Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Generalize and split up more files

Browse source
This commit is contained in:
Jimbo 2024-11-24 20:02:09 -05:00
parent 93541beed7
commit a0447a18da
27 changed files with 161 additions and 156 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
hosts/kitty/wireguard/default.nix
View file

@ -1,28 +0,0 @@
{ lib, config, ... }:
{
networking = {
firewall.allowedUDPPorts = [ 51820 ];
nat = {
enable = config.system.wireguard.server.enable;
externalInterface = "eno1";
internalInterfaces = [ "wgs" ];
};
wireguard.interfaces.wgs = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
privateKey = config.secrets.wgServerPriv;
peers = [
{ # NixOS Config Key
publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
allowedIPs = [ "10.100.0.16/28" ];
}
{ # Pixel 9
publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
allowedIPs = [ "10.100.0.2/32" ];
}
];
};
};
}

33
hosts/redmond/boot/default.nix
View file

@ -3,38 +3,5 @@
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl."vm.max_map_count" = 2147483642; kernel.sysctl."vm.max_map_count" = 2147483642;
initrd = {
systemd = {
enable = true;
services.root-reset = {
description = "Reset BTRFS root and snapshot last boot";
wantedBy = [ "initrd.target" ];
after = [ "dev-nixos-root.device" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
mount /dev/nixos/root /mnt
if [[ -e /mnt/@prev ]]; then
btrfs subvolume delete /mnt/@prev
fi
btrfs subvolume snapshot /mnt/@ /mnt/@prev
btrfs subvolume list -o /mnt/@ | cut -f9 -d' ' | while read subvolume; do
btrfs subvolume delete "/mnt/$subvolume"
done
btrfs subvolume delete /mnt/@
btrfs subvolume create /mnt/@
umount /mnt
'';
};
};
};
}; };
} }

24
hosts/redmond/default.nix
View file

@ -3,27 +3,15 @@
imports = [ imports = [
./boot ./boot
./disko ./disko
./filesystems
./hardware ./hardware
# Apps and programs
../../modules/system ../../modules/system
../../modules/system/accounts
../../modules/system/desktop
../../modules/system/programs
../../modules/system/services
# Devices and hardware
../../modules/system/devices
../../modules/system/devices/boot/systemd
../../modules/system/devices/networking/wireless
../../modules/system/devices/networking/firewall/pc
../../modules/system/devices/networking/wireguard/pc
# Extras
../../overlays
../../variables
]; ];
system.lanzaboote.enable = true;
system.wireguard.client.enable = true;
networking.wireguard.interfaces.wgc.ips = [ "10.100.0.23/24" ];
networking.hostName = "redmond"; networking.hostName = "redmond";
networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.20/24" ];
} }

10
hosts/redmond/filesystems/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
fileSystems = {
"/home/jimbo/JimboNFS" = {
device = "10.100.0.1:/export/JimboNFS";
fsType = "nfs4";
options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
};
};
}

26
hosts/redmond/hardware/default.nix
View file

@ -1,27 +1,7 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, ... }:
{ {
boot = { boot.kernelModules = [ "kvm-amd" ];
kernelModules = [ "kvm-amd" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "sd_mod" "sr_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"sd_mod"
"sr_mod"
"sdhci_pci"
"rtsx_usb_sdmmc"
];
};
};
fileSystems = {
"/home/jimbo/JimboNFS" = {
device = "${config.ips.wgSpan}.1:/export/JimboNFS";
fsType = "nfs4";
options = ["x-systemd.automount" "_netdev" "nofail" "noauto"];
};
};
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

2
hosts/redmond/id_ed25519.pub
View file

@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9uITpyw5WgxT7UnswueFtyWxAqQCZv4h9DfcDkr+kn ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsPwxV2qr4IFC63SxPM5bI9iFCbH5wVxorNHYKSvE7i

31
hosts/tower/boot/default.nix
View file

@ -27,37 +27,6 @@ in {
"vfio_pci" "vfio_pci"
"vfio_iommu_type1" "vfio_iommu_type1"
]; ];
initrd.systemd = {
enable = true;
services.root-reset = {
description = "Reset root and snapshot last boot";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
after = [ "dev-${config.networking.hostName}-root.device" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
mount /dev/${config.networking.hostName}/root /mnt
if [[ -e /mnt/prev ]]; then
btrfs subvolume delete /mnt/prev
fi
btrfs subvolume snapshot /mnt/root /mnt/prev
btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do
btrfs subvolume delete "/mnt/$subvolume"
done
btrfs subvolume delete /mnt/root
btrfs subvolume create /mnt/root
umount /mnt
'';
};
};
}; };
# Use second GPU on boot # Use second GPU on boot

1
modules/home/programs/gui/librewolf/default.nix
View file

@ -134,6 +134,7 @@ in {
"extensions.pocket.enabled" = false; "extensions.pocket.enabled" = false;
"extensions.autoDisableScopes" = 0; "extensions.autoDisableScopes" = 0;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"toolkit.tabbox.switchByScrolling" = true; "toolkit.tabbox.switchByScrolling" = true;

2
modules/home/programs/terminal/fastfetch/default.nix
View file

@ -1,6 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ ./small ]; imports = [ ./small ];
home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc;
programs.fastfetch.enable = true; programs.fastfetch.enable = true;
home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc;
} }

4
modules/home/programs/terminal/fastfetch/small/default.nix
View file

@ -1,9 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home = { home = {
packages = with pkgs; [ (pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") ];
file.".config/fastfetch/small.jsonc".source = ./small.jsonc; file.".config/fastfetch/small.jsonc".source = ./small.jsonc;
packages = with pkgs; [
(pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc")
];
}; };
} }

4
modules/home/programs/terminal/ncmpcpp/default.nix
View file

@ -16,7 +16,5 @@
services.mpd-discord-rpc.enable = true; services.mpd-discord-rpc.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [ mpc-cli ];
mpc-cli
];
} }

1
modules/home/programs/terminal/zsh/default.nix
View file

@ -2,7 +2,6 @@
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
enableCompletion = false;
autosuggestion.enable = true; autosuggestion.enable = true;
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
oh-my-zsh = { oh-my-zsh = {

4
modules/home/wms/sway/swayshot/default.nix
View file

@ -1,8 +1,6 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [ imports = [ ./swappy ];
./swappy
];
home.packages = with pkgs; [ home.packages = with pkgs; [
(pkgs.writeScriptBin "swayshot" '' (pkgs.writeScriptBin "swayshot" ''

7
modules/system/boot/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./firmware
./systemd
];
}

4
modules/system/boot/firmware/default.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
hardware.enableRedistributableFirmware = true;
}

6
modules/system/boot/systemd/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [ ./root-reset ];
boot.initrd.systemd.enable = true;
}

30
modules/system/boot/systemd/root-reset/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, ... }:
{
boot.initrd.systemd.services.root-reset = {
description = "Reset root and snapshot last boot";
wantedBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
after = [ "dev-${config.networking.hostName}-root.device" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
mount /dev/${config.networking.hostName}/root /mnt
if [[ -e /mnt/prev ]]; then
btrfs subvolume delete /mnt/prev
fi
btrfs subvolume snapshot /mnt/root /mnt/prev
btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do
btrfs subvolume delete "/mnt/$subvolume"
done
btrfs subvolume delete /mnt/root
btrfs subvolume create /mnt/root
umount /mnt
'';
};
}

4
modules/system/default.nix
View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./accounts ./accounts
./boot
./devices ./devices
./options ./options
./programs ./programs
@ -10,8 +11,5 @@
../extras ../extras
]; ];
time.timeZone = "America/Toronto";
programs.nano.enable = false;
hardware.enableRedistributableFirmware = true;
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

5
modules/system/devices/networking/default.nix
View file

@ -1,6 +1,9 @@
{ ... }: { ... }:
{ {
imports = [ ./wireless ]; imports = [
./wireless
./wireguard
];
networking = { networking = {
wireless.enable = false; wireless.enable = false;

30
modules/system/devices/networking/wireguard/client/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, config, ... }:
{
options.system.wireguard.client.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the wireguard client";
};
config = lib.mkIf config.system.wireguard.client.enable {
networking = {
firewall = {
allowedUDPPorts = [ 51820 ];
trustedInterfaces = [ "wgc" ];
};
wireguard.interfaces.wgc = {
listenPort = 51820;
privateKey = config.secrets.wgClientPriv;
peers = [
{ # Cyberspark Server
publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
allowedIPs = [ "10.100.0.0/24" ];
endpoint = "sv.${config.domains.jim1}:51820";
persistentKeepalive = 25;
}
];
};
};
};
}

7
modules/system/devices/networking/wireguard/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./client
./server
];
}

36
modules/system/devices/networking/wireguard/server/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, config, ... }:
{
options.system.wireguard.server.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the wireguard server";
};
config = lib.mkIf config.system.wireguard.server.enable {
networking = {
firewall.allowedUDPPorts = [ 51820 ];
nat = {
enable = config.system.wireguard.server.enable;
externalInterface = "eno1";
internalInterfaces = [ "wgs" ];
};
wireguard.interfaces.wgs = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
privateKey = config.secrets.wgServerPriv;
peers = [
{ # NixOS Config Key
publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
allowedIPs = [ "10.100.0.16/28" ];
}
{ # Pixel 9
publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
allowedIPs = [ "10.100.0.2/32" ];
}
];
};
};
};
}

10
modules/system/devices/networking/wireless/default.nix
View file

@ -1,11 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
options.system.wireless = { options.system.wireless.enable = lib.mkOption {
enable = lib.mkOption { type = lib.types.bool;
type = lib.types.bool; default = true;
default = true; description = "Enable Wifi with iwd";
description = "Enable Wifi with iwd";
};
}; };
config = lib.mkIf config.system.wireless.enable { config = lib.mkIf config.system.wireless.enable {

2
modules/system/services/server/nginx/virtualhosts/jimDomain1/default.nix
View file

@ -19,7 +19,7 @@
"url": "https://matrix.${config.domains.jim1}" "url": "https://matrix.${config.domains.jim1}"
} }
} }
'; ';
''; '';
"/.well-known/matrix/server".extraConfig = '' "/.well-known/matrix/server".extraConfig = ''

1
modules/system/settings/default.nix
View file

@ -5,5 +5,6 @@
./fonts ./fonts
./minimal ./minimal
./nix ./nix
./timezone
]; ];
} }

1
modules/system/settings/minimal/default.nix
View file

@ -5,6 +5,7 @@
stub-ld.enable = false; stub-ld.enable = false;
}; };
programs.nano.enable = false;
programs.less.lessopen = null; programs.less.lessopen = null;
services.logrotate.enable = false; services.logrotate.enable = false;

4
modules/system/settings/timezone/default.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
time.timeZone = "America/Toronto";
}