Toast/nix-stuff
1
0
Fork 0
Code Issues Pull requests Projects 1 Wiki Activity

Format everything with alejandra

Browse source
This commit is contained in:
Toast 2024-03-20 12:54:25 +01:00
parent 82bbd7ce87
commit 7888103b1e
100 changed files with 2827 additions and 2756 deletions
Download patch file Download diff file Expand all files Collapse all files

384
flake.nix
View file

@ -1,205 +1,219 @@
{ {
description = "Configuration for Everest"; description = "Configuration for Everest";
inputs = { inputs = {
secrets = { secrets = {
url = "git+ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets"; url = "git+ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets";
flake = false; flake = false;
}; };
nixpkgs-raw.url = "nixpkgs/nixos-23.11"; nixpkgs-raw.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable-raw.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable-raw.url = "nixpkgs/nixos-unstable";
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs-raw"; nixpkgs.follows = "nixpkgs-raw";
darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies darwin.follows = ""; # Not using this on MacOS, so this doesn't pull it's dependencies
}; };
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs-raw"; inputs.nixpkgs.follows = "nixpkgs-raw";
}; };
home-manager-unstable = { home-manager-unstable = {
url = "github:nix-community/home-manager/"; url = "github:nix-community/home-manager/";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
jovian = { jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS"; url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
}; };
nix-impermanence.url = "github:nix-community/impermanence";
/* nix-impermanence.url = "github:nix-community/impermanence";
These are the same input, just following different nixpkgs versions
This avoids some wierdness when using one that follows unstable on a stable nixpkgs
*/
nix-index-db = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-raw";
};
nix-index-db-unstable = { /*
url = "github:Mic92/nix-index-database"; These are the same input, just following different nixpkgs versions
inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; This avoids some wierdness when using one that follows unstable on a stable nixpkgs
}; */
nix-index-db = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-raw";
};
plasma-manager = { nix-index-db-unstable = {
url = "github:pjones/plasma-manager"; url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
inputs.home-manager.follows = "home-manager-unstable"; };
};
catppuccin-vsc = { plasma-manager = {
url = "github:catppuccin/vscode"; url = "github:pjones/plasma-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
}; inputs.home-manager.follows = "home-manager-unstable";
};
vscode-extensions = { catppuccin-vsc = {
url = "github:nix-community/nix-vscode-extensions"; url = "github:catppuccin/vscode";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw"; inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
}; vscode-extensions = {
nix-flatpak.url = "github:gmodena/nix-flatpak/main"; url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs-unstable-raw";
};
nix-flatpak.url = "github:gmodena/nix-flatpak/main";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
}; };
outputs = { ... } @inputs: with inputs; outputs = {...} @ inputs:
# Patch nixpkgs with inputs;
# https://ertt.ca/nix/patch-nixpkgs/ # Patch nixpkgs
let # https://ertt.ca/nix/patch-nixpkgs/
nixpkgs-unstable-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches { let
name = "patched-nixpkgs-unstable"; nixpkgs-unstable-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
src = nixpkgs-unstable-raw; name = "patched-nixpkgs-unstable";
patches = [ src = nixpkgs-unstable-raw;
]; patches = [
}; ];
nixpkgs-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches { };
name = "patched-nixpkgs"; nixpkgs-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
src = nixpkgs-raw; name = "patched-nixpkgs";
patches = [ src = nixpkgs-raw;
./nixpkgs-patches/0001-catppuccin-add-grub-theme.patch patches = [
./nixpkgs-patches/0002-catppuccin-add-starship-theme.patch ./nixpkgs-patches/0001-catppuccin-add-grub-theme.patch
]; ./nixpkgs-patches/0002-catppuccin-add-starship-theme.patch
}; ];
# https://discourse.nixos.org/t/proper-way-of-applying-patch-to-system-managed-via-flake/21073/26 };
nixpkgs-unstable = (import "${nixpkgs-unstable-patched}/flake.nix").outputs { self = inputs.self; }; # https://discourse.nixos.org/t/proper-way-of-applying-patch-to-system-managed-via-flake/21073/26
nixpkgs = (import "${nixpkgs-patched}/flake.nix").outputs { self = inputs.self; }; nixpkgs-unstable = (import "${nixpkgs-unstable-patched}/flake.nix").outputs {self = inputs.self;};
in nixpkgs = (import "${nixpkgs-patched}/flake.nix").outputs {self = inputs.self;};
{ in {
devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell { devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
name = "toast-devshell"; name = "toast-devshell";
# The agenix cli is not needed to activate a configuration, so instead of installing it # The agenix cli is not needed to activate a configuration, so instead of installing it
# I'll just add it to de devShell, since that's the only real time I'm going to use it. # I'll just add it to de devShell, since that's the only real time I'm going to use it.
packages = with nixpkgs.legacyPackages.x86_64-linux; [ packages = with nixpkgs.legacyPackages.x86_64-linux; [
agenix.packages.x86_64-linux.default agenix.packages.x86_64-linux.default
git git
nix-diff nix-diff
just just
alejandra alejandra
]; ];
shellHook ='' shellHook = ''
export PS1="$PS1(toast-configs)> " export PS1="$PS1(toast-configs)> "
''; '';
}; };
packages = { packages = {
x86_64-linux = with import nixpkgs-unstable-raw { system = "x86_64-linux"; }; { x86_64-linux = with import nixpkgs-unstable-raw {system = "x86_64-linux";}; {
anything-sync-daemon = callPackage ./pkgs/anything-sync-daemon {}; anything-sync-daemon = callPackage ./pkgs/anything-sync-daemon {};
discord-krisp-fixer = callPackage ./pkgs/discord-krisp-fixer {}; discord-krisp-fixer = callPackage ./pkgs/discord-krisp-fixer {};
}; };
}; };
nixosConfigurations = { nixosConfigurations = {
Archie = nixpkgs-unstable.lib.nixosSystem { Archie = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; }; specialArgs = {
/* systemPkgs = inputs.nixpkgs-unstable-raw;
I used to set up nixpkgs in the flake, but doing that made flakeSelf = self;
defining overlays in modules impossible (or at least I could };
not figure out how) /*
Also has nice side effect of making it easier to add new systems :3 I used to set up nixpkgs in the flake, but doing that made
*/ defining overlays in modules impossible (or at least I could
modules = [ not figure out how)
agenix.nixosModules.default Also has nice side effect of making it easier to add new systems :3
home-manager-unstable.nixosModule */
nix-index-db-unstable.nixosModules.nix-index modules = [
./roles/common agenix.nixosModules.default
./roles/desktop home-manager-unstable.nixosModule
./roles/kde nix-index-db-unstable.nixosModules.nix-index
./roles/gaming ./roles/common
./roles/school ./roles/desktop
./machines/Archie ./roles/kde
]; ./roles/gaming
}; ./roles/school
./machines/Archie
];
};
SurfaceGo = nixpkgs-unstable.lib.nixosSystem { SurfaceGo = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; }; specialArgs = {
modules = [ systemPkgs = inputs.nixpkgs-unstable-raw;
agenix.nixosModules.default flakeSelf = self;
home-manager-unstable.nixosModule };
nixos-hardware.nixosModules.microsoft-surface-go modules = [
nix-index-db-unstable.nixosModules.nix-index agenix.nixosModules.default
./roles/common home-manager-unstable.nixosModule
./roles/desktop nixos-hardware.nixosModules.microsoft-surface-go
./roles/kde nix-index-db-unstable.nixosModules.nix-index
./machines/SurfaceGo ./roles/common
]; ./roles/desktop
}; ./roles/kde
./machines/SurfaceGo
];
};
SteamDeck = nixpkgs-unstable.lib.nixosSystem { SteamDeck = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; }; specialArgs = {
modules = [ systemPkgs = inputs.nixpkgs-unstable-raw;
agenix.nixosModules.default flakeSelf = self;
jovian.nixosModules.default };
home-manager-unstable.nixosModule modules = [
nix-index-db-unstable.nixosModules.nix-index agenix.nixosModules.default
./roles/common jovian.nixosModules.default
./roles/desktop home-manager-unstable.nixosModule
./roles/kde nix-index-db-unstable.nixosModules.nix-index
./roles/gaming ./roles/common
./roles/school ./roles/desktop
./machines/SteamDeck ./roles/kde
]; ./roles/gaming
}; ./roles/school
./machines/SteamDeck
];
};
WinMax2 = nixpkgs-unstable.lib.nixosSystem { WinMax2 = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-unstable-raw; flakeSelf = self; }; specialArgs = {
modules = [ systemPkgs = inputs.nixpkgs-unstable-raw;
agenix.nixosModules.default flakeSelf = self;
jovian.nixosModules.default };
home-manager-unstable.nixosModule modules = [
nix-index-db-unstable.nixosModules.nix-index agenix.nixosModules.default
nixos-hardware.nixosModules.gpd-win-max-2-2023 jovian.nixosModules.default
./roles/common home-manager-unstable.nixosModule
./roles/desktop nix-index-db-unstable.nixosModules.nix-index
./roles/kde nixos-hardware.nixosModules.gpd-win-max-2-2023
./roles/gaming ./roles/common
./roles/school ./roles/desktop
./machines/WinMax2 ./roles/kde
]; ./roles/gaming
}; ./roles/school
./machines/WinMax2
];
};
Everest = nixpkgs.lib.nixosSystem { Everest = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { systemPkgs = inputs.nixpkgs-raw; flakeSelf = self; }; specialArgs = {
modules = [ systemPkgs = inputs.nixpkgs-raw;
agenix.nixosModules.default flakeSelf = self;
home-manager.nixosModule };
nix-index-db.nixosModules.nix-index modules = [
./roles/common agenix.nixosModules.default
./roles/server home-manager.nixosModule
./machines/Everest nix-index-db.nixosModules.nix-index
]; ./roles/common
}; ./roles/server
}; ./machines/Everest
}; ];
};
};
};
} }

120
machines/Archie/configuration.nix
View file

@ -1,81 +1,79 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{ {
# Use grub boot loader config,
boot.loader = { pkgs,
systemd-boot.enable = false; ...
grub = { }: {
enable = true; # Use grub boot loader
device = "nodev"; boot.loader = {
efiSupport = true; systemd-boot.enable = false;
useOSProber = true; grub = {
}; enable = true;
efi.efiSysMountPoint = "/boot/efi"; device = "nodev";
}; efiSupport = true;
boot.loader.efi.canTouchEfiVariables = true; useOSProber = true;
};
efi.efiSysMountPoint = "/boot/efi";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest; boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
networking.hostName = "Archie"; # Define your hostname. networking.hostName = "Archie"; # Define your hostname.
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.layout = "us"; # services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape"; # services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents. # Enable CUPS to print documents.
# services.printing.enable = true; # services.printing.enable = true;
# Enable sound. # Enable sound.
# sound.enable = true; # sound.enable = true;
# hardware.pulseaudio.enable = true; # hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.xserver.libinput.enable = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.enable = true; # List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# List packages installed in system profile. To search, run: # Some programs need SUID wrappers, can be configured further or are
# $ nix search wget # started in user sessions.
# environment.systemPackages = with pkgs; [ # programs.mtr.enable = true;
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # programs.gnupg.agent = {
# wget # enable = true;
# ]; # enableSSHSupport = true;
# };
# Some programs need SUID wrappers, can be configured further or are # List services that you want to enable:
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable: # Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Enable the OpenSSH daemon. # Open ports in the firewall.
# services.openssh.enable = true; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Open ports in the firewall. # Or disable the firewall altogether.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.enable = false;
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
} }

12
machines/Archie/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./configuration.nix
imports = [ ./hardware-configuration.nix
./configuration.nix ];
./hardware-configuration.nix
];
} }

128
machines/Archie/hardware-configuration.nix
View file

@ -1,76 +1,80 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable support for the Xbox One wireless dongle # Enable support for the Xbox One wireless dongle
hardware.xone.enable = true; hardware.xone.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@root" "compress=zstd" ]; options = ["subvol=@root" "compress=zstd"];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" ]; options = ["subvol=@nix" "compress=zstd"];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@boot" "compress=zstd" ]; options = ["subvol=@boot" "compress=zstd"];
}; };
fileSystems."/boot/efi" = fileSystems."/boot/efi" = {
{ device = "/dev/disk/by-uuid/FB87-4CBC"; device = "/dev/disk/by-uuid/FB87-4CBC";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems = { fileSystems = {
/* /*
Mount the root subvolume of the SSD Mount the root subvolume of the SSD
This is helpful for getting things from This is helpful for getting things from
my old Arch install, as well as for running btdu my old Arch install, as well as for running btdu
*/ */
"/mnt/ssd" = { "/mnt/ssd" = {
device = config.fileSystems."/".device; device = config.fileSystems."/".device;
fsType = config.fileSystems."/".fsType; fsType = config.fileSystems."/".fsType;
options = [ "subvolid=5" "ro" ]; options = ["subvolid=5" "ro"];
}; };
"/mnt/windows" = { "/mnt/windows" = {
device = "/dev/disk/by-uuid/B61AFDAC1AFD6A2F"; device = "/dev/disk/by-uuid/B61AFDAC1AFD6A2F";
fsType = "ntfs3"; fsType = "ntfs3";
neededForBoot = false; neededForBoot = false;
options = [ "noauto" "windows_names" ]; options = ["noauto" "windows_names"];
}; };
"/home" = { "/home" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" ]; options = ["subvol=@home" "compress=zstd"];
}; };
"/persist" = { "/persist" = {
device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@persist" "compress=zstd" ]; options = ["subvol=@persist" "compress=zstd"];
neededForBoot = true; neededForBoot = true;
}; };
}; };
swapDevices = [ ]; swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

120
machines/Everest/configuration.nix
View file

@ -1,68 +1,72 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{ {
# Bootloader. config,
boot.loader.systemd-boot.enable = true; pkgs,
boot.loader.timeout = 5; lib,
boot.loader.efi.canTouchEfiVariables = true; ...
boot.loader.efi.efiSysMountPoint = "/boot/efi"; }: {
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.timeout = 5;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
# I'm using Nix OS, it's logo is a snowflake and the computer is # I'm using Nix OS, it's logo is a snowflake and the computer is
# a lot taller than the pi it's replacing, so Everest! :3 :3 # a lot taller than the pi it's replacing, so Everest! :3 :3
networking.hostName = "Everest"; # Define your hostname. networking.hostName = "Everest"; # Define your hostname.
# Set up networking # Set up networking
networking = { networking = {
wireless.enable = false; # Computer doesn't have wifi wireless.enable = false; # Computer doesn't have wifi
enableIPv6 = false; enableIPv6 = false;
useNetworkd = true; useNetworkd = true;
dhcpcd.enable = false; dhcpcd.enable = false;
interfaces.eno1 = { interfaces.eno1 = {
wakeOnLan.enable = true; wakeOnLan.enable = true;
ipv4.addresses = [ { ipv4.addresses = [
address = "192.168.0.160"; {
prefixLength = 24; address = "192.168.0.160";
} ]; prefixLength = 24;
}; }
# I use networkd, so I need to declare the interface for the default gateway ];
defaultGateway = { };
address = "192.168.0.1"; # I use networkd, so I need to declare the interface for the default gateway
interface = "eno1"; defaultGateway = {
}; address = "192.168.0.1";
nameservers = [ "9.9.9.9" ]; interface = "eno1";
}; };
nameservers = ["9.9.9.9"];
# Define a user account. Don't forget to set a password with passwd. };
users.users.toast = {
extraGroups = [ "networkmanager" "transmission"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2bOVmxUNvg9qFv9DlzMmTRlzcNsyNq1F1wBuAXySwsWAzHGaO+WGdSCINxW3k2ccXn7M/o1r89LeTzRzi8sWQYCpBaIqYVszM/r7SvTS4gASyKhM6lNlyUEPOnvCXH7rdtF+fjoA1TJPv7GBk78QRhGh+eVO3qhY1m++5C1CPFlyrc6sSfgIBQJ5GQZFl/7YEgsrPo+M+0Sd7LkaCOyNmJA0Wi0BA3bbf5sJhrZVMMg/p7w+eMphz2kd1VTVjW3yeMq9zLCiu4SOTBNGCMEvKIdUZbQ83lNrqO2z1/3T1bDwJgpz3xusfkNCeNJSmhfFw5ydHEUp/9jshq38WmulKAMw2Kl/Zed62AVU7Ux7YjUkZkWvo8i3eXuLUxoG891S7cWV1/ijs9QMajOLLT14FG7RbzUYYaYlx+/iNGji9d4sp9/oMYyO45TMe+vEezFSBygP7TY0QFOr4xTi49ZRQFsszbFnGRv+k3wVKoGoeNt0xWB8pBEPFtaeHJpQyJX8= id_rsa_moon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu3crGqtxwaqgoQPt5mWlC8+PL/Icvcvo0MBAaK80L Key for work laptop"
];
};
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs # Define a user account. Don't forget to set a password with passwd.
boot.tmp.useTmpfs = false; users.users.toast = {
extraGroups = ["networkmanager" "transmission"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2bOVmxUNvg9qFv9DlzMmTRlzcNsyNq1F1wBuAXySwsWAzHGaO+WGdSCINxW3k2ccXn7M/o1r89LeTzRzi8sWQYCpBaIqYVszM/r7SvTS4gASyKhM6lNlyUEPOnvCXH7rdtF+fjoA1TJPv7GBk78QRhGh+eVO3qhY1m++5C1CPFlyrc6sSfgIBQJ5GQZFl/7YEgsrPo+M+0Sd7LkaCOyNmJA0Wi0BA3bbf5sJhrZVMMg/p7w+eMphz2kd1VTVjW3yeMq9zLCiu4SOTBNGCMEvKIdUZbQ83lNrqO2z1/3T1bDwJgpz3xusfkNCeNJSmhfFw5ydHEUp/9jshq38WmulKAMw2Kl/Zed62AVU7Ux7YjUkZkWvo8i3eXuLUxoG891S7cWV1/ijs9QMajOLLT14FG7RbzUYYaYlx+/iNGji9d4sp9/oMYyO45TMe+vEezFSBygP7TY0QFOr4xTi49ZRQFsszbFnGRv+k3wVKoGoeNt0xWB8pBEPFtaeHJpQyJX8= id_rsa_moon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu3crGqtxwaqgoQPt5mWlC8+PL/Icvcvo0MBAaK80L Key for work laptop"
];
};
home-manager = { # Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
users.toast = { config, ... }: { boot.tmp.useTmpfs = false;
home = {
file = {
# This symlinks the Transmission downloads folder into my user's downloads folder for easy access
"Downloads/Transmission".source = config.lib.file.mkOutOfStoreSymlink "/var/lib/transmission/Downloads";
};
};
};
};
# Open ports in the firewall. home-manager = {
# No idea what ports 5201 and 21027 do tho users.toast = {config, ...}: {
networking.firewall.allowedTCPPorts = [ 5201 ]; home = {
networking.firewall.allowedUDPPorts = [ 5201 21027]; file = {
# Or disable the firewall altogether. # This symlinks the Transmission downloads folder into my user's downloads folder for easy access
# networking.firewall.enable = false; "Downloads/Transmission".source = config.lib.file.mkOutOfStoreSymlink "/var/lib/transmission/Downloads";
};
};
};
};
# Open ports in the firewall.
# No idea what ports 5201 and 21027 do tho
networking.firewall.allowedTCPPorts = [5201];
networking.firewall.allowedUDPPorts = [5201 21027];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
} }

12
machines/Everest/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./configuration.nix
imports = [ ./hardware-configuration.nix
./configuration.nix ];
./hardware-configuration.nix
];
} }

104
machines/Everest/hardware-configuration.nix
View file

@ -1,61 +1,65 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/Everest"; device = "/dev/disk/by-label/Everest";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "subvol=@"]; options = ["compress=zstd" "subvol=@"];
}; };
"/nix" = { "/nix" = {
device = "/dev/disk/by-label/Everest"; device = "/dev/disk/by-label/Everest";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "subvol=@nix" ]; options = ["compress=zstd" "subvol=@nix"];
}; };
"/home" = { "/home" = {
device = "/dev/disk/by-label/Everest"; device = "/dev/disk/by-label/Everest";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "subvol=@home" ]; options = ["compress=zstd" "subvol=@home"];
}; };
"/mnt/hdd" = { "/mnt/hdd" = {
device = "/dev/disk/by-label/Everest"; device = "/dev/disk/by-label/Everest";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "subvol=/" "ro" ]; options = ["compress=zstd" "subvol=/" "ro"];
}; };
"/persist" = { "/persist" = {
device = "/dev/disk/by-label/Everest"; device = "/dev/disk/by-label/Everest";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "subvol=@persist" ]; options = ["compress=zstd" "subvol=@persist"];
neededForBoot = true; neededForBoot = true;
}; };
}; };
fileSystems."/boot/efi" = fileSystems."/boot/efi" = {
{ device = "/dev/disk/by-label/Boot"; device = "/dev/disk/by-label/Boot";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

164
machines/SteamDeck/configuration.nix
View file

@ -1,103 +1,103 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, ... }:
{ {
# Use grub boot loader config,
boot.loader = { pkgs,
systemd-boot.enable = false; lib,
grub = { ...
enable = true; }: {
device = "nodev"; # Use grub boot loader
efiSupport = true; boot.loader = {
# No other OS on here :P systemd-boot.enable = false;
useOSProber = false; grub = {
}; enable = true;
efi.efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint; device = "nodev";
}; efiSupport = true;
boot.loader.efi.canTouchEfiVariables = true; # No other OS on here :P
useOSProber = false;
};
efi.efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint;
};
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "SteamDeck"; # Define your hostname. networking.hostName = "SteamDeck"; # Define your hostname.
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
jovian = { jovian = {
devices.steamdeck = { devices.steamdeck = {
enable = true; enable = true;
}; };
# Steam Deck UI settings # Steam Deck UI settings
steam = { steam = {
enable = true; enable = true;
autoStart = true; autoStart = true;
user = "toast"; user = "toast";
desktopSession = "plasmawayland"; desktopSession = "plasmawayland";
}; };
decky-loader = { decky-loader = {
enable = true; enable = true;
}; };
}; };
services.xserver.displayManager.sddm.enable = lib.mkForce false; services.xserver.displayManager.sddm.enable = lib.mkForce false;
# Enable bluetooth # Enable bluetooth
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
}; };
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.layout = "us"; # services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape"; # services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents. # Enable CUPS to print documents.
# services.printing.enable = true; # services.printing.enable = true;
# Enable sound. # Enable sound.
# sound.enable = true; # sound.enable = true;
# hardware.pulseaudio.enable = true; # hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.xserver.libinput.enable = true;
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs # Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
environment.systemPackages = [ pkgs.steamdeck-firmware pkgs.steamdeck-hw-theme ]; environment.systemPackages = [pkgs.steamdeck-firmware pkgs.steamdeck-hw-theme];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
# environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget # wget
# ]; # ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true; # programs.mtr.enable = true;
# programs.gnupg.agent = { # programs.gnupg.agent = {
# enable = true; # enable = true;
# enableSSHSupport = true; # enableSSHSupport = true;
# }; # };
# List services that you want to enable: # List services that you want to enable:
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
# services.openssh.enable = true; # services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
} }

12
machines/SteamDeck/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./configuration.nix
imports = [ ./hardware-configuration.nix
./configuration.nix ];
./hardware-configuration.nix
];
} }

124
machines/SteamDeck/hardware-configuration.nix
View file

@ -1,71 +1,73 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
let
# \x20 is the escape code for a space
ssdLabel = ''Deck\\x20SSD'';
in
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: let
# \x20 is the escape code for a space
ssdLabel = ''Deck\\x20SSD'';
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable support for the Xbox One wireless dongle # Enable support for the Xbox One wireless dongle
hardware.xone.enable = true; hardware.xone.enable = true;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems = { fileSystems = {
"efi_boot_partition" = { "efi_boot_partition" = {
mountPoint = "/boot/efi"; mountPoint = "/boot/efi";
label = "deckboot"; label = "deckboot";
fsType = "vfat"; fsType = "vfat";
}; };
/* /*
Mount the root subvolume of the SSD Mount the root subvolume of the SSD
This is helpful for getting things from This is helpful for getting things from
my old Arch install, as well as for running btdu my old Arch install, as well as for running btdu
*/ */
"btrfs_root_subvolume" = { "btrfs_root_subvolume" = {
mountPoint = "/mnt/ssd"; mountPoint = "/mnt/ssd";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvolid=5" "ro" ]; options = ["subvolid=5" "ro"];
}; };
"btrfs_root" = { "btrfs_root" = {
mountPoint = "/"; mountPoint = "/";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" ]; options = ["subvol=@" "compress=zstd"];
}; };
"btrfs_boot" = { "btrfs_boot" = {
mountPoint = "/boot"; mountPoint = "/boot";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@boot" "compress=zstd" ]; options = ["subvol=@boot" "compress=zstd"];
}; };
"btrfs_home" = { "btrfs_home" = {
mountPoint = "/home"; mountPoint = "/home";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd" ]; options = ["subvol=@home" "compress=zstd"];
}; };
"btrfs_nix" = { "btrfs_nix" = {
mountPoint = "/nix"; mountPoint = "/nix";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" ]; options = ["subvol=@nix" "compress=zstd"];
}; };
}; };
swapDevices = [ ]; swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

142
machines/SurfaceGo/configuration.nix
View file

@ -1,92 +1,92 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, ... }:
{ {
boot = { config,
loader = { pkgs,
# Use grub boot loader lib,
systemd-boot.enable = false; ...
grub = { }: {
enable = true; boot = {
device = "nodev"; loader = {
efiSupport = true; # Use grub boot loader
enableCryptodisk = true; systemd-boot.enable = false;
}; grub = {
efi = { enable = true;
efiSysMountPoint = "/boot/efi"; device = "nodev";
canTouchEfiVariables = true; efiSupport = true;
}; enableCryptodisk = true;
}; };
# I need systemd for tpm luks unlocking efi = {
initrd.systemd.enable = true; efiSysMountPoint = "/boot/efi";
}; canTouchEfiVariables = true;
};
};
# I need systemd for tpm luks unlocking
initrd.systemd.enable = true;
};
security.tpm2.enable = true; security.tpm2.enable = true;
networking.hostName = "SurfaceGo"; # Define your hostname. networking.hostName = "SurfaceGo"; # Define your hostname.
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.layout = "us"; # services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape"; # services.xserver.xkbOptions = "eurosign:e,caps:escape";
console = { console = {
# The kernel doesn't detect the scree as being HiDPI, so I need to use a bigger font # The kernel doesn't detect the scree as being HiDPI, so I need to use a bigger font
font = "ter-i32n"; font = "ter-i32n";
}; };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound. # Enable CUPS to print documents.
# sound.enable = true; # services.printing.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable sound.
# services.xserver.libinput.enable = true; # sound.enable = true;
# hardware.pulseaudio.enable = true;
# List packages installed in system profile. To search, run: # Enable touchpad support (enabled default in most desktopManager).
# $ nix search wget # services.xserver.libinput.enable = true;
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# The surface kernel sometimes fails to suspend/shutdown and I got tired of fighting it # List packages installed in system profile. To search, run:
boot.kernelPackages = lib.mkForce pkgs.linuxPackages; # $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are # The surface kernel sometimes fails to suspend/shutdown and I got tired of fighting it
# started in user sessions. boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable: # Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable the OpenSSH daemon. # List services that you want to enable:
# services.openssh.enable = true;
# Open ports in the firewall. # Enable the OpenSSH daemon.
# networking.firewall.allowedTCPPorts = [ ... ]; # services.openssh.enable = true;
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system # Open ports in the firewall.
# (/run/current-system/configuration.nix). This is useful in case you # networking.firewall.allowedTCPPorts = [ ... ];
# accidentally delete configuration.nix. # networking.firewall.allowedUDPPorts = [ ... ];
# system.copySystemConfiguration = true; # Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
} }

12
machines/SurfaceGo/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./configuration.nix
imports = [ ./hardware-configuration.nix
./configuration.nix ];
./hardware-configuration.nix
];
} }

76
machines/SurfaceGo/hardware-configuration.nix
View file

@ -1,49 +1,51 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "rtsx_pci_sdmmc" ]; boot.initrd.luks.devices."SSD".device = "/dev/disk/by-uuid/1d8d7578-d3a1-4ea0-90ad-4257266a6caf";
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."SSD".device = "/dev/disk/by-uuid/1d8d7578-d3a1-4ea0-90ad-4257266a6caf"; fileSystems."/" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs";
options = ["subvol=@" "compress=zstd"];
};
fileSystems."/" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e"; device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" "compress=zstd" ]; options = ["subvol=@boot" "compress=zstd"];
}; };
fileSystems."/boot" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e"; device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@boot" "compress=zstd" ]; options = ["subvol=@nix" "compress=zstd"];
}; };
fileSystems."/nix" ={ fileSystems."/home" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e"; device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd" ]; options = ["subvol=@home" "compress=zstd"];
}; };
fileSystems."/home" = { fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/19a52b40-3ff6-47ff-9402-18d8b289643e"; device = "/dev/disk/by-uuid/EC76-201F";
fsType = "btrfs"; fsType = "vfat";
options = [ "subvol=@home" "compress=zstd" ]; };
};
fileSystems."/boot/efi" = { swapDevices = [];
device = "/dev/disk/by-uuid/EC76-201F";
fsType = "vfat";
};
swapDevices = []; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

256
machines/WinMax2/configuration.nix
View file

@ -1,153 +1,153 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, lib, ... }:
{ {
# Use grub boot loader config,
boot = { pkgs,
loader = { lib,
systemd-boot.enable = false; ...
grub = { }: {
enable = true; # Use grub boot loader
device = "nodev"; boot = {
efiSupport = true; loader = {
# No other OS on here :P systemd-boot.enable = false;
useOSProber = false; grub = {
}; enable = true;
efi = { device = "nodev";
efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint; efiSupport = true;
canTouchEfiVariables = true; # No other OS on here :P
}; useOSProber = false;
}; };
/* efi = {
I use luks, and the systemd initrd works better for this efiSysMountPoint = config.fileSystems."efi_boot_partition".mountPoint;
Both for tpm unlocking (soon) and for plymouth canTouchEfiVariables = true;
*/ };
initrd.systemd.enable = true; };
# Plymouth doesn't support fractional scaling :( /*
plymouth.extraConfig = "DeviceScale=2"; I use luks, and the systemd initrd works better for this
Both for tpm unlocking (soon) and for plymouth
*/
initrd.systemd.enable = true;
# Plymouth doesn't support fractional scaling :(
plymouth.extraConfig = "DeviceScale=2";
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
}; };
networking.hostName = "WinMax2"; # Define your hostname. networking.hostName = "WinMax2"; # Define your hostname.
specialisation.noAVX512.configuration = { specialisation.noAVX512.configuration = {
# For some reason The Finals crashes on CPUs that support AVX512 # For some reason The Finals crashes on CPUs that support AVX512
boot.kernelParams = [ "clearcpuid=304" ]; boot.kernelParams = ["clearcpuid=304"];
}; };
# Sleep fixes # Sleep fixes
boot.kernelParams = [ "rtc_cmos.use_acpi_alarm=1" ]; boot.kernelParams = ["rtc_cmos.use_acpi_alarm=1"];
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="GXTP7385:00", ATTR{power/wakeup}="disabled" ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="GXTP7385:00", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="PNP0C50:00", ATTR{power/wakeup}="disabled" ACTION=="add", SUBSYSTEM=="i2c", ATTR{name}=="PNP0C50:00", ATTR{power/wakeup}="disabled"
''; '';
services.handheld-daemon = { services.handheld-daemon = {
package = pkgs.handheld-daemon.overridePythonAttrs rec{ package = pkgs.handheld-daemon.overridePythonAttrs rec {
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "hhd-dev"; owner = "hhd-dev";
repo = "hhd"; repo = "hhd";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-Ujbou+f/EvHyqpp3FCNqIyZiCEFxSeQfflR3JmRxWFc="; hash = "sha256-Ujbou+f/EvHyqpp3FCNqIyZiCEFxSeQfflR3JmRxWFc=";
}; };
version = "1.3.13"; version = "1.3.13";
}; };
enable = true; enable = true;
user = "root"; user = "root";
}; };
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
services.xserver = { services.xserver = {
xkb.layout = lib.mkForce "us"; xkb.layout = lib.mkForce "us";
displayManager.sddm.settings = { displayManager.sddm.settings = {
General.GreeterEnvironment="QT_SCREEN_SCALE_FACTORS=1.75"; General.GreeterEnvironment = "QT_SCREEN_SCALE_FACTORS=1.75";
}; };
}; };
jovian = { jovian = {
# Steam Deck UI settings # Steam Deck UI settings
steam = { steam = {
enable = true; enable = true;
autoStart = false; autoStart = false;
user = "toast"; user = "toast";
desktopSession = "plasmawayland"; desktopSession = "plasmawayland";
}; };
hardware.amd.gpu.enableBacklightControl = true; hardware.amd.gpu.enableBacklightControl = true;
# Need patched mesa # Need patched mesa
steamos = { steamos = {
enableMesaPatches = true; enableMesaPatches = true;
enableVendorRadv = true; enableVendorRadv = true;
}; };
decky-loader = { decky-loader = {
enable = true; enable = true;
}; };
}; };
# Enable bluetooth # Enable bluetooth
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
}; };
# Configure keymap in X11 # Configure keymap in X11
# services.xserver.layout = "us"; # services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape"; # services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents. # Enable CUPS to print documents.
# services.printing.enable = true; # services.printing.enable = true;
environment.sessionVariables = { environment.sessionVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.75"; STEAM_FORCE_DESKTOPUI_SCALING = "1.75";
}; };
# Enable sound. # Enable sound.
# sound.enable = true; # sound.enable = true;
# hardware.pulseaudio.enable = true; # hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.xserver.libinput.enable = true;
# Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs # Large builds (the linux kernel) fail to build because /tmp is too small when using tmpfs
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
# environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget # wget
# ]; # ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true; # programs.mtr.enable = true;
# programs.gnupg.agent = { # programs.gnupg.agent = {
# enable = true; # enable = true;
# enableSSHSupport = true; # enableSSHSupport = true;
# }; # };
# List services that you want to enable: # List services that you want to enable:
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
# services.openssh.enable = true; # services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
} }

12
machines/WinMax2/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./configuration.nix
imports = [ ./hardware-configuration.nix
./configuration.nix ];
./hardware-configuration.nix
];
} }

129
machines/WinMax2/hardware-configuration.nix
View file

@ -1,74 +1,75 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
let
# \x20 is the escape code for a space
ssdLabel = ''Win\\x20Max\\x202\\x20SSD'';
in
{ {
imports = [ config,
(modulesPath + "/installer/scan/not-detected.nix") lib,
]; modulesPath,
...
}: let
# \x20 is the escape code for a space
ssdLabel = ''Win\\x20Max\\x202\\x20SSD'';
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "sdhci_pci" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
boot.initrd.luks.devices."SSD".device = "/dev/disk/by-label/wm2-enc"; boot.initrd.luks.devices."SSD".device = "/dev/disk/by-label/wm2-enc";
fileSystems = { fileSystems = {
"efi_boot_partition" = { "efi_boot_partition" = {
mountPoint = "/boot"; mountPoint = "/boot";
label = "winmax2boot"; label = "winmax2boot";
fsType = "vfat"; fsType = "vfat";
}; };
/* /*
Mount the root subvolume of the SSD Mount the root subvolume of the SSD
This is helpful for getting things from This is helpful for getting things from
my old Arch install, as well as for running btdu my old Arch install, as well as for running btdu
*/ */
"btrfs_root_subvolume" = { "btrfs_root_subvolume" = {
mountPoint = "/mnt/ssd"; mountPoint = "/mnt/ssd";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvolid=5" "ro" ]; options = ["subvolid=5" "ro"];
}; };
"btrfs_root" = { "btrfs_root" = {
mountPoint = "/"; mountPoint = "/";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@" ]; options = ["subvol=@"];
}; };
"btrfs_persist" = { "btrfs_persist" = {
mountPoint = "/persist"; mountPoint = "/persist";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@persist" ]; options = ["subvol=@persist"];
neededForBoot = true; neededForBoot = true;
}; };
"btrfs_home" = { "btrfs_home" = {
mountPoint = "/home"; mountPoint = "/home";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" ]; options = ["subvol=@home"];
}; };
"btrfs_nix" = { "btrfs_nix" = {
mountPoint = "/nix"; mountPoint = "/nix";
label = ssdLabel; label = ssdLabel;
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nix" ]; options = ["subvol=@nix"];
}; };
}; };
swapDevices = [ ]; swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = { hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
sensor.iio.bmi260.enable = true; sensor.iio.bmi260.enable = true;
}; };
} }

91
pkgs/anything-sync-daemon/default.nix
View file

@ -1,56 +1,57 @@
{ stdenv {
, lib stdenv,
, fetchFromGitHub lib,
, makeWrapper fetchFromGitHub,
, rsync makeWrapper,
, gawk rsync,
, pv gawk,
, gnutar pv,
, zstd gnutar,
, util-linux zstd,
, coreutils util-linux,
, gnugrep coreutils,
, findutils gnugrep,
findutils,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "anything-sync-daemon"; pname = "anything-sync-daemon";
version = "6.0.0"; version = "6.0.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "graysky2"; owner = "graysky2";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
hash = "sha256-6nfaAMH5YgK6gimuZ8j1zWLTDOi11KIwW7Bf0Iwh7+I="; hash = "sha256-6nfaAMH5YgK6gimuZ8j1zWLTDOi11KIwW7Bf0Iwh7+I=";
}; };
patches = [ ./disableDaemonStopTargets.patch ]; patches = [./disableDaemonStopTargets.patch];
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [makeWrapper];
postPatch = '' postPatch = ''
substituteInPlace init/asd* \ substituteInPlace init/asd* \
--replace /usr/bin/anything-sync-daemon $out/bin/anything-sync-daemon --replace /usr/bin/anything-sync-daemon $out/bin/anything-sync-daemon
''; '';
enableParallelBuilding = true; enableParallelBuilding = true;
makeFlags = [ makeFlags = [
"DESTDIR=${placeholder "out"}" "DESTDIR=${placeholder "out"}"
"PREFIX=" "PREFIX="
"INITDIR_SYSTEMD=/lib/systemd/system" "INITDIR_SYSTEMD=/lib/systemd/system"
]; ];
installTargets = [ "install-systemd-all" ]; installTargets = ["install-systemd-all"];
postInstall = '' postInstall = ''
wrapProgram $out/bin/anything-sync-daemon \ wrapProgram $out/bin/anything-sync-daemon \
--suffix PATH : ${lib.makeBinPath [ rsync gawk pv gnutar zstd util-linux coreutils gnugrep findutils]} --suffix PATH : ${lib.makeBinPath [rsync gawk pv gnutar zstd util-linux coreutils gnugrep findutils]}
''; '';
meta = with lib; { meta = with lib; {
description = "Symlinks and syncs user specified dirs to RAM"; description = "Symlinks and syncs user specified dirs to RAM";
homepage = "https://github.com/graysky2/anything-sync-daemon/"; homepage = "https://github.com/graysky2/anything-sync-daemon/";
license = lib.licenses.mit; license = lib.licenses.mit;
platforms = platforms.linux; platforms = platforms.linux;
}; };
} }

238
roles/common/configuration.nix
View file

@ -1,132 +1,136 @@
{ config, lib, pkgs, flakeSelf, ... }:
{ {
imports = [ flakeSelf.inputs.nur.nixosModules.nur ]; config,
environment = { lib,
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace pkgs,
# I don't need any of them, so I just empty the list flakeSelf,
defaultPackages = []; ...
}; }: {
imports = [flakeSelf.inputs.nur.nixosModules.nur];
environment = {
# As of the 1st of May 2023, the default packages are nano, perl, rsync and strace
# I don't need any of them, so I just empty the list
defaultPackages = [];
};
# Set up /tmp # Set up /tmp
boot.tmp = { boot.tmp = {
useTmpfs = false; useTmpfs = false;
# Cleaning out /tmp at boot if it's a tmpfs is quite stupid # Cleaning out /tmp at boot if it's a tmpfs is quite stupid
cleanOnBoot = !config.boot.tmp.useTmpfs; cleanOnBoot = !config.boot.tmp.useTmpfs;
}; };
# Set up zram # Set up zram
zramSwap = { zramSwap = {
enable = true; enable = true;
priority = 100; priority = 100;
memoryPercent = 60; memoryPercent = 60;
# zstd my beloved <3 # zstd my beloved <3
algorithm = "zstd"; algorithm = "zstd";
}; };
# zswap with zram is not a good idea # zswap with zram is not a good idea
boot.kernelParams = [ "zswap.enabled=0" ]; boot.kernelParams = ["zswap.enabled=0"];
# Set up keyboard layout # Set up keyboard layout
services.xserver.xkb.layout = "es"; services.xserver.xkb.layout = "es";
# Set up console # Set up console
console = { console = {
packages = [ pkgs.terminus_font ]; packages = [pkgs.terminus_font];
earlySetup = true; earlySetup = true;
# mkDefault has 1000 priority, so that way I don't conflict with nixos-hardware # mkDefault has 1000 priority, so that way I don't conflict with nixos-hardware
font = lib.mkOverride 999 "ter-i16n"; font = lib.mkOverride 999 "ter-i16n";
# Make the console use X's keyboard configuration # Make the console use X's keyboard configuration
useXkbConfig = true; useXkbConfig = true;
}; };
boot.supportedFilesystems = [ "nfs" ]; boot.supportedFilesystems = ["nfs"];
# Set up localisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_NUMERIC = "es_ES.UTF-8";
# am/pm is nice but mm/dd/yy is yucky
LC_TIME = "es_US.UTF-8";
LC_MONETARY = "es_ES.UTF-8";
LC_MEASUREMENT = "es_ES.UTF-8";
LC_PAPER = "es_ES.UTF-8";
LC_ADDRESS = "es_US.UTF-8";
LC_NAME = "es_ES.UTF-8";
LC_TELEPHONE = "es_ES.UTF-8";
};
};
services.fwupd.enable = true; # Set up localisation
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_NUMERIC = "es_ES.UTF-8";
# am/pm is nice but mm/dd/yy is yucky
LC_TIME = "es_US.UTF-8";
LC_MONETARY = "es_ES.UTF-8";
LC_MEASUREMENT = "es_ES.UTF-8";
LC_PAPER = "es_ES.UTF-8";
LC_ADDRESS = "es_US.UTF-8";
LC_NAME = "es_ES.UTF-8";
LC_TELEPHONE = "es_ES.UTF-8";
};
};
# Set up my user services.fwupd.enable = true;
users.users.toast = {
isNormalUser = true;
description = "Toast";
extraGroups = [ "wheel" ];
};
# Set up time zone. # Set up my user
time.timeZone = "Europe/Madrid"; users.users.toast = {
isNormalUser = true;
description = "Toast";
extraGroups = ["wheel"];
};
nixpkgs.overlays = [ # Set up time zone.
( time.timeZone = "Europe/Madrid";
final: prev: {
catppuccin = prev.catppuccin.override {
accent = "mauve";
variant = "mocha";
themeList = [
"bat"
"btop"
"starship"
"grub"
];
};
}
)
];
home-manager = { nixpkgs.overlays = [
backupFileExtension = "hm-backup"; (
useGlobalPkgs = true; final: prev: {
verbose = true; catppuccin = prev.catppuccin.override {
users.toast = { config, ... }: { accent = "mauve";
home.stateVersion = "23.11"; variant = "mocha";
xdg = { themeList = [
userDirs = { "bat"
enable = true; "btop"
createDirectories = true; "starship"
publicShare = null; # Disable the public folder "grub"
}; ];
}; };
}; }
}; )
];
# Set up secrets home-manager = {
age = { backupFileExtension = "hm-backup";
identityPaths = [ useGlobalPkgs = true;
"/persist/id_host" verbose = true;
]; users.toast = {config, ...}: {
}; home.stateVersion = "23.11";
xdg = {
userDirs = {
enable = true;
createDirectories = true;
publicShare = null; # Disable the public folder
};
};
};
};
boot.loader.grub = { # Set up secrets
theme = "${pkgs.catppuccin}/grub"; age = {
backgroundColor = "#1E1E2E"; identityPaths = [
splashImage = "${pkgs.catppuccin}/grub/background.png"; "/persist/id_host"
}; ];
};
/* boot.loader.grub = {
I used to keep the host keys in the repo as a secret, but since I use the theme = "${pkgs.catppuccin}/grub";
host keys for decrypting too I'm not sure encrypting a key with itself backgroundColor = "#1E1E2E";
is a good idea. Now the host keys will need to be placed manually where they are needed splashImage = "${pkgs.catppuccin}/grub/background.png";
For first time installs they are generated by services.openssh.hostKeys on servers, and };
manually on everything else
*/ /*
I used to keep the host keys in the repo as a secret, but since I use the
system = { host keys for decrypting too I'm not sure encrypting a key with itself
stateVersion = "23.11"; is a good idea. Now the host keys will need to be placed manually where they are needed
# Nix on nixos 23.05 does not have dirtyRev For first time installs they are generated by services.openssh.hostKeys on servers, and
configurationRevision = flakeSelf.sourceInfo.rev or flakeSelf.sourceInfo.dirtyRev or "dirty"; manually on everything else
nixos.variant_id = lib.strings.toLower config.networking.hostName; */
};
system = {
stateVersion = "23.11";
# Nix on nixos 23.05 does not have dirtyRev
configurationRevision = flakeSelf.sourceInfo.rev or flakeSelf.sourceInfo.dirtyRev or "dirty";
nixos.variant_id = lib.strings.toLower config.networking.hostName;
};
} }

14
roles/common/default.nix
View file

@ -1,9 +1,7 @@
{ ... }: {...}: {
imports = [
{ ./programs
imports = [ ./services
./programs ./configuration.nix
./services ];
./configuration.nix
];
} }

16
roles/common/programs/bash.nix
View file

@ -1,10 +1,8 @@
{ config, ... }: {config, ...}: {
home-manager.users.toast = {config, ...}: {
{ programs.bash = {
home-manager.users.toast = { config, ... }: { enable = true;
programs.bash = { enableVteIntegration = true;
enable = true; };
enableVteIntegration = true; };
};
};
} }

42
roles/common/programs/bat.nix
View file

@ -1,21 +1,25 @@
{ config, pkgs, ... }:
let
themeName = if config.system.nixos.release == "23.11" then "Catppuccin-mocha" else "Catppuccin Mocha";
in
{ {
home-manager = { config,
users.toast.programs.bat = { pkgs,
enable = true; ...
config = { }: let
theme = "catppuccin-mocha"; themeName =
}; if config.system.nixos.release == "23.11"
themes = { then "Catppuccin-mocha"
catppuccin-mocha = { else "Catppuccin Mocha";
src = pkgs.catppuccin; in {
file = "bat/${themeName}.tmTheme"; home-manager = {
}; users.toast.programs.bat = {
}; enable = true;
}; config = {
}; theme = "catppuccin-mocha";
};
themes = {
catppuccin-mocha = {
src = pkgs.catppuccin;
file = "bat/${themeName}.tmTheme";
};
};
};
};
} }

6
roles/common/programs/btop.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home-manager = { home-manager = {
users.toast = { users.toast = {
programs.btop = { programs.btop = {
@ -14,4 +12,4 @@
}; };
}; };
}; };
} }

14
roles/common/programs/comma.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
# Use nix-index-database's comma wrapper config,
programs.nix-index-database.comma.enable = true; pkgs,
# Run programs from the system's nixpkgs ...
environment.variables = { COMMA_NIXPKGS_FLAKE="system"; }; }: {
# Use nix-index-database's comma wrapper
programs.nix-index-database.comma.enable = true;
# Run programs from the system's nixpkgs
environment.variables = {COMMA_NIXPKGS_FLAKE = "system";};
} }

8
roles/common/programs/command-not-found.nix
View file

@ -1,6 +1,4 @@
{ config, ... }: {config, ...}: {
# The nixpkgs command-not-found script does not work with flakes, so I disable it
{ programs.command-not-found.enable = false;
# The nixpkgs command-not-found script does not work with flakes, so I disable it
programs.command-not-found.enable = false;
} }

62
roles/common/programs/default.nix
View file

@ -1,32 +1,34 @@
{ config, pkgs, ... }:
{ {
imports = [ config,
./htop.nix pkgs,
./nix.nix ...
./micro.nix }: {
./nix-index.nix imports = [
./command-not-found.nix ./htop.nix
./comma.nix ./nix.nix
./bash.nix ./micro.nix
./git.nix ./nix-index.nix
./starship.nix ./command-not-found.nix
./bat.nix ./comma.nix
./btop.nix ./bash.nix
./helix.nix ./git.nix
./direnv.nix ./starship.nix
]; ./bat.nix
# Some programs dont have a programs.*.enable option, so I install their package here ./btop.nix
environment.systemPackages = with pkgs; [ ./helix.nix
speedtest-cli ./direnv.nix
# Bat has a home manager module, but I want it to be available system wide ];
bat # Some programs dont have a programs.*.enable option, so I install their package here
file environment.systemPackages = with pkgs; [
nvd speedtest-cli
ncdu # Bat has a home manager module, but I want it to be available system wide
tree bat
btdu file
iperf3 nvd
restic ncdu
]; tree
btdu
iperf3
restic
];
} }

4
roles/common/programs/direnv.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
programs.direnv = { programs.direnv = {
enable = true; enable = true;
nix-direnv = { nix-direnv = {

63
roles/common/programs/git.nix
View file

@ -1,34 +1,33 @@
{ config, pkgs, ... }:
let
catppuccinDelta = pkgs.fetchFromGitHub {
owner = "catppuccin";
repo = "delta";
rev = "main";
hash = "sha256-0QQLkfLBVuB2re6tjtPNuOQZNK0MDBAIFgNGHZM8afs=";
};
in
{ {
home-manager.users.toast = { config,
programs.git = { pkgs,
enable = true; ...
userName = "Toast"; }: let
userEmail = "toast003@tutamail.com"; catppuccinDelta = pkgs.fetchFromGitHub {
delta = { owner = "catppuccin";
enable = true; repo = "delta";
options = { rev = "main";
syntax-theme = "catppuccin-mocha"; hash = "sha256-0QQLkfLBVuB2re6tjtPNuOQZNK0MDBAIFgNGHZM8afs=";
features = "catppuccin-mocha"; };
}; in {
}; home-manager.users.toast = {
includes = [{ path = "${catppuccinDelta}/themes/mocha.gitconfig"; }]; programs.git = {
extraConfig = { enable = true;
init.defaultBranch = "main"; userName = "Toast";
diff.colorMoved = "default"; userEmail = "toast003@tutamail.com";
commit.verbose = "true"; delta = {
}; enable = true;
}; options = {
}; syntax-theme = "catppuccin-mocha";
features = "catppuccin-mocha";
};
};
includes = [{path = "${catppuccinDelta}/themes/mocha.gitconfig";}];
extraConfig = {
init.defaultBranch = "main";
diff.colorMoved = "default";
commit.verbose = "true";
};
};
};
} }

6
roles/common/programs/helix.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home-manager.users.toast = { home-manager.users.toast = {
programs.helix = { programs.helix = {
enable = true; enable = true;
@ -9,7 +7,7 @@
nixpkgs-fmt nixpkgs-fmt
nil nil
]; ];
settings = { settings = {
theme = "catppuccin_mocha"; theme = "catppuccin_mocha";
editor = { editor = {
mouse = true; mouse = true;

26
roles/common/programs/htop.nix
View file

@ -1,15 +1,13 @@
{ config, ... }: {config, ...}: {
programs.htop = {
{ enable = true;
programs.htop = { settings = {
enable = true; tree_view = 1;
settings = { highlight_base_name = 1;
tree_view = 1; show_program_path = 0;
highlight_base_name = 1; show_cpu_frequency = 1;
show_program_path = 0; show_cpu_temperature = 1;
show_cpu_frequency = 1; hide_userland_threads = 1;
show_cpu_temperature = 1; };
hide_userland_threads = 1; };
};
};
} }

35
roles/common/programs/micro.nix
View file

@ -1,17 +1,22 @@
{ config, pkgs, ... }:
{ {
home-manager = { config,
users.toast = { config, pkgs, ... }: pkgs,
{ ...
programs.micro = { }: {
enable = true; home-manager = {
settings = { users.toast = {
clipboard = "internal"; config,
indentchar = "|"; pkgs,
softwrap = true; ...
}; }: {
}; programs.micro = {
}; enable = true;
}; settings = {
clipboard = "internal";
indentchar = "|";
softwrap = true;
};
};
};
};
} }

28
roles/common/programs/nix-index.nix
View file

@ -1,15 +1,15 @@
{ config, ... }: {config, ...}: {
/*
{ environment.systemPackages = [ pkgs.nix-index ];
/* environment.systemPackages = [ pkgs.nix-index ]; programs.bash.interactiveShellInit = ''
programs.bash.interactiveShellInit = '' source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh '';
''; */ */
programs.nix-index = { programs.nix-index = {
enable = true; enable = true;
enableBashIntegration = true; enableBashIntegration = true;
# I don't use zsh or fish (yet) # I don't use zsh or fish (yet)
enableZshIntegration = false; enableZshIntegration = false;
enableFishIntegration = false; enableFishIntegration = false;
}; };
} }

55
roles/common/programs/nix.nix
View file

@ -1,25 +1,34 @@
{ config, systemPkgs, ... }:
{ {
nix = { config,
settings = { systemPkgs,
auto-optimise-store = true; ...
experimental-features = "nix-command flakes"; }: {
}; nix = {
optimise = { settings = {
automatic = true; auto-optimise-store = true;
dates = [ "weekly" ]; experimental-features = "nix-command flakes";
}; };
registry = { optimise = {
agenix = { automatic = true;
from = { id = "agenix"; type = "indirect"; }; dates = ["weekly"];
to = { owner = "ryantm"; repo = "agenix"; type = "github"; }; };
}; registry = {
# Write the system's nixpkgs into the registry to avoid mixing nixpkgs versions agenix = {
# https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html from = {
system.flake = systemPkgs; id = "agenix";
}; type = "indirect";
# I removed this in the past since I thought that I didn't need it, but turns out comma does :) };
nixPath = [ "nixpkgs=${systemPkgs}" ]; to = {
}; owner = "ryantm";
repo = "agenix";
type = "github";
};
};
# Write the system's nixpkgs into the registry to avoid mixing nixpkgs versions
# https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
system.flake = systemPkgs;
};
# I removed this in the past since I thought that I didn't need it, but turns out comma does :)
nixPath = ["nixpkgs=${systemPkgs}"];
};
} }

101
roles/common/programs/starship.nix
View file

@ -1,53 +1,52 @@
{ pkgs, lib, ... }:
with lib;
with builtins;
let
catppuccinFlavour = "mocha";
catppuccinStarship = pkgs.catppuccin + /starship/${catppuccinFlavour}.toml;
presets = {
nerdFontSymbols = pkgs.fetchurl {
url = "https://starship.rs/presets/toml/nerd-font-symbols.toml";
hash = "sha256-BVe5JMSIa3CoY2Wf9pvcF1EUtDVCWCLhW3IyKuwfHug=";
};
};
# -------------------------------- F U N C T I O N S --------------------------------
/*
Gonna be honest, I have no idea how this works, although it seems to work
Stolen from https://gist.github.com/pdalpra/daf339f59288201a6c8ba7dc84e9060e
*/
# Takes a list of attrSets and merges them
mergeAllAttrSets = attrsSets:
foldl' (recursiveUpdate) {} attrsSets;
# Reads a TOML file and parses it
readTomlPreset = file: (fromTOML (readFile file));
in
{ {
programs.starship = { pkgs,
enable = true; lib,
settings = mergeAllAttrSets [ ...
(readTomlPreset presets.nerdFontSymbols) }:
(readTomlPreset catppuccinStarship) with lib;
{ with builtins; let
nix_shell = { catppuccinFlavour = "mocha";
disabled = false; catppuccinStarship = pkgs.catppuccin + /starship/${catppuccinFlavour}.toml;
heuristic = true;
}; presets = {
os = { nerdFontSymbols = pkgs.fetchurl {
disabled = false; url = "https://starship.rs/presets/toml/nerd-font-symbols.toml";
}; hash = "sha256-BVe5JMSIa3CoY2Wf9pvcF1EUtDVCWCLhW3IyKuwfHug=";
directory = { };
disabled = false; };
truncation_length = 6; # -------------------------------- F U N C T I O N S --------------------------------
truncation_symbol = ".../";
}; /*
palette = "catppuccin_${catppuccinFlavour}"; Gonna be honest, I have no idea how this works, although it seems to work
} Stolen from https://gist.github.com/pdalpra/daf339f59288201a6c8ba7dc84e9060e
]; */
}; # Takes a list of attrSets and merges them
mergeAllAttrSets = attrsSets:
foldl' recursiveUpdate {} attrsSets;
# Reads a TOML file and parses it
readTomlPreset = file: (fromTOML (readFile file));
in {
programs.starship = {
enable = true;
settings = mergeAllAttrSets [
(readTomlPreset presets.nerdFontSymbols)
(readTomlPreset catppuccinStarship)
{
nix_shell = {
disabled = false;
heuristic = true;
};
os = {
disabled = false;
};
directory = {
disabled = false;
truncation_length = 6;
truncation_symbol = ".../";
};
palette = "catppuccin_${catppuccinFlavour}";
}
];
};
} }

40
roles/common/services/avahi.nix
View file

@ -1,19 +1,23 @@
{ config, ... }: {config, ...}: let
let old = {
old = { nssmdns = true;
nssmdns = true; };
}; new = {
new = { nssmdns4 = true;
nssmdns4 = true; };
}; in {
in /*
{ NixOS 24.05 changed the option for mnds to be able to turn on/off IPv6
/* 23.11 doesn't support this, so I need to use the conditional to be able to
NixOS 24.05 changed the option for mnds to be able to turn on/off IPv6 use the same config for both
23.11 doesn't support this, so I need to use the conditional to be able to */
use the same config for both services.avahi =
*/ {
services.avahi = { enable = true;
enable = true; }
} // (if config.system.nixos.release == "23.11" then old else new); // (
if config.system.nixos.release == "23.11"
then old
else new
);
} }

14
roles/common/services/default.nix
View file

@ -1,9 +1,7 @@
{ ... }: {...}: {
imports = [
{ ./avahi.nix
imports = [ ./tailscale.nix
./avahi.nix ./syncthing.nix
./tailscale.nix ];
./syncthing.nix
];
} }

114
roles/common/services/syncthing.nix
View file

@ -1,60 +1,60 @@
{ config, flakeSelf, ... }:
let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in
{ {
# Get secrets config,
age.secrets = { flakeSelf,
syncthingKey.file = hostSecrets + "/syncthingKey.age"; ...
syncthingCert.file = hostSecrets + "/syncthingCert.age"; }: let
}; hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in {
# Get secrets
age.secrets = {
syncthingKey.file = hostSecrets + "/syncthingKey.age";
syncthingCert.file = hostSecrets + "/syncthingCert.age";
};
services.syncthing = { services.syncthing = {
key = config.age.secrets.syncthingKey.path; key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path; cert = config.age.secrets.syncthingCert.path;
overrideDevices = true; overrideDevices = true;
overrideFolders = true; overrideFolders = true;
openDefaultPorts = true; openDefaultPorts = true;
settings = { settings = {
options = { options = {
urAccepted = 3; urAccepted = 3;
}; };
# Set up devices and folders common to every device # Set up devices and folders common to every device
devices = { devices = {
"phone" = { "phone" = {
name = "Xiaomi Redmi Note 10 Pro"; name = "Xiaomi Redmi Note 10 Pro";
id = "K7KNZ5V-XREUADL-CROQXPV-6AA4H65-2VUD34Z-VQWKJ6S-LWWW4EE-XPNEZQ6"; id = "K7KNZ5V-XREUADL-CROQXPV-6AA4H65-2VUD34Z-VQWKJ6S-LWWW4EE-XPNEZQ6";
}; };
"pc" = { "pc" = {
name = "Archie"; name = "Archie";
id = "NJPX754-64AQNP3-7GZFIRZ-W2EDRJQ-27ORWYM-X5YXEXQ-ERRTRTQ-BSYD4AY"; id = "NJPX754-64AQNP3-7GZFIRZ-W2EDRJQ-27ORWYM-X5YXEXQ-ERRTRTQ-BSYD4AY";
}; };
"steamdeck" = { "steamdeck" = {
name = "Steam Deck"; name = "Steam Deck";
id = "DNFEGEA-PDEVW5A-O5VBVQK-IUXI7J5-MAHCQAG-2JLEFFM-DSXB6AS-TX6ZHAN"; id = "DNFEGEA-PDEVW5A-O5VBVQK-IUXI7J5-MAHCQAG-2JLEFFM-DSXB6AS-TX6ZHAN";
}; };
"server" = { "server" = {
name = "Everest"; name = "Everest";
id = "2GXFZJZ-CF56ER2-SISBGOF-VNXJIG5-GQC6ECA-NHCHAPX-677RSJT-RI5POAZ"; id = "2GXFZJZ-CF56ER2-SISBGOF-VNXJIG5-GQC6ECA-NHCHAPX-677RSJT-RI5POAZ";
}; };
"surface" = { "surface" = {
name = "Surface Go"; name = "Surface Go";
id = "HTVSF3O-AHY3TNH-BLVSEGK-HRRSMHC-H5LJWVF-NDKGM6O-ATWZALC-YXNV2Q4"; id = "HTVSF3O-AHY3TNH-BLVSEGK-HRRSMHC-H5LJWVF-NDKGM6O-ATWZALC-YXNV2Q4";
}; };
"winmax2" = { "winmax2" = {
name = "Win Max 2"; name = "Win Max 2";
id = "X2NILRM-ADRBQ23-AFREAZA-62GVFDF-UVMPR4L-KGHMUNY-BJ2C3CQ-RBT43QS"; id = "X2NILRM-ADRBQ23-AFREAZA-62GVFDF-UVMPR4L-KGHMUNY-BJ2C3CQ-RBT43QS";
}; };
}; };
folders = { folders = {
"passwords" = { "passwords" = {
label = "KeePassXC Passwords"; label = "KeePassXC Passwords";
id = "rdyaq-ex659"; id = "rdyaq-ex659";
devices = [ "phone" "pc" "steamdeck" "server" "surface" "winmax2"]; devices = ["phone" "pc" "steamdeck" "server" "surface" "winmax2"];
}; };
}; };
}; };
}; };
} }

20
roles/common/services/tailscale.nix
View file

@ -1,12 +1,14 @@
{ config, lib, ... }:
{ {
services.tailscale = { config,
enable = true; lib,
useRoutingFeatures = lib.mkDefault "client"; ...
}; }: {
services.tailscale = {
enable = true;
useRoutingFeatures = lib.mkDefault "client";
};
systemd.services.tailscaled.environment = { systemd.services.tailscaled.environment = {
TS_NO_LOGS_NO_SUPPORT = "true"; TS_NO_LOGS_NO_SUPPORT = "true";
}; };
} }

30
roles/desktop/configuration.nix
View file

@ -1,19 +1,21 @@
{ config, pkgs, ... }:
{ {
# Enable scanning config,
hardware.sane = { pkgs,
enable = true; ...
extraBackends = [ pkgs.sane-airscan ]; }: {
}; # Enable scanning
users.users.toast.extraGroups = [ "scanner" ]; hardware.sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
};
users.users.toast.extraGroups = ["scanner"];
services.xserver.enable = true; services.xserver.enable = true;
# Set up fonts # Set up fonts
fonts.packages = [ fonts.packages = [
( pkgs.nerdfonts.override { fonts = [ "Hack" "JetBrainsMono" ]; } ) (pkgs.nerdfonts.override {fonts = ["Hack" "JetBrainsMono"];})
]; ];
boot.plymouth.enable = true; boot.plymouth.enable = true;
} }

14
roles/desktop/default.nix
View file

@ -1,9 +1,7 @@
{ ... }: {...}: {
imports = [
{ ./services
imports = [ ./programs
./services ./configuration.nix
./programs ];
./configuration.nix
];
} }

24
roles/desktop/programs/default.nix
View file

@ -1,14 +1,12 @@
{ ... }: {...}: {
imports = [
{ ./discord.nix
imports = [ ./firefox.nix
./discord.nix ./micro.nix
./firefox.nix ./keepassxc.nix
./micro.nix ./jamesdsp.nix
./keepassxc.nix ./vscode.nix
./jamesdsp.nix ./git.nix
./vscode.nix ./ssh.nix
./git.nix ];
./ssh.nix
];
} }

80
roles/desktop/programs/discord.nix
View file

@ -1,41 +1,45 @@
{ config, pkgs, lib, ... }:
let
discordOverlay = self: super: {
discord = super.discord.override {
withOpenASAR = true;
withVencord = true;
};
# Update some stuff while I wait for nixpkgs
/*vencord = super.vencord.overrideAttrs rec {
version = "522fdcd";
src = pkgs.fetchFromGitHub {
owner = "Vendicated";
repo = "Vencord";
rev = "522fdcd";
#rev = "v${version}";
hash = "sha256-9G7FNL4pHaaLachzJmeAol0WpNUj533K2FNa7DH0eBM=";
};
};*/
};
stock-discord = self: super: {
discord = super.discord.override {
withOpenASAR = false;
withVencord = false;
};
};
in
{ {
# Sometimes discord breaks after updates, and launching it stock once fixes it config,
specialisation.stockDiscord.configuration = { pkgs,
nixpkgs.overlays = lib.mkAfter [ stock-discord ]; lib,
}; ...
}: let
discordOverlay = self: super: {
discord = super.discord.override {
withOpenASAR = true;
withVencord = true;
};
# Update some stuff while I wait for nixpkgs
/*
vencord = super.vencord.overrideAttrs rec {
version = "522fdcd";
src = pkgs.fetchFromGitHub {
owner = "Vendicated";
repo = "Vencord";
rev = "522fdcd";
#rev = "v${version}";
hash = "sha256-9G7FNL4pHaaLachzJmeAol0WpNUj533K2FNa7DH0eBM=";
};
};
*/
};
stock-discord = self: super: {
discord = super.discord.override {
withOpenASAR = false;
withVencord = false;
};
};
in {
# Sometimes discord breaks after updates, and launching it stock once fixes it
specialisation.stockDiscord.configuration = {
nixpkgs.overlays = lib.mkAfter [stock-discord];
};
nixpkgs.overlays = [ discordOverlay ]; nixpkgs.overlays = [discordOverlay];
home-manager.users.toast = { home-manager.users.toast = {
home.packages = with pkgs; [ home.packages = with pkgs; [
discord discord
vesktop vesktop
]; ];
}; };
} }

112
roles/desktop/programs/firefox.nix
View file

@ -1,57 +1,59 @@
{ config, lib, ... }:
{ {
# System wide firefox settings config,
programs.firefox = { lib,
enable = true; ...
policies = { }: {
"DisablePocket" = true; # System wide firefox settings
"DisableTelemetry" = true; programs.firefox = {
# You need these for Spotify enable = true;
"EncryptedMediaExtensions" = { "Enabled" = true; }; policies = {
"ExtensionSettings" = { "DisablePocket" = true;
# TODO: Install extensions the NUR instead of from AMO "DisableTelemetry" = true;
"uBlock0@raymondhill.net" = { # You need these for Spotify
"installation_mode" = "force_installed"; "EncryptedMediaExtensions" = {"Enabled" = true;};
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; "ExtensionSettings" = {
}; # TODO: Install extensions the NUR instead of from AMO
# Decentraleyes "uBlock0@raymondhill.net" = {
"jid1-BoFifL9Vbdl2zQ@jetpack" = { "installation_mode" = "force_installed";
"installation_mode" = "normal_installed"; "install_url" = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi"; };
}; # Decentraleyes
"jid1-MnnxcxisBPnSXQ@jetpack" = { "jid1-BoFifL9Vbdl2zQ@jetpack" = {
"installation_mode" = "normal_installed"; "installation_mode" = "normal_installed";
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi"; "install_url" = "https://addons.mozilla.org/firefox/downloads/latest/decentraleyes/latest.xpi";
}; };
# Uninstall the kde plasma integration extension if KDE is not installed "jid1-MnnxcxisBPnSXQ@jetpack" = {
"plasma-browser-integration@kde.org"."installation_mode" = lib.mkDefault "blocked"; "installation_mode" = "normal_installed";
}; "install_url" = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
"Preferences" = { };
# Enable video hardware acceleration # Uninstall the kde plasma integration extension if KDE is not installed
"media.ffmpeg.vaapi.enabled" = { "plasma-browser-integration@kde.org"."installation_mode" = lib.mkDefault "blocked";
"Value" = true; };
"Status" = "default"; "Preferences" = {
}; # Enable video hardware acceleration
"dom.security.https_only_mode" = { "media.ffmpeg.vaapi.enabled" = {
"Value" = true; "Value" = true;
"Status" = "locked"; "Status" = "default";
}; };
"general.smoothScroll.msdPhysics.enabled" = { "dom.security.https_only_mode" = {
"Value" = true; "Value" = true;
"Status" = "default"; "Status" = "locked";
}; };
}; "general.smoothScroll.msdPhysics.enabled" = {
"PromptForDownloadLocation" = true; "Value" = true;
# I use an external password manager, so the built in one just bothers me "Status" = "default";
"PasswordManagerEnabled" = false; };
"Permissions" = { };
"Autoplay" = { "PromptForDownloadLocation" = true;
"Allow" = [ "https://www.youtube.com" ]; # I use an external password manager, so the built in one just bothers me
"Default" = "block-audio-video"; "PasswordManagerEnabled" = false;
}; "Permissions" = {
}; "Autoplay" = {
"FirefoxHome" = { "SponsoredTopSites" = false; }; "Allow" = ["https://www.youtube.com"];
}; "Default" = "block-audio-video";
}; };
};
"FirefoxHome" = {"SponsoredTopSites" = false;};
};
};
} }

8
roles/desktop/programs/git.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
{ {
pkgs,
lib,
...
}: {
home-manager.users.toast = { home-manager.users.toast = {
programs.git = { programs.git = {
package = pkgs.gitFull; package = pkgs.gitFull;
@ -11,6 +13,6 @@
}; };
}; };
home.packages = [ pkgs.git-cola ]; home.packages = [pkgs.git-cola];
}; };
} }

8
roles/desktop/programs/jamesdsp.nix
View file

@ -1,5 +1,7 @@
{ config, pkgs, ... }:
{ {
users.users.toast.packages = [ pkgs.jamesdsp ]; config,
pkgs,
...
}: {
users.users.toast.packages = [pkgs.jamesdsp];
} }

128
roles/desktop/programs/keepassxc.nix
View file

@ -1,63 +1,69 @@
{ config, pkgs, lib, ... }:
let
kpxcSettings = lib.generators.toINI {} {
General = {
# Not sure what changing this does, I'll leave it alone
ConfigVersion = 2;
MinimizeAfterUnlock = true;
AutoSaveAfterEveryChange = false;
};
GUI = {
ApplicationTheme = "classic";
MinimizeOnStartup = false;
MinimizeOnClose = true;
MinimizeToTray = true;
ShowTrayIcon = true;
# 0 is icons, 1 is text, 2 is text next to icons, 3 is text under icons, and 4 is follow style
ToolButtonStyle = 0; # Would choose 4 but it's too big for a small window
# monochrome-light, monochrome-dark or colorful
TrayIconAppearance = "monochrome-light";
};
Security = {
HideNotes = true;
IconDownloadFallback = true;
};
SSHAgent.Enabled = true;
};
in
{ {
home-manager = { config,
extraSpecialArgs = { kpxcSettings = kpxcSettings; }; pkgs,
users.toast = { config, pkgs, kpxcSettings, ... }: { lib,
# No module for KeePassXC config :( ...
home = { }: let
packages = [ pkgs.keepassxc ]; kpxcSettings = lib.generators.toINI {} {
file = { General = {
".config/keepassxc/keepassxc.ini".text = kpxcSettings; # Not sure what changing this does, I'll leave it alone
# For some reason the autostart .desktop is not the same as the regular one ConfigVersion = 2;
".config/autostart/org.keepassxc.KeePassXC.desktop".text = '' MinimizeAfterUnlock = true;
[Desktop Entry] AutoSaveAfterEveryChange = false;
Name=KeePassXC };
GenericName=Password Manager GUI = {
Exec=keepassxc ApplicationTheme = "classic";
TryExec=keepassxc MinimizeOnStartup = false;
Icon=keepassxc MinimizeOnClose = true;
StartupWMClass=keepassxc MinimizeToTray = true;
StartupNotify=true ShowTrayIcon = true;
Terminal=false # 0 is icons, 1 is text, 2 is text next to icons, 3 is text under icons, and 4 is follow style
Type=Application ToolButtonStyle = 0; # Would choose 4 but it's too big for a small window
Version=1.0 # monochrome-light, monochrome-dark or colorful
Categories=Utility;Security;Qt; TrayIconAppearance = "monochrome-light";
MimeType=application/x-keepass2; };
X-GNOME-Autostart-enabled=true Security = {
X-GNOME-Autostart-Delay=2 HideNotes = true;
X-KDE-autostart-after=panel IconDownloadFallback = true;
X-LXQt-Need-Tray=true };
''; SSHAgent.Enabled = true;
}; };
}; in {
}; home-manager = {
}; extraSpecialArgs = {kpxcSettings = kpxcSettings;};
users.toast = {
config,
pkgs,
kpxcSettings,
...
}: {
# No module for KeePassXC config :(
home = {
packages = [pkgs.keepassxc];
file = {
".config/keepassxc/keepassxc.ini".text = kpxcSettings;
# For some reason the autostart .desktop is not the same as the regular one
".config/autostart/org.keepassxc.KeePassXC.desktop".text = ''
[Desktop Entry]
Name=KeePassXC
GenericName=Password Manager
Exec=keepassxc
TryExec=keepassxc
Icon=keepassxc
StartupWMClass=keepassxc
StartupNotify=true
Terminal=false
Type=Application
Version=1.0
Categories=Utility;Security;Qt;
MimeType=application/x-keepass2;
X-GNOME-Autostart-enabled=true
X-GNOME-Autostart-Delay=2
X-KDE-autostart-after=panel
X-LXQt-Need-Tray=true
'';
};
};
};
};
} }

44
roles/desktop/programs/micro.nix
View file

@ -1,21 +1,27 @@
{ config, pkgs, lib, ... }:
{ {
home-manager = { config,
users.toast = { config, pkgs, ... }: pkgs,
{ lib,
programs.micro = { ...
enable = true; }: {
settings = { home-manager = {
# Use xclip/wl-clipboard for copying and pasting users.toast = {
clipboard = lib.mkForce "external"; config,
}; pkgs,
}; ...
/* }: {
On a kde wayland session micro uses xsel or xclip instead of wl-clipboard programs.micro = {
which doesn't work, so I only install wl-clipboard here to make micro use it enable = true;
*/ settings = {
home.packages = with pkgs; [ wl-clipboard ]; # Use xclip/wl-clipboard for copying and pasting
}; clipboard = lib.mkForce "external";
}; };
};
/*
On a kde wayland session micro uses xsel or xclip instead of wl-clipboard
which doesn't work, so I only install wl-clipboard here to make micro use it
*/
home.packages = with pkgs; [wl-clipboard];
};
};
} }

4
roles/desktop/programs/ssh.nix
View file

@ -1,6 +1,4 @@
{ ... }: {...}: {
{
home-manager.users.toast = { home-manager.users.toast = {
programs.ssh = { programs.ssh = {
enable = true; enable = true;

81
roles/desktop/programs/vscode.nix
View file

@ -1,40 +1,45 @@
{ config, pkgs, flakeSelf, ... }:
let inputs = flakeSelf.inputs; in
{ {
nixpkgs.overlays = [ inputs.catppuccin-vsc.overlays.default ]; config,
home-manager.users.toast = { pkgs,
home.packages = with pkgs; [ flakeSelf,
nixpkgs-fmt ...
]; }: let
programs.vscode = { inputs = flakeSelf.inputs;
enable = true; in {
package = pkgs.vscodium; nixpkgs.overlays = [inputs.catppuccin-vsc.overlays.default];
mutableExtensionsDir = false; home-manager.users.toast = {
extensions = with inputs.vscode-extensions.extensions.x86_64-linux.open-vsx; [ home.packages = with pkgs; [
jnoortheen.nix-ide nixpkgs-fmt
(pkgs.catppuccin-vsc.override { ];
workbenchMode = "flat"; programs.vscode = {
extraBordersEnabled = true; enable = true;
}) package = pkgs.vscodium;
catppuccin.catppuccin-vsc-icons mutableExtensionsDir = false;
waderyan.gitblame extensions = with inputs.vscode-extensions.extensions.x86_64-linux.open-vsx; [
]; jnoortheen.nix-ide
userSettings = { (pkgs.catppuccin-vsc.override {
# VSCode doesn't like nested settings workbenchMode = "flat";
# https://stackoverflow.com/questions/74134436/is-it-possible-to-express-settings-in-vs-codes-settings-json-where-each-dot-sep extraBordersEnabled = true;
# TODO: write a function that unnests settings })
"workbench.colorTheme" = "Catppuccin Mocha"; catppuccin.catppuccin-vsc-icons
"workbench.iconTheme" = "catppuccin-mocha"; waderyan.gitblame
"editor.fontFamily" = "JetBrainsMono Nerd Font"; ];
"editor.semanticHighlighting.enabled" = true; userSettings = {
"nix.enableLanguageServer" = true; # VSCode doesn't like nested settings
"nix.serverPath" = "${pkgs.nil}/bin/nil"; # https://stackoverflow.com/questions/74134436/is-it-possible-to-express-settings-in-vs-codes-settings-json-where-each-dot-sep
"nix.serverSettings" = { # TODO: write a function that unnests settings
"nil"."formatting"."command" = [ "nixpkgs-fmt" ]; "workbench.colorTheme" = "Catppuccin Mocha";
}; "workbench.iconTheme" = "catppuccin-mocha";
"terminal.integrated.minimumContrastRatio" = 1; "editor.fontFamily" = "JetBrainsMono Nerd Font";
"window.titleBarStyle" = "custom"; "editor.semanticHighlighting.enabled" = true;
}; "nix.enableLanguageServer" = true;
}; "nix.serverPath" = "${pkgs.nil}/bin/nil";
}; "nix.serverSettings" = {
"nil"."formatting"."command" = ["nixpkgs-fmt"];
};
"terminal.integrated.minimumContrastRatio" = 1;
"window.titleBarStyle" = "custom";
};
};
};
} }

20
roles/desktop/services/default.nix
View file

@ -1,12 +1,10 @@
{ ... }: {...}: {
imports = [
{ ./ssh-agent.nix
imports = [ ./flatpak.nix
./ssh-agent.nix ./syncthing.nix
./flatpak.nix ./pipewire.nix
./syncthing.nix ./printing.nix
./pipewire.nix ./networkmanager.nix
./printing.nix ];
./networkmanager.nix
];
} }

35
roles/desktop/services/flatpak.nix
View file

@ -1,19 +1,22 @@
{ config, pkgs, flakeSelf, ... }:
{ {
services.flatpak.enable = true; config,
pkgs,
flakeSelf,
...
}: {
services.flatpak.enable = true;
home-manager = { home-manager = {
sharedModules = [{ imports = [ flakeSelf.inputs.nix-flatpak.homeManagerModules.nix-flatpak ]; }]; sharedModules = [{imports = [flakeSelf.inputs.nix-flatpak.homeManagerModules.nix-flatpak];}];
users.toast = { users.toast = {
services.flatpak = { services.flatpak = {
packages = [ "tv.plex.PlexDesktop" ]; packages = ["tv.plex.PlexDesktop"];
uninstallUnmanagedPackages = true; uninstallUnmanagedPackages = true;
update.auto = { update.auto = {
enable = true; enable = true;
onCalendar = "weekly"; onCalendar = "weekly";
}; };
}; };
}; };
}; };
} }

8
roles/desktop/services/networkmanager.nix
View file

@ -1,10 +1,6 @@
{ config, ... }: {config, ...}: let
let
tailscaleName = config.services.tailscale.interfaceName; tailscaleName = config.services.tailscale.interfaceName;
in in {
{
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
unmanaged = [ unmanaged = [

16
roles/desktop/services/pipewire.nix
View file

@ -1,11 +1,9 @@
{ config, ... }: {config, ...}: {
services.pipewire = {
enable = true;
pulse.enable = true;
};
{ # This allows pipewire to get realtime priority, which (hopefully) gets rid of stutters
services.pipewire = { security.rtkit.enable = true;
enable = true;
pulse.enable = true;
};
# This allows pipewire to get realtime priority, which (hopefully) gets rid of stutters
security.rtkit.enable = true;
} }

14
roles/desktop/services/printing.nix
View file

@ -1,9 +1,7 @@
{ config, ... }: {config, ...}: {
services.printing = {
{ enable = true;
services.printing = { startWhenNeeded = true;
enable = true; stateless = true;
startWhenNeeded = true; };
stateless = true;
};
} }

40
roles/desktop/services/ssh-agent.nix
View file

@ -1,21 +1,23 @@
{ config, pkgs, ... }:
{ {
programs.ssh.startAgent = true; config,
/* pkgs,
Home assistant added an option that does this ...
https://github.com/nix-community/home-manager/commit/2d9210f25ed18d5d4e11e6b886de4027c0c51a94 }: {
but since I still need to fix home-manager's envvars not applying I'll stick to the NixOS one programs.ssh.startAgent = true;
*/ /*
/* Home assistant added an option that does this
TODO: fix SSH_AUTH_SOCK not being set in Plasma https://github.com/nix-community/home-manager/commit/2d9210f25ed18d5d4e11e6b886de4027c0c51a94
Turns out the NixOS module also has issues :3 but since I still need to fix home-manager's envvars not applying I'll stick to the NixOS one
The env is set but only in bash, not in the DE, so */
keepass can't pick it up. For now I'll just set it manually /*
*/ TODO: fix SSH_AUTH_SOCK not being set in Plasma
home-manager.users.toast.xdg.configFile."plasma-workspace/env/ssh-agent.sh".text = '' Turns out the NixOS module also has issues :3
if [[ -z "$SSH_AUTH_SOCK" ]]; then The env is set but only in bash, not in the DE, so
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent keepass can't pick it up. For now I'll just set it manually
fi */
''; home-manager.users.toast.xdg.configFile."plasma-workspace/env/ssh-agent.sh".text = ''
if [[ -z "$SSH_AUTH_SOCK" ]]; then
export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent
fi
'';
} }

46
roles/desktop/services/syncthing.nix
View file

@ -1,25 +1,23 @@
{ config, ... }: {config, ...}: {
services.syncthing = {
{ enable = true;
services.syncthing = { user = "toast";
enable = true; group = "users";
user = "toast"; dataDir = config.users.users.toast.home;
group = "users"; settings.folders."passwords".path = "~/Documents/Passwords";
dataDir = config.users.users.toast.home; };
settings.folders."passwords".path = "~/Documents/Passwords"; # Allow regular users to stop syncthing
}; # https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
# Allow regular users to stop syncthing security.polkit.extraConfig = ''
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service polkit.addRule(function(action, subject) {
security.polkit.extraConfig = '' if (
polkit.addRule(function(action, subject) { action.id == "org.freedesktop.systemd1.manage-units" &&
if ( action.lookup("unit") == "syncthing.service" &&
action.id == "org.freedesktop.systemd1.manage-units" && subject.user == "${config.services.syncthing.user}"
action.lookup("unit") == "syncthing.service" && )
subject.user == "${config.services.syncthing.user}" {
) return polkit.Result.YES;
{ }
return polkit.Result.YES; })
} '';
})
'';
} }

12
roles/gaming/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./programs
imports = [ ./services
./programs ];
./services
];
} }

26
roles/gaming/programs/default.nix
View file

@ -1,14 +1,16 @@
{ config, pkgs, ... }:
{ {
imports = [ config,
./steam.nix pkgs,
./mangohud.nix ...
./rpcs3.nix }: {
./retroarch.nix imports = [
]; ./steam.nix
environment.systemPackages = with pkgs; [ ./mangohud.nix
heroic ./rpcs3.nix
prismlauncher-qt5 ./retroarch.nix
]; ];
environment.systemPackages = with pkgs; [
heroic
prismlauncher-qt5
];
} }

27
roles/gaming/programs/mangohud.nix
View file

@ -1,16 +1,13 @@
{ config, ... }: {config, ...}: {
home-manager.users.toast = {config, ...}: {
{ programs.mangohud = {
home-manager.users.toast = { config, ... }: enable = true;
{ # This only works for Vulkan, openGL programs still need the mangohud wrapper
programs.mangohud = { enableSessionWide = true;
enable = true; settings = {
# This only works for Vulkan, openGL programs still need the mangohud wrapper preset = 4;
enableSessionWide = true; no_display = true;
settings = { };
preset = 4; };
no_display = true; };
};
};
};
} }

102
roles/gaming/programs/retroarch.nix
View file

@ -1,79 +1,79 @@
{ pkgs, ... }: {pkgs, ...}: let
let
snes-roms = [ snes-roms = [
# ActRaiser # ActRaiser
( pkgs.fetchzip { (pkgs.fetchzip {
url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/ActRaiser%20%28USA%29.zip"; url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/ActRaiser%20%28USA%29.zip";
hash = "sha256-yxIL5Pqlp8xsx7wvNO1MlB8ffDjS0xpE+yrEfMj61As="; hash = "sha256-yxIL5Pqlp8xsx7wvNO1MlB8ffDjS0xpE+yrEfMj61As=";
} ) })
# Kirby Super Star # Kirby Super Star
( pkgs.fetchzip { (pkgs.fetchzip {
url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/Kirby%20Super%20Star%20%28USA%29.zip"; url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/Kirby%20Super%20Star%20%28USA%29.zip";
hash = "sha256-NX5OjCthf4ZiAhamclRBRk8GiMjZX3JLeShm8sQdDfc="; hash = "sha256-NX5OjCthf4ZiAhamclRBRk8GiMjZX3JLeShm8sQdDfc=";
} ) })
# Super Mario Kart # Super Mario Kart
( pkgs.fetchzip { (pkgs.fetchzip {
url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/Super%20Mario%20Kart%20%28USA%29.zip"; url = "https://myrient.erista.me/files/No-Intro/Nintendo%20-%20Super%20Nintendo%20Entertainment%20System/Super%20Mario%20Kart%20%28USA%29.zip";
hash = "sha256-RLBxPBmBrXCuPdnWE07KamBNgGJ5IntQVUPeij+2HUI="; hash = "sha256-RLBxPBmBrXCuPdnWE07KamBNgGJ5IntQVUPeij+2HUI=";
} ) })
]; ];
in in {
{
home-manager.users.toast = { home-manager.users.toast = {
home = { home = {
packages = [( packages = [
pkgs.retroarch.override { (
cores = with pkgs.libretro; [ pkgs.retroarch.override {
snes9x cores = with pkgs.libretro; [
]; snes9x
settings = { ];
video_driver = "vulkan"; settings = {
video_fullscreen = "true"; video_driver = "vulkan";
menu_swap_ok_cancel_buttons = "true"; video_fullscreen = "true";
input_joypad_driver = "sdl2"; menu_swap_ok_cancel_buttons = "true";
# Enable touchscreen support input_joypad_driver = "sdl2";
menu_pointer_enable = "true"; # Enable touchscreen support
menu_pointer_enable = "true";
# Folder stuffs # Folder stuffs
# System/BIOS files # System/BIOS files
system_directory = "~/.local/share/retroarch/system"; system_directory = "~/.local/share/retroarch/system";
# Downloads # Downloads
core_assets_directory = "~/.local/share/retroarch/downloads"; core_assets_directory = "~/.local/share/retroarch/downloads";
thumbnails_directory = "~/.local/share/retroarch/thumbnails"; thumbnails_directory = "~/.local/share/retroarch/thumbnails";
content_database_path = "~/.local/share/retroarch/database/rdb"; content_database_path = "~/.local/share/retroarch/database/rdb";
cheat_database_path = "~/.local/share/retroarch/cheats"; cheat_database_path = "~/.local/share/retroarch/cheats";
video_filter_dir = "~/.local/share/retroarch/filters/video"; video_filter_dir = "~/.local/share/retroarch/filters/video";
audio_filter_dir = "~/.local/share/retroarch/filters/audio"; audio_filter_dir = "~/.local/share/retroarch/filters/audio";
video_shader_dir = "~/.local/share/retroarch/shaders"; video_shader_dir = "~/.local/share/retroarch/shaders";
recording_output_directory = "~/.local/share/retroarch/records"; recording_output_directory = "~/.local/share/retroarch/records";
overlay_directory = "~/.local/share/retroarch/overlays"; overlay_directory = "~/.local/share/retroarch/overlays";
osk_overlay_directory = "~/.local/share/retroarch/overlays/keyboards"; osk_overlay_directory = "~/.local/share/retroarch/overlays/keyboards";
screenshot_directory = "~/.local/share/retroarch/screenshots"; screenshot_directory = "~/.local/share/retroarch/screenshots";
playlist_directory = "~/.local/share/retroarch/playlists"; playlist_directory = "~/.local/share/retroarch/playlists";
savefile_directory = "~/.local/share/retroarch/saves"; savefile_directory = "~/.local/share/retroarch/saves";
savestate_directory = "~/.local/share/retroarch/states"; savestate_directory = "~/.local/share/retroarch/states";
log_dir = "~/.local/share/retroarch/logs"; log_dir = "~/.local/share/retroarch/logs";
# By default settings has some things that this overrides, so I need to set them myself # By default settings has some things that this overrides, so I need to set them myself
libretro_info_path = "${pkgs.libretro-core-info}/share/retroarch/cores"; libretro_info_path = "${pkgs.libretro-core-info}/share/retroarch/cores";
joypad_autoconfig_dir = "${pkgs.retroarch-joypad-autoconfig}/share/libretro/autoconfig"; joypad_autoconfig_dir = "${pkgs.retroarch-joypad-autoconfig}/share/libretro/autoconfig";
assets_directory = "${pkgs.retroarch-assets}/share/retroarch/assets"; assets_directory = "${pkgs.retroarch-assets}/share/retroarch/assets";
}; };
} }
)]; )
];
file."Games/Roms/SNES/" = { file."Games/Roms/SNES/" = {
onChange = '' onChange = ''
${pkgs.retroarch}/bin/retroarch --scan "/home/toast/Games/Roms/SNES" ${pkgs.retroarch}/bin/retroarch --scan "/home/toast/Games/Roms/SNES"
''; '';
source = pkgs.symlinkJoin { source = pkgs.symlinkJoin {
name = "snes-roms"; name = "snes-roms";
paths = [ snes-roms ]; paths = [snes-roms];
}; };
}; };
}; };
# Retroarch is dumb since it doesn't generate some folders (but it does for others) # Retroarch is dumb since it doesn't generate some folders (but it does for others)
systemd.user.tmpfiles.rules = [ systemd.user.tmpfiles.rules = [
"d /%h/.local/share/retroarch/playlists" "d /%h/.local/share/retroarch/playlists"
"d /%h/.local/share/retroarch/saves" "d /%h/.local/share/retroarch/saves"
"d /%h/.local/share/retroarch/states" "d /%h/.local/share/retroarch/states"
@ -85,7 +85,7 @@ in
"retroarch" = { "retroarch" = {
label = "RetroArch"; label = "RetroArch";
id = "jxuou-2yjnu"; id = "jxuou-2yjnu";
devices = [ "steamdeck" "server" "pc" "winmax2" ]; devices = ["steamdeck" "server" "pc" "winmax2"];
path = "~/.local/share/retroarch"; path = "~/.local/share/retroarch";
}; };
}; };

38
roles/gaming/programs/rpcs3.nix
View file

@ -1,20 +1,24 @@
{ config, pkgs, ... }:
{ {
environment.systemPackages = with config; [ config,
nur.repos.ataraxiasjel.rpcs3 pkgs,
]; ...
# Compiling RPCS3 takes quite a while }: {
nix.settings = { environment.systemPackages = with config; [
substituters = [ "https://ataraxiadev-foss.cachix.org" ]; nur.repos.ataraxiasjel.rpcs3
trusted-public-keys = [ "ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058=" ]; ];
}; # Compiling RPCS3 takes quite a while
nix.settings = {
substituters = ["https://ataraxiadev-foss.cachix.org"];
trusted-public-keys = ["ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058="];
};
# Increase the memory lock limit # Increase the memory lock limit
security.pam.loginLimits = [{ security.pam.loginLimits = [
domain = "*"; {
item = "memlock"; domain = "*";
type = "-"; # Applies to both hard and soft limits item = "memlock";
value = "unlimited"; type = "-"; # Applies to both hard and soft limits
}]; value = "unlimited";
}
];
} }

37
roles/gaming/programs/steam.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, ... }:
{ {
programs.steam = { config,
enable = true; pkgs,
# Doubt that I'll use it, but I'll enable it anyways ...
remotePlay.openFirewall = true; }: {
programs.steam = {
enable = true;
# Doubt that I'll use it, but I'll enable it anyways
remotePlay.openFirewall = true;
extraCompatPackages = with pkgs; [ extraCompatPackages = with pkgs; [
proton-ge-bin proton-ge-bin
]; ];
}; };
# Some linux native games (rise of the tomb raider) use alsa for sound # Some linux native games (rise of the tomb raider) use alsa for sound
services.pipewire.alsa.enable = if config.services.pipewire.pulse.enable == true then true else false; services.pipewire.alsa.enable =
if config.services.pipewire.pulse.enable == true
then true
else false;
# Celeste mod manager # Celeste mod manager
home-manager.users.toast.services.flatpak.packages = [ home-manager.users.toast.services.flatpak.packages = [
"io.github.everestapi.Olympus" "io.github.everestapi.Olympus"
]; ];
} }

10
roles/gaming/services/default.nix
View file

@ -1,7 +1,5 @@
{ ... }: {...}: {
imports = [
{ ./syncthing.nix
imports = [ ];
./syncthing.nix
];
} }

36
roles/gaming/services/syncthing.nix
View file

@ -1,21 +1,19 @@
{ config, ... }: {config, ...}: {
/*
This file will sync saves for games that don't have cloud saves
TODO: turn this into a module eventually
*/
{ services.syncthing.settings.folders = {
/* "steam-201810" = {
This file will sync saves for games that don't have cloud saves label = "Wolfenstein The New Order Saves";
TODO: turn this into a module eventually id = "laxxf-t2wmy";
*/ devices = ["steamdeck" "server" "pc"];
path = "~/.local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/";
services.syncthing.settings.folders = { };
"steam-201810" = { };
label = "Wolfenstein The New Order Saves"; home-manager.users.toast.home.file."steam-201810-ignore" = {
id = "laxxf-t2wmy"; target = ".local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/.stignore";
devices = [ "steamdeck" "server" "pc" ]; text = "base/qconsole.log\nbase/wolfConfig.cfg";
path = "~/.local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/"; };
};
};
home-manager.users.toast.home.file."steam-201810-ignore" = {
target = ".local/share/Steam/steamapps/compatdata/201810/pfx/drive_c/users/steamuser/Saved Games/MachineGames/Wolfenstein The New Order/.stignore";
text = "base/qconsole.log\nbase/wolfConfig.cfg";
};
} }

14
roles/kde/default.nix
View file

@ -1,9 +1,7 @@
{ ... }: {...}: {
imports = [
{ ./plasma.nix
imports = [ ./sddm.nix
./plasma.nix ./programs
./sddm.nix ];
./programs
];
} }

318
roles/kde/plasma.nix
View file

@ -1,158 +1,172 @@
{ config, pkgs, lib, flakeSelf, ... }:
let
# Set up the default kde options
balooExcludedDirs = lib.strings.intersperse "," [
"$HOME/.cache/"
"$HOME/.config/"
"$HOME/.local/"
];
baloofilerc = lib.generators.toINI {} {
General = {
# The [$e] part allows you to use environment variables
"exclude folders[$e]" = lib.strings.concatStrings balooExcludedDirs;
};
};
# Make custom packages
breezeTint = pkgs.stdenv.mkDerivation {
name = "breeze-tint";
src = "${pkgs.breeze-qt5}";
patches = [ ./patches/BreezeTint.patch ];
installPhase = ''
runHook preInstall
mkdir -p $out/share/color-schemes/
cp -r share/color-schemes/* $out/share/color-schemes/
runHook postInstall
'';
};
# /etc/xdg is not read by plasma, so to change the default settings you need to put them in a package
plasmaDefaults = pkgs.stdenv.mkDerivation {
name = "toast-plasma-defaults";
dontUnpack = true;
installPhase = ''
runHook preInstall
set -x
mkdir -p $out/etc/xdg
echo '${baloofilerc}' > $out/etc/xdg/baloofilerc
runHook postInstall
'';
};
in
{ {
services.xserver = { config,
# Enable the Plasma 5 Desktop Environment pkgs,
desktopManager.plasma5.enable = true; lib,
displayManager.defaultSession = "plasmawayland"; flakeSelf,
}; ...
}: let
# Set up the default kde options
balooExcludedDirs = lib.strings.intersperse "," [
"$HOME/.cache/"
"$HOME/.config/"
"$HOME/.local/"
];
qt.enable = true; baloofilerc = lib.generators.toINI {} {
General = {
# The [$e] part allows you to use environment variables
"exclude folders[$e]" = lib.strings.concatStrings balooExcludedDirs;
};
};
# GTK apps need dconf to grab the correct theme on Wayland # Make custom packages
programs.dconf.enable = true; breezeTint = pkgs.stdenv.mkDerivation {
name = "breeze-tint";
src = "${pkgs.breeze-qt5}";
patches = [./patches/BreezeTint.patch];
installPhase = ''
runHook preInstall
# Install the patched Breeze color schemes as well as the plasma default configs mkdir -p $out/share/color-schemes/
environment.systemPackages = [ breezeTint plasmaDefaults ]; cp -r share/color-schemes/* $out/share/color-schemes/
# Plasma configs should be on all users runHook postInstall
home-manager.sharedModules = [ '';
( };
{ config, ... }:
let gtk2rc = "${config.xdg.configHome}/gtk-2.0/gtkrc"; in # /etc/xdg is not read by plasma, so to change the default settings you need to put them in a package
{ plasmaDefaults = pkgs.stdenv.mkDerivation {
gtk.gtk2.configLocation = gtk2rc; name = "toast-plasma-defaults";
# Kde has an annoying habit of overwriting the gtk2 config file dontUnpack = true;
home.file."${gtk2rc}".force = true; installPhase = ''
} runHook preInstall
)
{ set -x
imports = [ flakeSelf.inputs.plasma-manager.homeManagerModules.plasma-manager ]; mkdir -p $out/etc/xdg
gtk = { echo '${baloofilerc}' > $out/etc/xdg/baloofilerc
enable = true;
# Most apps are dark, so a white cursor is easier to spot runHook postInstall
cursorTheme = { package = pkgs.breeze-qt5; name = "Breeze_Snow"; }; '';
iconTheme = { package = pkgs.breeze-icons; name = "breeze-dark"; }; };
theme = { package = pkgs.breeze-gtk; name = "Breeze"; }; in {
# Gtk2 doesn't have a dark mode, so I just tell gtk 3 and 4 to use the dark variant services.xserver = {
gtk3.extraConfig.gtk-application-prefer-dark-theme = true; # Enable the Plasma 5 Desktop Environment
gtk4.extraConfig.gtk-application-prefer-dark-theme = true; desktopManager.plasma5.enable = true;
}; displayManager.defaultSession = "plasmawayland";
home.packages = [( };
pkgs.catppuccin-kde.override {
flavour = [ "mocha" ]; qt.enable = true;
accents = [ "mauve" ];
winDecStyles = [ "classic" ]; # GTK apps need dconf to grab the correct theme on Wayland
} programs.dconf.enable = true;
)];
programs.plasma = { # Install the patched Breeze color schemes as well as the plasma default configs
enable = true; environment.systemPackages = [breezeTint plasmaDefaults];
overrideConfig = true;
# Delete config files that I fully configure here # Plasma configs should be on all users
overrideConfigFiles = [ home-manager.sharedModules = [
"plasmashellrc" (
"plasma-org.kde.plasma.desktop-appletsrc" {config, ...}: let
]; gtk2rc = "${config.xdg.configHome}/gtk-2.0/gtkrc";
workspace = { in {
clickItemTo = "select"; gtk.gtk2.configLocation = gtk2rc;
cursorTheme = "Breeze_Snow"; # Kde has an annoying habit of overwriting the gtk2 config file
iconTheme = "breeze-dark"; home.file."${gtk2rc}".force = true;
lookAndFeel = "Catppuccin-Mocha-Mauve"; }
theme = "default"; )
colorScheme = "CatppuccinMochaMauve"; {
}; imports = [flakeSelf.inputs.plasma-manager.homeManagerModules.plasma-manager];
kwin = { gtk = {
titlebarButtons = { enable = true;
left = [ "on-all-desktops" "keep-above-windows" ]; # Most apps are dark, so a white cursor is easier to spot
right = [ "minimize" "maximize" "close" ]; cursorTheme = {
}; package = pkgs.breeze-qt5;
}; name = "Breeze_Snow";
panels = [{ };
location = "bottom"; iconTheme = {
height = 44; package = pkgs.breeze-icons;
widgets = [ name = "breeze-dark";
{ };
name = "org.kde.plasma.kickoff"; theme = {
config.General.icon = "nix-snowflake-white"; package = pkgs.breeze-gtk;
} name = "Breeze";
"org.kde.plasma.pager" };
"org.kde.plasma.icontasks" # Gtk2 doesn't have a dark mode, so I just tell gtk 3 and 4 to use the dark variant
"org.kde.plasma.marginsseparator" gtk3.extraConfig.gtk-application-prefer-dark-theme = true;
"org.kde.plasma.systemtray" gtk4.extraConfig.gtk-application-prefer-dark-theme = true;
{ };
name = "org.kde.plasma.digitalclock"; home.packages = [
config.Appearance.showSeconds = "true"; (
} pkgs.catppuccin-kde.override {
"org.kde.plasma.showdesktop" flavour = ["mocha"];
]; accents = ["mauve"];
}]; winDecStyles = ["classic"];
shortcuts = { }
"kwin" = { )
"Switch One Desktop to the Left" = [ "Meta+Ctrl+Left" ]; ];
"Switch One Desktop to the Right" = [ "Meta+Ctrl+Right" ]; programs.plasma = {
}; enable = true;
}; overrideConfig = true;
configFile = { # Delete config files that I fully configure here
"kwinrc" = { overrideConfigFiles = [
"org\\.kde\\.kdecoration2"."BorderSize" = "None"; "plasmashellrc"
"Desktops" = { "plasma-org.kde.plasma.desktop-appletsrc"
"Number" = 2; ];
"Rows" = 1; workspace = {
}; clickItemTo = "select";
"TabBox"."LayoutName" = "thumbnail_grid"; cursorTheme = "Breeze_Snow";
}; iconTheme = "breeze-dark";
"kdeglobals"."General"."AccentColor" = null; lookAndFeel = "Catppuccin-Mocha-Mauve";
"auroraerc"."CatppuccinMocha-Classic"."ButtonSize" = 0; theme = "default";
"plasmanotifyrc"."Notifications"."NormalAlwaysOnTop" = true; colorScheme = "CatppuccinMochaMauve";
}; };
}; kwin = {
} titlebarButtons = {
]; left = ["on-all-desktops" "keep-above-windows"];
right = ["minimize" "maximize" "close"];
};
};
panels = [
{
location = "bottom";
height = 44;
widgets = [
{
name = "org.kde.plasma.kickoff";
config.General.icon = "nix-snowflake-white";
}
"org.kde.plasma.pager"
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
"org.kde.plasma.systemtray"
{
name = "org.kde.plasma.digitalclock";
config.Appearance.showSeconds = "true";
}
"org.kde.plasma.showdesktop"
];
}
];
shortcuts = {
"kwin" = {
"Switch One Desktop to the Left" = ["Meta+Ctrl+Left"];
"Switch One Desktop to the Right" = ["Meta+Ctrl+Right"];
};
};
configFile = {
"kwinrc" = {
"org\\.kde\\.kdecoration2"."BorderSize" = "None";
"Desktops" = {
"Number" = 2;
"Rows" = 1;
};
"TabBox"."LayoutName" = "thumbnail_grid";
};
"kdeglobals"."General"."AccentColor" = null;
"auroraerc"."CatppuccinMocha-Classic"."ButtonSize" = 0;
"plasmanotifyrc"."Notifications"."NormalAlwaysOnTop" = true;
};
};
}
];
} }

24
roles/kde/programs/default.nix
View file

@ -1,15 +1,13 @@
{ config, ... }: {config, ...}: {
imports = [
./kate.nix
./firefox.nix
./skanpage.nix
./neochat.nix
./konsole.nix
./git.nix
];
{ # Enable the kde partition manager
imports = [ programs.partition-manager.enable = true;
./kate.nix
./firefox.nix
./skanpage.nix
./neochat.nix
./konsole.nix
./git.nix
];
# Enable the kde partition manager
programs.partition-manager.enable = true;
} }

62
roles/kde/programs/firefox.nix
View file

@ -1,32 +1,34 @@
{ config, pkgs, ... }:
{ {
# KDE specific firefox settings config,
programs.firefox = { pkgs,
policies = { ...
"ExtensionSettings" = { }: {
# TODO: Install extensions the NUR instead of from AMO # KDE specific firefox settings
"plasma-browser-integration@kde.org" = { programs.firefox = {
"installation_mode" = "normal_installed"; policies = {
"install_url" = "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi"; "ExtensionSettings" = {
}; # TODO: Install extensions the NUR instead of from AMO
}; "plasma-browser-integration@kde.org" = {
"Preferences" = { "installation_mode" = "normal_installed";
# Make firefox use the kde file picker "install_url" = "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi";
"widget.use-xdg-desktop-portal.file-picker" = { };
"Value" = 1; };
"Status" = "default"; "Preferences" = {
}; # Make firefox use the kde file picker
/* "widget.use-xdg-desktop-portal.file-picker" = {
https://wiki.archlinux.org/title/Firefox#KDE_integration tells me to enable this, "Value" = 1;
but strangely enough doing so makes firefox ask to be set as the default browser "Status" = "default";
every time you start it up, so I'll disable it };
*/ /*
"widget.use-xdg-desktop-portal.mime-handler" = { https://wiki.archlinux.org/title/Firefox#KDE_integration tells me to enable this,
"Value" = 0; but strangely enough doing so makes firefox ask to be set as the default browser
"Status" = "default"; every time you start it up, so I'll disable it
}; */
}; "widget.use-xdg-desktop-portal.mime-handler" = {
}; "Value" = 0;
}; "Status" = "default";
};
};
};
};
} }

6
roles/kde/programs/git.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
{ {
pkgs,
lib,
...
}: {
home-manager.users.toast = { home-manager.users.toast = {
programs.git = { programs.git = {
extraConfig = { extraConfig = {

16
roles/kde/programs/kate.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, ... }:
{ {
environment.systemPackages = [ pkgs.kate ]; config,
pkgs,
...
}: {
environment.systemPackages = [pkgs.kate];
# Use kwrite to open text files, and kate if I'm developing stuff # Use kwrite to open text files, and kate if I'm developing stuff
xdg.mime.defaultApplications = { xdg.mime.defaultApplications = {
"text/plain" = "org.kde.kwrite.desktop"; "text/plain" = "org.kde.kwrite.desktop";
}; };
} }

24
roles/kde/programs/konsole.nix
View file

@ -1,17 +1,17 @@
{ pkgs, ... }: {pkgs, ...}: let
let catppuccinKonsole =
catppuccinKonsole = pkgs.fetchFromGitHub { pkgs.fetchFromGitHub {
owner = "catppuccin"; owner = "catppuccin";
repo = "konsole"; repo = "konsole";
# Latest commit is 7d86b8a1e56e58f6b5649cdaac543a573ac194ca # Latest commit is 7d86b8a1e56e58f6b5649cdaac543a573ac194ca
rev = "main"; rev = "main";
hash = "sha256-EwSJMTxnaj2UlNJm1t6znnatfzgm1awIQQUF3VPfCTM="; hash = "sha256-EwSJMTxnaj2UlNJm1t6znnatfzgm1awIQQUF3VPfCTM=";
} + /Catppuccin-Mocha.colorscheme; }
in + /Catppuccin-Mocha.colorscheme;
{ in {
home-manager.users.toast = { home-manager.users.toast = {
xdg.dataFile = { xdg.dataFile = {
"konsole/Catppuccin-Mocha.colorscheme".source = catppuccinKonsole; "konsole/Catppuccin-Mocha.colorscheme".source = catppuccinKonsole;
}; };
}; };
} }

8
roles/kde/programs/neochat.nix
View file

@ -1,7 +1,5 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home-manager.users.toast = { home-manager.users.toast = {
home.packages = [ pkgs.neochat ]; home.packages = [pkgs.neochat];
}; };
} }

17
roles/kde/programs/skanpage.nix
View file

@ -1,9 +1,12 @@
{ config, lib, pkgs, ... }:
{ {
# Only install skanpage if scanning is set up config,
config = lib.mkIf config.hardware.sane.enable { lib,
environment.systemPackages = [ pkgs.skanpage ]; pkgs,
}; ...
# environment.systemPackages = if config.hardware.sane.enable == true then [ pkgs.skanpage ] else []; }: {
# Only install skanpage if scanning is set up
config = lib.mkIf config.hardware.sane.enable {
environment.systemPackages = [pkgs.skanpage];
};
# environment.systemPackages = if config.hardware.sane.enable == true then [ pkgs.skanpage ] else [];
} }

106
roles/kde/sddm.nix
View file

@ -1,56 +1,56 @@
{ config, pkgs, ... }:
let
currentTheme = config.services.xserver.displayManager.sddm.theme;
sddm-sugar-candy = pkgs.stdenv.mkDerivation {
pname = "sddm-sugar-candy";
version = "master";
src = pkgs.fetchgit {
url = "https://framagit.org/MarianArlt/sddm-sugar-candy.git";
hash = "sha256-XggFVsEXLYklrfy1ElkIp9fkTw4wvXbyVkaVCZq4ZLU=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/sugar-candy
cp -r /build/sddm-sugar-candy/* $out/share/sddm/themes/sugar-candy
runHook postInstall
'';
};
/*
Adds a theme.conf.user file to the current sddm theme's folder,
allowing you to change it's configuration without needing to
repackage it
*/
customcfg = pkgs.stdenv.mkDerivation {
name = "sddm-theme-customizer";
dontUnpack = true;
# TODO: generate theme.conf.user outside of installPhase
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/${currentTheme}/
echo "[General]
background = ${pkgs.plasma-workspace-wallpapers}/share/wallpapers/MilkyWay/contents/images/5120x2880.png" >> $out/share/sddm/themes/${currentTheme}/theme.conf.user
runHook postInstall
'';
};
in
{ {
# Enable SDDM. config,
services.xserver.displayManager.sddm = { pkgs,
enable = true; ...
theme = "sugar-candy"; }: let
settings = { currentTheme = config.services.xserver.displayManager.sddm.theme;
General = { Numlock = "on"; };
Theme = { CursorTheme = "Breeze_Snow"; };
};
};
environment.systemPackages = [ sddm-sugar-candy customcfg ]; sddm-sugar-candy = pkgs.stdenv.mkDerivation {
pname = "sddm-sugar-candy";
version = "master";
src = pkgs.fetchgit {
url = "https://framagit.org/MarianArlt/sddm-sugar-candy.git";
hash = "sha256-XggFVsEXLYklrfy1ElkIp9fkTw4wvXbyVkaVCZq4ZLU=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/sugar-candy
cp -r /build/sddm-sugar-candy/* $out/share/sddm/themes/sugar-candy
runHook postInstall
'';
};
/*
Adds a theme.conf.user file to the current sddm theme's folder,
allowing you to change it's configuration without needing to
repackage it
*/
customcfg = pkgs.stdenv.mkDerivation {
name = "sddm-theme-customizer";
dontUnpack = true;
# TODO: generate theme.conf.user outside of installPhase
installPhase = ''
runHook preInstall
mkdir -p $out/share/sddm/themes/${currentTheme}/
echo "[General]
background = ${pkgs.plasma-workspace-wallpapers}/share/wallpapers/MilkyWay/contents/images/5120x2880.png" >> $out/share/sddm/themes/${currentTheme}/theme.conf.user
runHook postInstall
'';
};
in {
# Enable SDDM.
services.xserver.displayManager.sddm = {
enable = true;
theme = "sugar-candy";
settings = {
General = {Numlock = "on";};
Theme = {CursorTheme = "Breeze_Snow";};
};
};
environment.systemPackages = [sddm-sugar-candy customcfg];
} }

12
roles/school/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: {...}: {
imports = [
{ ./services
imports = [ ./programs
./services ];
./programs
];
} }

28
roles/school/programs/default.nix
View file

@ -1,15 +1,17 @@
{ config, pkgs, ... }:
{ {
imports = [ config,
./virtualbox.nix pkgs,
./idea.nix ...
./vscode.nix }: {
./helix.nix imports = [
./unity.nix ./virtualbox.nix
]; ./idea.nix
./vscode.nix
environment.systemPackages = with pkgs; [ ./helix.nix
dia ./unity.nix
]; ];
environment.systemPackages = with pkgs; [
dia
];
} }

5
roles/school/programs/helix.nix
View file

@ -1,7 +1,4 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home-manager.users.toast = { home-manager.users.toast = {
programs.helix = { programs.helix = {
extraPackages = with pkgs; [ extraPackages = with pkgs; [

60
roles/school/programs/idea.nix
View file

@ -1,33 +1,35 @@
{ config, pkgs, ... }:
with pkgs;
{ {
environment.systemPackages = with jetbrains; [ config,
idea-ultimate pkgs,
]; ...
}:
with pkgs; {
environment.systemPackages = with jetbrains; [
idea-ultimate
];
home-manager.users.toast = { home-manager.users.toast = {
# Install plugins # Install plugins
home.file = { home.file = {
".local/share/JetBrains/IntelliJIdea2023.3/catppuccin.jar".source = fetchurl { ".local/share/JetBrains/IntelliJIdea2023.3/catppuccin.jar".source = fetchurl {
url = "https://github.com/catppuccin/jetbrains/releases/download/v3.2.3/Catppuccin.Theme-3.2.3.jar"; url = "https://github.com/catppuccin/jetbrains/releases/download/v3.2.3/Catppuccin.Theme-3.2.3.jar";
hash = "sha256-v5BZ2UKEBA/0DHKGwmprmuu0RcJCDsxzWmCdnX9aXpE="; hash = "sha256-v5BZ2UKEBA/0DHKGwmprmuu0RcJCDsxzWmCdnX9aXpE=";
}; };
".local/share/JetBrains/IntelliJIdea2023.3/rainbow-brackets".source = fetchzip { ".local/share/JetBrains/IntelliJIdea2023.3/rainbow-brackets".source = fetchzip {
url = "https://github.com/izhangzhihao/intellij-rainbow-brackets/releases/download/latest/intellij-rainbow-brackets-2023.3.9-233.zip"; url = "https://github.com/izhangzhihao/intellij-rainbow-brackets/releases/download/latest/intellij-rainbow-brackets-2023.3.9-233.zip";
hash = "sha256-faMDP6kU21WOHVjY5Aj4/Glqymo1iUCTuUJdHsq1N/s="; hash = "sha256-faMDP6kU21WOHVjY5Aj4/Glqymo1iUCTuUJdHsq1N/s=";
}; };
".local/share/JetBrains/IntelliJIdea2023.3/catppuccin-icons.jar".source = fetchurl { ".local/share/JetBrains/IntelliJIdea2023.3/catppuccin-icons.jar".source = fetchurl {
url = "https://github.com/catppuccin/jetbrains-icons/releases/download/v1.1.1/Catppuccin.Icons-1.1.1.jar"; url = "https://github.com/catppuccin/jetbrains-icons/releases/download/v1.1.1/Catppuccin.Icons-1.1.1.jar";
hash = "sha256-Bn0Yn0RlNmJQCSC0MJQrKjeERzfHhupWnyYm0YjXFwY="; hash = "sha256-Bn0Yn0RlNmJQCSC0MJQrKjeERzfHhupWnyYm0YjXFwY=";
}; };
}; };
/* /*
If you use programs.java.enable intellij picks up the jdk package directly, which is not ideal If you use programs.java.enable intellij picks up the jdk package directly, which is not ideal
This adds the jdks I want to use to a directory intellij expects jdks to be This adds the jdks I want to use to a directory intellij expects jdks to be
*/ */
home.file.".jdks/jdk8".source = "${pkgs.jdk8}/lib/openjdk"; home.file.".jdks/jdk8".source = "${pkgs.jdk8}/lib/openjdk";
home.file.".jdks/jdk17".source = "${pkgs.jdk17}/lib/openjdk"; home.file.".jdks/jdk17".source = "${pkgs.jdk17}/lib/openjdk";
}; };
} }

12
roles/school/programs/unity.nix
View file

@ -1,9 +1,9 @@
{ pkgs, ... }: {pkgs, ...}: {
{
home-manager.users.toast = { home-manager.users.toast = {
home.packages = [( home.packages = [
pkgs.unityhub (
)]; pkgs.unityhub
)
];
}; };
} }

28
roles/school/programs/virtualbox.nix
View file

@ -1,15 +1,15 @@
{ config, ... }: {config, ...}: {
# Need to use visual studio 2019 :(
{ virtualisation.virtualbox.host = {
# Need to use visual studio 2019 :( enable = true;
virtualisation.virtualbox.host = { };
enable = true; home-manager.sharedModules = [
}; {
home-manager.sharedModules = [{ systemd.user.tmpfiles.rules = [
systemd.user.tmpfiles.rules = [ "d '/%h/VirtualBox VMs'"
"d '/%h/VirtualBox VMs'" "h '/%h/VirtualBox VMs' - - - - C "
"h '/%h/VirtualBox VMs' - - - - C " ];
]; }
}]; ];
users.users.toast.extraGroups = [ "vboxusers" ]; users.users.toast.extraGroups = ["vboxusers"];
} }

38
roles/school/programs/vscode.nix
View file

@ -1,18 +1,24 @@
{ config, pkgs, lib, flakeSelf, ... }:
let inputs = flakeSelf.inputs; in
{ {
home-manager.users.toast.programs.vscode = { config,
# The redhat xml extension needs an fhs environment pkgs,
package = lib.mkForce pkgs.vscodium-fhs; lib,
extensions = with inputs.vscode-extensions.extensions.x86_64-linux; [ flakeSelf,
open-vsx.redhat.vscode-xml ...
open-vsx.tomoki1207.pdf }: let
open-vsx.ms-vscode.live-server inputs = flakeSelf.inputs;
open-vsx.ecmel.vscode-html-css in {
open-vsx.angular.ng-template home-manager.users.toast.programs.vscode = {
]; # The redhat xml extension needs an fhs environment
userSettings = { package = lib.mkForce pkgs.vscodium-fhs;
redhat.telemetry.enabled = false; extensions = with inputs.vscode-extensions.extensions.x86_64-linux; [
}; open-vsx.redhat.vscode-xml
}; open-vsx.tomoki1207.pdf
open-vsx.ms-vscode.live-server
open-vsx.ecmel.vscode-html-css
open-vsx.angular.ng-template
];
userSettings = {
redhat.telemetry.enabled = false;
};
};
} }

16
roles/school/services/default.nix
View file

@ -1,10 +1,8 @@
{ ... }: {...}: {
imports = [
{ ./syncthing.nix
imports = [ ./mysql.nix
./syncthing.nix ./xampp.nix
./mysql.nix ./mongodb.nix
./xampp.nix ];
./mongodb.nix
];
} }

55
roles/school/services/mongodb.nix
View file

@ -1,31 +1,34 @@
{ config, pkgs, lib, ... }:
{ {
services.mongodb = { config,
enable = true; pkgs,
package = pkgs.mongodb-4_4; lib,
user = "toast"; ...
}; }: {
services.mongodb = {
enable = true;
package = pkgs.mongodb-4_4;
user = "toast";
};
# Don't autostart MySQL # Don't autostart MySQL
systemd.services.mongodb.wantedBy = lib.mkForce []; systemd.services.mongodb.wantedBy = lib.mkForce [];
# Allow regular users to start/stop mongodb # Allow regular users to start/stop mongodb
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service # https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = '' security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) {
if ( if (
action.id == "org.freedesktop.systemd1.manage-units" && action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "mongodb.service" && action.lookup("unit") == "mongodb.service" &&
subject.user == "${config.services.mongodb.user}" subject.user == "${config.services.mongodb.user}"
) )
{ {
return polkit.Result.YES; return polkit.Result.YES;
} }
}) })
''; '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
mongosh mongosh
]; ];
} }

59
roles/school/services/mysql.nix
View file

@ -1,33 +1,36 @@
{ config, pkgs, lib, ... }:
{ {
services.mysql = { config,
enable = true; pkgs,
package = pkgs.mysql80; lib,
user = "toast"; ...
group = "users"; }: {
}; services.mysql = {
enable = true;
package = pkgs.mysql80;
user = "toast";
group = "users";
};
# Don't autostart MySQL # Don't autostart MySQL
systemd.services.mysql.wantedBy = lib.mkForce []; systemd.services.mysql.wantedBy = lib.mkForce [];
# Allow regular users to start/stop mysql # Allow regular users to start/stop mysql
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service # https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
security.polkit.extraConfig = '' security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) {
if ( if (
action.id == "org.freedesktop.systemd1.manage-units" && action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "mysql.service" && action.lookup("unit") == "mysql.service" &&
subject.user == "${config.services.mysql.user}" subject.user == "${config.services.mysql.user}"
) )
{ {
return polkit.Result.YES; return polkit.Result.YES;
} }
}) })
''; '';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
mysql-workbench mysql-workbench
mycli mycli
]; ];
} }

20
roles/school/services/syncthing.nix
View file

@ -1,12 +1,10 @@
{ config, ... }: {config, ...}: {
services.syncthing.settings.folders = {
{ "school-things" = {
services.syncthing.settings.folders = { label = "School things";
"school-things" = { id = "z6alc-nfoqr";
label = "School things"; devices = ["steamdeck" "server" "pc" "winmax2"];
id = "z6alc-nfoqr"; path = "~/Documents/School things";
devices = [ "steamdeck" "server" "pc" "winmax2" ]; };
path = "~/Documents/School things"; };
};
};
} }

70
roles/school/services/xampp.nix
View file

@ -1,36 +1,38 @@
{ config, pkgs, ... }:
let
booDark = pkgs.fetchzip {
url = "https://github.com/adorade/boodark/releases/download/v1.1.1/boodark-v1.1.1.zip";
hash = "sha256-GE/FtFlU6A4I9sRyjMhQIidGpDLD99Wzzngz3QI/rSo=";
};
in
{ {
# I tried setting up httpd + php in class but I just gave up config,
virtualisation.oci-containers = { pkgs,
containers."xampp" = { ...
autoStart = false; }: let
image = "tomsik68/xampp"; booDark = pkgs.fetchzip {
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}"; url = "https://github.com/adorade/boodark/releases/download/v1.1.1/boodark-v1.1.1.zip";
volumes = [ hash = "sha256-GE/FtFlU6A4I9sRyjMhQIidGpDLD99Wzzngz3QI/rSo=";
"xampp-mysql:/opt/lampp/var/mysql" };
# No dark mode installed by default :( in {
"${booDark}:/opt/lampp/phpmyadmin/themes/booDark" # I tried setting up httpd + php in class but I just gave up
]; virtualisation.oci-containers = {
ports = [ "41061:22" "41062:80" ]; containers."xampp" = {
}; autoStart = false;
}; image = "tomsik68/xampp";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
volumes = [
"xampp-mysql:/opt/lampp/var/mysql"
# No dark mode installed by default :(
"${booDark}:/opt/lampp/phpmyadmin/themes/booDark"
];
ports = ["41061:22" "41062:80"];
};
};
security.polkit.extraConfig = '' security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) {
if ( if (
action.id == "org.freedesktop.systemd1.manage-units" && action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "podman-xampp.service" && action.lookup("unit") == "podman-xampp.service" &&
subject.user == "toast" subject.user == "toast"
) )
{ {
return polkit.Result.YES; return polkit.Result.YES;
} }
}) })
''; '';
} }

20
roles/server/avahi.nix
View file

@ -1,11 +1,9 @@
{ config, ... }: {config, ...}: {
services.avahi = {
{ openFirewall = true;
services.avahi = { publish = {
openFirewall = true; enable = true;
publish = { userServices = true;
enable = true; };
userServices = true; };
}; }
};
}

32
roles/server/beep.nix
View file

@ -1,16 +1,20 @@
{ config, pkgs, ... }:
{ {
# Beep as soon as possible in the initrd config,
boot.initrd = { pkgs,
kernelModules = [ "pcspkr" ]; ...
extraFiles.beep.source = pkgs.beep; }: {
postDeviceCommands = "/beep/bin/beep -f 3000 -l 50 -r 2"; # Beep as soon as possible in the initrd
}; boot.initrd = {
/*systemd.services.startupBeep = { kernelModules = ["pcspkr"];
description = "Beep when system started booting"; extraFiles.beep.source = pkgs.beep;
wantedBy = [ "sysinit.target" ]; postDeviceCommands = "/beep/bin/beep -f 3000 -l 50 -r 2";
script = "${pkgs.beep}/bin/beep -f 3000 -l 50 -r 2"; };
serviceConfig = { Type = "oneshot"; }; /*
};*/ systemd.services.startupBeep = {
description = "Beep when system started booting";
wantedBy = [ "sysinit.target" ];
script = "${pkgs.beep}/bin/beep -f 3000 -l 50 -r 2";
serviceConfig = { Type = "oneshot"; };
};
*/
} }

34
roles/server/ddclient.nix
View file

@ -1,20 +1,20 @@
{ config, flakeSelf, ... }:
let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in
{ {
# Set up secrets config,
age.secrets = { ddclient-passwd.file = hostSecrets + "/ddclient-password.age"; }; flakeSelf,
...
}: let
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName;
in {
# Set up secrets
age.secrets = {ddclient-passwd.file = hostSecrets + "/ddclient-password.age";};
services.ddclient = { services.ddclient = {
enable = true; enable = true;
use = "web, web=dynamicdns.park-your-domain.com/getip"; use = "web, web=dynamicdns.park-your-domain.com/getip";
protocol = "namecheap"; protocol = "namecheap";
server = "dynamicdns.park-your-domain.com"; server = "dynamicdns.park-your-domain.com";
username = "toast003.xyz"; username = "toast003.xyz";
passwordFile = config.age.secrets.ddclient-passwd.path; passwordFile = config.age.secrets.ddclient-passwd.path;
domains = [ "@" ]; domains = ["@"];
}; };
} }

36
roles/server/default.nix
View file

@ -1,20 +1,18 @@
{ ... }: {...}: {
imports = [
{ ./avahi.nix
imports = [ ./nfs.nix
./avahi.nix ./samba.nix
./nfs.nix ./ssh.nix
./samba.nix ./forgejo.nix
./ssh.nix ./syncthing.nix
./forgejo.nix ./endlessh.nix
./syncthing.nix ./transmission.nix
./endlessh.nix ./ddclient.nix
./transmission.nix ./beep.nix
./ddclient.nix ./tailscale.nix
./beep.nix ./traefik.nix
./tailscale.nix ./minecraft.nix
./traefik.nix ./dns.nix
./minecraft.nix ];
./dns.nix
];
} }

24
roles/server/dns.nix
View file

@ -1,22 +1,20 @@
{ ... }: {...}: {
{
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
# Only using this for tailscale IPs, so better to let tailscale itself deal with it # Only using this for tailscale IPs, so better to let tailscale itself deal with it
resolveLocalQueries = false; resolveLocalQueries = false;
settings = { settings = {
listen-address = [ "100.73.96.48" ]; listen-address = ["100.73.96.48"];
/* /*
Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
From the little testing I have done it seems to not cause any issues, but better to be safe From the little testing I have done it seems to not cause any issues, but better to be safe
than sorry :P than sorry :P
*/ */
dns-loop-detect = true; dns-loop-detect = true;
# If this isn't set a cname that targets a host might return the wrong ip # If this isn't set a cname that targets a host might return the wrong ip
localise-queries = true; localise-queries = true;
## IPv6 is not a thing in Spain so I'm guaranteed to not use it ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
@ -29,11 +27,11 @@
# Add tailscale hosts # Add tailscale hosts
networking.hosts = { networking.hosts = {
"100.73.96.48" = [ "everest" ]; "100.73.96.48" = ["everest"];
"100.113.139.93" = [ "archie" ]; "100.113.139.93" = ["archie"];
"100.85.48.85" = [ "steamdeck" ]; "100.85.48.85" = ["steamdeck"];
"100.96.92.13" = [ "surfecego" ]; "100.96.92.13" = ["surfecego"];
"100.106.73.20" = [ "winmax2" ]; "100.106.73.20" = ["winmax2"];
}; };
# Dnsmasq conflicts with the resolved dns stub listener # Dnsmasq conflicts with the resolved dns stub listener

18
roles/server/endlessh.nix
View file

@ -1,10 +1,8 @@
{ config, ... }: {config, ...}: {
# I prefer using the go implementation
{ services.endlessh-go = {
# I prefer using the go implementation enable = true;
services.endlessh-go = { openFirewall = true;
enable = true; extraOptions = ["-alsologtostderr" "-v=1"];
openFirewall = true; };
extraOptions = [ "-alsologtostderr" "-v=1"] ; }
};
}

10
roles/server/forgejo.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{ {
config,
lib,
...
}: {
specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false; specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
services.forgejo = { services.forgejo = {
enable = true; enable = true;
@ -22,7 +24,7 @@
}; };
# Add a cname for forgejo # Add a cname for forgejo
services.dnsmasq.settings.cname = [ "git.everest.sable-pancake.ts.net,everest" ]; services.dnsmasq.settings.cname = ["git.everest.sable-pancake.ts.net,everest"];
# Set up traefik as the reverse proxy for Forgejo # Set up traefik as the reverse proxy for Forgejo
services.traefik = { services.traefik = {
@ -35,7 +37,7 @@
}; };
}; };
services.forgejo.loadBalancer.servers = [ services.forgejo.loadBalancer.servers = [
{ url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; } {url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
]; ];
}; };
}; };

217
roles/server/minecraft.nix
View file

@ -1,115 +1,116 @@
{ config, pkgs, flakeSelf, ... }:
let
atfc = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/813246/files/4732590/download";
sha256 = "0yl6ixmhfgqvcj3kfshpf8fy42vkkmjbn7d7yg86jx0ykiiq5f9x";
};
puffish_skills = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/835091/files/4747353/download";
sha256 = "1pwx8zqih019l12lrmllrjv2al0mjzwj4p5qmc4ps1g555jy8qil";
};
spark = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/361579/files/4505375/download";
sha256 = "1708lrx1nif0mvf7ambw8504j12wbn0vm69wsh21p8ylqpql1s4x";
};
port = 25565;
users = config.users;
in
{ {
users = { config,
groups.minecraft = { pkgs,
members = [ "toast" ]; flakeSelf,
gid = 987; ...
}; }: let
users.atfc = { atfc = builtins.fetchurl {
isSystemUser = true; url = "https://www.curseforge.com/api/v1/mods/813246/files/4732590/download";
uid = 988; sha256 = "0yl6ixmhfgqvcj3kfshpf8fy42vkkmjbn7d7yg86jx0ykiiq5f9x";
group = "minecraft"; };
home = "/var/lib/minecraft/atfc"; puffish_skills = builtins.fetchurl {
homeMode = "750"; url = "https://www.curseforge.com/api/v1/mods/835091/files/4747353/download";
createHome = true; sha256 = "1pwx8zqih019l12lrmllrjv2al0mjzwj4p5qmc4ps1g555jy8qil";
}; };
}; spark = builtins.fetchurl {
url = "https://www.curseforge.com/api/v1/mods/361579/files/4505375/download";
virtualisation.oci-containers = { sha256 = "1708lrx1nif0mvf7ambw8504j12wbn0vm69wsh21p8ylqpql1s4x";
containers."minecraft-atfc" = { };
autoStart = true;
image = "itzg/minecraft-server";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
environment = {
TZ = "Europe/Madrid";
EULA = "true";
TYPE = "forge";
MEMORY = "2G";
UID = toString users.users.atfc.uid;
GID = toString users.groups.minecraft.gid;
VERSION = "1.18.2";
FORGE_VERSION = "40.2.10";
GENERIC_PACK = "/modpack.zip";
#USE_AIKAR_FLAGS = "true";
#STOP_DURATION = "70";
STOP_SERVER_ANNOUNCE_DELAY = "25";
# server.properties port = 25565;
MOTD = "Toast's modded minecraft server"; users = config.users;
DIFFICULTY = "hard"; in {
SNOOPER_ENABLED = "false"; users = {
SPAWN_PROTECTION = "0"; groups.minecraft = {
LEVEL_TYPE = "tfc:tng"; members = ["toast"];
BROADCAST_CONSOLE_TO_OPS = "true"; gid = 987;
BROADCAST_RCON_TO_OPS = "true"; };
VIEW_DISTANCE = "16"; users.atfc = {
MAX_PLAYERS = "4"; isSystemUser = true;
uid = 988;
group = "minecraft";
home = "/var/lib/minecraft/atfc";
homeMode = "750";
createHome = true;
};
};
RCON_CMDS_LAST_DISCONNECT = "save-all"; virtualisation.oci-containers = {
containers."minecraft-atfc" = {
OPS = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff"; autoStart = true;
EXISTING_OPS_FILE = "synchronize"; image = "itzg/minecraft-server";
#user = "${toString users.users.atfc.uid}:${toString users.groups.minecraft.gid}";
environment = {
TZ = "Europe/Madrid";
EULA = "true";
TYPE = "forge";
MEMORY = "2G";
UID = toString users.users.atfc.uid;
GID = toString users.groups.minecraft.gid;
VERSION = "1.18.2";
FORGE_VERSION = "40.2.10";
GENERIC_PACK = "/modpack.zip";
#USE_AIKAR_FLAGS = "true";
WHITELIST = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff,03f080e8-ce8e-4b90-a312-734747ce7db0,ea88f690-cf46-4416-bfd5-6f6b165885f7"; #STOP_DURATION = "70";
EXISTING_WHITELIST_FILE = "synchronize"; STOP_SERVER_ANNOUNCE_DELAY = "25";
# Auto pause needs this # server.properties
MAX_TICK_TIME = "-1"; MOTD = "Toast's modded minecraft server";
AUTOPAUSE_KNOCK_INTERFACE = "tap0"; DIFFICULTY = "hard";
ENABLE_AUTOPAUSE = "true"; SNOOPER_ENABLED = "false";
}; SPAWN_PROTECTION = "0";
extraOptions = [ LEVEL_TYPE = "tfc:tng";
"--network=slirp4netns:port_handler=slirp4netns" BROADCAST_CONSOLE_TO_OPS = "true";
"--cap-add=CAP_NET_RAW" BROADCAST_RCON_TO_OPS = "true";
]; VIEW_DISTANCE = "16";
MAX_PLAYERS = "4";
volumes = [
"${atfc}:/modpack.zip"
"${puffish_skills}:/mods/puffish_skills.jar"
"${spark}:/mods/spark.jar"
"${users.users.atfc.home}:/data"
#"/tmp/minecraft:/data"
];
ports = [ "25565:${toString port}" ];
};
};
networking.firewall.allowedTCPPorts = [ port ];
# anything-sync-daemon config RCON_CMDS_LAST_DISCONNECT = "save-all";
systemd.packages = with pkgs; [ flakeSelf.packages.x86_64-linux.anything-sync-daemon ];
environment.systemPackages = with pkgs; [ flakeSelf.packages.x86_64-linux.anything-sync-daemon ]; OPS = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff";
fileSystems.minecraftTmpfs = { EXISTING_OPS_FILE = "synchronize";
device = "none";
fsType = "tmpfs"; WHITELIST = "b3ca4afb-a3da-4a78-85c3-2292fd0787e2,0cb3d02a-1d1f-4d7f-b70c-bd53dc155cff,03f080e8-ce8e-4b90-a312-734747ce7db0,ea88f690-cf46-4416-bfd5-6f6b165885f7";
mountPoint = "/mnt/minecraftTmpfs"; EXISTING_WHITELIST_FILE = "synchronize";
options = [ "size=4G "];
}; # Auto pause needs this
environment.etc."asd.conf".text = MAX_TICK_TIME = "-1";
''WHATTOSYNC=('/var/lib/minecraft') AUTOPAUSE_KNOCK_INTERFACE = "tap0";
VOLATILE="${config.fileSystems.minecraftTmpfs.mountPoint}" ENABLE_AUTOPAUSE = "true";
USE_OVERLAYFS="yes" ''; };
systemd.services.asd = { extraOptions = [
wantedBy = [ "podman-minecraft-atfc.service" ]; "--network=slirp4netns:port_handler=slirp4netns"
before = [ "podman-minecraft-atfc.service" ]; "--cap-add=CAP_NET_RAW"
}; ];
volumes = [
"${atfc}:/modpack.zip"
"${puffish_skills}:/mods/puffish_skills.jar"
"${spark}:/mods/spark.jar"
"${users.users.atfc.home}:/data"
#"/tmp/minecraft:/data"
];
ports = ["25565:${toString port}"];
};
};
networking.firewall.allowedTCPPorts = [port];
# anything-sync-daemon config
systemd.packages = with pkgs; [flakeSelf.packages.x86_64-linux.anything-sync-daemon];
environment.systemPackages = with pkgs; [flakeSelf.packages.x86_64-linux.anything-sync-daemon];
fileSystems.minecraftTmpfs = {
device = "none";
fsType = "tmpfs";
mountPoint = "/mnt/minecraftTmpfs";
options = ["size=4G "];
};
environment.etc."asd.conf".text = '' WHATTOSYNC=('/var/lib/minecraft')
VOLATILE="${config.fileSystems.minecraftTmpfs.mountPoint}"
USE_OVERLAYFS="yes" '';
systemd.services.asd = {
wantedBy = ["podman-minecraft-atfc.service"];
before = ["podman-minecraft-atfc.service"];
};
} }

66
roles/server/nfs.nix
View file

@ -1,36 +1,38 @@
{ config, lib, ... }:
{ {
services = { config,
nfs.server = { lib,
enable = true; ...
exports = '' }: {
${config.services.transmission.settings.download-dir} *.sable-pancake.ts.net(ro,all_squash,anonuid=${toString config.users.users.transmission.uid},anongid=${toString config.users.groups.transmission.gid}) services = {
''; nfs.server = {
# NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall enable = true;
statdPort = 4000; exports = ''
lockdPort = 4001; ${config.services.transmission.settings.download-dir} *.sable-pancake.ts.net(ro,all_squash,anonuid=${toString config.users.users.transmission.uid},anongid=${toString config.users.groups.transmission.gid})
mountdPort = 4002; '';
}; # NFSv3 uses random ports, so you need to make them static to be able to pass though the firewall
statdPort = 4000;
lockdPort = 4001;
mountdPort = 4002;
};
avahi.extraServiceFiles = { avahi.extraServiceFiles = {
Transmission-downloads-nfs = '' Transmission-downloads-nfs = ''
<?xml version="1.0" standalone='no'?> <?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group> <service-group>
<name replace-wildcards="yes">Transmission Downloads on %h (NFS)</name> <name replace-wildcards="yes">Transmission Downloads on %h (NFS)</name>
<service> <service>
<type>_nfs._tcp</type> <type>_nfs._tcp</type>
<port>2049</port> <port>2049</port>
<txt-record>path=${config.services.transmission.settings.download-dir}</txt-record> <txt-record>path=${config.services.transmission.settings.download-dir}</txt-record>
</service> </service>
</service-group> </service-group>
''; '';
}; };
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 111 2049 4000 40001 4002 ]; allowedTCPPorts = [111 2049 4000 40001 4002];
allowedUDPPorts = [ 111 2049 4000 40001 4002 ]; allowedUDPPorts = [111 2049 4000 40001 4002];
}; };
} }

70
roles/server/samba.nix
View file

@ -1,37 +1,39 @@
{ config, lib, ... }:
{ {
services = { config,
samba = { lib,
enable = true; ...
openFirewall = true; }: {
extraConfig = '' services = {
map to guest = bad user samba = {
guest account = transmission enable = true;
''; openFirewall = true;
shares = { extraConfig = ''
"Transmission downloads" = { map to guest = bad user
path = "${config.services.transmission.settings.download-dir}"; guest account = transmission
"read only" = true; '';
public = true; shares = {
"guest only" = true; "Transmission downloads" = {
browseable = true; path = "${config.services.transmission.settings.download-dir}";
}; "read only" = true;
}; public = true;
}; "guest only" = true;
browseable = true;
};
};
};
avahi.extraServiceFiles = { avahi.extraServiceFiles = {
Transmission-downloads-smb = '' Transmission-downloads-smb = ''
<?xml version="1.0" standalone='no'?> <?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group> <service-group>
<name replace-wildcards="yes">SMB shares on %h</name> <name replace-wildcards="yes">SMB shares on %h</name>
<service> <service>
<type>_smb._tcp</type> <type>_smb._tcp</type>
<port>139</port> <port>139</port>
</service> </service>
</service-group> </service-group>
''; '';
}; };
}; };
} }

20
roles/server/ssh.nix
View file

@ -1,12 +1,10 @@
{ config, ... }: {config, ...}: {
services.openssh = {
{ enable = true;
services.openssh = { settings = {
enable = true; PermitRootLogin = "no";
settings = { PasswordAuthentication = false;
PermitRootLogin = "no"; };
PasswordAuthentication = false; startWhenNeeded = true;
}; };
startWhenNeeded = true;
};
} }

106
roles/server/syncthing.nix
View file

@ -1,57 +1,55 @@
{ config, ... }: {config, ...}: {
services.syncthing = {
enable = true;
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
guiAddress = "0.0.0.0:8384";
settings.folders = {
"passwords" = {
path = "${config.services.syncthing.dataDir}/passwords";
};
"school-things" = {
label = "School things";
id = "z6alc-nfoqr";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "${config.services.syncthing.dataDir}/school-things";
};
"steam-201810" = {
label = "Wolfenstein The New Order Saves";
id = "laxxf-t2wmy";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "${config.services.syncthing.dataDir}/steam-201810";
};
"retroarch" = {
label = "RetroArch";
id = "jxuou-2yjnu";
devices = ["steamdeck" "server" "pc" "winmax2"];
path = "${config.services.syncthing.dataDir}/retroarch";
};
};
};
systemd.services.syncthing.serviceConfig = {
# Allow syncthing to change ownership of files
AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
};
{ # Add a cname for syncthing
services.syncthing = { services.dnsmasq.settings.cname = ["sync.everest.sable-pancake.ts.net,everest"];
enable = true;
key = config.age.secrets.syncthingKey.path;
cert = config.age.secrets.syncthingCert.path;
guiAddress = "0.0.0.0:8384";
settings.folders = {
"passwords" = {
path = "${config.services.syncthing.dataDir}/passwords";
};
"school-things" = {
label = "School things";
id = "z6alc-nfoqr";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "${config.services.syncthing.dataDir}/school-things";
};
"steam-201810" = {
label = "Wolfenstein The New Order Saves";
id = "laxxf-t2wmy";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "${config.services.syncthing.dataDir}/steam-201810";
};
"retroarch"= {
label = "RetroArch";
id = "jxuou-2yjnu";
devices = [ "steamdeck" "server" "pc" "winmax2" ];
path = "${config.services.syncthing.dataDir}/retroarch";
};
};
};
systemd.services.syncthing.serviceConfig = {
# Allow syncthing to change ownership of files
AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
};
# Add a cname for syncthing # Set up traefik as the reverse proxy for syncthing
services.dnsmasq.settings.cname = [ "sync.everest.sable-pancake.ts.net,everest" ]; services.traefik = {
dynamicConfigOptions = {
# Set up traefik as the reverse proxy for syncthing http = {
services.traefik = { routers = {
dynamicConfigOptions = { syncthing-subdomain = {
http = { rule = "Host(`sync.everest.sable-pancake.ts.net`)";
routers = { service = "syncthing";
syncthing-subdomain = { };
rule = "Host(`sync.everest.sable-pancake.ts.net`)"; };
service = "syncthing"; services.syncthing.loadBalancer.servers = [
}; {url = "http://localhost:8384";}
}; ];
services.syncthing.loadBalancer.servers = [ };
{ url = "http://localhost:8384"; } };
]; };
};
};
};
} }

12
roles/server/tailscale.nix
View file

@ -1,8 +1,6 @@
{ config, ... }: {config, ...}: {
services.tailscale = {
{ # This is needed for being an exit node
services.tailscale = { useRoutingFeatures = "server";
# This is needed for being an exit node };
useRoutingFeatures = "server";
};
} }

56
roles/server/traefik.nix
View file

@ -1,33 +1,31 @@
{ config, ... }: {config, ...}: {
specialisation.traefikEnableWebUI.configuration.services.traefik = {
staticConfigOptions = {
api = {
# Enable the web ui
insecure = true;
dashboard = true;
};
};
};
{ services.traefik = {
specialisation.traefikEnableWebUI.configuration.services.traefik = { enable = true;
staticConfigOptions = { staticConfigOptions = {
api = { entryPoints = {
# Enable the web ui http = {address = "100.73.96.48:80";};
insecure = true; };
dashboard = true; };
}; };
};
};
services.traefik = {
enable = true;
staticConfigOptions = {
entryPoints = {
http = { address = "100.73.96.48:80"; };
};
};
};
systemd = { systemd = {
units.tailscaled.requiredBy = [ "traefik.service" ]; units.tailscaled.requiredBy = ["traefik.service"];
# We have somewhat frequent power outages, and our ISP router takes # We have somewhat frequent power outages, and our ISP router takes
# ages to boot up. If I don't add a delay, traefik tries to bind to # ages to boot up. If I don't add a delay, traefik tries to bind to
# the tailscale interface before it's ready, making it crash too much # the tailscale interface before it's ready, making it crash too much
# in too little time # in too little time
services.traefik.serviceConfig.RestartSec = 120; services.traefik.serviceConfig.RestartSec = 120;
}; };
networking.firewall.allowedTCPPorts = [ 80 8080 ]; networking.firewall.allowedTCPPorts = [80 8080];
} }

60
roles/server/transmission.nix
View file

@ -1,34 +1,32 @@
{ config , ... }: {config, ...}: {
services.transmission = {
enable = true;
openFirewall = true;
settings = {
incomplete-dir-enabled = false;
rpc-bind-address = "0.0.0.0";
rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
rpc-whitelist = "127.0.0.1";
};
};
{ # Add a cname for transmission
services.transmission = { services.dnsmasq.settings.cname = ["transmission.everest.sable-pancake.ts.net,everest"];
enable = true;
openFirewall = true;
settings = {
incomplete-dir-enabled = false;
rpc-bind-address = "0.0.0.0";
rpc-host-whitelist = "transmission.everest.sable-pancake.ts.net";
rpc-whitelist = "127.0.0.1";
};
};
# Add a cname for transmission # Set up traefik as the reverse proxy for transmission
services.dnsmasq.settings.cname = [ "transmission.everest.sable-pancake.ts.net,everest" ]; services.traefik = {
dynamicConfigOptions = {
# Set up traefik as the reverse proxy for transmission http = {
services.traefik = { routers = {
dynamicConfigOptions = { transmission-subdomain = {
http = { rule = "Host(`transmission.everest.sable-pancake.ts.net`)";
routers = { service = "transmission";
transmission-subdomain = { };
rule = "Host(`transmission.everest.sable-pancake.ts.net`)"; };
service = "transmission"; services.transmission.loadBalancer.servers = [
}; {url = "http://localhost:${toString config.services.transmission.settings.rpc-port}";}
}; ];
services.transmission.loadBalancer.servers = [ };
{ url = "http://localhost:${toString config.services.transmission.settings.rpc-port}"; } };
]; };
};
};
};
} }