pim/nixos-configs
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: pim:master
Branches Tags
pim:master
pim:jellyseerr-test
pim:hyprland
pim:vuescan
..
compare: pim:jellyseerr-test
Branches Tags
pim:master
pim:jellyseerr-test
pim:hyprland
pim:vuescan

1 commit
master ... jellyseerr

Author SHA1 Message Date
Pim Kunis
c4d676c9f9 Test new jellyseerr version 2024-12-17 17:26:57 +01:00
39 changed files with 3688 additions and 2162 deletions
Show stats Expand all files Collapse all files

54
.sops.yaml
View file

@ -1,7 +1,7 @@
# Public keys are combination of host + user
keys:
- &laptop_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
- &laptop_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
@ -11,36 +11,36 @@ keys:
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
creation_rules:
- path_regex: secrets/blocktech/colmena.yaml
- path_regex: secrets/sue/colmena.yaml
key_groups:
- age:
- *laptop_root
- path_regex: secrets/blocktech/nixos.yaml
- *sue_root
- path_regex: secrets/sue/nixos.yaml
key_groups:
- age:
- *laptop_root
- path_regex: secrets/blocktech/pkunis.yaml
- *sue_root
- path_regex: secrets/sue/pim.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- path_regex: secrets/gamepc/colmena.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- path_regex: secrets/gamepc/pim.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *gamepc_root
- *gamepc_pim
- path_regex: secrets/warwick/colmena.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/servers.yaml
key_groups:
@ -49,14 +49,14 @@ creation_rules:
- *atlas_root
- *jefke_root
- *lewis_root
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/atlas/colmena.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/kubernetes.yaml
key_groups:
@ -64,25 +64,25 @@ creation_rules:
- *atlas_root
- *jefke_root
- *lewis_root
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/jefke/colmena.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/lewis/colmena.yaml
key_groups:
- age:
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/lewis/nixos.yaml
key_groups:
- age:
- *lewis_root
- *laptop_pim
- *laptop_root
- *sue_pim
- *sue_root
- *niels

17
README.md
View file

@ -3,40 +3,33 @@
NixOS configurations for the machines I manage.
Currently managed systems:
- **blocktech**: My current laptop, a ThinkPad P1. It has two flavours:
- Default running GNOME
- Specialisation running Cosmic
- **sue**: My current laptop, a Dell XPS 9315. It has two flavours:
- Default running GNOME
- Specialisation running Cosmic
- **gamepc**: My gaming PC running Cinnamon
- **warwick**: A Raspberry Pi 4 Model B, which mostly does some monitoring
- **atlas**: A Gigabyte Brix, one of my Kubernetes nodes
- **jefke**: A Gigabyte Brix, one of my Kubernetes nodes
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains
my media collection and does backups.
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains my media collection and does backups.
## Deployment
I use [Colmena](https://colmena.cli.rs) for deploying my machines.
Create garbage collection roots like so:
```
colmena build --keep-result --experimental-flake-eval
```
To apply to the local machine:
```
sudo colmena apply-local --sudo --experimental-flake-eval
```
To apply to all remotely managed systems:
```
colmena apply --experimental-flake-eval
```
> [!NOTE]
> Currently the `--experimental-flake-eval` flag is necessary to properly use
> Colmena with flakes. See
> [this PR](https://github.com/zhaofengli/colmena/pull/228).
> Currently the `--experimental-flake-eval` flag is necessary to properly use Colmena with flakes. See [this PR](https://github.com/zhaofengli/colmena/pull/228).

4
colmena.nix
View file

@ -15,9 +15,9 @@ inputs @ {
};
};
blocktech = {
sue = {
imports = [
(import ./machines).blocktech.nixosModule
(import ./machines).sue.nixosModule
./nixos
];
};

376
flake.lock generated
View file

@ -123,11 +123,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1739900653,
"narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=",
"lastModified": 1731527002,
"narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab",
"rev": "e3ad42138015fcdf2524518dd564a13145c72ea1",
"type": "github"
},
"original": {
@ -176,11 +176,11 @@
]
},
"locked": {
"lastModified": 1741786315,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"lastModified": 1733168902,
"narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"rev": "785c1e02c7e465375df971949b8dcbde9ec362e5",
"type": "github"
},
"original": {
@ -256,11 +256,11 @@
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -330,50 +330,11 @@
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
@ -434,24 +395,6 @@
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": [
"stylix",
@ -494,14 +437,15 @@
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs-unstable"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
@ -598,11 +542,11 @@
]
},
"locked": {
"lastModified": 1742655702,
"narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=",
"lastModified": 1733050161,
"narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0948aeedc296f964140d9429223c7e4a0702a1ff",
"rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
"type": "github"
},
"original": {
@ -683,47 +627,6 @@
"type": "github"
}
},
"mnw": {
"locked": {
"lastModified": 1742255973,
"narHash": "sha256-XfEGVKatTgEMMOVb4SNp1LYLQOSzzrFTDMVDTZFyMVE=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "b982dbd5e6d55d4438832b3567c09bc2a129649d",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "mnw",
"type": "github"
}
},
"nil": {
"inputs": {
"flake-utils": [
"nvf",
"flake-utils"
],
"nixpkgs": [
"nvf",
"nixpkgs"
],
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1741118843,
"narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=",
"owner": "oxalica",
"repo": "nil",
"rev": "577d160da311cc7f5042038456a0713e9863d09e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "nil",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@ -752,11 +655,11 @@
]
},
"locked": {
"lastModified": 1743306489,
"narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"lastModified": 1733024876,
"narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"rev": "6e0b7f81367069589a480b91603a10bcf71f3103",
"type": "github"
},
"original": {
@ -775,11 +678,11 @@
]
},
"locked": {
"lastModified": 1734289443,
"narHash": "sha256-oU3AGvzByR7622kntPUPIHfAreOIktAsJav2ATHuc18=",
"lastModified": 1730022297,
"narHash": "sha256-eVMEONp3yqu0gy0RtOSEpOAueXuQsGQVqac3qCJixMU=",
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"rev": "387e220d369dfa0ad093035515e8757f83144be8",
"rev": "c738f1a16a8612dfc474a4424bacff7e89369ca3",
"type": "github"
},
"original": {
@ -812,11 +715,11 @@
"nixos-artwork": {
"flake": false,
"locked": {
"lastModified": 1738002455,
"narHash": "sha256-VIrSOBCCNq6Fc0dS7XMtC1VebnjRvIUi0/kPal2gWcU=",
"lastModified": 1731943625,
"narHash": "sha256-XquSEijNYtGDkW35bibT2ki18qicENCsIcDzDxrgQkM=",
"ref": "refs/heads/master",
"rev": "33856d7837cb8ba76c4fc9e26f91a659066ee31f",
"revCount": 215,
"rev": "63f68a917f4e8586c5d35e050cdaf1309832272d",
"revCount": 214,
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
},
@ -835,11 +738,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1743246566,
"narHash": "sha256-arEFUDLjADYIZ7T6PZX1yLOnfMoZ1ByebtmPuvV98+s=",
"lastModified": 1733328873,
"narHash": "sha256-tvy/IE0qwY37JcSZhhqNbhvVi1xdWrMRsLZ6D/+0Eyw=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "c709db4b95e58f410978bb49c87cb74214d03e78",
"rev": "2e87e0f9f40a31396ed94b4a42595662c2eeaf31",
"type": "github"
},
"original": {
@ -850,11 +753,11 @@
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1738752252,
"narHash": "sha256-/nA3tDdp/2g0FBy8966ppC2WDoyXtUWaHkZWL+N3ZKc=",
"lastModified": 1732288619,
"narHash": "sha256-zSQ2cR+NRJfHUVfkv+O6Wi53wXfzX8KHiO8fRfnvc0M=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "60f8b8f3f99667de6a493a44375e5506bf0c48b1",
"rev": "862648589993a96480c2255197a28feea712f68f",
"type": "github"
},
"original": {
@ -865,11 +768,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1743167577,
"narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=",
"lastModified": 1733217105,
"narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42",
"rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9",
"type": "github"
},
"original": {
@ -881,11 +784,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734119587,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"lastModified": 1730785428,
"narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
"type": "github"
},
"original": {
@ -895,22 +798,23 @@
"type": "github"
}
},
"nixpkgs-lib": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
@ -928,11 +832,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1743259260,
"narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=",
"lastModified": 1733097829,
"narHash": "sha256-9hbb1rqGelllb4kVUCZ307G2k3/UhmA8PPGBoyuWaSw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f",
"rev": "2c15aa59df0017ca140d9ba302412298ab4bf22a",
"type": "github"
},
"original": {
@ -944,11 +848,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"lastModified": 1732837521,
"narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
"rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370",
"type": "github"
},
"original": {
@ -960,11 +864,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1743231893,
"narHash": "sha256-tpJsHMUPEhEnzySoQxx7+kA+KUtgWqvlcUBqROYNNt0=",
"lastModified": 1733261153,
"narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c570c1f5304493cafe133b8d843c7c1c4a10d3a6",
"rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88",
"type": "github"
},
"original": {
@ -975,22 +879,6 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1725194671,
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=",
@ -1006,13 +894,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_5": {
"locked": {
"lastModified": 1735554305,
"narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
"lastModified": 1731890469,
"narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd",
"rev": "5083ec887760adfe12af64830a66807423a859a7",
"type": "github"
},
"original": {
@ -1023,17 +911,12 @@
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1743330389,
"narHash": "sha256-R75j7SG54s7Q2wqnT+LBXVWgcAcR5ZSFmMOWmCem1tQ=",
"lastModified": 1733327348,
"narHash": "sha256-C9cakd/zcXDhzIeHjjzToBx8bEVqWVB53RUzpUcKboM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "18d012e20b24fefad08de4460c6afcdece34abe6",
"rev": "81acc5a20ba2d84d206f61d2784147900965cd9f",
"type": "github"
},
"original": {
@ -1042,31 +925,6 @@
"type": "github"
}
},
"nvf": {
"inputs": {
"flake-parts": "flake-parts_4",
"flake-utils": "flake-utils_4",
"mnw": "mnw",
"nil": "nil",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_5"
},
"locked": {
"lastModified": 1743301931,
"narHash": "sha256-gex4W+Fyn6RB8x9/y+VWY1EG6RItmlW1HJjAj3mWqKc=",
"owner": "notashelf",
"repo": "nvf",
"rev": "05489d95b69b4c81e9b9a66a23f6e0cb1c8edb3d",
"type": "github"
},
"original": {
"owner": "notashelf",
"repo": "nvf",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
@ -1082,7 +940,7 @@
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1681413034,
@ -1117,10 +975,9 @@
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"nvf": "nvf",
"sops-nix": "sops-nix",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix"
}
},
"rust-overlay": {
@ -1156,33 +1013,11 @@
]
},
"locked": {
"lastModified": 1743215516,
"narHash": "sha256-52qbrkG65U1hyrQWltgHTgH4nm0SJL+9TWv2UDCEPNI=",
"lastModified": 1732933841,
"narHash": "sha256-dge02pUSe2QeC/B3PriA0R8eAX+EU3aDoXj9FcS3XDw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "524463199fdee49338006b049bc376b965a2cfed",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"nvf",
"nil",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741055476,
"narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "aefb7017d710f150970299685e8d8b549d653649",
"rev": "c65e91d4a33abc3bc4a892d3c5b5b378bad64ea1",
"type": "github"
},
"original": {
@ -1198,11 +1033,11 @@
]
},
"locked": {
"lastModified": 1743305778,
"narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=",
"lastModified": 1733128155,
"narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8e873886bbfc32163fe027b8676c75637b7da114",
"rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856",
"type": "github"
},
"original": {
@ -1237,11 +1072,11 @@
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_4",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_5",
"systems": "systems_6"
"nixpkgs": "nixpkgs_4",
"systems": "systems_4"
},
"locked": {
"lastModified": 1726497442,
@ -1317,36 +1152,6 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt": {
"inputs": {
"nixpkgs": [
@ -1370,10 +1175,7 @@
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1733222881,
@ -1388,24 +1190,6 @@
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1743081648,
"narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

5
flake.nix
View file

@ -12,11 +12,6 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
colmena.url = "github:zhaofengli/colmena";
nvf = {
url = "github:notashelf/nvf";
inputs.nixpkgs.follows = "nixpkgs";
};
git-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";

2
formatter.nix
View file

@ -4,5 +4,5 @@
...
}:
flake-utils.lib.eachDefaultSystem (system: {
inherit (self.packages.${system}) formatter;
formatter = self.packages.${system}.formatter;
})

2
home-manager/default.nix
View file

@ -5,6 +5,7 @@
...
}: {
imports = [
./neovim
./firefox
./tidal.nix
./gnome
@ -12,7 +13,6 @@
./vscode.nix
inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops
inputs.nvf.homeManagerModules.default
];
xsession.enable = true;

13
home-manager/neovim/bufferline.lua Normal file
View file

@ -0,0 +1,13 @@
require("bufferline").setup({
options = {
diagnostics = "nvim_lsp",
diagnostics_indicator = function(count, level, diagnostics_dict, context)
local icon = level:match("error") and "" or ""
return " " .. icon .. count
end,
separator_style = "slant",
hover = { enabled = true, reveal = { "close" } },
},
})
vim.keymap.set("n", "<leader>ft", ":BufferLinePick<CR>", {})

43
home-manager/neovim/cmp.lua Normal file
View file

@ -0,0 +1,43 @@
local cmp = require("cmp")
local luasnip = require("luasnip")
require("luasnip.loaders.from_vscode").lazy_load()
luasnip.config.setup({})
cmp.setup({
snippet = {
expand = function(args)
luasnip.lsp_expand(args.body)
end,
},
mapping = cmp.mapping.preset.insert({
["<C-n>"] = cmp.mapping.select_next_item(),
["<C-p>"] = cmp.mapping.select_prev_item(),
["<C-d>"] = cmp.mapping.scroll_docs(-4),
["<C-f>"] = cmp.mapping.scroll_docs(4),
["<C-Space>"] = cmp.mapping.complete({}),
["<CR>"] = cmp.mapping.confirm({
behavior = cmp.ConfirmBehavior.Replace,
select = true,
}),
["<Tab>"] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_locally_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end, { "i", "s" }),
["<S-Tab>"] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.locally_jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end, { "i", "s" }),
}),
sources = { { name = "nvim_lsp" }, { name = "luasnip" } },
})

2
home-manager/neovim/commentary.lua Normal file
View file

@ -0,0 +1,2 @@
vim.cmd([[autocmd FileType nix setlocal commentstring=#%s]])
vim.cmd([[autocmd FileType terraform setlocal commentstring=#%s]])

9
home-manager/neovim/core.lua Normal file
View file

@ -0,0 +1,9 @@
vim.o.background = "dark"
vim.cmd([[colorscheme gruvbox]])
vim.g.mapleader = ";"
vim.o.signcolumn = "yes"
vim.wo.number = true
vim.wo.relativenumber = true
vim.wo.cursorline = true
vim.opt.termguicolors = true
vim.o.mousemoveevent = true

91
home-manager/neovim/default.nix Normal file
View file

@ -0,0 +1,91 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.neovim;
in {
options.pim.neovim.enable = lib.mkEnableOption "neovim";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
defaultEditor = true;
extraLuaConfig = builtins.readFile ./core.lua;
extraPackages = with pkgs; [
nil
pyright
gopls
terraform-ls
nixfmt-classic
stylua
black
nixpkgs-fmt
];
plugins = with pkgs.vimPlugins; [
{
plugin = nvim-lspconfig;
type = "lua";
config = builtins.readFile ./lspconfig.lua;
}
gruvbox-nvim
{
plugin = leap-nvim;
type = "lua";
config = builtins.readFile ./leap.lua;
}
{
plugin = telescope-nvim;
type = "lua";
config = builtins.readFile ./telescope.lua;
}
{
plugin = vim-commentary;
type = "lua";
config = builtins.readFile ./commentary.lua;
}
vim-sleuth
{
plugin = gitsigns-nvim;
type = "lua";
config = ''require("gitsigns").setup()'';
}
{
plugin = nvim-cmp;
type = "lua";
config = builtins.readFile ./cmp.lua;
}
cmp-nvim-lsp
friendly-snippets
neodev-nvim
luasnip
cmp_luasnip
{
plugin = nvim-treesitter.withAllGrammars;
type = "lua";
config = builtins.readFile ./treesitter.lua;
}
{
plugin = bufferline-nvim;
type = "lua";
config = builtins.readFile ./bufferline.lua;
}
nvim-web-devicons
lsp-format-nvim
{
plugin = pkgs.vimPlugins.none-ls-nvim;
type = "lua";
config = builtins.readFile ./none-ls.lua;
}
];
};
programs.git.extraConfig.core.editor = "nvim";
};
}

4
home-manager/neovim/leap.lua Normal file
View file

@ -0,0 +1,4 @@
require("leap").add_default_mappings()
-- Don't remap 'x' in visual mode.
vim.keymap.del({ "x", "o" }, "x")
vim.keymap.del({ "x", "o" }, "X")

65
home-manager/neovim/lspconfig.lua Normal file
View file

@ -0,0 +1,65 @@
require("lsp-format").setup({})
local on_attach = function(client, bufnr)
local bufmap = function(keys, func)
vim.keymap.set("n", keys, func, { buffer = bufnr })
end
bufmap("<leader>r", vim.lsp.buf.rename)
bufmap("<leader>a", vim.lsp.buf.code_action)
bufmap("gd", vim.lsp.buf.definition)
bufmap("gD", vim.lsp.buf.declaration)
bufmap("gI", vim.lsp.buf.implementation)
bufmap("<leader>D", vim.lsp.buf.type_definition)
bufmap("gr", require("telescope.builtin").lsp_references)
bufmap("<leader>s", require("telescope.builtin").lsp_document_symbols)
bufmap("<leader>S", require("telescope.builtin").lsp_dynamic_workspace_symbols)
bufmap("K", vim.lsp.buf.hover)
vim.api.nvim_buf_create_user_command(bufnr, "Format", function(_)
vim.lsp.buf.format()
end, {})
end
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require("cmp_nvim_lsp").default_capabilities(capabilities)
require("neodev").setup()
require("lspconfig").nil_ls.setup({
on_attach = on_attach,
capabilities = capabilities,
})
require("lspconfig").pyright.setup({
on_attach = on_attach,
capabilities = capabilities,
})
require("lspconfig").gopls.setup({
on_attach = on_attach,
capabilities = capabilities,
})
require("lspconfig").terraformls.setup({
on_attach = on_attach,
capabilities = capabilities,
})
local function has_treefmt()
local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
if vim.v.shell_error ~= 0 then
return false
end
local treefmt_path = git_root .. "/treefmt.nix"
return vim.fn.filereadable(treefmt_path) == 1
end
vim.api.nvim_create_autocmd("BufWritePost", {
pattern = "*",
callback = function()
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
vim.cmd("silent !treefmt > /dev/null 2>&1")
end
end,
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
})

53
home-manager/neovim/none-ls.lua Normal file
View file

@ -0,0 +1,53 @@
-- renamed to none-ls
local null_ls_status_ok, null_ls = pcall(require, "null-ls")
if not null_ls_status_ok then
return
end
local formatting = null_ls.builtins.formatting
local diagnostics = null_ls.builtins.diagnostics
local code_actions = null_ls.builtins.code_actions
-- to setup format on save
local augroup = vim.api.nvim_create_augroup("LspFormatting", {})
require("null-ls").setup({
sources = {
formatting.stylua,
formatting.black,
formatting.nixpkgs_fmt,
formatting.mix,
},
-- configure format on save
-- on_attach = function(current_client, bufnr)
-- if current_client.supports_method("textDocument/formatting") then
-- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
-- vim.api.nvim_create_autocmd("BufWritePre", {
-- group = augroup,
-- buffer = bufnr,
-- callback = function()
-- vim.lsp.buf.format({
-- filter = function(client)
-- -- only use null-ls for formatting instead of lsp server
-- return client.name == "null-ls"
-- end,
-- bufnr = bufnr,
-- })
-- end,
-- })
-- end
-- end,
})
-- formatting command
vim.api.nvim_create_user_command("Format", function()
vim.lsp.buf.format(nil, 10000)
end, {})
vim.keymap.set(
"n",
"<leader>fm",
":Format<CR>",
{ desc = "Format current buffer (also done on save)", noremap = true, silent = true }
)

17
home-manager/neovim/telescope.lua Normal file
View file

@ -0,0 +1,17 @@
local builtin = require("telescope.builtin")
vim.keymap.set("n", "<leader>ff", builtin.find_files, {})
vim.keymap.set("n", "<leader>fg", builtin.live_grep, {})
vim.keymap.set("n", "<leader>fb", builtin.buffers, {})
vim.keymap.set("n", "<leader>fr", builtin.lsp_references, {})
vim.keymap.set("n", "<leader>fs", builtin.lsp_document_symbols, {})
require("telescope").setup({
pickers = {
find_files = { theme = "dropdown" },
live_grep = { theme = "dropdown" },
buffers = { theme = "dropdown" },
lsp_references = { theme = "dropdown" },
lsp_document_symbols = { theme = "dropdown" },
},
})

9
home-manager/neovim/treesitter.lua Normal file
View file

@ -0,0 +1,9 @@
require("nvim-treesitter.configs").setup({
ensure_installed = {},
auto_install = false,
highlight = { enable = true },
indent = { enable = true },
})

15
machines/atlas/configuration.nix
View file

@ -1,4 +1,12 @@
{config, ...}: {
{
config,
pkgs,
...
}: {
imports = [./jellyseerr-module.nix];
disabledModules = ["services/misc/jellyseerr.nix"];
config = {
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
@ -10,5 +18,10 @@
targetUser = "root";
tags = ["server" "kubernetes"];
};
services.jellyseerr = {
enable = true;
package = pkgs.callPackage ./jellyseerr.nix {};
};
};
}

76
machines/atlas/jellyseerr-module.nix Normal file
View file

@ -0,0 +1,76 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.services.jellyseerr;
in {
meta.maintainers = with lib.maintainers; [camillemndn pizzapim];
options.services.jellyseerr = {
enable = lib.mkEnableOption ''Jellyseerr, a requests manager for Jellyfin'';
package = lib.mkPackageOption pkgs "jellyseerr" {};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''Open port in the firewall for the Jellyseerr web interface.'';
};
port = lib.mkOption {
type = lib.types.port;
default = 5055;
description = ''The port which the Jellyseerr web UI should listen to.'';
};
config_directory = lib.mkOption {
description = ''
The directory to save run-time configuration.
'';
type = lib.types.str;
example = "/jellyseerr";
default = "/var/lib/jellyseerr";
};
};
config = lib.mkIf cfg.enable {
systemd.services.jellyseerr = {
description = "Jellyseerr, a requests manager for Jellyfin";
after = ["network.target"];
wantedBy = ["multi-user.target"];
environment = {
PORT = toString cfg.port;
CONFIG_DIRECTORY = cfg.config_directory;
};
serviceConfig = {
Type = "exec";
StateDirectory = "jellyseerr";
# WorkingDirectory = "${cfg.package}/libexec/jellyseerr/deps/jellyseerr";
DynamicUser = true;
ExecStart = lib.getExe cfg.package;
# BindPaths = ["/var/lib/jellyseerr/:${cfg.package}/libexec/jellyseerr/deps/jellyseerr/config/"];
Restart = "on-failure";
ProtectHome = true;
ProtectSystem = "strict";
PrivateTmp = true;
PrivateDevices = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
NoNewPrivileges = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
};
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
};
}

89
machines/atlas/jellyseerr.nix Normal file
View file

@ -0,0 +1,89 @@
{
lib,
fetchFromGitHub,
makeWrapper,
node-pre-gyp,
nodejs,
pnpm_9,
python3,
stdenv,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "jellyseerr";
version = "2.1.0";
src = with finalAttrs;
fetchFromGitHub {
owner = "Fallenbagel";
repo = "jellyseerr";
rev = "v${version}";
hash = "sha256-5kaeqhjUy9Lgx4/uFcGRlAo+ROEOdTWc2m49rq8R8Hs=";
};
nativeBuildInputs = [
nodejs
makeWrapper
pnpm_9.configHook
# Needed for compiling sqlite3 and bcrypt from source
node-pre-gyp
python3
];
pnpmDeps = pnpm_9.fetchDeps {
inherit (finalAttrs) pname version src;
hash = "sha256-xu6DeaBArQmnqEnIgjc1DTZujQebSkjuai9tMHeQWCk=";
};
buildPhase = ''
runHook preBuild
pnpm build
# Fixes "SQLite package has not been found installed" at launch
pushd node_modules/sqlite3
export CPPFLAGS="-I${nodejs}/include/node"
npm run install --build-from-source --nodedir=${nodejs}/include/node
popd
pushd node_modules/bcrypt
export CPPFLAGS="-I${nodejs}/include/node"
npm run install --build-from-source --nodedir=${nodejs}/include/node
popd
runHook postBuild
'';
preInstall = ''
mkdir $out
cp ./package.json $out
rm -r .next/cache
cp -R ./.next $out
cp -R ./dist $out
cp ./overseerr-api.yml $out
cp -R ./node_modules $out
'';
postInstall = ''
makeWrapper '${nodejs}/bin/node' "$out/bin/jellyseerr" \
--chdir $out \
--add-flags "$out/dist/index.js" \
--set NODE_ENV production
'';
meta = with lib; {
description = "Fork of overseerr for jellyfin support";
homepage = "https://github.com/Fallenbagel/jellyseerr";
longDescription = ''
Jellyseerr is a free and open source software application for managing
requests for your media library. It is a a fork of Overseerr built to
bring support for Jellyfin & Emby media servers!
'';
license = licenses.mit;
maintainers = with maintainers; [
camillemndn
pizzapim
];
platforms = platforms.linux;
mainProgram = "jellyseerr";
};
})

4
machines/default.nix
View file

@ -1,7 +1,7 @@
{
blocktech = {
sue = {
system = "x86_64-linux";
nixosModule = import ./blocktech/configuration.nix;
nixosModule = import ./sue/configuration.nix;
};
gamepc = {

7
machines/gamepc/configuration.nix
View file

@ -33,13 +33,6 @@
services = {
openssh.enable = true;
ollama = {
enable = true;
rocmOverrideGfx = "10.3.0";
loadModels = ["deepseek-r1:32b" "hf.co/mradermacher/DeepSeek-R1-Distill-Qwen-32B-Uncensored-GGUF:Q4_K_M"];
acceleration = "rocm";
};
xserver.displayManager.lightdm.extraSeatDefaults = ''
autologin-user=pim
'';

1
machines/gamepc/pim.home.nix
View file

@ -14,7 +14,6 @@
vlc
handbrake
lutris
chromium
];
};

50
machines/lewis/configuration.nix
View file

@ -2,7 +2,6 @@
self,
config,
pkgs,
lib,
...
}: {
config = {
@ -23,54 +22,5 @@
data-sharing.enable = true;
backups.enable = true;
};
systemd = {
timers.read-dir-sizes = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "read-dir-sizes.service";
};
};
services."read-dir-sizes" = {
script = let
script = pkgs.writeShellScriptBin "read-dir-sizes.sh" ''
DIRS=(
"/mnt/longhorn/persistent/media/movies"
"/mnt/longhorn/persistent/media/shows"
)
temp_file=$(mktemp)
trap 'rm -f "$temp_file"' EXIT
for DIR_PATH in "''${DIRS[@]}"; do
# Find all top-level subdirectories and calculate their size
find "$DIR_PATH" -mindepth 1 -maxdepth 1 -type d | while read -r subdir; do
# Calculate the size of the top-level subdirectory
du --block-size=1 -s "$subdir" | while read -r size path; do
# Print size in Prometheus format
echo "directory_size_bytes{dir=\"$path\"} $size" >> $temp_file
done
done
done
mkdir -p /var/lib/node_exporter/textfile_collector
cp $temp_file /var/lib/node_exporter/textfile_collector/dir_sizes.prom
chmod o=r /var/lib/node_exporter/textfile_collector/dir_sizes.prom
'';
in "${lib.getExe script}";
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
tmpfiles.rules = [
"d /mnt/longhorn/persistent/media/torrents 775 414 51 8d"
];
};
services.prometheus.exporters.node.extraFlags = ["--collector.textfile.directory=/var/lib/node_exporter/textfile_collector"];
};
}

48
machines/blocktech/configuration.nix → machines/sue/configuration.nix
View file

@ -12,15 +12,16 @@
config = {
pim = {
lanzaboote.enable = false;
tidal.enable = false;
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
sops-nix.usersWithSopsKeys = ["pkunis"];
compliance.enable = true;
sops-nix.usersWithSopsKeys = ["pim"];
};
users.users.pkunis = {
users.users.pim = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
};
@ -32,10 +33,10 @@
};
facter.reportPath = ./facter.json;
home-manager.users.pkunis.imports = [./pkunis.home.nix];
nix.settings.trusted-users = ["pkunis"];
home-manager.users.pim.imports = [./pim.home.nix];
nix.settings.trusted-users = ["pim"];
system.stateVersion = "23.05";
sops.defaultSopsFile = "${self}/secrets/blocktech/nixos.yaml";
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
environment.systemPackages = with pkgs; [
borgbackup
@ -59,26 +60,18 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/949815d4-cfc4-4cf3-bbbe-22516f91119c";}
];
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/06710546-327b-402a-b221-8d88b75301d2";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E547-7E6C";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
boot = {
initrd.luks.devices."luks-4cc1ad7c-a794-4c54-adc8-c9f666c9b781".device = "/dev/disk/by-uuid/4cc1ad7c-a794-4c54-adc8-c9f666c9b781";
initrd.luks.devices."luks-161f5109-c2d7-4307-91f6-27c655d6ab3e".device = "/dev/disk/by-uuid/161f5109-c2d7-4307-91f6-27c655d6ab3e";
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
@ -86,6 +79,8 @@
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
configuration = {
imports = [
@ -95,7 +90,6 @@
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
services.xserver.videoDrivers = ["nvidia"];
};
};
};

4520
machines/blocktech/facter.json → machines/sue/facter.json
View file

File diff suppressed because it is too large Load diff

30
machines/blocktech/pkunis.home.nix → machines/sue/pim.home.nix
View file

@ -1,54 +1,43 @@
{
lib,
self,
pkgs,
config,
...
}: let
inherit (self.packages.${pkgs.system}) neovim;
in {
}: {
config = {
pim = {
tidal.enable = false;
tidal.enable = true;
gnome.enable = true;
vscode.enable = true;
syncthing.enable = true;
neovim.enable = true;
firefox.enable = true;
};
programs = {
chromium.enable = true;
git.extraConfig.core.editor = lib.getExe neovim;
};
programs.chromium.enable = true;
home = {
username = "pkunis";
homeDirectory = "/home/pkunis";
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
sessionVariables = {
MANPAGER = "${lib.getExe neovim} +Man!";
EDITOR = lib.getExe neovim;
};
};
sops = {
defaultSopsFile = "${self}/secrets/blocktech/pkunis.yaml";
defaultSopsFile = "${self}/secrets/sue/pim.yaml";
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
};
home.packages =
[self.packages.${pkgs.system}.neovim]
++ (with pkgs; [
(with pkgs; [
jellyfin-media-player
virt-manager
bottles-unwrapped
feishin
])
++ (with pkgs.unstable; [
attic-client
dbeaver-bin
devenv
bottles-unwrapped
gimp
hexchat
impression
@ -68,6 +57,7 @@ in {
wireshark
# nheko # Has insecure olm dependency
handbrake
feishin
redfishtool
]);
};

2
nixos-configurations.nix
View file

@ -3,7 +3,7 @@ inputs @ {
self,
...
}: {
nixosConfigurations = nixpkgs.lib.mapAttrs (_: {
nixosConfigurations = nixpkgs.lib.mapAttrs (name: {
system,
nixosModule,
}:

14
nixos/compliance.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
...
}: let
cfg = config.pim.compliance;
in {
options.pim.compliance.enable = lib.mkEnableOption "compliance";
config = lib.mkIf cfg.enable {
services.clamav = {
daemon.enable = true;
};
};
}

10
nixos/data-sharing.nix
View file

@ -4,7 +4,15 @@
...
}: let
cfg = config.pim.data-sharing;
nfsShares = ["/mnt/longhorn/persistent/longhorn-backup"];
nfsShares = [
"/mnt/longhorn/persistent/media"
"/mnt/longhorn/persistent/media/books"
"/mnt/longhorn/persistent/media/movies"
"/mnt/longhorn/persistent/media/music"
"/mnt/longhorn/persistent/media/shows"
"/mnt/longhorn/persistent/longhorn-backup"
];
nfsExports = lib.strings.concatLines (
builtins.map

22
nixos/default.nix
View file

@ -18,6 +18,7 @@
./stylix.nix
./wireguard.nix
./gnome.nix
./compliance.nix
./cinnamon.nix
./ssh.nix
./desktop.nix
@ -127,7 +128,6 @@
ncdu
lshw
sops
nix-tree
];
};
@ -170,6 +170,8 @@
};
nixpkgs = {
# hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
@ -179,15 +181,11 @@
"steam-run"
"steam-unwrapped"
];
permittedInsecurePackages = [
"electron-31.7.7"
];
};
overlays = [
inputs.nur.overlays.default
(_final: _prev: {
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (pkgs) system;
config.allowUnfree = true;
@ -196,13 +194,9 @@
];
};
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_13;
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
home-manager = {

5
nixos/desktop.nix
View file

@ -6,11 +6,6 @@
config = lib.mkIf (builtins.elem "desktop" config.deployment.tags) {
programs.ssh.startAgent = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
services = {
xserver.enable = true;
printing.enable = true;

61
nixos/prometheus.nix
View file

@ -12,39 +12,42 @@
services.prometheus = {
enable = true;
scrapeConfigs = let
node = {
job_name = "node";
static_configs = [
{
targets = lib.pipe nodes [
(lib.filterAttrs (_name: node: node.config.services.prometheus.exporters.node.enable))
(lib.attrsets.mapAttrsToList
(_name: node: "${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"))
];
}
scrapeConfigs = (
let
generated = lib.pipe nodes [
(lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable))
(lib.attrsets.mapAttrsToList
(name: node: {
job_name = name;
static_configs = [
{
targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"];
}
];
}))
];
};
pikvm = {
job_name = "pikvm";
metrics_path = "/api/export/prometheus/metrics";
scheme = "https";
tls_config.insecure_skip_verify = true;
pikvm = {
job_name = "pikvm";
metrics_path = "/api/export/prometheus/metrics";
scheme = "https";
tls_config.insecure_skip_verify = true;
# We don't care about security here, it's behind a VPN.
basic_auth = {
username = "admin";
password = "admin";
# We don't care about security here, it's behind a VPN.
basic_auth = {
username = "admin";
password = "admin";
};
static_configs = [
{
targets = ["pikvm.dmz"];
}
];
};
static_configs = [
{
targets = ["pikvm.dmz"];
}
];
};
in [node pikvm];
in
generated ++ [pikvm]
);
};
services.nginx = {

3
nixos/server.nix
View file

@ -2,7 +2,6 @@
lib,
config,
self,
pkgs,
...
}: {
options.pim.tailscale.advertiseExitNode = lib.mkOption {
@ -11,8 +10,6 @@
};
config = lib.mkIf (builtins.elem "server" config.deployment.tags) {
environment.systemPackages = [pkgs.unar];
networking = {
firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port];
domain = "dmz";

1
nixos/tidal.nix
View file

@ -5,7 +5,6 @@
}: let
cfg = config.pim.tidal;
in {
# TODO: this is bad and broken
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {

120
packages.nix
View file

@ -2,130 +2,12 @@
nixpkgs,
flake-utils,
treefmt-nix,
nvf,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
treefmtWrapper = treefmtEval.config.build.wrapper;
neovimConfigured = nvf.lib.neovimConfiguration {
inherit pkgs;
modules = [
{
config.vim = {
preventJunkFiles = true;
telescope.enable = true;
autopairs.nvim-autopairs.enable = true;
autocomplete.nvim-cmp.enable = true;
snippets.luasnip.enable = true;
filetree.neo-tree.enable = true;
tabline.nvimBufferline.enable = true;
dashboard.alpha.enable = true;
notify.nvim-notify.enable = true;
projects.project-nvim.enable = true;
comments.comment-nvim.enable = true;
extraPlugins.vim-sleuth.package = pkgs.vimPlugins.vim-sleuth;
keymaps = [
{
key = "<C-e>";
mode = ["n"];
action = ":Neotree toggle<CR>";
silent = true;
desc = "Toggle Neotree";
}
];
lsp = {
formatOnSave = true;
lightbulb.enable = true;
trouble.enable = true;
lspSignature.enable = true;
otter-nvim.enable = true;
lsplines.enable = true;
};
languages = {
enableLSP = true;
enableFormat = true;
enableTreesitter = true;
enableExtraDiagnostics = true;
nix.enable = true;
markdown.enable = true;
bash.enable = true;
clang.enable = true;
css.enable = true;
html.enable = true;
sql.enable = true;
go.enable = true;
python.enable = true;
rust = {
enable = true;
crates.enable = true;
};
};
visuals = {
nvim-web-devicons.enable = true;
cinnamon-nvim.enable = true;
fidget-nvim.enable = true;
highlight-undo.enable = true;
cellular-automaton.enable = true;
};
statusline.lualine = {
enable = true;
theme = "gruvbox";
};
theme = {
enable = true;
name = "gruvbox";
style = "dark";
transparent = false;
};
binds = {
whichKey.enable = true;
cheatsheet.enable = true;
};
git = {
enable = true;
gitsigns.enable = true;
};
utility = {
surround.enable = true;
diffview-nvim.enable = true;
motion = {
hop.enable = true;
leap.enable = true;
};
};
terminal.toggleterm = {
enable = true;
lazygit.enable = true;
};
ui = {
borders.enable = true;
noice.enable = true;
colorizer.enable = true;
smartcolumn.enable = true;
fastaction.enable = true;
};
};
}
];
};
in {
packages = {
formatter = treefmtWrapper;
inherit (neovimConfigured) neovim;
};
packages.formatter = treefmtWrapper;
})

6
secrets/blocktech/colmena.yaml → secrets/sue/colmena.yaml
View file

@ -1,6 +1,6 @@
sops_nix_keys:
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
pkunis: ENC[AES256_GCM,data:192vkgOdMoDEhPU6yilatIfaFS/1LJFvteEMYI1/3SBP773lN62pWoDiJDiBtjBCisA/3yHriL3Dpvs1PwbV0BChmbL+svwKrFE=,iv:/YyZ+NSyZwyGp4NJYUSeYOOUfGaH5jOiVUH8QeWnFUA=,tag:sWN0bQvm8Ejw5+XST0pAEQ==,type:str]
pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str]
sops:
kms: []
gcp_kms: []
@ -16,8 +16,8 @@ sops:
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-25T13:53:06Z"
mac: ENC[AES256_GCM,data:lLojNOq2QtdeqiCHOg6+Kssfa+Ey6JefPQulFkgnr1Onrt60ds2qWg5TTMHMlUaa6vB1S78WqyquTRBLv9Ek/alOae+CgdDi+vVX8hG5Mc2Edcfl+z8rRNFB+2mOEl1gJwKntyxySx6YBiDhZsH0p+Xflw9WGm/lL/FyRCJCwq0=,iv:8PqXupgwdfgdfIzsymVSrjQACoMODR+XYPgLMvASjos=,tag:rLGJlL3alm/qy+3qeS637g==,type:str]
lastmodified: "2024-11-30T23:42:51Z"
mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

0
secrets/blocktech/nixos.yaml → secrets/sue/nixos.yaml
View file

0
secrets/blocktech/pkunis.yaml → secrets/sue/pim.yaml
View file