alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-22 04:53:54 -05:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ran nixfmt to standardize formatting

Browse source
This commit is contained in:
Aly Raffauf 2024-03-24 19:44:09 -04:00
parent a3257404ad
commit b41949543e
20 changed files with 283 additions and 289 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
flake.nix
View file

@ -28,62 +28,62 @@
}; };
nixConfig = { nixConfig = {
extra-substituters = [ extra-substituters = [ "https://nixcache.raffauflabs.com" ];
"https://nixcache.raffauflabs.com"
];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"nixcache.raffauflabs.com:yFIuJde/izA4aUDI3MZmBLzynEsqVCT1OfCUghOLlt8=" "nixcache.raffauflabs.com:yFIuJde/izA4aUDI3MZmBLzynEsqVCT1OfCUghOLlt8="
]; ];
}; };
outputs = inputs@{ nixpkgs, home-manager, nixpkgs-unstable, home-manager-unstable, nixos-hardware, ... }: { outputs = inputs@{ nixpkgs, home-manager, nixpkgs-unstable
, home-manager-unstable, nixos-hardware, ... }: {
homeConfigurations."aly" = home-manager-unstable.lib.homeManagerConfiguration { homeConfigurations."aly" =
pkgs = import nixpkgs-unstable { system = "x86_64-linux"; }; home-manager-unstable.lib.homeManagerConfiguration {
modules = [ ./home/aly.nix ]; pkgs = import nixpkgs-unstable { system = "x86_64-linux"; };
}; modules = [ ./home/aly.nix ];
};
nixosConfigurations = { nixosConfigurations = {
# Framework 13 with AMD Ryzen 7640U and 32GB RAM. # Framework 13 with AMD Ryzen 7640U and 32GB RAM.
lavaridge = nixpkgs-unstable.lib.nixosSystem { lavaridge = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
nixos-hardware.nixosModules.framework-13-7040-amd nixos-hardware.nixosModules.framework-13-7040-amd
home-manager-unstable.nixosModules.home-manager home-manager-unstable.nixosModules.home-manager
./hosts/lavaridge ./hosts/lavaridge
]; ];
}; };
# Home Lab. Ryzen 5 2600 with 16GB RAM, RX 6700. # Home Lab. Ryzen 5 2600 with 16GB RAM, RX 6700.
mauville = nixpkgs-unstable.lib.nixosSystem { mauville = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
home-manager-unstable.nixosModules.home-manager home-manager-unstable.nixosModules.home-manager
./hosts/mauville ./hosts/mauville
]; ];
}; };
# Lenovo Yoga 9i with i7-1360P and 16GB RAM. # Lenovo Yoga 9i with i7-1360P and 16GB RAM.
petalburg = nixpkgs-unstable.lib.nixosSystem { petalburg = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
nixos-hardware.nixosModules.common-pc-laptop-ssd nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
home-manager-unstable.nixosModules.home-manager home-manager-unstable.nixosModules.home-manager
./hosts/petalburg ./hosts/petalburg
]; ];
}; };
# T440p with i5-4210M and 16GB RAM. # T440p with i5-4210M and 16GB RAM.
rustboro = nixpkgs-unstable.lib.nixosSystem { rustboro = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-t440p nixos-hardware.nixosModules.lenovo-thinkpad-t440p
home-manager-unstable.nixosModules.home-manager home-manager-unstable.nixosModules.home-manager
./hosts/rustboro ./hosts/rustboro
]; ];
};
}; };
}; };
};
} }

8
home/hypr/hypridle.conf
View file

@ -28,7 +28,7 @@ listener {
on-resume = hyprctl dispatch dpms on # screen on when activity is detected after timeout has fired. on-resume = hyprctl dispatch dpms on # screen on when activity is detected after timeout has fired.
} }
# listener { listener {
# timeout = 600 # 30min timeout = 600 # 30min
# on-timeout = systemctl suspend # suspend pc on-timeout = [[ $(hostname) != "mauville" ]] && systemctl suspend # suspend pc unless on mauville
# } }

4
modules/desktop.nix
View file

@ -6,9 +6,7 @@
enable = true; enable = true;
xkb.layout = "us"; xkb.layout = "us";
xkb.variant = ""; xkb.variant = "";
excludePackages = with pkgs; [ excludePackages = with pkgs; [ xterm ];
xterm
];
}; };
## Needed for Flatpaks ## Needed for Flatpaks

7
modules/gnome/default.nix
View file

@ -1,10 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [ # Include X settings.
[ # Include X settings. ../desktop.nix
../desktop.nix ];
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnomeExtensions.appindicator gnomeExtensions.appindicator

13
modules/gnome/fingerprint.nix
View file

@ -1,11 +1,12 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
# Need to change the order pam loads its modules # Need to change the order pam loads its modules
# to get proper fingerprint behavior on GDM and the lockscreen. # to get proper fingerprint behavior on GDM and the lockscreen.
security.pam.services.login.fprintAuth = false; security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) { security.pam.services.gdm-fingerprint =
text = '' lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so auth required pam_shells.so
auth requisite pam_nologin.so auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth auth requisite pam_faillock.so preauth
@ -21,6 +22,6 @@
session include login session include login
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
''; '';
}; };
} }

2
modules/gnome/fractional_scaling.nix
View file

@ -1,5 +1,5 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
} }

4
modules/gnome/triplebuffering.nix
View file

@ -4,14 +4,14 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
gnome = prev.gnome.overrideScope (gnomeFinal: gnomePrev: { gnome = prev.gnome.overrideScope (gnomeFinal: gnomePrev: {
mutter = gnomePrev.mutter.overrideAttrs ( old: { mutter = gnomePrev.mutter.overrideAttrs (old: {
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://gitlab.gnome.org/vanvugt/mutter.git"; url = "https://gitlab.gnome.org/vanvugt/mutter.git";
# GNOME 45: triple-buffering-v4-45 # GNOME 45: triple-buffering-v4-45
rev = "0b896518b2028d9c4d6ea44806d093fd33793689"; rev = "0b896518b2028d9c4d6ea44806d093fd33793689";
sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w="; sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w=";
}; };
} ); });
}); });
}) })
]; ];

8
modules/homelab/binary_cache.nix
View file

@ -1,9 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.nix-serve = { services.nix-serve = {
enable = true; enable = true;
secretKeyFile = "/var/cache-priv-key.pem"; secretKeyFile = "/var/cache-priv-key.pem";
}; };
} }

20
modules/homelab/default.nix
View file

@ -1,15 +1,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
./binary_cache.nix ./binary_cache.nix
./nginx_proxy.nix ./nginx_proxy.nix
./nix_containers.nix ./nix_containers.nix
./oci_containers.nix ./oci_containers.nix
./samba.nix ./samba.nix
./virtualization.nix ./virtualization.nix
]; ];
# services.ddclient.enable = true; # services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
} }

145
modules/homelab/nginx_proxy.nix
View file

@ -1,82 +1,85 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
# services.ddclient.enable = true; # services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# Open TCP ports for audiobookshelf, plex-server, and transmission-server. # Open TCP ports for audiobookshelf, plex-server, and transmission-server.
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [ 80 443 51413 9091 ]; allowedTCPPorts = [ 80 443 51413 9091 ];
allowedUDPPorts = [ 51413 ]; allowedUDPPorts = [ 51413 ];
}; };
# My router doesn't expose settings for NAT loopback # My router doesn't expose settings for NAT loopback
# So we have to use this workaround. # So we have to use this workaround.
extraHosts = '' extraHosts = ''
127.0.0.1 music.raffauflabs.com 127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com 127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com 127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com 127.0.0.1 podcasts.raffauflabs.com
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
''; '';
};
}; };
security.acme = { virtualHosts."nixcache.raffauflabs.com" = {
acceptTerms = true; enableACME = true;
defaults.email = "alyraffauf@gmail.com"; forceSSL = true;
locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
}; };
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = { virtualHosts."plex.raffauflabs.com" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:4533"; proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
}; };
};
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
}; };
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
} }

34
modules/homelab/nix_containers.nix
View file

@ -1,23 +1,23 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
containers.navidrome = { containers.navidrome = {
autoStart = true; autoStart = true;
bindMounts."/Music".hostPath = "/mnt/Media/Music"; bindMounts."/Music".hostPath = "/mnt/Media/Music";
config = { config, pkgs, lib, ... }: { config = { config, pkgs, lib, ... }: {
system.stateVersion = "24.05"; system.stateVersion = "24.05";
services.navidrome = { services.navidrome = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
Address = "0.0.0.0"; Address = "0.0.0.0";
Port = 4533; Port = 4533;
MusicFolder = "/Music"; MusicFolder = "/Music";
DefaultTheme = "Auto"; DefaultTheme = "Auto";
SubsonicArtistParticipations = true; SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com."; UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
};
};
}; };
};
}; };
};
} }

91
modules/homelab/oci_containers.nix
View file

@ -1,52 +1,49 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
audiobookshelf = { audiobookshelf = {
ports = ["0.0.0.0:13378:80"]; ports = [ "0.0.0.0:13378:80" ];
image = "ghcr.io/advplyr/audiobookshelf:latest"; image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = { TZ = "America/New_York"; }; environment = { TZ = "America/New_York"; };
volumes = [ volumes =
"abs_config:/config" [ "abs_config:/config" "abs_metadata:/metadata" "/mnt/Media:/Media" ];
"abs_metadata:/metadata"
"/mnt/Media:/Media"
];
};
plex-server = {
ports = ["0.0.0.0:32400:32400"];
image = "plexinc/pms-docker:public";
environment = { TZ = "America/New_York"; };
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = ["0.0.0.0:8096:8096"];
image = "jellyfin/jellyfin";
environment = { TZ = "America/New_York"; };
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
}; };
plex-server = {
ports = [ "0.0.0.0:32400:32400" ];
image = "plexinc/pms-docker:public";
environment = { TZ = "America/New_York"; };
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = [ "0.0.0.0:9091:9091" "0.0.0.0:51413:51413" ];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = [ "0.0.0.0:8096:8096" ];
image = "jellyfin/jellyfin";
environment = { TZ = "America/New_York"; };
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
};
} }

56
modules/homelab/samba.nix
View file

@ -1,36 +1,36 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services = { services = {
samba = { samba = {
enable = true; enable = true;
securityType = "user"; securityType = "user";
openFirewall = true; openFirewall = true;
shares = { shares = {
Media = { Media = {
comment = "Media @Mauville"; comment = "Media @Mauville";
path = "/mnt/Media"; path = "/mnt/Media";
browseable = "yes"; browseable = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "yes"; "guest ok" = "yes";
"create mask" = "0755"; "create mask" = "0755";
"directory mask" = "0755"; "directory mask" = "0755";
};
Archive = {
comment = "Archive @Mauville";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
}; };
samba-wsdd = { Archive = {
enable = true; comment = "Archive @Mauville";
openFirewall = true; path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
}; };
};
}; };
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
} }

4
modules/homelab/virtualization.nix
View file

@ -5,9 +5,7 @@
virtualisation = { virtualisation = {
libvirtd.enable = true; libvirtd.enable = true;
oci-containers = { oci-containers = { backend = "podman"; };
backend = "podman";
};
podman = { podman = {
# Required for containers under podman-compose to be able to talk to each other. # Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;

10
modules/hyprland.nix
View file

@ -10,11 +10,11 @@
greeters.slick = { greeters.slick = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
theme-name=breeze-gtk theme-name=breeze-gtk
icon-theme=breeze icon-theme=breeze
font-name="NotoSansM Nerd Font Mono" font-name="NotoSansM Nerd Font Mono"
background=#000000 background=#000000
enable-hidpi=on enable-hidpi=on
''; '';
}; };
}; };

11
modules/kde.nix
View file

@ -1,10 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [ # Include X settings.
[ # Include X settings. ./desktop.nix
./desktop.nix ];
];
# Enable SDDM + Plasma Desktop. # Enable SDDM + Plasma Desktop.
services = { services = {
@ -28,8 +27,8 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
# nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true; # nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto"; # nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true; security.pam.services.sddm.enableGnomeKeyring = true;
} }

10
modules/plymouth.nix
View file

@ -1,9 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
boot = { boot = {
consoleLogLevel = 0; consoleLogLevel = 0;
initrd.verbose = false; initrd.verbose = false;
plymouth.enable = true; plymouth.enable = true;
}; };
} }

14
modules/steam.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall =
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server true; # Open ports in the firewall for Steam Remote Play
}; dedicatedServer.openFirewall =
true; # Open ports in the firewall for Source Dedicated Server
};
} }

23
modules/sway.nix
View file

@ -1,19 +1,16 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [ # Include X settings.
[ # Include X settings. ./desktop.nix
./desktop.nix ];
];
services.xserver.displayManager = { services.xserver.displayManager = { sessionPackages = [ pkgs.sway ]; };
sessionPackages = [ pkgs.sway ];
};
programs.light.enable = true; # Brightness and volume control. programs.light.enable = true; # Brightness and volume control.
programs.dconf.enable = true; programs.dconf.enable = true;
services.xserver.libinput.enable = true; services.xserver.libinput.enable = true;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
xdg.portal.wlr.enable = true; xdg.portal.wlr.enable = true;
xdg.portal.config.common.default = "*"; xdg.portal.config.common.default = "*";
} }

4
modules/zram_swap.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
zramSwap.enable = true; zramSwap.enable = true;
zramSwap.memoryPercent = 25; zramSwap.memoryPercent = 25;
} }