william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactoring for isServer and isWorkstation: part 5 (final?)

Browse source
This commit is contained in:
William 2025-03-13 17:51:04 -03:00
parent a52ca12286
commit 037d68a9d4
44 changed files with 120 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/modules/alexandria/changedetection.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
{
services = {
changedetection-io = {
enable = true;
behindProxy = true;
datastorePath = "/data/changedetection";
port = lib.toInt "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.dev";
};
nginx.virtualHosts."detect.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.changedetection-io}";
};
};
}

23
hosts/modules/alexandria/cinny.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, ... }:
{
virtualisation.oci-containers.containers."cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny}:80" ];
environment = {
TZ = "America/Bahia";
};
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [
"--pull=newer"
"--label=io.containers.autoupdate=registry"
];
};
services.nginx.virtualHosts."matrix.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}";
};
}

50
hosts/modules/alexandria/default.nix Normal file
View file

@ -0,0 +1,50 @@
{ lib, ... }:
let
mkStringOption =
default:
lib.mkOption {
inherit default;
type = lib.types.str;
};
in
{
imports = [
./changedetection.nix
./cinny.nix
./forgejo.nix
./hardware-configuration.nix
./jellyfin.nix
./librespeed.nix
./memos.nix
./minecraft.nix
./nextcloud.nix
./nginx.nix
./searx.nix
./services.nix
./users.nix
./vaultwarden.nix
];
options.ports = {
bazaar = mkStringOption "6767";
radarr = mkStringOption "7878";
vaultwarden = mkStringOption "8000";
changedetection-io = mkStringOption "8001";
cinny = mkStringOption "8002";
librespeed = mkStringOption "8003";
paperless = mkStringOption "8004";
yousable = mkStringOption "8005";
cinny2 = mkStringOption "8006";
searx = mkStringOption "8007";
qbittorrent = mkStringOption "8008";
actual = mkStringOption "8009";
memos = mkStringOption "8010";
collabora = mkStringOption "8011";
jellyfin = mkStringOption "8096";
sonarr = mkStringOption "8989";
jackett = mkStringOption "9117";
};
}

33
hosts/modules/alexandria/forgejo.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, ... }:
let
domain = "git.baduhai.dev";
in
{
services = {
forgejo = {
enable = true;
repositoryRoot = "/data/forgejo";
settings = {
session.COOKIE_SECURE = true;
server = {
PROTOCOL = "http+unix";
DOMAIN = domain;
ROOT_URL = "https://${domain}";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "baduhai.dev";
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
actions.ENABLED = false;
};
};
nginx.virtualHosts.${domain} = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
};
};
}

49
hosts/modules/alexandria/hardware-configuration.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/4130-BE54";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/swapfile";
size = 8192;
}
];
networking.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/modules/alexandria/jellyfin.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
services = {
jellyfin = {
enable = true;
user = "user";
group = "hosted";
openFirewall = true;
};
nginx.virtualHosts."jellyfin.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}";
};
};
}

22
hosts/modules/alexandria/librespeed.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, ... }:
{
virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = {
TZ = "America/Bahia";
};
ports = [ "${config.ports.librespeed}:80" ];
extraOptions = [
"--pull=newer"
"--label=io.containers.autoupdate=registry"
];
};
services.nginx.virtualHosts."speed.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}";
};
}

23
hosts/modules/alexandria/memos.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, ... }:
{
virtualisation.oci-containers.containers."memos" = {
image = "docker.io/neosmemo/memos:stable";
ports = [ "${config.ports.memos}:5230" ];
environment = {
TZ = "America/Bahia";
};
volumes = [ "/data/memos/:/var/opt/memos" ];
extraOptions = [
"--pull=newer"
"--label=io.containers.autoupdate=registry"
];
};
services.nginx.virtualHosts."notes.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.memos}";
};
}

73
hosts/modules/alexandria/minecraft.nix Normal file
View file

@ -0,0 +1,73 @@
{ pkgs, ... }:
{
services.minecraft-servers = {
enable = true;
eula = true;
dataDir = "/data/minecraft";
servers."kingdomcums" = {
enable = true;
package = pkgs.fabricServers.fabric-1_20_1;
openFirewall = true;
serverProperties = {
difficulty = "normal";
gamemode = "survival";
motd = "Kingdom Cums";
online-mode = false;
spawn-protection = false;
};
symlinks."mods" = pkgs.linkFarmFromDrvs "mods" (
builtins.attrValues {
villagerNames = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/gqRXDo8B/versions/rzXhJ2pH/villagernames-1.20.1-8.1.jar";
sha256 = "0hcbbp3zi3nnr12kian9l645f22jr7495bcrlbng46nxp9h08pg5";
};
lithium = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/ZSNsJrPI/lithium-fabric-mc1.20.1-0.11.2.jar";
sha256 = "1ycdvrs46bbdxsa6i38sfx70v47nvzzbmblfpy3hq3k8blsrbid0";
};
lootr = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/EltpO5cN/versions/fqmzdpE2/lootr-fabric-1.20-0.7.33.81.jar";
sha256 = "0db0472rb07nbc9i925qp3n7s7nmrq6q3alhprflgc9gqg0j0f14";
};
malilib = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/GcWjdA9I/versions/V7yLDtJV/malilib-fabric-1.20.1-0.16.3.jar";
sha256 = "129m1jnk58p0wid5fmagqx13wp6pw4gja01yx14aljdxgzr8kqas";
};
immersivePaintings = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/6txNkua3/versions/UjL11A4h/immersive_paintings-0.6.7%2B1.20.1-fabric.jar";
sha256 = "1di9a67q372z6lplnsa1kmh86armya83mimn61c8ai7izjlsfnid";
};
entityCulling = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/NNAgCjsB/versions/mahLIqpj/entityculling-fabric-1.6.7-mc1.20.1.jar";
sha256 = "01iz8rgljgzl0d8gcwpmr6wcvv3b0cf1siggp3dn8q5hv9przk9k";
};
fabricAPI = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/P7uGFii0/fabric-api-0.92.2%2B1.20.1.jar";
sha256 = "1z3hcxng2p9ymph1c0k729vxxaasi34n6fcdsqwx0wsmqi2gh025";
};
fallingTree = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/Fb4jn8m6/versions/NrtzFkZE/FallingTree-1.20.1-4.3.4.jar";
sha256 = "0sfv2laxzgmkhmr0kizi7g09r6fkccjhj9p5j0viqywnwx02r7fs";
};
carryOn = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/joEfVgkn/versions/Mkla4B3q/carryon-fabric-1.20.1-2.1.2.7.jar";
sha256 = "1pgbqrjrxw7bgwn6phpywgpjfmf5h341ba93j76ibk649wbgn9cd";
};
collective = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/e0M1UDsY/versions/jo7YkyNS/collective-1.20.1-7.84.jar";
sha256 = "01qvaqmd5kmxq7sins6703xq5ckc47qs5kd62gnjyfq1dbjp2y2b";
};
dynamicLights = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/7YjclEGc/versions/eU6PA0pr/dynamiclights-v1.8.3-mc1.17x-1.21x-mod.jar";
sha256 = "0vdv525gis1vj514iqh4rbl6byp7k0ls3lsyj0c3db8g58d784gm";
};
appleSkin = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/EsAfCjCV/versions/xcauwnEB/appleskin-fabric-mc1.20.1-2.5.1.jar";
sha256 = "1d9qmzjlk763ycmizqpmhcq0hhqw9j8hij6xk8p8l11ljr13mql5";
};
}
);
};
};
}

15
hosts/modules/alexandria/networking.nix Normal file
View file

@ -0,0 +1,15 @@
{ ... }:
{
networking = {
firewall = {
allowedTCPPorts = [
80
443
8010
9666
];
allowedUDPPorts = [ 24454 ];
};
};
}

103
hosts/modules/alexandria/nextcloud.nix Normal file
View file

@ -0,0 +1,103 @@
{
lib,
config,
pkgs,
...
}:
{
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud30;
datadir = "/data/nextcloud";
hostName = "cloud.baduhai.dev";
configureRedis = true;
https = true;
autoUpdateApps.enable = true;
secretFile = config.age.secrets."nextcloud-secrets.json".path;
database.createLocally = true;
maxUploadSize = "16G";
caching = {
apcu = true;
redis = true;
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
default_phone_region = "BR";
maintenance_window_start = "4";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\EMF"
"OC\\Preview\\Font"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\Illustrator"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\Movie"
"OC\\Preview\\MP3"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOffice2007"
"OC\\Preview\\MSOfficeDoc"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\Photoshop"
"OC\\Preview\\PNG"
"OC\\Preview\\Postscript"
"OC\\Preview\\SVG"
"OC\\Preview\\TIFF"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
config = {
dbtype = "pgsql";
adminpassFile = config.age.secrets.nextcloud-adminpass.path;
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
};
};
collabora-online = {
enable = true;
port = lib.strings.toInt config.ports.collabora;
settings.ssl = {
enable = false;
termination = true;
};
};
nginx.virtualHosts = {
${config.services.nextcloud.hostName} = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
};
"office.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.ports.collabora}";
proxyWebsockets = true;
};
};
};
};
age.secrets = {
"nextcloud-secrets.json" = {
file = ../../../secrets/nextcloud-secrets.json.age;
owner = "nextcloud";
group = "hosted";
};
nextcloud-adminpass = {
file = ../../../secrets/nextcloud-adminpass.age;
owner = "nextcloud";
group = "hosted";
};
};
}

37
hosts/modules/alexandria/nginx.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, ... }:
{
services.nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
security.acme = {
acceptTerms = true;
defaults = {
email = "baduhai@proton.me";
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
};
certs."baduhai.dev" = {
extraDomainNames = [ "*.baduhai.dev" ];
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
age.secrets.cloudflare = {
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "hosted";
};
}

28
hosts/modules/alexandria/searx.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
pkgs,
lib,
...
}:
{
services = {
searx = {
enable = true;
package = pkgs.searxng;
settings.server = {
port = lib.toInt "${config.ports.searx}";
bind_address = "0.0.0.0";
secret_key = "&yEf!xLA@y3FdJ5BjKnUnNAkqer$iW!9";
method = "GET";
};
};
nginx.virtualHosts."search.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.searx}";
};
};
}

11
hosts/modules/alexandria/services.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
services.postgresql.enable = true;
# TODO: remove when bug fix
# serokell/deploy-rs/issues/57
# NixOS/nixpkgs/issues/180175
# Workaround for upstream bug in NetworkManager-wait-online.service
systemd.services.NetworkManager-wait-online.enable = false;
}

20
hosts/modules/alexandria/users.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }:
{
users = {
users = {
nginx.extraGroups = [ "acme" ];
};
groups = {
hosted = {
gid = 1005;
members = [
"user"
"minecraft"
"paperless"
"vaultwarden"
];
};
};
};
}

22
hosts/modules/alexandria/vaultwarden.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, ... }:
{
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.baduhai.dev";
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${config.ports.vaultwarden}";
};
};
nginx.virtualHosts."pass.baduhai.dev" = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}";
};
};
}

5
hosts/modules/default.nix
View file

@ -5,14 +5,15 @@
./boot.nix
./console.nix
./desktop.nix
./impermanence.nix
# ./flatpak.nix
# ./impermanence.nix
./locale.nix
./networking.nix
./nix.nix
./programs.nix
./security.nix
./services.nix
./stylix.nix
# ./stylix.nix
./users.nix
./virtualisation.nix
];

35
hosts/modules/flatpak.nix Normal file
View file

@ -0,0 +1,35 @@
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services.flatpak = {
enable = true;
packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.github.tchx84.Flatseal"
"com.steamgriddb.SGDBoop"
"app.zen_browser.zen"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
})
];
}

6
hosts/modules/impermanence.nix
View file

@ -1,4 +1,8 @@
{ hostType, lib, ... }:
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [

16
hosts/modules/io/boot.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
boot = {
# TODO check if future kernel versions fix boot issue with systemd initrd with tpm
initrd.systemd.tpm2.enable = false;
kernelParams = [
"nosgx"
"i915.fastboot=1"
"mem_sleep_default=deep"
];
extraModprobeConfig = ''
options snd-intel-dspcfg dsp_driver=3
'';
};
}

11
hosts/modules/io/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./boot.nix
./ephermal.nix
./hardware-configuration.nix
./programs.nix
./services.nix
];
}

46
hosts/modules/io/ephermal.nix Normal file
View file

@ -0,0 +1,46 @@
{ ... }:
{
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f /btrfs_tmp
if [[ -e /btrfs_tmp/@root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/@root
umount /btrfs_tmp
'';
};
}

83
hosts/modules/io/hardware-configuration.nix Normal file
View file

@ -0,0 +1,83 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
luks.devices."enc" = {
device = "/dev/disk/by-uuid/8018720e-42dd-453c-b374-adaa02eb48c9";
keyFile = "/dev/disk/by-partuuid/cbc7e305-d32d-4250-b6ae-6a8264ea096e";
};
};
kernelModules = [ "kvm-intel" ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f";
fsType = "btrfs";
options = [
"subvol=@root"
"noatime"
"compress=zstd"
];
};
"/home" = {
device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"compress=zstd"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
];
};
"/persistent" = {
device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f";
fsType = "btrfs";
options = [
"subvol=@persistent"
"noatime"
"compress=zstd"
];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/31C9-08FF";
fsType = "vfat";
options = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

34
hosts/modules/io/programs.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs, ... }:
let
cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs {
wttsrc = pkgs.fetchFromGitHub {
owner = "WeirdTreeThing";
repo = "chromebook-ucm-conf";
rev = "b6ce2a7";
hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc=";
};
postInstall = ''
echo "v0.4.1" > $out/chromebook.patched
cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2
cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d
'';
};
in
{
environment = {
systemPackages = with pkgs; [
maliit-keyboard
sof-firmware
];
sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2";
};
# TODO: remove once gmodena/nix-flatpak/issues/45 fixed
systemd.services."flatpak-managed-install" = {
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/sleep 5";
};
};
}

52
hosts/modules/io/services.nix Normal file
View file

@ -0,0 +1,52 @@
{ ... }:
{
services = {
keyd = {
enable = true;
keyboards.main = {
ids = [ "0001:0001" ];
settings = {
main = {
meta = "overload(meta, esc)";
f1 = "back";
f2 = "forward";
f3 = "refresh";
f4 = "M-f11";
f5 = "M-w";
f6 = "brightnessdown";
f7 = "brightnessup";
f8 = "timeout(mute, 200, micmute)";
f9 = "play";
f10 = "timeout(nextsong, 200, previoussong)";
f13 = "delete";
"102nd" = "layer(function)";
};
shift = {
leftshift = "capslock";
rightshift = "capslock";
};
function = {
escape = "f1";
f1 = "f2";
f2 = "f3";
f3 = "f4";
f4 = "f5";
f5 = "f6";
f6 = "f7";
f7 = "f8";
f8 = "f9";
f9 = "f10";
f10 = "f11";
f13 = "f12";
y = "sysrq";
k = "home";
l = "pageup";
"," = "end";
"." = "pagedown";
};
};
};
};
};
}

16
hosts/modules/programs.nix
View file

@ -129,21 +129,6 @@
]
++ kdepkgs;
services.flatpak = {
enable = true;
packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.github.tchx84.Flatseal"
"com.steamgriddb.SGDBoop"
"app.zen_browser.zen"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
programs = {
adb.enable = true;
steam.enable = true;
@ -152,7 +137,6 @@
kdeconnect.enable = true;
partition-manager.enable = true;
gamemode.enable = true;
nix-index-database.comma.enable = true;
appimage = {
enable = true;
binfmt = true;

35
hosts/modules/rotterdam/boot.nix Normal file
View file

@ -0,0 +1,35 @@
{ pkgs, ... }:
let
qubesnsh = pkgs.writeTextFile {
name = "qubes.nsh";
text = "HD1f65535a1:EFI\\qubes\\grubx64.efi";
};
in
{
boot = {
kernelParams = [
"processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state
"clearcpuid=514"
# Fixes amdgpu freezing
"amdgpu.noretry=0"
"amdgpu.ppfeaturemask=0xfffd3fff"
"amdgpu.gpu_recovery=1"
"amdgpu.lockup_timeout=1000"
];
# QubesOS boot entry
loader.systemd-boot = {
extraFiles = {
"efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi";
"qubes.nsh" = qubesnsh;
};
extraEntries."qubes.conf" = ''
title Qubes OS
efi /efi/edk2-shell/shell.efi
options -nointerrupt qubes.nsh
sort-key ab
'';
};
};
}

12
hosts/modules/rotterdam/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
imports = [
./boot.nix
./ephermal.nix
./hardware-configuration.nix
./hardware.nix
./programs.nix
./services.nix
];
}

47
hosts/modules/rotterdam/ephermal.nix Normal file
View file

@ -0,0 +1,47 @@
{ ... }:
{
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir /btrfs_tmp
mount /dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8 /btrfs_tmp
if [[ -e /btrfs_tmp/@root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/@root
umount /btrfs_tmp
'';
};
}

82
hosts/modules/rotterdam/hardware-configuration.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"amdgpu"
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d";
keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb";
};
};
kernelModules = [ "kvm-amd" ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@root"
"noatime"
"compress=zstd"
];
};
"/home" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"compress=zstd"
];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/F2A2-CF5A";
fsType = "vfat";
options = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
];
};
"/persistent" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@persistent"
"noatime"
"compress=zstd"
];
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
hosts/modules/rotterdam/hardware.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
hardware = {
amdgpu = {
opencl.enable = true;
amdvlk.enable = true;
};
graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
};
systemd.targets.hibernate.enable = false; # disable non-functional hibernate
}

33
hosts/modules/rotterdam/programs.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs, ... }:
let
reboot-into-qubes = pkgs.makeDesktopItem {
name = "reboot-into-qubes";
icon = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg";
sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0=";
};
desktopName = "Qubes OS";
genericName = "Reboot into Qubes OS";
categories = [ "System" ];
startupNotify = true;
exec = pkgs.writeShellScript "reboot-into-qubes" ''
${pkgs.yad}/bin/yad --form \
--title="Qubes OS" \
--image distributor-logo-qubes \
--text "Are you sure you want to reboot into Qubes OS?" \
--button="Yes:0" --button="Cancel:1"
if [ $? -eq 0 ]; then
systemctl reboot --boot-loader-entry=qubes.conf
fi
'';
};
in
{
environment.systemPackages = [ reboot-into-qubes ];
services.flatpak.packages = [ "net.retrodeck.retrodeck" ];
programs.steam.dedicatedServer.openFirewall = true;
}

13
hosts/modules/rotterdam/services.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
services.keyd = {
enable = true;
keyboards.main = {
ids = [ "5653:0001" ];
settings.main = {
esc = "overload(meta, esc)";
};
};
};
}