Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Format everything with alejandra

Browse source
This commit is contained in:
Toast 2024-03-20 12:54:25 +01:00
parent 82bbd7ce87
commit 7888103b1e
100 changed files with 2827 additions and 2756 deletions
Download patch file Download diff file Expand all files Collapse all files

384
flake.nix
View file

@ -1,205 +1,219 @@
{
description = "Configuration for Everest";
description = "Configuration for Everest";
inputs = {
secrets = {
url = "git+ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets";
flake = false;
};
nixpkgs-raw.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable-raw.url = "nixpkgs/nixos-unstable";
inputs = {
secrets = {
url = "git+ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets";
flake = false;
};
nixpkgs-raw.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable-raw.url = "nixpkgs/nixos-unstable";
agenix = {
url = "github:ryantm/agenix";
inputs = {
nixpkgs.follows = "nixpkgs-raw";
darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
};
};
agenix = {
url = "github:ryantm/agenix";
inputs = {
nixpkgs.follows = "nixpkgs-raw";
darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
};
};
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs-raw";
};
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs-raw";
};
home-manager-unstable = {
url = "github:nix-community/home-manager/";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
home-manager-unstable = {
url = "github:nix-community/home-manager/";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
nix-impermanence.url = "github:nix-community/impermanence";
jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
/*
These are the same input, just following different nixpkgs versions
This avoids some wierdness when using one that follows unstable on a stable nixpkgs
*/
nix-index-db = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-raw";
};
nix-impermanence.url = "github:nix-community/impermanence";
nix-index-db-unstable = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
/*
These are the same input, just following different nixpkgs versions
This avoids some wierdness when using one that follows unstable on a stable nixpkgs
*/
nix-index-db = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-raw";
};
plasma-manager = {
url = "github:pjones/plasma-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
inputs.home-manager.follows = "home-manager-unstable";
};
nix-index-db-unstable = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
catppuccin-vsc = {
url = "github:catppuccin/vscode";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
plasma-manager = {
url = "github:pjones/plasma-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
inputs.home-manager.follows = "home-manager-unstable";
};
vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
catppuccin-vsc = {
url = "github:catppuccin/vscode";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
};
nix-flatpak.url = "github:gmodena/nix-flatpak/main";
vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
nix-flatpak.url = "github:gmodena/nix-flatpak/main";
nur.url = "github:nix-community/NUR";
};
nur.url = "github:nix-community/NUR";
};
outputs = { ... } @inputs: with inputs;
# Patch nixpkgs
# https://ertt.ca/nix/patch-nixpkgs/
let
nixpkgs-unstable-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
name = "patched-nixpkgs-unstable";
src = nixpkgs-unstable-raw;
patches = [
];
};
nixpkgs-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
name = "patched-nixpkgs";
src = nixpkgs-raw;
patches = [
./nixpkgs-patches/0001-catppuccin-add-grub-theme.patch
./nixpkgs-patches/0002-catppuccin-add-starship-theme.patch
];
};
# https://discourse.nixos.org/t/proper-way-of-applying-patch-to-system-managed-via-flake/21073/26
nixpkgs-unstable = (import "${nixpkgs-unstable-patched}/flake.nix").outputs { self = inputs.self; };
nixpkgs = (import "${nixpkgs-patched}/flake.nix").outputs { self = inputs.self; };
in
{
devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
name = "toast-devshell";
# The agenix cli is not needed to activate a configuration, so instead of installing it
# I'll just add it to de devShell, since that's the only real time I'm going to use it.
packages = with nixpkgs.legacyPackages.x86_64-linux; [
agenix.packages.x86_64-linux.default
git
nix-diff
just
alejandra
];
shellHook =''
export PS1="$PS1(toast-configs)> "
'';
};
packages = {
x86_64-linux = with import nixpkgs-unstable-raw { system = "x86_64-linux"; }; {
anything-sync-daemon = callPackage ./pkgs/anything-sync-daemon {};
discord-krisp-fixer = callPackage ./pkgs/discord-krisp-fixer {};
};
};
nixosConfigurations = {
Archie = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; };
/*
I used to set up nixpkgs in the flake, but doing that made
defining overlays in modules impossible (or at least I could
not figure out how)
Also has nice side effect of making it easier to add new systems :3
*/
modules = [
agenix.nixosModules.default
home-manager-unstable.nixosModule
nix-index-db-unstable.nixosModules.nix-index
./roles/common
./roles/desktop
./roles/kde
./roles/gaming
./roles/school
./machines/Archie
];
};
outputs = {...} @ inputs:
with inputs;
# Patch nixpkgs
# https://ertt.ca/nix/patch-nixpkgs/
let
nixpkgs-unstable-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
name = "patched-nixpkgs-unstable";
src = nixpkgs-unstable-raw;
patches = [
];
};
nixpkgs-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
name = "patched-nixpkgs";
src = nixpkgs-raw;
patches = [
./nixpkgs-patches/0001-catppuccin-add-grub-theme.patch
./nixpkgs-patches/0002-catppuccin-add-starship-theme.patch
];
};
# https://discourse.nixos.org/t/proper-way-of-applying-patch-to-system-managed-via-flake/21073/26
nixpkgs-unstable = (import "${nixpkgs-unstable-patched}/flake.nix").outputs {self = inputs.self;};
nixpkgs = (import "${nixpkgs-patched}/flake.nix").outputs {self = inputs.self;};
in {
devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
name = "toast-devshell";
# The agenix cli is not needed to activate a configuration, so instead of installing it
# I'll just add it to de devShell, since that's the only real time I'm going to use it.
packages = with nixpkgs.legacyPackages.x86_64-linux; [
agenix.packages.x86_64-linux.default
git
nix-diff
just
alejandra
];
shellHook = ''
export PS1="$PS1(toast-configs)> "
'';
};
packages = {
x86_64-linux = with import nixpkgs-unstable-raw {system = "x86_64-linux";}; {
anything-sync-daemon = callPackage ./pkgs/anything-sync-daemon {};
discord-krisp-fixer = callPackage ./pkgs/discord-krisp-fixer {};
};
};
nixosConfigurations = {
Archie = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
systemPkgs = inputs.nixpkgs-unstable-raw;
flakeSelf = self;
};
/*
I used to set up nixpkgs in the flake, but doing that made
defining overlays in modules impossible (or at least I could
not figure out how)
Also has nice side effect of making it easier to add new systems :3
*/
modules = [
agenix.nixosModules.default
home-manager-unstable.nixosModule
nix-index-db-unstable.nixosModules.nix-index
./roles/common
./roles/desktop
./roles/kde
./roles/gaming
./roles/school
./machines/Archie
];
};
SurfaceGo = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; };
modules = [
agenix.nixosModules.default
home-manager-unstable.nixosModule
nixos-hardware.nixosModules.microsoft-surface-go
nix-index-db-unstable.nixosModules.nix-index
./roles/common
./roles/desktop
./roles/kde
./machines/SurfaceGo
];
};
SurfaceGo = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
systemPkgs = inputs.nixpkgs-unstable-raw;
flakeSelf = self;
};
modules = [
agenix.nixosModules.default
home-manager-unstable.nixosModule
nixos-hardware.nixosModules.microsoft-surface-go
nix-index-db-unstable.nixosModules.nix-index
./roles/common
./roles/desktop
./roles/kde
./machines/SurfaceGo
];
};
SteamDeck = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; };
modules = [
agenix.nixosModules.default
jovian.nixosModules.default
home-manager-unstable.nixosModule
nix-index-db-unstable.nixosModules.nix-index
./roles/common
./roles/desktop
./roles/kde
./roles/gaming
./roles/school
./machines/SteamDeck
];
};
SteamDeck = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
systemPkgs = inputs.nixpkgs-unstable-raw;
flakeSelf = self;
};
modules = [
agenix.nixosModules.default
jovian.nixosModules.default
home-manager-unstable.nixosModule
nix-index-db-unstable.nixosModules.nix-index
./roles/common
./roles/desktop
./roles/kde
./roles/gaming
./roles/school
./machines/SteamDeck
];
};
WinMax2 = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; };
modules = [
agenix.nixosModules.default
jovian.nixosModules.default
home-manager-unstable.nixosModule
nix-index-db-unstable.nixosModules.nix-index
nixos-hardware.nixosModules.gpd-win-max-2-2023
./roles/common
./roles/desktop
./roles/kde
./roles/gaming
./roles/school
./machines/WinMax2
];
};
WinMax2 = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
systemPkgs = inputs.nixpkgs-unstable-raw;
flakeSelf = self;
};
modules = [
agenix.nixosModules.default
jovian.nixosModules.default
home-manager-unstable.nixosModule
nix-index-db-unstable.nixosModules.nix-index
nixos-hardware.nixosModules.gpd-win-max-2-2023
./roles/common
./roles/desktop
./roles/kde
./roles/gaming
./roles/school
./machines/WinMax2
];
};
Everest = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-raw; flakeSelf = self; };
modules = [
agenix.nixosModules.default
home-manager.nixosModule
nix-index-db.nixosModules.nix-index
./roles/common
./roles/server
./machines/Everest
];
};
};
};
Everest = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
systemPkgs = inputs.nixpkgs-raw;
flakeSelf = self;
};
modules = [
agenix.nixosModules.default
home-manager.nixosModule
nix-index-db.nixosModules.nix-index
./roles/common
./roles/server
./machines/Everest
];
};
};
};
}

120
machines/Archie/configuration.nix
View file

@ -1,81 +1,79 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{
# Use grub boot loader
boot.loader = {
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
useOSProber = true;
};
efi.efiSysMountPoint = "/boot/efi";
};
boot.loader.efi.canTouchEfiVariables = true;
config,
pkgs,
...
}: {
# Use grub boot loader
boot.loader = {
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
useOSProber = true;
};
efi.efiSysMountPoint = "/boot/efi";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
networking.hostName = "Archie"; # Define your hostname.
networking.hostName = "Archie"; # Define your hostname.
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

12
machines/Archie/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./configuration.nix
./hardware-configuration.nix
];
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
];
}

128
machines/Archie/hardware-configuration.nix
View file

@ -1,76 +1,80 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable support for the Xbox One wireless dongle
hardware.xone.enable = true;
# Enable support for the Xbox One wireless dongle
hardware.xone.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = [ "subvol=@root" "compress=zstd" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = ["subvol=@root" "compress=zstd"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = ["subvol=@nix" "compress=zstd"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = [ "subvol=@boot" "compress=zstd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = ["subvol=@boot" "compress=zstd"];
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/FB87-4CBC";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/FB87-4CBC";
fsType = "vfat";
};
fileSystems = {
/*
Mount the root subvolume of the SSD
This is helpful for getting things from
my old Arch install, as well as for running btdu
*/
"/mnt/ssd" = {
device = config.fileSystems."/".device;
fsType = config.fileSystems."/".fsType;
options = [ "subvolid=5" "ro" ];
};
"/mnt/windows" = {
device = "/dev/disk/by-uuid/B61AFDAC1AFD6A2F";
fsType = "ntfs3";
neededForBoot = false;
options = [ "noauto" "windows_names" ];
};
"/home" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" ];
};
"/persist" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = [ "subvol=@persist" "compress=zstd" ];
neededForBoot = true;
};
};
fileSystems = {
/*
Mount the root subvolume of the SSD
This is helpful for getting things from
my old Arch install, as well as for running btdu
*/
"/mnt/ssd" = {
device = config.fileSystems."/".device;
fsType = config.fileSystems."/".fsType;
options = ["subvolid=5" "ro"];
};
"/mnt/windows" = {
device = "/dev/disk/by-uuid/B61AFDAC1AFD6A2F";
fsType = "ntfs3";
neededForBoot = false;
options = ["noauto" "windows_names"];
};
"/home" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = ["subvol=@home" "compress=zstd"];
};
"/persist" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs";
options = ["subvol=@persist" "compress=zstd"];
neededForBoot = true;
};
};
swapDevices = [ ];
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

120
machines/Everest/configuration.nix
View file

@ -1,68 +1,72 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.timeout = 5;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
config,
pkgs,
lib,
...
}: {
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.timeout = 5;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
# I'm using Nix OS, it's logo is a snowflake and the computer is
# a lot taller than the pi it's replacing, so Everest! :3 :3
networking.hostName = "Everest"; # Define your hostname.
# I'm using Nix OS, it's logo is a snowflake and the computer is
# a lot taller than the pi it's replacing, so Everest! :3 :3
networking.hostName = "Everest"; # Define your hostname.
# Set up networking
networking = {
wireless.enable = false; # Computer doesn't have wifi
enableIPv6 = false;
useNetworkd = true;
dhcpcd.enable = false;
interfaces.eno1 = {
wakeOnLan.enable = true;
ipv4.addresses = [ {
address = "192.168.0.160";
prefixLength = 24;
} ];
};
# I use networkd, so I need to declare the interface for the default gateway
defaultGateway = {
address = "192.168.0.1";
interface = "eno1";
};
nameservers = [ "9.9.9.9" ];
};
# Define a user account. Don't forget to set a password with passwd.
users.users.toast = {
extraGroups = [ "networkmanager" "transmission"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2bOVmxUNvg9qFv9DlzMmTRlzcNsyNq1F1wBuAXySwsWAzHGaO+WGdSCINxW3k2ccXn7M/o1r89LeTzRzi8sWQYCpBaIqYVszM/r7SvTS4gASyKhM6lNlyUEPOnvCXH7rdtF+fjoA1TJPv7GBk78QRhGh+eVO3qhY1m++5C1CPFlyrc6sSfgIBQJ5GQZFl/7YEgsrPo+M+0Sd7LkaCOyNmJA0Wi0BA3bbf5sJhrZVMMg/p7w+eMphz2kd1VTVjW3yeMq9zLCiu4SOTBNGCMEvKIdUZbQ83lNrqO2z1/3T1bDwJgpz3xusfkNCeNJSmhfFw5ydHEUp/9jshq38WmulKAMw2Kl/Zed62AVU7Ux7YjUkZkWvo8i3eXuLUxoG891S7cWV1/ijs9QMajOLLT14FG7RbzUYYaYlx+/iNGji9d4sp9/oMYyO45TMe+vEezFSBygP7TY0QFOr4xTi49ZRQFsszbFnGRv+k3wVKoGoeNt0xWB8pBEPFtaeHJpQyJX8= id_rsa_moon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu3crGqtxwaqgoQPt5mWlC8+PL/Icvcvo0MBAaK80L Key for work laptop"
];
};
# Set up networking
networking = {
wireless.enable = false; # Computer doesn't have wifi
enableIPv6 = false;
useNetworkd = true;
dhcpcd.enable = false;
interfaces.eno1 = {
wakeOnLan.enable = true;
ipv4.addresses = [
{
address = "192.168.0.160";
prefixLength = 24;
}
];
};
# I use networkd, so I need to declare the interface for the default gateway
defaultGateway = {
address = "192.168.0.1";
interface = "eno1";
};
nameservers = ["9.9.9.9"];
};
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false;
# Define a user account. Don't forget to set a password with passwd.
users.users.toast = {
extraGroups = ["networkmanager" "transmission"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2bOVmxUNvg9qFv9DlzMmTRlzcNsyNq1F1wBuAXySwsWAzHGaO+WGdSCINxW3k2ccXn7M/o1r89LeTzRzi8sWQYCpBaIqYVszM/r7SvTS4gASyKhM6lNlyUEPOnvCXH7rdtF+fjoA1TJPv7GBk78QRhGh+eVO3qhY1m++5C1CPFlyrc6sSfgIBQJ5GQZFl/7YEgsrPo+M+0Sd7LkaCOyNmJA0Wi0BA3bbf5sJhrZVMMg/p7w+eMphz2kd1VTVjW3yeMq9zLCiu4SOTBNGCMEvKIdUZbQ83lNrqO2z1/3T1bDwJgpz3xusfkNCeNJSmhfFw5ydHEUp/9jshq38WmulKAMw2Kl/Zed62AVU7Ux7YjUkZkWvo8i3eXuLUxoG891S7cWV1/ijs9QMajOLLT14FG7RbzUYYaYlx+/iNGji9d4sp9/oMYyO45TMe+vEezFSBygP7TY0QFOr4xTi49ZRQFsszbFnGRv+k3wVKoGoeNt0xWB8pBEPFtaeHJpQyJX8= id_rsa_moon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu3crGqtxwaqgoQPt5mWlC8+PL/Icvcvo0MBAaK80L Key for work laptop"
];
};
home-manager = {
users.toast = { config, ... }: {
home = {
file = {
# This symlinks the Transmission downloads folder into my user's downloads folder for easy access
"Downloads/Transmission".source = config.lib.file.mkOutOfStoreSymlink "/var/lib/transmission/Downloads";
};
};
};
};
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false;
# Open ports in the firewall.
# No idea what ports 5201 and 21027 do tho
networking.firewall.allowedTCPPorts = [ 5201 ];
networking.firewall.allowedUDPPorts = [ 5201 21027];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
home-manager = {
users.toast = {config, ...}: {
home = {
file = {
# This symlinks the Transmission downloads folder into my user's downloads folder for easy access
"Downloads/Transmission".source = config.lib.file.mkOutOfStoreSymlink "/var/lib/transmission/Downloads";
};
};
};
};
# Open ports in the firewall.
# No idea what ports 5201 and 21027 do tho
networking.firewall.allowedTCPPorts = [5201];
networking.firewall.allowedUDPPorts = [5201 21027];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}

12
machines/Everest/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./configuration.nix
./hardware-configuration.nix
];
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
];
}

104
machines/Everest/hardware-configuration.nix
View file

@ -1,61 +1,65 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems = {
"/" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=@"];
};
"/nix" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=@nix" ];
};
"/home" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=@home" ];
};
"/mnt/hdd" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=/" "ro" ];
};
"/persist" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=@persist" ];
neededForBoot = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = ["compress=zstd" "subvol=@"];
};
"/nix" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = ["compress=zstd" "subvol=@nix"];
};
"/home" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = ["compress=zstd" "subvol=@home"];
};
"/mnt/hdd" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = ["compress=zstd" "subvol=/" "ro"];
};
"/persist" = {
device = "/dev/disk/by-label/Everest";
fsType = "btrfs";
options = ["compress=zstd" "subvol=@persist"];
neededForBoot = true;
};
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-label/Boot";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-label/Boot";
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

164
machines/SteamDeck/configuration.nix
View file

@ -1,103 +1,103 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, ... }:
{
# Use grub boot loader
boot.loader = {
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
# No other OS on here :P
useOSProber = false;
};
efi.efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint;
};
boot.loader.efi.canTouchEfiVariables = true;
config,
pkgs,
lib,
...
}: {
# Use grub boot loader
boot.loader = {
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
# No other OS on here :P
useOSProber = false;
};
efi.efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint;
};
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "SteamDeck"; # Define your hostname.
networking.hostName = "SteamDeck"; # Define your hostname.
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
jovian = {
devices.steamdeck = {
enable = true;
};
# Steam Deck UI settings
steam = {
enable = true;
autoStart = true;
user = "toast";
desktopSession = "plasmawayland";
};
decky-loader = {
enable = true;
};
};
services.xserver.displayManager.sddm.enable = lib.mkForce false;
jovian = {
devices.steamdeck = {
enable = true;
};
# Steam Deck UI settings
steam = {
enable = true;
autoStart = true;
user = "toast";
desktopSession = "plasmawayland";
};
decky-loader = {
enable = true;
};
};
services.xserver.displayManager.sddm.enable = lib.mkForce false;
# Enable bluetooth
hardware.bluetooth = {
enable = true;
};
# Enable bluetooth
hardware.bluetooth = {
enable = true;
};
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false;
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false;
environment.systemPackages = [ pkgs.steamdeck-firmware pkgs.steamdeck-hw-theme ];
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
environment.systemPackages = [pkgs.steamdeck-firmware pkgs.steamdeck-hw-theme];
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

12
machines/SteamDeck/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./configuration.nix
./hardware-configuration.nix
];
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
];
}

124
machines/SteamDeck/hardware-configuration.nix
View file

@ -1,71 +1,73 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let
# \x20 is the escape code for a space
ssdLabel = ''Deck\\x20SSD'';
in
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: let
# \x20 is the escape code for a space
ssdLabel = ''Deck\\x20SSD'';
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable support for the Xbox One wireless dongle
hardware.xone.enable = true;
# Enable support for the Xbox One wireless dongle
hardware.xone.enable = true;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems = {
"efi_boot_partition" = {
mountPoint = "/boot/efi";
label = "deckboot";
fsType = "vfat";
};
/*
Mount the root subvolume of the SSD
This is helpful for getting things from
my old Arch install, as well as for running btdu
*/
"btrfs_root_subvolume" = {
mountPoint = "/mnt/ssd";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvolid=5" "ro" ];
};
"btrfs_root" = {
mountPoint = "/";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" ];
};
"btrfs_boot" = {
mountPoint = "/boot";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@boot" "compress=zstd" ];
};
"btrfs_home" = {
mountPoint = "/home";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" ];
};
"btrfs_nix" = {
mountPoint = "/nix";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" ];
};
};
fileSystems = {
"efi_boot_partition" = {
mountPoint = "/boot/efi";
label = "deckboot";
fsType = "vfat";
};
/*
Mount the root subvolume of the SSD
This is helpful for getting things from
my old Arch install, as well as for running btdu
*/
"btrfs_root_subvolume" = {
mountPoint = "/mnt/ssd";
label = ssdLabel;
fsType = "btrfs";
options = ["subvolid=5" "ro"];
};
"btrfs_root" = {
mountPoint = "/";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@" "compress=zstd"];
};
"btrfs_boot" = {
mountPoint = "/boot";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@boot" "compress=zstd"];
};
"btrfs_home" = {
mountPoint = "/home";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@home" "compress=zstd"];
};
"btrfs_nix" = {
mountPoint = "/nix";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@nix" "compress=zstd"];
};
};
swapDevices = [ ];
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

142
machines/SurfaceGo/configuration.nix
View file

@ -1,92 +1,92 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, ... }:
{
boot = {
loader = {
# Use grub boot loader
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
efi = {
efiSysMountPoint = "/boot/efi";
canTouchEfiVariables = true;
};
};
# I need systemd for tpm luks unlocking
initrd.systemd.enable = true;
};
config,
pkgs,
lib,
...
}: {
boot = {
loader = {
# Use grub boot loader
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
efi = {
efiSysMountPoint = "/boot/efi";
canTouchEfiVariables = true;
};
};
# I need systemd for tpm luks unlocking
initrd.systemd.enable = true;
};
security.tpm2.enable = true;
security.tpm2.enable = true;
networking.hostName = "SurfaceGo"; # Define your hostname.
networking.hostName = "SurfaceGo"; # Define your hostname.
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
console = {
# The kernel doesn't detect the scree as being HiDPI, so I need to use a bigger font
font = "ter-i32n";
};
# Enable CUPS to print documents.
# services.printing.enable = true;
console = {
# The kernel doesn't detect the scree as being HiDPI, so I need to use a bigger font
font = "ter-i32n";
};
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# The surface kernel sometimes fails to suspend/shutdown and I got tired of fighting it
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# The surface kernel sometimes fails to suspend/shutdown and I got tired of fighting it
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
# List services that you want to enable:
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

12
machines/SurfaceGo/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./configuration.nix
./hardware-configuration.nix
];
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
];
}

76
machines/SurfaceGo/hardware-configuration.nix
View file

@ -1,49 +1,51 @@
# Do not modify this file! It was generated by nixos-generate-config
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."SSD".device = "/dev/disk/by-uuid/1d8d7578-d3a1-4ea0-90ad-4257266a6caf";
boot.initrd.luks.devices."SSD".device = "/dev/disk/by-uuid/1d8d7578-d3a1-4ea0-90ad-4257266a6caf";
fileSystems."/" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = ["subvol=@" "compress=zstd"];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = ["subvol=@boot" "compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = [ "subvol=@boot" "compress=zstd" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = ["subvol=@nix" "compress=zstd"];
};
fileSystems."/nix" ={
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = ["subvol=@home" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" ];
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/EC76-201F";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/EC76-201F";
fsType = "vfat";
};
swapDevices = [];
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

256
machines/WinMax2/configuration.nix
View file

@ -1,153 +1,153 @@
# Edit this configuration file to define what should be installed on
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, ... }:
{
# Use grub boot loader
boot = {
loader = {
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
# No other OS on here :P
useOSProber = false;
};
efi = {
efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint;
canTouchEfiVariables = true;
};
};
/*
I use luks, and the systemd initrd works better for this
Both for tpm unlocking (soon) and for plymouth
*/
initrd.systemd.enable = true;
# Plymouth doesn't support fractional scaling :(
plymouth.extraConfig = "DeviceScale=2";
config,
pkgs,
lib,
...
}: {
# Use grub boot loader
boot = {
loader = {
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
# No other OS on here :P
useOSProber = false;
};
efi = {
efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint;
canTouchEfiVariables = true;
};
};
/*
I use luks, and the systemd initrd works better for this
Both for tpm unlocking (soon) and for plymouth
*/
initrd.systemd.enable = true;
# Plymouth doesn't support fractional scaling :(
plymouth.extraConfig = "DeviceScale=2";
kernelPackages = pkgs.linuxPackages_latest;
};
kernelPackages = pkgs.linuxPackages_latest;
};
networking.hostName = "WinMax2"; # Define your hostname.
networking.hostName = "WinMax2"; # Define your hostname.
specialisation.noAVX512.configuration = {
# For some reason The Finals crashes on CPUs that support AVX512
boot.kernelParams = [ "clearcpuid=304" ];
};
specialisation.noAVX512.configuration = {
# For some reason The Finals crashes on CPUs that support AVX512
boot.kernelParams = ["clearcpuid=304"];
};
# Sleep fixes
boot.kernelParams = [ "rtc_cmos.use_acpi_alarm=1" ];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="GXTP7385:00", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="PNP0C50:00", ATTR{power/wakeup}="disabled"
'';
# Sleep fixes
boot.kernelParams = ["rtc_cmos.use_acpi_alarm=1"];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="GXTP7385:00", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="PNP0C50:00", ATTR{power/wakeup}="disabled"
'';
services.handheld-daemon = {
package = pkgs.handheld-daemon.overridePythonAttrs rec{
src = pkgs.fetchFromGitHub {
owner = "hhd-dev";
repo = "hhd";
rev = "v${version}";
hash = "sha256-Ujbou+f/EvHyqpp3FCNqIyZiCEFxSeQfflR3JmRxWFc=";
};
version = "1.3.13";
};
enable = true;
user = "root";
};
services.handheld-daemon = {
package = pkgs.handheld-daemon.overridePythonAttrs rec {
src = pkgs.fetchFromGitHub {
owner = "hhd-dev";
repo = "hhd";
rev = "v${version}";
hash = "sha256-Ujbou+f/EvHyqpp3FCNqIyZiCEFxSeQfflR3JmRxWFc=";
};
version = "1.3.13";
};
enable = true;
user = "root";
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
services.xserver = {
xkb.layout = lib.mkForce "us";
displayManager.sddm.settings = {
General.GreeterEnvironment="QT_SCREEN_SCALE_FACTORS=1.75";
};
};
services.xserver = {
xkb.layout = lib.mkForce "us";
displayManager.sddm.settings = {
General.GreeterEnvironment = "QT_SCREEN_SCALE_FACTORS=1.75";
};
};
jovian = {
# Steam Deck UI settings
steam = {
enable = true;
autoStart = false;
user = "toast";
desktopSession = "plasmawayland";
};
hardware.amd.gpu.enableBacklightControl = true;
# Need patched mesa
steamos = {
enableMesaPatches = true;
enableVendorRadv = true;
};
decky-loader = {
enable = true;
};
};
jovian = {
# Steam Deck UI settings
steam = {
enable = true;
autoStart = false;
user = "toast";
desktopSession = "plasmawayland";
};
hardware.amd.gpu.enableBacklightControl = true;
# Need patched mesa
steamos = {
enableMesaPatches = true;
enableVendorRadv = true;
};
decky-loader = {
enable = true;
};
};
# Enable bluetooth
hardware.bluetooth = {
enable = true;
};
# Enable bluetooth
hardware.bluetooth = {
enable = true;
};
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
environment.sessionVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.75";
};
# Enable CUPS to print documents.
# services.printing.enable = true;
environment.sessionVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.75";
};
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false;
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false;
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

12
machines/WinMax2/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./configuration.nix
./hardware-configuration.nix
];
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
];
}

129
machines/WinMax2/hardware-configuration.nix
View file

@ -1,74 +1,75 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
let
# \x20 is the escape code for a space
ssdLabel = ''Win\\x20Max\\x202\\x20SSD'';
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
modulesPath,
...
}: let
# \x20 is the escape code for a space
ssdLabel = ''Win\\x20Max\\x202\\x20SSD'';
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.luks.devices."SSD".device = "/dev/disk/by-label/wm2-enc";
boot.initrd.luks.devices."SSD".device = "/dev/disk/by-label/wm2-enc";
fileSystems = {
"efi_boot_partition" = {
mountPoint = "/boot";
label = "winmax2boot";
fsType = "vfat";
};
/*
Mount the root subvolume of the SSD
This is helpful for getting things from
my old Arch install, as well as for running btdu
*/
"btrfs_root_subvolume" = {
mountPoint = "/mnt/ssd";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvolid=5" "ro" ];
};
"btrfs_root" = {
mountPoint = "/";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@" ];
};
"btrfs_persist" = {
mountPoint = "/persist";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@persist" ];
neededForBoot = true;
};
"btrfs_home" = {
mountPoint = "/home";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@home" ];
};
"btrfs_nix" = {
mountPoint = "/nix";
label = ssdLabel;
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
};
fileSystems = {
"efi_boot_partition" = {
mountPoint = "/boot";
label = "winmax2boot";
fsType = "vfat";
};
/*
Mount the root subvolume of the SSD
This is helpful for getting things from
my old Arch install, as well as for running btdu
*/
"btrfs_root_subvolume" = {
mountPoint = "/mnt/ssd";
label = ssdLabel;
fsType = "btrfs";
options = ["subvolid=5" "ro"];
};
"btrfs_root" = {
mountPoint = "/";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@"];
};
"btrfs_persist" = {
mountPoint = "/persist";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@persist"];
neededForBoot = true;
};
"btrfs_home" = {
mountPoint = "/home";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@home"];
};
"btrfs_nix" = {
mountPoint = "/nix";
label = ssdLabel;
fsType = "btrfs";
options = ["subvol=@nix"];
};
};
swapDevices = [ ];
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
sensor.iio.bmi260.enable = true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
sensor.iio.bmi260.enable = true;
};
}

91
pkgs/anything-sync-daemon/default.nix
View file

@ -1,56 +1,57 @@
{ stdenv
, lib
, fetchFromGitHub
, makeWrapper
, rsync
, gawk
, pv
, gnutar
, zstd
, util-linux
, coreutils
, gnugrep
, findutils
{
stdenv,
lib,
fetchFromGitHub,
makeWrapper,
rsync,
gawk,
pv,
gnutar,
zstd,
util-linux,
coreutils,
gnugrep,
findutils,
}:
stdenv.mkDerivation rec {
pname = "anything-sync-daemon";
version = "6.0.0";
pname = "anything-sync-daemon";
version = "6.0.0";
src = fetchFromGitHub {
owner = "graysky2";
repo = pname;
rev = "v${version}";
hash = "sha256-6nfaAMH5YgK6gimuZ8j1zWLTDOi11KIwW7Bf0Iwh7+I=";
};
src = fetchFromGitHub {
owner = "graysky2";
repo = pname;
rev = "v${version}";
hash = "sha256-6nfaAMH5YgK6gimuZ8j1zWLTDOi11KIwW7Bf0Iwh7+I=";
};
patches = [ ./disableDaemonStopTargets.patch ];
patches = [./disableDaemonStopTargets.patch];
nativeBuildInputs = [ makeWrapper ];
nativeBuildInputs = [makeWrapper];
postPatch = ''
substituteInPlace init/asd* \
--replace /usr/bin/anything-sync-daemon $out/bin/anything-sync-daemon
'';
postPatch = ''
substituteInPlace init/asd* \
--replace /usr/bin/anything-sync-daemon $out/bin/anything-sync-daemon
'';
enableParallelBuilding = true;
enableParallelBuilding = true;
makeFlags = [
"DESTDIR=${placeholder "out"}"
"PREFIX="
"INITDIR_SYSTEMD=/lib/systemd/system"
];
makeFlags = [
"DESTDIR=${placeholder "out"}"
"PREFIX="
"INITDIR_SYSTEMD=/lib/systemd/system"
];
installTargets = [ "install-systemd-all" ];
installTargets = ["install-systemd-all"];
postInstall = ''
wrapProgram $out/bin/anything-sync-daemon \
--suffix PATH : ${lib.makeBinPath [ rsync gawk pv gnutar zstd util-linux coreutils gnugrep findutils]}
'';
meta = with lib; {
description = "Symlinks and syncs user specified dirs to RAM";
homepage = "https://github.com/graysky2/anything-sync-daemon/";
license = lib.licenses.mit;
platforms = platforms.linux;
};
postInstall = ''
wrapProgram $out/bin/anything-sync-daemon \
--suffix PATH : ${lib.makeBinPath [rsync gawk pv gnutar zstd util-linux coreutils gnugrep findutils]}
'';
meta = with lib; {
description = "Symlinks and syncs user specified dirs to RAM";
homepage = "https://github.com/graysky2/anything-sync-daemon/";
license = lib.licenses.mit;
platforms = platforms.linux;
};
}

238
roles/common/configuration.nix
View file

@ -1,132 +1,136 @@
{ config, lib, pkgs, flakeSelf, ... }:
{
imports = [ flakeSelf.inputs.nur.nixosModules.nur ];
environment = {
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace
# I don't need any of them, so I just empty the list
defaultPackages = [];
};
config,
lib,
pkgs,
flakeSelf,
...
}: {
imports = [flakeSelf.inputs.nur.nixosModules.nur];
environment = {
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace
# I don't need any of them, so I just empty the list
defaultPackages = [];
};
# Set up /tmp
boot.tmp = {
useTmpfs = false;
# Cleaning out /tmp at boot if it's a tmpfs is quite stupid
cleanOnBoot = !config.boot.tmp.useTmpfs;
};
# Set up /tmp
boot.tmp = {
useTmpfs = false;
# Cleaning out /tmp at boot if it's a tmpfs is quite stupid
cleanOnBoot = !config.boot.tmp.useTmpfs;
};
# Set up zram
zramSwap = {
enable = true;
priority = 100;
memoryPercent = 60;
# zstd my beloved <3
algorithm = "zstd";
};
# zswap with zram is not a good idea
boot.kernelParams = [ "zswap.enabled=0" ];
# Set up zram
zramSwap = {
enable = true;
priority = 100;
memoryPercent = 60;
# zstd my beloved <3
algorithm = "zstd";
};
# zswap with zram is not a good idea
boot.kernelParams = ["zswap.enabled=0"];
# Set up keyboard layout
services.xserver.xkb.layout = "es";
# Set up keyboard layout
services.xserver.xkb.layout = "es";
# Set up console
console = {
packages = [ pkgs.terminus_font ];
earlySetup = true;
# mkDefault has 1000 priority, so that way I don't conflict with nixos-hardware
font = lib.mkOverride 999 "ter-i16n";
# Make the console use X's keyboard configuration
useXkbConfig = true;
};
# Set up console
console = {
packages = [pkgs.terminus_font];
earlySetup = true;
# mkDefault has 1000 priority, so that way I don't conflict with nixos-hardware
font = lib.mkOverride 999 "ter-i16n";
# Make the console use X's keyboard configuration
useXkbConfig = true;
};
boot.supportedFilesystems = [ "nfs" ];
# Set up localisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_NUMERIC = "es_ES.UTF-8";
# am/pm is nice but mm/dd/yy is yucky
LC_TIME = "es_US.UTF-8";
LC_MONETARY = "es_ES.UTF-8";
LC_MEASUREMENT = "es_ES.UTF-8";
LC_PAPER = "es_ES.UTF-8";
LC_ADDRESS = "es_US.UTF-8";
LC_NAME = "es_ES.UTF-8";
LC_TELEPHONE = "es_ES.UTF-8";
};
};
boot.supportedFilesystems = ["nfs"];
services.fwupd.enable = true;
# Set up localisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_NUMERIC = "es_ES.UTF-8";
# am/pm is nice but mm/dd/yy is yucky
LC_TIME = "es_US.UTF-8";
LC_MONETARY = "es_ES.UTF-8";
LC_MEASUREMENT = "es_ES.UTF-8";
LC_PAPER = "es_ES.UTF-8";
LC_ADDRESS = "es_US.UTF-8";
LC_NAME = "es_ES.UTF-8";
LC_TELEPHONE = "es_ES.UTF-8";
};
};
# Set up my user
users.users.toast = {
isNormalUser = true;
description = "Toast";
extraGroups = [ "wheel" ];
};
services.fwupd.enable = true;
# Set up time zone.
time.timeZone = "Europe/Madrid";
# Set up my user
users.users.toast = {
isNormalUser = true;
description = "Toast";
extraGroups = ["wheel"];
};
nixpkgs.overlays = [
(
final: prev: {
catppuccin = prev.catppuccin.override {
accent = "mauve";
variant = "mocha";
themeList = [
"bat"
"btop"
"starship"
"grub"
];
};
}
)
];
# Set up time zone.
time.timeZone = "Europe/Madrid";
home-manager = {
backupFileExtension = "hm-backup";
useGlobalPkgs = true;
verbose = true;
users.toast = { config, ... }: {
home.stateVersion = "23.11";
xdg = {
userDirs = {
enable = true;
createDirectories = true;
publicShare = null; # Disable the public folder
};
};
};
};
nixpkgs.overlays = [
(
final: prev: {
catppuccin = prev.catppuccin.override {
accent = "mauve";
variant = "mocha";
themeList = [
"bat"
"btop"
"starship"
"grub"
];
};
}
)
];
# Set up secrets
age = {
identityPaths = [
"/persist/id_host"
];
};
home-manager = {
backupFileExtension = "hm-backup";
useGlobalPkgs = true;
verbose = true;
users.toast = {config, ...}: {
home.stateVersion = "23.11";
xdg = {
userDirs = {
enable = true;
createDirectories = true;
publicShare = null; # Disable the public folder
};
};
};
};
boot.loader.grub = {
theme = "${pkgs.catppuccin}/grub";
backgroundColor = "#1E1E2E";
splashImage = "${pkgs.catppuccin}/grub/background.png";
};
# Set up secrets
age = {
identityPaths = [
"/persist/id_host"
];
};
/*
I used to keep the host keys in the repo as a secret, but since I use the
host keys for decrypting too I'm not sure encrypting a key with itself
is a good idea. Now the host keys will need to be placed manually where they are needed
For first time installs they are generated by services.openssh.hostKeys on servers, and
manually on everything else
*/
system = {
stateVersion = "23.11";
# Nix on nixos 23.05 does not have dirtyRev
configurationRevision = flakeSelf.sourceInfo.rev or flakeSelf.sourceInfo.dirtyRev or "dirty";
nixos.variant_id = lib.strings.toLower config.networking.hostName;
};
boot.loader.grub = {
theme = "${pkgs.catppuccin}/grub";
backgroundColor = "#1E1E2E";
splashImage = "${pkgs.catppuccin}/grub/background.png";
};
/*
I used to keep the host keys in the repo as a secret, but since I use the
host keys for decrypting too I'm not sure encrypting a key with itself
is a good idea. Now the host keys will need to be placed manually where they are needed
For first time installs they are generated by services.openssh.hostKeys on servers, and
manually on everything else
*/
system = {
stateVersion = "23.11";
# Nix on nixos 23.05 does not have dirtyRev
configurationRevision = flakeSelf.sourceInfo.rev or flakeSelf.sourceInfo.dirtyRev or "dirty";
nixos.variant_id = lib.strings.toLower config.networking.hostName;
};
}

14
roles/common/default.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
imports = [
./programs
./services
./configuration.nix
];
{...}: {
imports = [
./programs
./services
./configuration.nix
];
}

16
roles/common/programs/bash.nix
View file

@ -1,10 +1,8 @@
{ config, ... }:
{
home-manager.users.toast = { config, ... }: {
programs.bash = {
enable = true;
enableVteIntegration = true;
};
};
{config, ...}: {
home-manager.users.toast = {config, ...}: {
programs.bash = {
enable = true;
enableVteIntegration = true;
};
};
}

42
roles/common/programs/bat.nix
View file

@ -1,21 +1,25 @@
{ config, pkgs, ... }:
let
themeName = if config.system.nixos.release == "23.11" then "Catppuccin-mocha" else "Catppuccin Mocha";
in
{
home-manager = {
users.toast.programs.bat = {
enable = true;
config = {
theme = "catppuccin-mocha";
};
themes = {
catppuccin-mocha = {
src = pkgs.catppuccin;
file = "bat/${themeName}.tmTheme";
};
};
};
};
config,
pkgs,
...
}: let
themeName =
if config.system.nixos.release == "23.11"
then "Catppuccin-mocha"
else "Catppuccin Mocha";
in {
home-manager = {
users.toast.programs.bat = {
enable = true;
config = {
theme = "catppuccin-mocha";
};
themes = {
catppuccin-mocha = {
src = pkgs.catppuccin;
file = "bat/${themeName}.tmTheme";
};
};
};
};
}

6
roles/common/programs/btop.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home-manager = {
users.toast = {
programs.btop = {
@ -14,4 +12,4 @@
};
};
};
}
}

14
roles/common/programs/comma.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{
# Use nix-index-database's comma wrapper
programs.nix-index-database.comma.enable = true;
# Run programs from the system's nixpkgs
environment.variables = { COMMA_NIXPKGS_FLAKE="system"; };
config,
pkgs,
...
}: {
# Use nix-index-database's comma wrapper
programs.nix-index-database.comma.enable = true;
# Run programs from the system's nixpkgs
environment.variables = {COMMA_NIXPKGS_FLAKE = "system";};
}

8
roles/common/programs/command-not-found.nix
View file

@ -1,6 +1,4 @@
{ config, ... }:
{
# The nixpkgs command-not-found script does not work with flakes, so I disable it
programs.command-not-found.enable = false;
{config, ...}: {
# The nixpkgs command-not-found script does not work with flakes, so I disable it
programs.command-not-found.enable = false;
}

62
roles/common/programs/default.nix
View file

@ -1,32 +1,34 @@
{ config, pkgs, ... }:
{
imports = [
./htop.nix
./nix.nix
./micro.nix
./nix-index.nix
./command-not-found.nix
./comma.nix
./bash.nix
./git.nix
./starship.nix
./bat.nix
./btop.nix
./helix.nix
./direnv.nix
];
# Some programs dont have a programs.*.enable option, so I install their package here
environment.systemPackages = with pkgs; [
speedtest-cli
# Bat has a home manager module, but I want it to be available system wide
bat
file
nvd
ncdu
tree
btdu
iperf3
restic
];
config,
pkgs,
...
}: {
imports = [
./htop.nix
./nix.nix
./micro.nix
./nix-index.nix
./command-not-found.nix
./comma.nix
./bash.nix
./git.nix
./starship.nix
./bat.nix
./btop.nix
./helix.nix
./direnv.nix
];
# Some programs dont have a programs.*.enable option, so I install their package here
environment.systemPackages = with pkgs; [
speedtest-cli
# Bat has a home manager module, but I want it to be available system wide
bat
file
nvd
ncdu
tree
btdu
iperf3
restic
];
}

4
roles/common/programs/direnv.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
programs.direnv = {
enable = true;
nix-direnv = {

63
roles/common/programs/git.nix
View file

@ -1,34 +1,33 @@
{ config, pkgs, ... }:
let
catppuccinDelta = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "delta";
rev = "main";
hash = "sha256-0QQLkfLBVuB2re6tjtPNuOQZNK0MDBAIFgNGHZM8afs=";
};
in
{
home-manager.users.toast = {
programs.git = {
enable = true;
userName = "Toast";
userEmail = "toast003@tutamail.com";
delta = {
enable = true;
options = {
syntax-theme = "catppuccin-mocha";
features = "catppuccin-mocha";
};
};
includes = [{ path = "${catppuccinDelta}/themes/mocha.gitconfig"; }];
extraConfig = {
init.defaultBranch = "main";
diff.colorMoved = "default";
commit.verbose = "true";
};
};
};
config,
pkgs,
...
}: let
catppuccinDelta = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "delta";
rev = "main";
hash = "sha256-0QQLkfLBVuB2re6tjtPNuOQZNK0MDBAIFgNGHZM8afs=";
};
in {
home-manager.users.toast = {
programs.git = {
enable = true;
userName = "Toast";
userEmail = "toast003@tutamail.com";
delta = {
enable = true;
options = {
syntax-theme = "catppuccin-mocha";
features = "catppuccin-mocha";
};
};
includes = [{path = "${catppuccinDelta}/themes/mocha.gitconfig";}];
extraConfig = {
init.defaultBranch = "main";
diff.colorMoved = "default";
commit.verbose = "true";
};
};
};
}

6
roles/common/programs/helix.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home-manager.users.toast = {
programs.helix = {
enable = true;
@ -9,7 +7,7 @@
nixpkgs-fmt
nil
];
settings = {
settings = {
theme = "catppuccin_mocha";
editor = {
mouse = true;

26
roles/common/programs/htop.nix
View file

@ -1,15 +1,13 @@
{ config, ... }:
{
programs.htop = {
enable = true;
settings = {
tree_view = 1;
highlight_base_name = 1;
show_program_path = 0;
show_cpu_frequency = 1;
show_cpu_temperature = 1;
hide_userland_threads = 1;
};
};
{config, ...}: {
programs.htop = {
enable = true;
settings = {
tree_view = 1;
highlight_base_name = 1;
show_program_path = 0;
show_cpu_frequency = 1;
show_cpu_temperature = 1;
hide_userland_threads = 1;
};
};
}

35
roles/common/programs/micro.nix
View file

@ -1,17 +1,22 @@
{ config, pkgs, ... }:
{
home-manager = {
users.toast = { config, pkgs, ... }:
{
programs.micro = {
enable = true;
settings = {
clipboard = "internal";
indentchar = "|";
softwrap = true;
};
};
};
};
config,
pkgs,
...
}: {
home-manager = {
users.toast = {
config,
pkgs,
...
}: {
programs.micro = {
enable = true;
settings = {
clipboard = "internal";
indentchar = "|";
softwrap = true;
};
};
};
};
}

28
roles/common/programs/nix-index.nix
View file

@ -1,15 +1,15 @@
{ config, ... }:
{
/* environment.systemPackages = [ pkgs.nix-index ];
programs.bash.interactiveShellInit = ''
source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
''; */
programs.nix-index = {
enable = true;
enableBashIntegration = true;
# I don't use zsh or fish (yet)
enableZshIntegration = false;
enableFishIntegration = false;
};
{config, ...}: {
/*
environment.systemPackages = [ pkgs.nix-index ];
programs.bash.interactiveShellInit = ''
source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
'';
*/
programs.nix-index = {
enable = true;
enableBashIntegration = true;
# I don't use zsh or fish (yet)
enableZshIntegration = false;
enableFishIntegration = false;
};
}

55
roles/common/programs/nix.nix
View file

@ -1,25 +1,34 @@
{ config, systemPkgs, ... }:
{
nix = {
settings = {
auto-optimise-store = true;
experimental-features = "nix-command flakes";
};
optimise = {
automatic = true;
dates = [ "weekly" ];
};
registry = {
agenix = {
from = { id = "agenix"; type = "indirect"; };
to = { owner = "ryantm"; repo = "agenix"; type = "github"; };
};
# Write the system's nixpkgs into the registry to avoid mixing nixpkgs versions
# https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
system.flake = systemPkgs;
};
# I removed this in the past since I thought that I didn't need it, but turns out comma does :)
nixPath = [ "nixpkgs=${systemPkgs}" ];
};
config,
systemPkgs,
...
}: {
nix = {
settings = {
auto-optimise-store = true;
experimental-features = "nix-command flakes";
};
optimise = {
automatic = true;
dates = ["weekly"];
};
registry = {
agenix = {
from = {
id = "agenix";
type = "indirect";
};
to = {
owner = "ryantm";
repo = "agenix";
type = "github";
};
};
# Write the system's nixpkgs into the registry to avoid mixing nixpkgs versions
# https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
system.flake = systemPkgs;
};
# I removed this in the past since I thought that I didn't need it, but turns out comma does :)
nixPath = ["nixpkgs=${systemPkgs}"];
};
}

101
roles/common/programs/starship.nix
View file

@ -1,53 +1,52 @@
{ pkgs, lib, ... }:
with lib;
with builtins;
let
catppuccinFlavour = "mocha";
catppuccinStarship = pkgs.catppuccin + /starship/${catppuccinFlavour}.toml;
presets = {
nerdFontSymbols = pkgs.fetchurl {
url = "https://starship.rs/presets/toml/nerd-font-symbols.toml";
hash = "sha256-BVe5JMSIa3CoY2Wf9pvcF1EUtDVCWCLhW3IyKuwfHug=";
};
};
# -------------------------------- F U N C T I O N S --------------------------------
/*
Gonna be honest, I have no idea how this works, although it seems to work
Stolen from https://gist.github.com/pdalpra/daf339f59288201a6c8ba7dc84e9060e
*/
# Takes a list of attrSets and merges them
mergeAllAttrSets = attrsSets:
foldl' (recursiveUpdate) {} attrsSets;
# Reads a TOML file and parses it
readTomlPreset = file: (fromTOML (readFile file));
in
{
programs.starship = {
enable = true;
settings = mergeAllAttrSets [
(readTomlPreset presets.nerdFontSymbols)
(readTomlPreset catppuccinStarship)
{
nix_shell = {
disabled = false;
heuristic = true;
};
os = {
disabled = false;
};
directory = {
disabled = false;
truncation_length = 6;
truncation_symbol = ".../";
};
palette = "catppuccin_${catppuccinFlavour}";
}
];
};
pkgs,
lib,
...
}:
with lib;
with builtins; let
catppuccinFlavour = "mocha";
catppuccinStarship = pkgs.catppuccin + /starship/${catppuccinFlavour}.toml;
presets = {
nerdFontSymbols = pkgs.fetchurl {
url = "https://starship.rs/presets/toml/nerd-font-symbols.toml";
hash = "sha256-BVe5JMSIa3CoY2Wf9pvcF1EUtDVCWCLhW3IyKuwfHug=";
};
};
# -------------------------------- F U N C T I O N S --------------------------------
/*
Gonna be honest, I have no idea how this works, although it seems to work
Stolen from https://gist.github.com/pdalpra/daf339f59288201a6c8ba7dc84e9060e
*/
# Takes a list of attrSets and merges them
mergeAllAttrSets = attrsSets:
foldl' recursiveUpdate {} attrsSets;
# Reads a TOML file and parses it
readTomlPreset = file: (fromTOML (readFile file));
in {
programs.starship = {
enable = true;
settings = mergeAllAttrSets [
(readTomlPreset presets.nerdFontSymbols)
(readTomlPreset catppuccinStarship)
{
nix_shell = {
disabled = false;
heuristic = true;
};
os = {
disabled = false;
};
directory = {
disabled = false;
truncation_length = 6;
truncation_symbol = ".../";
};
palette = "catppuccin_${catppuccinFlavour}";
}
];
};
}

40
roles/common/services/avahi.nix
View file

@ -1,19 +1,23 @@
{ config, ... }:
let
old = {
nssmdns = true;
};
new = {
nssmdns4 = true;
};
in
{
/*
NixOS 24.05 changed the option for mnds to be able to turn on/off IPv6
23.11 doesn't support this, so I need to use the conditional to be able to
use the same config for both
*/
services.avahi = {
enable = true;
} // (if config.system.nixos.release == "23.11" then old else new);
{config, ...}: let
old = {
nssmdns = true;
};
new = {
nssmdns4 = true;
};
in {
/*
NixOS 24.05 changed the option for mnds to be able to turn on/off IPv6
23.11 doesn't support this, so I need to use the conditional to be able to
use the same config for both
*/
services.avahi =
{
enable = true;
}
// (
if config.system.nixos.release == "23.11"
then old
else new
);
}

14
roles/common/services/default.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
imports = [
./avahi.nix
./tailscale.nix
./syncthing.nix
];
{...}: {
imports = [
./avahi.nix
./tailscale.nix
./syncthing.nix
];
}

114
roles/common/services/syncthing.nix
View file

@ -1,60 +1,60 @@
{ config, flakeSelf, ... }:
let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in
{
# Get secrets
age.secrets = {
syncthingKey.file = hostSecrets + "/syncthingKey.age";
syncthingCert.file = hostSecrets + "/syncthingCert.age";
};
config,
flakeSelf,
...
}: let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in {
# Get secrets
age.secrets = {
syncthingKey.file = hostSecrets + "/syncthingKey.age";
syncthingCert.file = hostSecrets + "/syncthingCert.age";
};
services.syncthing = {
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
options = {
urAccepted = 3;
};
# Set up devices and folders common to every device
devices = {
"phone" = {
name = "Xiaomi Redmi Note 10 Pro";
id = "K7KNZ5V-XREUADL-CROQXPV-6AA4H65-2VUD34Z-VQWKJ6S-LWWW4EE-XPNEZQ6";
};
"pc" = {
name = "Archie";
id = "NJPX754-64AQNP3-7GZFIRZ-W2EDRJQ-27ORWYM-X5YXEXQ-ERRTRTQ-BSYD4AY";
};
"steamdeck" = {
name = "Steam Deck";
id = "DNFEGEA-PDEVW5A-O5VBVQK-IUXI7J5-MAHCQAG-2JLEFFM-DSXB6AS-TX6ZHAN";
};
"server" = {
name = "Everest";
id = "2GXFZJZ-CF56ER2-SISBGOF-VNXJIG5-GQC6ECA-NHCHAPX-677RSJT-RI5POAZ";
};
"surface" = {
name = "Surface Go";
id = "HTVSF3O-AHY3TNH-BLVSEGK-HRRSMHC-H5LJWVF-NDKGM6O-ATWZALC-YXNV2Q4";
};
"winmax2" = {
name = "Win Max 2";
id = "X2NILRM-ADRBQ23-AFREAZA-62GVFDF-UVMPR4L-KGHMUNY-BJ2C3CQ-RBT43QS";
};
};
folders = {
"passwords" = {
label = "KeePassXC Passwords";
id = "rdyaq-ex659";
devices = [ "phone" "pc" "steamdeck" "server" "surface" "winmax2"];
};
};
};
};
services.syncthing = {
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
options = {
urAccepted = 3;
};
# Set up devices and folders common to every device
devices = {
"phone" = {
name = "Xiaomi Redmi Note 10 Pro";
id = "K7KNZ5V-XREUADL-CROQXPV-6AA4H65-2VUD34Z-VQWKJ6S-LWWW4EE-XPNEZQ6";
};
"pc" = {
name = "Archie";
id = "NJPX754-64AQNP3-7GZFIRZ-W2EDRJQ-27ORWYM-X5YXEXQ-ERRTRTQ-BSYD4AY";
};
"steamdeck" = {
name = "Steam Deck";
id = "DNFEGEA-PDEVW5A-O5VBVQK-IUXI7J5-MAHCQAG-2JLEFFM-DSXB6AS-TX6ZHAN";
};
"server" = {
name = "Everest";
id = "2GXFZJZ-CF56ER2-SISBGOF-VNXJIG5-GQC6ECA-NHCHAPX-677RSJT-RI5POAZ";
};
"surface" = {
name = "Surface Go";
id = "HTVSF3O-AHY3TNH-BLVSEGK-HRRSMHC-H5LJWVF-NDKGM6O-ATWZALC-YXNV2Q4";
};
"winmax2" = {
name = "Win Max 2";
id = "X2NILRM-ADRBQ23-AFREAZA-62GVFDF-UVMPR4L-KGHMUNY-BJ2C3CQ-RBT43QS";
};
};
folders = {
"passwords" = {
label = "KeePassXC Passwords";
id = "rdyaq-ex659";
devices = ["phone" "pc" "steamdeck" "server" "surface" "winmax2"];
};
};
};
};
}

20
roles/common/services/tailscale.nix
View file

@ -1,12 +1,14 @@
{ config, lib, ... }:
{
services.tailscale = {
enable = true;
useRoutingFeatures = lib.mkDefault "client";
};
config,
lib,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = lib.mkDefault "client";
};
systemd.services.tailscaled.environment = {
TS_NO_LOGS_NO_SUPPORT = "true";
};
systemd.services.tailscaled.environment = {
TS_NO_LOGS_NO_SUPPORT = "true";
};
}

30
roles/desktop/configuration.nix
View file

@ -1,19 +1,21 @@
{ config, pkgs, ... }:
{
# Enable scanning
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
users.users.toast.extraGroups = [ "scanner" ];
config,
pkgs,
...
}: {
# Enable scanning
hardware.sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
};
users.users.toast.extraGroups = ["scanner"];
services.xserver.enable = true;
services.xserver.enable = true;
# Set up fonts
fonts.packages = [
( pkgs.nerdfonts.override { fonts = [ "Hack" "JetBrainsMono" ]; } )
];
# Set up fonts
fonts.packages = [
(pkgs.nerdfonts.override {fonts = ["Hack" "JetBrainsMono"];})
];
boot.plymouth.enable = true;
boot.plymouth.enable = true;
}

14
roles/desktop/default.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
imports = [
./services
./programs
./configuration.nix
];
{...}: {
imports = [
./services
./programs
./configuration.nix
];
}

24
roles/desktop/programs/default.nix
View file

@ -1,14 +1,12 @@
{ ... }:
{
imports = [
./discord.nix
./firefox.nix
./micro.nix
./keepassxc.nix
./jamesdsp.nix
./vscode.nix
./git.nix
./ssh.nix
];
{...}: {
imports = [
./discord.nix
./firefox.nix
./micro.nix
./keepassxc.nix
./jamesdsp.nix
./vscode.nix
./git.nix
./ssh.nix
];
}

80
roles/desktop/programs/discord.nix
View file

@ -1,41 +1,45 @@
{ config, pkgs, lib, ... }:
let
discordOverlay = self: super: {
discord = super.discord.override {
withOpenASAR = true;
withVencord = true;
};
# Update some stuff while I wait for nixpkgs
/*vencord = super.vencord.overrideAttrs rec {
version = "522fdcd";
src = pkgs.fetchFromGitHub {
owner = "Vendicated";
repo = "Vencord";
rev = "522fdcd";
#rev = "v${version}";
hash = "sha256-9G7FNL4pHaaLachzJmeAol0WpNUj533K2FNa7DH0eBM=";
};
};*/
};
stock-discord = self: super: {
discord = super.discord.override {
withOpenASAR = false;
withVencord = false;
};
};
in
{
# Sometimes discord breaks after updates, and launching it stock once fixes it
specialisation.stockDiscord.configuration = {
nixpkgs.overlays = lib.mkAfter [ stock-discord ];
};
config,
pkgs,
lib,
...
}: let
discordOverlay = self: super: {
discord = super.discord.override {
withOpenASAR = true;
withVencord = true;
};
# Update some stuff while I wait for nixpkgs
/*
vencord = super.vencord.overrideAttrs rec {
version = "522fdcd";
src = pkgs.fetchFromGitHub {
owner = "Vendicated";
repo = "Vencord";
rev = "522fdcd";
#rev = "v${version}";
hash = "sha256-9G7FNL4pHaaLachzJmeAol0WpNUj533K2FNa7DH0eBM=";
};
};
*/
};
stock-discord = self: super: {
discord = super.discord.override {
withOpenASAR = false;
withVencord = false;
};
};
in {
# Sometimes discord breaks after updates, and launching it stock once fixes it
specialisation.stockDiscord.configuration = {
nixpkgs.overlays = lib.mkAfter [stock-discord];
};
nixpkgs.overlays = [ discordOverlay ];
home-manager.users.toast = {
home.packages = with pkgs; [
discord
vesktop
];
};
nixpkgs.overlays = [discordOverlay];
home-manager.users.toast = {
home.packages = with pkgs; [
discord
vesktop
];
};
}

112
roles/desktop/programs/firefox.nix
View file

@ -1,57 +1,59 @@
{ config, lib, ... }:
{
# System wide firefox settings
programs.firefox = {
enable = true;
policies = {
"DisablePocket" = true;
"DisableTelemetry" = true;
# You need these for Spotify
"EncryptedMediaExtensions" = { "Enabled" = true; };
"ExtensionSettings" = {
# TODO: Install extensions the NUR instead of from AMO
"uBlock0@raymondhill.net" = {
"installation_mode" = "force_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
};
# Decentraleyes
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
"installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
};
"jid1-MnnxcxisBPnSXQ@jetpack" = {
"installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
};
# Uninstall the kde plasma integration extension if KDE is not installed
"plasma-browser-integration@kde.org"."installation_mode" = lib.mkDefault "blocked";
};
"Preferences" = {
# Enable video hardware acceleration
"media.ffmpeg.vaapi.enabled" = {
"Value" = true;
"Status" = "default";
};
"dom.security.https_only_mode" = {
"Value" = true;
"Status" = "locked";
};
"general.smoothScroll.msdPhysics.enabled" = {
"Value" = true;
"Status" = "default";
};
};
"PromptForDownloadLocation" = true;
# I use an external password manager, so the built in one just bothers me
"PasswordManagerEnabled" = false;
"Permissions" = {
"Autoplay" = {
"Allow" = [ "https://www.youtube.com" ];
"Default" = "block-audio-video";
};
};
"FirefoxHome" = { "SponsoredTopSites" = false; };
};
};
config,
lib,
...
}: {
# System wide firefox settings
programs.firefox = {
enable = true;
policies = {
"DisablePocket" = true;
"DisableTelemetry" = true;
# You need these for Spotify
"EncryptedMediaExtensions" = {"Enabled" = true;};
"ExtensionSettings" = {
# TODO: Install extensions the NUR instead of from AMO
"uBlock0@raymondhill.net" = {
"installation_mode" = "force_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
};
# Decentraleyes
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
"installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
};
"jid1-MnnxcxisBPnSXQ@jetpack" = {
"installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
};
# Uninstall the kde plasma integration extension if KDE is not installed
"plasma-browser-integration@kde.org"."installation_mode" = lib.mkDefault "blocked";
};
"Preferences" = {
# Enable video hardware acceleration
"media.ffmpeg.vaapi.enabled" = {
"Value" = true;
"Status" = "default";
};
"dom.security.https_only_mode" = {
"Value" = true;
"Status" = "locked";
};
"general.smoothScroll.msdPhysics.enabled" = {
"Value" = true;
"Status" = "default";
};
};
"PromptForDownloadLocation" = true;
# I use an external password manager, so the built in one just bothers me
"PasswordManagerEnabled" = false;
"Permissions" = {
"Autoplay" = {
"Allow" = ["https://www.youtube.com"];
"Default" = "block-audio-video";
};
};
"FirefoxHome" = {"SponsoredTopSites" = false;};
};
};
}

8
roles/desktop/programs/git.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
home-manager.users.toast = {
programs.git = {
package = pkgs.gitFull;
@ -11,6 +13,6 @@
};
};
home.packages = [ pkgs.git-cola ];
home.packages = [pkgs.git-cola];
};
}

8
roles/desktop/programs/jamesdsp.nix
View file

@ -1,5 +1,7 @@
{ config, pkgs, ... }:
{
users.users.toast.packages = [ pkgs.jamesdsp ];
config,
pkgs,
...
}: {
users.users.toast.packages = [pkgs.jamesdsp];
}

128
roles/desktop/programs/keepassxc.nix
View file

@ -1,63 +1,69 @@
{ config, pkgs, lib, ... }:
let
kpxcSettings = lib.generators.toINI {} {
General = {
# Not sure what changing this does, I'll leave it alone
ConfigVersion = 2;
MinimizeAfterUnlock = true;
AutoSaveAfterEveryChange = false;
};
GUI = {
ApplicationTheme = "classic";
MinimizeOnStartup = false;
MinimizeOnClose = true;
MinimizeToTray = true;
ShowTrayIcon = true;
# 0 is icons, 1 is text, 2 is text next to icons, 3 is text under icons, and 4 is follow style
ToolButtonStyle = 0; # Would choose 4 but it's too big for a small window
# monochrome-light, monochrome-dark or colorful
TrayIconAppearance = "monochrome-light";
};
Security = {
HideNotes = true;
IconDownloadFallback = true;
};
SSHAgent.Enabled = true;
};
in
{
home-manager = {
extraSpecialArgs = { kpxcSettings = kpxcSettings; };
users.toast = { config, pkgs, kpxcSettings, ... }: {
# No module for KeePassXC config :(
home = {
packages = [ pkgs.keepassxc ];
file = {
".config/keepassxc/keepassxc.ini".text = kpxcSettings;
# For some reason the autostart .desktop is not the same as the regular one
".config/autostart/org.keepassxc.KeePassXC.desktop".text = ''
[Desktop Entry]
Name=KeePassXC
GenericName=Password Manager
Exec=keepassxc
TryExec=keepassxc
Icon=keepassxc
StartupWMClass=keepassxc
StartupNotify=true
Terminal=false
Type=Application
Version=1.0
Categories=Utility;Security;Qt;
MimeType=application/x-keepass2;
X-GNOME-Autostart-enabled=true
X-GNOME-Autostart-Delay=2
X-KDE-autostart-after=panel
X-LXQt-Need-Tray=true
'';
};
};
};
};
config,
pkgs,
lib,
...
}: let
kpxcSettings = lib.generators.toINI {} {
General = {
# Not sure what changing this does, I'll leave it alone
ConfigVersion = 2;
MinimizeAfterUnlock = true;
AutoSaveAfterEveryChange = false;
};
GUI = {
ApplicationTheme = "classic";
MinimizeOnStartup = false;
MinimizeOnClose = true;
MinimizeToTray = true;
ShowTrayIcon = true;
# 0 is icons, 1 is text, 2 is text next to icons, 3 is text under icons, and 4 is follow style
ToolButtonStyle = 0; # Would choose 4 but it's too big for a small window
# monochrome-light, monochrome-dark or colorful
TrayIconAppearance = "monochrome-light";
};
Security = {
HideNotes = true;
IconDownloadFallback = true;
};
SSHAgent.Enabled = true;
};
in {
home-manager = {
extraSpecialArgs = {kpxcSettings = kpxcSettings;};
users.toast = {
config,
pkgs,
kpxcSettings,
...
}: {
# No module for KeePassXC config :(
home = {
packages = [pkgs.keepassxc];
file = {
".config/keepassxc/keepassxc.ini".text = kpxcSettings;
# For some reason the autostart .desktop is not the same as the regular one
".config/autostart/org.keepassxc.KeePassXC.desktop".text = ''
[Desktop Entry]
Name=KeePassXC
GenericName=Password Manager
Exec=keepassxc
TryExec=keepassxc
Icon=keepassxc
StartupWMClass=keepassxc
StartupNotify=true
Terminal=false
Type=Application
Version=1.0
Categories=Utility;Security;Qt;
MimeType=application/x-keepass2;
X-GNOME-Autostart-enabled=true
X-GNOME-Autostart-Delay=2
X-KDE-autostart-after=panel
X-LXQt-Need-Tray=true
'';
};
};
};
};
}

44
roles/desktop/programs/micro.nix
View file

@ -1,21 +1,27 @@
{ config, pkgs, lib, ... }:
{
home-manager = {
users.toast = { config, pkgs, ... }:
{
programs.micro = {
enable = true;
settings = {
# Use xclip/wl-clipboard for copying and pasting
clipboard = lib.mkForce "external";
};
};
/*
On a kde wayland session micro uses xsel or xclip instead of wl-clipboard
which doesn't work, so I only install wl-clipboard here to make micro use it
*/
home.packages = with pkgs; [ wl-clipboard ];
};
};
config,
pkgs,
lib,
...
}: {
home-manager = {
users.toast = {
config,
pkgs,
...
}: {
programs.micro = {
enable = true;
settings = {
# Use xclip/wl-clipboard for copying and pasting
clipboard = lib.mkForce "external";
};
};
/*
On a kde wayland session micro uses xsel or xclip instead of wl-clipboard
which doesn't work, so I only install wl-clipboard here to make micro use it
*/
home.packages = with pkgs; [wl-clipboard];
};
};
}

4
roles/desktop/programs/ssh.nix
View file

@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
home-manager.users.toast = {
programs.ssh = {
enable = true;

81
roles/desktop/programs/vscode.nix
View file

@ -1,40 +1,45 @@
{ config, pkgs, flakeSelf, ... }:
let inputs = flakeSelf.inputs; in
{
nixpkgs.overlays = [ inputs.catppuccin-vsc.overlays.default ];
home-manager.users.toast = {
home.packages = with pkgs; [
nixpkgs-fmt
];
programs.vscode = {
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = false;
extensions = with inputs.vscode-extensions.extensions.x86_64-linux.open-vsx; [
jnoortheen.nix-ide
(pkgs.catppuccin-vsc.override {
workbenchMode = "flat";
extraBordersEnabled = true;
})
catppuccin.catppuccin-vsc-icons
waderyan.gitblame
];
userSettings = {
# VSCode doesn't like nested settings
# https://stackoverflow.com/questions/74134436/is-it-possible-to-express-settings-in-vs-codes-settings-json-where-each-dot-sep
# TODO: write a function that unnests settings
"workbench.colorTheme" = "Catppuccin Mocha";
"workbench.iconTheme" = "catppuccin-mocha";
"editor.fontFamily" = "JetBrainsMono Nerd Font";
"editor.semanticHighlighting.enabled" = true;
"nix.enableLanguageServer" = true;
"nix.serverPath" = "${pkgs.nil}/bin/nil";
"nix.serverSettings" = {
"nil"."formatting"."command" = [ "nixpkgs-fmt" ];
};
"terminal.integrated.minimumContrastRatio" = 1;
"window.titleBarStyle" = "custom";
};
};
};
config,
pkgs,
flakeSelf,
...
}: let
inputs = flakeSelf.inputs;
in {
nixpkgs.overlays = [inputs.catppuccin-vsc.overlays.default];
home-manager.users.toast = {
home.packages = with pkgs; [
nixpkgs-fmt
];
programs.vscode = {
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = false;
extensions = with inputs.vscode-extensions.extensions.x86_64-linux.open-vsx; [
jnoortheen.nix-ide
(pkgs.catppuccin-vsc.override {
workbenchMode = "flat";
extraBordersEnabled = true;
})
catppuccin.catppuccin-vsc-icons
waderyan.gitblame
];
userSettings = {
# VSCode doesn't like nested settings
# https://stackoverflow.com/questions/74134436/is-it-possible-to-express-settings-in-vs-codes-settings-json-where-each-dot-sep
# TODO: write a function that unnests settings
"workbench.colorTheme" = "Catppuccin Mocha";
"workbench.iconTheme" = "catppuccin-mocha";
"editor.fontFamily" = "JetBrainsMono Nerd Font";
"editor.semanticHighlighting.enabled" = true;
"nix.enableLanguageServer" = true;
"nix.serverPath" = "${pkgs.nil}/bin/nil";
"nix.serverSettings" = {
"nil"."formatting"."command" = ["nixpkgs-fmt"];
};
"terminal.integrated.minimumContrastRatio" = 1;
"window.titleBarStyle" = "custom";
};
};
};
}

20
roles/desktop/services/default.nix
View file

@ -1,12 +1,10 @@
{ ... }:
{
imports = [
./ssh-agent.nix
./flatpak.nix
./syncthing.nix
./pipewire.nix
./printing.nix
./networkmanager.nix
];
{...}: {
imports = [
./ssh-agent.nix
./flatpak.nix
./syncthing.nix
./pipewire.nix
./printing.nix
./networkmanager.nix
];
}

35
roles/desktop/services/flatpak.nix
View file

@ -1,19 +1,22 @@
{ config, pkgs, flakeSelf, ... }:
{
services.flatpak.enable = true;
config,
pkgs,
flakeSelf,
...
}: {
services.flatpak.enable = true;
home-manager = {
sharedModules = [{ imports = [ flakeSelf.inputs.nix-flatpak.homeManagerModules.nix-flatpak ]; }];
users.toast = {
services.flatpak = {
packages = [ "tv.plex.PlexDesktop" ];
uninstallUnmanagedPackages = true;
update.auto = {
enable = true;
onCalendar = "weekly";
};
};
};
};
home-manager = {
sharedModules = [{imports = [flakeSelf.inputs.nix-flatpak.homeManagerModules.nix-flatpak];}];
users.toast = {
services.flatpak = {
packages = ["tv.plex.PlexDesktop"];
uninstallUnmanagedPackages = true;
update.auto = {
enable = true;
onCalendar = "weekly";
};
};
};
};
}

8
roles/desktop/services/networkmanager.nix
View file

@ -1,10 +1,6 @@
{ config, ... }:
let
{config, ...}: let
tailscaleName = config.services.tailscale.interfaceName;
in
{
in {
networking.networkmanager = {
enable = true;
unmanaged = [

16
roles/desktop/services/pipewire.nix
View file

@ -1,11 +1,9 @@
{ config, ... }:
{config, ...}: {
services.pipewire = {
enable = true;
pulse.enable = true;
};
{
services.pipewire = {
enable = true;
pulse.enable = true;
};
# This allows pipewire to get realtime priority, which (hopefully) gets rid of stutters
security.rtkit.enable = true;
# This allows pipewire to get realtime priority, which (hopefully) gets rid of stutters
security.rtkit.enable = true;
}

14
roles/desktop/services/printing.nix
View file

@ -1,9 +1,7 @@
{ config, ... }:
{
services.printing = {
enable = true;
startWhenNeeded = true;
stateless = true;
};
{config, ...}: {
services.printing = {
enable = true;
startWhenNeeded = true;
stateless = true;
};
}

40
roles/desktop/services/ssh-agent.nix
View file

@ -1,21 +1,23 @@
{ config, pkgs, ... }:
{
programs.ssh.startAgent = true;
/*
Home assistant added an option that does this
https://github.com/nix-community/home-manager/commit/2d9210f25ed18d5d4e11e6b886de4027c0c51a94
but since I still need to fix home-manager's envvars not applying I'll stick to the NixOS one
*/
/*
TODO: fix SSH_AUTH_SOCK not being set in Plasma
Turns out the NixOS module also has issues :3
The env is set but only in bash, not in the DE, so
keepass can't pick it up. For now I'll just set it manually
*/
home-manager.users.toast.xdg.configFile."plasma-workspace/env/ssh-agent.sh".text = ''
if [[ -z "$SSH_AUTH_SOCK" ]]; then
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent
fi
'';
config,
pkgs,
...
}: {
programs.ssh.startAgent = true;
/*
Home assistant added an option that does this
https://github.com/nix-community/home-manager/commit/2d9210f25ed18d5d4e11e6b886de4027c0c51a94
but since I still need to fix home-manager's envvars not applying I'll stick to the NixOS one
*/
/*
TODO: fix SSH_AUTH_SOCK not being set in Plasma
Turns out the NixOS module also has issues :3
The env is set but only in bash, not in the DE, so
keepass can't pick it up. For now I'll just set it manually
*/
home-manager.users.toast.xdg.configFile."plasma-workspace/env/ssh-agent.sh".text = ''
if [[ -z "$SSH_AUTH_SOCK" ]]; then
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent
fi
'';
}

46
roles/desktop/services/syncthing.nix
View file

@ -1,25 +1,23 @@
{ config, ... }:
{
services.syncthing = {
enable = true;
user = "toast";
group = "users";
dataDir = config.users.users.toast.home;
settings.folders."passwords".path = "~/Documents/Passwords";
};
# Allow regular users to stop syncthing
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "syncthing.service" &&
subject.user == "${config.services.syncthing.user}"
)
{
return polkit.Result.YES;
}
})
'';
{config, ...}: {
services.syncthing = {
enable = true;
user = "toast";
group = "users";
dataDir = config.users.users.toast.home;
settings.folders."passwords".path = "~/Documents/Passwords";
};
# Allow regular users to stop syncthing
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "syncthing.service" &&
subject.user == "${config.services.syncthing.user}"
)
{
return polkit.Result.YES;
}
})
'';
}

12
roles/gaming/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./programs
./services
];
{...}: {
imports = [
./programs
./services
];
}

26
roles/gaming/programs/default.nix
View file

@ -1,14 +1,16 @@
{ config, pkgs, ... }:
{
imports = [
./steam.nix
./mangohud.nix
./rpcs3.nix
./retroarch.nix
];
environment.systemPackages = with pkgs; [
heroic
prismlauncher-qt5
];
config,
pkgs,
...
}: {
imports = [
./steam.nix
./mangohud.nix
./rpcs3.nix
./retroarch.nix
];
environment.systemPackages = with pkgs; [
heroic
prismlauncher-qt5
];
}

27
roles/gaming/programs/mangohud.nix
View file

@ -1,16 +1,13 @@
{ config, ... }:
{
home-manager.users.toast = { config, ... }:
{
programs.mangohud = {
enable = true;
# This only works for Vulkan, openGL programs still need the mangohud wrapper
enableSessionWide = true;
settings = {
preset = 4;
no_display = true;
};
};
};
{config, ...}: {
home-manager.users.toast = {config, ...}: {
programs.mangohud = {
enable = true;
# This only works for Vulkan, openGL programs still need the mangohud wrapper
enableSessionWide = true;
settings = {
preset = 4;
no_display = true;
};
};
};
}

102
roles/gaming/programs/retroarch.nix
View file

@ -1,79 +1,79 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
snes-roms = [
# ActRaiser
( pkgs.fetchzip {
(pkgs.fetchzip {
url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/ActRaiser%20%28USA%29.zip";
hash = "sha256-yxIL5Pqlp8xsx7wvNO1MlB8ffDjS0xpE+yrEfMj61As=";
} )
})
# Kirby Super Star
( pkgs.fetchzip {
(pkgs.fetchzip {
url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/Kirby%20Super%20Star%20%28USA%29.zip";
hash = "sha256-NX5OjCthf4ZiAhamclRBRk8GiMjZX3JLeShm8sQdDfc=";
} )
})
# Super Mario Kart
( pkgs.fetchzip {
(pkgs.fetchzip {
url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/Super%20Mario%20Kart%20%28USA%29.zip";
hash = "sha256-RLBxPBmBrXCuPdnWE07KamBNgGJ5IntQVUPeij+2HUI=";
} )
})
];
in
{
in {
home-manager.users.toast = {
home = {
packages = [(
pkgs.retroarch.override {
cores = with pkgs.libretro; [
snes9x
];
settings = {
video_driver = "vulkan";
video_fullscreen = "true";
menu_swap_ok_cancel_buttons = "true";
input_joypad_driver = "sdl2";
# Enable touchscreen support
menu_pointer_enable = "true";
packages = [
(
pkgs.retroarch.override {
cores = with pkgs.libretro; [
snes9x
];
settings = {
video_driver = "vulkan";
video_fullscreen = "true";
menu_swap_ok_cancel_buttons = "true";
input_joypad_driver = "sdl2";
# Enable touchscreen support
menu_pointer_enable = "true";
# Folder stuffs
# Folder stuffs
# System/BIOS files
system_directory = "~/.local/share/retroarch/system";
# Downloads
core_assets_directory = "~/.local/share/retroarch/downloads";
thumbnails_directory = "~/.local/share/retroarch/thumbnails";
content_database_path = "~/.local/share/retroarch/database/rdb";
cheat_database_path = "~/.local/share/retroarch/cheats";
video_filter_dir = "~/.local/share/retroarch/filters/video";
audio_filter_dir = "~/.local/share/retroarch/filters/audio";
video_shader_dir = "~/.local/share/retroarch/shaders";
recording_output_directory = "~/.local/share/retroarch/records";
overlay_directory = "~/.local/share/retroarch/overlays";
osk_overlay_directory = "~/.local/share/retroarch/overlays/keyboards";
screenshot_directory = "~/.local/share/retroarch/screenshots";
playlist_directory = "~/.local/share/retroarch/playlists";
savefile_directory = "~/.local/share/retroarch/saves";
savestate_directory = "~/.local/share/retroarch/states";
log_dir = "~/.local/share/retroarch/logs";
# System/BIOS files
system_directory = "~/.local/share/retroarch/system";
# Downloads
core_assets_directory = "~/.local/share/retroarch/downloads";
thumbnails_directory = "~/.local/share/retroarch/thumbnails";
content_database_path = "~/.local/share/retroarch/database/rdb";
cheat_database_path = "~/.local/share/retroarch/cheats";
video_filter_dir = "~/.local/share/retroarch/filters/video";
audio_filter_dir = "~/.local/share/retroarch/filters/audio";
video_shader_dir = "~/.local/share/retroarch/shaders";
recording_output_directory = "~/.local/share/retroarch/records";
overlay_directory = "~/.local/share/retroarch/overlays";
osk_overlay_directory = "~/.local/share/retroarch/overlays/keyboards";
screenshot_directory = "~/.local/share/retroarch/screenshots";
playlist_directory = "~/.local/share/retroarch/playlists";
savefile_directory = "~/.local/share/retroarch/saves";
savestate_directory = "~/.local/share/retroarch/states";
log_dir = "~/.local/share/retroarch/logs";
# By default settings has some things that this overrides, so I need to set them myself
libretro_info_path = "${pkgs.libretro-core-info}/share/retroarch/cores";
joypad_autoconfig_dir = "${pkgs.retroarch-joypad-autoconfig}/share/libretro/autoconfig";
assets_directory = "${pkgs.retroarch-assets}/share/retroarch/assets";
};
}
)];
# By default settings has some things that this overrides, so I need to set them myself
libretro_info_path = "${pkgs.libretro-core-info}/share/retroarch/cores";
joypad_autoconfig_dir = "${pkgs.retroarch-joypad-autoconfig}/share/libretro/autoconfig";
assets_directory = "${pkgs.retroarch-assets}/share/retroarch/assets";
};
}
)
];
file."Games/Roms/SNES/" = {
onChange = ''
${pkgs.retroarch}/bin/retroarch --scan "/home/toast/Games/Roms/SNES"
'';
source = pkgs.symlinkJoin {
name = "snes-roms";
paths = [ snes-roms ];
paths = [snes-roms];
};
};
};
# Retroarch is dumb since it doesn't generate some folders (but it does for others)
systemd.user.tmpfiles.rules = [
systemd.user.tmpfiles.rules = [
"d /%h/.local/share/retroarch/playlists"
"d /%h/.local/share/retroarch/saves"
"d /%h/.local/share/retroarch/states"
@ -85,7 +85,7 @@ in
"retroarch" = {
label = "RetroArch";
id = "jxuou-2yjnu";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "~/.local/share/retroarch";
};
};

38
roles/gaming/programs/rpcs3.nix
View file

@ -1,20 +1,24 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with config; [
nur.repos.ataraxiasjel.rpcs3
];
# Compiling RPCS3 takes quite a while
nix.settings = {
substituters = [ "https://ataraxiadev-foss.cachix.org" ];
trusted-public-keys = [ "ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058=" ];
};
config,
pkgs,
...
}: {
environment.systemPackages = with config; [
nur.repos.ataraxiasjel.rpcs3
];
# Compiling RPCS3 takes quite a while
nix.settings = {
substituters = ["https://ataraxiadev-foss.cachix.org"];
trusted-public-keys = ["ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058="];
};
# Increase the memory lock limit
security.pam.loginLimits = [{
domain = "*";
item = "memlock";
type = "-"; # Applies to both hard and soft limits
value = "unlimited";
}];
# Increase the memory lock limit
security.pam.loginLimits = [
{
domain = "*";
item = "memlock";
type = "-"; # Applies to both hard and soft limits
value = "unlimited";
}
];
}

37
roles/gaming/programs/steam.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, ... }:
{
programs.steam = {
enable = true;
# Doubt that I'll use it, but I'll enable it anyways
remotePlay.openFirewall = true;
config,
pkgs,
...
}: {
programs.steam = {
enable = true;
# Doubt that I'll use it, but I'll enable it anyways
remotePlay.openFirewall = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
# Some linux native games (rise of the tomb raider) use alsa for sound
services.pipewire.alsa.enable = if config.services.pipewire.pulse.enable == true then true else false;
# Some linux native games (rise of the tomb raider) use alsa for sound
services.pipewire.alsa.enable =
if config.services.pipewire.pulse.enable == true
then true
else false;
# Celeste mod manager
home-manager.users.toast.services.flatpak.packages = [
"io.github.everestapi.Olympus"
];
# Celeste mod manager
home-manager.users.toast.services.flatpak.packages = [
"io.github.everestapi.Olympus"
];
}

10
roles/gaming/services/default.nix
View file

@ -1,7 +1,5 @@
{ ... }:
{
imports = [
./syncthing.nix
];
{...}: {
imports = [
./syncthing.nix
];
}

36
roles/gaming/services/syncthing.nix
View file

@ -1,21 +1,19 @@
{ config, ... }:
{config, ...}: {
/*
This file will sync saves for games that don't have cloud saves
TODO: turn this into a module eventually
*/
{
/*
This file will sync saves for games that don't have cloud saves
TODO: turn this into a module eventually
*/
services.syncthing.settings.folders = {
"steam-201810" = {
label = "Wolfenstein The New Order Saves";
id = "laxxf-t2wmy";
devices = [ "steamdeck" "server" "pc" ];
path = "~/.local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/";
};
};
home-manager.users.toast.home.file."steam-201810-ignore" = {
target = ".local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/.stignore";
text = "base/qconsole.log\nbase/wolfConfig.cfg";
};
services.syncthing.settings.folders = {
"steam-201810" = {
label = "Wolfenstein The New Order Saves";
id = "laxxf-t2wmy";
devices = ["steamdeck" "server" "pc"];
path = "~/.local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/";
};
};
home-manager.users.toast.home.file."steam-201810-ignore" = {
target = ".local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/.stignore";
text = "base/qconsole.log\nbase/wolfConfig.cfg";
};
}

14
roles/kde/default.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
imports = [
./plasma.nix
./sddm.nix
./programs
];
{...}: {
imports = [
./plasma.nix
./sddm.nix
./programs
];
}

318
roles/kde/plasma.nix
View file

@ -1,158 +1,172 @@
{ config, pkgs, lib, flakeSelf, ... }:
let
# Set up the default kde options
balooExcludedDirs = lib.strings.intersperse "," [
"$HOME/.cache/"
"$HOME/.config/"
"$HOME/.local/"
];
baloofilerc = lib.generators.toINI {} {
General = {
# The [$e] part allows you to use environment variables
"exclude folders[$e]" = lib.strings.concatStrings balooExcludedDirs;
};
};
# Make custom packages
breezeTint = pkgs.stdenv.mkDerivation {
name = "breeze-tint";
src = "${pkgs.breeze-qt5}";
patches = [ ./patches/BreezeTint.patch ];
installPhase = ''
runHook preInstall
mkdir -p $out/share/color-schemes/
cp -r share/color-schemes/* $out/share/color-schemes/
runHook postInstall
'';
};
# /etc/xdg is not read by plasma, so to change the default settings you need to put them in a package
plasmaDefaults = pkgs.stdenv.mkDerivation {
name = "toast-plasma-defaults";
dontUnpack = true;
installPhase = ''
runHook preInstall
set -x
mkdir -p $out/etc/xdg
echo '${baloofilerc}' > $out/etc/xdg/baloofilerc
runHook postInstall
'';
};
in
{
services.xserver = {
# Enable the Plasma 5 Desktop Environment
desktopManager.plasma5.enable = true;
displayManager.defaultSession = "plasmawayland";
};
config,
pkgs,
lib,
flakeSelf,
...
}: let
# Set up the default kde options
balooExcludedDirs = lib.strings.intersperse "," [
"$HOME/.cache/"
"$HOME/.config/"
"$HOME/.local/"
];
qt.enable = true;
baloofilerc = lib.generators.toINI {} {
General = {
# The [$e] part allows you to use environment variables
"exclude folders[$e]" = lib.strings.concatStrings balooExcludedDirs;
};
};
# GTK apps need dconf to grab the correct theme on Wayland
programs.dconf.enable = true;
# Make custom packages
breezeTint = pkgs.stdenv.mkDerivation {
name = "breeze-tint";
src = "${pkgs.breeze-qt5}";
patches = [./patches/BreezeTint.patch];
installPhase = ''
runHook preInstall
# Install the patched Breeze color schemes as well as the plasma default configs
environment.systemPackages = [ breezeTint plasmaDefaults ];
mkdir -p $out/share/color-schemes/
cp -r share/color-schemes/* $out/share/color-schemes/
# Plasma configs should be on all users
home-manager.sharedModules = [
(
{ config, ... }:
let gtk2rc = "${config.xdg.configHome}/gtk-2.0/gtkrc"; in
{
gtk.gtk2.configLocation = gtk2rc;
# Kde has an annoying habit of overwriting the gtk2 config file
home.file."${gtk2rc}".force = true;
}
)
{
imports = [ flakeSelf.inputs.plasma-manager.homeManagerModules.plasma-manager ];
gtk = {
enable = true;
# Most apps are dark, so a white cursor is easier to spot
cursorTheme = { package = pkgs.breeze-qt5; name = "Breeze_Snow"; };
iconTheme = { package = pkgs.breeze-icons; name = "breeze-dark"; };
theme = { package = pkgs.breeze-gtk; name = "Breeze"; };
# Gtk2 doesn't have a dark mode, so I just tell gtk 3 and 4 to use the dark variant
gtk3.extraConfig.gtk-application-prefer-dark-theme = true;
gtk4.extraConfig.gtk-application-prefer-dark-theme = true;
};
home.packages = [(
pkgs.catppuccin-kde.override {
flavour = [ "mocha" ];
accents = [ "mauve" ];
winDecStyles = [ "classic" ];
}
)];
programs.plasma = {
enable = true;
overrideConfig = true;
# Delete config files that I fully configure here
overrideConfigFiles = [
"plasmashellrc"
"plasma-org.kde.plasma.desktop-appletsrc"
];
workspace = {
clickItemTo = "select";
cursorTheme = "Breeze_Snow";
iconTheme = "breeze-dark";
lookAndFeel = "Catppuccin-Mocha-Mauve";
theme = "default";
colorScheme = "CatppuccinMochaMauve";
};
kwin = {
titlebarButtons = {
left = [ "on-all-desktops" "keep-above-windows" ];
right = [ "minimize" "maximize" "close" ];
};
};
panels = [{
location = "bottom";
height = 44;
widgets = [
{
name = "org.kde.plasma.kickoff";
config.General.icon = "nix-snowflake-white";
}
"org.kde.plasma.pager"
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
"org.kde.plasma.systemtray"
{
name = "org.kde.plasma.digitalclock";
config.Appearance.showSeconds = "true";
}
"org.kde.plasma.showdesktop"
];
}];
shortcuts = {
"kwin" = {
"Switch One Desktop to the Left" = [ "Meta+Ctrl+Left" ];
"Switch One Desktop to the Right" = [ "Meta+Ctrl+Right" ];
};
};
configFile = {
"kwinrc" = {
"org\\.kde\\.kdecoration2"."BorderSize" = "None";
"Desktops" = {
"Number" = 2;
"Rows" = 1;
};
"TabBox"."LayoutName" = "thumbnail_grid";
};
"kdeglobals"."General"."AccentColor" = null;
"auroraerc"."CatppuccinMocha-Classic"."ButtonSize" = 0;
"plasmanotifyrc"."Notifications"."NormalAlwaysOnTop" = true;
};
};
}
];
runHook postInstall
'';
};
# /etc/xdg is not read by plasma, so to change the default settings you need to put them in a package
plasmaDefaults = pkgs.stdenv.mkDerivation {
name = "toast-plasma-defaults";
dontUnpack = true;
installPhase = ''
runHook preInstall
set -x
mkdir -p $out/etc/xdg
echo '${baloofilerc}' > $out/etc/xdg/baloofilerc
runHook postInstall
'';
};
in {
services.xserver = {
# Enable the Plasma 5 Desktop Environment
desktopManager.plasma5.enable = true;
displayManager.defaultSession = "plasmawayland";
};
qt.enable = true;
# GTK apps need dconf to grab the correct theme on Wayland
programs.dconf.enable = true;
# Install the patched Breeze color schemes as well as the plasma default configs
environment.systemPackages = [breezeTint plasmaDefaults];
# Plasma configs should be on all users
home-manager.sharedModules = [
(
{config, ...}: let
gtk2rc = "${config.xdg.configHome}/gtk-2.0/gtkrc";
in {
gtk.gtk2.configLocation = gtk2rc;
# Kde has an annoying habit of overwriting the gtk2 config file
home.file."${gtk2rc}".force = true;
}
)
{
imports = [flakeSelf.inputs.plasma-manager.homeManagerModules.plasma-manager];
gtk = {
enable = true;
# Most apps are dark, so a white cursor is easier to spot
cursorTheme = {
package = pkgs.breeze-qt5;
name = "Breeze_Snow";
};
iconTheme = {
package = pkgs.breeze-icons;
name = "breeze-dark";
};
theme = {
package = pkgs.breeze-gtk;
name = "Breeze";
};
# Gtk2 doesn't have a dark mode, so I just tell gtk 3 and 4 to use the dark variant
gtk3.extraConfig.gtk-application-prefer-dark-theme = true;
gtk4.extraConfig.gtk-application-prefer-dark-theme = true;
};
home.packages = [
(
pkgs.catppuccin-kde.override {
flavour = ["mocha"];
accents = ["mauve"];
winDecStyles = ["classic"];
}
)
];
programs.plasma = {
enable = true;
overrideConfig = true;
# Delete config files that I fully configure here
overrideConfigFiles = [
"plasmashellrc"
"plasma-org.kde.plasma.desktop-appletsrc"
];
workspace = {
clickItemTo = "select";
cursorTheme = "Breeze_Snow";
iconTheme = "breeze-dark";
lookAndFeel = "Catppuccin-Mocha-Mauve";
theme = "default";
colorScheme = "CatppuccinMochaMauve";
};
kwin = {
titlebarButtons = {
left = ["on-all-desktops" "keep-above-windows"];
right = ["minimize" "maximize" "close"];
};
};
panels = [
{
location = "bottom";
height = 44;
widgets = [
{
name = "org.kde.plasma.kickoff";
config.General.icon = "nix-snowflake-white";
}
"org.kde.plasma.pager"
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
"org.kde.plasma.systemtray"
{
name = "org.kde.plasma.digitalclock";
config.Appearance.showSeconds = "true";
}
"org.kde.plasma.showdesktop"
];
}
];
shortcuts = {
"kwin" = {
"Switch One Desktop to the Left" = ["Meta+Ctrl+Left"];
"Switch One Desktop to the Right" = ["Meta+Ctrl+Right"];
};
};
configFile = {
"kwinrc" = {
"org\\.kde\\.kdecoration2"."BorderSize" = "None";
"Desktops" = {
"Number" = 2;
"Rows" = 1;
};
"TabBox"."LayoutName" = "thumbnail_grid";
};
"kdeglobals"."General"."AccentColor" = null;
"auroraerc"."CatppuccinMocha-Classic"."ButtonSize" = 0;
"plasmanotifyrc"."Notifications"."NormalAlwaysOnTop" = true;
};
};
}
];
}

24
roles/kde/programs/default.nix
View file

@ -1,15 +1,13 @@
{ config, ... }:
{config, ...}: {
imports = [
./kate.nix
./firefox.nix
./skanpage.nix
./neochat.nix
./konsole.nix
./git.nix
];
{
imports = [
./kate.nix
./firefox.nix
./skanpage.nix
./neochat.nix
./konsole.nix
./git.nix
];
# Enable the kde partition manager
programs.partition-manager.enable = true;
# Enable the kde partition manager
programs.partition-manager.enable = true;
}

62
roles/kde/programs/firefox.nix
View file

@ -1,32 +1,34 @@
{ config, pkgs, ... }:
{
# KDE specific firefox settings
programs.firefox = {
policies = {
"ExtensionSettings" = {
# TODO: Install extensions the NUR instead of from AMO
"plasma-browser-integration@kde.org" = {
"installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi";
};
};
"Preferences" = {
# Make firefox use the kde file picker
"widget.use-xdg-desktop-portal.file-picker" = {
"Value" = 1;
"Status" = "default";
};
/*
https://wiki.archlinux.org/title/Firefox#KDE_integration tells me to enable this,
but strangely enough doing so makes firefox ask to be set as the default browser
every time you start it up, so I'll disable it
*/
"widget.use-xdg-desktop-portal.mime-handler" = {
"Value" = 0;
"Status" = "default";
};
};
};
};
config,
pkgs,
...
}: {
# KDE specific firefox settings
programs.firefox = {
policies = {
"ExtensionSettings" = {
# TODO: Install extensions the NUR instead of from AMO
"plasma-browser-integration@kde.org" = {
"installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi";
};
};
"Preferences" = {
# Make firefox use the kde file picker
"widget.use-xdg-desktop-portal.file-picker" = {
"Value" = 1;
"Status" = "default";
};
/*
https://wiki.archlinux.org/title/Firefox#KDE_integration tells me to enable this,
but strangely enough doing so makes firefox ask to be set as the default browser
every time you start it up, so I'll disable it
*/
"widget.use-xdg-desktop-portal.mime-handler" = {
"Value" = 0;
"Status" = "default";
};
};
};
};
}

6
roles/kde/programs/git.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
home-manager.users.toast = {
programs.git = {
extraConfig = {

16
roles/kde/programs/kate.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.kate ];
config,
pkgs,
...
}: {
environment.systemPackages = [pkgs.kate];
# Use kwrite to open text files, and kate if I'm developing stuff
xdg.mime.defaultApplications = {
"text/plain" = "org.kde.kwrite.desktop";
};
# Use kwrite to open text files, and kate if I'm developing stuff
xdg.mime.defaultApplications = {
"text/plain" = "org.kde.kwrite.desktop";
};
}

24
roles/kde/programs/konsole.nix
View file

@ -1,17 +1,17 @@
{ pkgs, ... }:
let
catppuccinKonsole = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "konsole";
# Latest commit is 7d86b8a1e56e58f6b5649cdaac543a573ac194ca
rev = "main";
hash = "sha256-EwSJMTxnaj2UlNJm1t6znnatfzgm1awIQQUF3VPfCTM=";
} + /Catppuccin-Mocha.colorscheme;
in
{
{pkgs, ...}: let
catppuccinKonsole =
pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "konsole";
# Latest commit is 7d86b8a1e56e58f6b5649cdaac543a573ac194ca
rev = "main";
hash = "sha256-EwSJMTxnaj2UlNJm1t6znnatfzgm1awIQQUF3VPfCTM=";
}
+ /Catppuccin-Mocha.colorscheme;
in {
home-manager.users.toast = {
xdg.dataFile = {
"konsole/Catppuccin-Mocha.colorscheme".source = catppuccinKonsole;
};
};
}
}

8
roles/kde/programs/neochat.nix
View file

@ -1,7 +1,5 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home-manager.users.toast = {
home.packages = [ pkgs.neochat ];
home.packages = [pkgs.neochat];
};
}
}

17
roles/kde/programs/skanpage.nix
View file

@ -1,9 +1,12 @@
{ config, lib, pkgs, ... }:
{
# Only install skanpage if scanning is set up
config = lib.mkIf config.hardware.sane.enable {
environment.systemPackages = [ pkgs.skanpage ];
};
# environment.systemPackages = if config.hardware.sane.enable == true then [ pkgs.skanpage ] else [];
config,
lib,
pkgs,
...
}: {
# Only install skanpage if scanning is set up
config = lib.mkIf config.hardware.sane.enable {
environment.systemPackages = [pkgs.skanpage];
};
# environment.systemPackages = if config.hardware.sane.enable == true then [ pkgs.skanpage ] else [];
}

106
roles/kde/sddm.nix
View file

@ -1,56 +1,56 @@
{ config, pkgs, ... }:
let
currentTheme = config.services.xserver.displayManager.sddm.theme;
sddm-sugar-candy = pkgs.stdenv.mkDerivation {
pname = "sddm-sugar-candy";
version = "master";
src = pkgs.fetchgit {
url = "https://framagit.org/MarianArlt/sddm-sugar-candy.git";
hash = "sha256-XggFVsEXLYklrfy1ElkIp9fkTw4wvXbyVkaVCZq4ZLU=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/sugar-candy
cp -r /build/sddm-sugar-candy/* $out/share/sddm/themes/sugar-candy
runHook postInstall
'';
};
/*
Adds a theme.conf.user file to the current sddm theme's folder,
allowing you to change it's configuration without needing to
repackage it
*/
customcfg = pkgs.stdenv.mkDerivation {
name = "sddm-theme-customizer";
dontUnpack = true;
# TODO: generate theme.conf.user outside of installPhase
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/${currentTheme}/
echo "[General]
background = ${pkgs.plasma-workspace-wallpapers}/share/wallpapers/MilkyWay/contents/images/5120x2880.png" >> $out/share/sddm/themes/${currentTheme}/theme.conf.user
runHook postInstall
'';
};
in
{
# Enable SDDM.
services.xserver.displayManager.sddm = {
enable = true;
theme = "sugar-candy";
settings = {
General = { Numlock = "on"; };
Theme = { CursorTheme = "Breeze_Snow"; };
};
};
config,
pkgs,
...
}: let
currentTheme = config.services.xserver.displayManager.sddm.theme;
environment.systemPackages = [ sddm-sugar-candy customcfg ];
sddm-sugar-candy = pkgs.stdenv.mkDerivation {
pname = "sddm-sugar-candy";
version = "master";
src = pkgs.fetchgit {
url = "https://framagit.org/MarianArlt/sddm-sugar-candy.git";
hash = "sha256-XggFVsEXLYklrfy1ElkIp9fkTw4wvXbyVkaVCZq4ZLU=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/sugar-candy
cp -r /build/sddm-sugar-candy/* $out/share/sddm/themes/sugar-candy
runHook postInstall
'';
};
/*
Adds a theme.conf.user file to the current sddm theme's folder,
allowing you to change it's configuration without needing to
repackage it
*/
customcfg = pkgs.stdenv.mkDerivation {
name = "sddm-theme-customizer";
dontUnpack = true;
# TODO: generate theme.conf.user outside of installPhase
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/${currentTheme}/
echo "[General]
background = ${pkgs.plasma-workspace-wallpapers}/share/wallpapers/MilkyWay/contents/images/5120x2880.png" >> $out/share/sddm/themes/${currentTheme}/theme.conf.user
runHook postInstall
'';
};
in {
# Enable SDDM.
services.xserver.displayManager.sddm = {
enable = true;
theme = "sugar-candy";
settings = {
General = {Numlock = "on";};
Theme = {CursorTheme = "Breeze_Snow";};
};
};
environment.systemPackages = [sddm-sugar-candy customcfg];
}

12
roles/school/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./services
./programs
];
{...}: {
imports = [
./services
./programs
];
}

28
roles/school/programs/default.nix
View file

@ -1,15 +1,17 @@
{ config, pkgs, ... }:
{
imports = [
./virtualbox.nix
./idea.nix
./vscode.nix
./helix.nix
./unity.nix
];
environment.systemPackages = with pkgs; [
dia
];
config,
pkgs,
...
}: {
imports = [
./virtualbox.nix
./idea.nix
./vscode.nix
./helix.nix
./unity.nix
];
environment.systemPackages = with pkgs; [
dia
];
}

5
roles/school/programs/helix.nix
View file

@ -1,7 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home-manager.users.toast = {
programs.helix = {
extraPackages = with pkgs; [

60
roles/school/programs/idea.nix
View file

@ -1,33 +1,35 @@
{ config, pkgs, ... }:
with pkgs;
{
environment.systemPackages = with jetbrains; [
idea-ultimate
];
config,
pkgs,
...
}:
with pkgs; {
environment.systemPackages = with jetbrains; [
idea-ultimate
];
home-manager.users.toast = {
# Install plugins
home.file = {
".local/share/JetBrains/IntelliJIdea2023.3/catppuccin.jar".source = fetchurl {
url = "https://github.com/catppuccin/jetbrains/releases/download/v3.2.3/Catppuccin.Theme-3.2.3.jar";
hash = "sha256-v5BZ2UKEBA/0DHKGwmprmuu0RcJCDsxzWmCdnX9aXpE=";
};
".local/share/JetBrains/IntelliJIdea2023.3/rainbow-brackets".source = fetchzip {
url = "https://github.com/izhangzhihao/intellij-rainbow-brackets/releases/download/latest/intellij-rainbow-brackets-2023.3.9-233.zip";
hash = "sha256-faMDP6kU21WOHVjY5Aj4/Glqymo1iUCTuUJdHsq1N/s=";
};
".local/share/JetBrains/IntelliJIdea2023.3/catppuccin-icons.jar".source = fetchurl {
url = "https://github.com/catppuccin/jetbrains-icons/releases/download/v1.1.1/Catppuccin.Icons-1.1.1.jar";
hash = "sha256-Bn0Yn0RlNmJQCSC0MJQrKjeERzfHhupWnyYm0YjXFwY=";
};
};
home-manager.users.toast = {
# Install plugins
home.file = {
".local/share/JetBrains/IntelliJIdea2023.3/catppuccin.jar".source = fetchurl {
url = "https://github.com/catppuccin/jetbrains/releases/download/v3.2.3/Catppuccin.Theme-3.2.3.jar";
hash = "sha256-v5BZ2UKEBA/0DHKGwmprmuu0RcJCDsxzWmCdnX9aXpE=";
};
".local/share/JetBrains/IntelliJIdea2023.3/rainbow-brackets".source = fetchzip {
url = "https://github.com/izhangzhihao/intellij-rainbow-brackets/releases/download/latest/intellij-rainbow-brackets-2023.3.9-233.zip";
hash = "sha256-faMDP6kU21WOHVjY5Aj4/Glqymo1iUCTuUJdHsq1N/s=";
};
".local/share/JetBrains/IntelliJIdea2023.3/catppuccin-icons.jar".source = fetchurl {
url = "https://github.com/catppuccin/jetbrains-icons/releases/download/v1.1.1/Catppuccin.Icons-1.1.1.jar";
hash = "sha256-Bn0Yn0RlNmJQCSC0MJQrKjeERzfHhupWnyYm0YjXFwY=";
};
};
/*
If you use programs.java.enable intellij picks up the jdk package directly, which is not ideal
This adds the jdks I want to use to a directory intellij expects jdks to be
*/
home.file.".jdks/jdk8".source = "${pkgs.jdk8}/lib/openjdk";
home.file.".jdks/jdk17".source = "${pkgs.jdk17}/lib/openjdk";
};
/*
If you use programs.java.enable intellij picks up the jdk package directly, which is not ideal
This adds the jdks I want to use to a directory intellij expects jdks to be
*/
home.file.".jdks/jdk8".source = "${pkgs.jdk8}/lib/openjdk";
home.file.".jdks/jdk17".source = "${pkgs.jdk17}/lib/openjdk";
};
}

12
roles/school/programs/unity.nix
View file

@ -1,9 +1,9 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home-manager.users.toast = {
home.packages = [(
pkgs.unityhub
)];
home.packages = [
(
pkgs.unityhub
)
];
};
}

28
roles/school/programs/virtualbox.nix
View file

@ -1,15 +1,15 @@
{ config, ... }:
{
# Need to use visual studio 2019 :(
virtualisation.virtualbox.host = {
enable = true;
};
home-manager.sharedModules = [{
systemd.user.tmpfiles.rules = [
"d '/%h/VirtualBox VMs'"
"h '/%h/VirtualBox VMs' - - - - C "
];
}];
users.users.toast.extraGroups = [ "vboxusers" ];
{config, ...}: {
# Need to use visual studio 2019 :(
virtualisation.virtualbox.host = {
enable = true;
};
home-manager.sharedModules = [
{
systemd.user.tmpfiles.rules = [
"d '/%h/VirtualBox VMs'"
"h '/%h/VirtualBox VMs' - - - - C "
];
}
];
users.users.toast.extraGroups = ["vboxusers"];
}

38
roles/school/programs/vscode.nix
View file

@ -1,18 +1,24 @@
{ config, pkgs, lib, flakeSelf, ... }:
let inputs = flakeSelf.inputs; in
{
home-manager.users.toast.programs.vscode = {
# The redhat xml extension needs an fhs environment
package = lib.mkForce pkgs.vscodium-fhs;
extensions = with inputs.vscode-extensions.extensions.x86_64-linux; [
open-vsx.redhat.vscode-xml
open-vsx.tomoki1207.pdf
open-vsx.ms-vscode.live-server
open-vsx.ecmel.vscode-html-css
open-vsx.angular.ng-template
];
userSettings = {
redhat.telemetry.enabled = false;
};
};
config,
pkgs,
lib,
flakeSelf,
...
}: let
inputs = flakeSelf.inputs;
in {
home-manager.users.toast.programs.vscode = {
# The redhat xml extension needs an fhs environment
package = lib.mkForce pkgs.vscodium-fhs;
extensions = with inputs.vscode-extensions.extensions.x86_64-linux; [
open-vsx.redhat.vscode-xml
open-vsx.tomoki1207.pdf
open-vsx.ms-vscode.live-server
open-vsx.ecmel.vscode-html-css
open-vsx.angular.ng-template
];
userSettings = {
redhat.telemetry.enabled = false;
};
};
}

16
roles/school/services/default.nix
View file

@ -1,10 +1,8 @@
{ ... }:
{
imports = [
./syncthing.nix
./mysql.nix
./xampp.nix
./mongodb.nix
];
{...}: {
imports = [
./syncthing.nix
./mysql.nix
./xampp.nix
./mongodb.nix
];
}

55
roles/school/services/mongodb.nix
View file

@ -1,31 +1,34 @@
{ config, pkgs, lib, ... }:
{
services.mongodb = {
enable = true;
package = pkgs.mongodb-4_4;
user = "toast";
};
config,
pkgs,
lib,
...
}: {
services.mongodb = {
enable = true;
package = pkgs.mongodb-4_4;
user = "toast";
};
# Don't autostart MySQL
systemd.services.mongodb.wantedBy = lib.mkForce [];
# Don't autostart MySQL
systemd.services.mongodb.wantedBy = lib.mkForce [];
# Allow regular users to start/stop mongodb
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "mongodb.service" &&
subject.user == "${config.services.mongodb.user}"
)
{
return polkit.Result.YES;
}
})
'';
# Allow regular users to start/stop mongodb
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "mongodb.service" &&
subject.user == "${config.services.mongodb.user}"
)
{
return polkit.Result.YES;
}
})
'';
environment.systemPackages = with pkgs; [
mongosh
];
environment.systemPackages = with pkgs; [
mongosh
];
}

59
roles/school/services/mysql.nix
View file

@ -1,33 +1,36 @@
{ config, pkgs, lib, ... }:
{
services.mysql = {
enable = true;
package = pkgs.mysql80;
user = "toast";
group = "users";
};
config,
pkgs,
lib,
...
}: {
services.mysql = {
enable = true;
package = pkgs.mysql80;
user = "toast";
group = "users";
};
# Don't autostart MySQL
systemd.services.mysql.wantedBy = lib.mkForce [];
# Don't autostart MySQL
systemd.services.mysql.wantedBy = lib.mkForce [];
# Allow regular users to start/stop mysql
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "mysql.service" &&
subject.user == "${config.services.mysql.user}"
)
{
return polkit.Result.YES;
}
})
'';
# Allow regular users to start/stop mysql
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "mysql.service" &&
subject.user == "${config.services.mysql.user}"
)
{
return polkit.Result.YES;
}
})
'';
environment.systemPackages = with pkgs; [
mysql-workbench
mycli
];
environment.systemPackages = with pkgs; [
mysql-workbench
mycli
];
}

20
roles/school/services/syncthing.nix
View file

@ -1,12 +1,10 @@
{ config, ... }:
{
services.syncthing.settings.folders = {
"school-things" = {
label = "School things";
id = "z6alc-nfoqr";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "~/Documents/School things";
};
};
{config, ...}: {
services.syncthing.settings.folders = {
"school-things" = {
label = "School things";
id = "z6alc-nfoqr";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "~/Documents/School things";
};
};
}

70
roles/school/services/xampp.nix
View file

@ -1,36 +1,38 @@
{ config, pkgs, ... }:
let
booDark = pkgs.fetchzip {
url = "https://github.com/adorade/boodark/releases/download/v1.1.1/boodark-v1.1.1.zip";
hash = "sha256-GE/FtFlU6A4I9sRyjMhQIidGpDLD99Wzzngz3QI/rSo=";
};
in
{
# I tried setting up httpd + php in class but I just gave up
virtualisation.oci-containers = {
containers."xampp" = {
autoStart = false;
image = "tomsik68/xampp";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
volumes = [
"xampp-mysql:/opt/lampp/var/mysql"
# No dark mode installed by default :(
"${booDark}:/opt/lampp/phpmyadmin/themes/booDark"
];
ports = [ "41061:22" "41062:80" ];
};
};
config,
pkgs,
...
}: let
booDark = pkgs.fetchzip {
url = "https://github.com/adorade/boodark/releases/download/v1.1.1/boodark-v1.1.1.zip";
hash = "sha256-GE/FtFlU6A4I9sRyjMhQIidGpDLD99Wzzngz3QI/rSo=";
};
in {
# I tried setting up httpd + php in class but I just gave up
virtualisation.oci-containers = {
containers."xampp" = {
autoStart = false;
image = "tomsik68/xampp";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
volumes = [
"xampp-mysql:/opt/lampp/var/mysql"
# No dark mode installed by default :(
"${booDark}:/opt/lampp/phpmyadmin/themes/booDark"
];
ports = ["41061:22" "41062:80"];
};
};
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "podman-xampp.service" &&
subject.user == "toast"
)
{
return polkit.Result.YES;
}
})
'';
}
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "podman-xampp.service" &&
subject.user == "toast"
)
{
return polkit.Result.YES;
}
})
'';
}

20
roles/server/avahi.nix
View file

@ -1,11 +1,9 @@
{ config, ... }:
{
services.avahi = {
openFirewall = true;
publish = {
enable = true;
userServices = true;
};
};
}
{config, ...}: {
services.avahi = {
openFirewall = true;
publish = {
enable = true;
userServices = true;
};
};
}

32
roles/server/beep.nix
View file

@ -1,16 +1,20 @@
{ config, pkgs, ... }:
{
# Beep as soon as possible in the initrd
boot.initrd = {
kernelModules = [ "pcspkr" ];
extraFiles.beep.source = pkgs.beep;
postDeviceCommands = "/beep/bin/beep -f 3000 -l 50 -r 2";
};
/*systemd.services.startupBeep = {
description = "Beep when system started booting";
wantedBy = [ "sysinit.target" ];
script = "${pkgs.beep}/bin/beep -f 3000 -l 50 -r 2";
serviceConfig = { Type = "oneshot"; };
};*/
config,
pkgs,
...
}: {
# Beep as soon as possible in the initrd
boot.initrd = {
kernelModules = ["pcspkr"];
extraFiles.beep.source = pkgs.beep;
postDeviceCommands = "/beep/bin/beep -f 3000 -l 50 -r 2";
};
/*
systemd.services.startupBeep = {
description = "Beep when system started booting";
wantedBy = [ "sysinit.target" ];
script = "${pkgs.beep}/bin/beep -f 3000 -l 50 -r 2";
serviceConfig = { Type = "oneshot"; };
};
*/
}

34
roles/server/ddclient.nix
View file

@ -1,20 +1,20 @@
{ config, flakeSelf, ... }:
let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in
{
# Set up secrets
age.secrets = { ddclient-passwd.file = hostSecrets + "/ddclient-password.age"; };
config,
flakeSelf,
...
}: let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in {
# Set up secrets
age.secrets = {ddclient-passwd.file = hostSecrets + "/ddclient-password.age";};
services.ddclient = {
enable = true;
use = "web, web=dynamicdns.park-your-domain.com/getip";
protocol = "namecheap";
server = "dynamicdns.park-your-domain.com";
username = "toast003.xyz";
passwordFile = config.age.secrets.ddclient-passwd.path;
domains = [ "@" ];
};
services.ddclient = {
enable = true;
use = "web, web=dynamicdns.park-your-domain.com/getip";
protocol = "namecheap";
server = "dynamicdns.park-your-domain.com";
username = "toast003.xyz";
passwordFile = config.age.secrets.ddclient-passwd.path;
domains = ["@"];
};
}

36
roles/server/default.nix
View file

@ -1,20 +1,18 @@
{ ... }:
{
imports = [
./avahi.nix
./nfs.nix
./samba.nix
./ssh.nix
./forgejo.nix
./syncthing.nix
./endlessh.nix
./transmission.nix
./ddclient.nix
./beep.nix
./tailscale.nix
./traefik.nix
./minecraft.nix
./dns.nix
];
{...}: {
imports = [
./avahi.nix
./nfs.nix
./samba.nix
./ssh.nix
./forgejo.nix
./syncthing.nix
./endlessh.nix
./transmission.nix
./ddclient.nix
./beep.nix
./tailscale.nix
./traefik.nix
./minecraft.nix
./dns.nix
];
}

24
roles/server/dns.nix
View file

@ -1,22 +1,20 @@
{ ... }:
{
{...}: {
services.dnsmasq = {
enable = true;
# Only using this for tailscale IPs, so better to let tailscale itself deal with it
resolveLocalQueries = false;
settings = {
listen-address = [ "100.73.96.48" ];
listen-address = ["100.73.96.48"];
/*
Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
From the little testing I have done it seems to not cause any issues, but better to be safe
than sorry :P
*/
dns-loop-detect = true;
# If this isn't set a cname that targets a host might return the wrong ip
localise-queries = true;
## IPv6 is not a thing in Spain so I'm guaranteed to not use it
@ -29,11 +27,11 @@
# Add tailscale hosts
networking.hosts = {
"100.73.96.48" = [ "everest" ];
"100.113.139.93" = [ "archie" ];
"100.85.48.85" = [ "steamdeck" ];
"100.96.92.13" = [ "surfecego" ];
"100.106.73.20" = [ "winmax2" ];
"100.73.96.48" = ["everest"];
"100.113.139.93" = ["archie"];
"100.85.48.85" = ["steamdeck"];
"100.96.92.13" = ["surfecego"];
"100.106.73.20" = ["winmax2"];
};
# Dnsmasq conflicts with the resolved dns stub listener

18
roles/server/endlessh.nix
View file

@ -1,10 +1,8 @@
{ config, ... }:
{
# I prefer using the go implementation
services.endlessh-go = {
enable = true;
openFirewall = true;
extraOptions = [ "-alsologtostderr" "-v=1"] ;
};
}
{config, ...}: {
# I prefer using the go implementation
services.endlessh-go = {
enable = true;
openFirewall = true;
extraOptions = ["-alsologtostderr" "-v=1"];
};
}

10
roles/server/forgejo.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
services.forgejo = {
enable = true;
@ -22,7 +24,7 @@
};
# Add a cname for forgejo
services.dnsmasq.settings.cname = [ "git.everest.sable-pancake.ts.net,everest" ];
services.dnsmasq.settings.cname = ["git.everest.sable-pancake.ts.net,everest"];
# Set up traefik as the reverse proxy for Forgejo
services.traefik = {
@ -35,7 +37,7 @@
};
};
services.forgejo.loadBalancer.servers = [
{ url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }
{url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
];
};
};

217
roles/server/minecraft.nix
View file

@ -1,115 +1,116 @@
{ config, pkgs, flakeSelf, ... }:
let
atfc = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/813246/files/4732590/download";
sha256 = "0yl6ixmhfgqvcj3kfshpf8fy42vkkmjbn7d7yg86jx0ykiiq5f9x";
};
puffish_skills = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/835091/files/4747353/download";
sha256 = "1pwx8zqih019l12lrmllrjv2al0mjzwj4p5qmc4ps1g555jy8qil";
};
spark = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/361579/files/4505375/download";
sha256 = "1708lrx1nif0mvf7ambw8504j12wbn0vm69wsh21p8ylqpql1s4x";
};
port = 25565;
users = config.users;
in
{
users = {
groups.minecraft = {
members = [ "toast" ];
gid = 987;
};
users.atfc = {
isSystemUser = true;
uid = 988;
group = "minecraft";
home = "/var/lib/minecraft/atfc";
homeMode = "750";
createHome = true;
};
};
virtualisation.oci-containers = {
containers."minecraft-atfc" = {
autoStart = true;
image = "itzg/minecraft-server";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
environment = {
TZ = "Europe/Madrid";
EULA = "true";
TYPE = "forge";
MEMORY = "2G";
UID = toString users.users.atfc.uid;
GID = toString users.groups.minecraft.gid;
VERSION = "1.18.2";
FORGE_VERSION = "40.2.10";
GENERIC_PACK = "/modpack.zip";
#USE_AIKAR_FLAGS = "true";
#STOP_DURATION = "70";
STOP_SERVER_ANNOUNCE_DELAY = "25";
config,
pkgs,
flakeSelf,
...
}: let
atfc = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/813246/files/4732590/download";
sha256 = "0yl6ixmhfgqvcj3kfshpf8fy42vkkmjbn7d7yg86jx0ykiiq5f9x";
};
puffish_skills = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/835091/files/4747353/download";
sha256 = "1pwx8zqih019l12lrmllrjv2al0mjzwj4p5qmc4ps1g555jy8qil";
};
spark = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/361579/files/4505375/download";
sha256 = "1708lrx1nif0mvf7ambw8504j12wbn0vm69wsh21p8ylqpql1s4x";
};
# server.properties
MOTD = "Toast's modded minecraft server";
DIFFICULTY = "hard";
SNOOPER_ENABLED = "false";
SPAWN_PROTECTION = "0";
LEVEL_TYPE = "tfc:tng";
BROADCAST_CONSOLE_TO_OPS = "true";
BROADCAST_RCON_TO_OPS = "true";
VIEW_DISTANCE = "16";
MAX_PLAYERS = "4";
port = 25565;
users = config.users;
in {
users = {
groups.minecraft = {
members = ["toast"];
gid = 987;
};
users.atfc = {
isSystemUser = true;
uid = 988;
group = "minecraft";
home = "/var/lib/minecraft/atfc";
homeMode = "750";
createHome = true;
};
};
RCON_CMDS_LAST_DISCONNECT = "save-all";
OPS = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff";
EXISTING_OPS_FILE = "synchronize";
virtualisation.oci-containers = {
containers."minecraft-atfc" = {
autoStart = true;
image = "itzg/minecraft-server";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
environment = {
TZ = "Europe/Madrid";
EULA = "true";
TYPE = "forge";
MEMORY = "2G";
UID = toString users.users.atfc.uid;
GID = toString users.groups.minecraft.gid;
VERSION = "1.18.2";
FORGE_VERSION = "40.2.10";
GENERIC_PACK = "/modpack.zip";
#USE_AIKAR_FLAGS = "true";
WHITELIST = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff,03f080e8-ce8e-4b90-a312-734747ce7db0,ea88f690-cf46-4416-bfd5-6f6b165885f7";
EXISTING_WHITELIST_FILE = "synchronize";
#STOP_DURATION = "70";
STOP_SERVER_ANNOUNCE_DELAY = "25";
# Auto pause needs this
MAX_TICK_TIME = "-1";
AUTOPAUSE_KNOCK_INTERFACE = "tap0";
ENABLE_AUTOPAUSE = "true";
};
extraOptions = [
"--network=slirp4netns:port_handler=slirp4netns"
"--cap-add=CAP_NET_RAW"
];
volumes = [
"${atfc}:/modpack.zip"
"${puffish_skills}:/mods/puffish_skills.jar"
"${spark}:/mods/spark.jar"
"${users.users.atfc.home}:/data"
#"/tmp/minecraft:/data"
];
ports = [ "25565:${toString port}" ];
};
};
networking.firewall.allowedTCPPorts = [ port ];
# server.properties
MOTD = "Toast's modded minecraft server";
DIFFICULTY = "hard";
SNOOPER_ENABLED = "false";
SPAWN_PROTECTION = "0";
LEVEL_TYPE = "tfc:tng";
BROADCAST_CONSOLE_TO_OPS = "true";
BROADCAST_RCON_TO_OPS = "true";
VIEW_DISTANCE = "16";
MAX_PLAYERS = "4";
# anything-sync-daemon config
systemd.packages = with pkgs; [ flakeSelf.packages.x86_64-linux.anything-sync-daemon ];
environment.systemPackages = with pkgs; [ flakeSelf.packages.x86_64-linux.anything-sync-daemon ];
fileSystems.minecraftTmpfs = {
device = "none";
fsType = "tmpfs";
mountPoint = "/mnt/minecraftTmpfs";
options = [ "size=4G "];
};
environment.etc."asd.conf".text =
''WHATTOSYNC=('/var/lib/minecraft')
VOLATILE="${config.fileSystems.minecraftTmpfs.mountPoint}"
USE_OVERLAYFS="yes" '';
systemd.services.asd = {
wantedBy = [ "podman-minecraft-atfc.service" ];
before = [ "podman-minecraft-atfc.service" ];
};
RCON_CMDS_LAST_DISCONNECT = "save-all";
OPS = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff";
EXISTING_OPS_FILE = "synchronize";
WHITELIST = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff,03f080e8-ce8e-4b90-a312-734747ce7db0,ea88f690-cf46-4416-bfd5-6f6b165885f7";
EXISTING_WHITELIST_FILE = "synchronize";
# Auto pause needs this
MAX_TICK_TIME = "-1";
AUTOPAUSE_KNOCK_INTERFACE = "tap0";
ENABLE_AUTOPAUSE = "true";
};
extraOptions = [
"--network=slirp4netns:port_handler=slirp4netns"
"--cap-add=CAP_NET_RAW"
];
volumes = [
"${atfc}:/modpack.zip"
"${puffish_skills}:/mods/puffish_skills.jar"
"${spark}:/mods/spark.jar"
"${users.users.atfc.home}:/data"
#"/tmp/minecraft:/data"
];
ports = ["25565:${toString port}"];
};
};
networking.firewall.allowedTCPPorts = [port];
# anything-sync-daemon config
systemd.packages = with pkgs; [flakeSelf.packages.x86_64-linux.anything-sync-daemon];
environment.systemPackages = with pkgs; [flakeSelf.packages.x86_64-linux.anything-sync-daemon];
fileSystems.minecraftTmpfs = {
device = "none";
fsType = "tmpfs";
mountPoint = "/mnt/minecraftTmpfs";
options = ["size=4G "];
};
environment.etc."asd.conf".text = '' WHATTOSYNC=('/var/lib/minecraft')
VOLATILE="${config.fileSystems.minecraftTmpfs.mountPoint}"
USE_OVERLAYFS="yes" '';
systemd.services.asd = {
wantedBy = ["podman-minecraft-atfc.service"];
before = ["podman-minecraft-atfc.service"];
};
}

66
roles/server/nfs.nix
View file

@ -1,36 +1,38 @@
{ config, lib, ... }:
{
services = {
nfs.server = {
enable = true;
exports = ''
${config.services.transmission.settings.download-dir} *.sable-pancake.ts.net(ro,all_squash,anonuid=${toString config.users.users.transmission.uid},anongid=${toString config.users.groups.transmission.gid})
'';
# NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall
statdPort = 4000;
lockdPort = 4001;
mountdPort = 4002;
};
config,
lib,
...
}: {
services = {
nfs.server = {
enable = true;
exports = ''
${config.services.transmission.settings.download-dir} *.sable-pancake.ts.net(ro,all_squash,anonuid=${toString config.users.users.transmission.uid},anongid=${toString config.users.groups.transmission.gid})
'';
# NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall
statdPort = 4000;
lockdPort = 4001;
mountdPort = 4002;
};
avahi.extraServiceFiles = {
Transmission-downloads-nfs = ''
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">Transmission Downloads on %h (NFS)</name>
<service>
<type>_nfs._tcp</type>
<port>2049</port>
<txt-record>path=${config.services.transmission.settings.download-dir}</txt-record>
</service>
</service-group>
'';
};
};
avahi.extraServiceFiles = {
Transmission-downloads-nfs = ''
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">Transmission Downloads on %h (NFS)</name>
<service>
<type>_nfs._tcp</type>
<port>2049</port>
<txt-record>path=${config.services.transmission.settings.download-dir}</txt-record>
</service>
</service-group>
'';
};
};
networking.firewall = {
allowedTCPPorts = [ 111 2049 4000 40001 4002 ];
allowedUDPPorts = [ 111 2049 4000 40001 4002 ];
};
networking.firewall = {
allowedTCPPorts = [111 2049 4000 40001 4002];
allowedUDPPorts = [111 2049 4000 40001 4002];
};
}

70
roles/server/samba.nix
View file

@ -1,37 +1,39 @@
{ config, lib, ... }:
{
services = {
samba = {
enable = true;
openFirewall = true;
extraConfig = ''
map to guest = bad user
guest account = transmission
'';
shares = {
"Transmission downloads" = {
path = "${config.services.transmission.settings.download-dir}";
"read only" = true;
public = true;
"guest only" = true;
browseable = true;
};
};
};
config,
lib,
...
}: {
services = {
samba = {
enable = true;
openFirewall = true;
extraConfig = ''
map to guest = bad user
guest account = transmission
'';
shares = {
"Transmission downloads" = {
path = "${config.services.transmission.settings.download-dir}";
"read only" = true;
public = true;
"guest only" = true;
browseable = true;
};
};
};
avahi.extraServiceFiles = {
Transmission-downloads-smb = ''
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">SMB shares on %h</name>
<service>
<type>_smb._tcp</type>
<port>139</port>
</service>
</service-group>
'';
};
};
avahi.extraServiceFiles = {
Transmission-downloads-smb = ''
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">SMB shares on %h</name>
<service>
<type>_smb._tcp</type>
<port>139</port>
</service>
</service-group>
'';
};
};
}

20
roles/server/ssh.nix
View file

@ -1,12 +1,10 @@
{ config, ... }:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
startWhenNeeded = true;
};
{config, ...}: {
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
startWhenNeeded = true;
};
}

106
roles/server/syncthing.nix
View file

@ -1,57 +1,55 @@
{ config, ... }:
{config, ...}: {
services.syncthing = {
enable = true;
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
guiAddress = "0.0.0.0:8384";
settings.folders = {
"passwords" = {
path = "${config.services.syncthing.dataDir}/passwords";
};
"school-things" = {
label = "School things";
id = "z6alc-nfoqr";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "${config.services.syncthing.dataDir}/school-things";
};
"steam-201810" = {
label = "Wolfenstein The New Order Saves";
id = "laxxf-t2wmy";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "${config.services.syncthing.dataDir}/steam-201810";
};
"retroarch" = {
label = "RetroArch";
id = "jxuou-2yjnu";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "${config.services.syncthing.dataDir}/retroarch";
};
};
};
systemd.services.syncthing.serviceConfig = {
# Allow syncthing to change ownership of files
AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
};
{
services.syncthing = {
enable = true;
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
guiAddress = "0.0.0.0:8384";
settings.folders = {
"passwords" = {
path = "${config.services.syncthing.dataDir}/passwords";
};
"school-things" = {
label = "School things";
id = "z6alc-nfoqr";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "${config.services.syncthing.dataDir}/school-things";
};
"steam-201810" = {
label = "Wolfenstein The New Order Saves";
id = "laxxf-t2wmy";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "${config.services.syncthing.dataDir}/steam-201810";
};
"retroarch"= {
label = "RetroArch";
id = "jxuou-2yjnu";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "${config.services.syncthing.dataDir}/retroarch";
};
};
};
systemd.services.syncthing.serviceConfig = {
# Allow syncthing to change ownership of files
AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
};
# Add a cname for syncthing
services.dnsmasq.settings.cname = ["sync.everest.sable-pancake.ts.net,everest"];
# Add a cname for syncthing
services.dnsmasq.settings.cname = [ "sync.everest.sable-pancake.ts.net,everest" ];
# Set up traefik as the reverse proxy for syncthing
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
syncthing-subdomain = {
rule = "Host(`sync.everest.sable-pancake.ts.net`)";
service = "syncthing";
};
};
services.syncthing.loadBalancer.servers = [
{ url = "http://localhost:8384"; }
];
};
};
};
# Set up traefik as the reverse proxy for syncthing
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
syncthing-subdomain = {
rule = "Host(`sync.everest.sable-pancake.ts.net`)";
service = "syncthing";
};
};
services.syncthing.loadBalancer.servers = [
{url = "http://localhost:8384";}
];
};
};
};
}

12
roles/server/tailscale.nix
View file

@ -1,8 +1,6 @@
{ config, ... }:
{
services.tailscale = {
# This is needed for being an exit node
useRoutingFeatures = "server";
};
{config, ...}: {
services.tailscale = {
# This is needed for being an exit node
useRoutingFeatures = "server";
};
}

56
roles/server/traefik.nix
View file

@ -1,33 +1,31 @@
{ config, ... }:
{config, ...}: {
specialisation.traefikEnableWebUI.configuration.services.traefik = {
staticConfigOptions = {
api = {
# Enable the web ui
insecure = true;
dashboard = true;
};
};
};
{
specialisation.traefikEnableWebUI.configuration.services.traefik = {
staticConfigOptions = {
api = {
# Enable the web ui
insecure = true;
dashboard = true;
};
};
};
services.traefik = {
enable = true;
staticConfigOptions = {
entryPoints = {
http = { address = "100.73.96.48:80"; };
};
};
};
services.traefik = {
enable = true;
staticConfigOptions = {
entryPoints = {
http = {address = "100.73.96.48:80";};
};
};
};
systemd = {
units.tailscaled.requiredBy = [ "traefik.service" ];
# We have somewhat frequent power outages, and our ISP router takes
# ages to boot up. If I don't add a delay, traefik tries to bind to
# the tailscale interface before it's ready, making it crash too much
# in too little time
services.traefik.serviceConfig.RestartSec = 120;
};
systemd = {
units.tailscaled.requiredBy = ["traefik.service"];
# We have somewhat frequent power outages, and our ISP router takes
# ages to boot up. If I don't add a delay, traefik tries to bind to
# the tailscale interface before it's ready, making it crash too much
# in too little time
services.traefik.serviceConfig.RestartSec = 120;
};
networking.firewall.allowedTCPPorts = [ 80 8080 ];
networking.firewall.allowedTCPPorts = [80 8080];
}

60
roles/server/transmission.nix
View file

@ -1,34 +1,32 @@
{ config , ... }:
{config, ...}: {
services.transmission = {
enable = true;
openFirewall = true;
settings = {
incomplete-dir-enabled = false;
rpc-bind-address = "0.0.0.0";
rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
rpc-whitelist = "127.0.0.1";
};
};
{
services.transmission = {
enable = true;
openFirewall = true;
settings = {
incomplete-dir-enabled = false;
rpc-bind-address = "0.0.0.0";
rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
rpc-whitelist = "127.0.0.1";
};
};
# Add a cname for transmission
services.dnsmasq.settings.cname = ["transmission.everest.sable-pancake.ts.net,everest"];
# Add a cname for transmission
services.dnsmasq.settings.cname = [ "transmission.everest.sable-pancake.ts.net,everest" ];
# Set up traefik as the reverse proxy for transmission
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
transmission-subdomain = {
rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
service = "transmission";
};
};
services.transmission.loadBalancer.servers = [
{ url = "http://localhost:${toString config.services.transmission.settings.rpc-port}"; }
];
};
};
};
# Set up traefik as the reverse proxy for transmission
services.traefik = {
dynamicConfigOptions = {
http = {
routers = {
transmission-subdomain = {
rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
service = "transmission";
};
};
services.transmission.loadBalancer.servers = [
{url = "http://localhost:${toString config.services.transmission.settings.rpc-port}";}
];
};
};
};
}