Compare commits
1 commit
master
...
jellyseerr
Author | SHA1 | Date | |
---|---|---|---|
c4d676c9f9 |
50 changed files with 4147 additions and 2746 deletions
54
.sops.yaml
54
.sops.yaml
|
@ -1,7 +1,7 @@
|
|||
# Public keys are combination of host + user
|
||||
keys:
|
||||
- &laptop_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
- &laptop_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
|
||||
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
|
||||
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
||||
|
@ -11,36 +11,36 @@ keys:
|
|||
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/blocktech/colmena.yaml
|
||||
- path_regex: secrets/sue/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_root
|
||||
- path_regex: secrets/blocktech/nixos.yaml
|
||||
- *sue_root
|
||||
- path_regex: secrets/sue/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_root
|
||||
- path_regex: secrets/blocktech/pkunis.yaml
|
||||
- *sue_root
|
||||
- path_regex: secrets/sue/pim.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- path_regex: secrets/gamepc/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- path_regex: secrets/gamepc/pim.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *gamepc_root
|
||||
- *gamepc_pim
|
||||
- path_regex: secrets/warwick/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/servers.yaml
|
||||
key_groups:
|
||||
|
@ -49,14 +49,14 @@ creation_rules:
|
|||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/atlas/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/kubernetes.yaml
|
||||
key_groups:
|
||||
|
@ -64,25 +64,25 @@ creation_rules:
|
|||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/jefke/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *lewis_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
|
|
26
README.md
26
README.md
|
@ -3,33 +3,33 @@
|
|||
NixOS configurations for the machines I manage.
|
||||
|
||||
Currently managed systems:
|
||||
|
||||
- **blocktech**: My current laptop, a ThinkPad P1 running GNOME.
|
||||
- **sue**: My current laptop, a Dell XPS 9315. It has two flavours:
|
||||
- Default running GNOME
|
||||
- Specialisation running Cosmic
|
||||
- **gamepc**: My gaming PC running Cinnamon
|
||||
- **warwick**: A Raspberry Pi 4 Model B, which mostly does some monitoring
|
||||
- **atlas**: A Gigabyte Brix, one of my Kubernetes nodes
|
||||
- **jefke**: A Gigabyte Brix, one of my Kubernetes nodes
|
||||
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains
|
||||
my media collection and does backups.
|
||||
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains my media collection and does backups.
|
||||
|
||||
## Deployment
|
||||
|
||||
I use [Colmena](https://colmena.cli.rs) for deploying my machines.
|
||||
|
||||
Create garbage collection roots like so:
|
||||
|
||||
```shell
|
||||
colmena build --keep-result
|
||||
```
|
||||
colmena build --keep-result --experimental-flake-eval
|
||||
```
|
||||
|
||||
To apply to the local machine:
|
||||
|
||||
```shell
|
||||
sudo colmena apply-local --sudo
|
||||
```
|
||||
sudo colmena apply-local --sudo --experimental-flake-eval
|
||||
```
|
||||
|
||||
To apply to all remotely managed systems:
|
||||
|
||||
```shell
|
||||
colmena apply
|
||||
```
|
||||
colmena apply --experimental-flake-eval
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
> Currently the `--experimental-flake-eval` flag is necessary to properly use Colmena with flakes. See [this PR](https://github.com/zhaofengli/colmena/pull/228).
|
||||
|
|
|
@ -15,9 +15,9 @@ inputs @ {
|
|||
};
|
||||
};
|
||||
|
||||
blocktech = {
|
||||
sue = {
|
||||
imports = [
|
||||
(import ./machines).blocktech.nixosModule
|
||||
(import ./machines).sue.nixosModule
|
||||
./nixos
|
||||
];
|
||||
};
|
||||
|
|
760
flake.lock
generated
760
flake.lock
generated
File diff suppressed because it is too large
Load diff
27
flake.nix
27
flake.nix
|
@ -2,26 +2,16 @@
|
|||
description = "My NixOS configuration";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
|
||||
nixpkgs-oldstable.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nur.url = "github:nix-community/NUR";
|
||||
stylix.url = "github:pizzapim/stylix/master";
|
||||
treefmt-nix.url = "github:numtide/treefmt-nix";
|
||||
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
colmena.url = "github:zhaofengli/colmena";
|
||||
|
||||
stylix = {
|
||||
url = "github:nix-community/stylix/release-25.05";
|
||||
inputs.tinted-schemes.follows = "tinted-schemes";
|
||||
};
|
||||
|
||||
nvf = {
|
||||
url = "github:notashelf/nvf";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
git-hooks = {
|
||||
url = "github:cachix/git-hooks.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
@ -33,7 +23,7 @@
|
|||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager?ref=release-25.05";
|
||||
url = "github:nix-community/home-manager?ref=release-24.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
|
@ -53,17 +43,16 @@
|
|||
flake = false;
|
||||
};
|
||||
|
||||
tinted-schemes = {
|
||||
type = "git";
|
||||
url = "https://github.com/tinted-theming/schemes";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
nixos-cosmic = {
|
||||
url = "github:lilyinstarlight/nixos-cosmic";
|
||||
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
|
||||
};
|
||||
|
||||
nix-snapshotter = {
|
||||
url = "github:pdtpartners/nix-snapshotter";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
|
|
@ -4,5 +4,5 @@
|
|||
...
|
||||
}:
|
||||
flake-utils.lib.eachDefaultSystem (system: {
|
||||
inherit (self.packages.${system}) formatter;
|
||||
formatter = self.packages.${system}.formatter;
|
||||
})
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
...
|
||||
}: {
|
||||
imports = [
|
||||
./neovim
|
||||
./firefox
|
||||
./tidal.nix
|
||||
./gnome
|
||||
|
@ -12,7 +13,6 @@
|
|||
./vscode.nix
|
||||
inputs.nix-index-database.hmModules.nix-index
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
inputs.nvf.homeManagerModules.default
|
||||
];
|
||||
|
||||
xsession.enable = true;
|
||||
|
|
|
@ -30,7 +30,7 @@ in {
|
|||
id = 0;
|
||||
isDefault = true;
|
||||
settings = firefoxSettings;
|
||||
extensions.packages = firefoxAddons;
|
||||
extensions = firefoxAddons;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
13
home-manager/neovim/bufferline.lua
Normal file
13
home-manager/neovim/bufferline.lua
Normal file
|
@ -0,0 +1,13 @@
|
|||
require("bufferline").setup({
|
||||
options = {
|
||||
diagnostics = "nvim_lsp",
|
||||
diagnostics_indicator = function(count, level, diagnostics_dict, context)
|
||||
local icon = level:match("error") and " " or " "
|
||||
return " " .. icon .. count
|
||||
end,
|
||||
separator_style = "slant",
|
||||
hover = { enabled = true, reveal = { "close" } },
|
||||
},
|
||||
})
|
||||
|
||||
vim.keymap.set("n", "<leader>ft", ":BufferLinePick<CR>", {})
|
43
home-manager/neovim/cmp.lua
Normal file
43
home-manager/neovim/cmp.lua
Normal file
|
@ -0,0 +1,43 @@
|
|||
local cmp = require("cmp")
|
||||
local luasnip = require("luasnip")
|
||||
|
||||
require("luasnip.loaders.from_vscode").lazy_load()
|
||||
luasnip.config.setup({})
|
||||
|
||||
cmp.setup({
|
||||
snippet = {
|
||||
expand = function(args)
|
||||
luasnip.lsp_expand(args.body)
|
||||
end,
|
||||
},
|
||||
mapping = cmp.mapping.preset.insert({
|
||||
["<C-n>"] = cmp.mapping.select_next_item(),
|
||||
["<C-p>"] = cmp.mapping.select_prev_item(),
|
||||
["<C-d>"] = cmp.mapping.scroll_docs(-4),
|
||||
["<C-f>"] = cmp.mapping.scroll_docs(4),
|
||||
["<C-Space>"] = cmp.mapping.complete({}),
|
||||
["<CR>"] = cmp.mapping.confirm({
|
||||
behavior = cmp.ConfirmBehavior.Replace,
|
||||
select = true,
|
||||
}),
|
||||
["<Tab>"] = cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_next_item()
|
||||
elseif luasnip.expand_or_locally_jumpable() then
|
||||
luasnip.expand_or_jump()
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end, { "i", "s" }),
|
||||
["<S-Tab>"] = cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_prev_item()
|
||||
elseif luasnip.locally_jumpable(-1) then
|
||||
luasnip.jump(-1)
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end, { "i", "s" }),
|
||||
}),
|
||||
sources = { { name = "nvim_lsp" }, { name = "luasnip" } },
|
||||
})
|
2
home-manager/neovim/commentary.lua
Normal file
2
home-manager/neovim/commentary.lua
Normal file
|
@ -0,0 +1,2 @@
|
|||
vim.cmd([[autocmd FileType nix setlocal commentstring=#%s]])
|
||||
vim.cmd([[autocmd FileType terraform setlocal commentstring=#%s]])
|
9
home-manager/neovim/core.lua
Normal file
9
home-manager/neovim/core.lua
Normal file
|
@ -0,0 +1,9 @@
|
|||
vim.o.background = "dark"
|
||||
vim.cmd([[colorscheme gruvbox]])
|
||||
vim.g.mapleader = ";"
|
||||
vim.o.signcolumn = "yes"
|
||||
vim.wo.number = true
|
||||
vim.wo.relativenumber = true
|
||||
vim.wo.cursorline = true
|
||||
vim.opt.termguicolors = true
|
||||
vim.o.mousemoveevent = true
|
91
home-manager/neovim/default.nix
Normal file
91
home-manager/neovim/default.nix
Normal file
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.neovim;
|
||||
in {
|
||||
options.pim.neovim.enable = lib.mkEnableOption "neovim";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.neovim = {
|
||||
enable = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
vimdiffAlias = true;
|
||||
defaultEditor = true;
|
||||
extraLuaConfig = builtins.readFile ./core.lua;
|
||||
|
||||
extraPackages = with pkgs; [
|
||||
nil
|
||||
pyright
|
||||
gopls
|
||||
terraform-ls
|
||||
nixfmt-classic
|
||||
stylua
|
||||
black
|
||||
nixpkgs-fmt
|
||||
];
|
||||
|
||||
plugins = with pkgs.vimPlugins; [
|
||||
{
|
||||
plugin = nvim-lspconfig;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./lspconfig.lua;
|
||||
}
|
||||
gruvbox-nvim
|
||||
{
|
||||
plugin = leap-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./leap.lua;
|
||||
}
|
||||
{
|
||||
plugin = telescope-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./telescope.lua;
|
||||
}
|
||||
{
|
||||
plugin = vim-commentary;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./commentary.lua;
|
||||
}
|
||||
vim-sleuth
|
||||
{
|
||||
plugin = gitsigns-nvim;
|
||||
type = "lua";
|
||||
config = ''require("gitsigns").setup()'';
|
||||
}
|
||||
{
|
||||
plugin = nvim-cmp;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./cmp.lua;
|
||||
}
|
||||
cmp-nvim-lsp
|
||||
friendly-snippets
|
||||
neodev-nvim
|
||||
luasnip
|
||||
cmp_luasnip
|
||||
{
|
||||
plugin = nvim-treesitter.withAllGrammars;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./treesitter.lua;
|
||||
}
|
||||
{
|
||||
plugin = bufferline-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./bufferline.lua;
|
||||
}
|
||||
nvim-web-devicons
|
||||
lsp-format-nvim
|
||||
{
|
||||
plugin = pkgs.vimPlugins.none-ls-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./none-ls.lua;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
programs.git.extraConfig.core.editor = "nvim";
|
||||
};
|
||||
}
|
4
home-manager/neovim/leap.lua
Normal file
4
home-manager/neovim/leap.lua
Normal file
|
@ -0,0 +1,4 @@
|
|||
require("leap").add_default_mappings()
|
||||
-- Don't remap 'x' in visual mode.
|
||||
vim.keymap.del({ "x", "o" }, "x")
|
||||
vim.keymap.del({ "x", "o" }, "X")
|
65
home-manager/neovim/lspconfig.lua
Normal file
65
home-manager/neovim/lspconfig.lua
Normal file
|
@ -0,0 +1,65 @@
|
|||
require("lsp-format").setup({})
|
||||
|
||||
local on_attach = function(client, bufnr)
|
||||
local bufmap = function(keys, func)
|
||||
vim.keymap.set("n", keys, func, { buffer = bufnr })
|
||||
end
|
||||
|
||||
bufmap("<leader>r", vim.lsp.buf.rename)
|
||||
bufmap("<leader>a", vim.lsp.buf.code_action)
|
||||
|
||||
bufmap("gd", vim.lsp.buf.definition)
|
||||
bufmap("gD", vim.lsp.buf.declaration)
|
||||
bufmap("gI", vim.lsp.buf.implementation)
|
||||
bufmap("<leader>D", vim.lsp.buf.type_definition)
|
||||
|
||||
bufmap("gr", require("telescope.builtin").lsp_references)
|
||||
bufmap("<leader>s", require("telescope.builtin").lsp_document_symbols)
|
||||
bufmap("<leader>S", require("telescope.builtin").lsp_dynamic_workspace_symbols)
|
||||
|
||||
bufmap("K", vim.lsp.buf.hover)
|
||||
|
||||
vim.api.nvim_buf_create_user_command(bufnr, "Format", function(_)
|
||||
vim.lsp.buf.format()
|
||||
end, {})
|
||||
end
|
||||
|
||||
local capabilities = vim.lsp.protocol.make_client_capabilities()
|
||||
capabilities = require("cmp_nvim_lsp").default_capabilities(capabilities)
|
||||
|
||||
require("neodev").setup()
|
||||
require("lspconfig").nil_ls.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
require("lspconfig").pyright.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
require("lspconfig").gopls.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
require("lspconfig").terraformls.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
|
||||
local function has_treefmt()
|
||||
local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
|
||||
if vim.v.shell_error ~= 0 then
|
||||
return false
|
||||
end
|
||||
local treefmt_path = git_root .. "/treefmt.nix"
|
||||
return vim.fn.filereadable(treefmt_path) == 1
|
||||
end
|
||||
|
||||
vim.api.nvim_create_autocmd("BufWritePost", {
|
||||
pattern = "*",
|
||||
callback = function()
|
||||
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
|
||||
vim.cmd("silent !treefmt > /dev/null 2>&1")
|
||||
end
|
||||
end,
|
||||
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
|
||||
})
|
53
home-manager/neovim/none-ls.lua
Normal file
53
home-manager/neovim/none-ls.lua
Normal file
|
@ -0,0 +1,53 @@
|
|||
-- renamed to none-ls
|
||||
local null_ls_status_ok, null_ls = pcall(require, "null-ls")
|
||||
if not null_ls_status_ok then
|
||||
return
|
||||
end
|
||||
|
||||
local formatting = null_ls.builtins.formatting
|
||||
local diagnostics = null_ls.builtins.diagnostics
|
||||
local code_actions = null_ls.builtins.code_actions
|
||||
|
||||
-- to setup format on save
|
||||
local augroup = vim.api.nvim_create_augroup("LspFormatting", {})
|
||||
|
||||
require("null-ls").setup({
|
||||
sources = {
|
||||
formatting.stylua,
|
||||
formatting.black,
|
||||
formatting.nixpkgs_fmt,
|
||||
formatting.mix,
|
||||
},
|
||||
|
||||
-- configure format on save
|
||||
-- on_attach = function(current_client, bufnr)
|
||||
-- if current_client.supports_method("textDocument/formatting") then
|
||||
-- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
|
||||
-- vim.api.nvim_create_autocmd("BufWritePre", {
|
||||
-- group = augroup,
|
||||
-- buffer = bufnr,
|
||||
-- callback = function()
|
||||
-- vim.lsp.buf.format({
|
||||
-- filter = function(client)
|
||||
-- -- only use null-ls for formatting instead of lsp server
|
||||
-- return client.name == "null-ls"
|
||||
-- end,
|
||||
-- bufnr = bufnr,
|
||||
-- })
|
||||
-- end,
|
||||
-- })
|
||||
-- end
|
||||
-- end,
|
||||
})
|
||||
|
||||
-- formatting command
|
||||
vim.api.nvim_create_user_command("Format", function()
|
||||
vim.lsp.buf.format(nil, 10000)
|
||||
end, {})
|
||||
|
||||
vim.keymap.set(
|
||||
"n",
|
||||
"<leader>fm",
|
||||
":Format<CR>",
|
||||
{ desc = "Format current buffer (also done on save)", noremap = true, silent = true }
|
||||
)
|
17
home-manager/neovim/telescope.lua
Normal file
17
home-manager/neovim/telescope.lua
Normal file
|
@ -0,0 +1,17 @@
|
|||
local builtin = require("telescope.builtin")
|
||||
|
||||
vim.keymap.set("n", "<leader>ff", builtin.find_files, {})
|
||||
vim.keymap.set("n", "<leader>fg", builtin.live_grep, {})
|
||||
vim.keymap.set("n", "<leader>fb", builtin.buffers, {})
|
||||
vim.keymap.set("n", "<leader>fr", builtin.lsp_references, {})
|
||||
vim.keymap.set("n", "<leader>fs", builtin.lsp_document_symbols, {})
|
||||
|
||||
require("telescope").setup({
|
||||
pickers = {
|
||||
find_files = { theme = "dropdown" },
|
||||
live_grep = { theme = "dropdown" },
|
||||
buffers = { theme = "dropdown" },
|
||||
lsp_references = { theme = "dropdown" },
|
||||
lsp_document_symbols = { theme = "dropdown" },
|
||||
},
|
||||
})
|
9
home-manager/neovim/treesitter.lua
Normal file
9
home-manager/neovim/treesitter.lua
Normal file
|
@ -0,0 +1,9 @@
|
|||
require("nvim-treesitter.configs").setup({
|
||||
ensure_installed = {},
|
||||
|
||||
auto_install = false,
|
||||
|
||||
highlight = { enable = true },
|
||||
|
||||
indent = { enable = true },
|
||||
})
|
|
@ -12,22 +12,20 @@ in {
|
|||
programs.vscode = {
|
||||
enable = true;
|
||||
package = pkgs.vscodium;
|
||||
profiles.default = {
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
vscodevim.vim
|
||||
marp-team.marp-vscode
|
||||
jnoortheen.nix-ide
|
||||
mkhl.direnv
|
||||
];
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
vscodevim.vim
|
||||
marp-team.marp-vscode
|
||||
jnoortheen.nix-ide
|
||||
mkhl.direnv
|
||||
];
|
||||
|
||||
userSettings = {
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = lib.getExe pkgs.nil;
|
||||
"terminal.integrated.defaultProfile.linux" = "fish";
|
||||
"explorer.confirmDragAndDrop" = false;
|
||||
"explorer.confirmPasteNative" = false;
|
||||
"explorer.confirmDelete" = false;
|
||||
};
|
||||
userSettings = {
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = lib.getExe pkgs.nil;
|
||||
"terminal.integrated.defaultProfile.linux" = "fish";
|
||||
"explorer.confirmDragAndDrop" = false;
|
||||
"explorer.confirmPasteNative" = false;
|
||||
"explorer.confirmDelete" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,39 +1,27 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [./jellyseerr-module.nix];
|
||||
|
||||
disabledModules = ["services/misc/jellyseerr.nix"];
|
||||
|
||||
config = {
|
||||
facter.reportPath = ./facter.json;
|
||||
system.stateVersion = "23.05";
|
||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||
pim.k3s.serverAddr = "https://jefke.dmz:6443";
|
||||
|
||||
pim.backups.borgBackups = {
|
||||
freshrss = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/freshrss"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "freshrss";
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/nextcloud"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "nextcloud";
|
||||
};
|
||||
|
||||
nextcloud-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/nextcloud-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "nextcloud";
|
||||
};
|
||||
|
||||
authentik = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/authentik-db" "/mnt/longhorn/persistent/volumes/authentik-redis"];
|
||||
scaleDeployments = false;
|
||||
};
|
||||
};
|
||||
|
||||
deployment = {
|
||||
targetHost = "atlas";
|
||||
targetUser = "root";
|
||||
tags = ["server" "kubernetes"];
|
||||
};
|
||||
|
||||
services.jellyseerr = {
|
||||
enable = true;
|
||||
package = pkgs.callPackage ./jellyseerr.nix {};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
76
machines/atlas/jellyseerr-module.nix
Normal file
76
machines/atlas/jellyseerr-module.nix
Normal file
|
@ -0,0 +1,76 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.services.jellyseerr;
|
||||
in {
|
||||
meta.maintainers = with lib.maintainers; [camillemndn pizzapim];
|
||||
|
||||
options.services.jellyseerr = {
|
||||
enable = lib.mkEnableOption ''Jellyseerr, a requests manager for Jellyfin'';
|
||||
package = lib.mkPackageOption pkgs "jellyseerr" {};
|
||||
|
||||
openFirewall = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''Open port in the firewall for the Jellyseerr web interface.'';
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 5055;
|
||||
description = ''The port which the Jellyseerr web UI should listen to.'';
|
||||
};
|
||||
|
||||
config_directory = lib.mkOption {
|
||||
description = ''
|
||||
The directory to save run-time configuration.
|
||||
'';
|
||||
type = lib.types.str;
|
||||
example = "/jellyseerr";
|
||||
default = "/var/lib/jellyseerr";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.jellyseerr = {
|
||||
description = "Jellyseerr, a requests manager for Jellyfin";
|
||||
after = ["network.target"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
environment = {
|
||||
PORT = toString cfg.port;
|
||||
CONFIG_DIRECTORY = cfg.config_directory;
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
StateDirectory = "jellyseerr";
|
||||
# WorkingDirectory = "${cfg.package}/libexec/jellyseerr/deps/jellyseerr";
|
||||
DynamicUser = true;
|
||||
ExecStart = lib.getExe cfg.package;
|
||||
# BindPaths = ["/var/lib/jellyseerr/:${cfg.package}/libexec/jellyseerr/deps/jellyseerr/config/"];
|
||||
Restart = "on-failure";
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "strict";
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
NoNewPrivileges = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RemoveIPC = true;
|
||||
PrivateMounts = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [cfg.port];
|
||||
};
|
||||
};
|
||||
}
|
89
machines/atlas/jellyseerr.nix
Normal file
89
machines/atlas/jellyseerr.nix
Normal file
|
@ -0,0 +1,89 @@
|
|||
{
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
makeWrapper,
|
||||
node-pre-gyp,
|
||||
nodejs,
|
||||
pnpm_9,
|
||||
python3,
|
||||
stdenv,
|
||||
}:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "jellyseerr";
|
||||
version = "2.1.0";
|
||||
|
||||
src = with finalAttrs;
|
||||
fetchFromGitHub {
|
||||
owner = "Fallenbagel";
|
||||
repo = "jellyseerr";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-5kaeqhjUy9Lgx4/uFcGRlAo+ROEOdTWc2m49rq8R8Hs=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
nodejs
|
||||
makeWrapper
|
||||
pnpm_9.configHook
|
||||
|
||||
# Needed for compiling sqlite3 and bcrypt from source
|
||||
node-pre-gyp
|
||||
python3
|
||||
];
|
||||
|
||||
pnpmDeps = pnpm_9.fetchDeps {
|
||||
inherit (finalAttrs) pname version src;
|
||||
hash = "sha256-xu6DeaBArQmnqEnIgjc1DTZujQebSkjuai9tMHeQWCk=";
|
||||
};
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
pnpm build
|
||||
|
||||
# Fixes "SQLite package has not been found installed" at launch
|
||||
pushd node_modules/sqlite3
|
||||
export CPPFLAGS="-I${nodejs}/include/node"
|
||||
npm run install --build-from-source --nodedir=${nodejs}/include/node
|
||||
popd
|
||||
|
||||
pushd node_modules/bcrypt
|
||||
export CPPFLAGS="-I${nodejs}/include/node"
|
||||
npm run install --build-from-source --nodedir=${nodejs}/include/node
|
||||
popd
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
preInstall = ''
|
||||
mkdir $out
|
||||
cp ./package.json $out
|
||||
rm -r .next/cache
|
||||
cp -R ./.next $out
|
||||
cp -R ./dist $out
|
||||
cp ./overseerr-api.yml $out
|
||||
cp -R ./node_modules $out
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
makeWrapper '${nodejs}/bin/node' "$out/bin/jellyseerr" \
|
||||
--chdir $out \
|
||||
--add-flags "$out/dist/index.js" \
|
||||
--set NODE_ENV production
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Fork of overseerr for jellyfin support";
|
||||
homepage = "https://github.com/Fallenbagel/jellyseerr";
|
||||
longDescription = ''
|
||||
Jellyseerr is a free and open source software application for managing
|
||||
requests for your media library. It is a a fork of Overseerr built to
|
||||
bring support for Jellyfin & Emby media servers!
|
||||
'';
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [
|
||||
camillemndn
|
||||
pizzapim
|
||||
];
|
||||
platforms = platforms.linux;
|
||||
mainProgram = "jellyseerr";
|
||||
};
|
||||
})
|
|
@ -1,80 +0,0 @@
|
|||
{
|
||||
self,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
lanzaboote.enable = false;
|
||||
tidal.enable = false;
|
||||
gnome.enable = true;
|
||||
stylix.enable = true;
|
||||
wireguard.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pkunis"];
|
||||
};
|
||||
|
||||
users.users.pkunis = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||
};
|
||||
|
||||
deployment = {
|
||||
allowLocalDeployment = true;
|
||||
targetHost = null;
|
||||
tags = ["desktop"];
|
||||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
home-manager.users.pkunis.imports = [./pkunis.home.nix];
|
||||
nix.settings.trusted-users = ["pkunis"];
|
||||
system.stateVersion = "23.05";
|
||||
sops.defaultSopsFile = "${self}/secrets/blocktech/nixos.yaml";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
borgbackup
|
||||
kubectl
|
||||
nmap
|
||||
poppler_utils # For pdfunite
|
||||
silicon
|
||||
units
|
||||
];
|
||||
|
||||
virtualisation = {
|
||||
libvirtd.enable = true;
|
||||
|
||||
docker = {
|
||||
enable = true;
|
||||
|
||||
rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{device = "/dev/disk/by-uuid/949815d4-cfc4-4cf3-bbbe-22516f91119c";}
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/06710546-327b-402a-b221-8d88b75301d2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/E547-7E6C";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0077" "dmask=0077"];
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd.luks.devices."luks-4cc1ad7c-a794-4c54-adc8-c9f666c9b781".device = "/dev/disk/by-uuid/4cc1ad7c-a794-4c54-adc8-c9f666c9b781";
|
||||
initrd.luks.devices."luks-161f5109-c2d7-4307-91f6-27c655d6ab3e".device = "/dev/disk/by-uuid/161f5109-c2d7-4307-91f6-27c655d6ab3e";
|
||||
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
blocktech = {
|
||||
sue = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./blocktech/configuration.nix;
|
||||
nixosModule = import ./sue/configuration.nix;
|
||||
};
|
||||
|
||||
gamepc = {
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
cinnamon.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pim"];
|
||||
};
|
||||
|
||||
|
@ -31,24 +32,27 @@
|
|||
|
||||
services = {
|
||||
openssh.enable = true;
|
||||
displayManager.cosmic-greeter.enable = true;
|
||||
desktopManager.cosmic.enable = true;
|
||||
|
||||
xserver.displayManager.lightdm.extraSeatDefaults = ''
|
||||
autologin-user=pim
|
||||
'';
|
||||
|
||||
sunshine = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
||||
settings = {
|
||||
sunshine_name = config.networking.hostName;
|
||||
origin_web_ui_allowed = "wan";
|
||||
credentials_file = "/home/pim/.config/sunshine/sunshine_credentials.json";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
swraid.mdadmConf = ''
|
||||
MAILADDR pim@kunis.nl
|
||||
'';
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
vlc
|
||||
handbrake
|
||||
lutris
|
||||
chromium
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -22,5 +21,6 @@
|
|||
defaultSopsFile = "${self}/secrets/gamepc/pim.yaml";
|
||||
# TODO: should be set automatically?
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
secrets."sunshine_credentials".path = "${config.xdg.configHome}/sunshine/sunshine_credentials.json";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,98 +5,6 @@
|
|||
system.stateVersion = "23.05";
|
||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||
|
||||
pim.backups.borgBackups = {
|
||||
radicale = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/radicale"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "radicale";
|
||||
};
|
||||
|
||||
forgejo = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/forgejo"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "forgejo";
|
||||
};
|
||||
|
||||
syncthing = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/syncthing" "/mnt/longhorn/persistent/volumes/keepassxc"];
|
||||
deploymentName = "syncthing";
|
||||
deploymentNamespace = "syncthing";
|
||||
};
|
||||
|
||||
ntfy = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/ntfy"];
|
||||
deploymentName = "ntfy";
|
||||
deploymentNamespace = "ntfy";
|
||||
};
|
||||
|
||||
hedgedoc-uploads = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/hedgedoc-uploads"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "hedgedoc";
|
||||
};
|
||||
|
||||
hedgedoc-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/hedgedoc-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "hedgedoc";
|
||||
};
|
||||
|
||||
atuin-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/atuin-db"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "atuin";
|
||||
};
|
||||
|
||||
paperless-data = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/paperless-data"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "paperless";
|
||||
};
|
||||
|
||||
paperless-redisdata = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/paperless-redisdata"];
|
||||
deploymentName = "redis";
|
||||
deploymentNamespace = "paperless";
|
||||
};
|
||||
|
||||
paperless-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/paperless-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "paperless";
|
||||
};
|
||||
|
||||
immich = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/immich"];
|
||||
deploymentName = "immich";
|
||||
deploymentNamespace = "immich";
|
||||
};
|
||||
|
||||
immich-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/immich-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "immich";
|
||||
};
|
||||
|
||||
attic = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/attic"];
|
||||
deploymentName = "attic";
|
||||
deploymentNamespace = "attic";
|
||||
};
|
||||
|
||||
attic-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/attic-db"];
|
||||
deploymentName = "attic-db";
|
||||
deploymentNamespace = "attic";
|
||||
};
|
||||
|
||||
kitchenowl = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/kitchenowl"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "kitchenowl";
|
||||
};
|
||||
};
|
||||
|
||||
deployment = {
|
||||
targetHost = "jefke";
|
||||
targetUser = "root";
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
|
@ -20,99 +19,8 @@
|
|||
|
||||
pim = {
|
||||
k3s.serverAddr = "https://jefke.dmz:6443";
|
||||
|
||||
backups.borgBackups = {
|
||||
bazarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/bazarr"];
|
||||
deploymentName = "bazarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
deluge = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/deluge"];
|
||||
deploymentName = "deluge";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
jellyfin = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/jellyfin"];
|
||||
deploymentName = "jellyfin";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
jellyseerr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/jellyseerr"];
|
||||
deploymentName = "jellyseerr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
prowlarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/prowlarr"];
|
||||
deploymentName = "prowlarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
radarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/radarr"];
|
||||
deploymentName = "radarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
sonarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/sonarr"];
|
||||
deploymentName = "sonarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
};
|
||||
data-sharing.enable = true;
|
||||
backups.enable = true;
|
||||
};
|
||||
|
||||
systemd = {
|
||||
timers.read-dir-sizes = {
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnBootSec = "5m";
|
||||
OnUnitActiveSec = "5m";
|
||||
Unit = "read-dir-sizes.service";
|
||||
};
|
||||
};
|
||||
|
||||
services."read-dir-sizes" = {
|
||||
script = let
|
||||
script = pkgs.writeShellScriptBin "read-dir-sizes.sh" ''
|
||||
DIRS=(
|
||||
"/mnt/longhorn/persistent/media/movies"
|
||||
"/mnt/longhorn/persistent/media/shows"
|
||||
)
|
||||
|
||||
temp_file=$(mktemp)
|
||||
trap 'rm -f "$temp_file"' EXIT
|
||||
|
||||
for DIR_PATH in "''${DIRS[@]}"; do
|
||||
# Find all top-level subdirectories and calculate their size
|
||||
find "$DIR_PATH" -mindepth 1 -maxdepth 1 -type d | while read -r subdir; do
|
||||
# Calculate the size of the top-level subdirectory
|
||||
du --block-size=1 -s "$subdir" | while read -r size path; do
|
||||
# Print size in Prometheus format
|
||||
echo "directory_size_bytes{dir=\"$path\"} $size" >> $temp_file
|
||||
done
|
||||
done
|
||||
done
|
||||
mkdir -p /var/lib/node_exporter/textfile_collector
|
||||
cp $temp_file /var/lib/node_exporter/textfile_collector/dir_sizes.prom
|
||||
chmod o=r /var/lib/node_exporter/textfile_collector/dir_sizes.prom
|
||||
'';
|
||||
in "${lib.getExe script}";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
};
|
||||
|
||||
tmpfiles.rules = [
|
||||
"d /mnt/longhorn/persistent/media/torrents 775 414 51 8d"
|
||||
];
|
||||
};
|
||||
|
||||
services.prometheus.exporters.node.extraFlags = ["--collector.textfile.directory=/var/lib/node_exporter/textfile_collector"];
|
||||
};
|
||||
}
|
||||
|
|
97
machines/sue/configuration.nix
Normal file
97
machines/sue/configuration.nix
Normal file
|
@ -0,0 +1,97 @@
|
|||
{
|
||||
self,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
options = {
|
||||
pim.cosmic.enable = lib.mkEnableOption "cosmic";
|
||||
};
|
||||
|
||||
config = {
|
||||
pim = {
|
||||
lanzaboote.enable = true;
|
||||
tidal.enable = true;
|
||||
gnome.enable = true;
|
||||
stylix.enable = true;
|
||||
wireguard.enable = true;
|
||||
compliance.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pim"];
|
||||
};
|
||||
|
||||
users.users.pim = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||
};
|
||||
|
||||
deployment = {
|
||||
allowLocalDeployment = true;
|
||||
targetHost = null;
|
||||
tags = ["desktop"];
|
||||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
home-manager.users.pim.imports = [./pim.home.nix];
|
||||
nix.settings.trusted-users = ["pim"];
|
||||
system.stateVersion = "23.05";
|
||||
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
borgbackup
|
||||
kubectl
|
||||
nmap
|
||||
poppler_utils # For pdfunite
|
||||
silicon
|
||||
units
|
||||
];
|
||||
|
||||
virtualisation = {
|
||||
libvirtd.enable = true;
|
||||
|
||||
docker = {
|
||||
enable = true;
|
||||
|
||||
rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/560E-F8A2";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0022" "dmask=0022"];
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
substituters = ["https://cosmic.cachix.org/"];
|
||||
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
||||
|
||||
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
|
||||
configuration = {
|
||||
imports = [
|
||||
inputs.nixos-cosmic.nixosModules.default
|
||||
];
|
||||
|
||||
services = {
|
||||
desktopManager.cosmic.enable = true;
|
||||
displayManager.cosmic-greeter.enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -1,54 +1,43 @@
|
|||
{
|
||||
lib,
|
||||
self,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (self.packages.${pkgs.system}) neovim;
|
||||
in {
|
||||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
tidal.enable = false;
|
||||
tidal.enable = true;
|
||||
gnome.enable = true;
|
||||
vscode.enable = true;
|
||||
syncthing.enable = true;
|
||||
neovim.enable = true;
|
||||
firefox.enable = true;
|
||||
};
|
||||
|
||||
programs = {
|
||||
chromium.enable = true;
|
||||
git.extraConfig.core.editor = lib.getExe neovim;
|
||||
};
|
||||
programs.chromium.enable = true;
|
||||
|
||||
home = {
|
||||
username = "pkunis";
|
||||
homeDirectory = "/home/pkunis";
|
||||
username = "pim";
|
||||
homeDirectory = "/home/pim";
|
||||
stateVersion = "23.05";
|
||||
sessionVariables = {
|
||||
MANPAGER = "${lib.getExe neovim} +Man!";
|
||||
EDITOR = lib.getExe neovim;
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = "${self}/secrets/blocktech/pkunis.yaml";
|
||||
defaultSopsFile = "${self}/secrets/sue/pim.yaml";
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
||||
};
|
||||
|
||||
home.packages =
|
||||
[self.packages.${pkgs.system}.neovim]
|
||||
++ (with pkgs; [
|
||||
(with pkgs; [
|
||||
jellyfin-media-player
|
||||
virt-manager
|
||||
bottles-unwrapped
|
||||
feishin
|
||||
])
|
||||
++ (with pkgs.unstable; [
|
||||
attic-client
|
||||
dbeaver-bin
|
||||
devenv
|
||||
bottles-unwrapped
|
||||
gimp
|
||||
hexchat
|
||||
impression
|
||||
|
@ -57,6 +46,7 @@ in {
|
|||
krita
|
||||
libreoffice
|
||||
# logseq # Has insecure electron dependency
|
||||
moonlight-qt
|
||||
nicotine-plus
|
||||
qFlipper
|
||||
signal-desktop
|
||||
|
@ -67,6 +57,7 @@ in {
|
|||
wireshark
|
||||
# nheko # Has insecure olm dependency
|
||||
handbrake
|
||||
feishin
|
||||
redfishtool
|
||||
]);
|
||||
};
|
|
@ -3,7 +3,7 @@ inputs @ {
|
|||
self,
|
||||
...
|
||||
}: {
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (_: {
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (name: {
|
||||
system,
|
||||
nixosModule,
|
||||
}:
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
borgBackupOpts = {
|
||||
options = {
|
||||
paths = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
};
|
||||
scaleDeployments = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
deploymentName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
deploymentNamespace = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
replicaCount = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.pim.backups = {
|
||||
borgBackups = lib.mkOption {
|
||||
type = with lib.types; attrsOf (submodule borgBackupOpts);
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: should have some timeout and alerting?
|
||||
config = {
|
||||
services.borgbackup.jobs =
|
||||
lib.mapAttrs (name: c: let
|
||||
preHook = ''
|
||||
${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=0
|
||||
|
||||
while [ -n "$(${pkgs.k3s}/bin/kubectl get deployment -n ${c.deploymentNamespace} ${c.deploymentName} -o jsonpath='{.status.replicas}')" ]; do
|
||||
echo "Waiting for replicas to scale down to 0..."
|
||||
sleep 2
|
||||
done
|
||||
'';
|
||||
postHook = "${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=${toString c.replicaCount}";
|
||||
in {
|
||||
inherit (c) paths;
|
||||
repo = "ssh://w553a7cb@w553a7cb.repo.borgbase.com/./repo";
|
||||
startAt = "*-*-* 00:00:00";
|
||||
# TODO: low benefit, but we could set borgbase's host keys here as they are published online.
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
postHook = lib.mkIf c.scaleDeployments postHook;
|
||||
archiveBaseName = name;
|
||||
|
||||
prune.keep = {
|
||||
within = "7d";
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
|
||||
preHook = lib.mkIf c.scaleDeployments preHook;
|
||||
|
||||
encryption = {
|
||||
passCommand = "cat ${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
mode = "repokey-blake2";
|
||||
};
|
||||
})
|
||||
config.pim.backups.borgBackups;
|
||||
|
||||
systemd.timers = lib.mapAttrs' (name: _c: lib.nameValuePair "borgbackup-job-${name}" {timerConfig.RandomizedDelaySec = "5h";}) config.pim.backups.borgBackups;
|
||||
};
|
||||
}
|
94
nixos/backups.nix
Normal file
94
nixos/backups.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.backups;
|
||||
|
||||
borgmaticConfig = pkgs.writeTextFile {
|
||||
name = "borgmatic-config.yaml";
|
||||
|
||||
text = lib.generators.toYAML {} {
|
||||
source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
|
||||
|
||||
repositories = [
|
||||
{
|
||||
path = cfg.repoLocation;
|
||||
label = "nfs";
|
||||
}
|
||||
{
|
||||
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
|
||||
label = "borgbase";
|
||||
}
|
||||
];
|
||||
|
||||
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
keep_daily = 7;
|
||||
keep_weekly = 4;
|
||||
keep_monthly = 12;
|
||||
keep_yearly = -1;
|
||||
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.pim.backups = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Whether to enable backups of persistent data on this machine.
|
||||
'';
|
||||
};
|
||||
|
||||
repoLocation = lib.mkOption {
|
||||
default = "/mnt/longhorn/persistent/nfs.borg";
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Location of the Borg repository to back up to.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [borgbackup];
|
||||
# Converted from:
|
||||
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
|
||||
systemd.services.borgmatic = {
|
||||
description = "borgmatic backup";
|
||||
wants = ["network-online.target"];
|
||||
after = ["network-online.target"];
|
||||
unitConfig.ConditionACPower = true;
|
||||
preStart = "${pkgs.coreutils}/bin/sleep 10s";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
Nice = 19;
|
||||
CPUSchedulingPolicy = "batch";
|
||||
IOSchedulingClass = "best-effort";
|
||||
IOSchedulingPriority = 7;
|
||||
IOWeight = 100;
|
||||
Restart = "no";
|
||||
LogRateLimitIntervalSec = 0;
|
||||
Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
};
|
||||
|
||||
script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
|
||||
};
|
||||
|
||||
systemd.timers.borgmatic = {
|
||||
description = "Run borgmatic backup";
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 3:00:00";
|
||||
Persistent = true;
|
||||
RandomizedDelaySec = "1h";
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"borg/borgPassphrase" = {};
|
||||
"borg/borgbasePrivateKey" = {};
|
||||
};
|
||||
};
|
||||
}
|
24
nixos/cinnamon.nix
Normal file
24
nixos/cinnamon.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.cinnamon;
|
||||
in {
|
||||
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
displayManager.defaultSession = "cinnamon";
|
||||
libinput.enable = true;
|
||||
xserver = {
|
||||
desktopManager.cinnamon.enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.cinnamon.excludePackages = [
|
||||
pkgs.gnome-terminal
|
||||
];
|
||||
};
|
||||
}
|
14
nixos/compliance.nix
Normal file
14
nixos/compliance.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.compliance;
|
||||
in {
|
||||
options.pim.compliance.enable = lib.mkEnableOption "compliance";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.clamav = {
|
||||
daemon.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
47
nixos/data-sharing.nix
Normal file
47
nixos/data-sharing.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.data-sharing;
|
||||
|
||||
nfsShares = [
|
||||
"/mnt/longhorn/persistent/media"
|
||||
"/mnt/longhorn/persistent/media/books"
|
||||
"/mnt/longhorn/persistent/media/movies"
|
||||
"/mnt/longhorn/persistent/media/music"
|
||||
"/mnt/longhorn/persistent/media/shows"
|
||||
"/mnt/longhorn/persistent/longhorn-backup"
|
||||
];
|
||||
|
||||
nfsExports = lib.strings.concatLines (
|
||||
builtins.map
|
||||
(
|
||||
share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
|
||||
)
|
||||
nfsShares
|
||||
);
|
||||
in {
|
||||
options.pim.data-sharing = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Configure this server to serve our data using NFS.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
2049 # NFS
|
||||
111 # NFS
|
||||
20048 # NFS
|
||||
];
|
||||
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports = nfsExports;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -18,12 +18,15 @@
|
|||
./stylix.nix
|
||||
./wireguard.nix
|
||||
./gnome.nix
|
||||
./compliance.nix
|
||||
./cinnamon.nix
|
||||
./ssh.nix
|
||||
./desktop.nix
|
||||
./server.nix
|
||||
./prometheus.nix
|
||||
./kubernetes
|
||||
./backups-ng.nix
|
||||
./data-sharing.nix
|
||||
./backups.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
|
@ -42,6 +45,7 @@
|
|||
|
||||
config = {
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
hardware.pulseaudio.enable = false;
|
||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||
|
||||
i18n = {
|
||||
|
@ -93,7 +97,6 @@
|
|||
xserver.excludePackages = [pkgs.xterm];
|
||||
printing.drivers = [pkgs.hplip pkgs.gutenprint];
|
||||
tailscale.enable = true;
|
||||
pulseaudio.enable = false;
|
||||
|
||||
pipewire = {
|
||||
alsa.enable = true;
|
||||
|
@ -125,8 +128,6 @@
|
|||
ncdu
|
||||
lshw
|
||||
sops
|
||||
nix-tree
|
||||
fd
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -145,7 +146,7 @@
|
|||
};
|
||||
|
||||
nix = {
|
||||
package = lib.mkDefault pkgs.nixVersions.stable;
|
||||
package = pkgs.nixVersions.stable;
|
||||
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
|
@ -169,6 +170,8 @@
|
|||
};
|
||||
|
||||
nixpkgs = {
|
||||
# hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
config = {
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
|
@ -178,16 +181,11 @@
|
|||
"steam-run"
|
||||
"steam-unwrapped"
|
||||
];
|
||||
|
||||
permittedInsecurePackages = [
|
||||
"electron-33.4.11"
|
||||
];
|
||||
};
|
||||
|
||||
overlays = [
|
||||
inputs.nur.overlays.default
|
||||
(_final: _prev: {
|
||||
inherit (inputs.nixpkgs-oldstable.legacyPackages.x86_64-linux) containerd;
|
||||
inputs.nur.overlay
|
||||
(final: _prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
inherit (pkgs) system;
|
||||
config.allowUnfree = true;
|
||||
|
@ -196,13 +194,9 @@
|
|||
];
|
||||
};
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxKernel.packages.linux_6_14;
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
boot.kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
|
|
|
@ -6,11 +6,6 @@
|
|||
config = lib.mkIf (builtins.elem "desktop" config.deployment.tags) {
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
xserver.enable = true;
|
||||
printing.enable = true;
|
||||
|
|
|
@ -46,6 +46,8 @@ in {
|
|||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
k3s
|
||||
openiscsi # Required for Longhorn
|
||||
nfs-utils # Required for Longhorn
|
||||
];
|
||||
|
||||
# TODO!!!!!
|
||||
|
@ -119,13 +121,27 @@ in {
|
|||
serverFlags = builtins.concatStringsSep " " serverFlagList;
|
||||
in {
|
||||
enable = true;
|
||||
inherit (cfg) role clusterInit;
|
||||
role = cfg.role;
|
||||
tokenFile = config.sops.secrets."k3s/serverToken".path;
|
||||
extraFlags = lib.mkIf (cfg.role == "server") (lib.mkForce serverFlags);
|
||||
clusterInit = cfg.clusterInit;
|
||||
serverAddr = lib.mkIf (! (cfg.serverAddr == null)) cfg.serverAddr;
|
||||
};
|
||||
|
||||
# Required for Longhorn
|
||||
openiscsi = {
|
||||
enable = true;
|
||||
name = "iqn.2016-04.com.open-iscsi:${config.networking.fqdn}";
|
||||
};
|
||||
};
|
||||
|
||||
# HACK: Symlink binaries to /usr/local/bin such that Longhorn can find them
|
||||
# when they use nsenter.
|
||||
# https://github.com/longhorn/longhorn/issues/2166#issuecomment-1740179416
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
|
||||
];
|
||||
|
||||
system.activationScripts = {
|
||||
k3s-bootstrap = lib.mkIf (cfg.role == "server") {
|
||||
text = (
|
||||
|
|
|
@ -12,39 +12,42 @@
|
|||
services.prometheus = {
|
||||
enable = true;
|
||||
|
||||
scrapeConfigs = let
|
||||
node = {
|
||||
job_name = "node";
|
||||
static_configs = [
|
||||
{
|
||||
targets = lib.pipe nodes [
|
||||
(lib.filterAttrs (_name: node: node.config.services.prometheus.exporters.node.enable))
|
||||
(lib.attrsets.mapAttrsToList
|
||||
(_name: node: "${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"))
|
||||
];
|
||||
}
|
||||
scrapeConfigs = (
|
||||
let
|
||||
generated = lib.pipe nodes [
|
||||
(lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable))
|
||||
(lib.attrsets.mapAttrsToList
|
||||
(name: node: {
|
||||
job_name = name;
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"];
|
||||
}
|
||||
];
|
||||
}))
|
||||
];
|
||||
};
|
||||
|
||||
pikvm = {
|
||||
job_name = "pikvm";
|
||||
metrics_path = "/api/export/prometheus/metrics";
|
||||
scheme = "https";
|
||||
tls_config.insecure_skip_verify = true;
|
||||
pikvm = {
|
||||
job_name = "pikvm";
|
||||
metrics_path = "/api/export/prometheus/metrics";
|
||||
scheme = "https";
|
||||
tls_config.insecure_skip_verify = true;
|
||||
|
||||
# We don't care about security here, it's behind a VPN.
|
||||
basic_auth = {
|
||||
username = "admin";
|
||||
password = "admin";
|
||||
# We don't care about security here, it's behind a VPN.
|
||||
basic_auth = {
|
||||
username = "admin";
|
||||
password = "admin";
|
||||
};
|
||||
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["pikvm.dmz"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["pikvm.dmz"];
|
||||
}
|
||||
];
|
||||
};
|
||||
in [node pikvm];
|
||||
in
|
||||
generated ++ [pikvm]
|
||||
);
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
lib,
|
||||
config,
|
||||
self,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
options.pim.tailscale.advertiseExitNode = lib.mkOption {
|
||||
|
@ -11,8 +10,6 @@
|
|||
};
|
||||
|
||||
config = lib.mkIf (builtins.elem "server" config.deployment.tags) {
|
||||
environment.systemPackages = [pkgs.unar];
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port];
|
||||
domain = "dmz";
|
||||
|
@ -63,10 +60,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"tailscale/authKey".sopsFile = "${self}/secrets/servers.yaml";
|
||||
"borg/borgPassphrase".sopsFile = "${self}/secrets/servers.yaml";
|
||||
"borg/borgbasePrivateKey".sopsFile = "${self}/secrets/servers.yaml";
|
||||
sops.secrets."tailscale/authKey" = {
|
||||
sopsFile = "${self}/secrets/servers.yaml";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -19,11 +19,6 @@ in {
|
|||
enable = true;
|
||||
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
|
||||
|
||||
# targets = {
|
||||
# firefox.profileNames = ["default"];
|
||||
# librewolf.profileNames = ["default"];
|
||||
# };
|
||||
|
||||
cursor = {
|
||||
package = pkgs.bibata-cursors;
|
||||
name = "Bibata-Modern-Classic";
|
||||
|
@ -31,7 +26,10 @@ in {
|
|||
};
|
||||
|
||||
fonts = {
|
||||
monospace.package = pkgs.nerd-fonts.jetbrains-mono;
|
||||
monospace = {
|
||||
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
|
||||
name = "JetBrainsMono Nerd Font Mono";
|
||||
};
|
||||
|
||||
sansSerif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
}: let
|
||||
cfg = config.pim.tidal;
|
||||
in {
|
||||
# TODO: this is bad and broken
|
||||
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
119
packages.nix
119
packages.nix
|
@ -2,129 +2,12 @@
|
|||
nixpkgs,
|
||||
flake-utils,
|
||||
treefmt-nix,
|
||||
nvf,
|
||||
...
|
||||
}:
|
||||
flake-utils.lib.eachDefaultSystem (system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
|
||||
treefmtWrapper = treefmtEval.config.build.wrapper;
|
||||
neovimConfigured = nvf.lib.neovimConfiguration {
|
||||
inherit pkgs;
|
||||
modules = [
|
||||
{
|
||||
config.vim = {
|
||||
preventJunkFiles = true;
|
||||
telescope.enable = true;
|
||||
autopairs.nvim-autopairs.enable = true;
|
||||
autocomplete.nvim-cmp.enable = true;
|
||||
snippets.luasnip.enable = true;
|
||||
filetree.neo-tree.enable = true;
|
||||
tabline.nvimBufferline.enable = true;
|
||||
dashboard.alpha.enable = true;
|
||||
notify.nvim-notify.enable = true;
|
||||
projects.project-nvim.enable = true;
|
||||
comments.comment-nvim.enable = true;
|
||||
extraPlugins.vim-sleuth.package = pkgs.vimPlugins.vim-sleuth;
|
||||
|
||||
keymaps = [
|
||||
{
|
||||
key = "<C-e>";
|
||||
mode = ["n"];
|
||||
action = ":Neotree toggle<CR>";
|
||||
silent = true;
|
||||
desc = "Toggle Neotree";
|
||||
}
|
||||
];
|
||||
|
||||
lsp = {
|
||||
enable = true;
|
||||
formatOnSave = true;
|
||||
lightbulb.enable = true;
|
||||
trouble.enable = true;
|
||||
lspSignature.enable = true;
|
||||
otter-nvim.enable = true;
|
||||
};
|
||||
|
||||
languages = {
|
||||
enableFormat = true;
|
||||
enableTreesitter = true;
|
||||
enableExtraDiagnostics = true;
|
||||
nix.enable = true;
|
||||
markdown.enable = true;
|
||||
bash.enable = true;
|
||||
clang.enable = true;
|
||||
css.enable = true;
|
||||
html.enable = true;
|
||||
sql.enable = true;
|
||||
go.enable = true;
|
||||
python.enable = true;
|
||||
|
||||
rust = {
|
||||
enable = true;
|
||||
crates.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
visuals = {
|
||||
nvim-web-devicons.enable = true;
|
||||
cinnamon-nvim.enable = true;
|
||||
fidget-nvim.enable = true;
|
||||
highlight-undo.enable = true;
|
||||
cellular-automaton.enable = true;
|
||||
};
|
||||
|
||||
statusline.lualine = {
|
||||
enable = true;
|
||||
theme = "gruvbox";
|
||||
};
|
||||
|
||||
theme = {
|
||||
enable = true;
|
||||
name = "gruvbox";
|
||||
style = "dark";
|
||||
transparent = false;
|
||||
};
|
||||
|
||||
binds = {
|
||||
whichKey.enable = true;
|
||||
cheatsheet.enable = true;
|
||||
};
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
gitsigns.enable = true;
|
||||
};
|
||||
|
||||
utility = {
|
||||
surround.enable = true;
|
||||
diffview-nvim.enable = true;
|
||||
|
||||
motion = {
|
||||
hop.enable = true;
|
||||
leap.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
terminal.toggleterm = {
|
||||
enable = true;
|
||||
lazygit.enable = true;
|
||||
};
|
||||
|
||||
ui = {
|
||||
borders.enable = true;
|
||||
noice.enable = true;
|
||||
colorizer.enable = true;
|
||||
smartcolumn.enable = true;
|
||||
fastaction.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
in {
|
||||
packages = {
|
||||
formatter = treefmtWrapper;
|
||||
inherit (neovimConfigured) neovim;
|
||||
};
|
||||
packages.formatter = treefmtWrapper;
|
||||
})
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
sunshine_credentials: ENC[AES256_GCM,data:P1sttD3H65DQje+Cs5CVLqvhtXWtoBgu/TBZ3WFIWqErRKtKa31V2lLrgixrty4TVM5qq06zE5z3lQ78ZAHLNh80jMPvoAcCqTXXoWwIYwdHJT0iG09f0ZfpiVTZU4MuCn0uuaJ6873AYe60siZW8uFntu3v230izoAqY9Ex+BzIOOliuqrnIRzdw06TCrrBTJUr,iv:WZqkSZOsiCWx7VPuTDA1Js1DcHZLK9YLDxTQ2nVlFQ8=,tag:iJ6bSofnPWWm7B+VPm+MyQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
tailscale:
|
||||
authKey: ENC[AES256_GCM,data:3eXxQBY6AVqU4R1NlsyhGCfXW5wL58ODRH/f+zo5YFRad/ys1vB9JeKagq0SJSj/w4zxRAEpCf1o47Ypww==,iv:QklyIFuXlbH6cM/I0gqDH/Xeay9gqxqeyulQ7W/dbig=,tag:E/3UqtsfSVOi6otSlReO0Q==,type:str]
|
||||
borg:
|
||||
borgPassphrase: ENC[AES256_GCM,data:UWA2sBLPi63MRVOPTYPWYLujF2M=,iv:FQq/IsZK7LWo30gZc7oT2E9feCLn7Oeg6wDGuezkhu8=,tag:fWYaZUwJrM8x6cemXzz6xg==,type:str]
|
||||
borgbasePrivateKey: ENC[AES256_GCM,data:O7eIY1yvbnBTS96tt5a8vcOEOzit4tEbIHmxnSbNsowC7YNk2g6MShQ6ll86GDiunLY33/Px0bqq9+4z/dk4N3FWQ1v5KQjr/gh+CS8VpIrv9zLv+Ru9UzeWQusbYxqnCu/IAQ1aB8UGV2LSCesQ0r/B6XEe51Phi65uWkbUYa/8voSiws3T3hnNrUDqiHdzfBgWZIQszz7zD92Q+aXu/kGNSxVKbXjWVfqBiyDEtuLEWoC1eENeEs41Ov5YT0Lm6+CUWadPqEwkDSvZWnBhoPwPLTZ/+ftZ/nizXUujsTdRwjcbOwJER+ObhgWDxbJE2WifxFOmHt3ggfSmAN842u5PjfT5gqpXMlTdCwYAYEJvDMqGsADe4p7+vPWJbetaahFrFGN8uBw7rs7W2wIiUKB5bAbAG0o6hdTpWfysuzMOFK/fROvCJsNhhKbbdiQbI0+SogtCkwv69+3uaRTFi33uqKCO6PQ6rMIahjo1lutm9iWq2nX4oI40W1KPC6EU/wF2,iv:rzkjjSnyrs58ZEO8XLsCSFsPHbtnL39SF6NJ6lUg3Ww=,tag:q0sunVc+9bLFoSdeykuT6g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -72,8 +69,8 @@ sops:
|
|||
Y2cwK05uWXFhbndyRlhrSFNjYUlmZ1UKZ1vFRu1QhGGf7BIP8TxK2BIlMZlP3muA
|
||||
R3qLr1lEQmob4O0ilwn65nSCEd1/9W6dUWqeSlJ6CavjG59AvSHfIA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-25T14:53:30Z"
|
||||
mac: ENC[AES256_GCM,data:jzjF+qjdptTI0Y1wNteZgYBGwF5dFWEBIFY3+k4Ty0YU/WB5AyUL6A8v0+PyoxoJK3pL+NAJEmLmAPFVh3+ExDlU9g3TAgpkOs7EsbJtWcjo8Ah08Hl8zoWqcMFcQhZ+aLnVKAE+tIBT4dWyV0AvOWmU8luvarsCp2tQ2OoBH20=,iv:PmbLg91onGz3kjxXMua/Thb904qDkWjHJcBY2dMAios=,tag:e0+fQqNysdiGvaodcimMVQ==,type:str]
|
||||
lastmodified: "2024-11-30T18:44:29Z"
|
||||
mac: ENC[AES256_GCM,data:SG6a5pWa3gMaSz9d9fOchUXtXbRTpMOXmbOjZo5Fdx8Es1MEDwezwscQaj9p1dzmGa+7U8UUUzMYxlg2SmGgGdPgCs0a5RQVYvQFNdgpRiuknflFMcdgXLv7XFsTqsqSmbN0O662YDvCcz4DWRKjNCZAimlLym8pwDihj1D8dcU=,iv:JmCbcazDK2KPyYsoVy39sr4IbfiGfmGoopit5ojVADk=,tag:6tKYfMkJBjsThaa4qLqobw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
version: 3.9.1
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
sops_nix_keys:
|
||||
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
|
||||
pkunis: ENC[AES256_GCM,data:192vkgOdMoDEhPU6yilatIfaFS/1LJFvteEMYI1/3SBP773lN62pWoDiJDiBtjBCisA/3yHriL3Dpvs1PwbV0BChmbL+svwKrFE=,iv:/YyZ+NSyZwyGp4NJYUSeYOOUfGaH5jOiVUH8QeWnFUA=,tag:sWN0bQvm8Ejw5+XST0pAEQ==,type:str]
|
||||
pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -16,8 +16,8 @@ sops:
|
|||
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
|
||||
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-25T13:53:06Z"
|
||||
mac: ENC[AES256_GCM,data:lLojNOq2QtdeqiCHOg6+Kssfa+Ey6JefPQulFkgnr1Onrt60ds2qWg5TTMHMlUaa6vB1S78WqyquTRBLv9Ek/alOae+CgdDi+vVX8hG5Mc2Edcfl+z8rRNFB+2mOEl1gJwKntyxySx6YBiDhZsH0p+Xflw9WGm/lL/FyRCJCwq0=,iv:8PqXupgwdfgdfIzsymVSrjQACoMODR+XYPgLMvASjos=,tag:rLGJlL3alm/qy+3qeS637g==,type:str]
|
||||
lastmodified: "2024-11-30T23:42:51Z"
|
||||
mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
Loading…
Add table
Add a link
Reference in a new issue