alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-21 15:53:55 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

ran nixfmt to standardize formatting

Browse source
This commit is contained in:
Aly Raffauf 2024-03-24 19:44:09 -04:00
parent a3257404ad
commit b41949543e
20 changed files with 283 additions and 289 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
flake.nix
View file

@ -22,68 +22,68 @@
# # Declarative Flatpaks.
# nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.3.0";
# Pre-baked hardware support for various devices.
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
nixConfig = {
extra-substituters = [
"https://nixcache.raffauflabs.com"
];
extra-substituters = [ "https://nixcache.raffauflabs.com" ];
extra-trusted-public-keys = [
"nixcache.raffauflabs.com:yFIuJde/izA4aUDI3MZmBLzynEsqVCT1OfCUghOLlt8="
];
};
outputs = inputs@{ nixpkgs, home-manager, nixpkgs-unstable, home-manager-unstable, nixos-hardware, ... }: {
outputs = inputs@{ nixpkgs, home-manager, nixpkgs-unstable
, home-manager-unstable, nixos-hardware, ... }: {
homeConfigurations."aly" = home-manager-unstable.lib.homeManagerConfiguration {
pkgs = import nixpkgs-unstable { system = "x86_64-linux"; };
modules = [ ./home/aly.nix ];
};
homeConfigurations."aly" =
home-manager-unstable.lib.homeManagerConfiguration {
pkgs = import nixpkgs-unstable { system = "x86_64-linux"; };
modules = [ ./home/aly.nix ];
};
nixosConfigurations = {
nixosConfigurations = {
# Framework 13 with AMD Ryzen 7640U and 32GB RAM.
lavaridge = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-hardware.nixosModules.framework-13-7040-amd
home-manager-unstable.nixosModules.home-manager
./hosts/lavaridge
];
};
# Framework 13 with AMD Ryzen 7640U and 32GB RAM.
lavaridge = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-hardware.nixosModules.framework-13-7040-amd
home-manager-unstable.nixosModules.home-manager
./hosts/lavaridge
];
};
# Home Lab. Ryzen 5 2600 with 16GB RAM, RX 6700.
mauville = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager-unstable.nixosModules.home-manager
./hosts/mauville
];
};
# Home Lab. Ryzen 5 2600 with 16GB RAM, RX 6700.
mauville = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
home-manager-unstable.nixosModules.home-manager
./hosts/mauville
];
};
# Lenovo Yoga 9i with i7-1360P and 16GB RAM.
petalburg = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-cpu-intel
home-manager-unstable.nixosModules.home-manager
./hosts/petalburg
];
};
# T440p with i5-4210M and 16GB RAM.
rustboro = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-t440p
home-manager-unstable.nixosModules.home-manager
./hosts/rustboro
];
# Lenovo Yoga 9i with i7-1360P and 16GB RAM.
petalburg = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-cpu-intel
home-manager-unstable.nixosModules.home-manager
./hosts/petalburg
];
};
# T440p with i5-4210M and 16GB RAM.
rustboro = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-t440p
home-manager-unstable.nixosModules.home-manager
./hosts/rustboro
];
};
};
};
};
}

8
home/hypr/hypridle.conf
View file

@ -28,7 +28,7 @@ listener {
on-resume = hyprctl dispatch dpms on # screen on when activity is detected after timeout has fired.
}
# listener {
# timeout = 600 # 30min
# on-timeout = systemctl suspend # suspend pc
# }
listener {
timeout = 600 # 30min
on-timeout = [[ $(hostname) != "mauville" ]] && systemctl suspend # suspend pc unless on mauville
}

6
modules/desktop.nix
View file

@ -6,9 +6,7 @@
enable = true;
xkb.layout = "us";
xkb.variant = "";
excludePackages = with pkgs; [
xterm
];
excludePackages = with pkgs; [ xterm ];
};
## Needed for Flatpaks
@ -37,7 +35,7 @@
];
fonts.fontDir.enable = true;
system.fsPackages = [ pkgs.bindfs ];
fileSystems = let
mkRoSymBind = path: {

7
modules/gnome/default.nix
View file

@ -1,10 +1,9 @@
{ config, pkgs, ... }:
{
imports =
[ # Include X settings.
../desktop.nix
];
imports = [ # Include X settings.
../desktop.nix
];
environment.systemPackages = with pkgs; [
gnomeExtensions.appindicator

15
modules/gnome/fingerprint.nix
View file

@ -1,11 +1,12 @@
{ config, pkgs, ... }:
{
# Need to change the order pam loads its modules
# to get proper fingerprint behavior on GDM and the lockscreen.
security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
text = ''
# Need to change the order pam loads its modules
# to get proper fingerprint behavior on GDM and the lockscreen.
security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint =
lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
@ -21,6 +22,6 @@
session include login
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
'';
};
}
}

2
modules/gnome/fractional_scaling.nix
View file

@ -1,5 +1,5 @@
{ config, pkgs, ... }:
{
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

4
modules/gnome/triplebuffering.nix
View file

@ -4,14 +4,14 @@
nixpkgs.overlays = [
(final: prev: {
gnome = prev.gnome.overrideScope (gnomeFinal: gnomePrev: {
mutter = gnomePrev.mutter.overrideAttrs ( old: {
mutter = gnomePrev.mutter.overrideAttrs (old: {
src = pkgs.fetchgit {
url = "https://gitlab.gnome.org/vanvugt/mutter.git";
# GNOME 45: triple-buffering-v4-45
rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
};
} );
});
});
})
];

8
modules/homelab/binary_cache.nix
View file

@ -1,9 +1,9 @@
{ config, pkgs, ... }:
{
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
}

20
modules/homelab/default.nix
View file

@ -1,15 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
./binary_cache.nix
./nginx_proxy.nix
./nix_containers.nix
./oci_containers.nix
./samba.nix
./virtualization.nix
];
imports = [
./binary_cache.nix
./nginx_proxy.nix
./nix_containers.nix
./oci_containers.nix
./samba.nix
./virtualization.nix
];
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
}

147
modules/homelab/nginx_proxy.nix
View file

@ -1,82 +1,85 @@
{ config, pkgs, ... }:
{
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
networking = {
firewall = {
allowedTCPPorts = [ 80 443 51413 9091 ];
allowedUDPPorts = [ 51413 ];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
networking = {
firewall = {
allowedTCPPorts = [ 80 443 51413 9091 ];
allowedUDPPorts = [ 51413 ];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
}
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
}

34
modules/homelab/nix_containers.nix
View file

@ -1,23 +1,23 @@
{ config, pkgs, ... }:
{
containers.navidrome = {
autoStart = true;
bindMounts."/Music".hostPath = "/mnt/Media/Music";
config = { config, pkgs, lib, ... }: {
system.stateVersion = "24.05";
services.navidrome = {
enable = true;
openFirewall = true;
settings = {
Address = "0.0.0.0";
Port = 4533;
MusicFolder = "/Music";
DefaultTheme = "Auto";
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
};
};
containers.navidrome = {
autoStart = true;
bindMounts."/Music".hostPath = "/mnt/Media/Music";
config = { config, pkgs, lib, ... }: {
system.stateVersion = "24.05";
services.navidrome = {
enable = true;
openFirewall = true;
settings = {
Address = "0.0.0.0";
Port = 4533;
MusicFolder = "/Music";
DefaultTheme = "Auto";
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
};
};
};
};
}

91
modules/homelab/oci_containers.nix
View file

@ -1,52 +1,49 @@
{ config, pkgs, ... }:
{
virtualisation.oci-containers.containers = {
audiobookshelf = {
ports = ["0.0.0.0:13378:80"];
image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = { TZ = "America/New_York"; };
volumes = [
"abs_config:/config"
"abs_metadata:/metadata"
"/mnt/Media:/Media"
];
};
plex-server = {
ports = ["0.0.0.0:32400:32400"];
image = "plexinc/pms-docker:public";
environment = { TZ = "America/New_York"; };
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = ["0.0.0.0:8096:8096"];
image = "jellyfin/jellyfin";
environment = { TZ = "America/New_York"; };
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
virtualisation.oci-containers.containers = {
audiobookshelf = {
ports = [ "0.0.0.0:13378:80" ];
image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = { TZ = "America/New_York"; };
volumes =
[ "abs_config:/config" "abs_metadata:/metadata" "/mnt/Media:/Media" ];
};
plex-server = {
ports = [ "0.0.0.0:32400:32400" ];
image = "plexinc/pms-docker:public";
environment = { TZ = "America/New_York"; };
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = [ "0.0.0.0:9091:9091" "0.0.0.0:51413:51413" ];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = [ "0.0.0.0:8096:8096" ];
image = "jellyfin/jellyfin";
environment = { TZ = "America/New_York"; };
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
};
}

56
modules/homelab/samba.nix
View file

@ -1,36 +1,36 @@
{ config, pkgs, ... }:
{
services = {
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @Mauville";
path = "/mnt/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
Archive = {
comment = "Archive @Mauville";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
services = {
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @Mauville";
path = "/mnt/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
samba-wsdd = {
enable = true;
openFirewall = true;
Archive = {
comment = "Archive @Mauville";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
}

6
modules/homelab/virtualization.nix
View file

@ -5,13 +5,11 @@
virtualisation = {
libvirtd.enable = true;
oci-containers = {
backend = "podman";
};
oci-containers = { backend = "podman"; };
podman = {
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
enable = true;
};
};
}
}

10
modules/hyprland.nix
View file

@ -10,11 +10,11 @@
greeters.slick = {
enable = true;
extraConfig = ''
theme-name=breeze-gtk
icon-theme=breeze
font-name="NotoSansM Nerd Font Mono"
background=#000000
enable-hidpi=on
theme-name=breeze-gtk
icon-theme=breeze
font-name="NotoSansM Nerd Font Mono"
background=#000000
enable-hidpi=on
'';
};
};

11
modules/kde.nix
View file

@ -1,10 +1,9 @@
{ config, pkgs, ... }:
{
imports =
[ # Include X settings.
./desktop.nix
];
imports = [ # Include X settings.
./desktop.nix
];
# Enable SDDM + Plasma Desktop.
services = {
@ -28,8 +27,8 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.kdeconnect.enable = true;
# nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
# nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true;
}

10
modules/plymouth.nix
View file

@ -1,9 +1,9 @@
{ config, pkgs, ... }:
{
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
};
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
plymouth.enable = true;
};
}

14
modules/steam.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, ... }:
{
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall =
true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall =
true; # Open ports in the firewall for Source Dedicated Server
};
}

25
modules/sway.nix
View file

@ -1,19 +1,16 @@
{ config, pkgs, ... }:
{
imports =
[ # Include X settings.
./desktop.nix
];
imports = [ # Include X settings.
./desktop.nix
];
services.xserver.displayManager = {
sessionPackages = [ pkgs.sway ];
};
services.xserver.displayManager = { sessionPackages = [ pkgs.sway ]; };
programs.light.enable = true; # Brightness and volume control.
programs.dconf.enable = true;
services.xserver.libinput.enable = true;
services.gnome.gnome-keyring.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.config.common.default = "*";
}
programs.light.enable = true; # Brightness and volume control.
programs.dconf.enable = true;
services.xserver.libinput.enable = true;
services.gnome.gnome-keyring.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.config.common.default = "*";
}

4
modules/zram_swap.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{
zramSwap.enable = true;
zramSwap.memoryPercent = 25;
zramSwap.enable = true;
zramSwap.memoryPercent = 25;
}