine/vps.nix | 621 ------------------ overlays/default.nix | 2 +- pkgs/psensor/default.nix | 32 +- services/adguardhome.nix | 48 +- services/frigate.nix | 26 +- services/gitea.nix | 8 +- services/goaccess.nix | 19 +- services/headscale.nix | 11 +- services/nextcloud.nix | 11 +- services/rustdesk-server.nix | 6 +- services/uptime-kuma.nix | 8 +- 38 files changed, 525 insertions(+), 1245 deletions(-) delete mode 100755 configs/plasma.nix delete mode 100755 machine/nixos-libvirt/configuration.nix delete mode 100644 machine/nixos-libvirt/hardware-configuration.nix delete mode 100755 machine/nixos-vm.nix delete mode 100755 machine/vps.nix diff --git a/configs/browser.nix b/configs/browser.nix index 2076b5b..fb7b268 100755 --- a/configs/browser.nix +++ b/configs/browser.nix @@ -1,12 +1,14 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + ... +}: { programs.firefox = { enable = true; - # nativeMessagingHosts.packages = with pkgs; [ uget-integrator ]; }; environment.systemPackages = with pkgs; [ - # uget brave librewolf tor-browser-bundle-bin diff --git a/configs/common-server.nix b/configs/common-server.nix index a74cf33..c5aff2e 100755 --- a/configs/common-server.nix +++ b/configs/common-server.nix @@ -1,9 +1,13 @@ -{ config, lib, pkgs, ... }: { - imports = [ ../configs/common.nix ../configs/docker.nix ../configs/user.nix ]; + config, + lib, + pkgs, + ... +}: { + imports = [../configs/common.nix ../configs/docker.nix ../configs/user.nix]; fileSystems."/export/docker" = { device = "/home/alex/docker"; - options = [ "bind" ]; + options = ["bind"]; }; } diff --git a/configs/common.nix b/configs/common.nix index 580c342..056c1e3 100755 --- a/configs/common.nix +++ b/configs/common.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + inputs, + ... +}: { boot = { tmp = { useTmpfs = lib.mkDefault true; @@ -7,7 +12,7 @@ }; # kernelParams = [ "quiet" ]; consoleLogLevel = 0; - kernel.sysctl = { "vm.max_map_count" = 262144; }; + kernel.sysctl = {"vm.max_map_count" = 262144;}; # initrd.systemd.enable = (!config.boot.swraid.enable && !config.boot.isContainer); }; @@ -18,7 +23,7 @@ # Don't install the /lib/ld-linux.so.2 stub. This saves one instance of nixpkgs. ldso32 = null; - shells = with pkgs; [ bashInteractive zsh ]; + shells = with pkgs; [bashInteractive zsh]; systemPackages = with pkgs; [ ack @@ -64,8 +69,10 @@ nil nix-du + nix-tree - nixpkgs-fmt + nixd + alejandra parallel pciutils @@ -74,21 +81,19 @@ unzip usbutils wget - - comma ]; }; i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { - LANGUAGE = "en_US.UTF-8"; - LC_ALL = "en_US.UTF-8"; + LANGUAGE = "en_US.UTF-8"; + LC_ALL = "en_US.UTF-8"; }; }; networking = { - nameservers = [ "127.0.0.1" ]; + nameservers = ["127.0.0.1"]; # If using dhcpcd: dhcpcd.extraConfig = "nohook resolv.conf"; # If using NetworkManager: @@ -107,14 +112,15 @@ }; nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs-unstable}"]; channel.enable = false; settings = { auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = ["nix-command" "flakes"]; connect-timeout = 5; log-lines = 25; - max-free = (3000 * 1024 * 1024); - min-free = (512 * 1024 * 1024); + max-free = 3000 * 1024 * 1024; + min-free = 512 * 1024 * 1024; builders-use-substitutes = true; }; @@ -134,17 +140,16 @@ }; ssh.knownHosts = { - "github.com".hostNames = [ "github.com" ]; + "github.com".hostNames = ["github.com"]; "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; - "u278697.your-storagebox.de".hostNames = [ "u278697.your-storagebox.de" ]; + "u278697.your-storagebox.de".hostNames = ["u278697.your-storagebox.de"]; "u278697.your-storagebox.de".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw=="; # [u278697.your-storagebox.de]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs # [u278697.your-storagebox.de]:23 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw== # [u278697.your-storagebox.de]:23 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw== }; - }; services = { @@ -195,7 +200,7 @@ }; }; - journald = { extraConfig = "SystemMaxUse=500M"; }; + journald = {extraConfig = "SystemMaxUse=500M";}; }; # The notion of "online" is a broken concept diff --git a/configs/develop.nix b/configs/develop.nix index 4e21cb2..7e7e896 100644 --- a/configs/develop.nix +++ b/configs/develop.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ insomnia meld diff --git a/configs/docker.nix b/configs/docker.nix index ca9aed6..7fc7428 100755 --- a/configs/docker.nix +++ b/configs/docker.nix @@ -1,6 +1,9 @@ -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { virtualisation = { docker = { enable = true; diff --git a/configs/games.nix b/configs/games.nix index 8741d0b..0105b41 100755 --- a/configs/games.nix +++ b/configs/games.nix @@ -1,6 +1,11 @@ -{ config, pkgs, lib, outputs, ... }: { - users.extraGroups.gamemode.members = [ "alex" ]; + config, + pkgs, + lib, + outputs, + ... +}: { + users.extraGroups.gamemode.members = ["alex"]; programs = { gamescope = { diff --git a/configs/hardware.nix b/configs/hardware.nix index 8acbe03..c0a1f99 100644 --- a/configs/hardware.nix +++ b/configs/hardware.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + ... +}: { services = { fwupd.enable = true; }; diff --git a/configs/plasma-wayland.nix b/configs/plasma-wayland.nix index 77419dc..822c2b3 100755 --- a/configs/plasma-wayland.nix +++ b/configs/plasma-wayland.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: { programs = { dconf.enable = true; kdeconnect.enable = true; diff --git a/configs/plasma.nix b/configs/plasma.nix deleted file mode 100755 index d10c2fe..0000000 --- a/configs/plasma.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, pkgs, lib, ... }: { - programs = { - dconf.enable = true; - kdeconnect.enable = true; - }; - - environment = { - plasma6.excludePackages = with pkgs.kdePackages; [ - plasma-browser-integration - konsole - oxygen - kate - ]; - - systemPackages = with pkgs; [ - kdePackages.ksshaskpass - kdePackages.kde-gtk-config - kdePackages.breeze-gtk - kdePackages.partitionmanager - kdePackages.filelight - kdePackages.plasma-disks - kdePackages.kalk - krusader - ktimetracker - kdiff3 - kdiskmark - ]; - }; - - services = { - desktopManager.plasma6.enable = true; - displayManager = { - defaultSession = "plasmax11"; - sddm = { - enable = true; - # wayland.enable = true; - }; - }; - - xserver = { - - enable = true; - excludePackages = [ pkgs.xterm ]; - - xkb.layout = "us"; - - # Enable touchpad support. - updateDbusEnvironment = true; - }; - - libinput.enable = true; - }; - - programs = { - ssh = { - startAgent = true; - askPassword = pkgs.lib.mkForce "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass"; - }; - }; -} diff --git a/configs/printing.nix b/configs/printing.nix index 0b0cf85..da67092 100755 --- a/configs/printing.nix +++ b/configs/printing.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + ... +}: { services = { printing = { enable = true; - drivers = [ pkgs.brlaser ]; + drivers = [pkgs.brlaser]; }; }; } diff --git a/configs/user-gui.nix b/configs/user-gui.nix index 6f70a31..759ad2b 100755 --- a/configs/user-gui.nix +++ b/configs/user-gui.nix @@ -1,9 +1,14 @@ -{ config, pkgs, inputs, home-manager, ... }: { - imports = [ inputs.home-manager.nixosModules.home-manager ]; + config, + pkgs, + inputs, + home-manager, + ... +}: { + imports = [inputs.home-manager.nixosModules.home-manager]; networking = { firewall.enable = false; - networkmanager = { enable = true; }; + networkmanager = {enable = true;}; }; fonts = { @@ -11,7 +16,7 @@ fontDir.enable = true; packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Meslo" "RobotoMono"]; }) + (nerdfonts.override {fonts = ["Meslo" "RobotoMono"];}) corefonts google-fonts liberation_ttf @@ -40,7 +45,7 @@ programs = { adb.enable = true; - ssh = { startAgent = true; }; + ssh = {startAgent = true;}; # dconf.enable = true; # gnupg.agent = { # enable = true; @@ -65,7 +70,7 @@ shotcut ]; - home-manager.users.alex = { pkgs, ... }: { + home-manager.users.alex = {pkgs, ...}: { programs = { vscode = { enable = true; diff --git a/configs/user.nix b/configs/user.nix index 766e4d2..47999ba 100755 --- a/configs/user.nix +++ b/configs/user.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, inputs, ... }: -let +{ + config, + pkgs, + lib, + inputs, + ... +}: let serviceConfig = { MountAPIVFS = true; PrivateTmp = true; @@ -12,8 +17,7 @@ let ProtectSystem = "full"; RestrictSUIDSGID = true; }; -in -{ +in { imports = [ inputs.home-manager.nixosModules.home-manager { @@ -60,9 +64,9 @@ in nix-ld.enable = true; }; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = ["/share/zsh"]; - home-manager.users.alex = { pkgs, ... }: { + home-manager.users.alex = {pkgs, ...}: { home = { stateVersion = "24.11"; packages = with pkgs; [ @@ -71,7 +75,6 @@ in git-secret kubectl neofetch - nixfmt-classic pstree qrencode ranger @@ -83,9 +86,9 @@ in nix-output-monitor ]; - sessionPath = [ "$HOME/.npm-packages" "$HOME/.bin" ]; + sessionPath = ["$HOME/.npm-packages" "$HOME/.bin"]; file = { - ".npmrc" = { source = ../home/npmrc; }; + ".npmrc" = {source = ../home/npmrc;}; ".bin/git-redate" = { executable = true; source = ../home/bin/git-redate; @@ -104,14 +107,14 @@ in serverAliveInterval = 60; forwardAgent = true; - matchBlocks."szczepan.ski" = { hostname = "szczepan.ski"; }; - matchBlocks."mini" = { hostname = "mini"; }; + matchBlocks."szczepan.ski" = {hostname = "szczepan.ski";}; + matchBlocks."mini" = {hostname = "mini";}; matchBlocks."nixos-vm" = { hostname = "127.0.0.1"; port = 1337; }; - matchBlocks."thinkpad" = { hostname = "thinkpad"; }; + matchBlocks."thinkpad" = {hostname = "thinkpad";}; }; git = { @@ -119,10 +122,10 @@ in userName = "Alexander Szczepanski"; userEmail = "alexander@szczepan.ski"; extraConfig = { - core = { autocrlf = false; }; - color = { ui = "auto"; }; - push = { default = "current"; }; - pull = { rebase = true; }; + core = {autocrlf = false;}; + color = {ui = "auto";}; + push = {default = "current";}; + pull = {rebase = true;}; }; }; @@ -133,8 +136,7 @@ in syntaxHighlighting.enable = true; oh-my-zsh = { enable = true; - plugins = - [ "cp" "common-aliases" "docker" "systemd" "wd" "kubectl" "git" ]; + plugins = ["cp" "common-aliases" "docker" "systemd" "wd" "kubectl" "git"]; }; plugins = [ { @@ -149,8 +151,7 @@ in } ]; shellAliases = { - active-services = - "systemctl --no-page --no-legend --plain -t service --state=running"; + active-services = "systemctl --no-page --no-legend --plain -t service --state=running"; db = "sudo updatedb"; "-g C" = "| wc -l"; "-g G" = "| grep --ignore-case"; @@ -165,7 +166,7 @@ in }; }; - tmux = { enable = true; }; + tmux = {enable = true;}; }; }; } diff --git a/configs/virtualisation.nix b/configs/virtualisation.nix index 04245a3..6c5ced1 100755 --- a/configs/virtualisation.nix +++ b/configs/virtualisation.nix @@ -1,6 +1,5 @@ -{ pkgs, ... }: -{ - users.extraGroups.vboxusers.members = [ "alex" ]; +{pkgs, ...}: { + users.extraGroups.vboxusers.members = ["alex"]; virtualisation = { virtualbox.host = { diff --git a/flake.nix b/flake.nix index 76a72ff..5398413 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,6 @@ inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - # Home manager home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -29,107 +28,89 @@ }; impermanence.url = "github:nix-community/impermanence"; - - # nixos-cosmic = { - # url = "github:lilyinstarlight/nixos-cosmic"; - # inputs.nixpkgs.follows = "nixpkgs-unstable"; - # }; }; - outputs = - { self - , chaotic - , fw-fanctrl - , home-manager - , nixos-hardware - , nixpkgs-stable - , nixpkgs-unstable - , sops-nix - # , nixos-cosmic - , impermanence - , ... - } @ inputs: - let - inherit (self) outputs; - nixpkgs = nixpkgs-unstable; + outputs = { + self, + chaotic, + fw-fanctrl, + home-manager, + nixos-hardware, + nixpkgs-stable, + nixpkgs-unstable, + sops-nix, + impermanence, + ... + } @ inputs: let + inherit (self) outputs; + nixpkgs = nixpkgs-unstable; - # Supported systems for your flake packages, shell, etc. - systems = [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - "aarch64-darwin" - "x86_64-darwin" - ]; + # Supported systems for your flake packages, shell, etc. + systems = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + "aarch64-darwin" + "x86_64-darwin" + ]; - # This is a function that generates an attribute by calling a function you - # pass to it, with each system as an argument - forAllSystems = nixpkgs.lib.genAttrs systems; + # This is a function that generates an attribute by calling a function you + # pass to it, with each system as an argument + forAllSystems = nixpkgs.lib.genAttrs systems; + in { + overlays = import ./overlays {inherit inputs;}; - # cosmic-modules = [ - # { - # nix.settings = { - # substituters = [ "https://cosmic.cachix.org/" ]; - # trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ]; - # }; - # } - # nixos-cosmic.nixosModules.default - # ]; - in - { - overlays = import ./overlays { inherit inputs; }; + nixosConfigurations = { + desktop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + impermanence.nixosModules.impermanence + chaotic.nixosModules.default # OUR DEFAULT MODULE + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-cpu-amd-zenpower + nixos-hardware.nixosModules.common-pc-ssd + sops-nix.nixosModules.sops + ./machine/desktop/configuration.nix + ]; + }; - nixosConfigurations = { - desktop = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs outputs; }; - modules = [ - impermanence.nixosModules.impermanence - chaotic.nixosModules.default # OUR DEFAULT MODULE - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-cpu-amd-pstate - nixos-hardware.nixosModules.common-cpu-amd-zenpower - nixos-hardware.nixosModules.common-pc-ssd - sops-nix.nixosModules.sops - ./machine/desktop/configuration.nix - ]; - }; + framework = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + fw-fanctrl.nixosModules.default + ./machine/framework/configuration.nix + chaotic.nixosModules.default # OUR DEFAULT MODULE + ]; + }; - framework = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs outputs; }; - modules = [ - fw-fanctrl.nixosModules.default - ./machine/framework/configuration.nix - chaotic.nixosModules.default # OUR DEFAULT MODULE - ]; - }; + vps-arm = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + ./machine/vps-arm/configuration.nix + ]; + }; - vps-arm = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs outputs; }; - modules = [ - ./machine/vps-arm/configuration.nix - ]; - }; + mini = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + ./machine/mini/configuration.nix + ]; + }; - mini = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs outputs; }; - modules = [ - ./machine/mini/configuration.nix - ]; - }; - - nixos-virtualbox = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs outputs; }; - modules = [ - impermanence.nixosModules.impermanence - sops-nix.nixosModules.sops - ./machine/nixos-virtualbox/configuration.nix - ]; - }; + nixos-virtualbox = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs outputs;}; + modules = [ + impermanence.nixosModules.impermanence + sops-nix.nixosModules.sops + ./machine/nixos-virtualbox/configuration.nix + ]; }; }; + }; } diff --git a/machine/desktop/configuration.nix b/machine/desktop/configuration.nix index b0821f9..74f5318 100755 --- a/machine/desktop/configuration.nix +++ b/machine/desktop/configuration.nix @@ -1,8 +1,12 @@ -{ config, pkgs, inputs, outputs, ... }: -let - be = import ../../configs/borg-exclude.nix; -in { + config, + pkgs, + inputs, + outputs, + ... +}: let + be = import ../../configs/borg-exclude.nix; +in { nixpkgs = { overlays = [ (self: super: { @@ -24,7 +28,6 @@ in hash = "sha256-zQK1tuxu2ZmKxPO0amkfcT/RFBSkU2pWD0qhGyCCHXI="; }) ]; - }); }); }) @@ -52,7 +55,7 @@ in defaultSopsFile = ../../secrets.yaml; validateSopsFiles = true; age = { - sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; + sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; keyFile = "/persist/var/lib/sops-nix/key.txt"; generateKey = true; }; @@ -78,8 +81,8 @@ in "kvm" "gccarch-znver3" ]; - trusted-substituters = [ "https://ai.cachix.org" ]; - trusted-public-keys = [ "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" ]; + trusted-substituters = ["https://ai.cachix.org"]; + trusted-public-keys = ["ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="]; }; chaotic.nyx.cache.enable = false; @@ -99,14 +102,14 @@ in configurationLimit = 5; useOSProber = true; }; - efi = { canTouchEfiVariables = true; }; + efi = {canTouchEfiVariables = true;}; }; tmp.useTmpfs = false; - supportedFilesystems = [ "btrfs" ]; + supportedFilesystems = ["btrfs"]; kernelPackages = pkgs.pkgs.linuxPackages_cachyos; - kernelModules = [ "nct6775" ]; - extraModulePackages = with pkgs.pkgs.linuxPackages_cachyos; [ ryzen-smu ]; + kernelModules = ["nct6775"]; + extraModulePackages = with pkgs.pkgs.linuxPackages_cachyos; [ryzen-smu]; # kernelParams = [ "clearcpuid=514" ]; # kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ]; # kernelPatches = [{ @@ -168,9 +171,9 @@ in systemd.services = { monitor = { description = "AMDGPU Control Daemon"; - wantedBy = [ "multi-user.target" ]; - after = [ "multi-user.target" ]; - serviceConfig = { ExecStart = "${pkgs.lact}/bin/lact daemon"; }; + wantedBy = ["multi-user.target"]; + after = ["multi-user.target"]; + serviceConfig = {ExecStart = "${pkgs.lact}/bin/lact daemon";}; }; }; @@ -301,7 +304,6 @@ in "read only" = "no"; "create mask" = "0644"; "directory mask" = "0755"; - }; }; }; diff --git a/machine/desktop/hardware-configuration.nix b/machine/desktop/hardware-configuration.nix index 7215b0f..3abef23 100644 --- a/machine/desktop/hardware-configuration.nix +++ b/machine/desktop/hardware-configuration.nix @@ -1,60 +1,63 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "uas" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "uas" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; fileSystems = { "/" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = [ "subvol=root" "discard=async" "compress=zstd" "noatime" ]; + options = ["subvol=root" "discard=async" "compress=zstd" "noatime"]; }; "/home" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = [ "subvol=home" "discard=async" "compress=zstd" "noatime" ]; + options = ["subvol=home" "discard=async" "compress=zstd" "noatime"]; }; "/nix" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = [ "subvol=nix" "discard=async" "compress=zstd" "noatime" ]; + options = ["subvol=nix" "discard=async" "compress=zstd" "noatime"]; }; "/persist" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = [ "subvol=persist" "discard=async" "compress=zstd" "noatime" ]; + options = ["subvol=persist" "discard=async" "compress=zstd" "noatime"]; neededForBoot = true; }; "/var/log" = { device = "/dev/disk/by-uuid/87c6b0fb-b921-47d5-a3a1-4b4c0a4f02ad"; fsType = "btrfs"; - options = [ "subvol=log" "discard=async" "compress=zstd" "noatime" ]; + options = ["subvol=log" "discard=async" "compress=zstd" "noatime"]; neededForBoot = true; }; "/boot" = { device = "/dev/disk/by-uuid/4339-5A4C"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = ["fmask=0022" "dmask=0022"]; }; }; - swapDevices = [{ device = "/dev/disk/by-uuid/831be7b8-5b1b-4bda-a27d-5a1c4efb2c4d"; }]; + swapDevices = [{device = "/dev/disk/by-uuid/831be7b8-5b1b-4bda-a27d-5a1c4efb2c4d";}]; networking.useDHCP = lib.mkDefault true; # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/machine/framework/configuration.nix b/machine/framework/configuration.nix index 5b9af91..ff6bac2 100755 --- a/machine/framework/configuration.nix +++ b/machine/framework/configuration.nix @@ -1,8 +1,13 @@ -{ config, pkgs, lib, outputs, inputs, ... }: -let - be = import ../../configs/borg-exclude.nix; -in { + config, + pkgs, + lib, + outputs, + inputs, + ... +}: let + be = import ../../configs/borg-exclude.nix; +in { nixpkgs = { overlays = [ outputs.overlays.additions @@ -34,7 +39,7 @@ in defaultSopsFile = ../../secrets.yaml; validateSopsFiles = true; age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; @@ -57,19 +62,19 @@ in initrd.systemd.enable = true; loader = { grub = { - enable = true; - efiSupport = true; - device = "nodev"; - configurationLimit = 5; - enableCryptodisk = true; - }; - efi = { canTouchEfiVariables = true; }; + enable = true; + efiSupport = true; + device = "nodev"; + configurationLimit = 5; + enableCryptodisk = true; + }; + efi = {canTouchEfiVariables = true;}; }; - supportedFilesystems = [ "btrfs" ]; -# kernelPatches = [{ -# name = "fix problems with netfilter in 6.11.4"; -# patch = ../../kernelpatches/fix-netfilter-6.11.4.patch; -# }]; + supportedFilesystems = ["btrfs"]; + # kernelPatches = [{ + # name = "fix problems with netfilter in 6.11.4"; + # patch = ../../kernelpatches/fix-netfilter-6.11.4.patch; + # }]; tmp.useTmpfs = false; }; @@ -103,12 +108,30 @@ in fanSpeedUpdateFrequency = 5; movingAverageInterval = 30; speedCurve = [ - { temp = 0; speed = 15; } - { temp = 50; speed = 15; } - { temp = 65; speed = 25; } - { temp = 70; speed = 35; } - { temp = 75; speed = 50; } - { temp = 85; speed = 100; } + { + temp = 0; + speed = 15; + } + { + temp = 50; + speed = 15; + } + { + temp = 65; + speed = 25; + } + { + temp = 70; + speed = 35; + } + { + temp = 75; + speed = 50; + } + { + temp = 85; + speed = 100; + } ]; }; }; @@ -120,7 +143,7 @@ in enableAllFirmware = true; openrazer = { enable = true; - users = [ "alex" ]; + users = ["alex"]; }; graphics = { @@ -148,7 +171,7 @@ in btrfs.autoScrub = { enable = true; interval = "monthly"; - fileSystems = [ "/home/alex/shared/storage" ]; + fileSystems = ["/home/alex/shared/storage"]; }; pipewire = { @@ -164,10 +187,9 @@ in mode = "repokey-blake2"; passCommand = "cat ${config.sops.secrets.borg-key.path}"; }; - extraCreateArgs = - "--stats --verbose --checkpoint-interval 600 --exclude-caches"; + extraCreateArgs = "--stats --verbose --checkpoint-interval 600 --exclude-caches"; environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_ed25519"; - paths = [ "/home/alex" "/var/lib" ]; + paths = ["/home/alex" "/var/lib"]; repo = "ssh://u278697-sub9@u278697.your-storagebox.de:23/./borg"; startAt = "daily"; prune.keep = { @@ -194,7 +216,7 @@ in # systemd.services.nix-daemon.serviceConfig.LimitNOFILE = 40960; environment = { - sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver + sessionVariables = {LIBVA_DRIVER_NAME = "iHD";}; # Force intel-media-driver systemPackages = with pkgs; [ # psensor mission-center @@ -232,7 +254,7 @@ in # Resume Offset is offset of swapfile # https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file # boot.kernelParams = [ "mem_sleep_default=deep" "resume_offset=190937088" ]; - boot.kernelParams = [ "mem_sleep_default=deep" ]; + boot.kernelParams = ["mem_sleep_default=deep"]; # Suspend-then-hibernate everywhere services.logind = { diff --git a/machine/framework/hardware-configuration.nix b/machine/framework/hardware-configuration.nix index b4bc981..813b508 100644 --- a/machine/framework/hardware-configuration.nix +++ b/machine/framework/hardware-configuration.nix @@ -1,13 +1,16 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; boot.initrd.availableKernelModules = [ "xhci_pci" @@ -16,9 +19,9 @@ "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -68,7 +71,7 @@ "/boot" = { device = "/dev/disk/by-uuid/427A-97BA"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = ["fmask=0022" "dmask=0022"]; }; "/home/alex/shared/storage" = { device = "/dev/disk/by-uuid/58259976-4f63-4f60-a755-7870b08286e7"; @@ -94,9 +97,11 @@ ''; # boot.initrd.luks.devices."luks-e36ec189-2211-4bcc-bb9d-46650443d76b".device = "/dev/disk/by-uuid/e36ec189-2211-4bcc-bb9d-46650443d76b"; - swapDevices = [{ - device = "/dev/disk/by-uuid/9f90bae0-287b-480c-9aa1-de108b4b4626"; - }]; + swapDevices = [ + { + device = "/dev/disk/by-uuid/9f90bae0-287b-480c-9aa1-de108b4b4626"; + } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machine/mini/configuration.nix b/machine/mini/configuration.nix index 6fbb70b..22881a2 100755 --- a/machine/mini/configuration.nix +++ b/machine/mini/configuration.nix @@ -1,7 +1,12 @@ -{ config, pkgs, inputs, outputs, ... }: -let secrets = import ../../configs/secrets.nix; +{ + config, + pkgs, + inputs, + outputs, + ... +}: let + secrets = import ../../configs/secrets.nix; in { - nixpkgs = { overlays = [ outputs.overlays.additions @@ -33,18 +38,23 @@ in { efi.canTouchEfiVariables = true; }; - extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ]; + extraModulePackages = with pkgs.linuxPackages; [rtl88x2bu]; }; time.timeZone = "Europe/Berlin"; networking = { hostName = "mini"; useDHCP = false; - firewall = { enable = false; }; + firewall = {enable = false;}; interfaces = { enp3s0.useDHCP = true; # wlp0s20u1u1.useDHCP = true; - wlp0s20u1u2.ipv4.addresses = [{ address = "192.168.12.1"; prefixLength = 24; }]; + wlp0s20u1u2.ipv4.addresses = [ + { + address = "192.168.12.1"; + prefixLength = 24; + } + ]; }; nftables.enable = true; @@ -84,7 +94,6 @@ in { # networks.Skynet.psk = secrets.wifipassword; # interfaces = [ "wlp0s20u1u1" ]; # }; - }; environment.systemPackages = with pkgs; [ @@ -111,10 +120,9 @@ in { networks.wlp0s20u1u2 = { ssid = "Skynet-Tor"; authentication.saePasswords = [ - { password = "REMOVED_OLD_PASSWORD_FROM_HISTORY"; } + {password = "REMOVED_OLD_PASSWORD_FROM_HISTORY";} ]; }; - }; }; }; @@ -196,11 +204,9 @@ in { mode = "repokey-blake2"; passphrase = secrets.borg-key; }; - extraCreateArgs = - "--list --stats --verbose --checkpoint-interval 600 --exclude-caches"; - environment.BORG_RSH = - "ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519"; - paths = [ "/home/alex" "/var/lib" ]; + extraCreateArgs = "--list --stats --verbose --checkpoint-interval 600 --exclude-caches"; + environment.BORG_RSH = "ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519"; + paths = ["/home/alex" "/var/lib"]; repo = secrets.borg-repo; startAt = "daily"; prune.keep = { @@ -209,7 +215,7 @@ in { monthly = 6; }; extraPruneArgs = "--save-space --list --stats"; - exclude = [ "/home/alex/.cache" ]; + exclude = ["/home/alex/.cache"]; }; }; diff --git a/machine/mini/hardware-configuration.nix b/machine/mini/hardware-configuration.nix index a4d9fe2..1800c48 100644 --- a/machine/mini/hardware-configuration.nix +++ b/machine/mini/hardware-configuration.nix @@ -1,34 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/8be3b4e5-7219-4427-bba4-340f1dc4b868"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8be3b4e5-7219-4427-bba4-340f1dc4b868"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/7C10-C8BD"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7C10-C8BD"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/edb5324f-3cd2-4b8c-bb05-cca045adeaf6"; }]; + swapDevices = [{device = "/dev/disk/by-uuid/edb5324f-3cd2-4b8c-bb05-cca045adeaf6";}]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - } diff --git a/machine/nixos-libvirt/configuration.nix b/machine/nixos-libvirt/configuration.nix deleted file mode 100755 index 5cc88aa..0000000 --- a/machine/nixos-libvirt/configuration.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, pkgs, lib, outputs, ... }: -{ - nixpkgs = { - overlays = [ - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - ]; - config = { - allowUnfree = true; - }; - }; - - imports = [ - ./hardware-configuration.nix - ../../configs/common.nix - ../../configs/user.nix - ../../configs/docker.nix - ../../configs/pantheon.nix - ../../configs/user-gui.nix - ]; - - networking.hostName = "nixos-libvirt"; # Define your hostname. - time.timeZone = "Europe/Berlin"; - - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; - boot.loader.grub.useOSProber = true; - -# boot.loader.systemd-boot.enable = true; -# boot.loader.efi.canTouchEfiVariables = true; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp0s1.useDHCP = true; - - programs.nix-ld.enable = true; - - services = { - k3s = { - enable = true; - role = "server"; - }; - }; - - environment.pantheon.excludePackages = (with pkgs.pantheon; [ - elementary-calculator - # elementary-calendar - elementary-camera - elementary-code - elementary-music - # elementary-photos - # elementary-screenshot - # elementary-tasks - elementary-videos - epiphany - ]); - - system.stateVersion = "24.05"; -} diff --git a/machine/nixos-libvirt/hardware-configuration.nix b/machine/nixos-libvirt/hardware-configuration.nix deleted file mode 100644 index 73283d5..0000000 --- a/machine/nixos-libvirt/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/bc7b8b67-966c-44f5-824b-bea72de13d92"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/machine/nixos-virtualbox/configuration.nix b/machine/nixos-virtualbox/configuration.nix index 4b66c34..a9f5718 100755 --- a/machine/nixos-virtualbox/configuration.nix +++ b/machine/nixos-virtualbox/configuration.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, outputs, ... }: { + config, + pkgs, + lib, + outputs, + ... +}: { nixpkgs = { config = { allowUnfree = true; @@ -17,7 +22,7 @@ defaultSopsFile = ../../secrets.yaml; validateSopsFiles = true; age = { - sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; + sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; @@ -40,18 +45,18 @@ device = "nodev"; }; }; - supportedFilesystems = [ "btrfs" ]; + supportedFilesystems = ["btrfs"]; initrd = { enable = true; - supportedFilesystems = [ "btrfs" ]; + supportedFilesystems = ["btrfs"]; postResumeCommands = lib.mkAfter '' mkdir -p /mnt # We first mount the btrfs root to /mnt # so we can manipulate btrfs subvolumes. mount -o subvol=/ /dev/vda3 /mnt - + # While we're tempted to just delete /root and create # a new snapshot from /root-blank, /root is already # populated at this point with a number of subvolumes, @@ -78,7 +83,7 @@ echo "restoring blank /root subvolume..." btrfs subvolume snapshot /mnt/root-blank /mnt/root - + # Once we're done rolling back to a blank snapshot, # we can unmount /mnt and continue on the boot process. umount /mnt diff --git a/machine/nixos-virtualbox/hardware-configuration.nix b/machine/nixos-virtualbox/hardware-configuration.nix index ed8c0dc..7a8a4e8 100644 --- a/machine/nixos-virtualbox/hardware-configuration.nix +++ b/machine/nixos-virtualbox/hardware-configuration.nix @@ -1,61 +1,59 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = [ ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = []; - boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" "noatime" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=root" "compress=zstd" "noatime"]; + }; - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" "noatime" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=home" "compress=zstd" "noatime"]; + }; - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "noatime" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=zstd" "noatime"]; + }; - fileSystems."/persist" = - { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = [ "subvol=persist" "compress=zstd" "noatime" ]; - neededForBoot = true; - }; + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=persist" "compress=zstd" "noatime"]; + neededForBoot = true; + }; - fileSystems."/var/log" = - { - device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; - fsType = "btrfs"; - options = [ "subvol=log" "compress=zstd" "noatime" ]; - neededForBoot = true; - }; + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964"; + fsType = "btrfs"; + options = ["subvol=log" "compress=zstd" "noatime"]; + neededForBoot = true; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/6F47-35E9"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6F47-35E9"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machine/nixos-vm.nix b/machine/nixos-vm.nix deleted file mode 100755 index 73e33a6..0000000 --- a/machine/nixos-vm.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, pkgs, lib, ... }: - -let unstable = import { config.allowUnfree = true; }; -in { - imports = [ - /etc/nixos/hardware-configuration.nix - ../configs/common.nix - ../configs/user.nix - ../configs/docker.nix - ../configs/pantheon.nix - ../configs/user-gui.nix - ]; - - networking.hostName = "nixos-vm"; # Define your hostname. - time.timeZone = "Europe/Berlin"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp0s1.useDHCP = true; - - hardware.parallels.enable = true; - programs.nix-ld.enable = true; - - - services = { - k3s = { - enable = true; - role = "server"; - }; - }; - - environment.pantheon.excludePackages = (with pkgs.pantheon; [ - elementary-calculator - # elementary-calendar - elementary-camera - elementary-code - elementary-music - # elementary-photos - # elementary-screenshot - # elementary-tasks - elementary-videos - epiphany - ]); - - - system.stateVersion = "23.05"; -} diff --git a/machine/vps-arm/configuration.nix b/machine/vps-arm/configuration.nix index a9e1958..0a9a1c3 100755 --- a/machine/vps-arm/configuration.nix +++ b/machine/vps-arm/configuration.nix @@ -1,9 +1,14 @@ -{ config, lib, pkgs, outputs, inputs, ... }: -let +{ + config, + lib, + pkgs, + outputs, + inputs, + ... +}: let secrets = import ../../configs/secrets.nix; be = import ../../configs/borg-exclude.nix; -in -{ +in { nixpkgs = { overlays = [ outputs.overlays.additions @@ -36,7 +41,7 @@ in defaultSopsFile = ../../secrets-vps-arm.yaml; validateSopsFiles = true; age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; @@ -91,10 +96,12 @@ in }; interfaces.enp7s0 = { useDHCP = true; - ipv6.addresses = [{ - address = "2a0a:4cc0:1:124c::1"; - prefixLength = 64; - }]; + ipv6.addresses = [ + { + address = "2a0a:4cc0:1:124c::1"; + prefixLength = 64; + } + ]; }; firewall = { allowPing = true; @@ -178,7 +185,6 @@ in }; }; }; - }; }; @@ -210,10 +216,9 @@ in mode = "repokey-blake2"; passCommand = "cat ${config.sops.secrets.borg-key.path}"; }; - extraCreateArgs = - "--stats --verbose --checkpoint-interval 600 --exclude-caches"; + extraCreateArgs = "--stats --verbose --checkpoint-interval 600 --exclude-caches"; environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_rsa"; - paths = [ "/home/alex" "/var/lib" ]; + paths = ["/home/alex" "/var/lib"]; repo = "ssh://u278697-sub3@u278697.your-storagebox.de:23/./borg-arm"; startAt = "daily"; prune.keep = { diff --git a/machine/vps-arm/hardware-configuration.nix b/machine/vps-arm/hardware-configuration.nix index 2c37635..32989fe 100644 --- a/machine/vps-arm/hardware-configuration.nix +++ b/machine/vps-arm/hardware-configuration.nix @@ -1,30 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "virtio_scsi" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/332b05c2-56cc-4b0b-b906-54b6b87542cd"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/332b05c2-56cc-4b0b-b906-54b6b87542cd"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3D20-21CC"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/3D20-21CC"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machine/vps.nix b/machine/vps.nix deleted file mode 100755 index 2fcb3d8..0000000 --- a/machine/vps.nix +++ /dev/null @@ -1,621 +0,0 @@ -{ config, lib, pkgs, ... }: -let - secrets = import ../configs/secrets.nix; - be = import ../configs/borg-exclude.nix; - unstable = import { config.allowUnfree = true; }; -in -{ - imports = - [ - /etc/nixos/hardware-configuration.nix - ../configs/common-server.nix - ]; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; # or "nodev" for efi only - }; - - time.timeZone = "Europe/Berlin"; - - networking = { - hostName = "vps"; # Define your hostname. - useDHCP = false; - # defaultGateway = { - # "address" = "gw.contabo.net"; - # "interface" = "ens18"; - # }; - defaultGateway6 = { - address = "fe80::1"; - interface = "ens18"; - }; - interfaces.ens18 = { - useDHCP = true; - # ipv4.addresses = [ { - # address = "207.180.220.97"; - # prefixLength = 24; - # } ]; - ipv6.addresses = [{ - address = "2a02:c207:3008:1547::1"; - prefixLength = 64; - }]; - }; - wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.1/24" ]; - listenPort = 51820; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - privateKey = secrets.wireguard-vps-private; - peers = [ - { - publicKey = secrets.wireguard-desktop-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.2/32" ]; - } - { - publicKey = secrets.wireguard-mini-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.3/32" "192.168.178.0/24" ]; - } - { - publicKey = secrets.wireguard-mbp-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.4/32" ]; - } - { - publicKey = secrets.wireguard-phone1-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.5/32" ]; - } - { - publicKey = secrets.wireguard-raspberrypi-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.6/32" ]; - } - { - publicKey = secrets.wireguard-framework-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.7/32" ]; - } - { - publicKey = secrets.wireguard-thinkpad-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.8/32" ]; - } - { - publicKey = secrets.wireguard-a53-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.9/32" ]; - } - { - publicKey = secrets.wireguard-vps2-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.50/32" ]; - } - { - publicKey = secrets.wireguard-vps3-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.100/32" ]; - } - ]; - }; - }; - nat = { - enable = true; - externalInterface = "ens18"; - internalInterfaces = [ "wg0" ]; - }; - firewall = { - allowPing = true; - allowedTCPPorts = [ - 80 # web - 222 # SSH for gitea - 443 # web - 9898 # i2p - 9899 - 18080 - 21114 #Rustdesk - 21115 #Rustdesk - 21116 #Rustdesk - 21117 #Rustdesk - 21118 #Rustdesk - 21119 #Rustdesk - 22000 # syncthing - ]; - allowedUDPPorts = [ - 80 # web - 443 # web - 3478 # headscale - 9898 # i2p - 21116 # Rustdesk - 51820 # wireguard - ]; - interfaces.wg0 = { - allowedTCPPorts = [ - 19999 # netdata - 2049 - 4444 # i2p http proxy - 61208 # foo - 7070 # i2p control - 7654 # i2p torrent - ]; - }; - # extraCommands = '' - # iptables -A nixos-fw -p tcp --source 10.100.0.0/24 --dport 19999:19999 -j nixos-fw-accept - # ''; - }; - }; - - environment.systemPackages = with pkgs; [ - goaccess - xd - nyx - mkp224o - progress - headscale - ]; - - programs = { - mtr.enable = true; - fuse.userAllowOther = true; - nix-ld.enable = true; - }; - - security.acme = { - defaults.email = "webmaster@szczepan.ski"; - acceptTerms = true; - }; - - services = { - nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - clientMaxBodySize = "0"; - - commonHttpConfig = '' - log_format main '$host $remote_addr - $remote_user [$time_local] $upstream_cache_status "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio" ' - '$request_time $upstream_response_time $pipe'; - access_log /var/log/nginx/access.log main; - ''; - - virtualHosts = { - "szczepan.ski" = { - forceSSL = true; - enableACME = true; - globalRedirect = "alexander.szczepan.ski"; - }; - "ipv6.szczepan.ski" = { - forceSSL = true; - enableACME = true; - globalRedirect = "alexander.szczepan.ski"; - }; - "alexander.szczepan.ski" = { - forceSSL = true; - enableACME = true; - root = "/var/www/alexander.szczepan.ski"; - }; - "nextcloud.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8080/"; - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - ''; - }; - "/.well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/.well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - }; - }; - # "nextcloud.ipv6.szczepan.ski" = { - # forceSSL = true; - # enableACME = true; - # globalRedirect = "nextcloud.szczepan.ski"; - # }; - "firefly.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8081/"; }; }; - }; - "etesync.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8082/"; }; }; - }; - "etesync-web.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8086/"; }; }; - }; - "etesync-notes.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8087/"; }; }; - }; - "portainer.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8083/"; }; }; - }; - "jellyfin.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8085/"; }; }; - }; - "webdav.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8090/"; }; }; - }; - "pihole.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8091/"; }; }; - }; - "git.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:8084/"; }; }; - }; - "torrents.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:9091/"; }; }; - }; - "headscale.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8088/"; - proxyWebsockets = true; - }; - }; - }; - "syncthing.szczepan.ski" = { - forceSSL = true; - enableACME = true; - basicAuth = { alex = secrets.nginx-syncthing-password; }; - locations = { - "/" = { - extraConfig = '' - proxy_set_header Host localhost; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_pass http://localhost:8384/; - - proxy_read_timeout 600s; - proxy_send_timeout 600s; - ''; - }; - }; - }; - "homeassistant.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://10.100.0.3:8123/"; - proxyWebsockets = true; - }; - }; - }; - "goaccess.szczepan.ski" = { - forceSSL = true; - enableACME = true; - basicAuth = { alex = secrets.nginx-syncthing-password; }; - locations = { - "/" = { root = "/var/www/goaccess"; }; - "/ws" = { - proxyPass = "http://127.0.0.1:7890/"; - proxyWebsockets = true; - }; - }; - }; - "vaultwarden.szczepan.ski" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8092/"; - proxyWebsockets = true; - }; - "/notifications/hub" = { - proxyPass = "http://127.0.0.1:3012"; - proxyWebsockets = true; - }; - "/notifications/hub/negotiate" = { - proxyPass = "http://127.0.0.1:8092/"; - proxyWebsockets = true; - }; - }; - }; - }; - }; - - headscale = { - enable = true; - address = "127.0.0.1"; - port = 8088; - # dns = { baseDomain = "example.com"; }; - settings = { - logtail.enabled = false; - server_url = "https://headscale.szczepan.ski"; - ip_prefixes = [ - "100.64.0.0/10" - ]; - dns_config = { - base_domain = "szczepan.ski"; - magic_dns = true; - domains = [ "headscale.szczepan.ski" ]; - nameservers = [ - "1.1.1.1" - "9.9.9.9" - ]; - }; - }; - }; - - tailscale.enable = true; - - webdav = { - enable = true; - user = "alex"; - group = "users"; - settings = { - address = "127.0.0.1"; - port = 8090; - scope = "/home/alex/docker/"; - modify = true; - auth = true; - users = [{ - username = "alex"; - password = secrets.webdav-password; - }]; - }; - }; - - nfs.server = { - enable = false; - exports = '' - /export 10.100.0.0/24(rw,fsid=0,no_subtree_check) - /export/docker 10.100.0.0/24(rw,nohide,insecure,no_subtree_check) - ''; - }; - - vaultwarden = { - enable = true; - config = { - domain = "https://vaultwarden.szczepan.ski"; - signupsAllowed = false; - rocketPort = 8092; - rocketAddress = "127.0.0.1"; - # adminToken = - # "jCehRECvxqWmXKMZx3dgtVEdJuqUxXoODEagItTPptBizG9SGQLCpTqjZoBM4ZDa"; - websocketEnabled = true; - websocketAddress = "127.0.0.1"; - websocketPort = 3012; - }; - }; - - i2pd = { - enable = false; - ifname = "ens18"; - address = "207.180.220.97"; - # TCP & UDP - port = 9898; - ntcp2.port = 9899; - # websocket = { - # enable = true; - # address = "10.100.0.1"; - # }; - proto = { - http = { - enable = true; - address = "10.100.0.1"; - }; - - httpProxy = { - enable = true; - address = "10.100.0.1"; - }; - - socksProxy = { - enable = true; - address = "10.100.0.1"; - }; - - i2cp = { - enable = true; - address = "10.100.0.1"; - }; - - sam = { enable = true; }; - }; - - inTunnels = { - foo = { - enable = true; - # keys = "foo-keys.dat"; - inPort = 80; - address = "127.0.0.1"; - destination = "127.0.0.1"; - port = 8008; - }; - foo2 = { - enable = true; - # keys = "foo-keys.dat"; - inPort = 80; - address = "127.0.0.1"; - destination = "127.0.0.1"; - port = 8009; - }; - }; - - logLevel = "error"; - enableIPv4 = true; - enableIPv6 = true; - }; - - icecast = { - enable = false; - hostname = "254ryojirydttsaealusydhwyjfe2rpschdaduok4czhg45of6ua.b32.i2p"; - listen = { - port = 13337; - address = "127.0.0.1"; - }; - admin = { - user = "alex"; - password = "AaOnwDoZnspv8MszCpZZ1KuR9xXJWIE5"; - }; - }; - - davfs2 = { - enable = true; - }; - - tor = { - enable = true; - # relay = { - # enable = true; - # role = "private-bridge"; - # }; - # settings = { - # ORPort = 9001; - # ControlPort = 9051; - # }; - openFirewall = true; - enableGeoIP = false; - relay.onionServices = { - foo = { - version = 3; - map = [{ - port = 80; - target = { - addr = "127.0.0.1"; - port = 8008; - }; - }]; - }; - foo2 = { - version = 3; - map = [{ - port = 80; - target = { - addr = "127.0.0.1"; - port = 8009; - }; - }]; - }; - }; - settings = { - ClientUseIPv4 = true; - ClientUseIPv6 = false; - ClientPreferIPv6ORPort = false; - }; - }; - - fail2ban = { - enable = true; - bantime = "7d"; - - jails = { - sshd = { - settings = { - filter = "sshd"; - maxretry = 4; - action = ''iptables[name=ssh, port=ssh, protocol=tcp]''; - enabled = true; - }; - }; - }; - }; - - netdata.enable = true; - - syncthing = { - user = "alex"; - group = "users"; - enable = true; - dataDir = "/home/alex/syncthing"; - configDir = "/home/alex/.config/syncthing"; - }; - - borgbackup.jobs.home = rec { - compression = "auto,zstd"; - encryption = { - mode = "repokey-blake2"; - passphrase = secrets.borg-key; - }; - extraCreateArgs = - "--stats --verbose --checkpoint-interval 600 --exclude-caches"; - environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_rsa"; - paths = [ "/home/alex" "/var/lib" ]; - repo = secrets.borg-repo; - startAt = "daily"; - prune.keep = { - daily = 4; - weekly = 2; - monthly = 2; - }; - extraPruneArgs = "--save-space --stats"; - exclude = [ - "/home/alex/storage" - "/home/alex/storagebox" - "/home/alex/docker/jellyfin/data" - "/home/alex/.cache" - "/var/lib/monero" - ]; - }; - - autofs = { - enable = true; - autoMaster = - let - mapConf = pkgs.writeText "auto" '' - nextcloud -fstype=davfs,conf=/path/to/davfs/conf,uid=myuid :https\:nextcloud.domain/remote.php/webdav/ - ''; - in - '' - /home/directory/mounts file:${mapConf} - ''; - }; - - }; - - systemd.services = { - # Limit stack size to reduce memory usage - fail2ban.serviceConfig.LimitSTACK = 256 * 1024; - - goaccess = { - description = "GoAccess real-time web log analysis"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - script = "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess - -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\""; - # serviceConfig = { - # ExecStart = "${pkgs.bash}/bin/bash -c "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\"'"; - # # ExecStop = "/bin/kill -9 ${MAINPID}"; - # }; - }; - }; - - system.stateVersion = "24.05"; -} diff --git a/overlays/default.nix b/overlays/default.nix index 685474b..39923b7 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,5 @@ # This file defines overlays -{ inputs, ... }: { +{inputs, ...}: { # This one brings our custom packages from the 'pkgs' directory additions = final: _prev: import ../pkgs final.pkgs; diff --git a/pkgs/psensor/default.nix b/pkgs/psensor/default.nix index 819d03e..e0c2ef2 100644 --- a/pkgs/psensor/default.nix +++ b/pkgs/psensor/default.nix @@ -1,18 +1,18 @@ -{ stdenv -, lib -, fetchurl -, pkg-config -, lm_sensors -, libgtop -, libatasmart -, gtk3 -, libnotify -, udisks2 -# , libXNVCtrl -, wrapGAppsHook3 -, libappindicator +{ + stdenv, + lib, + fetchurl, + pkg-config, + lm_sensors, + libgtop, + libatasmart, + gtk3, + libnotify, + udisks2, + # , libXNVCtrl + wrapGAppsHook3, + libappindicator, }: - stdenv.mkDerivation rec { pname = "psensor"; @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { sha256 = "1ark901va79gfq5p8h8dqypjgm3f8crmj37520q3slwz2rfphkq8"; }; - nativeBuildInputs = [ pkg-config wrapGAppsHook3 ]; + nativeBuildInputs = [pkg-config wrapGAppsHook3]; buildInputs = [ lm_sensors @@ -45,7 +45,7 @@ stdenv.mkDerivation rec { homepage = "https://wpitchoune.net/psensor/"; license = licenses.mit; platforms = platforms.linux; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; []; mainProgram = "psensor"; }; } diff --git a/services/adguardhome.nix b/services/adguardhome.nix index 90d196f..897b8ab 100644 --- a/services/adguardhome.nix +++ b/services/adguardhome.nix @@ -1,15 +1,17 @@ -{ config, pkgs, lib, ... }: -let - dns-domain = "dns.szczepan.ski"; -in { - security.acme.certs.${dns-domain}.postRun = - '' - cp fullchain.pem /var/lib/AdGuardHome/chain.pem \ - && cp key.pem /var/lib/AdGuardHome/key.pem \ - && chown adguardhome:adguardhome /var/lib/AdGuardHome/chain.pem \ - && chown adguardhome:adguardhome /var/lib/AdGuardHome/key.pem - ''; + config, + pkgs, + lib, + ... +}: let + dns-domain = "dns.szczepan.ski"; +in { + security.acme.certs.${dns-domain}.postRun = '' + cp fullchain.pem /var/lib/AdGuardHome/chain.pem \ + && cp key.pem /var/lib/AdGuardHome/key.pem \ + && chown adguardhome:adguardhome /var/lib/AdGuardHome/chain.pem \ + && chown adguardhome:adguardhome /var/lib/AdGuardHome/key.pem + ''; services = { nginx = { @@ -18,7 +20,7 @@ in forceSSL = true; enableACME = true; locations = { - "/" = { proxyPass = "https://127.0.0.1:3003/"; }; + "/" = {proxyPass = "https://127.0.0.1:3003/";}; }; }; }; @@ -30,10 +32,12 @@ in host = "127.0.0.1"; port = 3002; settings = { - users = [{ - name = "alex"; - password = "$2y$10$UhKvi4oztTfULWlIKnQhveORKXpIKCqpawJ/skSBAH96Njn4YDhTC"; - }]; + users = [ + { + name = "alex"; + password = "$2y$10$UhKvi4oztTfULWlIKnQhveORKXpIKCqpawJ/skSBAH96Njn4YDhTC"; + } + ]; dns = { bind_hots = [ "0.0.0.0" @@ -76,10 +80,14 @@ in # The following notation uses map # to not have to manually create {enabled = true; url = "";} for every filter # This is,qq however, fully optional - filters = map (url: { enabled = true; url = url; }) [ - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist - ]; + filters = + map (url: { + enabled = true; + url = url; + }) [ + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist + ]; }; }; }; diff --git a/services/frigate.nix b/services/frigate.nix index 95235b8..3d76aa6 100644 --- a/services/frigate.nix +++ b/services/frigate.nix @@ -1,8 +1,11 @@ -{ config, lib, pkgs, ... }: -let - secrets = import ../configs/secrets.nix; -in { + config, + lib, + pkgs, + ... +}: let + secrets = import ../configs/secrets.nix; +in { services = { nginx = { virtualHosts = { @@ -58,12 +61,14 @@ in # }; garage = { - ffmpeg.inputs = [{ - path = "rtsp://admin:REMOVED@192.168.178.42:554/H.264"; - # input_args = "preset-rtsp-restream"; - # roles = [ "record" "detect" ]; - roles = [ "record" ]; - }]; + ffmpeg.inputs = [ + { + path = "rtsp://admin:REMOVED@192.168.178.42:554/H.264"; + # input_args = "preset-rtsp-restream"; + # roles = [ "record" "detect" ]; + roles = ["record"]; + } + ]; record = { enabled = true; @@ -78,7 +83,6 @@ in }; }; }; - }; }; }; diff --git a/services/gitea.nix b/services/gitea.nix index 4da7317..0d84397 100644 --- a/services/gitea.nix +++ b/services/gitea.nix @@ -1,12 +1,16 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { services = { nginx = { virtualHosts = { ${config.services.gitea.settings.server.DOMAIN} = { forceSSL = true; enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:3001/"; }; }; + locations = {"/" = {proxyPass = "http://127.0.0.1:3001/";};}; }; }; }; diff --git a/services/goaccess.nix b/services/goaccess.nix index f2678ab..32a7c80 100644 --- a/services/goaccess.nix +++ b/services/goaccess.nix @@ -1,8 +1,11 @@ -{ config, lib, pkgs, ... }: -let - secrets = import ../configs/secrets.nix; -in { + config, + lib, + pkgs, + ... +}: let + secrets = import ../configs/secrets.nix; +in { services = { nginx = { virtualHosts = { @@ -11,7 +14,7 @@ in enableACME = true; basicAuthFile = config.sops.secrets.goaccess-htpasswd.path; locations = { - "/" = { root = "/var/www/goaccess"; }; + "/" = {root = "/var/www/goaccess";}; "/ws" = { proxyPass = "http://127.0.0.1:7890/"; proxyWebsockets = true; @@ -25,7 +28,7 @@ in systemd = { tmpfiles.settings = { "goaccess" = { - "/var/www/goaccess" = { d.mode = "0755"; }; + "/var/www/goaccess" = {d.mode = "0755";}; }; }; @@ -35,8 +38,8 @@ in goaccess = { description = "GoAccess real-time web log analysis"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; script = "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess - -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\""; # serviceConfig = { # StateDirectory = "/var/www/goaccess"; diff --git a/services/headscale.nix b/services/headscale.nix index 9979302..2a76937 100644 --- a/services/headscale.nix +++ b/services/headscale.nix @@ -1,6 +1,10 @@ -{ config, lib, pkgs, ... }: { - environment.systemPackages = with pkgs; [ headscale ]; + config, + lib, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [headscale]; services = { nginx = { @@ -39,7 +43,7 @@ override_local_dns = true; base_domain = "szczepan.ski"; magic_dns = true; - domains = [ "main.szczepan.ski" ]; + domains = ["main.szczepan.ski"]; nameservers = [ "100.64.0.2" "127.0.0.1" @@ -47,6 +51,5 @@ }; }; }; - }; } diff --git a/services/nextcloud.nix b/services/nextcloud.nix index ab21d7f..6165081 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { services = { nginx = { virtualHosts = { @@ -66,7 +70,8 @@ phonetrack previewgenerator tasks - unroundedcorners; + unroundedcorners + ; # user_migration = pkgs.fetchNextcloudApp { # sha256 = "sha256-OwALAM/WPJ4gXHQado0njfJL+ciDsvfbPjqGWk23Pm8="; # url = "https://github.com/nextcloud-releases/user_migration/releases/download/v6.0.0/user_migration-v6.0.0.tar.gz"; @@ -98,6 +103,6 @@ }; systemd.services.nextcloud-cron = { - path = [ pkgs.perl ]; + path = [pkgs.perl]; }; } diff --git a/services/rustdesk-server.nix b/services/rustdesk-server.nix index f69f0d5..c38e154 100644 --- a/services/rustdesk-server.nix +++ b/services/rustdesk-server.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { services = { rustdesk-server = { enable = true; diff --git a/services/uptime-kuma.nix b/services/uptime-kuma.nix index 6678cb7..93d3c8a 100644 --- a/services/uptime-kuma.nix +++ b/services/uptime-kuma.nix @@ -1,5 +1,9 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { services = { uptime-kuma = { enable = true; @@ -14,7 +18,7 @@ "uptime.szczepan.ski" = { forceSSL = true; enableACME = true; - locations = { "/" = { proxyPass = "http://127.0.0.1:4000/"; }; }; + locations = {"/" = {proxyPass = "http://127.0.0.1:4000/";};}; }; }; };