william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

now using flake-parts; refactored nixosConfigurations; using hm standalone

Browse source
This commit is contained in:
William 2025-10-14 15:43:12 -03:00
parent 7f64d49052
commit 816496fbab
104 changed files with 1414 additions and 1910 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hosts/modules/alexandria/default.nix
View file

@ -1,9 +0,0 @@
{ ... }:
{
imports = [
./hardware-configuration.nix
./services.nix
./users.nix
];
}

49
hosts/modules/alexandria/hardware-configuration.nix
View file

@ -1,49 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/4130-BE54";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/swapfile";
size = 8192;
}
];
networking.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

16
hosts/modules/alexandria/networking.nix
View file

@ -1,16 +0,0 @@
{
networking = {
firewall = {
allowedTCPPorts = [
80
443
];
allowedUDPPorts = [ ];
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
}

225
hosts/modules/alexandria/services.nix
View file

@ -1,225 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
ports = {
jellyfin = "8096";
librespeed = "8000";
radicale = "8001";
vaultwarden = "8002";
};
rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" ''
#!/bin/bash
# Configuration
CREDS_FILE="/run/agenix/webdav"
SERVE_DIR="/data/webdav"
SOCKET_PATH="/run/rclone-webdav/webdav.sock"
# Check if credentials file exists
if [ ! -f "$CREDS_FILE" ]; then
echo "Error: Credentials file $CREDS_FILE not found"
exit 1
fi
# Read credentials from file (format: username:password)
CREDENTIALS=$(cat "$CREDS_FILE")
USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1)
PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2)
# Validate credentials
if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then
echo "Error: Invalid credentials format. Expected username:password"
exit 1
fi
# Ensure serve directory exists
mkdir -p "$SERVE_DIR"
# Remove existing socket if it exists
rm -f "$SOCKET_PATH"
# Start rclone serve webdav
exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \
--addr unix://"$SOCKET_PATH" \
--user "$USERNAME" \
--pass "$PASSWORD" \
--config="" \
--baseurl "/webdav" \
--verbose
'';
in
{
services = {
forgejo = {
enable = true;
repositoryRoot = "/data/forgejo";
settings = {
session.COOKIE_SECURE = true;
server = {
PROTOCOL = "http+unix";
DOMAIN = "git.baduhai.dev";
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "baduhai.dev";
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
actions.ENABLED = false;
};
};
jellyfin = {
enable = true;
openFirewall = true;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
commonVHostConfig = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
};
in
lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) {
"_".locations."/".return = "444";
"dav.baduhai.dev".locations = {
"/caldav" = {
proxyPass = "http://127.0.0.1:${ports.radicale}/";
extraConfig = ''
proxy_set_header X-Script-Name /caldav;
proxy_pass_header Authorization;
'';
};
"/webdav" = {
proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/";
extraConfig = ''
proxy_set_header X-Script-Name /webdav;
proxy_pass_header Authorization;
proxy_connect_timeout 300; # Increase timeouts for large file uploads
proxy_send_timeout 300;
proxy_read_timeout 300;
client_max_body_size 10G; # Allow large file uploads
proxy_buffering off; # Buffer settings for better performance
proxy_request_buffering off;
'';
};
};
"git.baduhai.dev".locations."/".proxyPass =
"http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
"jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}/";
"pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}/";
"speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}/";
};
};
radicale = {
enable = true;
settings = {
server = {
hosts = [
"127.0.0.1:${ports.radicale}"
"[::]:${ports.radicale}"
];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
};
};
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.baduhai.dev";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${ports.vaultwarden}";
};
};
};
virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = {
TZ = "America/Bahia";
};
ports = [ "${ports.librespeed}:80" ];
extraOptions = [
"--pull=newer"
"--label=io.containers.autoupdate=registry"
];
};
security.acme = {
acceptTerms = true;
defaults = {
email = "baduhai@proton.me";
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
};
certs."baduhai.dev" = {
extraDomainNames = [ "*.baduhai.dev" ];
};
};
age.secrets = {
cloudflare = {
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};
webdav = {
file = ../../../secrets/webdav.age;
owner = "user";
group = "users";
};
};
systemd.services = {
rclone-webdav = {
description = "RClone WebDAV Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "exec";
User = "user";
Group = "nginx";
ExecStart = "${rclone-webdav-start}";
Restart = "always";
RestartSec = "10";
NoNewPrivileges = true;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ReadWritePaths = [
"/data/webdav"
"/run"
];
RuntimeDirectory = "rclone-webdav";
RuntimeDirectoryMode = "0750";
UMask = "0002";
};
preStart = ''
mkdir -p /data/webdav
chown user:users /data/webdav
chmod 755 /data/webdav
'';
};
};
}

3
hosts/modules/alexandria/users.nix
View file

@ -1,3 +0,0 @@
{
users.users.nginx.extraGroups = [ "acme" ];
}

5
hosts/modules/bluetooth.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
hardware.bluetooth.enable = true;
}

61
hosts/modules/boot.nix
View file

@ -1,61 +0,0 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
boot.kernelPackages = pkgs.linuxPackages_hardened;
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
})
];
}

20
hosts/modules/common/boot.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
}

8
hosts/modules/common/console.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
}

8
hosts/modules/common/firewall.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
}

20
hosts/modules/common/locale.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
}

40
hosts/modules/common/nix.nix Normal file
View file

@ -0,0 +1,40 @@
{ inputs, ... }:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services = {
nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
};
system.stateVersion = "22.11";
}

8
hosts/modules/common/openssh.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
};
}

29
hosts/modules/common/programs.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
git
### System Utilities ###
btop
nixos-firewall-tool
nvd
sysz
tmux
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --icons --group-directories-first";
neofetch = "${lib.getExe pkgs.fastfetch}";
tree = "ls --tree";
};
};
programs = {
command-not-found.enable = false;
fish.enable = true;
};
}

13
hosts/modules/common/security.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
security = {
unprivilegedUsernsClone = true; # Needed for rootless podman
sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}

9
hosts/modules/common/services.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
};
}

8
hosts/modules/common/tailscale.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
}

29
hosts/modules/common/users.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
users.users = {
user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
};
}

21
hosts/modules/console.nix
View file

@ -1,21 +0,0 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
console = {
useXkbConfig = true;
earlySetup = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

19
hosts/modules/default.nix
View file

@ -1,19 +0,0 @@
{ ... }:
{
imports = [
./boot.nix
./console.nix
./desktop.nix
./ephermal.nix
./impermanence.nix
./locale.nix
./networking.nix
./nix.nix
./programs.nix
./security.nix
./services.nix
./users.nix
./virtualisation.nix
];
}

64
hosts/modules/desktop.nix
View file

@ -1,64 +0,0 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd.settings.initial_session = {
command = "niri";
user = "user";
};
};
programs = {
dankMaterialShell.greeter = {
enable = true;
compositor.name = "niri";
};
niri.enable = true;
};
hardware = {
xpadneo.enable = true;
bluetooth.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
i2c.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
})
];
}

26
hosts/modules/desktop/boot.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
}

136
hosts/modules/desktop/desktop.nix Normal file
View file

@ -0,0 +1,136 @@
{ inputs, pkgs, ... }:
let
kwrite = pkgs.symlinkJoin {
name = "kwrite";
paths = [ pkgs.kdePackages.kate ];
postBuild = ''
rm -rf $out/bin/kate \
$out/bin/.kate-wrapped \
$out/share/applications/org.kde.kate.desktop \
$out/share/man \
$out/share/icons/hicolor/*/apps/kate.png \
$out/share/icons/hicolor/scalable/apps/kate.svg \
$out/share/appdata/org.kde.kate.appdata.xml
'';
};
in
{
imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ];
environment = {
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages =
with pkgs;
[
### Web ###
bitwarden-desktop
brave
tor-browser
qbittorrent
vesktop
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
kwrite
libreoffice-qt
onlyoffice-desktopeditors
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### System Utilities ###
adwaita-icon-theme
colloid-gtk-theme
junction
kara
kde-rounded-corners
libfido2
mission-center
p7zip
rclone
toggleaudiosink
unrar
### Media ###
mpv
obs-studio
qview
]
++ (with pkgs.kdePackages; [
ark
dolphin
dolphin-plugins
kolourpaint
]);
};
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
settings = {
default_session.command = ''${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --greeting "Welcome to NixOS" --cmd ${plasma}/bin/plasma'';
initial_session.user = "user";
};
};
flatpak = {
enable = true;
packages = [
### Internet Browsers & Communication ###
"app.zen_browser.zen"
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
programs = {
niri.enable = true;
dconf.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
}

13
hosts/modules/desktop/nix.nix Normal file
View file

@ -0,0 +1,13 @@
{ inputs, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
}

15
hosts/modules/desktop/services.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
}

20
hosts/modules/dev.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bat
claude-code
lazygit
fd
fzf
glow
nixfmt-rfc-style
nix-init
nix-output-monitor
ripgrep
];
programs.adb.enable = true;
users.users.user.extraGroups = [ "adbusers" ];
}

4
hosts/modules/environment.nix
View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
}

118
hosts/modules/ephermal.nix
View file

@ -1,64 +1,72 @@
{
hostType,
lib,
...
}:
{ inputs, ... }:
{
config = lib.mkMerge [
# Common configuration
{
}
imports = [ inputs.impermanence.nixosModules.impermanence ];
# Server specific configuration
(lib.mkIf hostType.isServer {
})
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir /btrfs_tmp
mount /dev/mapper/cryptroot /btrfs_tmp
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir /btrfs_tmp
mount /dev/mapper/cryptroot /btrfs_tmp
if [[ -e /btrfs_tmp/@root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
fi
if [[ -e /btrfs_tmp/@root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/@root
umount /btrfs_tmp
'';
};
btrfs subvolume create /btrfs_tmp/@root
umount /btrfs_tmp
'';
};
})
];
environment.persistence.main = {
persistentStoragePath = "/persistent";
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
directories = [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
"/var/lib/flatpak"
"/var/lib/lxd"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
];
};
}

5
hosts/modules/fwupd.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
services.fwupd.enable = true;
}

36
hosts/modules/gaming.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
clonehero
heroic
mangohud
prismlauncher
protonup
steam-run
];
programs = {
steam = {
enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ];
};
gamemode.enable = true;
};
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
];
}

43
hosts/modules/impermanence.nix
View file

@ -1,43 +0,0 @@
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.persistence.main = {
persistentStoragePath = "/persistent";
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
directories = [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
"/var/lib/flatpak"
"/var/lib/lxd"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
];
};
})
];
}

14
hosts/modules/io/boot.nix
View file

@ -1,14 +0,0 @@
{
boot = {
# TODO check if future kernel versions fix boot issue with systemd initrd with tpm
initrd.systemd.tpm2.enable = false;
kernelParams = [
"nosgx"
"i915.fastboot=1"
"mem_sleep_default=deep"
];
extraModprobeConfig = ''
options snd-intel-dspcfg dsp_driver=3
'';
};
}

11
hosts/modules/io/default.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
imports = [
./boot.nix
./disko.nix
./hardware-configuration.nix
./programs.nix
./services.nix
];
}

81
hosts/modules/io/disko.nix
View file

@ -1,81 +0,0 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
};
};
}

36
hosts/modules/io/hardware-configuration.nix
View file

@ -1,36 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
};
kernelModules = [ "kvm-intel" ];
};
zramSwap = {
enable = true;
memoryPercent = 100;
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

37
hosts/modules/io/programs.nix
View file

@ -1,37 +0,0 @@
{ pkgs, ... }:
let
cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs {
wttsrc = pkgs.fetchFromGitHub {
owner = "WeirdTreeThing";
repo = "chromebook-ucm-conf";
rev = "b6ce2a7";
hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc=";
};
postInstall = ''
echo "v0.4.1" > $out/chromebook.patched
cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2
cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d
'';
};
in
{
environment = {
systemPackages = with pkgs; [
arduino-ide
esptool
# fritzing
maliit-keyboard
sof-firmware
];
sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2";
};
# TODO: remove once gmodena/nix-flatpak/issues/45 fixed
systemd.services."flatpak-managed-install" = {
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/sleep 5";
};
};
}

50
hosts/modules/io/services.nix
View file

@ -1,50 +0,0 @@
{
services = {
keyd = {
enable = true;
keyboards.main = {
ids = [ "0001:0001" ];
settings = {
main = {
meta = "overload(meta, esc)";
f1 = "back";
f2 = "forward";
f3 = "refresh";
f4 = "M-f11";
f5 = "M-w";
f6 = "brightnessdown";
f7 = "brightnessup";
f8 = "timeout(mute, 200, micmute)";
f9 = "play";
f10 = "timeout(nextsong, 200, previoussong)";
f13 = "delete";
"102nd" = "layer(function)";
};
shift = {
leftshift = "capslock";
rightshift = "capslock";
};
function = {
escape = "f1";
f1 = "f2";
f2 = "f3";
f3 = "f4";
f4 = "f5";
f5 = "f6";
f6 = "f7";
f7 = "f8";
f8 = "f9";
f9 = "f10";
f10 = "f11";
f13 = "f12";
y = "sysrq";
k = "home";
l = "pageup";
"," = "end";
"." = "pagedown";
};
};
};
};
};
}

12
hosts/modules/libvirtd.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
users.users.user.extraGroups = [
"libvirt"
"libvirtd"
];
}

33
hosts/modules/locale.nix
View file

@ -1,33 +0,0 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

29
hosts/modules/networking.nix
View file

@ -1,29 +0,0 @@
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
networking = {
networkmanager.enable = true;
firewall.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

10
hosts/modules/networkmanager.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
networking.networkmanager = {
enable = true;
wifi.backend = "iwd";
};
users.users.user.extraGroups = [ "networkmanager" ];
}

64
hosts/modules/nix.nix
View file

@ -1,64 +0,0 @@
{
inputs,
lib,
hostType,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
system.stateVersion = "22.11";
}
# Server specific configuration
(lib.mkIf hostType.isServer {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
})
];
}

14
hosts/modules/podman.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }:
{
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
}

202
hosts/modules/programs.nix
View file

@ -1,202 +0,0 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
agenix
git
### System Utilities ###
btop
nixos-firewall-tool
nvd
sysz
tmux
wget
yazi
];
shellAliases = {
ls = "${pkgs.eza}/bin/eza --icons --group-directories-first";
neofetch = "${pkgs.fastfetch}/bin/fastfetch";
tree = "ls --tree";
vi = "${pkgs.evil-helix}/bin/hx";
vim = "${pkgs.evil-helix}/bin/hx";
nvim = "${pkgs.evil-helix}/bin/hx";
};
};
programs = {
fish.enable = true;
command-not-found.enable = false;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation (
let
kdepkgs = with pkgs.kdePackages; [
ark
dolphin
dolphin-plugins
kolourpaint
];
kwrite = pkgs.symlinkJoin {
name = "kwrite";
paths = [ pkgs.kdePackages.kate ];
postBuild = ''
rm -rf $out/bin/kate \
$out/bin/.kate-wrapped \
$out/share/applications/org.kde.kate.desktop \
$out/share/man \
$out/share/icons/hicolor/*/apps/kate.png \
$out/share/icons/hicolor/scalable/apps/kate.svg \
$out/share/appdata/org.kde.kate.appdata.xml
'';
};
in
{
environment = {
systemPackages =
with pkgs;
[
### Dev Tools ###
bat
claude-code
lazygit
fd
fzf
glow
nixfmt-rfc-style
nix-init
nix-output-monitor
ripgrep
### Web ###
bitwarden-desktop
brave
tor-browser
qbittorrent
vesktop
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
kwrite
libreoffice-qt
obsidian
onlyoffice-desktopeditors
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### Gaming & Entertainment ###
clonehero
heroic
mangohud
prismlauncher
protonup
### System Utilities ###
adwaita-icon-theme
colloid-gtk-theme
junction
kara
kde-rounded-corners
libfido2
mission-center
p7zip
rclone
steam-run
toggleaudiosink
unrar
### Media ###
mpv
obs-studio
qview
]
++ kdepkgs;
};
programs = {
adb.enable = true;
steam = {
enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ];
};
virt-manager.enable = true;
dconf.enable = true;
nix-ld.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
gamemode.enable = true;
appimage = {
enable = true;
binfmt = true;
};
nh = {
enable = true;
flake = "/home/user/Projects/personal/nix-config";
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
services.flatpak = {
enable = true;
packages = [
### Dev Tools ###
### Internet Browsers & Communication ###
"app.zen_browser.zen"
### Office & Productivity ###
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### Gaming & Entertainment ###
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
### Media ###
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
}
))
];
}

31
hosts/modules/rotterdam/boot.nix
View file

@ -1,31 +0,0 @@
{ pkgs, ... }:
let
qubesnsh = pkgs.writeTextFile {
name = "qubes.nsh";
text = "HD1f65535a1:EFI\\qubes\\grubx64.efi";
};
in
{
boot = {
kernelParams = [
"processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state
"clearcpuid=514"
"amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing
];
# QubesOS boot entry
loader.systemd-boot = {
extraFiles = {
"efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi";
"qubes.nsh" = qubesnsh;
};
extraEntries."qubes.conf" = ''
title Qubes OS
efi /efi/edk2-shell/shell.efi
options -nointerrupt qubes.nsh
sort-key ab
'';
};
};
}

11
hosts/modules/rotterdam/default.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
imports = [
./boot.nix
./hardware-configuration.nix
./hardware.nix
./programs.nix
./services.nix
];
}

82
hosts/modules/rotterdam/hardware-configuration.nix
View file

@ -1,82 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"amdgpu"
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d";
keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb";
};
};
kernelModules = [ "kvm-amd" ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@root"
"noatime"
"compress=zstd"
];
};
"/home" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"compress=zstd"
];
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/F2A2-CF5A";
fsType = "vfat";
options = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
"/nix" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
];
};
"/persistent" = {
device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8";
fsType = "btrfs";
options = [
"subvol=@persistent"
"noatime"
"compress=zstd"
];
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

8
hosts/modules/rotterdam/hardware.nix
View file

@ -1,8 +0,0 @@
{ pkgs, ... }:
{
hardware = {
amdgpu.opencl.enable = true;
graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
};
}

33
hosts/modules/rotterdam/programs.nix
View file

@ -1,33 +0,0 @@
{ pkgs, ... }:
let
reboot-into-qubes = pkgs.makeDesktopItem {
name = "reboot-into-qubes";
icon = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg";
sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0=";
};
desktopName = "Qubes OS";
genericName = "Reboot into Qubes OS";
categories = [ "System" ];
startupNotify = true;
exec = pkgs.writeShellScript "reboot-into-qubes" ''
${pkgs.yad}/bin/yad --form \
--title="Qubes OS" \
--image distributor-logo-qubes \
--text "Are you sure you want to reboot into Qubes OS?" \
--button="Yes:0" --button="Cancel:1"
if [ $? -eq 0 ]; then
systemctl reboot --boot-loader-entry=qubes.conf
fi
'';
};
in
{
environment.systemPackages = [ reboot-into-qubes ];
services.flatpak.packages = [ "net.retrodeck.retrodeck" ];
programs.steam.dedicatedServer.openFirewall = true;
}

11
hosts/modules/rotterdam/services.nix
View file

@ -1,11 +0,0 @@
{
services.keyd = {
enable = true;
keyboards.main = {
ids = [ "5653:0001" ];
settings.main = {
esc = "overload(meta, esc)";
};
};
};
}

26
hosts/modules/security.nix
View file

@ -1,26 +0,0 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
security = {
unprivilegedUsernsClone = true; # Needed for rootless podman
sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

5
hosts/modules/server/boot.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_hardened;
}

13
hosts/modules/server/nix.nix Normal file
View file

@ -0,0 +1,13 @@
{ inputs, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
}

13
hosts/modules/server/tailscale.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
}

52
hosts/modules/services.nix
View file

@ -1,52 +0,0 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
services = {
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
openssh = {
enable = true;
settings.PermitRootLogin = "no";
};
nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
fwupd.enable = true;
fstrim.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
})
];
}

63
hosts/modules/stylix.nix
View file

@ -1,63 +0,0 @@
{
config,
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
stylix = {
enable = true;
polarity = "dark";
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
cursor = {
package = pkgs.kdePackages.breeze-icons;
name = "Breeze_Light";
size = 24;
};
opacity = {
applications = 1.0;
desktop = 0.8;
popups = config.stylix.opacity.desktop;
terminal = 1.0;
};
fonts = {
serif = {
package = pkgs.source-serif;
name = "Source Serif 4 Display";
};
sansSerif = {
package = pkgs.inter;
name = "Inter";
};
monospace = {
package = pkgs.nerd-fonts.fira-code;
name = "FiraCode Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes = {
applications = 11;
desktop = config.stylix.fonts.sizes.applications;
popups = config.stylix.fonts.sizes.applications;
terminal = 12;
};
};
};
})
];
}

7
hosts/modules/trantor/boot.nix
View file

@ -1,7 +0,0 @@
{
boot = {
loader.efi.efiSysMountPoint = "/boot";
initrd.systemd.enable = true;
kernel.sysctl."net.ipv4.ip_forward" = 1;
};
}

10
hosts/modules/trantor/default.nix
View file

@ -1,10 +0,0 @@
{ ... }:
{
imports = [
./boot.nix
./disko.nix
./hardware-configuration.nix
./networking.nix
];
}

34
hosts/modules/trantor/disko.nix
View file

@ -1,34 +0,0 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b";
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

27
hosts/modules/trantor/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"usbhid"
];
kernelModules = [ ];
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

8
hosts/modules/trantor/networking.nix
View file

@ -1,8 +0,0 @@
{
networking = {
firewall = {
allowedTCPPorts = [ 25566 ];
allowedUDPPorts = [ 25566 ];
};
};
}

81
hosts/modules/users.nix
View file

@ -1,81 +0,0 @@
{
hostType,
inputs,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
users.users = {
user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "bkp";
users = {
user = import ../../users/user.nix;
root = import ../../users/root.nix;
};
extraSpecialArgs = {
inherit hostType;
inherit inputs;
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
users.users = {
user = {
description = "William";
uid = 1000;
extraGroups = [
"uaccess" # Needed for HID dev
"dialout" # Needed for arduino dev
"libvirt"
"libvirtd"
"adbusers"
"i2c"
];
};
ewans = {
description = "Ewans";
isNormalUser = true;
uid = 1001;
hashedPassword = "$y$j9T$yHLUDvj6bDIP19dchU.aA/$OY4qeFNtx/GvI.VUYx4LapHiiVwi0MEvs8AT0HN7j58";
};
};
})
];
}

37
hosts/modules/virtualisation.nix
View file

@ -1,37 +0,0 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
virtualisation = {
libvirtd.enable = true;
};
})
];
}