2024-03-12 22:14:08 -04:00
|
|
|
# Custom desktop with AMD Ryzen 5 2600, 16GB RAM, AMD Rx 6700, and 1TB SSD + 2TB HDD.
|
2024-03-03 21:42:59 -05:00
|
|
|
{
|
2024-04-07 22:16:33 -04:00
|
|
|
config,
|
|
|
|
lib,
|
2024-05-24 09:37:37 -04:00
|
|
|
pkgs,
|
2024-07-09 19:17:53 -04:00
|
|
|
self,
|
2024-04-07 22:16:33 -04:00
|
|
|
...
|
2024-04-22 20:34:02 -04:00
|
|
|
}: let
|
2024-07-05 20:58:05 -04:00
|
|
|
archiveDirectory = "/mnt/Archive";
|
2024-04-22 20:34:02 -04:00
|
|
|
domain = "raffauflabs.com";
|
|
|
|
mediaDirectory = "/mnt/Media";
|
|
|
|
in {
|
2024-05-24 09:37:37 -04:00
|
|
|
imports = [
|
2024-07-16 16:53:28 -04:00
|
|
|
../common
|
2024-07-16 21:13:30 -04:00
|
|
|
./disko.nix
|
2024-05-24 09:37:37 -04:00
|
|
|
./home.nix
|
2024-07-09 19:17:53 -04:00
|
|
|
self.inputs.nixhw.nixosModules.common-amd-cpu
|
|
|
|
self.inputs.nixhw.nixosModules.common-amd-gpu
|
|
|
|
self.inputs.nixhw.nixosModules.common-bluetooth
|
|
|
|
self.inputs.nixhw.nixosModules.common-ssd
|
|
|
|
self.inputs.raffauflabs.nixosModules.raffauflabs
|
2024-05-24 09:37:37 -04:00
|
|
|
];
|
2024-03-03 21:42:59 -05:00
|
|
|
|
2024-06-30 23:28:24 -04:00
|
|
|
age.secrets = {
|
|
|
|
cloudflare.file = ../../secrets/cloudflare.age;
|
2024-06-25 21:47:48 -04:00
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
lastfmId = {
|
|
|
|
owner = "navidrome";
|
|
|
|
file = ../../secrets/lastFM/apiKey.age;
|
2024-04-18 14:21:33 -04:00
|
|
|
};
|
2024-06-22 12:10:36 -04:00
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
lastfmSecret = {
|
|
|
|
owner = "navidrome";
|
|
|
|
file = ../../secrets/lastFM/secret.age;
|
2024-06-25 21:47:48 -04:00
|
|
|
};
|
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
spotifyId = {
|
|
|
|
owner = "navidrome";
|
|
|
|
file = ../../secrets/spotify/clientId.age;
|
2024-07-04 21:03:49 -04:00
|
|
|
};
|
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
spotifySecret = {
|
|
|
|
owner = "navidrome";
|
|
|
|
file = ../../secrets/spotify/clientSecret.age;
|
2024-04-18 14:21:33 -04:00
|
|
|
};
|
2024-07-08 01:29:09 -04:00
|
|
|
|
|
|
|
syncthingCert.file = ../../secrets/syncthing/mauville/cert.age;
|
|
|
|
syncthingKey.file = ../../secrets/syncthing/mauville/key.age;
|
2024-07-05 20:58:05 -04:00
|
|
|
};
|
2024-06-28 21:07:20 -04:00
|
|
|
|
2024-07-16 21:13:30 -04:00
|
|
|
system.activationScripts.gen-initrd-ssh.text = ''
|
|
|
|
KEY_PATH="/etc/secrets/initrd/ssh_host_ed25519_key"
|
|
|
|
|
|
|
|
mkdir -p /etc/secrets/initrd
|
|
|
|
|
|
|
|
# Check if the file already exists
|
|
|
|
if [ -f "$KEY_PATH" ]; then
|
|
|
|
echo "Key already exists at $KEY_PATH. Skipping ssh-keygen."
|
|
|
|
else
|
|
|
|
# Generate the SSH key if it doesn't exist
|
|
|
|
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "$KEY_PATH"
|
|
|
|
echo "SSH key generated at $KEY_PATH."
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
|
2024-07-07 19:17:35 -04:00
|
|
|
boot = {
|
2024-07-16 21:13:30 -04:00
|
|
|
initrd = {
|
|
|
|
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
|
|
|
|
|
|
|
|
network = {
|
|
|
|
enable = true;
|
|
|
|
flushBeforeStage2 = true;
|
|
|
|
|
|
|
|
ssh = {
|
|
|
|
enable = true;
|
|
|
|
port = 22;
|
|
|
|
authorizedKeyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles;
|
|
|
|
hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key];
|
|
|
|
};
|
|
|
|
|
|
|
|
udhcpc.enable = true;
|
|
|
|
|
|
|
|
postCommands = ''
|
|
|
|
# Automatically ask for the password on SSH login
|
|
|
|
echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2024-07-07 19:17:35 -04:00
|
|
|
|
|
|
|
loader = {
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
};
|
2024-07-05 20:58:05 -04:00
|
|
|
};
|
2024-06-28 21:07:20 -04:00
|
|
|
|
2024-07-07 19:17:35 -04:00
|
|
|
hardware.enableAllFirmware = true;
|
2024-07-05 20:58:05 -04:00
|
|
|
networking.hostName = "mauville";
|
2024-06-30 23:01:57 -04:00
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
services = {
|
2024-07-11 21:06:45 -04:00
|
|
|
forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce true;
|
|
|
|
|
2024-04-22 20:18:47 -04:00
|
|
|
samba = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
2024-06-22 12:10:36 -04:00
|
|
|
securityType = "user";
|
|
|
|
|
2024-04-22 20:18:47 -04:00
|
|
|
shares = {
|
|
|
|
Media = {
|
2024-06-07 13:14:34 -04:00
|
|
|
browseable = "yes";
|
2024-07-05 20:58:05 -04:00
|
|
|
comment = "Media @ ${config.networking.hostName}";
|
2024-04-22 20:34:02 -04:00
|
|
|
path = mediaDirectory;
|
2024-04-22 20:18:47 -04:00
|
|
|
"read only" = "no";
|
|
|
|
"guest ok" = "yes";
|
|
|
|
"create mask" = "0755";
|
|
|
|
"directory mask" = "0755";
|
|
|
|
};
|
2024-06-22 12:10:36 -04:00
|
|
|
|
2024-04-22 20:18:47 -04:00
|
|
|
Archive = {
|
2024-06-07 13:14:34 -04:00
|
|
|
browseable = "yes";
|
2024-07-05 20:58:05 -04:00
|
|
|
comment = "Archive @ ${config.networking.hostName}";
|
2024-04-22 20:34:02 -04:00
|
|
|
path = archiveDirectory;
|
2024-04-22 20:18:47 -04:00
|
|
|
"create mask" = "0755";
|
|
|
|
"directory mask" = "0755";
|
2024-06-07 13:14:34 -04:00
|
|
|
"guest ok" = "yes";
|
|
|
|
"read only" = "no";
|
2024-04-22 20:18:47 -04:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-06-22 12:10:36 -04:00
|
|
|
|
2024-04-22 20:18:47 -04:00
|
|
|
samba-wsdd = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
2024-03-30 21:14:13 -04:00
|
|
|
};
|
2024-03-28 16:36:10 -04:00
|
|
|
};
|
|
|
|
|
2024-07-07 22:23:19 -04:00
|
|
|
environment.variables.GDK_SCALE = "1.25";
|
2024-07-16 21:13:30 -04:00
|
|
|
|
|
|
|
system = {
|
|
|
|
autoUpgrade.allowReboot = lib.mkForce false;
|
|
|
|
stateVersion = "24.05";
|
|
|
|
};
|
|
|
|
|
2024-07-07 17:17:51 -04:00
|
|
|
zramSwap.memoryPercent = 100;
|
|
|
|
|
2024-06-26 22:13:02 -04:00
|
|
|
ar = {
|
2024-06-22 12:10:36 -04:00
|
|
|
apps = {
|
2024-06-28 21:07:20 -04:00
|
|
|
firefox.enable = true;
|
2024-06-22 12:10:36 -04:00
|
|
|
nicotine-plus.enable = true;
|
|
|
|
podman.enable = true;
|
|
|
|
steam.enable = true;
|
|
|
|
virt-manager.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
desktop = {
|
|
|
|
greetd = {
|
|
|
|
enable = true;
|
2024-07-10 20:30:11 -04:00
|
|
|
autologin = "aly";
|
2024-06-22 12:10:36 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
hyprland.enable = true;
|
2024-06-22 12:22:31 -04:00
|
|
|
steam.enable = true;
|
2024-06-22 12:10:36 -04:00
|
|
|
};
|
2024-06-26 22:13:02 -04:00
|
|
|
|
2024-06-22 12:10:36 -04:00
|
|
|
users = {
|
|
|
|
aly = {
|
|
|
|
enable = true;
|
|
|
|
password = "$y$j9T$SHPShqI2IpRE101Ey2ry/0$0mhW1f9LbVY02ifhJlP9XVImge9HOpf23s9i1JFLIt9";
|
2024-07-08 00:58:52 -04:00
|
|
|
|
|
|
|
syncthing = {
|
|
|
|
enable = true;
|
2024-07-08 01:29:09 -04:00
|
|
|
certFile = config.age.secrets.syncthingCert.path;
|
|
|
|
keyFile = config.age.secrets.syncthingKey.path;
|
2024-07-08 00:58:52 -04:00
|
|
|
musicPath = "${mediaDirectory}/Music";
|
|
|
|
};
|
2024-06-22 12:10:36 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
dustin = {
|
|
|
|
enable = true;
|
|
|
|
password = "$y$j9T$3mMCBnUQ.xjuPIbSof7w0.$fPtRGblPRSwRLj7TFqk1nzuNQk2oVlgvb/bE47sghl.";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-07-05 20:58:05 -04:00
|
|
|
|
|
|
|
raffauflabs = {
|
|
|
|
inherit domain;
|
|
|
|
enable = true;
|
|
|
|
|
2024-07-16 23:23:22 -04:00
|
|
|
containers.oci.freshRSS.enable = true;
|
2024-07-05 20:58:05 -04:00
|
|
|
|
|
|
|
services = {
|
2024-07-16 23:23:22 -04:00
|
|
|
audiobookshelf.enable = true;
|
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
ddclient = {
|
|
|
|
enable = true;
|
|
|
|
passwordFile = config.age.secrets.cloudflare.path;
|
|
|
|
protocol = "cloudflare";
|
|
|
|
};
|
|
|
|
|
|
|
|
forgejo.enable = true;
|
2024-07-16 23:23:22 -04:00
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
navidrome = {
|
|
|
|
enable = true;
|
2024-07-10 21:21:14 -04:00
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
lastfm = {
|
|
|
|
idFile = config.age.secrets.lastfmId.path;
|
|
|
|
secretFile = config.age.secrets.lastfmSecret.path;
|
|
|
|
};
|
2024-07-10 21:21:14 -04:00
|
|
|
|
2024-07-05 20:58:05 -04:00
|
|
|
spotify = {
|
|
|
|
idFile = config.age.secrets.spotifyId.path;
|
|
|
|
secretFile = config.age.secrets.spotifySecret.path;
|
|
|
|
};
|
|
|
|
};
|
2024-07-16 23:23:22 -04:00
|
|
|
|
|
|
|
plexMediaServer.enable = true;
|
|
|
|
transmission.enable = true;
|
2024-07-05 20:58:05 -04:00
|
|
|
};
|
|
|
|
};
|
2024-03-03 21:42:59 -05:00
|
|
|
}
|