mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-26 01:51:55 -05:00
modules: massive code cleanup and style improvements
This commit is contained in:
parent
155a84003c
commit
e8d8a01070
|
@ -2,15 +2,13 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
## Enable the X11 windowing system.
|
## Enable the X11 windowing system.
|
||||||
services.xserver.enable = true;
|
|
||||||
services.xserver.excludePackages = with pkgs; [
|
|
||||||
xterm
|
|
||||||
];
|
|
||||||
|
|
||||||
# Configure keymap in X11
|
|
||||||
services.xserver = {
|
services.xserver = {
|
||||||
|
enable = true;
|
||||||
xkb.layout = "us";
|
xkb.layout = "us";
|
||||||
xkb.variant = "";
|
xkb.variant = "";
|
||||||
|
desktopManager = {
|
||||||
|
xterm.enable = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
## Needed for Flatpaks
|
## Needed for Flatpaks
|
||||||
|
|
|
@ -6,16 +6,6 @@
|
||||||
../desktop.nix
|
../desktop.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Enable Gnome and GDM.
|
|
||||||
services.xserver.displayManager.gdm.enable = true;
|
|
||||||
services.xserver.desktopManager.gnome.enable = true;
|
|
||||||
|
|
||||||
security.pam.services.gdm.enableKwallet = true;
|
|
||||||
|
|
||||||
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
|
|
||||||
|
|
||||||
services.gnome.tracker-miners.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
fractal
|
fractal
|
||||||
gnome.gnome-software
|
gnome.gnome-software
|
||||||
|
@ -28,4 +18,17 @@
|
||||||
gnomeExtensions.tailscale-status
|
gnomeExtensions.tailscale-status
|
||||||
gnomeExtensions.tiling-assistant
|
gnomeExtensions.tiling-assistant
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Enable keyring support for KDE apps in GNOME.
|
||||||
|
security.pam.services.gdm.enableKwallet = true;
|
||||||
|
|
||||||
|
# Enable GNOME and GDM.
|
||||||
|
services = {
|
||||||
|
gnome.tracker-miners.enable = true;
|
||||||
|
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
|
||||||
|
xserver = {
|
||||||
|
desktopManager.gnome.enable = true;
|
||||||
|
displayManager.gdm.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,10 +10,6 @@
|
||||||
# services.ddclient.enable = true;
|
# services.ddclient.enable = true;
|
||||||
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
|
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
|
||||||
|
|
||||||
# Open TCP ports for transmission-server.
|
|
||||||
networking.firewall.allowedTCPPorts = [ 51413 9091 ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 51413 ];
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
virtualisation.oci-containers.containers = {
|
||||||
audiobookshelf = {
|
audiobookshelf = {
|
||||||
ports = ["0.0.0.0:13378:80"];
|
ports = ["0.0.0.0:13378:80"];
|
||||||
|
@ -73,7 +69,7 @@
|
||||||
MusicFolder = "/Music";
|
MusicFolder = "/Music";
|
||||||
DefaultTheme = "Auto";
|
DefaultTheme = "Auto";
|
||||||
SubsonicArtistParticipations = true;
|
SubsonicArtistParticipations = true;
|
||||||
UIWelcomeMessage = "Welcome to Navidrome on Raffauf Labs.";
|
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,14 +5,19 @@
|
||||||
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
|
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
|
||||||
|
|
||||||
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
|
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 51413 9091 ];
|
networking = {
|
||||||
networking.firewall.allowedUDPPorts = [ 51413 ];
|
firewall = {
|
||||||
|
allowedTCPPorts = [ 80 443 51413 9091 ];
|
||||||
networking.extraHosts = ''
|
allowedUDPPorts = [ 51413 ];
|
||||||
127.0.0.1 music.raffauflabs.com
|
};
|
||||||
127.0.0.1 podcasts.raffauflabs.com
|
# My router doesn't expose settings for NAT loopback
|
||||||
127.0.0.1 plex.raffauflabs.com
|
# So we have to use this workaround.
|
||||||
'';
|
extraHosts = ''
|
||||||
|
127.0.0.1 music.raffauflabs.com
|
||||||
|
127.0.0.1 podcasts.raffauflabs.com
|
||||||
|
127.0.0.1 plex.raffauflabs.com
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
|
|
|
@ -1,36 +1,36 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.avahi.nssmdns = true;
|
services = {
|
||||||
services.samba = {
|
samba = {
|
||||||
enable = true;
|
enable = true;
|
||||||
securityType = "user";
|
securityType = "user";
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
shares = {
|
shares = {
|
||||||
Media = {
|
Media = {
|
||||||
comment = "Media @Mauville";
|
comment = "Media @Mauville";
|
||||||
path = "/mnt/Media";
|
path = "/mnt/Media";
|
||||||
browseable = "yes";
|
browseable = "yes";
|
||||||
"read only" = "no";
|
"read only" = "no";
|
||||||
"guest ok" = "yes";
|
"guest ok" = "yes";
|
||||||
"create mask" = "0755";
|
"create mask" = "0755";
|
||||||
"directory mask" = "0755";
|
"directory mask" = "0755";
|
||||||
|
};
|
||||||
|
Archive = {
|
||||||
|
comment = "Archive @Mauville";
|
||||||
|
path = "/mnt/Archive";
|
||||||
|
browseable = "yes";
|
||||||
|
"read only" = "no";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
"create mask" = "0755";
|
||||||
|
"directory mask" = "0755";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
Archive = {
|
samba-wsdd = {
|
||||||
comment = "Archive @Mauville";
|
enable = true;
|
||||||
path = "/mnt/Archive";
|
openFirewall = true;
|
||||||
browseable = "yes";
|
|
||||||
"read only" = "no";
|
|
||||||
"guest ok" = "yes";
|
|
||||||
"create mask" = "0755";
|
|
||||||
"directory mask" = "0755";
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.samba-wsdd = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,17 +5,13 @@
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
libvirtd.enable = true;
|
libvirtd.enable = true;
|
||||||
podman = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
|
||||||
dockerCompat = true;
|
|
||||||
|
|
||||||
# Required for containers under podman-compose to be able to talk to each other.
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
};
|
|
||||||
oci-containers = {
|
oci-containers = {
|
||||||
backend = "podman";
|
backend = "podman";
|
||||||
};
|
};
|
||||||
|
podman = {
|
||||||
|
# Required for containers under podman-compose to be able to talk to each other.
|
||||||
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -6,9 +6,13 @@
|
||||||
./desktop.nix
|
./desktop.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Enable the KDE Plasma Desktop Environment.
|
# Enable SDDM + Plasma Desktop.
|
||||||
services.xserver.displayManager.sddm.wayland.enable = true;
|
services = {
|
||||||
services.xserver.desktopManager.plasma6.enable = true;
|
desktopManager.plasma6.enable = true;
|
||||||
|
xserver = {
|
||||||
|
displayManager.sddm.wayland.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
kdePackages.kate
|
kdePackages.kate
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
boot.initrd.verbose = false;
|
boot = {
|
||||||
boot.consoleLogLevel = 0;
|
consoleLogLevel = 0;
|
||||||
|
initrd.verbose = false;
|
||||||
boot.plymouth.enable = true;
|
plymouth.enable = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
{
|
{
|
||||||
hardware.steam-hardware.enable = true;
|
hardware.steam-hardware.enable = true;
|
||||||
programs.steam = {
|
programs.steam = {
|
||||||
enable = true;
|
enable = true;
|
||||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,64 +6,77 @@
|
||||||
./network.nix
|
./network.nix
|
||||||
./sound.nix
|
./sound.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "America/New_York";
|
time.timeZone = "America/New_York";
|
||||||
|
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n = {
|
||||||
|
defaultLocale = "en_US.UTF-8";
|
||||||
i18n.extraLocaleSettings = {
|
extraLocaleSettings = {
|
||||||
LC_ADDRESS = "en_US.UTF-8";
|
LC_ADDRESS = "en_US.UTF-8";
|
||||||
LC_IDENTIFICATION = "en_US.UTF-8";
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
||||||
LC_MEASUREMENT = "en_US.UTF-8";
|
LC_MEASUREMENT = "en_US.UTF-8";
|
||||||
LC_MONETARY = "en_US.UTF-8";
|
LC_MONETARY = "en_US.UTF-8";
|
||||||
LC_NAME = "en_US.UTF-8";
|
LC_NAME = "en_US.UTF-8";
|
||||||
LC_NUMERIC = "en_US.UTF-8";
|
LC_NUMERIC = "en_US.UTF-8";
|
||||||
LC_PAPER = "en_US.UTF-8";
|
LC_PAPER = "en_US.UTF-8";
|
||||||
LC_TELEPHONE = "en_US.UTF-8";
|
LC_TELEPHONE = "en_US.UTF-8";
|
||||||
LC_TIME = "en_US.UTF-8";
|
LC_TIME = "en_US.UTF-8";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Add support for logitech unifying receivers.
|
hardware = {
|
||||||
hardware.logitech.wireless.enable = true;
|
# Enable Bluetooth connections.
|
||||||
hardware.logitech.wireless.enableGraphical = true;
|
bluetooth.enable = true;
|
||||||
|
# Add support for logitech unifying receivers.
|
||||||
# Add support for configuring QMK keyboards with Via.
|
logitech.wireless = {
|
||||||
hardware.keyboard.qmk.enable = true;
|
enable = true;
|
||||||
|
enableGraphical = true;
|
||||||
|
};
|
||||||
|
# Add support for configuring QMK keyboards with Via.
|
||||||
|
keyboard.qmk.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
system.autoUpgrade = {
|
system.autoUpgrade = {
|
||||||
enable = true;
|
|
||||||
allowReboot = true;
|
allowReboot = true;
|
||||||
flake = "github:alyraffauf/nixcfg";
|
|
||||||
dates = "daily";
|
dates = "daily";
|
||||||
|
enable = true;
|
||||||
|
flake = "github:alyraffauf/nixcfg";
|
||||||
operation = "boot";
|
operation = "boot";
|
||||||
rebootWindow = {
|
rebootWindow = {
|
||||||
lower = "01:00";
|
lower = "02:00";
|
||||||
upper = "05:00";
|
upper = "05:00";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Delete generations older than 7 days.
|
|
||||||
nix.gc = {
|
nix = {
|
||||||
automatic = true;
|
gc = {
|
||||||
dates = "weekly";
|
# Delete generations older than 7 days.
|
||||||
options = "--delete-older-than 7d";
|
automatic = true;
|
||||||
|
dates = "daily";
|
||||||
|
options = "--delete-older-than 7d";
|
||||||
|
randomizedDelaySec = "60min";
|
||||||
|
};
|
||||||
|
# Run GC when there is less than 100MiB left.
|
||||||
|
extraOptions = ''
|
||||||
|
min-free = ${toString (100 * 1024 * 1024)}
|
||||||
|
max-free = ${toString (1024 * 1024 * 1024)}
|
||||||
|
'';
|
||||||
|
settings = {
|
||||||
|
# Automatically optimize the Nix store in the background.
|
||||||
|
auto-optimise-store = true;
|
||||||
|
# Enable experimental `nix` command and flakes.
|
||||||
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Automatically optimize the Nix store in the background.
|
home-manager = {
|
||||||
nix.settings.auto-optimise-store = true;
|
useGlobalPkgs = true;
|
||||||
|
useUserPackages = true;
|
||||||
# Run GC when there is less than 100MiB left.
|
};
|
||||||
nix.extraOptions = ''
|
|
||||||
min-free = ${toString (100 * 1024 * 1024)}
|
|
||||||
max-free = ${toString (1024 * 1024 * 1024)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
||||||
|
|
||||||
home-manager.useGlobalPkgs = true;
|
|
||||||
home-manager.useUserPackages = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,50 +2,49 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
networking.networkmanager.enable = true;
|
networking = {
|
||||||
|
networkmanager.enable = true;
|
||||||
# Enable tailscale
|
firewall.allowedTCPPortRanges = [
|
||||||
services.tailscale.enable = true;
|
# KDE Connect
|
||||||
|
{ from = 1714; to = 1764; }
|
||||||
# Enable avahi.
|
# Soulseek
|
||||||
services.avahi.enable = true;
|
{ from = 2234; to = 2239; }
|
||||||
services.avahi.publish.enable = true;
|
];
|
||||||
services.avahi.publish.addresses = true;
|
firewall.allowedUDPPortRanges = [
|
||||||
services.avahi.publish.workstation = true;
|
# KDE/GS Connect
|
||||||
|
{ from = 1714; to = 1764; }
|
||||||
# for a WiFi printer
|
# Soulseek
|
||||||
services.avahi.openFirewall = true;
|
{ from = 2234; to = 2239; }
|
||||||
|
];
|
||||||
hardware.bluetooth.enable = true;
|
};
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
|
||||||
services.printing.enable = true;
|
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
programs.gnupg.agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableSSHSupport = true;
|
enableSSHSupport = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
services = {
|
||||||
services.openssh.enable = true;
|
# Enable avahi for auto network discovery.
|
||||||
|
avahi = {
|
||||||
# Open TCP ports for SSH and Syncthing.
|
enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 22 8384 22000 ];
|
nssmdns4 = true;
|
||||||
|
openFirewall = true;
|
||||||
# Open UDP ports for Syncthing.
|
publish = {
|
||||||
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
|
addresses = true;
|
||||||
|
enable = true;
|
||||||
networking.firewall.allowedTCPPortRanges = [
|
workstation = true;
|
||||||
# KDE Connect
|
};
|
||||||
{ from = 1714; to = 1764; }
|
};
|
||||||
# Soulseek
|
# Enable remote connections with SSH.
|
||||||
{ from = 2234; to = 2239; }
|
openssh = {
|
||||||
];
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
networking.firewall.allowedUDPPortRanges = [
|
};
|
||||||
# KDE Connect
|
# Enable printing.
|
||||||
{ from = 1714; to = 1764; }
|
printing.enable = true;
|
||||||
# Soulseek
|
# Syncthing runs as a user service, but needs its ports open here.
|
||||||
{ from = 2234; to = 2239; }
|
syncthing.openDefaultPorts = true;
|
||||||
];
|
# Enable tailscale for easy Wireguard VPNs on a tailnet.
|
||||||
|
tailscale.enable = true;
|
||||||
|
};
|
||||||
}
|
}
|
|
@ -14,7 +14,5 @@
|
||||||
alsa.enable = true;
|
alsa.enable = true;
|
||||||
alsa.support32Bit = true;
|
alsa.support32Bit = true;
|
||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
# If you want to use JACK applications, uncomment this
|
|
||||||
#jack.enable = true;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
Loading…
Reference in a new issue