Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Move variables to more convenient folder

Browse source
This commit is contained in:
Jimbo 2024-11-24 16:53:49 -05:00
parent 87a53e364f
commit 93541beed7
31 changed files with 215 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
hosts/extern/boot/default.nix vendored
View file

@ -1,7 +1,36 @@
{ config, pkgs, ... }:
{
let
commonKernelParams = [
# VM/GPU passthrough
"amd_iommu=on"
"iommu=pt"
"nested=1"
# Virtualization nonsense
"transparent_hugepage=never"
# Isolate devices into IOMMU groups
"pcie_acs_override=downstream,multifunction"
"pci=routeirq"
];
in {
boot = {
kernelPackages = pkgs.linuxPackages_latest;
# Must be Zen for IOMMU isolation
kernelPackages = pkgs.unstable.linuxPackages_zen;
kernel.sysctl."vm.max_map_count" = 2147483642;
kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
blacklistedKernelModules = [ "pcspkr" ];
# Needed for GPU passthrough
initrd.kernelModules = [
"vfio"
"vfio_pci"
"vfio_iommu_type1"
];
};
# Use second GPU on boot
specialisation.gputwo.configuration = {
boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
};
}

4
hosts/extern/default.nix vendored
View file

@ -2,13 +2,13 @@
{
imports = [
./boot
./disko
./filesystems
./hardware
./nixmodules
./wireguard
../../modules/system
];
boot.loader.systemd-boot.enable = lib.mkForce false;
services.btrfs.autoScrub.enable = lib.mkForce false;
system.video.nvidia.enable = true;

96
hosts/extern/disko/default.nix vendored Normal file
View file

@ -0,0 +1,96 @@
{ disko, config, ... }:
{
imports = [ disko.nixosModules.disko ];
disko.devices = {
disk = {
"${config.networking.hostName}" = {
type = "disk";
device = "/dev/sdg";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "${config.networking.hostName}-disk";
settings.allowDiscards = true;
passwordFile = "/tmp/secret.key";
content = {
type = "lvm_pv";
vg = "${config.networking.hostName}";
};
};
};
};
};
};
};
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [ "size=4G" ];
};
};
lvm_vg = {
"${config.networking.hostName}" = {
type = "lvm_vg";
lvs = {
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
# Impermanence
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/persist/.snapshots" = { };
"/jimbo" = {
mountpoint = "/persist/home/jimbo";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/jimbo/.snapshots" = { };
};
};
};
swap = {
size = "8G";
content = {
type = "swap";
discardPolicy = "both";
};
};
};
};
};
};
# Needed for impermanence
fileSystems = {
"/persist".neededForBoot = true;
"/persist/home/jimbo".neededForBoot = true;
};
}

11
hosts/extern/filesystems/default.nix vendored Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
fileSystems = {
# Remote
"/home/jimbo/JimboNFS" = {
device = "10.100.0.1:/export/JimboNFS";
fsType = "nfs4";
options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
};
};
}

29
hosts/extern/hardware/default.nix vendored
View file

@ -1,32 +1,7 @@
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"uas"
"usb_storage"
"sd_mod"
];
kernelModules = [
"dm-snapshot"
];
};
};
fileSystems = {
# Remote
"/home/jimbo/JimboNFS" = {
device = "10.100.0.1:/export/JimboNFS";
fsType = "nfs4";
options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
};
};
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "dm-snapshot" ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

7
hosts/extern/nixmodules/default.nix vendored
View file

@ -1,7 +0,0 @@
{ modulesPath, ... }:
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
"${modulesPath}/installer/cd-dvd/channel.nix"
];
}

7
modules/extras/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./overlays
./variables
];
}

0
overlays/default.nix → modules/extras/overlays/default.nix
View file

0
overlays/packages/default.nix → modules/extras/overlays/packages/default.nix
View file

0
overlays/packages/hlsdk/default.nix → modules/extras/overlays/packages/hlsdk/default.nix
View file

0
overlays/packages/xash3d/change-zip-date.patch → modules/extras/overlays/packages/xash3d/change-zip-date.patch
View file

0
overlays/packages/xash3d/default.nix → modules/extras/overlays/packages/xash3d/default.nix
View file

0
overlays/unstable/default.nix → modules/extras/overlays/unstable/default.nix
View file

0
variables/default.nix → modules/extras/variables/default.nix
View file

0
variables/displays/default.nix → modules/extras/variables/displays/default.nix
View file

0
variables/domains/default.nix → modules/extras/variables/domains/default.nix
View file

0
variables/ips/default.nix → modules/extras/variables/ips/default.nix
View file

0
variables/look/border/default.nix → modules/extras/variables/look/border/default.nix
View file

0
variables/look/colors/default.nix → modules/extras/variables/look/colors/default.nix
View file

0
variables/look/default.nix → modules/extras/variables/look/default.nix
View file

0
variables/look/fonts/default.nix → modules/extras/variables/look/fonts/default.nix
View file

56
modules/extras/variables/secrets/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ lib, config, ... }:
{
options.secrets = lib.mkOption {
type = lib.types.attrs;
default = {};
};
config.secrets = {
# User passwords, generated with 'mkpasswd -m sha-512'
jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
# Cloudflare API key
flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
# Wireguard keys, generated with the wg command
wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
# Icecast, plaintext
castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
# Photoprism, plaintext
prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
# Matrix secrets
matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
coturnSecret = "@OvhK7r4wu!71d9dcmQ$Z6PkqA#LP0niyJHLTiMVJFILo7@6ks3wwmjWJ*zDBV43";
# Pixelfed secret, must be 32 characters long
pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
# Transmission credentials, plaintext
transmissionCredFile = ''
{
"rpc-username": "jimbo",
"rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
}
'';
# Email cleartext passwords
noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
# Email account hashes, generated with 'mkpasswd -m bcrypt'
noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
cornMailHash = "$2b$05$qpG1aOA2tv3zLjzwh8/kyO3zZ8BZxvXcav0ioX7Y3Tps0tyhE/c7q";
tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
# IPs
jimIP = "99.247.177.43";
lunaIP = "71.87.124.226";
cornIP = "24.66.98.13";
};
}

0
variables/workspaces/default.nix → modules/extras/variables/workspaces/default.nix
View file

3
modules/home/default.nix
View file

@ -7,8 +7,7 @@
./settings
./wms
./users
../../overlays
../../variables
../extras
# Imports
nur.nixosModules.nur

4
modules/home/programs/terminal/carapace/default.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
programs.carapace.enable = true;
}

1
modules/home/programs/terminal/default.nix
View file

@ -1,6 +1,7 @@
{ ... }:
{
imports = [
./carapace
./fastfetch
./git
./ncmpcpp

3
modules/home/programs/terminal/zsh/default.nix
View file

@ -2,6 +2,7 @@
{
programs.zsh = {
enable = true;
enableCompletion = false;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
oh-my-zsh = {
@ -34,9 +35,9 @@
seneca = "ssh jhampton1@matrix.senecapolytechnic.ca";
};
initExtra = ''
${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh
${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
setopt HIST_IGNORE_SPACE
setopt RM_STAR_WAIT
'';

3
modules/system/default.nix
View file

@ -7,8 +7,7 @@
./programs
./services
./settings
../../overlays
../../variables
../extras
];
time.timeZone = "America/Toronto";

2
modules/system/settings/documentation/default.nix
View file

@ -5,6 +5,4 @@
info.enable = false;
nixos.enable = false;
};
programs.command-not-found.enable = true;
}

1
modules/system/settings/minimal/default.nix
View file

@ -6,5 +6,6 @@
};
programs.less.lessopen = null;
services.logrotate.enable = false;
}

BIN
variables/secrets/default.nix
View file

Binary file not shown.