From da84d1ad9a9b5bcd0ea877d171bb56ba26ad3b47 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Tue, 4 Mar 2025 04:45:31 -0500 Subject: [PATCH] Reworked config! Fully working for VM, needs testing with rune now. --- .vscode/settings.json | 8 + common/archive/acme/cloudflare.ini.example | 1 - common/archive/acme/default.nix | 17 - common/archive/caddy/default.nix | 17 - common/archive/caddy/ryot.foo.conf | 13 - common/archive/forgejo/default.nix | 106 ------ common/archive/mailserver/admin.pass | 1 - common/archive/mailserver/admin.pass.example | 1 - common/archive/mailserver/default.nix | 19 - common/archive/nextcloud/default.nix | 89 ----- common/archive/nextcloud/nextcloud-admin-pass | 1 - common/archive/nginx/default.nix | 27 -- common/fish/default.nix | 12 - common/git/default.nix | 13 - common/home/default.nix | 29 -- common/ssh/default.nix | 21 - common/vscode/default.nix | 10 - flake.lock | 149 -------- flake.nix | 359 ++++-------------- home/toph/common/core/asdf.nix | 14 + home/toph/common/core/bash.nix | 76 ++++ home/toph/common/core/bat.nix | 33 ++ home/toph/common/core/default.nix | 109 ++++++ home/toph/common/core/direnv.nix | 7 + .../toph/common/core}/fastfetch/default.nix | 2 +- .../common/core}/fastfetch/host/caenus.txt | 0 .../common/core}/fastfetch/host/cloud.txt | 0 .../core}/fastfetch/host/images/caenus.png | Bin .../core}/fastfetch/host/images/cloud.png | Bin .../core}/fastfetch/host/images/komodo.png | Bin .../core}/fastfetch/host/images/nix.png | Bin .../core}/fastfetch/host/images/proxy.png | Bin .../core}/fastfetch/host/images/rune.png | Bin .../common/core}/fastfetch/host/komodo.txt | 0 .../toph/common/core}/fastfetch/host/nix.txt | 0 .../common/core}/fastfetch/host/proxy.txt | 0 .../toph/common/core}/fastfetch/host/rune.txt | 0 home/toph/common/core/fastfetch/host/vm.txt | 13 + home/toph/common/core/fish/default.nix | 27 ++ .../toph/common/core}/fish/init.fish | 0 home/toph/common/core/fonts.nix | 10 + home/toph/common/core/git.nix | 89 +++++ home/toph/common/core/ranger.nix | 26 ++ home/toph/common/core/screen.nix | 9 + home/toph/common/core/ssh.nix | 26 ++ home/toph/common/core/zoxide.nix | 10 + .../common/optional/browsers/chromium.nix | 9 + .../toph/common/optional/browsers/default.nix | 6 + home/toph/common/optional/browsers/zen.nix | 20 + .../toph/common/optional/desktops/default.nix | 6 + .../optional/desktops/gnome/default.nix | 0 .../common/optional/development/default.nix | 45 +++ .../common/optional/development/vscode.nix | 10 + home/toph/common/optional/foot/default.nix | 0 home/toph/common/optional/gaming/default.nix | 44 +++ .../optional}/vscode-server/default.nix | 0 home/toph/common/optional/xdg.nix | 52 +++ home/toph/rune/default.nix | 69 ++++ home/toph/vm/default.nix | 25 ++ host/caenus/default.nix | 63 --- host/caenus/home/default.nix | 26 -- host/caenus/modules/frp/default.nix | 13 - host/caenus/modules/frp/frp.token | 1 - host/caenus/modules/frp/frp.token.example | 1 - host/caenus/modules/nginx/default.nix | 36 -- host/cloud/default.nix | 66 ---- host/cloud/hardware.nix | 37 -- host/cloud/home/default.nix | 17 - host/cloud/modules/caddy/default.nix | 19 - host/cloud/modules/cron/default.nix | 13 - host/cloud/modules/filerun/.env | 4 - host/cloud/modules/filerun/arion-compose.nix | 41 -- host/cloud/modules/filerun/arion-compose.yml | 58 --- host/cloud/modules/filerun/compose.yml | 37 -- host/cloud/modules/filerun/default.nix | 29 -- host/cloud/modules/filerun/oci.nix | 126 ------ host/cloud/modules/logrotate/default.nix | 6 - host/cloud/modules/logrotate/logrotate.conf | 18 - host/cloud/modules/snapraid/default.nix | 37 -- host/cloud/modules/snapraid/snapraid.conf | 21 - host/haze/default.nix | 81 ---- host/haze/hardware.nix | 80 ---- host/haze/home/default.nix | 43 --- host/haze/modules/gnome/default.nix | 56 --- host/haze/modules/gnome/home.nix | 147 ------- host/haze/modules/steam/default.nix | 8 - host/komodo/default.nix | 76 ---- host/komodo/hardware.nix | 30 -- host/komodo/home/default.nix | 22 -- host/komodo/modules/caddy/default.nix | 103 ----- host/komodo/modules/frp/default.nix | 13 - host/komodo/modules/frp/frp.token | 1 - host/komodo/modules/frp/frp.token.example | 1 - host/komodo/modules/komodo/compose.yaml | 102 ----- host/komodo/modules/komodo/default.nix | 332 ---------------- host/nix/default.nix | 50 --- host/nix/hardware.nix | 30 -- host/nix/home/default.nix | 21 - host/proxy/default.nix | 64 ---- host/proxy/hardware.nix | 30 -- host/proxy/home/default.nix | 16 - host/proxy/modules/caddy/default.nix | 13 - host/proxy/modules/cloudflared/default.nix | 15 - host/rune/default.nix | 67 ---- host/rune/home/default.nix | 65 ---- host/rune/modules/fish/default.nix | 8 - host/rune/modules/fleet/home.nix | 26 -- host/rune/modules/minecraft/default.nix | 45 --- host/rune/modules/steam/default.nix | 8 - host/rune/modules/vm/default.nix | 66 ---- host/rune/modules/vm/home.nix | 34 -- hosts/common/core/default.nix | 134 +++++++ hosts/common/core/ssh.nix | 27 ++ .../optional}/acme/cloudflare.ini.example | 0 .../common/optional}/acme/default.nix | 0 hosts/common/optional/audio.nix | 25 ++ hosts/common/optional/gaming.nix | 66 ++++ .../common/optional/gnome.nix | 2 +- hosts/common/optional/libvirt.nix | 101 +++++ .../common/optional/lxc.nix | 0 hosts/common/optional/minimal-user.nix | 12 + hosts/common/optional/msmtp.nix | 22 ++ hosts/common/optional/nvtop.nix | 9 + hosts/common/optional/plymouth.nix | 17 + hosts/nixos/rune/default.nix | 134 +++++++ {host => hosts/nixos}/rune/hardware.nix | 68 +--- hosts/nixos/vm/default.nix | 81 ++++ {host/caenus => hosts/nixos/vm}/hardware.nix | 36 +- hosts/users/default.nix | 59 +++ hosts/users/minimal/default.nix | 23 ++ hosts/users/toph/default.nix | 58 +++ installer/flake.lock | 62 +++ installer/flake.nix | 49 +++ installer/minimal-configuration.nix | 83 ++++ lib/default.nix | 20 + modules/common/default.nix | 9 + modules/common/host-spec.nix | 63 +++ modules/nixos/default.nix | 9 + nix/default.nix | 109 ------ nix/overlays/default.nix | 7 - overlays/default.nix | 59 +++ .../common}/snapraid-runner/default.nix | 0 .../snapraid-runner/snapraid-runner.conf | 0 .../snapraid-runner/snapraid-runner.py | 0 144 files changed, 1975 insertions(+), 3321 deletions(-) create mode 100644 .vscode/settings.json delete mode 100644 common/archive/acme/cloudflare.ini.example delete mode 100644 common/archive/acme/default.nix delete mode 100644 common/archive/caddy/default.nix delete mode 100644 common/archive/caddy/ryot.foo.conf delete mode 100644 common/archive/forgejo/default.nix delete mode 100644 common/archive/mailserver/admin.pass delete mode 100644 common/archive/mailserver/admin.pass.example delete mode 100644 common/archive/mailserver/default.nix delete mode 100644 common/archive/nextcloud/default.nix delete mode 100644 common/archive/nextcloud/nextcloud-admin-pass delete mode 100644 common/archive/nginx/default.nix delete mode 100644 common/fish/default.nix delete mode 100644 common/git/default.nix delete mode 100644 common/home/default.nix delete mode 100644 common/ssh/default.nix delete mode 100644 common/vscode/default.nix delete mode 100644 flake.lock create mode 100644 home/toph/common/core/asdf.nix create mode 100644 home/toph/common/core/bash.nix create mode 100644 home/toph/common/core/bat.nix create mode 100644 home/toph/common/core/default.nix create mode 100644 home/toph/common/core/direnv.nix rename {common => home/toph/common/core}/fastfetch/default.nix (97%) rename {common => home/toph/common/core}/fastfetch/host/caenus.txt (100%) rename {common => home/toph/common/core}/fastfetch/host/cloud.txt (100%) rename {common => home/toph/common/core}/fastfetch/host/images/caenus.png (100%) rename {common => home/toph/common/core}/fastfetch/host/images/cloud.png (100%) rename {common => home/toph/common/core}/fastfetch/host/images/komodo.png (100%) rename {common => home/toph/common/core}/fastfetch/host/images/nix.png (100%) rename {common => home/toph/common/core}/fastfetch/host/images/proxy.png (100%) rename {common => home/toph/common/core}/fastfetch/host/images/rune.png (100%) rename {common => home/toph/common/core}/fastfetch/host/komodo.txt (100%) rename {common => home/toph/common/core}/fastfetch/host/nix.txt (100%) rename {common => home/toph/common/core}/fastfetch/host/proxy.txt (100%) rename {common => home/toph/common/core}/fastfetch/host/rune.txt (100%) create mode 100644 home/toph/common/core/fastfetch/host/vm.txt create mode 100644 home/toph/common/core/fish/default.nix rename {common => home/toph/common/core}/fish/init.fish (100%) create mode 100644 home/toph/common/core/fonts.nix create mode 100644 home/toph/common/core/git.nix create mode 100644 home/toph/common/core/ranger.nix create mode 100644 home/toph/common/core/screen.nix create mode 100644 home/toph/common/core/ssh.nix create mode 100644 home/toph/common/core/zoxide.nix create mode 100644 home/toph/common/optional/browsers/chromium.nix create mode 100644 home/toph/common/optional/browsers/default.nix create mode 100644 home/toph/common/optional/browsers/zen.nix create mode 100644 home/toph/common/optional/desktops/default.nix rename host/rune/modules/gnome/home.nix => home/toph/common/optional/desktops/gnome/default.nix (100%) create mode 100644 home/toph/common/optional/development/default.nix create mode 100644 home/toph/common/optional/development/vscode.nix create mode 100644 home/toph/common/optional/foot/default.nix create mode 100644 home/toph/common/optional/gaming/default.nix rename {common => home/toph/common/optional}/vscode-server/default.nix (100%) create mode 100644 home/toph/common/optional/xdg.nix create mode 100644 home/toph/rune/default.nix create mode 100644 home/toph/vm/default.nix delete mode 100644 host/caenus/default.nix delete mode 100644 host/caenus/home/default.nix delete mode 100644 host/caenus/modules/frp/default.nix delete mode 100644 host/caenus/modules/frp/frp.token delete mode 100644 host/caenus/modules/frp/frp.token.example delete mode 100644 host/caenus/modules/nginx/default.nix delete mode 100644 host/cloud/default.nix delete mode 100644 host/cloud/hardware.nix delete mode 100644 host/cloud/home/default.nix delete mode 100644 host/cloud/modules/caddy/default.nix delete mode 100644 host/cloud/modules/cron/default.nix delete mode 100644 host/cloud/modules/filerun/.env delete mode 100644 host/cloud/modules/filerun/arion-compose.nix delete mode 100644 host/cloud/modules/filerun/arion-compose.yml delete mode 100644 host/cloud/modules/filerun/compose.yml delete mode 100644 host/cloud/modules/filerun/default.nix delete mode 100644 host/cloud/modules/filerun/oci.nix delete mode 100644 host/cloud/modules/logrotate/default.nix delete mode 100644 host/cloud/modules/logrotate/logrotate.conf delete mode 100644 host/cloud/modules/snapraid/default.nix delete mode 100644 host/cloud/modules/snapraid/snapraid.conf delete mode 100644 host/haze/default.nix delete mode 100644 host/haze/hardware.nix delete mode 100644 host/haze/home/default.nix delete mode 100644 host/haze/modules/gnome/default.nix delete mode 100644 host/haze/modules/gnome/home.nix delete mode 100644 host/haze/modules/steam/default.nix delete mode 100644 host/komodo/default.nix delete mode 100644 host/komodo/hardware.nix delete mode 100644 host/komodo/home/default.nix delete mode 100644 host/komodo/modules/caddy/default.nix delete mode 100644 host/komodo/modules/frp/default.nix delete mode 100644 host/komodo/modules/frp/frp.token delete mode 100644 host/komodo/modules/frp/frp.token.example delete mode 100644 host/komodo/modules/komodo/compose.yaml delete mode 100644 host/komodo/modules/komodo/default.nix delete mode 100644 host/nix/default.nix delete mode 100644 host/nix/hardware.nix delete mode 100644 host/nix/home/default.nix delete mode 100644 host/proxy/default.nix delete mode 100644 host/proxy/hardware.nix delete mode 100644 host/proxy/home/default.nix delete mode 100644 host/proxy/modules/caddy/default.nix delete mode 100644 host/proxy/modules/cloudflared/default.nix delete mode 100644 host/rune/default.nix delete mode 100644 host/rune/home/default.nix delete mode 100644 host/rune/modules/fish/default.nix delete mode 100644 host/rune/modules/fleet/home.nix delete mode 100644 host/rune/modules/minecraft/default.nix delete mode 100644 host/rune/modules/steam/default.nix delete mode 100644 host/rune/modules/vm/default.nix delete mode 100644 host/rune/modules/vm/home.nix create mode 100644 hosts/common/core/default.nix create mode 100644 hosts/common/core/ssh.nix rename {common => hosts/common/optional}/acme/cloudflare.ini.example (100%) rename {common => hosts/common/optional}/acme/default.nix (100%) create mode 100644 hosts/common/optional/audio.nix create mode 100644 hosts/common/optional/gaming.nix rename host/rune/modules/gnome/default.nix => hosts/common/optional/gnome.nix (97%) create mode 100644 hosts/common/optional/libvirt.nix rename common/lxc/default.nix => hosts/common/optional/lxc.nix (100%) create mode 100644 hosts/common/optional/minimal-user.nix create mode 100644 hosts/common/optional/msmtp.nix create mode 100644 hosts/common/optional/nvtop.nix create mode 100644 hosts/common/optional/plymouth.nix create mode 100644 hosts/nixos/rune/default.nix rename {host => hosts/nixos}/rune/hardware.nix (55%) create mode 100644 hosts/nixos/vm/default.nix rename {host/caenus => hosts/nixos/vm}/hardware.nix (56%) create mode 100644 hosts/users/default.nix create mode 100644 hosts/users/minimal/default.nix create mode 100644 hosts/users/toph/default.nix create mode 100644 installer/flake.lock create mode 100644 installer/flake.nix create mode 100644 installer/minimal-configuration.nix create mode 100644 lib/default.nix create mode 100644 modules/common/default.nix create mode 100644 modules/common/host-spec.nix create mode 100644 modules/nixos/default.nix delete mode 100644 nix/default.nix delete mode 100644 nix/overlays/default.nix create mode 100644 overlays/default.nix rename {nix/pkgs => pkgs/common}/snapraid-runner/default.nix (100%) rename {nix/pkgs => pkgs/common}/snapraid-runner/snapraid-runner.conf (100%) rename {nix/pkgs => pkgs/common}/snapraid-runner/snapraid-runner.py (100%) diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..cee9eaa --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "explorer.fileNesting.patterns": { + ".gitignore": ".gitattributes, .envrc, readme", + "flake.nix": "flake.lock, shell.nix, checks.nix" + }, + "editor.formatOnSave": true, + "editor.formatOnSaveMode": "file" +} diff --git a/common/archive/acme/cloudflare.ini.example b/common/archive/acme/cloudflare.ini.example deleted file mode 100644 index 3bb6b44..0000000 --- a/common/archive/acme/cloudflare.ini.example +++ /dev/null @@ -1 +0,0 @@ -CF_DNS_API_TOKEN= \ No newline at end of file diff --git a/common/archive/acme/default.nix b/common/archive/acme/default.nix deleted file mode 100644 index 1782ce6..0000000 --- a/common/archive/acme/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: { - - # letsencrypt - security.acme = { - acceptTerms = true; - defaults = { - email = "chris@toph.cc"; - dnsProvider = "cloudflare"; - environmentFile = ./cloudflare.ini; - }; - certs = { - "ryot.foo" = { - extraDomainNames = ["*.ryot.foo"]; - }; - }; - }; -} \ No newline at end of file diff --git a/common/archive/caddy/default.nix b/common/archive/caddy/default.nix deleted file mode 100644 index 8d90cde..0000000 --- a/common/archive/caddy/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - services.caddy = { - enable = true; - - virtualHosts = { - "*.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = builtins.readFile ./ryot.foo.conf; - }; - - "ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = builtins.readFile ./ryot.foo.conf; - }; - }; - }; -} \ No newline at end of file diff --git a/common/archive/caddy/ryot.foo.conf b/common/archive/caddy/ryot.foo.conf deleted file mode 100644 index a750add..0000000 --- a/common/archive/caddy/ryot.foo.conf +++ /dev/null @@ -1,13 +0,0 @@ -reverse_proxy http://localhost:8080 { - header_up Host {host} - header_up X-Real-IP {remote} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Proto {scheme} -} - -reverse_proxy https://localhost:4433 { - header_up Host {host} - header_up X-Real-IP {remote} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Proto {scheme} -} \ No newline at end of file diff --git a/common/archive/forgejo/default.nix b/common/archive/forgejo/default.nix deleted file mode 100644 index 52ed3a2..0000000 --- a/common/archive/forgejo/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -# Configuration for Gitea instance - -{ - config, - pkgs, - admin, - ... -}: -{ - - # users.users.git = { - # description = "git"; - # uid = 993; - # group = "ryot"; - # shell = pkgs.fish; - # # openssh.authorizedKeys.keys = [ - # # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - # # ]; - # }; - - # Forgejo configuration - services.forgejo = { - enable = true; - - group = "ryot"; - stateDir = "/pool/forgejo"; - - # Settings - dump = { - # :D idk what this does - enable = false; - interval = "weekly"; - }; - - settings = { - - DEFAULT = { - # Configuration for forgejo - I_AM_BEING_UNSAFE_RUNNING_AS_ROOT = "true"; - APP_NAME = "Ryot Git"; - RUN_MODE = "dev"; - RUN_USER = "toph"; - }; - - server = { - # Configuration for reverse proxy - DOMAIN = "git.ryot.foo"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 3003; - ROOT_URL = "https://git.ryot.foo/"; - START_SSH_SERVER = true; - BUILTIN_SSH_SERVER_USER = "git"; - SSH_PORT = 222; - }; - - repository = { - DEFAULT_PRIVATE = true; - }; - - ui = { - DEFAULT_THEME = "forgejo-dark"; - SHOW_USER_EMAIL = false; - }; - - "ui.meta" = { - AUTHOR = "Ryot"; - DESCRIPTION = "Ryot Gitea instance"; - KEYWORDS = ""; - }; - - security = { - INSTALL_LOCK = true; - }; - - session = { - SESSION_LIFE_TIME = 86400 * 7; # 1 week - }; - - picture = { - DISABLE_GRAVATAR = true; - }; - - "cron.sync_external_users" = { - SCHEDULE = "@every 24h"; - UPDATE_EXISTING = true; - }; - - log.LEVEL = "Info"; - # Private server - service.DISABLE_REGISTRATION = false; - # Disable package manager functionality - packages.ENABLED = false; - - }; - }; - - users.users.forgejo = { - extraGroups = [ "ryot" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - ]; - }; - - # Give admin group access to forgejo config - # users.users.${admin}.extraGroups = [ "forgejo" ]; -} diff --git a/common/archive/mailserver/admin.pass b/common/archive/mailserver/admin.pass deleted file mode 100644 index 3dc0b66..0000000 --- a/common/archive/mailserver/admin.pass +++ /dev/null @@ -1 +0,0 @@ -$2b$05$RAavFe61.2iBTeGdtCI5EuKmFXxRbh/OL199HjBN74hSBCXzxViqS \ No newline at end of file diff --git a/common/archive/mailserver/admin.pass.example b/common/archive/mailserver/admin.pass.example deleted file mode 100644 index ae3cc31..0000000 --- a/common/archive/mailserver/admin.pass.example +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/common/archive/mailserver/default.nix b/common/archive/mailserver/default.nix deleted file mode 100644 index 262fa5b..0000000 --- a/common/archive/mailserver/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - enable = true; - fqdn = "mail.ryot.foo"; - domains = [ "ryot.foo" ]; - - enableImapSsl = true; - enableSubmissionSsl = true; - - # A list of all login accounts. To create the password hashes, use - # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' - loginAccounts = { - "[REDACTED]" = { - hashedPassword = builtins.readFile ./admin.pass; - aliases = ["[REDACTED]"]; - }; - }; - - certificateScheme = "acme"; -} \ No newline at end of file diff --git a/common/archive/nextcloud/default.nix b/common/archive/nextcloud/default.nix deleted file mode 100644 index 2911882..0000000 --- a/common/archive/nextcloud/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, pkgs, ... }: - -{ - # The Nextcloud admin password is stored in a separate file to avoid - environment.etc."nextcloud-admin-pass".text = builtins.readFile ./nextcloud-admin-pass; - - services.nextcloud = { - enable = true; - hostName = "cloud.ryot.foo"; - - # Need to manually increment with every major upgrade. - package = pkgs.nextcloud29; - - # Let NixOS install and configure the database automatically. - database.createLocally = true; - - # Let NixOS install and configure Redis caching automatically. - configureRedis = true; - - # Increase the maximum file upload size to avoid problems uploading videos. - maxUploadSize = "5G"; - https = true; - - # appstoreEnable = true; - autoUpdateApps.enable = true; - extraAppsEnable = true; - extraApps = with config.services.nextcloud.package.packages.apps; { - # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json - inherit - calendar - contacts - mail - notes - tasks - registration - spreed - twofactor_nextcloud_notification - ; - - # breeze = pkgs.fetchNextcloudApp { - # sha256 = "sha256-9xMH9IcQrzzMJ5bL6RP/3CS1QGuByriCjGkJQJxQ4CU="; - # url = "https://github.com/mwalbeck/nextcloud-breeze-dark/releases/download/v29.0.0/breezedark.tar.gz"; - # license = "agpl3Only"; - # }; - - oidc_login = pkgs.fetchNextcloudApp { - sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA="; - url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz"; - license = "agpl3Only"; - }; - - impersonate = pkgs.fetchNextcloudApp { - sha256 = "sha256-7NCfm2c861E1ZOZhpqjbsw2LC9I7ypp2J1LamqmWvtU="; - url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.16.0/impersonate-v1.16.0.tar.gz"; - license = "agpl3Only"; - }; - - # Custom app installation example. - # cookbook = pkgs.fetchNextcloudApp rec { - # url = - # "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"; - # sha256 = "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M="; - # }; - }; - - settings = { - overwriteProtocol = "https"; - overwritehost = "cloud.ryot.foo"; - trusted_domains = [ "cloud.ryot.foo" ]; - default_phone_region = "US"; - allow_user_to_change_display_name = "false"; - lost_password_link = "disabled"; - oidc_login_provider_url = "https://auth.ryot.foo/application/o/cloud-slug"; - oidc_login_client_id = "Fmc7v4MFQ3Iv8bZwOdXIaqYZUdDkiL0bKbDuGWd3"; - oidc_login_client_secret = "TPo7Q4uiusak2G6cneZMijMt45Y2FNCE2YT4hXWU9IjcywNhgzFXDY5sxC4SyyggkFmj3Dz3DYcZj295kjAES2W140EfjNRWI6xHd6B7Fxj8B6BzudJ5ii5Um1ZyjU47"; - # oidc_login_logout_url = "https://openid.example.com/thankyou"; - # oidc_login_end_session_redirect = "false"; - oidc_login_button_text = "Authentik Login"; - oidc_login_scope = "openid profile"; - oidc_login_disable_registration = "false"; - }; - - config = { - dbtype = "pgsql"; - adminuser = "admin"; - adminpassFile = "/etc/nextcloud-admin-pass"; - }; - }; -} diff --git a/common/archive/nextcloud/nextcloud-admin-pass b/common/archive/nextcloud/nextcloud-admin-pass deleted file mode 100644 index 00221b9..0000000 --- a/common/archive/nextcloud/nextcloud-admin-pass +++ /dev/null @@ -1 +0,0 @@ -snYBkSxkFZ6a7Y \ No newline at end of file diff --git a/common/archive/nginx/default.nix b/common/archive/nginx/default.nix deleted file mode 100644 index 24ca5bd..0000000 --- a/common/archive/nginx/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - # Nginx - services.nginx = { - - enable = true; - - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - # Setup Nextcloud virtual host to listen on ports - virtualHosts = { - - "drive.ryot.foo" = { - ## Force HTTP redirect to HTTPS - forceSSL = true; - ## LetsEncrypt - enableACME = true; - }; - }; - }; -} diff --git a/common/fish/default.nix b/common/fish/default.nix deleted file mode 100644 index 1d67b4e..0000000 --- a/common/fish/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: -{ - programs.fish = { - enable = true; - interactiveShellInit = builtins.readFile ./init.fish; - plugins = [ - # Enable a plugin (here grc for colorized command output) from nixpkgs - { name = "grc"; src = pkgs.fishPlugins.grc.src; } - { name = "tide"; src = pkgs.fishPlugins.tide.src; } - ]; - }; -} diff --git a/common/git/default.nix b/common/git/default.nix deleted file mode 100644 index 24eaa5f..0000000 --- a/common/git/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - # !!! FOR HOME MANAGER Not nix config - programs.git = { - enable = true; - userName = "[REDACTED]"; - userEmail = "[REDACTED]"; - extraConfig = { - init = { - defaultBranch = "main"; - }; - }; - }; -} \ No newline at end of file diff --git a/common/home/default.nix b/common/home/default.nix deleted file mode 100644 index 12249ee..0000000 --- a/common/home/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - pkgs, - hostName, - user, - ... -}: -{ - # Module imports - imports = [ - # Common Modules - ../fish - ../fastfetch - ]; - - home = { - username = user; - homeDirectory = "/home/${user}"; - stateVersion = "24.05"; - sessionVariables = { - HOSTNAME = hostName; - EDITOR = "micro"; - VISUAL = "micro"; - XDG_CONFIG_HOME = "$HOME/.config"; - }; - }; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; -} diff --git a/common/ssh/default.nix b/common/ssh/default.nix deleted file mode 100644 index ae32c30..0000000 --- a/common/ssh/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - ... -}: -{ - programs.ssh.startAgent = true; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - ]; - - services.openssh = { - enable = true; - settings = { - AllowUsers = null; # everyone - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = lib.mkDefault "no"; - }; - }; -} diff --git a/common/vscode/default.nix b/common/vscode/default.nix deleted file mode 100644 index 70f26b0..0000000 --- a/common/vscode/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -{ - programs.vscode = { - enable = true; - extensions = with pkgs.vscode-extensions; [ - # bbenoist.Nix - # brettm12345.nixfmt-vscode - ]; - }; -} diff --git a/flake.lock b/flake.lock deleted file mode 100644 index e6676d8..0000000 --- a/flake.lock +++ /dev/null @@ -1,149 +0,0 @@ -{ - "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740624780, - "narHash": "sha256-8TP61AI3QBQsjzVUQFIV8NoB5nbYfJB3iHczhBikDkU=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "b8869e4ead721bbd4f0d6b927e8395705d4f16e6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1740367490, - "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1682134069, - "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fd901ef4bf93499374c5af385b2943f5801c0833", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1735471104, - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "vscode-server": "vscode-server", - "zen-browser": "zen-browser" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "vscode-server": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1729422940, - "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=", - "owner": "nix-community", - "repo": "nixos-vscode-server", - "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-vscode-server", - "type": "github" - } - }, - "zen-browser": { - "inputs": { - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1740554227, - "narHash": "sha256-xpwZeMw2gGenixGQDyVv+ja+epcR+EJ1BPuGFdgFS18=", - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "rev": "7de16ae319e6f6852274fa90b0d41c00049767c9", - "type": "github" - }, - "original": { - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix index 912c881..a66235b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,27 +1,32 @@ -# FIXME: this shit is a mess i need to learn how to do this properly { - description = "Unstable Flake"; + description = "Toph's Nix-Config"; inputs = { - nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + # The next two are for pinning to stable vs unstable regardless of what the above is set to + # This is particularly useful when an upcoming stable release is in beta because you can effectively + # keep 'nixpkgs-stable' set to stable for critical packages while setting 'nixpkgs' to the beta branch to + # get a jump start on deprecation changes. + # See also 'stable-packages' and 'unstable-packages' overlays at 'overlays/default.nix" + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + + # NixOs hardware flakes + hardware.url = "github:nixos/nixos-hardware"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - vscode-server = { - url = "github:nix-community/nixos-vscode-server"; + # VM tools + nixvirt = { + url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs-stable"; }; zen-browser = { url = "github:0xc000022070/zen-browser-flake"; }; - # nixvirt = { - # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; - # arion = { - # url = "github:hercules-ci/arion"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + # TODO: theming + # stylix.url = "github:danth/stylix/release-24.11"; }; outputs = @@ -30,290 +35,78 @@ inherit (self) outputs; inherit (nixpkgs) lib; - admin = "toph"; - user = "toph"; ARM = "aarch64-linux"; # ARM systems X86 = "x86_64-linux"; # x86_64 systems - in - { - nixosConfigurations = { - caenus = - let - hostName = "caenus"; - default = ./. + "/host/${hostName}"; - in - lib.nixosSystem { - specialArgs = { - inherit admin hostName; - }; - system = ARM; - modules = [ - ./nix - default - ]; - }; - cloud = - let - hostName = "cloud"; - default = ./. + "/host/${hostName}"; - in - lib.nixosSystem { - specialArgs = { - inherit admin hostName; - }; - system = X86; - modules = [ - ./nix - default - ]; - }; + # + # ========= Architectures ========= + # + forAllSystems = nixpkgs.lib.genAttrs [ + ARM + X86 + ]; - komodo = + # + # ========= Host Config Functions ========= + # + # Handle a given host config based on whether its underlying system is nixos or darwin + mkHost = host: isARM: { + ${host} = let - hostName = "komodo"; - default = ./. + "/host/${hostName}"; + func = if isARM then ARM else X86; + systemFunc = func; in lib.nixosSystem { specialArgs = { - inherit admin hostName; + inherit + inputs + outputs + isARM + ; + system = systemFunc; + # ========== Extend lib with lib.custom ========== + # NOTE: This approach allows lib.custom to propagate into hm + # see: https://github.com/nix-community/home-manager/pull/3454 + lib = nixpkgs.lib.extend (self: super: { custom = import ./lib { inherit (nixpkgs) lib; }; }); }; - system = X86; - modules = [ - ./nix - default - inputs.vscode-server.nixosModules.default - ( - { config, pkgs, ... }: - { - services.vscode-server.enable = true; - services.vscode-server.enableFHS = true; - programs.nix-ld = { - enable = true; - package = pkgs.nix-ld-rs; - }; - } - ) - ]; - }; - - nix = - let - hostName = "nix"; - default = ./. + "/host/${hostName}"; - in - lib.nixosSystem { - specialArgs = { - inherit admin hostName; - }; - system = X86; - modules = [ - ./nix - default - inputs.vscode-server.nixosModules.default - ( - { config, pkgs, ... }: - { - services.vscode-server.enable = true; - } - ) - ]; - }; - - proxy = - let - hostName = "proxy"; - default = ./. + "/host/${hostName}"; - in - lib.nixosSystem { - specialArgs = { - inherit admin hostName; - }; - system = X86; - modules = [ - ./nix - default - ]; - }; - - rune = - let - hostName = "rune"; - default = ./. + "/host/${hostName}"; - in - lib.nixosSystem { - specialArgs = { - inherit admin hostName inputs; - }; - system = X86; - modules = [ - ./nix - default - ]; - }; - - haze = - let - user = "cesar"; - hostName = "haze"; - default = ./. + "/host/${hostName}"; - in - lib.nixosSystem { - specialArgs = { - inherit admin user hostName; - }; - system = X86; - modules = [ - ./nix - default - ]; + modules = [ ./hosts/nixos/${host} ]; }; }; + # Invoke mkHost for each host config that is declared for either X86 or ARM + mkHostConfigs = + hosts: isARM: lib.foldl (acc: set: acc // set) { } (lib.map (host: mkHost host isARM) hosts); + # Return the hosts declared in the given directory + readHosts = folder: lib.attrNames (builtins.readDir ./hosts/${folder}); + in + { + # + # ========= Overlays ========= + # + # Custom modifications/overrides to upstream packages. + overlays = import ./overlays { inherit inputs; }; - homeConfigurations = + # + # ========= Host Configurations ========= + # + # Building configurations is available through `just rebuild` or `nixos-rebuild --flake .#hostname` + nixosConfigurations = mkHostConfigs (readHosts "nixos") false; + + # + # ========= Packages ========= + # + # Add custom packages to be shared or upstreamed. + packages = forAllSystems ( + system: let - armPkgs = import nixpkgs { - system = ARM; - config.allowUnfree = true; - }; - x86Pkgs = import nixpkgs { - system = X86; - config.allowUnfree = true; - # overlays = [ (import ./nixos/overlays) ]; + pkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; }; in - { - "${admin}@caenus" = - let - hostName = "caenus"; - pkgs = armPkgs; - home = ./. + "/host/${hostName}/home"; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit admin user hostName; - }; - modules = [ home ]; - }; - - "${admin}@cloud" = - let - hostName = "cloud"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit admin user hostName; - }; - modules = [ home ]; - }; - - "${admin}@komodo" = - let - hostName = "komodo"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit admin user hostName; - }; - modules = [ home ]; - }; - - "${admin}@nix" = - let - hostName = "nix"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit admin user hostName; - }; - modules = [ home ]; - }; - - "${admin}@proxy" = - let - hostName = "proxy"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit admin user hostName; - }; - modules = [ home ]; - }; - - "${admin}@rune" = - let - hostName = "rune"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - zen = inputs.zen-browser.packages."${X86}".beta; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit - admin - user - hostName - zen - inputs - ; - }; - modules = [ home ]; - }; - - "${admin}@haze" = - let - user = "cesar"; - hostName = "haze"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - zen = inputs.zen-browser.packages."${X86}".beta; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit - admin - user - hostName - zen - ; - }; - modules = [ home ]; - }; - - "cesar@haze" = - let - hostName = "haze"; - pkgs = x86Pkgs; - home = ./. + "/host/${hostName}/home"; - zen = inputs.zen-browser.packages."${X86}".beta; - in - inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit - admin - user - hostName - zen - ; - }; - modules = [ home ]; - }; - }; + lib.packagesFromDirectoryRecursive { + callPackage = lib.callPackageWith pkgs; + directory = ./pkgs/common; + } + ); }; } diff --git a/home/toph/common/core/asdf.nix b/home/toph/common/core/asdf.nix new file mode 100644 index 0000000..fee6ba9 --- /dev/null +++ b/home/toph/common/core/asdf.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + programs.fish = { + shellInit = '' + source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish" + ''; + }; + + home.packages = builtins.attrValues { + inherit (pkgs) + asdf-vm + ; + }; +} diff --git a/home/toph/common/core/bash.nix b/home/toph/common/core/bash.nix new file mode 100644 index 0000000..9907b12 --- /dev/null +++ b/home/toph/common/core/bash.nix @@ -0,0 +1,76 @@ +{ + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + ll = "ls -alF"; + la = "ls -A"; + l = "ls -CF"; + + # Add an "alert" alias for long running commands. Use like so: + # sleep 10; alert + alert = "notify-send --urgency=low -i \"$([ $? = 0 ] && echo terminal || echo error)\" \"$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')\""; + }; + + initExtra = '' + # ~/.bashrc: executed by bash(1) for non-login shells. + # If not running interactively, don't do anything + case $- in + *i*) ;; + *) return;; + esac + + # don't put duplicate lines or lines starting with space in the history. + # See bash(1) for more options + HISTCONTROL=ignoreboth + + # append to the history file, don't overwrite it + shopt -s histappend + + # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) + HISTSIZE=1000 + HISTFILESIZE=2000 + + # check the window size after each command and, if necessary, + # update the values of LINES and COLUMNS. + shopt -s checkwinsize + + # make less more friendly for non-text input files, see lesspipe(1) + [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + + # set a fancy prompt (non-color, unless we know we "want" color) + case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; + esac + + # enable color support of ls and also add handy aliases + if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' + fi + + # colored GCC warnings and errors + #export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + + # Alias definitions. + # You may want to put all your additions into a separate file like + # ~/.bash_aliases, instead of adding them here directly. + # See /usr/share/doc/bash-doc/examples in the bash-doc package. + + if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases + fi + + export LC_ALL=en_US.UTF-8 + export LANG=en_US.UTF-8 + + complete -C /usr/bin/terraform terraform + ''; + }; +} diff --git a/home/toph/common/core/bat.nix b/home/toph/common/core/bat.nix new file mode 100644 index 0000000..fb69392 --- /dev/null +++ b/home/toph/common/core/bat.nix @@ -0,0 +1,33 @@ +# https://github.com/sharkdp/bat +# https://github.com/eth-p/bat-extras + +{ pkgs, ... }: +{ + programs.bat = { + enable = true; + config = { + # Git modifications and file header (but no grid) + style = "changes,header"; + # theme = "gruvbox-dark"; + }; + extraPackages = builtins.attrValues { + inherit (pkgs.bat-extras) + + batgrep # search through and highlight files using ripgrep + batdiff # Diff a file against the current git index, or display the diff between to files + batman # read manpages using bat as the formatter + ; + }; + }; + + # Avoid [bat error]: The binary caches for the user-customized syntaxes and themes in + # '/home//.cache/bat' are not compatible with this version of bat (0.25.0). + home.activation.batCacheRebuild = { + after = [ "linkGeneration" ]; + before = [ ]; + data = '' + ${pkgs.bat}/bin/bat cache --build + ''; + }; + +} diff --git a/home/toph/common/core/default.nix b/home/toph/common/core/default.nix new file mode 100644 index 0000000..b6be362 --- /dev/null +++ b/home/toph/common/core/default.nix @@ -0,0 +1,109 @@ +#FIXME: Move attrs that will only work on linux to nixos.nix +#FIXME: if pulling in homemanager for isMinimal maybe set up conditional for some packages +{ + config, + lib, + pkgs, + hostSpec, + ... +}: +{ + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "modules/common/host-spec.nix" + ]) + ./asdf.nix + ./bash.nix + ./bat.nix + ./direnv.nix + ./fastfetch + ./fish + ./fonts.nix + ./git.nix + ./ranger.nix + ./screen.nix + ./ssh.nix + ./zoxide.nix + ]; + + inherit hostSpec; + + services.ssh-agent.enable = true; + + home = { + username = lib.mkDefault config.hostSpec.username; + homeDirectory = lib.mkDefault config.hostSpec.home; + stateVersion = lib.mkDefault "24.05"; + sessionPath = [ + "$HOME/.local/bin" + ]; + sessionVariables = { + FLAKE = "$HOME/git/dot.nix"; + SHELL = "fish"; + EDITOR = "micro"; + VISUAL = "micro"; + MANPAGER = "batman"; # see ./cli/bat.nix + }; + preferXdgDirectories = true; # whether to make programs use XDG directories whenever supported + + }; + + #TODO(xdg): maybe move this to its own xdg.nix? + # xdg packages are pulled in below + xdg = { + enable = true; + userDirs = { + enable = true; + createDirectories = true; + desktop = "${config.home.homeDirectory}/.desktop"; + documents = "${config.home.homeDirectory}/doc"; + download = "${config.home.homeDirectory}/downloads"; + music = "${config.home.homeDirectory}/media/audio"; + pictures = "${config.home.homeDirectory}/media/images"; + videos = "${config.home.homeDirectory}/media/video"; + # publicshare = "/var/empty"; #using this option with null or "/var/empty" barfs so it is set properly in extraConfig below + # templates = "/var/empty"; #using this option with null or "/var/empty" barfs so it is set properly in extraConfig below + + extraConfig = { + # publicshare and templates defined as null here instead of as options because + XDG_PUBLICSHARE_DIR = "/var/empty"; + XDG_TEMPLATES_DIR = "/var/empty"; + }; + }; + }; + + home.packages = builtins.attrValues { + inherit (pkgs) + # Packages that don't have custom configs go here + btop # resource monitor + coreutils # basic gnu utils + curl + eza # ls replacement + dust # disk usage + pre-commit # git hooks + p7zip # compression & encryption + unzip # zip extraction + unrar # rar extraction + wget # downloader + xdg-utils # provide cli tools such as `xdg-mime` and `xdg-open` + xdg-user-dirs + zip # zip compression + ; + }; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + warn-dirty = false; + }; + }; + + programs.home-manager.enable = true; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; +} diff --git a/home/toph/common/core/direnv.nix b/home/toph/common/core/direnv.nix new file mode 100644 index 0000000..4ed8106 --- /dev/null +++ b/home/toph/common/core/direnv.nix @@ -0,0 +1,7 @@ +{ + programs.direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; # better than native direnv nix functionality - https://github.com/nix-community/nix-direnv + }; +} diff --git a/common/fastfetch/default.nix b/home/toph/common/core/fastfetch/default.nix similarity index 97% rename from common/fastfetch/default.nix rename to home/toph/common/core/fastfetch/default.nix index eaa8bcd..1192bae 100644 --- a/common/fastfetch/default.nix +++ b/home/toph/common/core/fastfetch/default.nix @@ -7,7 +7,7 @@ { programs.fastfetch = let - hostname = config.home.sessionVariables.HOSTNAME; + hostname = config.hostSpec.hostName; logoFile = ./. + "/host/${hostname}.txt"; in { diff --git a/common/fastfetch/host/caenus.txt b/home/toph/common/core/fastfetch/host/caenus.txt similarity index 100% rename from common/fastfetch/host/caenus.txt rename to home/toph/common/core/fastfetch/host/caenus.txt diff --git a/common/fastfetch/host/cloud.txt b/home/toph/common/core/fastfetch/host/cloud.txt similarity index 100% rename from common/fastfetch/host/cloud.txt rename to home/toph/common/core/fastfetch/host/cloud.txt diff --git a/common/fastfetch/host/images/caenus.png b/home/toph/common/core/fastfetch/host/images/caenus.png similarity index 100% rename from common/fastfetch/host/images/caenus.png rename to home/toph/common/core/fastfetch/host/images/caenus.png diff --git a/common/fastfetch/host/images/cloud.png b/home/toph/common/core/fastfetch/host/images/cloud.png similarity index 100% rename from common/fastfetch/host/images/cloud.png rename to home/toph/common/core/fastfetch/host/images/cloud.png diff --git a/common/fastfetch/host/images/komodo.png b/home/toph/common/core/fastfetch/host/images/komodo.png similarity index 100% rename from common/fastfetch/host/images/komodo.png rename to home/toph/common/core/fastfetch/host/images/komodo.png diff --git a/common/fastfetch/host/images/nix.png b/home/toph/common/core/fastfetch/host/images/nix.png similarity index 100% rename from common/fastfetch/host/images/nix.png rename to home/toph/common/core/fastfetch/host/images/nix.png diff --git a/common/fastfetch/host/images/proxy.png b/home/toph/common/core/fastfetch/host/images/proxy.png similarity index 100% rename from common/fastfetch/host/images/proxy.png rename to home/toph/common/core/fastfetch/host/images/proxy.png diff --git a/common/fastfetch/host/images/rune.png b/home/toph/common/core/fastfetch/host/images/rune.png similarity index 100% rename from common/fastfetch/host/images/rune.png rename to home/toph/common/core/fastfetch/host/images/rune.png diff --git a/common/fastfetch/host/komodo.txt b/home/toph/common/core/fastfetch/host/komodo.txt similarity index 100% rename from common/fastfetch/host/komodo.txt rename to home/toph/common/core/fastfetch/host/komodo.txt diff --git a/common/fastfetch/host/nix.txt b/home/toph/common/core/fastfetch/host/nix.txt similarity index 100% rename from common/fastfetch/host/nix.txt rename to home/toph/common/core/fastfetch/host/nix.txt diff --git a/common/fastfetch/host/proxy.txt b/home/toph/common/core/fastfetch/host/proxy.txt similarity index 100% rename from common/fastfetch/host/proxy.txt rename to home/toph/common/core/fastfetch/host/proxy.txt diff --git a/common/fastfetch/host/rune.txt b/home/toph/common/core/fastfetch/host/rune.txt similarity index 100% rename from common/fastfetch/host/rune.txt rename to home/toph/common/core/fastfetch/host/rune.txt diff --git a/home/toph/common/core/fastfetch/host/vm.txt b/home/toph/common/core/fastfetch/host/vm.txt new file mode 100644 index 0000000..d5c8e8f --- /dev/null +++ b/home/toph/common/core/fastfetch/host/vm.txt @@ -0,0 +1,13 @@ + + [?25l ▄▄▄ ▄▄▄ ▄▄▄  + ▄▄▄▄ ▄▄▄▄▄▄▄  + ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄  + ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄░▄  + ▄▄▄▄▄ ▄▄▄▄▄▄  + ▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄░ + ▄▄▄▄▄▄ ▄▄▄  + ░▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  + ▄ ▄▄▄▄▄▄▄▄▄░░▄▄▄▄  + ▄▄▄▄▄▄▄ ▄░▄  + ▄▄▄ ▄▄▄▄ ▄▄▄  + [?25h \ No newline at end of file diff --git a/home/toph/common/core/fish/default.nix b/home/toph/common/core/fish/default.nix new file mode 100644 index 0000000..5b86fa7 --- /dev/null +++ b/home/toph/common/core/fish/default.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + fishPlugins.grc + fishPlugins.tide + grc + ]; + + programs.fish = { + enable = true; + interactiveShellInit = builtins.readFile ./init.fish; + plugins = [ + # Enable a plugin (here grc for colorized command output) from nixpkgs + { + name = "grc"; + src = pkgs.fishPlugins.grc.src; + } + { + name = "tide"; + src = pkgs.fishPlugins.tide.src; + } + ]; + shellInit = '' + source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish" + ''; + }; +} diff --git a/common/fish/init.fish b/home/toph/common/core/fish/init.fish similarity index 100% rename from common/fish/init.fish rename to home/toph/common/core/fish/init.fish diff --git a/home/toph/common/core/fonts.nix b/home/toph/common/core/fonts.nix new file mode 100644 index 0000000..01d1710 --- /dev/null +++ b/home/toph/common/core/fonts.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + fonts.fontconfig.enable = true; + home.packages = with pkgs; [ + noto-fonts + nerd-fonts.fira-code + meslo-lgs-nf + monocraft + ]; +} diff --git a/home/toph/common/core/git.nix b/home/toph/common/core/git.nix new file mode 100644 index 0000000..93bff5c --- /dev/null +++ b/home/toph/common/core/git.nix @@ -0,0 +1,89 @@ +# git is core no matter what but additional settings may could be added made in optional/foo eg: development.nix +{ + pkgs, + lib, + config, + inputs, + ... +}: +{ + programs.git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + + userName = "[REDACTED]"; + userEmail = "[REDACTED]"; + + ignores = [ + ".csvignore" + # nix + "*.drv" + "result" + # python + "*.py?" + "__pycache__/" + ".venv/" + # direnv + ".direnv" + ]; + + # Anytime I use auth, I want to use my yubikey. But I don't want to always be having to touch it + # for things that don't need it. So I have to hardcode repos that require auth, and default to ssh for + # actions that require auth. + extraConfig = { + core.pager = "delta"; + delta = { + enable = true; + features = [ + "side-by-side" + "line-numbers" + "hyperlinks" + "line-numbers" + "commit-decoration" + ]; + }; + + url = lib.optionalAttrs (!config.hostSpec.isMinimal) { + # Only force ssh if it's not minimal + "ssh://git@github.com" = { + pushInsteadOf = "https://github.com"; + }; + "ssh://git@ryot.foo.com" = { + pushInsteadOf = "https://git.ryot.foo"; + }; + }; + + # pre-emptively ignore mac crap + core.excludeFiles = builtins.toFile "global-gitignore" '' + .DS_Store + .DS_Store? + ._* + .Spotlight-V100 + .Trashes + ehthumbs.db + Thumbs.db + node_modules + ''; + core.attributesfile = builtins.toFile "global-gitattributes" '' + Cargo.lock -diff + flake.lock -diff + *.drawio -diff + *.svg -diff + *.json diff=json + *.bin diff=hex difftool=hex + *.dat diff=hex difftool=hex + *aarch64.bin diff=objdump-aarch64 difftool=objdump-aarch64 + *arm.bin diff=objdump-arm difftool=objdump-arm + *x64.bin diff=objdump-x86_64 difftool=objdump-x64 + *x86.bin diff=objdump-x86 difftool=objdump-x86 + ''; + + extraConfig = { + init = { + defaultBranch = "main"; + }; + }; + }; + }; + +} diff --git a/home/toph/common/core/ranger.nix b/home/toph/common/core/ranger.nix new file mode 100644 index 0000000..22eda61 --- /dev/null +++ b/home/toph/common/core/ranger.nix @@ -0,0 +1,26 @@ +{ + programs.ranger = { + enable = true; + plugins = [ + { + name = "zoxide"; + src = builtins.fetchGit { + url = "https://github.com/jchook/ranger-zoxide.git"; + rev = "281828de060299f73fe0b02fcabf4f2f2bd78ab3"; + }; + } + { + name = "archives"; + src = builtins.fetchGit { + url = "https://github.com/maximtrp/ranger-archives.git"; + rev = "b4e136b24fdca7670e0c6105fb496e5df356ef25"; + }; + } + ]; + settings = { + show_hidden = true; + # preview_images = true; + # preview_images_method = w3m; + }; + }; +} diff --git a/home/toph/common/core/screen.nix b/home/toph/common/core/screen.nix new file mode 100644 index 0000000..7c2592a --- /dev/null +++ b/home/toph/common/core/screen.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + home.packages = [ pkgs.screen ]; + home.file.".screenrc".text = '' + startup_message off + defbce on + setenv TERM xterm-256color + ''; +} diff --git a/home/toph/common/core/ssh.nix b/home/toph/common/core/ssh.nix new file mode 100644 index 0000000..88e78a0 --- /dev/null +++ b/home/toph/common/core/ssh.nix @@ -0,0 +1,26 @@ +{ + config, + inputs, + lib, + ... +}: +{ + programs.ssh = { + enable = true; + # Avoids infinite hang if control socket connection interrupted. ex: vpn goes down/up + serverAliveCountMax = 3; + serverAliveInterval = 5; + addKeysToAgent = "yes"; + + extraConfig = '' + IdentityFile ~/.ssh/pve + UpdateHostKeys ask + ''; + + matchBlocks = { + "git.ryot.foo" = { + identityFile = "~/git/.ssh/git"; + }; + }; + }; +} diff --git a/home/toph/common/core/zoxide.nix b/home/toph/common/core/zoxide.nix new file mode 100644 index 0000000..3f02805 --- /dev/null +++ b/home/toph/common/core/zoxide.nix @@ -0,0 +1,10 @@ +{ + programs.zoxide = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + options = [ + "--cmd cd" # replace cd with z and zi (via cdi) + ]; + }; +} diff --git a/home/toph/common/optional/browsers/chromium.nix b/home/toph/common/optional/browsers/chromium.nix new file mode 100644 index 0000000..7dddb39 --- /dev/null +++ b/home/toph/common/optional/browsers/chromium.nix @@ -0,0 +1,9 @@ +{ + programs.chromium = { + enable = true; + commandLineArgs = [ + "--no-default-browser-check" + "--restore-last-session" + ]; + }; +} diff --git a/home/toph/common/optional/browsers/default.nix b/home/toph/common/optional/browsers/default.nix new file mode 100644 index 0000000..17e6227 --- /dev/null +++ b/home/toph/common/optional/browsers/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./chromium.nix + ./zen.nix + ]; +} diff --git a/home/toph/common/optional/browsers/zen.nix b/home/toph/common/optional/browsers/zen.nix new file mode 100644 index 0000000..8e87845 --- /dev/null +++ b/home/toph/common/optional/browsers/zen.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + inputs, + ... +}: +{ + home.packages = builtins.attrValues { + inherit (inputs.zen-browser.packages."${pkgs.system}") + twilight + ; + }; + + xdg.mimeApps.defaultApplications = { + "text/html" = [ "zen.desktop" ]; + "text/xml" = [ "zen.desktop" ]; + "x-scheme-handler/http" = [ "zen.desktop" ]; + "x-scheme-handler/https" = [ "zen.desktop" ]; + }; +} diff --git a/home/toph/common/optional/desktops/default.nix b/home/toph/common/optional/desktops/default.nix new file mode 100644 index 0000000..174d62c --- /dev/null +++ b/home/toph/common/optional/desktops/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./gnome + # ./hyprland + ]; +} diff --git a/host/rune/modules/gnome/home.nix b/home/toph/common/optional/desktops/gnome/default.nix similarity index 100% rename from host/rune/modules/gnome/home.nix rename to home/toph/common/optional/desktops/gnome/default.nix diff --git a/home/toph/common/optional/development/default.nix b/home/toph/common/optional/development/default.nix new file mode 100644 index 0000000..f92dd49 --- /dev/null +++ b/home/toph/common/optional/development/default.nix @@ -0,0 +1,45 @@ +# Development utilities I want across all systems +{ + lib, + pkgs, + ... +}: +{ + imports = lib.custom.scanPaths ./.; + + home.packages = lib.flatten [ + (builtins.attrValues { + inherit (pkgs) + # Development + direnv + delta # diffing + gh # github cli + + logisim-evolution + mcaselector + prettierd + + # nix + nixpkgs-review + nixfmt-rfc-style + + # networking + nmap + + # Diffing + difftastic + + # serial debugging + screen + + # Standard man pages for linux API + man-pages + man-pages-posix + ; + inherit (pkgs.jetbrains) + idea-ultimate + jetbrains-toolbox + ; + }) + ]; +} diff --git a/home/toph/common/optional/development/vscode.nix b/home/toph/common/optional/development/vscode.nix new file mode 100644 index 0000000..f1e201d --- /dev/null +++ b/home/toph/common/optional/development/vscode.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + programs.vscode = { + enable = true; + # extensions = with pkgs.vscode-extensions; [ + # # bbenoist.Nix + # # brettm12345.nixfmt-vscode + # ]; + }; +} diff --git a/home/toph/common/optional/foot/default.nix b/home/toph/common/optional/foot/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/home/toph/common/optional/gaming/default.nix b/home/toph/common/optional/gaming/default.nix new file mode 100644 index 0000000..b7c261f --- /dev/null +++ b/home/toph/common/optional/gaming/default.nix @@ -0,0 +1,44 @@ +# This module just provides a customized .desktop file with gamescope args dynamically created based on the +# host's monitors configuration +{ + pkgs, + config, + lib, + ... +}: + +let + monitor = lib.head (lib.filter (m: m.primary) config.monitors); + + steam-session = + let + gamescope = lib.concatStringsSep " " [ + (lib.getExe pkgs.gamescope) + "--output-width ${toString monitor.width}" + "--output-height ${toString monitor.height}" + "--framerate-limit ${toString monitor.refreshRate}" + "--prefer-output ${monitor.name}" + "--adaptive-sync" + "--expose-wayland" + "--steam" + "--hdr-enabled" + ]; + steam = lib.concatStringsSep " " [ + "steam" + #"steam://open/bigpicture" + ]; + in + pkgs.writeTextDir "share/applications/steam-session.desktop" '' + [Desktop Entry] + Name=Steam Session + Exec=${gamescope} -- ${steam} + Icon=steam + Type=Application + ''; +in +{ + home.packages = [ + steam-session + prismlauncher + ]; +} diff --git a/common/vscode-server/default.nix b/home/toph/common/optional/vscode-server/default.nix similarity index 100% rename from common/vscode-server/default.nix rename to home/toph/common/optional/vscode-server/default.nix diff --git a/home/toph/common/optional/xdg.nix b/home/toph/common/optional/xdg.nix new file mode 100644 index 0000000..e62bf52 --- /dev/null +++ b/home/toph/common/optional/xdg.nix @@ -0,0 +1,52 @@ +{ + pkgs, + config, + ... +}: +let + # FIXME(xdg): That should use config options and just reference whatever is configured as the default + browser = [ "zen.desktop" ]; + editor = [ "code.desktop" ]; + # Extensive list of associations here: + # https://github.com/iggut/GamiNiX/blob/8070528de419703e13b4d234ef39f05966a7fafb/system/desktop/home-main.nix#L77 + associations = { + "text/*" = editor; + "text/plain" = editor; + + # "text/html" = browser; + "application/x-zerosize" = editor; # empty files + + "application/x-shellscript" = editor; + "application/x-perl" = editor; + "application/json" = editor; + "application/x-extension-htm" = browser; + "application/x-extension-html" = browser; + "application/x-extension-shtml" = browser; + "application/xhtml+xml" = browser; + "application/x-extension-xhtml" = browser; + "application/x-extension-xht" = browser; + "application/pdf" = browser; + + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + + "image/*" = browser; + }; + +in +{ + # Enables app shorcuts + targets.genericLinux.enable = true; + xdg.mime.enable = true; + xdg.mimeApps.enable = true; + xdg.mimeApps.defaultApplications = associations; + xdg.mimeApps.associations.added = associations; + xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ]; + + home.packages = builtins.attrValues { + inherit (pkgs) + handlr-regex # better xdg-open for desktop apps + ; + }; + +} diff --git a/home/toph/rune/default.nix b/home/toph/rune/default.nix new file mode 100644 index 0000000..3e291b7 --- /dev/null +++ b/home/toph/rune/default.nix @@ -0,0 +1,69 @@ +{ pkgs, ... }: +{ + imports = [ + ## Required Configs ## + ../common/core # required + + ## Host-specific Optional Configs ## + ../common/optional/browsers + ../common/optional/desktops + ../common/optional/development + ../common/optional/gaming + ../common/optional/xdg.nix # file associations + ]; + + ## Packages with no needed configs ## + home.packages = builtins.attrValues { + inherit (pkgs) + ## Media ## + ffmpeg + spotify + gpu-screen-recorder-gtk + + ## Social ## + telegram-desktop + vesktop + + ## Tools ## + bitwarden-desktop + inspector + wezterm + + ## Productivity ## + gimp + inkscape + + ## Fonts ## + monocraft + nerd-fonts + ; + }; + + dconf.settings = { + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ + "qemu:///session" + "qemu:///system" + ]; + uris = [ + "qemu:///session" + "qemu:///system" + ]; + }; + }; + + xdg.desktopEntries = { + win11 = { + name = "Windows 11"; + comment = "Windows 11 VM"; + exec = "virt-manager --connect qemu:///system --show-domain-console win11-sys"; + icon = "windows95"; + type = "Application"; + terminal = false; + categories = [ + "System" + "Application" + ]; + }; + }; +} diff --git a/home/toph/vm/default.nix b/home/toph/vm/default.nix new file mode 100644 index 0000000..e82bf61 --- /dev/null +++ b/home/toph/vm/default.nix @@ -0,0 +1,25 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ## Required Configs ## + ../common/core # required + + ## Host-specific Optional Configs ## + ../common/optional/browsers + ../common/optional/desktops + + ../common/optional/xdg.nix # file associations + ]; + + ## Packages with no needed configs ## + home.packages = builtins.attrValues { + inherit (pkgs) + ## Tools ## + inspector + wezterm + ; + }; +} diff --git a/host/caenus/default.nix b/host/caenus/default.nix deleted file mode 100644 index 82a8d88..0000000 --- a/host/caenus/default.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - hostName, - lib, - modulesPath, - pkgs, - ... -}: -{ - ## MODULES & IMPORTS ## - - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - # ../../common/acme - ../../common/ssh - - # Import hardware configuration. - ./hardware.nix - - # Local Modules - ./modules/frp - # ./modules/nginx - ]; - - ## BOOTLOADER ## - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - ## NETWORKING ## - networking.firewall = { - allowedTCPPorts = [ - 22 - 80 - 443 - 4040 - 25565 - ]; - allowedUDPPorts = [ 4040 ]; - }; - - ## SSH Override ## - services.openssh = { - settings = { - PermitRootLogin = lib.mkForce "yes"; - }; - }; - - ## ENVIORMENT & PACKAGES ## - environment.systemPackages = with pkgs; [ - git - micro - openssh - ranger - sshfs - wget - ]; - - environment.variables = { - HOSTNAME = hostName; - }; -} diff --git a/host/caenus/home/default.nix b/host/caenus/home/default.nix deleted file mode 100644 index 5721ce6..0000000 --- a/host/caenus/home/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - ../../../common/git - ]; - - home.packages = with pkgs; [ - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - grc - ]; - - home.file = { - git.dotfiles.source = builtins.fetchGit { - url = "git@github.com:TophC7/dotfiles.git"; - ref = "hosts"; - rev = "4c2f9faf24e2e90fb7b0b4bce7560da39cbb814a"; - }; - }; - -} diff --git a/host/caenus/modules/frp/default.nix b/host/caenus/modules/frp/default.nix deleted file mode 100644 index 67427c2..0000000 --- a/host/caenus/modules/frp/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - services.frp = { - enable = true; - role = "server"; - settings = { - bindPort = 4040; - auth = { - method = "token"; - token = builtins.readFile ./frp.token; - }; - }; - }; -} \ No newline at end of file diff --git a/host/caenus/modules/frp/frp.token b/host/caenus/modules/frp/frp.token deleted file mode 100644 index 862383d..0000000 --- a/host/caenus/modules/frp/frp.token +++ /dev/null @@ -1 +0,0 @@ -$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu \ No newline at end of file diff --git a/host/caenus/modules/frp/frp.token.example b/host/caenus/modules/frp/frp.token.example deleted file mode 100644 index d4aa30e..0000000 --- a/host/caenus/modules/frp/frp.token.example +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/host/caenus/modules/nginx/default.nix b/host/caenus/modules/nginx/default.nix deleted file mode 100644 index 9d681e4..0000000 --- a/host/caenus/modules/nginx/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - users.users.nginx.extraGroups = [ "acme" ]; - - # Nginx - services.nginx = { - enable = true; - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts = { - "ryot.foo" = { - http2 = true; - forceSSL = true; - useACMEHost = "ryot.foo"; - locations."/".proxyPass = "http://0.0.0.0:8080"; - }; - - "*.ryot.foo" = { - http2 = true; - forceSSL = true; - useACMEHost = "ryot.foo"; - locations."/" = { - proxyPass = "http://0.0.0.0:8080"; - proxyWebsockets = true; - extraConfig = '' - proxy_ssl_server_name on; - proxy_pass_header Authorization; - ''; - }; - }; - }; - }; -} \ No newline at end of file diff --git a/host/cloud/default.nix b/host/cloud/default.nix deleted file mode 100644 index a15a315..0000000 --- a/host/cloud/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - modulesPath, - config, - pkgs, - hostName, - admin, - ... -}: -{ - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/acme - ../../common/lxc - ../../common/ssh - - # Import hardware configuration. - ./hardware.nix - - # Local Modules - - # cron - ./modules/cron - # Filerun - ./modules/filerun - # Logrotate - ./modules/logrotate - # Caddy - ./modules/caddy - # Snapraid-runner - ./modules/snapraid - ]; - - ## NETWORKING ## - networking.firewall = { - allowedTCPPorts = [ - 22 - 80 - 443 - 8181 - ]; - allowedUDPPorts = [ ]; - }; - - ## USERS ## - users.users.${admin}.extraGroups = [ "docker" ]; - - ## ENVIORMENT & PACKAGES ## - nixpkgs.overlays = [ (import ../../nix/overlays) ]; - environment.systemPackages = with pkgs; [ - arion - git - mergerfs - micro - openssh - ranger - sshfs - snapraid - snapraid-runner - wget - ]; - - environment.variables = { - HOSTNAME = hostName; - }; -} diff --git a/host/cloud/hardware.nix b/host/cloud/hardware.nix deleted file mode 100644 index 862bd35..0000000 --- a/host/cloud/hardware.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - admin, - ... -}: -{ - # for sshfs - programs.fuse.userAllowOther = true; - - # TODO: use tempfls to set the acls in nix config - fileSystems = { - "/pool" = { - fsType = "fuse.mergerfs"; - device = "/mnt/data*"; - options = [ - "cache.files=auto-full" - "defaults" - "allow_other" - "minfreespace=50G" - "fsname=mergerfs" - "category.create=mfs" - "nonempty" - "uid=1000" - "gid=1004" # Ryot group - "posix_acl=true" - ]; - }; - - "/home/${admin}/git" = { - fsType = "none"; - device = "/pool/git"; - options = [ - "bind" - "nofail" - ]; - }; - }; -} diff --git a/host/cloud/home/default.nix b/host/cloud/home/default.nix deleted file mode 100644 index c073ee2..0000000 --- a/host/cloud/home/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - ]; - - home.packages = with pkgs; [ - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - grc - lazydocker - ]; -} \ No newline at end of file diff --git a/host/cloud/modules/caddy/default.nix b/host/cloud/modules/caddy/default.nix deleted file mode 100644 index 4f62187..0000000 --- a/host/cloud/modules/caddy/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - services.caddy = { - enable = true; - virtualHosts = { - "drive.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://localhost:8181 { - header_up Host {host} - # header_up X-Forwarded-For {remote} - # header_up X-Forwarded-Proto {scheme} - # header_up X-Forwarded-Protocol {scheme} - # header_up X-Forwarded-Port {server_port} - } - ''; - }; - }; - }; -} diff --git a/host/cloud/modules/cron/default.nix b/host/cloud/modules/cron/default.nix deleted file mode 100644 index 327e2da..0000000 --- a/host/cloud/modules/cron/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - services.cron = { - enable = true; - systemCronJobs = [ - # Runs snapraid-runner every day at 3am - "0 3 * * * root snapraid-runner" - # Runs a backup of the Docker storage directory every Monday at 4am - "0 4 * * 0 root tar -Pzcf /pool/Backups/DockerStorage/DockerStorage.tar.gz -C /mnt/drive1/DockerStorage ." - # Runs a backup of the forgejo directory every 2 days at 4am - "0 4 */2 * * root tar -Pzcf /pool/Backups/forgejo/forgejo.tar.gz -C /pool/forgejo ." - ]; - }; -} diff --git a/host/cloud/modules/filerun/.env b/host/cloud/modules/filerun/.env deleted file mode 100644 index 0aa8fff..0000000 --- a/host/cloud/modules/filerun/.env +++ /dev/null @@ -1,4 +0,0 @@ -DB_NAME=filerun -DB_USER=admin -DB_PASS=m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY -DB_ROOT_PASS=pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm \ No newline at end of file diff --git a/host/cloud/modules/filerun/arion-compose.nix b/host/cloud/modules/filerun/arion-compose.nix deleted file mode 100644 index 94920eb..0000000 --- a/host/cloud/modules/filerun/arion-compose.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - services = { - db.service = { - image = "mariadb:10.11"; - user = "1000:1004"; - environment = { - MYSQL_ROOT_PASSWORD = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm"; - MYSQL_USER = "admin"; - MYSQL_PASSWORD = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; - MYSQL_DATABASE = "filerun"; - }; - volumes = [ - "/pool/filerun/db:/var/lib/mysql" - ]; - }; - - web.service = { - image = "filerun/filerun:8.1"; - user = "root"; - tty = true; - environment = { - FR_DB_HOST = "db"; - FR_DB_PORT = "3306"; - FR_DB_NAME = "filerun"; - FR_DB_USER = "admin"; - FR_DB_PASS = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; - APACHE_RUN_USER = "toph"; - APACHE_RUN_USER_ID = "1000"; - APACHE_RUN_GROUP = "ryot"; - APACHE_RUN_GROUP_ID = "1004"; - }; - depends_on = [ "db" ]; - ports = [ "8181:80" ]; - volumes = [ - "/pool/filerun/html:/var/www/html" - "/pool/filerun/user-files:/user-files" - "/pool/:/pool" - ]; - }; - }; -} diff --git a/host/cloud/modules/filerun/arion-compose.yml b/host/cloud/modules/filerun/arion-compose.yml deleted file mode 100644 index 9cf3794..0000000 --- a/host/cloud/modules/filerun/arion-compose.yml +++ /dev/null @@ -1,58 +0,0 @@ -{ - "networks": { "default": { "name": "filerun" } }, - "services": - { - "db": - { - "environment": - { - "MYSQL_DATABASE": "filerun", - "MYSQL_PASSWORD": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY", - "MYSQL_ROOT_PASSWORD": "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm", - "MYSQL_USER": "admin", - }, - "image": "mariadb:10.11", - "sysctls": {}, - "user": "1000:1004", - "volumes": ["/pool/filerun/db:/var/lib/mysql"], - }, - "web": - { - "depends_on": ["db"], - "environment": - { - "APACHE_RUN_GROUP": "ryot", - "APACHE_RUN_GROUP_ID": "1004", - "APACHE_RUN_USER": "toph", - "APACHE_RUN_USER_ID": "1000", - "FR_DB_HOST": "db", - "FR_DB_NAME": "filerun", - "FR_DB_PASS": "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY", - "FR_DB_PORT": "3306", - "FR_DB_USER": "admin", - }, - "image": "filerun/filerun:8.1", - "ports": ["8181:80"], - "sysctls": {}, - "tty": true, - "user": "root", - "volumes": - [ - "/pool/filerun/html:/var/www/html", - "/pool/filerun/user-files:/user-files", - ], - }, - }, - "version": "3.4", - "volumes": {}, - "x-arion": - { - "images": [], - "project": { "name": "filerun" }, - "serviceInfo": - { - "db": { "defaultExec": ["/bin/sh"] }, - "web": { "defaultExec": ["/bin/sh"] }, - }, - }, -} diff --git a/host/cloud/modules/filerun/compose.yml b/host/cloud/modules/filerun/compose.yml deleted file mode 100644 index 66bffbf..0000000 --- a/host/cloud/modules/filerun/compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: filerun -services: - db: - image: mariadb:10.5 - user: 1001:1004 - environment: - MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_USER: ${DB_USER} - MYSQL_PASSWORD: ${DB_PASS} - MYSQL_DATABASE: ${DB_NAME} - restart: unless-stopped - volumes: - - /pool/filerun/db:/var/lib/mysql - - web: - image: filerun/filerun:8.1 - user: root - environment: - FR_DB_HOST: db - FR_DB_PORT: 3306 - FR_DB_NAME: ${DB_NAME} - FR_DB_USER: ${DB_USER} - FR_DB_PASS: ${DB_PASS} - APACHE_RUN_USER: toph - APACHE_RUN_USER_ID: 1001 - APACHE_RUN_GROUP: toph - APACHE_RUN_GROUP_ID: 1004 - depends_on: - - db - links: - - db:db - ports: - - "8181:80" - restart: unless-stopped - volumes: - - /pool/filerun/html:/var/www/html - - /pool/filerun/user-files:/user-files diff --git a/host/cloud/modules/filerun/default.nix b/host/cloud/modules/filerun/default.nix deleted file mode 100644 index 4367e31..0000000 --- a/host/cloud/modules/filerun/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - - imports = - let - commit = "9f01fb79f61f53fe31d5ef831e420ab9ad252b99"; - in - [ - "${ - builtins.fetchTarball { - name = "arion-v0.2.2.0"; - url = "https://github.com/hercules-ci/arion/archive/${commit}.tar.gz"; - # obtained via nix-prefetch-url --unpack - sha256 = "1y2wi9kjb1agrvzaj6417lap4qg969hdfz3cmw3v3sz1q5mqcaw5"; - } - }/nixos-module.nix" - ]; - - virtualisation.docker.enable = true; - virtualisation.arion = { - backend = "docker"; # or "docker" - projects.filerun = { - # serviceName = "filerun"; - settings = { - # Specify you project here, or import it from a file. - imports = [ ./arion-compose.nix ]; - }; - }; - }; -} diff --git a/host/cloud/modules/filerun/oci.nix b/host/cloud/modules/filerun/oci.nix deleted file mode 100644 index 84d4cac..0000000 --- a/host/cloud/modules/filerun/oci.nix +++ /dev/null @@ -1,126 +0,0 @@ -# Auto-generated using compose2nix v0.3.1. -{ pkgs, lib, ... }: - -{ - # Runtime - virtualisation.docker = { - enable = true; - autoPrune.enable = true; - }; - virtualisation.oci-containers.backend = "docker"; - - # Containers - virtualisation.oci-containers.containers."filerun-db" = { - image = "mariadb:10.5"; - environment = { - "MYSQL_DATABASE" = "filerun"; - "MYSQL_PASSWORD" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; - "MYSQL_ROOT_PASSWORD" = "pHUlPjDwhfpfAJPlF/FYN8q5w2R+0/U4aosJ5FOBPIejHkmm"; - "MYSQL_USER" = "admin"; - }; - volumes = [ - "/pool/filerun/db:/var/lib/mysql:rw" - ]; - user = "root"; - log-driver = "journald"; - extraOptions = [ - "--network-alias=db" - "--network=filerun_default" - ]; - }; - systemd.services."docker-filerun-db" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-filerun_default.service" - ]; - requires = [ - "docker-network-filerun_default.service" - ]; - partOf = [ - "docker-compose-filerun-root.target" - ]; - wantedBy = [ - "docker-compose-filerun-root.target" - ]; - }; - virtualisation.oci-containers.containers."filerun-web" = { - image = "filerun/filerun:8.1"; - environment = { - "APACHE_RUN_GROUP" = "toph"; - "APACHE_RUN_GROUP_ID" = "100"; - "APACHE_RUN_USER" = "toph"; - "APACHE_RUN_USER_ID" = "1000"; - "FR_DB_HOST" = "db"; - "FR_DB_NAME" = "filerun"; - "FR_DB_PASS" = "m3kItsvjLTYWtYX1TQLxwAKBWDVnWsezPR3vtVS+rsHUlazY"; - "FR_DB_PORT" = "3306"; - "FR_DB_USER" = "admin"; - }; - volumes = [ - "/pool/filerun/html:/var/www/html:rw" - "/pool/filerun/user-files:/user-files:rw" - ]; - ports = [ - "8181:80/tcp" - ]; - dependsOn = [ - "filerun-db" - ]; - user = "root"; - log-driver = "journald"; - extraOptions = [ - "--network-alias=web" - "--network=filerun_default" - ]; - }; - systemd.services."docker-filerun-web" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-filerun_default.service" - ]; - requires = [ - "docker-network-filerun_default.service" - ]; - partOf = [ - "docker-compose-filerun-root.target" - ]; - wantedBy = [ - "docker-compose-filerun-root.target" - ]; - }; - - # Networks - systemd.services."docker-network-filerun_default" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "docker network rm -f filerun_default"; - }; - script = '' - docker network inspect filerun_default || docker network create filerun_default - ''; - partOf = [ "docker-compose-filerun-root.target" ]; - wantedBy = [ "docker-compose-filerun-root.target" ]; - }; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - systemd.targets."docker-compose-filerun-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; -} diff --git a/host/cloud/modules/logrotate/default.nix b/host/cloud/modules/logrotate/default.nix deleted file mode 100644 index c43432a..0000000 --- a/host/cloud/modules/logrotate/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.logrotate = { - enable = true; - configFile = ./logrotate.conf; - }; -} \ No newline at end of file diff --git a/host/cloud/modules/logrotate/logrotate.conf b/host/cloud/modules/logrotate/logrotate.conf deleted file mode 100644 index 1957fe9..0000000 --- a/host/cloud/modules/logrotate/logrotate.conf +++ /dev/null @@ -1,18 +0,0 @@ -dateext -missingok -notifempty -rotate 4 - -"/pool/Backups/DockerStorage/DockerStorage.tar.gz" { - weekly - rotate 8 - nocompress - su root root -} - -"/pool/Backups/forgejo/forgejo.tar.gz" { - daily - rotate 20 - nocompress - su root root -} \ No newline at end of file diff --git a/host/cloud/modules/snapraid/default.nix b/host/cloud/modules/snapraid/default.nix deleted file mode 100644 index 721c12d..0000000 --- a/host/cloud/modules/snapraid/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, ... }: - -{ - environment.etc."snapraid.conf".text = builtins.readFile ./snapraid.conf; - environment.etc."snapraid-runner.conf".text = '' - [snapraid] - executable = ${pkgs.snapraid}/bin/snapraid - config = /etc/snapraid.conf - deletethreshold = 40 - touch = false - - [logging] - file = /var/log/snapraid-runner.log - maxsize = 5000 - - [email] - sendon = - short = true - subject = [SnapRAID] Status Report: - from = cloud@ryot.foo - to = [REDACTED] - maxsize = 500 - - [smtp] - host = ryot.foo - port = - ssl = true - tls = true - user = admin - password = [REDACTED] - - [scrub] - enabled = true - plan = 12 - older-than = 10 - ''; -} diff --git a/host/cloud/modules/snapraid/snapraid.conf b/host/cloud/modules/snapraid/snapraid.conf deleted file mode 100644 index eca65b5..0000000 --- a/host/cloud/modules/snapraid/snapraid.conf +++ /dev/null @@ -1,21 +0,0 @@ -## /etc/snapraid.conf ## - -# Defines the file to use as parity storage -parity /mnt/parity/snapraid.parity - -# Defines the files to use as content list -content /var/snapraid.content -content /mnt/drive1/snapraid.content -content /mnt/drive2/snapraid.content -content /mnt/drive3/snapraid.content -content /mnt/parity/snapraid.content - -# Defines the data disks to use -data d1 /mnt/drive1/ -data d2 /mnt/drive2/ -data d3 /mnt/drive3/ - -# Defines files and directories to exclude -exclude *.unrecoverable -exclude /tmp/ -exclude /lost+found/ \ No newline at end of file diff --git a/host/haze/default.nix b/host/haze/default.nix deleted file mode 100644 index fc73cb0..0000000 --- a/host/haze/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - modulesPath, - config, - pkgs, - hostName, - user, - ... -}: -{ - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/ssh - - # Import hardware configuration. - ./hardware.nix - - # Modules - ./modules/steam - ./modules/gnome - ]; - - ## USERS ## - users.mutableUsers = false; - users.users."${user}" = { - isNormalUser = true; - createHome = true; - description = "${user}"; - homeMode = "750"; - home = "/home/${user}"; - password = "198913"; - extraGroups = [ - "networkmanager" - "wheel" - "i2c" - ]; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - ]; - }; - - ## NETWORKING ## - networking.networkmanager.enable = true; - - ## ENVIORMENT & PACKAGES ## - environment.systemPackages = with pkgs; [ - ddcutil - git - micro - nixfmt-rfc-style - openssh - ranger - sshfs - wezterm - wget - ]; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - programs.java = { - enable = true; - package = pkgs.jdk; - }; - - environment.variables = { - HOSTNAME = hostName; - GTK_THEME = "Gruvbox-Dark"; - }; -} diff --git a/host/haze/hardware.nix b/host/haze/hardware.nix deleted file mode 100644 index ce7c06b..0000000 --- a/host/haze/hardware.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ - config, - lib, - pkgs, - modulesPath, - admin, - ... -}: -{ - - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - # Bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usb_storage" - "usbhid" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - boot.kernelModules = [ - "kvm-amd" - "i2c-dev" - ]; - - # for ddcutil to work - hardware.i2c.enable = true; - services.udev.extraRules = '' - KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660" - ''; - - programs.fuse.userAllowOther = true; - - fileSystems = { - # "/" = { - # device = "/dev/disk/by-uuid/28a9ac4d-1e87-4731-9c06-916711d83cb2"; - # fsType = "ext4"; - # }; - - # "/boot" = { - # device = "/dev/disk/by-uuid/B182-E50E"; - # fsType = "vfat"; - # options = [ - # "fmask=0077" - # "dmask=0077" - # ]; - # }; - - "/pool" = { - device = "${admin}@104.40.4.24:/pool"; - fsType = "sshfs"; - options = [ - "defaults" - "reconnect" - "_netdev" - "allow_other" - "identityfile=/home/${admin}/.ssh/pve" - ]; - }; - - "/home/${admin}/git" = { - fsType = "none"; - device = "/pool/git"; - options = [ - "bind" - "nofail" - ]; - }; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/81b6fa27-af94-41d4-9070-8754087a4c26"; } ]; - - networking.useDHCP = lib.mkDefault true; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/host/haze/home/default.nix b/host/haze/home/default.nix deleted file mode 100644 index 26e0fb8..0000000 --- a/host/haze/home/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - pkgs, - zen, - config, - ... -}: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - # ../../../common/git - ../../../common/vscode - - # Modules - ../modules/gnome/home.nix - ]; - - # Enables app shorcuts - targets.genericLinux.enable = true; - xdg.mime.enable = true; - xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ]; - - home.packages = with pkgs; [ - chafa - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - grc - inspector - monocraft - nerd-fonts.fira-code - nodejs_22 - pnpm - prettierd - prismlauncher - spotify - telegram-desktop - vesktop - zen - ]; -} diff --git a/host/haze/modules/gnome/default.nix b/host/haze/modules/gnome/default.nix deleted file mode 100644 index e9800c9..0000000 --- a/host/haze/modules/gnome/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ pkgs, ... }: -{ - # Enable the X11 windowing system. - services.xserver = { - enable = true; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - - # Configure keymap in X11 - xkb = { - layout = "us"; - variant = ""; - }; - }; - - services.udev.packages = with pkgs; [ gnome-settings-daemon ]; - - environment.systemPackages = with pkgs; [ - gnome-tweaks - gnomeExtensions.appindicator - gnomeExtensions.blur-my-shell - gnomeExtensions.clipboard-indicator - gnomeExtensions.dash-to-panel - gnomeExtensions.tiling-shell - gnomeExtensions.vitals - ]; - - environment.gnome.excludePackages = ( - with pkgs; - [ - atomix # puzzle game - epiphany # web browser - evince # document viewer - gedit # text editor - gnome-maps - gnome-music - gnome-photos - gnome-tour - gnomeExtensions.applications-menu - gnomeExtensions.launch-new-instance - gnomeExtensions.light-style - gnomeExtensions.places-status-indicator - gnomeExtensions.status-icons - gnomeExtensions.system-monitor - gnomeExtensions.window-list - gnomeExtensions.windownavigator - gnomeExtensions.control-monitor-brightness-and-volume-with-ddcutil - hitori # sudoku game - iagno # go game - tali # poker game - yelp - ] - ); -} diff --git a/host/haze/modules/gnome/home.nix b/host/haze/modules/gnome/home.nix deleted file mode 100644 index 4b993e7..0000000 --- a/host/haze/modules/gnome/home.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -{ - home.packages = with pkgs; [ - gruvbox-gtk-theme - papirus-icon-theme - numix-cursor-theme - ]; - - gtk = { - enable = true; - - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; - - theme = { - name = "Gruvbox-Dark"; - package = pkgs.gruvbox-gtk-theme; - }; - - cursorTheme = { - name = "Numix-Cursor"; - package = pkgs.numix-cursor-theme; - }; - - gtk3.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - - gtk4.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - }; - - dconf = { - enable = true; - settings = { - "org/gnome/shell" = { - - favorite-apps = [ - "org.gnome.Nautilus.desktop" - "org.wezfurlong.wezterm.desktop" - "zen.desktop" - "spotify.desktop" - "vesktop.desktop" - "org.telegram.desktop.desktop" - "code.desktop" - "Marvel Rivals.desktop" - "steam.desktop" - ]; - - disable-user-extensions = false; - enabled-extensions = with pkgs.gnomeExtensions; [ - appindicator.extensionUuid - blur-my-shell.extensionUuid - clipboard-indicator.extensionUuid - dash-to-panel.extensionUuid - native-window-placement.extensionUuid - screenshot-window-sizer.extensionUuid - tiling-shell.extensionUuid - user-themes.extensionUuid - vitals.extensionUuid - control-monitor-brightness-and-volume-with-ddcutil.extensionUuid - ]; - }; - - ## Fix some annoying keybindings - "org/gnome/desktop/wm/keybindings" = { - close = [ "q" ]; - switch-to-workspace-up = [ "" ]; - switch-to-workspace-down = [ "" ]; - shift-overview-up = [ "" ]; - shift-overview-down = [ "" ]; - toggle-application-view = [ "" ]; - toggle-message-tray = [ "a" ]; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings" = { - custom0 = "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - name = "Terminal"; - command = "wezterm"; - binding = "t"; - }; - - "org/gnome/desktop/peripherals/mouse" = { - speed = 0.0; - natural-scroll = false; - accel-profile = "flat"; - }; - - "org/gnome/desktop/input-sources/xkb-options" = { - xkb-options = [ - "compose:menu" - "lv3:ralt_switch" - "terminate:ctrl_alt_bksp" - ]; - }; - - "org/gnome/shell/extensions/clipboard-indicator" = { - toggle-menu = [ "v" ]; - cache-size = 120; - history-size = 40; - pinned-on-bottom = true; - }; - - "org/gnome/shell/extensions/blur-my-shell/panel" = { - static-blur = false; - sigma = 50; - }; - - "org/gnome/shell/extensions/dash-to-panel" = { - appicon-margin = 6; - appicon-padding = 8; - dot-position = "TOP"; - dot-style-focused = "DASHES"; - dot-style-unfocused = "DASHES"; - multi-monitors = false; - panel-positions = builtins.toJSON { - "0" = "TOP"; - "1" = "TOP"; - }; - scroll-icon-action = "CYCLE_WINDOWS"; - scroll-panel-action = "SWITCH_WORKSPACE"; - trans-panel-opacity = "0.40"; - trans-use-custom-opacity = true; - tray-padding = 8; - }; - - "org/gnome/shell/extensions/user-theme" = { - name = "Gruvbox-Dark"; - }; - }; - }; -} diff --git a/host/haze/modules/steam/default.nix b/host/haze/modules/steam/default.nix deleted file mode 100644 index 1381b74..0000000 --- a/host/haze/modules/steam/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - programs.steam = { - enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; -} diff --git a/host/komodo/default.nix b/host/komodo/default.nix deleted file mode 100644 index 7b953ea..0000000 --- a/host/komodo/default.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ - modulesPath, - config, - pkgs, - hostName, - ... -}: -{ - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/acme - ../../common/lxc - ../../common/ssh - # ../../common/vscode-server - - # Import hardware configuration. - ./hardware.nix - - # Local Modules - ./modules/caddy - ./modules/frp - # ./modules/forgejo - ./modules/komodo - ]; - - ## NETWORKING ## - networking.firewall = { - allowedTCPPorts = [ - [REDACTED] - [REDACTED] - [REDACTED] - 222 # Forgejo SSH - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - 8080 # File Browser - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - [REDACTED] - ]; - - # Game Server Ports - allowedTCPPortRanges = [ - { - [REDACTED] - [REDACTED] - } - ]; - - allowedUDPPorts = [ - 8089 # Grafana - ]; - }; - - ## ENVIORMENT & PACKAGES ## - environment.systemPackages = with pkgs; [ - compose2nix - git - micro - openssh - ranger - sshfs - wget - ]; - - environment.variables = { - HOSTNAME = hostName; - }; - - ## PROGRAMS & SERVICES ## -} diff --git a/host/komodo/hardware.nix b/host/komodo/hardware.nix deleted file mode 100644 index 4599d76..0000000 --- a/host/komodo/hardware.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - admin, - ... -}: -{ - programs.fuse.userAllowOther = true; - - fileSystems = { - "/pool" = { - device = "${admin}@104.40.4.24:/pool"; - fsType = "sshfs"; - options = [ - "defaults" - "reconnect" - "_netdev" - "allow_other" - "identityfile=/home/${admin}/.ssh/pve" - ]; - }; - - "/home/${admin}/git" = { - fsType = "none"; - device = "/pool/git"; - options = [ - "bind" - "nofail" - ]; - }; - }; -} diff --git a/host/komodo/home/default.nix b/host/komodo/home/default.nix deleted file mode 100644 index 45bd0c5..0000000 --- a/host/komodo/home/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ pkgs, config, ... }: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - ]; - - home.file = { - Pool.source = config.lib.file.mkOutOfStoreSymlink "/pool"; - DockerStorage.source = config.lib.file.mkOutOfStoreSymlink "/mnt/DockerStorage"; - }; - - home.packages = with pkgs; [ - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - grc - lazydocker - ]; -} diff --git a/host/komodo/modules/caddy/default.nix b/host/komodo/modules/caddy/default.nix deleted file mode 100644 index 132134a..0000000 --- a/host/komodo/modules/caddy/default.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ - services.caddy = { - enable = true; - virtualHosts = { - # "ryot.foo" = { - # useACMEHost = "ryot.foo"; - # extraConfig = '' - # reverse_proxy 104.40.4.44:80 - # ''; - # }; - - "auth.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:9000 { - header_up Host {host} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Protocol {scheme} - header_up X-Forwarded-Port {server_port} - } - ''; - }; - - "frp.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:4041 - ''; - }; - - "grafana.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:3001 - ''; - }; - - "git.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:3003 - ''; - }; - - "influx.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:8086 - ''; - }; - - "home.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:7475 - ''; - }; - - "komodo.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:9120 - ''; - }; - - "mail.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:9002 - ''; - }; - - "map.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:25566 - ''; - }; - - "outline.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:3480 - ''; - }; - - "plane.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:3000 - ''; - }; - - "upsnap.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:8090 - ''; - }; - }; - }; -} diff --git a/host/komodo/modules/frp/default.nix b/host/komodo/modules/frp/default.nix deleted file mode 100644 index 25c31f9..0000000 --- a/host/komodo/modules/frp/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - # services.frp = { - # enable = true; - # role = "server"; - # settings = { - # bindPort = 4040; - # auth = { - # method = "token"; - # token = builtins.readFile ./frp.token; - # }; - # }; - # }; -} \ No newline at end of file diff --git a/host/komodo/modules/frp/frp.token b/host/komodo/modules/frp/frp.token deleted file mode 100644 index 862383d..0000000 --- a/host/komodo/modules/frp/frp.token +++ /dev/null @@ -1 +0,0 @@ -$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu \ No newline at end of file diff --git a/host/komodo/modules/frp/frp.token.example b/host/komodo/modules/frp/frp.token.example deleted file mode 100644 index d4aa30e..0000000 --- a/host/komodo/modules/frp/frp.token.example +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/host/komodo/modules/komodo/compose.yaml b/host/komodo/modules/komodo/compose.yaml deleted file mode 100644 index 855e1cf..0000000 --- a/host/komodo/modules/komodo/compose.yaml +++ /dev/null @@ -1,102 +0,0 @@ -################################ -# 🦎 KOMODO COMPOSE - MONGO 🦎 # -################################ - -## This compose file will deploy: -## 1. MongoDB -## 2. Komodo Core -## 3. Komodo Periphery -name: komodo -services: - mongo: - image: mongo - labels: - komodo.skip: # Prevent Komodo from stopping with StopAllContainers - command: --quiet --wiredTigerCacheSizeGB 0.25 - restart: unless-stopped - logging: - driver: ${COMPOSE_LOGGING_DRIVER:-local} - networks: - - default - # ports: - # - 27017:27017 - volumes: - - mongo-data:/data/db - - mongo-config:/data/configdb - environment: - MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME} - MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD} - - core: - image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest} - labels: - komodo.skip: # Prevent Komodo from stopping with StopAllContainers - restart: unless-stopped - depends_on: - - mongo - logging: - driver: ${COMPOSE_LOGGING_DRIVER:-local} - networks: - - default - ports: - - 9120:9120 - env_file: ./komodo.env - environment: - KOMODO_DATABASE_ADDRESS: mongo:27017 - KOMODO_DATABASE_USERNAME: ${DB_USERNAME} - KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD} - volumes: - ## Core cache for repos for latest commit hash / contents - - repo-cache:/repo-cache - ## Store sync files on server - # - /path/to/syncs:/syncs - ## Optionally mount a custom core.config.toml - # - /path/to/core.config.toml:/config/config.toml - ## Allows for systemd Periphery connection at - ## "http://host.docker.internal:8120" - # extra_hosts: - # - host.docker.internal:host-gateway - - ## Deploy Periphery container using this block, - ## or deploy the Periphery binary with systemd using - ## https://github.com/mbecker20/komodo/tree/main/scripts - periphery: - image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest} - labels: - komodo.skip: # Prevent Komodo from stopping with StopAllContainers - restart: unless-stopped - logging: - driver: ${COMPOSE_LOGGING_DRIVER:-local} - networks: - - default - env_file: ./komodo.env - volumes: - ## Mount external docker socket - - /var/run/docker.sock:/var/run/docker.sock - ## Allow Periphery to see processes outside of container - - /proc:/proc - ## use self signed certs in docker volume, - ## or mount your own signed certs. - - ssl-certs:/etc/komodo/ssl - ## manage repos in a docker volume, - ## or change it to an accessible host directory. - - repos:/etc/komodo/repos - ## manage stack files in a docker volume, - ## or change it to an accessible host directory. - - stacks:/etc/komodo/stacks - ## Optionally mount a path to store compose files - # - /path/to/compose:/host/compose - -volumes: - # Mongo - mongo-data: - mongo-config: - # Core - repo-cache: - # Periphery - ssl-certs: - repos: - stacks: - -networks: - default: {} diff --git a/host/komodo/modules/komodo/default.nix b/host/komodo/modules/komodo/default.nix deleted file mode 100644 index 5aa16ee..0000000 --- a/host/komodo/modules/komodo/default.nix +++ /dev/null @@ -1,332 +0,0 @@ -# Auto-generated using compose2nix v0.3.1. -{ - pkgs, - lib, - admin, - ... -}: - -{ - # Runtime - virtualisation.docker = { - enable = true; - autoPrune.enable = true; - }; - virtualisation.oci-containers.backend = "docker"; - - # Containers - virtualisation.oci-containers.containers."komodo-core" = { - image = "ghcr.io/mbecker20/komodo:latest"; - environment = { - "COMPOSE_KOMODO_IMAGE_TAG" = "latest"; - "DB_PASSWORD" = "[REDACTED]"; - "DB_USERNAME" = "admin"; - "KOMODO_DATABASE_ADDRESS" = "mongo:27017"; - "KOMODO_DATABASE_PASSWORD" = "[REDACTED]"; - "KOMODO_DATABASE_USERNAME" = "admin"; - "KOMODO_DISABLE_CONFIRM_DIALOG" = "true"; - "KOMODO_DISABLE_NON_ADMIN_CREATE" = "false"; - "KOMODO_DISABLE_USER_REGISTRATION" = "false"; - "KOMODO_ENABLE_NEW_USERS" = "false"; - "KOMODO_FIRST_SERVER" = "https://periphery:8120"; - "KOMODO_GITHUB_OAUTH_ENABLED" = "false"; - "KOMODO_GOOGLE_OAUTH_ENABLED" = "false"; - "KOMODO_JWT_SECRET" = "x5jVLA6ClfJKaOVymKtLUbFJbWnA2mGS5AbKL5FoJmB9fdZ30BzMAzXXcfLbFdxT"; - "KOMODO_JWT_TTL" = "1-day"; - "KOMODO_LOCAL_AUTH" = "true"; - "KOMODO_MONITORING_INTERVAL" = "15-sec"; - "KOMODO_PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA"; - "KOMODO_RESOURCE_POLL_INTERVAL" = "5-min"; - "KOMODO_TITLE" = "Komodo"; - "KOMODO_TRANSPARENT_MODE" = "false"; - "KOMODO_WEBHOOK_SECRET" = "ZUjiO97F9z3gliI8nIfmxzhbtP1TZ9FJUGr870sGxIhtxXMshRwHfhELScXMnQxK"; - "PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA"; - "PERIPHERY_INCLUDE_DISK_MOUNTS" = "/etc/hostname"; - "PERIPHERY_PASSKEYS" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA"; - "PERIPHERY_SSL_ENABLED" = "true"; - "KOMODO_OIDC_ENABLED" = "true"; - "KOMODO_OIDC_PROVIDER" = "https://auth.ryot.foo/application/o/komodo-slug/"; - "KOMODO_OIDC_CLIENT_ID" = "pxwhNNc31cpTRvMlVU6ZPhWl9wQJMGnbq9fTbCN2"; - "KOMODO_OIDC_CLIENT_SECRET" = - "l8lFe5P8YN9FSji0zPVL8byqb5tKx8AcN2acQri0nFhDwf2jRtqNL8ICqjKmpJyMMJnitaUVTgOO442pWbsi6cMkqEXAf8Cx7sEomhThXiZfj7SShkrKGbQrCva4khP2"; - "KOMODO_OIDC_USE_FULL_EMAIL" = "false"; - }; - environmentFiles = [ - "/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env" - ]; - volumes = [ - "/mnt/DockerStorage/komodo/cache:/repo-cache:rw" - ]; - ports = [ - "9120:9120/tcp" - ]; - labels = { - "komodo.skip" = ""; - }; - dependsOn = [ - "komodo-mongo" - ]; - log-driver = "local"; - extraOptions = [ - "--network-alias=core" - "--network=komodo_default" - ]; - }; - - systemd.services."docker-komodo-core" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-komodo_default.service" - # "docker-volume-komodo_repo-cache.service" - ]; - requires = [ - "docker-network-komodo_default.service" - # "docker-volume-komodo_repo-cache.service" - ]; - partOf = [ - "docker-compose-komodo-root.target" - ]; - wantedBy = [ - "docker-compose-komodo-root.target" - ]; - }; - - virtualisation.oci-containers.containers."komodo-mongo" = { - image = "mongo"; - environment = { - "MONGO_INITDB_ROOT_PASSWORD" = "[REDACTED]"; - "MONGO_INITDB_ROOT_USERNAME" = "admin"; - }; - environmentFiles = [ - "/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env" - ]; - volumes = [ - "/mnt/DockerStorage/komodo/mongo/config:/data/configdb:rw" - "/mnt/DockerStorage/komodo/mongo/data:/data/db:rw" - ]; - cmd = [ - "--quiet" - "--wiredTigerCacheSizeGB" - "0.25" - ]; - labels = { - "komodo.skip" = ""; - }; - log-driver = "local"; - extraOptions = [ - "--network-alias=mongo" - "--network=komodo_default" - ]; - }; - - systemd.services."docker-komodo-mongo" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-komodo_default.service" - # "docker-volume-komodo_mongo-config.service" - # "docker-volume-komodo_mongo-data.service" - ]; - requires = [ - "docker-network-komodo_default.service" - # "docker-volume-komodo_mongo-config.service" - # "docker-volume-komodo_mongo-data.service" - ]; - partOf = [ - "docker-compose-komodo-root.target" - ]; - wantedBy = [ - "docker-compose-komodo-root.target" - ]; - }; - - virtualisation.oci-containers.containers."komodo-periphery" = { - image = "ghcr.io/mbecker20/periphery:latest"; - environment = { - "COMPOSE_KOMODO_IMAGE_TAG" = "latest"; - "DB_PASSWORD" = "[REDACTED]"; - "DB_USERNAME" = "admin"; - "KOMODO_DISABLE_CONFIRM_DIALOG" = "true"; - "KOMODO_DISABLE_NON_ADMIN_CREATE" = "false"; - "KOMODO_DISABLE_USER_REGISTRATION" = "false"; - "KOMODO_ENABLE_NEW_USERS" = "false"; - "KOMODO_FIRST_SERVER" = "https://periphery:8120"; - "KOMODO_GITHUB_OAUTH_ENABLED" = "false"; - "KOMODO_GOOGLE_OAUTH_ENABLED" = "false"; - "KOMODO_JWT_SECRET" = "x5jVLA6ClfJKaOVymKtLUbFJbWnA2mGS5AbKL5FoJmB9fdZ30BzMAzXXcfLbFdxT"; - "KOMODO_JWT_TTL" = "1-day"; - "KOMODO_LOCAL_AUTH" = "true"; - "KOMODO_MONITORING_INTERVAL" = "15-sec"; - "KOMODO_PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA"; - "KOMODO_RESOURCE_POLL_INTERVAL" = "5-min"; - "KOMODO_TITLE" = "Komodo"; - "KOMODO_TRANSPARENT_MODE" = "false"; - "KOMODO_WEBHOOK_SECRET" = "ZUjiO97F9z3gliI8nIfmxzhbtP1TZ9FJUGr870sGxIhtxXMshRwHfhELScXMnQxK"; - "PASSKEY" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA"; - "PERIPHERY_INCLUDE_DISK_MOUNTS" = "/etc/hostname"; - "PERIPHERY_PASSKEYS" = "tvjs5utkaW0Xvpru7qjEKJF3w6RdkBUm98StyOGKJFy5kdpQ3ZRzJbSyJmpMYIhA"; - "PERIPHERY_SSL_ENABLED" = "true"; - # FIXES relative paths for komodo - "PERIPHERY_STACK_DIR" = "/mnt/DockerStorage/komodo/stacks"; - "KOMODO_OIDC_ENABLED" = "true"; - "KOMODO_OIDC_PROVIDER" = "https://auth.ryot.foo/application/o/komodo-slug/"; - "KOMODO_OIDC_CLIENT_ID" = "pxwhNNc31cpTRvMlVU6ZPhWl9wQJMGnbq9fTbCN2"; - "KOMODO_OIDC_CLIENT_SECRET" = - "l8lFe5P8YN9FSji0zPVL8byqb5tKx8AcN2acQri0nFhDwf2jRtqNL8ICqjKmpJyMMJnitaUVTgOO442pWbsi6cMkqEXAf8Cx7sEomhThXiZfj7SShkrKGbQrCva4khP2"; - "KOMODO_OIDC_USE_FULL_EMAIL" = "false"; - }; - environmentFiles = [ - "/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env" - ]; - volumes = [ - "/proc:/proc:rw" - "/var/run/docker.sock:/var/run/docker.sock:rw" - "/mnt/DockerStorage/komodo/repos:/etc/komodo/repos:rw" - "/mnt/DockerStorage/komodo/ssl:/etc/komodo/ssl:rw" - "/mnt/DockerStorage/komodo/stacks:/mnt/DockerStorage/komodo/stacks:rw" - ]; - labels = { - "komodo.skip" = ""; - }; - log-driver = "local"; - extraOptions = [ - "--network-alias=periphery" - "--network=komodo_default" - ]; - }; - - systemd.services."docker-komodo-periphery" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - after = [ - "docker-network-komodo_default.service" - # "docker-volume-komodo_repos.service" - # "docker-volume-komodo_ssl-certs.service" - # "docker-volume-komodo_stacks.service" - ]; - requires = [ - "docker-network-komodo_default.service" - # "docker-volume-komodo_repos.service" - # "docker-volume-komodo_ssl-certs.service" - # "docker-volume-komodo_stacks.service" - ]; - partOf = [ - "docker-compose-komodo-root.target" - ]; - wantedBy = [ - "docker-compose-komodo-root.target" - ]; - }; - - # Networks - systemd.services."docker-network-komodo_default" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "docker network rm -f komodo_default"; - }; - script = '' - docker network inspect komodo_default || docker network create komodo_default - ''; - partOf = [ "docker-compose-komodo-root.target" ]; - wantedBy = [ "docker-compose-komodo-root.target" ]; - }; - - # # Volumes - # systemd.services."docker-volume-komodo_mongo-config" = { - # path = [ pkgs.docker ]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - # script = '' - # docker volume inspect komodo_mongo-config || docker volume create komodo_mongo-config - # ''; - # partOf = [ "docker-compose-komodo-root.target" ]; - # wantedBy = [ "docker-compose-komodo-root.target" ]; - # }; - # systemd.services."docker-volume-komodo_mongo-data" = { - # path = [ pkgs.docker ]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - # script = '' - # docker volume inspect komodo_mongo-data || docker volume create komodo_mongo-data - # ''; - # partOf = [ "docker-compose-komodo-root.target" ]; - # wantedBy = [ "docker-compose-komodo-root.target" ]; - # }; - # systemd.services."docker-volume-komodo_repo-cache" = { - # path = [ pkgs.docker ]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - # script = '' - # docker volume inspect komodo_repo-cache || docker volume create komodo_repo-cache - # ''; - # partOf = [ "docker-compose-komodo-root.target" ]; - # wantedBy = [ "docker-compose-komodo-root.target" ]; - # }; - # systemd.services."docker-volume-komodo_repos" = { - # path = [ pkgs.docker ]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - # script = '' - # docker volume inspect komodo_repos || docker volume create komodo_repos - # ''; - # partOf = [ "docker-compose-komodo-root.target" ]; - # wantedBy = [ "docker-compose-komodo-root.target" ]; - # }; - # systemd.services."docker-volume-komodo_ssl-certs" = { - # path = [ pkgs.docker ]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - # script = '' - # docker volume inspect komodo_ssl-certs || docker volume create komodo_ssl-certs - # ''; - # partOf = [ "docker-compose-komodo-root.target" ]; - # wantedBy = [ "docker-compose-komodo-root.target" ]; - # }; - # systemd.services."docker-volume-komodo_stacks" = { - # path = [ pkgs.docker ]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - # script = '' - # docker volume inspect komodo_stacks || docker volume create komodo_stacks - # ''; - # partOf = [ "docker-compose-komodo-root.target" ]; - # wantedBy = [ "docker-compose-komodo-root.target" ]; - # }; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - systemd.targets."docker-compose-komodo-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; -} diff --git a/host/nix/default.nix b/host/nix/default.nix deleted file mode 100644 index 140af5d..0000000 --- a/host/nix/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - modulesPath, - config, - pkgs, - hostName, - ... -}: -{ - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/lxc - ../../common/ssh - ../../common/vscode-server - - # Import hardware configuration. - ./hardware.nix - ]; - - ## NETWORKING ## - networking.firewall = { - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; - - ## ENVIORMENT & PACKAGES ## - environment.systemPackages = with pkgs; [ - git - micro - openbox - openssh - ranger - sshfs - wget - x2goserver - ]; - - programs.java = { - enable = true; - package = pkgs.jdk; - }; - - environment.variables = { - HOSTNAME = hostName; - }; -} diff --git a/host/nix/hardware.nix b/host/nix/hardware.nix deleted file mode 100644 index 4599d76..0000000 --- a/host/nix/hardware.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - admin, - ... -}: -{ - programs.fuse.userAllowOther = true; - - fileSystems = { - "/pool" = { - device = "${admin}@104.40.4.24:/pool"; - fsType = "sshfs"; - options = [ - "defaults" - "reconnect" - "_netdev" - "allow_other" - "identityfile=/home/${admin}/.ssh/pve" - ]; - }; - - "/home/${admin}/git" = { - fsType = "none"; - device = "/pool/git"; - options = [ - "bind" - "nofail" - ]; - }; - }; -} diff --git a/host/nix/home/default.nix b/host/nix/home/default.nix deleted file mode 100644 index cd48ad9..0000000 --- a/host/nix/home/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - ../../../common/git - ]; - - home.packages = with pkgs; [ - chafa - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - grc - nodejs_22 - pnpm - prettierd - ]; -} \ No newline at end of file diff --git a/host/proxy/default.nix b/host/proxy/default.nix deleted file mode 100644 index 77971d9..0000000 --- a/host/proxy/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - modulesPath, - config, - pkgs, - hostName, - ... -}: -{ - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/acme - ../../common/lxc - ../../common/ssh - - # Import hardware configuration. - ./hardware.nix - - # Local Modules - - # caddy - ./modules/caddy - ./modules/cloudflared - ]; - - ## NETWORKING ## - networking.firewall = { - allowedTCPPorts = [ - 22 - 80 - 443 - 14333 - ]; - allowedUDPPorts = [ 53 ]; - interfaces.podman1 = { - # so that containers find eachother's names - allowedUDPPorts = [ 53 ]; - }; - }; - - ## ENVIORMENT & PACKAGES ## - environment.systemPackages = with pkgs; [ - git - micro - openssh - ranger - sshfs - ]; - - environment.etc = { - "cloudflared/.keep" = { - text = "This directory is used to store cloudflared configuration files."; - }; - }; - - environment.variables = { - HOSTNAME = hostName; - }; - - ## PROGRAMS & SERVICES ## - # Enable podman - virtualisation.podman.enable = true; - virtualisation.oci-containers.backend = "podman"; -} diff --git a/host/proxy/hardware.nix b/host/proxy/hardware.nix deleted file mode 100644 index 4599d76..0000000 --- a/host/proxy/hardware.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - admin, - ... -}: -{ - programs.fuse.userAllowOther = true; - - fileSystems = { - "/pool" = { - device = "${admin}@104.40.4.24:/pool"; - fsType = "sshfs"; - options = [ - "defaults" - "reconnect" - "_netdev" - "allow_other" - "identityfile=/home/${admin}/.ssh/pve" - ]; - }; - - "/home/${admin}/git" = { - fsType = "none"; - device = "/pool/git"; - options = [ - "bind" - "nofail" - ]; - }; - }; -} diff --git a/host/proxy/home/default.nix b/host/proxy/home/default.nix deleted file mode 100644 index 492f4d1..0000000 --- a/host/proxy/home/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - ]; - - home.packages = with pkgs; [ - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - grc - ]; -} \ No newline at end of file diff --git a/host/proxy/modules/caddy/default.nix b/host/proxy/modules/caddy/default.nix deleted file mode 100644 index 85fe253..0000000 --- a/host/proxy/modules/caddy/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - services.caddy = { - enable = true; - virtualHosts = { - "cloudflared.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy localhost:14333 - ''; - }; - }; - }; -} diff --git a/host/proxy/modules/cloudflared/default.nix b/host/proxy/modules/cloudflared/default.nix deleted file mode 100644 index 75452fa..0000000 --- a/host/proxy/modules/cloudflared/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, ... }: -{ - config.virtualisation.oci-containers.containers.cloudflared = { - image = "docker.io/wisdomsky/cloudflared-web:latest"; - autoStart = true; - extraOptions = [ - "--network=host" - "--pull=newer" - ]; - hostname = "cloudflared"; - volumes = [ - "/etc/cloudflared:/config" - ]; - }; -} \ No newline at end of file diff --git a/host/rune/default.nix b/host/rune/default.nix deleted file mode 100644 index 3cd4856..0000000 --- a/host/rune/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - modulesPath, - config, - pkgs, - hostName, - ... -}: -{ - ## MODULES & IMPORTS ## - imports = [ - # Common Modules - ../../common/ssh - - # Import hardware configuration. - ./hardware.nix - - # Modules - ./modules/fish - ./modules/gnome - ./modules/minecraft - ./modules/steam - ./modules/vm - ]; - - # services.openssh.settings = { - # StrictModes = false; - # }; - - ## NETWORKING ## - networking.networkmanager.enable = true; - - ## ENVIORMENT & PACKAGES ## - environment.systemPackages = with pkgs; [ - asdf-vm - ddcutil - git - glfw3-minecraft - libglvnd - micro - nixfmt-rfc-style - openssh - ranger - sshfs - wezterm - wget - ]; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - programs.nix-ld.enable = true; - - environment.variables = { - HOSTNAME = hostName; - GTK_THEME = "Gruvbox-Dark"; - }; -} diff --git a/host/rune/home/default.nix b/host/rune/home/default.nix deleted file mode 100644 index 2f6b9d8..0000000 --- a/host/rune/home/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - pkgs, - zen, - config, - ... -}: -{ - # Module imports - imports = [ - # Common Modules - ../../../common/home - ../../../common/git - ../../../common/vscode - - # Modules - ../modules/fleet/home.nix - ../modules/gnome/home.nix - ../modules/vm/home.nix - ]; - - # ssh - programs.ssh = { - enable = true; - matchBlocks = { - "git.ryot.foo" = { - identityFile = "~/git/.ssh/git"; - }; - }; - extraConfig = '' - IdentityFile ~/.ssh/pve - ''; - }; - - # Enables app shorcuts - targets.genericLinux.enable = true; - xdg.mime.enable = true; - xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ]; - - home.packages = with pkgs; [ - bitwarden-desktop - chafa - fastfetch - fish - fishPlugins.grc - fishPlugins.tide - gpu-screen-recorder-gtk - grc - jetbrains-toolbox - inspector - logisim-evolution - mcaselector - monocraft - nerd-fonts.fira-code - nodejs_22 - pnpm - prettierd - prismlauncher - spotify - telegram-desktop - termius - vesktop - vivaldi - zen - ]; -} diff --git a/host/rune/modules/fish/default.nix b/host/rune/modules/fish/default.nix deleted file mode 100644 index b2d4758..0000000 --- a/host/rune/modules/fish/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - programs.fish = { - shellInit = '' - source "${pkgs.asdf-vm}/share/asdf-vm/asdf.fish" - ''; - }; -} diff --git a/host/rune/modules/fleet/home.nix b/host/rune/modules/fleet/home.nix deleted file mode 100644 index d900115..0000000 --- a/host/rune/modules/fleet/home.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - pkgs, - ... -}: -{ - xdg.desktopEntries = { - fleet = { - name = "Fleet"; - comment = "Jetbrains Fleet"; - exec = "fleet %u"; - icon = "${config.home.homeDirectory}/.local/share/JetBrains/Toolbox/apps/fleet/lib/Fleet.png"; - type = "Application"; - terminal = false; - mimeType = [ - "text/plain" - "inode/directory" - "x-scheme-handler/fleet" - ]; - categories = [ - "Development" - "IDE" - ]; - }; - }; -} \ No newline at end of file diff --git a/host/rune/modules/minecraft/default.nix b/host/rune/modules/minecraft/default.nix deleted file mode 100644 index f24fee3..0000000 --- a/host/rune/modules/minecraft/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - pkgs, - lib, - ... -}: -let - runtimeLibs = with pkgs; [ - ## native versions - glfw3-minecraft - openal - - ## openal - alsa-lib - libjack2 - libpulseaudio - pipewire - - ## glfw - libGL - xorg.libX11 - xorg.libXcursor - xorg.libXext - xorg.libXi - xorg.libXrandr - xorg.libXrender - xorg.libXtst - xorg.libXxf86vm - - udev # oshi - - vulkan-loader # VulkanMod's lwjgl - - freetype - fontconfig - flite - ]; -in -{ - - programs.nix-ld.libraries = runtimeLibs; - - environment.variables = { - LD_LIBRARY_PATH = lib.makeLibraryPath runtimeLibs; - }; -} diff --git a/host/rune/modules/steam/default.nix b/host/rune/modules/steam/default.nix deleted file mode 100644 index 1381b74..0000000 --- a/host/rune/modules/steam/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - programs.steam = { - enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; -} diff --git a/host/rune/modules/vm/default.nix b/host/rune/modules/vm/default.nix deleted file mode 100644 index 21d9446..0000000 --- a/host/rune/modules/vm/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - pkgs, - admin, - ... -}: -{ - - # Enable dconf (System Management Tool) - programs.dconf.enable = true; - - # Add user to libvirtd group - users.users.${admin}.extraGroups = [ "libvirtd" ]; - - # Install necessary packages - environment.systemPackages = with pkgs; [ - OVMFFull - qemu - qemu_kvm - spice - spice-gtk - spice-protocol - virtiofsd - win-spice - win-virtio - ]; - - networking.firewall = { - allowedTCPPortRanges = [ - # spice - { - from = 5900; - to = 5999; - } - ]; - allowedTCPPorts = [ - # libvirt - 16509 - ]; - }; - - programs.virt-manager.enable = true; - virtualisation = { - libvirtd = { - enable = true; - qemu = { - package = pkgs.qemu_kvm; - runAsRoot = false; - swtpm.enable = true; - ovmf = { - enable = true; - packages = with pkgs; [( OVMFFull.override { - secureBoot = true; - tpmSupport = true; - httpSupport = true; - }).fd]; - }; - # ovmf.enable = true; - # ovmf.packages = with pkgs; [ OVMFFull.fd ]; - vhostUserPackages = with pkgs; [ virtiofsd ]; - }; - }; - spiceUSBRedirection.enable = true; - }; - services.spice-vdagentd.enable = true; -} diff --git a/host/rune/modules/vm/home.nix b/host/rune/modules/vm/home.nix deleted file mode 100644 index 5f66ff4..0000000 --- a/host/rune/modules/vm/home.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - pkgs, - ... -}: -{ - dconf.settings = { - "org/virt-manager/virt-manager/connections" = { - autoconnect = [ - "qemu:///session" - "qemu:///system" - ]; - uris = [ - "qemu:///session" - "qemu:///system" - ]; - }; - }; - - xdg.desktopEntries = { - win11 = { - name = "Windows 11"; - comment = "Windows 11 VM"; - exec = "virt-manager --connect qemu:///system --show-domain-console win11-sys"; - icon = "windows95"; - type = "Application"; - terminal = false; - categories = [ - "System" - "Application" - ]; - }; - }; -} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix new file mode 100644 index 0000000..d7af836 --- /dev/null +++ b/hosts/common/core/default.nix @@ -0,0 +1,134 @@ +# IMPORTANT: This is used by NixOS and nix-darwin so options must exist in both! +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +let + hostSpec = config.hostSpec; +in +{ + imports = lib.flatten [ + inputs.home-manager.nixosModules.home-manager + + (map lib.custom.relativeToRoot [ + "modules/common" + "hosts/common/core/ssh.nix" + "hosts/users" + ]) + ]; + + ## NETWORKING ## + networking = { + dhcpcd.enable = false; + hostName = hostSpec.hostName; + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + useHostResolvConf = false; + usePredictableInterfaceNames = true; + }; + + # System-wide packages, in case we log in as root + environment.systemPackages = with pkgs; [ + openssh + ranger + sshfs + ]; + + # Force home-manager to use global packages + home-manager.useGlobalPkgs = true; + # If there is a conflict file that is backed up, use this extension + home-manager.backupFileExtension = "bk"; + # home-manager.useUserPackages = true; + + ## Overlays ## + nixpkgs = { + overlays = [ + outputs.overlays.default + ]; + config = { + allowUnfree = true; + }; + }; + + ## Localization ## + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + time.timeZone = lib.mkDefault "America/New_York"; + networking.timeServers = [ "pool.ntp.org" ]; + + ## Nix Helper ## + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 20d --keep 20"; + flake = "/home/${hostSpec.username}/git/dot.nix/"; + }; + + ## SUDO and Terminal ## + # Database for aiding terminal-based programs + environment.enableAllTerminfo = true; + # Enable firmware with a license allowing redistribution + hardware.enableRedistributableFirmware = true; + + security.sudo = { + extraRules = [ + { + users = [ hostSpec.username ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + extraConfig = '' + Defaults lecture = never # rollback results in sudo lectures after each reboot, it's somewhat useless anyway + Defaults pwfeedback # password input feedback - makes typed password visible as asterisks + Defaults timestamp_timeout=120 # only ask for password every 2h + # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. + Defaults env_keep+=SSH_AUTH_SOCK + ''; + }; + + ## Primary shell enablement ## + programs.fish.enable = true; + environment.shells = with pkgs; [ + bash + fish + ]; + + ## NIX NIX NIX ## + nix = { + # This will add each flake input as a registry + # To make nix3 commands consistent with your flake + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + + # This will add your inputs to the system's legacy channels + # Making legacy nix commands consistent as well, awesome! + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + settings = { + # See https://jackson.dev/post/nix-reasonable-defaults/ + connect-timeout = 5; + log-lines = 25; + min-free = 128000000; # 128MB + max-free = 1000000000; # 1GB + + trusted-users = [ "@wheel" ]; + # Deduplicate and optimize nix store + auto-optimise-store = true; + warn-dirty = false; + + allow-import-from-derivation = true; + + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; +} diff --git a/hosts/common/core/ssh.nix b/hosts/common/core/ssh.nix new file mode 100644 index 0000000..fb2d9b1 --- /dev/null +++ b/hosts/common/core/ssh.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: +{ + programs.ssh.startAgent = true; + + services.openssh = { + enable = true; + ports = [ 22 ]; + + settings = { + AllowUsers = null; # everyone + # Harden + PasswordAuthentication = false; + PermitRootLogin = "no"; + KbdInteractiveAuthentication = false; + # Automatically remove stale sockets + StreamLocalBindUnlink = "yes"; + # Allow forwarding ports to everywhere + GatewayPorts = "clientspecified"; + }; + }; + + networking.[REDACTED] 22 ]; +} diff --git a/common/acme/cloudflare.ini.example b/hosts/common/optional/acme/cloudflare.ini.example similarity index 100% rename from common/acme/cloudflare.ini.example rename to hosts/common/optional/acme/cloudflare.ini.example diff --git a/common/acme/default.nix b/hosts/common/optional/acme/default.nix similarity index 100% rename from common/acme/default.nix rename to hosts/common/optional/acme/default.nix diff --git a/hosts/common/optional/audio.nix b/hosts/common/optional/audio.nix new file mode 100644 index 0000000..2d0ae5d --- /dev/null +++ b/hosts/common/optional/audio.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: +{ + # sound.enable = true; #deprecated in 24.11 TODO remove this line when 24.11 release + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + playerctl # cli utility and lib for controlling media players + # pamixer # cli pulseaudio sound mixer + ; + }; +} diff --git a/hosts/common/optional/gaming.nix b/hosts/common/optional/gaming.nix new file mode 100644 index 0000000..8bd8354 --- /dev/null +++ b/hosts/common/optional/gaming.nix @@ -0,0 +1,66 @@ +{ pkgs, ... }: +{ + hardware.xone.enable = true; # xbox controller + + programs = { + steam = { + enable = true; + protontricks = { + enable = true; + package = pkgs.protontricks; + }; + package = pkgs.steam.override { + extraPkgs = + pkgs: + (builtins.attrValues { + inherit (pkgs.xorg) + libXcursor + libXi + libXinerama + libXScrnSaver + ; + + inherit (pkgs.stdenv.cc.cc) + lib + ; + + inherit (pkgs) + libpng + libpulseaudio + libvorbis + libkrb5 + keyutils + gperftools + ; + }); + }; + extraCompatPackages = [ pkgs.unstable.proton-ge-bin ]; + }; + #gamescope launch args set dynamically in home//common/optional/gaming + gamescope = { + enable = true; + capSysNice = true; + }; + # to run steam games in game mode, add the following to the game's properties from within steam + # gamemoderun %command% + gamemode = { + enable = true; + settings = { + #see gamemode man page for settings info + general = { + softrealtime = "on"; + inhibit_screensaver = 1; + }; + gpu = { + apply_gpu_optimisations = "accept-responsibility"; + gpu_device = 1; # The DRM device number on the system (usually 0), ie. the number in /sys/class/drm/card0/ + amd_performance_level = "high"; + }; + custom = { + start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; + end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; + }; + }; + }; + }; +} diff --git a/host/rune/modules/gnome/default.nix b/hosts/common/optional/gnome.nix similarity index 97% rename from host/rune/modules/gnome/default.nix rename to hosts/common/optional/gnome.nix index dba5b13..0a49de0 100644 --- a/host/rune/modules/gnome/default.nix +++ b/hosts/common/optional/gnome.nix @@ -33,7 +33,7 @@ with pkgs; [ atomix # puzzle game - epiphany # web browser + # epiphany # web browser evince # document viewer gedit # text editor gnome-maps diff --git a/hosts/common/optional/libvirt.nix b/hosts/common/optional/libvirt.nix new file mode 100644 index 0000000..80936b5 --- /dev/null +++ b/hosts/common/optional/libvirt.nix @@ -0,0 +1,101 @@ +{ + inputs, + lib, + pkgs, + config, + ... +}: +let + virtLib = inputs.nixvirt.lib; +in +{ + imports = [ + inputs.nixvirt.nixosModules.default + ]; + boot.kernelModules = [ "vfio-pci" ]; + + virtualisation.libvirtd = { + enable = true; + qemu = { + package = pkgs.stable.qemu_kvm; + runAsRoot = true; + # HW TPM Emulation (need to check what systems I have already have hw TPM that could be used) + swtpm.enable = true; + ovmf = { + enable = true; + packages = with pkgs.stable; [ + (OVMFFull.override { + secureBoot = true; + tpmSupport = true; + httpSupport = true; + }).fd + ]; + }; + }; + }; + + virtualisation.libvirt = { + enable = true; + connections."qemu:///system" = { + networks = [ + { + active = true; + definition = virtLib.network.writeXML { + uuid = "8e91d351-e902-4fce-99b6-e5ea88ac9b80"; + name = "vm-lan"; + forward = { + mode = "nat"; + nat = { + nat = { + port = { + start = 1024; + end = 65535; + }; + }; + ipv6 = false; + }; + }; + bridge = { + name = "virbr0"; + stp = true; + delay = 0; + }; + ipv6 = false; + ip = { + address = "192.168.122.1"; + netmask = "255.255.255.0"; + dhcp = { + range = { + start = "192.168.122.100"; + end = "192.168.122.254"; + }; + }; + hosts = [ + # Add any static host entries here if needed + ]; + }; + }; + } + ]; + }; + }; + + # Need to add [File (in the menu bar) -> Add connection] when start for the first time + programs.virt-manager.enable = true; + + environment.systemPackages = with pkgs.stable; [ + OVMFFull + qemu + qemu_kvm + spice + spice-gtk + spice-protocol + virtiofsd + win-spice + win-virtio + ]; + + users.users.${config.hostSpec.username} = { + extraGroups = [ "libvirtd" ]; + }; +} diff --git a/common/lxc/default.nix b/hosts/common/optional/lxc.nix similarity index 100% rename from common/lxc/default.nix rename to hosts/common/optional/lxc.nix diff --git a/hosts/common/optional/minimal-user.nix b/hosts/common/optional/minimal-user.nix new file mode 100644 index 0000000..ce963e9 --- /dev/null +++ b/hosts/common/optional/minimal-user.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + # Set a temp password for use by minimal builds like installer and iso + users.users.${config.hostSpec.username} = { + isNormalUser = true; + password = config.hostSpec.password; + extraGroups = [ + "wheel" + "ryot" + ]; + }; +} diff --git a/hosts/common/optional/msmtp.nix b/hosts/common/optional/msmtp.nix new file mode 100644 index 0000000..60e2405 --- /dev/null +++ b/hosts/common/optional/msmtp.nix @@ -0,0 +1,22 @@ +{ inputs, config, ... }: + +{ + programs.msmtp = { + enable = true; + setSendmail = true; # set the system sendmail to msmtp's + + accounts = { + "default" = { + host = "${config.hostSpec.email.msmtp-host}"; + port = 587; + auth = true; + tls = true; + tls_starttls = true; + from = "${config.hostSpec.email.notifier}"; + user = "${config.hostSpec.email.notifier}"; + passwordeval = "cat ${config.sops.secrets."passwords/msmtp".path}"; + logfile = "~/.msmtp.log"; + }; + }; + }; +} diff --git a/hosts/common/optional/nvtop.nix b/hosts/common/optional/nvtop.nix new file mode 100644 index 0000000..4bcc235 --- /dev/null +++ b/hosts/common/optional/nvtop.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + environment.systemPackages = builtins.attrValues { + inherit (pkgs.nvtopPackages) + amd + intel + ; + }; +} diff --git a/hosts/common/optional/plymouth.nix b/hosts/common/optional/plymouth.nix new file mode 100644 index 0000000..1f79f7d --- /dev/null +++ b/hosts/common/optional/plymouth.nix @@ -0,0 +1,17 @@ +{ lib, pkgs, ... }: +{ + environment.systemPackages = [ pkgs.adi1090x-plymouth-themes ]; + boot = { + kernelParams = [ + "quiet" # shut up kernel output prior to prompts + ]; + plymouth = { + enable = true; + theme = lib.mkForce "hexagon_hud"; + themePackages = [ + (pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "motion" ]; }) + ]; + }; + consoleLogLevel = 0; + }; +} diff --git a/hosts/nixos/rune/default.nix b/hosts/nixos/rune/default.nix new file mode 100644 index 0000000..0e5e7d1 --- /dev/null +++ b/hosts/nixos/rune/default.nix @@ -0,0 +1,134 @@ +############################################################### +# +# Rune - Main Desktop +# NixOS running on Ryzen 9 7900X3D , Radeon RX 6950 XT, 32GB RAM +# +############################################################### + +{ + inputs, + lib, + config, + pkgs, + ... +}: +let + username = "toph"; + runtimeLibs = with pkgs.stable; [ + ## native versions + glfw3-minecraft + openal + + ## openal + alsa-lib + libjack2 + libpulseaudio + pipewire + + ## glfw + libGL + xorg.libX11 + xorg.libXcursor + xorg.libXext + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libXxf86vm + + udev # oshi + + vulkan-loader # VulkanMod's lwjgl + + freetype + fontconfig + flite + ]; +in +{ + imports = lib.flatten [ + + ## Hardware ## + ./hardware.nix + inputs.hardware.nixosModules.common-cpu-amd + inputs.hardware.nixosModules.common-gpu-amd + inputs.hardware.nixosModules.common-pc-ssd + + (map lib.custom.relativeToRoot [ + ## Required Configs ## + "hosts/common/core" + + ## Optional Configs ## + "hosts/common/optional/audio.nix" # pipewire and cli controls + "hosts/common/optional/gaming.nix" # steam, gamescope, gamemode, and related hardware + "hosts/common/optional/gnome.nix" # desktop + "hosts/common/optional/libvirt.nix" # vm tools + "hosts/common/optional/nvtop.nix" # GPU monitor (not available in home-manager) + "hosts/common/optional/plymouth.nix" # fancy boot screen + + ## Misc Inputs ## + + ## Rune Specific ## + "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ + ]) + + ]; + + ## Host Specifications ## + hostSpec = { + hostName = "rune"; + username = username; + handle = "tophC7"; + password = "[REDACTED]"; + [REDACTED]; + email = "[REDACTED]"; + userFullName = "[REDACTED]"; + isARM = false; + }; + + networking = { + enableIPv6 = false; + }; + + ## Boot ## + boot = { + loader = { + systemd-boot = { + enable = true; + # When using plymouth, initrd can expand by a lot each time, so limit how many we keep around + configurationLimit = lib.mkDefault 10; + }; + efi.canTouchEfiVariables = true; + timeout = 3; + }; + + initrd = { + systemd.enable = true; + verbose = false; + }; + }; + + ## System-wide packages ## + environment.systemPackages = with pkgs; [ + asdf-vm + openssh + ranger + sshfs + wget + + # REMOVE: Same as below + glfw3-minecraft + libglvnd + ]; + + programs.nix-ld.libraries = runtimeLibs; + + # FIXME: Remove this in favor of dirEnv + ## Libs for Minecraft ## + environment.variables = { + LD_LIBRARY_PATH = lib.makeLibraryPath runtimeLibs; + }; + + # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/host/rune/hardware.nix b/hosts/nixos/rune/hardware.nix similarity index 55% rename from host/rune/hardware.nix rename to hosts/nixos/rune/hardware.nix index 3c20119..4a3722a 100644 --- a/host/rune/hardware.nix +++ b/hosts/nixos/rune/hardware.nix @@ -1,23 +1,18 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. + { config, lib, - pkgs, modulesPath, - admin, ... }: -{ +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - # Bootloader boot = { - loader = { - timeout = 0; - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - initrd = { availableKernelModules = [ "nvme" @@ -28,42 +23,9 @@ "sd_mod" ]; kernelModules = [ ]; - verbose = false; }; - + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; - kernelParams = [ - "quiet" - "splash" - "vga=current" - "rd.systemd.show_status=false" - "rd.udev.log_level=3" - "udev.log_priority=3" - ]; - kernelModules = [ - "kvm-amd" - "i2c-dev" - ]; - - consoleLogLevel = 0; - }; - # Configurations for ddcutil - hardware.i2c.enable = true; - services.udev = { - enable = true; - extraRules = '' - KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660" - ''; - - # Extra Hardware Database (Hwdb) entries - # FIXME: not doing anything rn, mouse wheel still the same - extraHwdb = '' - # Logitech USB Receiver (for G903) - mouse:usb:v046dpC539:name:Logitech USB Receiver:* - MOUSE_WHEEL_CLICK_ANGLE=40 - MOUSE_WHEEL_CLICK_COUNT=1 - ''; - }; # For less permission issues with SSHFS @@ -86,18 +48,19 @@ }; "/pool" = { - device = "${admin}@104.40.4.24:/pool"; + # FIXME: admin does not work here anymore + device = "${config.hostSpec.username}@104.40.4.24:/pool"; fsType = "sshfs"; options = [ "defaults" "reconnect" "_netdev" "allow_other" - "identityfile=/home/${admin}/.ssh/pve" + "identityfile=/home/${config.hostSpec.username}/.ssh/pve" ]; }; - "/home/${admin}/git" = { + "/home/${config.hostSpec.username}/git" = { fsType = "none"; device = "/pool/git"; options = [ @@ -111,8 +74,15 @@ # Time and networking configurations time.hardwareClockInLocalTime = true; # Fixes windows dual-boot time issues - networking.useDHCP = lib.mkDefault true; - # Hardware configurations + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + # networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + } diff --git a/hosts/nixos/vm/default.nix b/hosts/nixos/vm/default.nix new file mode 100644 index 0000000..8ca16fc --- /dev/null +++ b/hosts/nixos/vm/default.nix @@ -0,0 +1,81 @@ +############################################################### +# +# Rune - Main Desktop +# NixOS running on Ryzen 9 7900X3D , Radeon RX 6950 XT, 32GB RAM +# +############################################################### + +{ + inputs, + lib, + config, + pkgs, + ... +}: +let + username = "toph"; +in +{ + imports = lib.flatten [ + + ## Hardware ## + ./hardware.nix + + (map lib.custom.relativeToRoot [ + ## Required Configs ## + "hosts/common/core" + + ## Optional Configs ## + "hosts/common/optional/audio.nix" # pipewire and cli controls + "hosts/common/optional/gnome.nix" # desktop + # "hosts/common/optional/plymouth.nix" # fancy boot screen + + ## Misc Inputs ## + + ## VM Specific ## + "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ + ]) + + ]; + + ## Host Specifications ## + hostSpec = { + hostName = "vm"; + username = username; + handle = "tophC7"; + password = "[REDACTED]"; + [REDACTED]; + email = "[REDACTED]"; + userFullName = "[REDACTED]"; + isARM = false; + }; + + networking = { + enableIPv6 = false; + }; + + ## Boot ## + boot = { + loader = { + efi.canTouchEfiVariables = true; + timeout = 3; + }; + + initrd = { + systemd.enable = true; + verbose = false; + }; + }; + + ## System-wide packages ## + environment.systemPackages = with pkgs; [ + openssh + ranger + sshfs + wget + + ]; + + # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/host/caenus/hardware.nix b/hosts/nixos/vm/hardware.nix similarity index 56% rename from host/caenus/hardware.nix rename to hosts/nixos/vm/hardware.nix index 998a961..75fe156 100644 --- a/host/caenus/hardware.nix +++ b/hosts/nixos/vm/hardware.nix @@ -14,45 +14,35 @@ (modulesPath + "/profiles/qemu-guest.nix") ]; - ## BOOTLOADER ## + # Bootloader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.useOSProber = true; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; boot.initrd.availableKernelModules = [ + "ahci" "xhci_pci" - "virtio_scsi" + "virtio_pci" + "sr_mod" + "virtio_blk" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; fileSystems."/" = { - device = "/dev/disk/by-uuid/467be3e2-75cb-439f-8255-e1ed3a00c2d8"; + device = "/dev/disk/by-uuid/a0b82536-3087-410a-b283-60ea10811ef5"; fsType = "ext4"; }; - fileSystems."/storage" = { - device = "/dev/disk/by-uuid/a3666a64-591c-45ab-8393-3dd1a0a51d79"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E12E-D69C"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; - }; - swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/users/default.nix b/hosts/users/default.nix new file mode 100644 index 0000000..ce208a4 --- /dev/null +++ b/hosts/users/default.nix @@ -0,0 +1,59 @@ +# User config applicable only to nixos +{ + inputs, + config, + lib, + pkgs, + ... +}: +let + hostSpec = config.hostSpec; + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in +{ + users.groups = { + ryot = { + gid = 1004; + members = [ "${hostSpec.username}" ]; + }; + }; + + users.mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation! + users.users.${hostSpec.username} = { + home = "/home/${hostSpec.username}"; + isNormalUser = true; + createHome = true; + description = "Admin"; + homeMode = "750"; + password = hostSpec.password; + uid = 1000; + group = "ryot"; + extraGroups = lib.flatten [ + "wheel" + (ifTheyExist [ + "audio" + "video" + "docker" + "git" + "networkmanager" + ]) + ]; + }; + + # No matter what environment we are in we want these tools for root, and the user(s) + programs.git.enable = true; + + # root's ssh key are mainly used for remote deployment, borg, and some other specific ops + users.users.root = { + shell = pkgs.bash; + password = hostSpec.password; + openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment. + }; +} +// lib.optionalAttrs (inputs ? "home-manager") { + + # Setup root home? + home-manager.users.root = lib.optionalAttrs (!hostSpec.isMinimal) { + home.stateVersion = "24.05"; # Avoid error + }; +} diff --git a/hosts/users/minimal/default.nix b/hosts/users/minimal/default.nix new file mode 100644 index 0000000..370b1b6 --- /dev/null +++ b/hosts/users/minimal/default.nix @@ -0,0 +1,23 @@ +{ config, ... }: +let + hostSpec = config.hostSpec; +in +{ + + users.groups = { + ryot = { + gid = 1004; + members = [ "${hostSpec.username}" ]; + }; + }; + + # Set a temp password for use by minimal builds like installer and iso + users.users.${hostSpec.username} = { + isNormalUser = true; + password = hostSpec.password; + extraGroups = [ + "wheel" + "ryot" + ]; + }; +} diff --git a/hosts/users/toph/default.nix b/hosts/users/toph/default.nix new file mode 100644 index 0000000..43c69d9 --- /dev/null +++ b/hosts/users/toph/default.nix @@ -0,0 +1,58 @@ +{ + inputs, + pkgs, + config, + lib, + ... +}: +let + hostSpec = config.hostSpec; + pubKeys = lib.filesystem.listFilesRecursive ./keys; +in +{ + users.users.${hostSpec.username} = { + name = hostSpec.username; + shell = pkgs.fish; # default shell + + # These get placed into /etc/ssh/authorized_keys.d/ on nixos + openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); + }; + + # Create ssh sockets directory for controlpaths when homemanager not loaded (i.e. isMinimal) + systemd.tmpfiles.rules = + let + user = config.users.users.${hostSpec.username}.name; + group = config.users.users.${hostSpec.username}.group; + in + [ + "d /home/${hostSpec.username}/.ssh 0750 ${user} ${group} -" + ]; + + # No matter what environment we are in we want these tools + programs.fish.enable = true; +} +# Import the user's personal/home configurations, unless the environment is minimal +// lib.optionalAttrs (inputs ? "home-manager") { + home-manager = { + extraSpecialArgs = { + inherit pkgs inputs; + hostSpec = config.hostSpec; + }; + users.${hostSpec.username}.imports = lib.flatten ( + lib.optional (!hostSpec.isMinimal) [ + ( + { config, ... }: + import (lib.custom.relativeToRoot "home/${hostSpec.username}/${hostSpec.hostName}") { + inherit + pkgs + inputs + config + lib + hostSpec + ; + } + ) + ] + ); + }; +} diff --git a/installer/flake.lock b/installer/flake.lock new file mode 100644 index 0000000..9627856 --- /dev/null +++ b/installer/flake.lock @@ -0,0 +1,62 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1732645828, + "narHash": "sha256-+4U2I2653JvPFxcux837ulwYS864QvEueIljUkwytsk=", + "owner": "nix-community", + "repo": "disko", + "rev": "869ba3a87486289a4197b52a6c9e7222edf00b3e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1732238832, + "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1732350895, + "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixpkgs": "nixpkgs_2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/installer/flake.nix b/installer/flake.nix new file mode 100644 index 0000000..49f7f6d --- /dev/null +++ b/installer/flake.nix @@ -0,0 +1,49 @@ +{ + description = "Minimal NixOS configuration for bootstrapping systems"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + }; + + outputs = + { + self, + nixpkgs, + ... + }@inputs: + let + inherit (self) outputs; + + # NOTE: Change when installing, hacky but whatever + username = "toph"; + ARM = "aarch64-linux"; # ARM systems + X86 = "x86_64-linux"; # x86_64 systems + + minimalSpecialArgs = { + inherit inputs outputs; + lib = nixpkgs.lib.extend ( + self: super: { custom = import /home/${username}/git/dot.nix/lib { inherit (nixpkgs) lib; }; } + ); + }; + + # This mkHost is way better: https://github.com/linyinfeng/dotfiles/blob/8785bdb188504cfda3daae9c3f70a6935e35c4df/flake/hosts.nix#L358 + newConfig = + name: system: + (nixpkgs.lib.nixosSystem { + system = system; + specialArgs = minimalSpecialArgs; + modules = [ + ./minimal-configuration.nix + /home/${username}/git/dot.nix/hosts/nixos/${name}/hardware.nix + { networking.hostName = name; } + ]; + }); + in + { + nixosConfigurations = { + # host = newConfig "name" + vm = newConfig "vm" X86; + rune = newConfig "rune" X86; + }; + }; +} diff --git a/installer/minimal-configuration.nix b/installer/minimal-configuration.nix new file mode 100644 index 0000000..6963dec --- /dev/null +++ b/installer/minimal-configuration.nix @@ -0,0 +1,83 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: +{ + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "modules/common/host-spec.nix" + "hosts/common/core/ssh.nix" + "hosts/users/minimal" + ]) + ]; + + # NOTE: Change when installing, hacky but whatever + hostSpec = { + isMinimal = lib.mkForce true; + hostName = "installer"; + username = "toph"; + password = "[REDACTED]"; + isARM = false; + }; + + # fileSystems."/boot".options = [ "umask=0077" ]; # Removes permissions and security warnings. + boot.loader.efi.canTouchEfiVariables = true; + # boot.loader.systemd-boot = { + # enable = true; + # # we use Git for version control, so we don't need to keep too many generations. + # configurationLimit = lib.mkDefault 3; + # # pick the highest resolution for systemd-boot's console. + # consoleMode = lib.mkDefault "max"; + # }; + boot.initrd = { + systemd.enable = true; + systemd.emergencyAccess = true; # Don't need to enter password in emergency mode + }; + boot.kernelParams = [ + # "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" + # "systemd.show_status=true" + #"systemd.log_level=debug" + # "systemd.log_target=console" + # "systemd.journald.forward_to_console=1" + ]; + + environment.systemPackages = builtins.attrValues { + inherit (pkgs) + wget + curl + git + ; + }; + + networking = { + networkmanager.enable = true; + }; + + services = { + qemuGuest.enable = true; + openssh = { + enable = true; + ports = [ 22 ]; + settings.PermitRootLogin = lib.mkForce "yes"; + }; + }; + + nix = { + #FIXME(installer): registry and nixPath shouldn't be required here because flakes but removal results in warning spam on build + registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + warn-dirty = false; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..cab49a8 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,20 @@ +# FIXME(lib.custom): Add some stuff from hmajid2301/dotfiles/lib/module/default.nix, as simplifies option declaration +{ lib, ... }: +{ + # use path relative to the root of the project + relativeToRoot = lib.path.append ../.; + scanPaths = + path: + builtins.map (f: (path + "/${f}")) ( + builtins.attrNames ( + lib.attrsets.filterAttrs ( + path: _type: + (_type == "directory") # include directories + || ( + (path != "default.nix") # ignore default.nix + && (lib.strings.hasSuffix ".nix" path) # include .nix files + ) + ) (builtins.readDir path) + ) + ); +} diff --git a/modules/common/default.nix b/modules/common/default.nix new file mode 100644 index 0000000..74fb25f --- /dev/null +++ b/modules/common/default.nix @@ -0,0 +1,9 @@ +# Add your reusable NixOS modules to this directory, on their own file (https://wiki.nixos.org/wiki/NixOS_modules). +# These are modules you would share with others, not your personal configurations. + +{ lib, ... }: +{ + # Imports all NixOS modules found in the current directory. + # `lib.custom.scanPaths ./.` scans the current directory (./) for NixOS modules and imports them. + imports = lib.custom.scanPaths ./.; +} diff --git a/modules/common/host-spec.nix b/modules/common/host-spec.nix new file mode 100644 index 0000000..14c64ef --- /dev/null +++ b/modules/common/host-spec.nix @@ -0,0 +1,63 @@ +# Specifications For Differentiating Hosts +{ + config, + pkgs, + lib, + ... +}: +{ + options.hostSpec = { + username = lib.mkOption { + type = lib.types.str; + description = "The username of the host"; + }; + password = lib.mkOption { + type = lib.types.str; + description = "Password of the host"; + }; + hostName = lib.mkOption { + type = lib.types.str; + description = "The hostname of the host"; + }; + email = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + description = "The email of the user"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "The domain of the host"; + }; + userFullName = lib.mkOption { + type = lib.types.str; + description = "The full name of the user"; + }; + handle = lib.mkOption { + type = lib.types.str; + description = "The handle of the user (eg: github user)"; + }; + home = lib.mkOption { + type = lib.types.str; + description = "The home directory of the user"; + default = + let + user = config.hostSpec.username; + in + if pkgs.stdenv.isLinux then "/home/${user}" else "/Users/${user}"; + }; + isARM = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Used to indicate a host that is aarch64"; + }; + isMinimal = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Used to indicate a minimal host"; + }; + isServer = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Used to indicate a server host"; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..74fb25f --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,9 @@ +# Add your reusable NixOS modules to this directory, on their own file (https://wiki.nixos.org/wiki/NixOS_modules). +# These are modules you would share with others, not your personal configurations. + +{ lib, ... }: +{ + # Imports all NixOS modules found in the current directory. + # `lib.custom.scanPaths ./.` scans the current directory (./) for NixOS modules and imports them. + imports = lib.custom.scanPaths ./.; +} diff --git a/nix/default.nix b/nix/default.nix deleted file mode 100644 index 1c5878f..0000000 --- a/nix/default.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - admin, - config, - hostName, - modulesPath, - pkgs, - ... -}: - -let - - # admin = "toph"; - password = "[REDACTED]"; - timeZone = "America/New_York"; - defaultLocale = "en_US.UTF-8"; - -in -{ - ## TIMEZONE & LOCALE ## - networking.timeServers = [ "pool.ntp.org" ]; - time.timeZone = timeZone; - i18n.defaultLocale = defaultLocale; - i18n.extraLocaleSettings = { - LC_ADDRESS = defaultLocale; - LC_IDENTIFICATION = defaultLocale; - LC_MEASUREMENT = defaultLocale; - LC_MONETARY = defaultLocale; - LC_NAME = defaultLocale; - LC_NUMERIC = defaultLocale; - LC_PAPER = defaultLocale; - LC_TELEPHONE = defaultLocale; - LC_TIME = defaultLocale; - }; - - ## USERS ## - users.mutableUsers = false; - users.groups = { - ryot = { - gid = 1004; - members = [ "${admin}" ]; - }; - }; - users.users."${admin}" = { - isNormalUser = true; - createHome = true; - description = "Admin"; - homeMode = "750"; - home = "/home/${admin}"; - password = password; - uid = 1000; - extraGroups = [ - "networkmanager" - "wheel" - "i2c" - ]; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - ]; - }; - - # INFO: Enable passwordless sudo. - security.sudo.extraRules = [ - { - users = [ admin ]; - commands = [ - { - command = "ALL"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; - - ## PROGRAMS & SERVICES ## - # Shells - environment.shells = with pkgs; [ - bash - fish - ]; - programs.fish.enable = true; - - ## NETWORKING ## - networking = { - dhcpcd.enable = false; - hostName = hostName; - networkmanager.enable = true; - useDHCP = true; - useHostResolvConf = false; - usePredictableInterfaceNames = true; - }; - - ## NIXOS ## - systemd.tmpfiles.rules = [ - "d /home/${admin}/git 0750 ${admin} users -" - ]; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # forces interfaces to be named predictably - # This value determines the NixOS release with which your system is to be - system.stateVersion = "24.11"; - # Enable Flakes - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; -} diff --git a/nix/overlays/default.nix b/nix/overlays/default.nix deleted file mode 100644 index 4bf482e..0000000 --- a/nix/overlays/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -self: super: - -let - callPackage = super.callPackage; -in { - snapraid-runner = callPackage ../pkgs/snapraid-runner { }; -} \ No newline at end of file diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..3f1bb3a --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,59 @@ +# +# This file defines overlays/custom modifications to upstream packages +# + +{ inputs, ... }: + +let + # Adds my custom packages + # FIXME: Add per-system packages + additions = + final: prev: + (prev.lib.packagesFromDirectoryRecursive { + callPackage = prev.lib.callPackageWith final; + directory = ../pkgs/common; + }); + + linuxModifications = final: prev: prev.lib.mkIf final.stdenv.isLinux { }; + + modifications = final: prev: { + # example = prev.example.overrideAttrs (oldAttrs: let ... in { + # ... + # }); + # flameshot = prev.flameshot.overrideAttrs { + # cmakeFlags = [ + # (prev.lib.cmakeBool "USE_WAYLAND_GRIM" true) + # (prev.lib.cmakeBool "USE_WAYLAND_CLIPBOARD" true) + # ]; + # }; + }; + + stable-packages = final: _prev: { + stable = import inputs.nixpkgs-stable { + inherit (final) system; + config.allowUnfree = true; + # overlays = [ + # ]; + }; + }; + + unstable-packages = final: _prev: { + unstable = import inputs.nixpkgs-unstable { + inherit (final) system; + config.allowUnfree = true; + # overlays = [ + # ]; + }; + }; + +in +{ + default = + final: prev: + + (additions final prev) + // (modifications final prev) + // (linuxModifications final prev) + // (stable-packages final prev) + // (unstable-packages final prev); +} diff --git a/nix/pkgs/snapraid-runner/default.nix b/pkgs/common/snapraid-runner/default.nix similarity index 100% rename from nix/pkgs/snapraid-runner/default.nix rename to pkgs/common/snapraid-runner/default.nix diff --git a/nix/pkgs/snapraid-runner/snapraid-runner.conf b/pkgs/common/snapraid-runner/snapraid-runner.conf similarity index 100% rename from nix/pkgs/snapraid-runner/snapraid-runner.conf rename to pkgs/common/snapraid-runner/snapraid-runner.conf diff --git a/nix/pkgs/snapraid-runner/snapraid-runner.py b/pkgs/common/snapraid-runner/snapraid-runner.py similarity index 100% rename from nix/pkgs/snapraid-runner/snapraid-runner.py rename to pkgs/common/snapraid-runner/snapraid-runner.py