BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MacBook.local-2024-11-28-10-56-04

Browse Source
This commit is contained in:
Alexander Szczepanski
2024-11-28 10:56:04 +01:00
parent 8761abf51c
commit f26936704f
18 changed files with 85 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
machine/desktop/configuration.nix
View File

@ -22,7 +22,7 @@ in {
];
sops = {
defaultSopsFile = ../../secrets.yaml;
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = true;
age = {
sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
@ -32,7 +32,7 @@ in {
secrets = {
borg-key = {
sopsFile = ../../secrets-desktop.yaml;
sopsFile = ../../secrets/secrets-desktop.yaml;
owner = config.users.users.alex.name;
group = config.users.users.alex.group;
};
@ -158,7 +158,7 @@ in {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ rocmPackages.clr.icd ];
extraPackages = with pkgs; [rocmPackages.clr.icd];
};
# cpu.x86.msr = {

4
machine/framework/configuration.nix
View File

@ -21,7 +21,7 @@ in {
];
sops = {
defaultSopsFile = ../../secrets.yaml;
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = true;
age = {
sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
@ -31,7 +31,7 @@ in {
secrets = {
borg-key = {
sopsFile = ../../secrets-framework.yaml;
sopsFile = ../../secrets/secrets-framework.yaml;
owner = config.users.users.alex.name;
group = config.users.users.alex.group;
};

176
machine/homeserver.nix
View File

@ -1,176 +0,0 @@
{
config,
pkgs,
...
}: let
secrets = import ../configs/secrets.nix;
in {
imports = [
<nixos-hardware/common/cpu/intel>
/etc/nixos/hardware-configuration.nix
../configs/common.nix
../configs/docker.nix
../configs/virtualisation.nix
../configs/user.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
networking = {
hostName = "homeserver"; # Define your hostname.
useDHCP = false;
firewall.enable = false;
nat = {
enable = true;
internalInterfaces = ["br0"];
externalInterface = "enp3s0";
};
wireless = {
enable = true;
networks.Skynet_5G.psk = secrets.wifipassword;
interfaces = ["wlp1s0"];
};
interfaces.enp3s0.useDHCP = true;
interfaces.wlp1s0.useDHCP = true;
};
environment.systemPackages = with pkgs; [
snapraid
mergerfs
samba
openssl
smartmontools
];
systemd = {
mounts = [
{
requires = ["mnt-disk1.mount" "mnt-disk2.mount" "mnt-disk3.mount"];
after = ["mnt-disk1.mount" "mnt-disk2.mount" "mnt-disk3.mount"];
what = "/mnt/disk1:/mnt/disk2:/mnt/disk3";
where = "/mnt/storage";
type = "fuse.mergerfs";
options = "defaults,allow_other,use_ino,fsname=mergerfs,minfreespace=50G,func.getattr=newest,noforget";
wantedBy = ["multi-user.target"];
}
];
services.snapraid-sync = {
description = "Snapraid Sync and Diff";
serviceConfig = {
Type = "oneshot";
User = "alex";
};
path = [
pkgs.bash
pkgs.snapraid
pkgs.curl
pkgs.smartmontools
pkgs.hdparm
pkgs.exfatprogs
pkgs.exfat
];
script = ''
/home/alex/snapraid-sync
'';
};
timers.snapraid-sync = {
wantedBy = ["timers.target"];
timerConfig = {OnCalendar = "Mon-Sun, 23:00";};
};
};
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "powersave";
powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 241 /dev/disk/by-uuid/0301db98-264f-4b18-9423-15691063f73d
${pkgs.hdparm}/sbin/hdparm -S 241 /dev/disk/by-uuid/3c4b5d00-43c0-48be-81b8-c2b3977e015b
${pkgs.hdparm}/sbin/hdparm -S 241 /dev/disk/by-uuid/3e1731d7-f17e-4f6d-9197-84e0492bf4ee
${pkgs.hdparm}/sbin/hdparm -S 241 /dev/disk/by-uuid/6cce037c-d2d4-4940-bb69-6d2b84fd41aa
${pkgs.hdparm}/sbin/hdparm -y /dev/disk/by-uuid/0301db98-264f-4b18-9423-15691063f73d
${pkgs.hdparm}/sbin/hdparm -y /dev/disk/by-uuid/3c4b5d00-43c0-48be-81b8-c2b3977e015b
${pkgs.hdparm}/sbin/hdparm -y /dev/disk/by-uuid/3e1731d7-f17e-4f6d-9197-84e0492bf4ee
${pkgs.hdparm}/sbin/hdparm -y /dev/disk/by-uuid/6cce037c-d2d4-4940-bb69-6d2b84fd41aa
'';
};
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
# hardware.opengl = {
# enable = true;
# # extraPackages = with pkgs; [
# # #intel-media-driver # LIBVA_DRIVER_NAME=iHD
# # vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# # vaapiVdpau
# # libvdpau-va-gl
# # ];
# };
services = {
jellyfin = {
enable = true;
user = "alex";
group = "users";
};
samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = server
netbios name = server
security = user
guest account = nobody
map to guest = bad user
logging = systemd
max log size = 50
'';
shares = {
storage = {
path = "/mnt/storage";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
};
};
};
};
security.sudo.extraRules = [
{
users = ["alex"];
commands = [
{
command = "${pkgs.hdparm}/bin/hdparm";
options = ["SETENV" "NOPASSWD"];
}
];
}
{
users = ["alex"];
commands = [
{
command = "${pkgs.snapraid}/bin/snapraid";
options = ["SETENV" "NOPASSWD"];
}
];
}
];
system.stateVersion = "23.11";
}

30
machine/macbook/configuration.nix Normal file
View File

@ -0,0 +1,30 @@
{
config,
pkgs,
lib,
outputs,
inputs,
...
}: {
nixpkgs.hostPlatform = "aarch64-darwin";
system.defaults = {
dock.autohide = true;
dock.mru-spaces = false;
# finder.AppleShowAllExtensions = true;
# finder.FXPreferredViewStyle = "clmv";
screencapture.location = "~/Pictures/screenshots";
screensaver.askForPasswordDelay = 10;
};
services.nix-daemon.enable = true;
nix.settings.experimental-features = "nix-command flakes";
nix = {
configureBuildUsers = true;
useDaemon = true;
};
homebrew.enable = true;
system.stateVersion = 5;
}

4
machine/mini/configuration.nix
View File

@ -13,7 +13,7 @@
];
sops = {
defaultSopsFile = ../../secrets.yaml;
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = true;
age = {
sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
@ -23,7 +23,7 @@
secrets = {
borg-key = {
sopsFile = ../../secrets-mini.yaml;
sopsFile = ../../secrets/secrets-mini.yaml;
owner = config.users.users.alex.name;
group = config.users.users.alex.group;
};

2
machine/nixos-virtualbox/configuration.nix
View File

@ -13,7 +13,7 @@
];
sops = {
defaultSopsFile = ../../secrets.yaml;
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = true;
age = {
sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];

8
machine/nixos-vm/configuration.nix
View File

@ -34,10 +34,10 @@
# replicates the default behaviour.
networking.useDHCP = false;
# hardware.parallels = {
# enable = true;
# autoMountShares = true;
# };
# hardware.parallels = {
# enable = true;
# autoMountShares = true;
# };
services = {
k3s = {

50
machine/raspberrypi.nix
View File

@ -1,50 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
secrets = import ../configs/secrets.nix;
in {
imports = [
"${
fetchTarball
"https://github.com/NixOS/nixos-hardware/archive/936e4649098d6a5e0762058cb7687be1b2d90550.tar.gz"
}/raspberry-pi/4"
../configs/docker.nix
../configs/common.nix
../configs/user.nix
];
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = ["noatime"];
};
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "raspberrypi";
wireless = {
enable = true;
networks.Skynet.psk = secrets.wifipassword;
interfaces = ["wlan0"];
};
};
environment.systemPackages = with pkgs; [vim nano git rsync];
# Enable GPU acceleration
# hardware.raspberry-pi."4".fkms-3d.enable = true;
# services.xserver = {
# enable = true;
# displayManager.lightdm.enable = true;
# desktopManager.xfce.enable = true;
# };
# hardware.pulseaudio.enable = true;
system.stateVersion = "22.05";
}

180
machine/thinkpad.nix
View File

@ -1,180 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
secrets = import ../configs/secrets.nix;
be = import ../configs/borg-exclude.nix;
in {
imports = [
<nixos-hardware/lenovo/thinkpad/x1-extreme>
/etc/nixos/hardware-configuration.nix
../configs/common.nix
../configs/docker.nix
../configs/virtualisation.nix
../configs/plasma.nix
../configs/user-gui.nix
../configs/user.nix
];
boot = {
# initrd = {
# preLVMCommands = lib.mkBefore 400 "sleep 1";
# availableKernelModules = [ "e1000e" ];
# systemd.enable = true;
# luks.forceLuksSupportInInitrd = true;
# network = {
# enable = true;
# ssh = {
# enable = true;
# port = 22;
# authorizedKeys = [
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski"
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYEaT0gH9yJM2Al0B+VGXdZB/b2qjZK7n01Weq0TcmQ alex@framework"
# ];
# hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
# };
# postCommands = let
# # I use a LUKS 2 label. Replace this with your disk device's path.
# disk = "/dev/disk/by-label/nixos";
# in ''
# echo 'cryptsetup open ${disk} root --type luks && echo > /tmp/continue' >> /root/.profile
# echo 'starting sshd...'
# '';
# };
# postDeviceCommands = ''
# echo 'waiting for root device to be opened...'
# mkfifo /tmp/continue
# cat /tmp/continue
# '';
# };
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
editor = false;
};
efi = {
canTouchEfiVariables = false;
};
};
plymouth.enable = true;
};
# boot.initrd.luks.devices."nixos".preLVM = true;
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking = {
hostName = "thinkpad";
useDHCP = false;
firewall = {enable = false;};
interfaces.enp0s31f6.useDHCP = true;
wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.8/24"];
privateKey = secrets.wireguard-thinkpad-private;
peers = [
{
publicKey = secrets.wireguard-vps-public;
presharedKey = secrets.wireguard-preshared;
allowedIPs = ["10.100.0.0/24"];
endpoint = "207.180.220.97:51820";
persistentKeepalive = 25;
}
];
};
};
};
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "latarcyrheb-sun32";
keyMap = "us";
};
# Enable sound.
# hardware.pulseaudio = {
# enable = true;
# support32Bit = true;
# daemon = {
# config = {
# avoid-resampling = "yes";
# };
# };
# configFile = pkgs.runCommand "default.pa" { } ''
# sed 's/module-udev-detect$/module-udev-detect tsched=0/' \
# ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
# '';
# };
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
services = {
thinkfan = {
enable = true;
levels = [
[0 0 67]
[1 65 75]
[2 73 80]
[3 78 85]
[4 83 90]
[6 88 95]
[7 93 32767]
];
};
# xserver = {
# enable = true;
# displayManager.sddm.enable = true;
# desktopManager.plasma5.enable = true;
# };
# xrdp = {
# enable = true;
# defaultWindowManager = "startplasma-x11";
# };
power-profiles-daemon.enable = false;
auto-cpufreq.enable = true;
tlp.enable = false;
# tlp = {
# enable = true;
# settings = {
# START_CHARGE_THRESH_BAT0 = 80;
# STOP_CHARGE_THRESH_BAT0 = 90;
# };
# };
};
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
environment.systemPackages = with pkgs; [
intel-gpu-tools
];
powerManagement.powertop.enable = true;
system.stateVersion = "23.11";
}

2
machine/vps-arm/configuration.nix
View File

@ -26,7 +26,7 @@ in {
];
sops = {
defaultSopsFile = ../../secrets-vps-arm.yaml;
defaultSopsFile = ../../secrets/secrets-vps-arm.yaml;
secrets = {
borg-key = {
owner = config.users.users.alex.name;