nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

treewide: alejandra -> nixfmt-rfc-style

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-25 19:09:09 +01:00
parent d64c02e3da
commit 6558fdb739
51 changed files with 1108 additions and 928 deletions
Download patch file Download diff file Expand all files Collapse all files

81
hosts/default.nix
View file

@ -3,7 +3,8 @@
self,
inputs,
...
}: {
}:
{
imports = [
./kazuki
./hijiri-vm
@ -15,42 +16,48 @@
./kogata
];
builders = let
sharedOptions = {
_file = ./default.nix;
builders =
let
sharedOptions = {
_file = ./default.nix;
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // {settei = self;};
settei.sane-defaults.allSshKeys = config.assets.sshKeys.user;
settei.flake-qol.inputs = inputs // {
settei = self;
};
};
in
{
nixos =
name: module:
inputs.nixpkgs.lib.nixosSystem {
modules = [
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
self.nixosModules.settei
self.nixosModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
darwin =
name: module:
inputs.darwin.lib.darwinSystem {
modules = [
inputs.agenix.darwinModules.age
inputs.home-manager.darwinModules.home-manager
self.darwinModules.settei
self.darwinModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
};
in {
nixos = name: module:
inputs.nixpkgs.lib.nixosSystem {
modules = [
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
self.nixosModules.settei
self.nixosModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
darwin = name: module:
inputs.darwin.lib.darwinSystem {
modules = [
inputs.agenix.darwinModules.age
inputs.home-manager.darwinModules.home-manager
self.darwinModules.settei
self.darwinModules.common
sharedOptions
module
];
specialArgs.configurationName = name;
};
};
}

40
hosts/hijiri-vm/default.nix
View file

@ -1,24 +1,26 @@
{
configurations.nixos.hijiri-vm = {
modulesPath,
lib,
username,
...
}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
configurations.nixos.hijiri-vm =
{
modulesPath,
lib,
username,
...
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
nixpkgs.hostPlatform = "aarch64-linux";
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
networking.domain = "hijiri";
networking.hostName = "vm";
};
networking.domain = "hijiri";
networking.hostName = "vm";
};
}

35
hosts/hijiri-vm/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/vda";
in {
in
{
disko.devices.disk.bootDisk = {
type = "disk";
device = bootDevice;
@ -26,19 +28,24 @@ in {
end = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
"/root" = {
inherit mountOptions;
mountpoint = "/";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
};
}
];

94
hosts/hijiri/default.nix
View file

@ -1,54 +1,56 @@
{
configurations.darwin.hijiri = {pkgs, ...}: {
imports = [
./skhd.nix
./yabai.nix
];
nixpkgs.system = "aarch64-darwin";
settei.user.config = {
common.desktop.enable = true;
home.packages = with pkgs; [
utm
qemu
anki-bin
configurations.darwin.hijiri =
{ pkgs, ... }:
{
imports = [
./skhd.nix
./yabai.nix
];
programs.alacritty.settings.font.size = 14;
};
system.defaults = {
".GlobalPreferences" = {
"com.apple.mouse.scaling" = -1.0;
nixpkgs.system = "aarch64-darwin";
settei.user.config = {
common.desktop.enable = true;
home.packages = with pkgs; [
utm
qemu
anki-bin
];
programs.alacritty.settings.font.size = 14;
};
dock = {
autohide = true;
largesize = 64;
minimize-to-application = true;
orientation = "right";
show-process-indicators = false;
show-recents = false;
system.defaults = {
".GlobalPreferences" = {
"com.apple.mouse.scaling" = -1.0;
};
dock = {
autohide = true;
largesize = 64;
minimize-to-application = true;
orientation = "right";
show-process-indicators = false;
show-recents = false;
};
CustomUserPreferences.".GlobalPreferences" = {
"com.apple.scrollwheel.scaling" = "-1";
};
};
CustomUserPreferences.".GlobalPreferences" = {
"com.apple.scrollwheel.scaling" = "-1";
system.keyboard = {
enableKeyMapping = true;
remapCapsLockToEscape = true;
nonUS.remapTilde = true;
swapLeftCommandAndLeftAlt = true;
# swap right command and right alt too
userKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771302;
HIDKeyboardModifierMappingDst = 30064771303;
}
{
HIDKeyboardModifierMappingSrc = 30064771303;
HIDKeyboardModifierMappingDst = 30064771302;
}
];
};
};
system.keyboard = {
enableKeyMapping = true;
remapCapsLockToEscape = true;
nonUS.remapTilde = true;
swapLeftCommandAndLeftAlt = true;
# swap right command and right alt too
userKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771302;
HIDKeyboardModifierMappingDst = 30064771303;
}
{
HIDKeyboardModifierMappingSrc = 30064771303;
HIDKeyboardModifierMappingDst = 30064771302;
}
];
};
};
}

51
hosts/hijiri/skhd.nix
View file

@ -1,29 +1,38 @@
{lib, ...}: {
{ lib, ... }:
{
services.skhd = {
enable = true;
skhdConfig = let
spaceCount = 6;
spaceBindings =
lib.genList
(i: let num = toString (i + 1); in "cmd - ${num} : yabai -m space --focus ${num}")
spaceCount;
in ''
cmd - return : wezterm
cmd + shift - return : qutebrowser
skhdConfig =
let
spaceCount = 6;
spaceBindings =
lib.genList
(
i:
let
num = toString (i + 1);
in
"cmd - ${num} : yabai -m space --focus ${num}"
)
spaceCount;
in
''
cmd - return : wezterm
cmd + shift - return : qutebrowser
cmd - h : yabai -m window --focus west
cmd - j : yabai -m window --focus south
cmd - k : yabai -m window --focus north
cmd - l : yabai -m window --focus east
cmd - h : yabai -m window --focus west
cmd - j : yabai -m window --focus south
cmd - k : yabai -m window --focus north
cmd - l : yabai -m window --focus east
cmd + shift - h : yabai -m window --swap west
cmd + shift - j : yabai -m window --swap south
cmd + shift - k : yabai -m window --swap north
cmd + shift - l : yabai -m window --swap east
cmd + shift - h : yabai -m window --swap west
cmd + shift - j : yabai -m window --swap south
cmd + shift - k : yabai -m window --swap north
cmd + shift - l : yabai -m window --swap east
cmd + shift - space : yabai -m window --toggle float
cmd + shift - space : yabai -m window --toggle float
${lib.concatStringsSep "\n" spaceBindings}
'';
${lib.concatStringsSep "\n" spaceBindings}
'';
};
}

5
hosts/hijiri/yabai.nix
View file

@ -1,8 +1,5 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
services.yabai = {
enable = true;
enableScriptingAddition = true;

34
hosts/installer/default.nix
View file

@ -1,15 +1,27 @@
{lib, ...}: {
configurations.nixos = let
mkInstaller = system: ({pkgs, ...}: {
nixpkgs = {inherit system;};
{ lib, ... }:
{
configurations.nixos =
let
mkInstaller =
system:
(
{ pkgs, ... }:
{
nixpkgs = {
inherit system;
};
environment.systemPackages = [pkgs.nixos-install-tools];
environment.systemPackages = [ pkgs.nixos-install-tools ];
# Make nixos-anywhere treat this as a installer iso
system.nixos.variant_id = "installer";
});
systems = ["aarch64-linux" "x86_64-linux"];
installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems;
in
# Make nixos-anywhere treat this as a installer iso
system.nixos.variant_id = "installer";
}
);
systems = [
"aarch64-linux"
"x86_64-linux"
];
installers = map (system: lib.nameValuePair "installer-${system}" (mkInstaller system)) systems;
in
lib.listToAttrs installers;
}

21
hosts/kazuki/attic.nix
View file

@ -1,10 +1,8 @@
{
config,
lib,
...
}: let
{ config, lib, ... }:
let
atticPort = 9476;
in {
in
{
age.secrets.attic-creds = {
file = ../../secrets/attic-creds.age;
owner = config.services.atticd.user;
@ -48,7 +46,7 @@ in {
};
systemd.services.atticd = {
after = ["storage\\x2dbox.mount"];
after = [ "storage\\x2dbox.mount" ];
serviceConfig.DynamicUser = lib.mkForce false;
};
@ -57,8 +55,11 @@ in {
defaults.email = "nikodem@rabulinski.com";
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
@ -94,7 +95,7 @@ in {
};
upstreams."attic".servers = {
"localhost:${toString atticPort}" = {};
"localhost:${toString atticPort}" = { };
};
appendHttpConfig = ''

23
hosts/kazuki/conduit.nix
View file

@ -3,10 +3,12 @@
pkgs,
inputs',
...
}: let
formatJson = pkgs.formats.json {};
}:
let
formatJson = pkgs.formats.json { };
serverDomain = "matrix.nrab.lol";
in {
in
{
services.matrix-conduit = {
enable = true;
package = inputs'.settei.packages.conduit-next;
@ -23,8 +25,13 @@ in {
defaults.email = "nikodem@rabulinski.com";
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = {
enable = true;
@ -35,9 +42,7 @@ in {
enableACME = true;
locations."=/.well-known/matrix/server" = {
alias = formatJson.generate "well-known-matrix-server" {
"m.server" = serverDomain;
};
alias = formatJson.generate "well-known-matrix-server" { "m.server" = serverDomain; };
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
@ -95,7 +100,7 @@ in {
};
upstreams."backend_conduit".servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = {};
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
};
};
}

80
hosts/kazuki/default.nix
View file

@ -1,47 +1,49 @@
{
configurations.nixos.kazuki = {
config,
modulesPath,
lib,
...
}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
configurations.nixos.kazuki =
{
config,
modulesPath,
lib,
...
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
./conduit.nix
./mail.nix
./vault.nix
./storage.nix
./attic.nix
./ntfy.nix
];
./conduit.nix
./mail.nix
./vault.nix
./storage.nix
./attic.nix
./ntfy.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
# Not intended for interactive use
settei.user.enable = false;
nixpkgs.hostPlatform = "aarch64-linux";
# Not intended for interactive use
settei.user.enable = false;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = ["2a01:4f8:c012:e5c::/64"];
routes = [{routeConfig.Gateway = "fe80::1";}];
};
networking.useNetworkd = true;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [ "2a01:4f8:c012:e5c::/64" ];
routes = [ { routeConfig.Gateway = "fe80::1"; } ];
};
networking.useNetworkd = true;
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 2;
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 2;
};
};
};
};
}

35
hosts/kazuki/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/sda";
in {
in
{
disko.devices.disk.bootDisk = {
type = "disk";
device = bootDevice;
@ -26,19 +28,24 @@ in {
end = "-4G";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
"/root" = {
inherit mountOptions;
mountpoint = "/";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
};
}
{

16
hosts/kazuki/mail.nix
View file

@ -1,12 +1,18 @@
{config, ...}: {
{ config, ... }:
{
# nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
age.secrets = {
leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age;
alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age;
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
mailserver = {
enable = true;
@ -21,7 +27,7 @@
loginAccounts = {
"1337@nrab.lol" = {
hashedPasswordFile = config.age.secrets.leet-nrab-lol.path;
aliases = ["n@rab.lol"];
aliases = [ "n@rab.lol" ];
};
"alert@nrab.lol" = {
hashedPasswordFile = config.age.secrets.alert-nrab-lol.path;
@ -34,5 +40,5 @@
};
# TODO: Remove once SNM gets their shit together
services.dovecot2.sieve.extensions = ["fileinto"];
services.dovecot2.sieve.extensions = [ "fileinto" ];
}

12
hosts/kazuki/ntfy.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.nrab-lol-cf = {
file = ../../secrets/nrab-lol-cf.age;
owner = config.services.nginx.user;
@ -15,8 +16,11 @@
};
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
@ -35,7 +39,7 @@
};
upstreams.ntfy.servers = {
"localhost:9800" = {};
"localhost:9800" = { };
};
};

3
hosts/kazuki/storage.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.storage-box-webdav = {
file = ../../secrets/storage-box-webdav.age;
};

14
hosts/kazuki/vault.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.vault-cert-env = {
file = ../../secrets/vault-cert-env.age;
owner = config.services.nginx.user;
@ -11,8 +12,13 @@
};
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = {
enable = true;
@ -31,7 +37,7 @@
};
upstreams.vaultwarden.servers = {
"localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = {};
"localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = { };
};
};

29
hosts/kogata/default.nix
View file

@ -1,22 +1,19 @@
{
configurations.darwin.kogata = {
pkgs,
lib,
...
}: {
nixpkgs.system = "aarch64-darwin";
configurations.darwin.kogata =
{ pkgs, lib, ... }:
{
nixpkgs.system = "aarch64-darwin";
settei.user.config.common.desktop.enable = true;
settei.user.config.common.desktop.enable = true;
# TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) ["teams"];
environment.systemPackages = with pkgs; [teams];
# TODO: Make it a settei module so it's easy to concatenate which pkgs are allowed
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "teams" ];
environment.systemPackages = with pkgs; [ teams ];
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei.url = "https://github.com/nrabulinski/settei";
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei.url = "https://github.com/nrabulinski/settei";
};
};
};
}

78
hosts/legion/default.nix
View file

@ -1,49 +1,51 @@
{
configurations.nixos.legion = {
config,
lib,
username,
...
}: {
imports = [
./hardware.nix
# ./disks.nix
./msmtp.nix
./desktop.nix
];
configurations.nixos.legion =
{
config,
lib,
username,
...
}:
{
imports = [
./hardware.nix
# ./disks.nix
./msmtp.nix
./desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
nixpkgs.hostPlatform = "x86_64-linux";
specialisation = {
nas.configuration = ./nas;
};
specialisation = {
nas.configuration = ./nas;
};
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
boot = {
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
networking = {
hostName = "legion";
hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
networkmanager.enable = true;
firewall.trustedInterfaces = ["tailscale0"];
};
systemd.services.NetworkManager-wait-online.enable = false;
networking = {
hostName = "legion";
hostId = builtins.substring 0 8 (builtins.readFile ./machine-id);
networkmanager.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
systemd.services.NetworkManager-wait-online.enable = false;
powerManagement.cpuFreqGovernor = "performance";
powerManagement.cpuFreqGovernor = "performance";
age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 4;
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 4;
};
};
};
};
}

27
hosts/legion/desktop.nix
View file

@ -5,13 +5,17 @@
lib,
username,
...
}: {
}:
{
# Needed for nvidia and steam
nixpkgs.config.allowUnfree = true;
settei.user.config = {
common.desktop.enable = true;
home.packages = with pkgs; [brightnessctl dmenu];
home.packages = with pkgs; [
brightnessctl
dmenu
];
xsession.windowManager.i3 = {
enable = true;
@ -32,15 +36,19 @@
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession = {};
gamescopeSession = { };
};
hardware.steam-hardware.enable = true;
services.logind =
lib.genAttrs
["lidSwitch" "lidSwitchDocked" "lidSwitchExternalPower"]
(_: "ignore");
[
"lidSwitch"
"lidSwitchDocked"
"lidSwitchExternalPower"
]
(_: "ignore");
services.pipewire = {
enable = true;
@ -51,13 +59,16 @@
programs.dconf.enable = true;
services.dbus.enable = true;
users.users.${username}.extraGroups = ["video" "input"];
users.users.${username}.extraGroups = [
"video"
"input"
];
# NVIDIA stuff
services.xserver = {
enable = true;
excludePackages = [pkgs.xterm];
videoDrivers = ["nvidia"];
excludePackages = [ pkgs.xterm ];
videoDrivers = [ "nvidia" ];
xkb.layout = "pl";
displayManager.startx.enable = true;
config = lib.mkForce ''

7
hosts/legion/disks.nix
View file

@ -1,8 +1,7 @@
args:
/*
let
bootDevice = args.bootDevice or "/dev/nvme0n1";
in
/* let
bootDevice = args.bootDevice or "/dev/nvme0n1";
in
*/
{
assertions = [

58
hosts/legion/hardware.nix
View file

@ -1,8 +1,20 @@
{config, ...}: {
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "uas"];
boot.extraModulePackages = with config.boot.kernelPackages; [acpi_call];
boot.kernelModules = ["kvm-intel" "i2c-dev" "acpi_call"];
boot.blacklistedKernelModules = ["nouveau"];
{ config, ... }:
{
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"uas"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
boot.kernelModules = [
"kvm-intel"
"i2c-dev"
"acpi_call"
];
boot.blacklistedKernelModules = [ "nouveau" ];
# Needed for enableAllFirmware
nixpkgs.config.allowUnfree = true;
@ -15,37 +27,57 @@
# TODO: Move to disko only
# TODO: Actually set up impermanence
boot.supportedFilesystems = ["btrfs"];
boot.supportedFilesystems = [ "btrfs" ];
boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS";
fileSystems."/" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
options = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
options = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/persist" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
options = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
options = [
"subvol=log"
"compress=zstd"
"noatime"
];
neededForBoot = true;
};
@ -54,7 +86,5 @@
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-label/SWAP";}
];
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
}

6
hosts/legion/msmtp.nix
View file

@ -4,13 +4,15 @@
config,
username,
...
}: let
}:
let
mail = "alert@nrab.lol";
aliases = pkgs.writeText "mail-aliases" ''
${username}: nikodem@rabulinski.com
root: ${mail}
'';
in {
in
{
age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
programs.msmtp = {

20
hosts/legion/nas/default.nix
View file

@ -3,19 +3,21 @@
lib,
username,
...
}: {
imports = [
./media.nix
}:
{
imports = [ ./media.nix ];
boot.supportedFilesystems = [
"ext4"
"zfs"
];
boot.supportedFilesystems = ["ext4" "zfs"];
boot.zfs.extraPools = ["yottapool"];
boot.zfs.extraPools = [ "yottapool" ];
services.zfs = {
autoScrub.enable = true;
zed.settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [username];
ZED_EMAIL_ADDR = [ username ];
ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
ZED_EMAIL_OPTS = "@ADDRESS@";
@ -38,8 +40,8 @@
options = "bind,nofail";
what = "/media/data";
where = "/export/yotta-data";
requires = ["zfs-mount.service"];
wantedBy = ["multi-user.target"];
requires = [ "zfs-mount.service" ];
wantedBy = [ "multi-user.target" ];
}
];

14
hosts/legion/nas/media.nix
View file

@ -1,4 +1,5 @@
{username, ...}: {
{ username, ... }:
{
services.jellyfin.enable = true;
services.radarr.enable = true;
services.sonarr.enable = true;
@ -10,9 +11,12 @@
};
users.users = {
jellyfin.extraGroups = ["radarr" "sonarr"];
radarr.extraGroups = ["deluge"];
sonarr.extraGroups = ["deluge"];
${username}.extraGroups = ["deluge"];
jellyfin.extraGroups = [
"radarr"
"sonarr"
];
radarr.extraGroups = [ "deluge" ];
sonarr.extraGroups = [ "deluge" ];
${username}.extraGroups = [ "deluge" ];
};
}

66
hosts/ude/default.nix
View file

@ -1,39 +1,41 @@
{
configurations.nixos.ude = {
config,
modulesPath,
lib,
...
}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
configurations.nixos.ude =
{
config,
modulesPath,
lib,
...
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
nixpkgs.hostPlatform = "aarch64-linux";
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
common.hercules.enable = true;
services.hercules-ci-agent.settings.concurrentTasks = 6;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 6;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
};
services.nginx = {
enable = true;
appendHttpConfig = ''
include /impure/nginx/*.conf;
'';
common.hercules.enable = true;
services.hercules-ci-agent.settings.concurrentTasks = 6;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 6;
};
};
services.nginx = {
enable = true;
appendHttpConfig = ''
include /impure/nginx/*.conf;
'';
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
networking.firewall.allowedTCPPorts = [80];
};
}

35
hosts/ude/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/sda";
in {
in
{
disko.devices = {
disk = {
vdb = {
@ -24,19 +26,24 @@ in {
size = "100%";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
"/root" = {
mountpoint = "/";
inherit mountOptions;
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
mountpoint = "/";
inherit mountOptions;
};
"/nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
"/nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};