Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-21 14:49:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Richie:feature/adding-system-for-brendan
Branches Tags
Richie:main Richie:feature/removing-brain_substituter.nix-from-bob Richie:feature/creating-prompt_bench Richie:claude/add-line-counter-tool-zaW28 Richie:feature/setting-up-bluesky-firehose Richie:claude/sheet-music-ocr-mxml-4OGMU Richie:feature/adding-congress-data-to-database Richie:claude/improve-code-coverage-aW1aD Richie:claude/implement-todo-item-w2KGe Richie:feature/adding-open_webui-to-jeeves Richie:feature/testing-unshare Richie:bugfix/fixed-energy-out-integrations Richie:feature/adding-fix_eval_warnings.yml Richie:feature/building-safe_reboot Richie:feature/fixing-jeeves-locked-linux-firmware-and-6.12.52 Richie:feature/adding-cool-tools Richie:feature/adding-xf86_input_wacom Richie:feature/adding-making-esphome-battery-more-stable Richie:feature/linux-6.17 Richie:bugfix/added-math-the-jeeves Richie:feature/improving-treefmt-action-debugging Richie:feature/added-merge_group Richie:feature/testing-merge_group Richie:feature/removing-auto-update Richie:feature/linux-6.15 Richie:feature/setting-up-unifi-video-archiving Richie:feature/updating-system_tools Richie:feature/decreasing-cloud-flair-usage Richie:feature/creating-a-custom-installer-iso Richie:feature/setting-up-mxr-deploment Richie:feature/adding-system-for-brendan Richie:feature/testing-microvm Richie:feature/testing-cosmic Richie:feature/building-nixos-based-router Richie:feature/setting-up-transmission Richie:feature/improving-muninns-bluetooth Richie:intresting-error Richie:feature/setting-up-keyFile-for-muninn Richie:feature/setting-up-cleves-for-muninn Richie:feature/testing-tang-and-clevis Richie:feature/testing-nixos-router Richie:updating-bobs-zfs-settings
..
compare: Richie:feature/setting-up-transmission
Branches Tags
Richie:main Richie:feature/removing-brain_substituter.nix-from-bob Richie:feature/creating-prompt_bench Richie:claude/add-line-counter-tool-zaW28 Richie:feature/setting-up-bluesky-firehose Richie:claude/sheet-music-ocr-mxml-4OGMU Richie:feature/adding-congress-data-to-database Richie:claude/improve-code-coverage-aW1aD Richie:claude/implement-todo-item-w2KGe Richie:feature/adding-open_webui-to-jeeves Richie:feature/testing-unshare Richie:bugfix/fixed-energy-out-integrations Richie:feature/adding-fix_eval_warnings.yml Richie:feature/building-safe_reboot Richie:feature/fixing-jeeves-locked-linux-firmware-and-6.12.52 Richie:feature/adding-cool-tools Richie:feature/adding-xf86_input_wacom Richie:feature/adding-making-esphome-battery-more-stable Richie:feature/linux-6.17 Richie:bugfix/added-math-the-jeeves Richie:feature/improving-treefmt-action-debugging Richie:feature/added-merge_group Richie:feature/testing-merge_group Richie:feature/removing-auto-update Richie:feature/linux-6.15 Richie:feature/setting-up-unifi-video-archiving Richie:feature/updating-system_tools Richie:feature/decreasing-cloud-flair-usage Richie:feature/creating-a-custom-installer-iso Richie:feature/setting-up-mxr-deploment Richie:feature/adding-system-for-brendan Richie:feature/testing-microvm Richie:feature/testing-cosmic Richie:feature/building-nixos-based-router Richie:feature/setting-up-transmission Richie:feature/improving-muninns-bluetooth Richie:intresting-error Richie:feature/setting-up-keyFile-for-muninn Richie:feature/setting-up-cleves-for-muninn Richie:feature/testing-tang-and-clevis Richie:feature/testing-nixos-router Richie:updating-bobs-zfs-settings

2 Commits
feature/ad ... feature/se

Author SHA1 Message Date
Richie Cahill
23ad4e19dd added transmission.nix 2025-01-03 13:02:09 -05:00
Richie Cahill
349cfa26f7 added media/services and torrenting/transmission datasets 2025-01-03 10:02:29 -05:00
104 changed files with 819 additions and 2407 deletions
Expand all files Collapse all files

6
.github/workflows/build_systems.yml vendored
View File

@@ -1,4 +1,4 @@
name: build_systems name: build_jeeves
on: on:
workflow_dispatch: workflow_dispatch:
pull_request: pull_request:
@@ -14,11 +14,9 @@ jobs:
system: system:
- "bob" - "bob"
- "jeeves" - "jeeves"
- "muninn"
- "rhapsody-in-green" - "rhapsody-in-green"
- "brendans-system"
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Build default package - name: Build default package
run: "nixos-rebuild build --flake ./#${{ matrix.system }}" run: "nixos-rebuild build --flake ./#${{ matrix.system }}"
- name: copy to nix-cache
run: nix copy --to ssh://jeeves .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel

15
.github/workflows/treefmt.yml vendored
View File

@@ -1,15 +0,0 @@
name: treefmt
on:
workflow_dispatch:
pull_request:
push:
branches: [main]
jobs:
treefmt:
name: nix fmt
runs-on: self-hosted
steps:
- uses: actions/checkout@v4
- name: runs treefmt
run: "treefmt --ci"

1
.github/workflows/update-flake-lock.yml vendored
View File

@@ -15,7 +15,6 @@ jobs:
- name: Update flake.lock - name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@main uses: DeterminateSystems/update-flake-lock@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
pr-title: "Update flake.lock" pr-title: "Update flake.lock"
pr-labels: | pr-labels: |
dependencies dependencies

4
.gitignore vendored
View File

@@ -162,6 +162,4 @@ cython_debug/
#.idea/ #.idea/
test.* test.*
secrets.*
# syncthing
.stfolder

17
.sops.yaml
View File

@@ -1,17 +0,0 @@
keys:
- &admin_richie age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
- &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
- &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
- &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
- &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
creation_rules:
- path_regex: users/secrets\.yaml$
key_groups:
- age:
- *admin_richie
- *system_bob
- *system_jeeves
- *system_router
- *system_rhapsody

21
.vscode/settings.json vendored
View File

@@ -6,9 +6,7 @@
"advplyr", "advplyr",
"ahci", "ahci",
"aioesphomeapi", "aioesphomeapi",
"aiounifi",
"alsa", "alsa",
"apiclient",
"archlinux", "archlinux",
"ashift", "ashift",
"asrouter", "asrouter",
@@ -19,10 +17,8 @@
"auditd", "auditd",
"autofetch", "autofetch",
"autologin", "autologin",
"automations",
"autopull", "autopull",
"autotrim", "autotrim",
"autoupdate",
"azuretools", "azuretools",
"bantime", "bantime",
"bazarr", "bazarr",
@@ -42,8 +38,6 @@
"Compat", "Compat",
"contentblocking", "contentblocking",
"cookiebanners", "cookiebanners",
"createdb",
"createrole",
"crlite", "crlite",
"cryptsetup", "cryptsetup",
"darkreader", "darkreader",
@@ -88,7 +82,6 @@
"globalprivacycontrol", "globalprivacycontrol",
"gparted", "gparted",
"gtts", "gtts",
"gutenprint",
"hass", "hass",
"healthreport", "healthreport",
"Heatsink", "Heatsink",
@@ -98,7 +91,6 @@
"hmac", "hmac",
"homeassistant", "homeassistant",
"HPKP", "HPKP",
"hplip",
"htmlaboutaddons", "htmlaboutaddons",
"hurlenko", "hurlenko",
"hwloc", "hwloc",
@@ -107,7 +99,6 @@
"ioit", "ioit",
"iperf", "iperf",
"isal", "isal",
"jellyfin",
"jnoortheen", "jnoortheen",
"jsbc", "jsbc",
"kagi", "kagi",
@@ -118,7 +109,6 @@
"libsodium", "libsodium",
"libssh", "libssh",
"libvirtd", "libvirtd",
"llms",
"localtime", "localtime",
"louislam", "louislam",
"lsnew", "lsnew",
@@ -137,6 +127,7 @@
"mountpoints", "mountpoints",
"mousewheel", "mousewheel",
"mtxr", "mtxr",
"muninn",
"ncdu", "ncdu",
"nemo", "nemo",
"neofetch", "neofetch",
@@ -146,7 +137,6 @@
"Networkd", "Networkd",
"networkmanager", "networkmanager",
"newtabpage", "newtabpage",
"nixfmt",
"nixos", "nixos",
"nixpkgs", "nixpkgs",
"nmap", "nmap",
@@ -170,6 +160,7 @@
"peerconnection", "peerconnection",
"PESKYFOX", "PESKYFOX",
"PGID", "PGID",
"photoprism",
"pipewire", "pipewire",
"pkgs", "pkgs",
"plugdev", "plugdev",
@@ -186,10 +177,8 @@
"PUID", "PUID",
"pulseaudio", "pulseaudio",
"punycode", "punycode",
"pychromecast",
"pylance", "pylance",
"pymetno", "pymetno",
"pyownet",
"qbit", "qbit",
"qbittorrent", "qbittorrent",
"qbittorrentvpn", "qbittorrentvpn",
@@ -197,14 +186,12 @@
"quicksuggest", "quicksuggest",
"radarr", "radarr",
"readahead", "readahead",
"receiveencrypted",
"Redistributable", "Redistributable",
"referer", "referer",
"REFERERS", "REFERERS",
"relatime", "relatime",
"Rhosts", "Rhosts",
"ripgrep", "ripgrep",
"rokuecp",
"routable", "routable",
"rspace", "rspace",
"rtkit", "rtkit",
@@ -226,7 +213,6 @@
"sponsorblock", "sponsorblock",
"sqltools", "sqltools",
"ssdp", "ssdp",
"SSHOPTS",
"stdenv", "stdenv",
"subresource", "subresource",
"substituters", "substituters",
@@ -234,7 +220,6 @@
"sysstat", "sysstat",
"tabmanager", "tabmanager",
"tamasfe", "tamasfe",
"TCPIP",
"tiktok", "tiktok",
"timonwong", "timonwong",
"tmmworkshop", "tmmworkshop",
@@ -242,11 +227,9 @@
"topsites", "topsites",
"topstories", "topstories",
"torrenting", "torrenting",
"treefmt",
"twimg", "twimg",
"uaccess", "uaccess",
"ublock", "ublock",
"uiprotect",
"uitour", "uitour",
"unrar", "unrar",
"unsubmitted", "unsubmitted",

6
build.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
nixos-rebuild build --flake /home/richie/projects/dotfiles#bob
nixos-rebuild build --flake /home/richie/projects/dotfiles#jeeves
nixos-rebuild build --flake /home/richie/projects/dotfiles#muninn
nixos-rebuild build --flake /home/richie/projects/dotfiles#rhapsody-in-green

24
common/global/default.nix
View File

@@ -8,7 +8,6 @@
{ {
imports = [ imports = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
./fail2ban.nix ./fail2ban.nix
./fonts.nix ./fonts.nix
./libs.nix ./libs.nix
@@ -23,7 +22,7 @@
boot = { boot = {
tmp.useTmpfs = true; tmp.useTmpfs = true;
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_12; kernelPackages = lib.mkDefault pkgs.linuxPackages_6_12;
zfs.package = lib.mkDefault pkgs.zfs_2_3; zfs.package = lib.mkDefault pkgs.zfs;
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@@ -31,32 +30,23 @@
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { inherit inputs outputs; }; extraSpecialArgs = {inherit inputs outputs;};
backupFileExtension = "backup";
}; };
nixpkgs = { nixpkgs = {
overlays = builtins.attrValues outputs.overlays; overlays = builtins.attrValues outputs.overlays;
config.allowUnfree = true; config = {
}; allowUnfree = true;
services = {
# firmware update
fwupd.enable = true;
snapshot_manager.enable = lib.mkDefault true;
zfs = {
trim.enable = lib.mkDefault true;
autoScrub.enable = lib.mkDefault true;
}; };
}; };
services.fwupd.enable = true;
programs.zsh.enable = true; programs.zsh.enable = true;
security.auditd.enable = lib.mkDefault true; security.auditd.enable = lib.mkDefault true;
users.mutableUsers = lib.mkDefault false; users.mutableUsers = lib.mkDefault true;
zramSwap = { zramSwap = {
enable = lib.mkDefault true; enable = lib.mkDefault true;

8
common/global/nix.nix
View File

@@ -2,11 +2,9 @@
inputs, inputs,
lib, lib,
... ...
}: }: let
let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in in {
{
nix = { nix = {
settings = { settings = {
trusted-users = [ trusted-users = [
@@ -39,7 +37,7 @@ in
}; };
# Add each flake input as a registry and nix_path # Add each flake input as a registry and nix_path
registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
}; };
} }

8
common/global/snapshot_manager.nix
View File

@@ -1,10 +1,4 @@
{ { inputs, pkgs, lib, config, ... }:
inputs,
pkgs,
lib,
config,
...
}:
let let
cfg = config.services.snapshot_manager; cfg = config.services.snapshot_manager;
in in

12
common/optional/desktop.nix
View File

@@ -2,17 +2,9 @@
{ {
boot = { boot = {
kernelPackages = pkgs.linuxPackages_6_12; kernelPackages = pkgs.linuxPackages_6_12;
zfs.package = pkgs.zfs_2_3; zfs.package = pkgs.zfs;
}; };
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
# rtkit is optional but recommended for pipewire
security.rtkit.enable = true;
services = { services = {
displayManager.sddm = { displayManager.sddm = {
enable = true; enable = true;
@@ -29,8 +21,6 @@
}; };
}; };
pulseaudio.enable = false;
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;

10
common/optional/printing.nix
View File

@@ -1,10 +0,0 @@
{ pkgs, ... }:
{
services.printing = {
enable = true;
drivers = with pkgs; [
gutenprint
hplip
];
};
}

7
common/optional/steam.nix
View File

@@ -1,9 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [mangohud steam-run];
mangohud
steam-run
];
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
programs = { programs = {
@@ -14,7 +11,7 @@
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true; localNetworkGameTransfers.openFirewall = true;
protontricks.enable = true; protontricks.enable = true;
extraCompatPackages = with pkgs; [ proton-ge-bin ]; extraCompatPackages = with pkgs; [proton-ge-bin];
extest.enable = true; extest.enable = true;
}; };
gamescope = { gamescope = {

4
common/optional/syncthing_base.nix
View File

@@ -6,7 +6,8 @@
overrideFolders = true; overrideFolders = true;
dataDir = "/home/richie/Syncthing"; dataDir = "/home/richie/Syncthing";
configDir = "/home/richie/.config/syncthing"; configDir = "/home/richie/.config/syncthing";
settings.devices = { settings = {
devices = {
phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line
jeeves.id = "ICRHXZW-ECYJCUZ-I4CZ64R-3XRK7CG-LL2HAAK-FGOHD22-BQA4AI6-5OAL6AG"; # cspell:disable-line jeeves.id = "ICRHXZW-ECYJCUZ-I4CZ64R-3XRK7CG-LL2HAAK-FGOHD22-BQA4AI6-5OAL6AG"; # cspell:disable-line
ipad.id = "KI76T3X-SFUGV2L-VSNYTKR-TSIUV5L-SHWD3HE-GQRGRCN-GY4UFMD-CW6Z6AX"; # cspell:disable-line ipad.id = "KI76T3X-SFUGV2L-VSNYTKR-TSIUV5L-SHWD3HE-GQRGRCN-GY4UFMD-CW6Z6AX"; # cspell:disable-line
@@ -14,4 +15,5 @@
rhapsody-in-green.id = "ASL3KC4-3XEN6PA-7BQBRKE-A7JXLI6-DJT43BY-Q4WPOER-7UALUAZ-VTPQ6Q4"; # cspell:disable-line rhapsody-in-green.id = "ASL3KC4-3XEN6PA-7BQBRKE-A7JXLI6-DJT43BY-Q4WPOER-7UALUAZ-VTPQ6Q4"; # cspell:disable-line
}; };
}; };
};
} }

27
common/optional/update.nix
View File

@@ -1,9 +1,32 @@
{ lib, pkgs, ... }:
{ {
systemd = {
services."autopull@dotfiles" = {
requires = [ "multi-user.target" ];
after = [ "multi-user.target" ];
description = "Pull the latest data for dotfiles";
serviceConfig = {
Type = "oneshot";
User = "root";
WorkingDirectory = /root/dotfiles;
ExecStart = "${pkgs.git}/bin/git pull --all --prune";
};
};
timers."autopull@dotfiles" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnUnitActiveSec = "1h";
Unit = "autopull@dotfiles.service";
};
};
};
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = lib.mkDefault true;
flags = [ "--accept-flake-config" ]; flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h"; randomizedDelaySec = "1h";
persistent = true; persistent = true;
flake = "github:RichieCahill/dotfiles"; flake = "github:RAD-Development/nix-dotfiles";
}; };
} }

86
flake.lock generated
View File

@@ -9,11 +9,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1738382607, "lastModified": 1735099403,
"narHash": "sha256-ppR81tMrcQk/wHm8MmKtp3mrtYmMTgF2lxLLXYwRsOM=", "narHash": "sha256-22NF70bxkMY7/IY2NG0pC7WzgJ0bI67FGSUP37d2mQ8=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "dc86c8feffa328d9050e039a1286e175af6d76d8", "rev": "5b2c380332cf5a3022fde931d0346e2b868b544e",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -79,11 +79,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738415006, "lastModified": 1735053786,
"narHash": "sha256-ZlLTnqIQQ8OE6AtT+fluB642j2R9tnvxHHtpnmLjSxQ=", "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8544cd092047a7e92d0dce011108a563de7fc0f2", "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -120,14 +120,15 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable",
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1738343111, "lastModified": 1735090583,
"narHash": "sha256-y9st4Y0p5ry+6QdlIGeqxAA6rbEIOO1uXdAc5jxV2Bc=", "narHash": "sha256-Tm+BsKXJS/EdJd9DvLxDbw+chPI1o7A9RHKIFxho36I=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "51b9cce097da369550f45ac07879274dc8be81e4", "rev": "847b93e3b63bcea9a477dd86bb4b56ce7e051f0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -138,11 +139,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1738391520, "lastModified": 1734954597,
"narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=", "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773", "rev": "def1d472c832d77885f174089b0d34854b007198",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -154,11 +155,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1738142207, "lastModified": 1734649271,
"narHash": "sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9+WC4=", "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9d3ae807ebd2981d593cddd0080856873139aa40", "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -170,11 +171,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1738422722, "lastModified": 1735170897,
"narHash": "sha256-Q4vhtbLYWBUnjWD4iQb003Lt+N5PuURDad1BngGKdUs=", "narHash": "sha256-O1OXa12dHaObowGsfiM8pgphWfSXJj5v8sTxFoPXR0A=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "102a39bfee444533e6b4e8611d7e92aa39b7bec1", "rev": "138326d6e9841ab9e6161730d40e09cedd670c40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -186,11 +187,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1738163270, "lastModified": 1734875076,
"narHash": "sha256-B/7Y1v4y+msFFBW1JAdFjNvVthvNdJKiN6EGRPnqfno=", "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "59e618d90c065f55ae48446f307e8c09565d5ab0", "rev": "1807c2b91223227ad5599d7067a61665c52d1295",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -202,11 +203,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1735563628, "lastModified": 1734835170,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", "narHash": "sha256-JG6n9tQET7ZLjvwjH9BdYE6pES/Alcduxv2FDXliuBM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", "rev": "6df924734e1b626efd70925545de844b1c25246f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -231,11 +232,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1736884309, "lastModified": 1731205797,
"narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=", "narHash": "sha256-F7N1mxH1VrkVNHR3JGNMRvp9+98KYO4b832KS8Gl2xI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "poetry2nix", "repo": "poetry2nix",
"rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b", "rev": "f554d27c1544d9c56e5f1f8e2b8aff399803674e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -253,28 +254,28 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable_2",
"sops-nix": "sops-nix",
"system_tools": "system_tools", "system_tools": "system_tools",
"systems": "systems_3" "systems": "systems_3"
} }
}, },
"sops-nix": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixos-cosmic",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1738291974, "lastModified": 1735007320,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", "narHash": "sha256-NdhUgB9BkLGW9I+Q1GyUUCc3CbDgsg7HLWjG7WZBR5Q=",
"owner": "Mic92", "owner": "oxalica",
"repo": "sops-nix", "repo": "rust-overlay",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", "rev": "fb5fdba697ee9a2391ca9ceea3b853b4e3ce37a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Mic92", "owner": "oxalica",
"repo": "sops-nix", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
}, },
@@ -287,11 +288,11 @@
"poetry2nix": "poetry2nix" "poetry2nix": "poetry2nix"
}, },
"locked": { "locked": {
"lastModified": 1738431375, "lastModified": 1733083480,
"narHash": "sha256-jk6JrgqNe0dEPxV2xX/pBVsrPDfWaa033LKcyERkHJw=", "narHash": "sha256-B13faNyBbA3MeI7Jp6pFVbp58rI2Rx5Uvd83csW2p48=",
"owner": "RichieCahill", "owner": "RichieCahill",
"repo": "system_tools", "repo": "system_tools",
"rev": "36764189680c9be26192ee94da1a3f33f890ff0d", "rev": "bc357d8fabd83c1423611829091e5b1d86dd913c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -325,9 +326,8 @@
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "id": "systems",
"repo": "default", "type": "indirect"
"type": "github"
} }
}, },
"systems_3": { "systems_3": {

47
flake.nix
View File

@@ -42,24 +42,16 @@
url = "github:lilyinstarlight/nixos-cosmic"; url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs = {
{
self, self,
nixpkgs, nixpkgs,
home-manager, home-manager,
systems, systems,
nixos-cosmic, nixos-cosmic,
sops-nix,
... ...
}@inputs: } @ inputs: let
let
inherit (self) outputs; inherit (self) outputs;
lib = nixpkgs.lib // home-manager.lib; lib = nixpkgs.lib // home-manager.lib;
forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
@@ -70,38 +62,29 @@
config.allowUnfree = true; config.allowUnfree = true;
} }
); );
in in {
{
inherit lib; inherit lib;
overlays = import ./overlays { inherit inputs outputs; }; overlays = import ./overlays {inherit inputs outputs;};
devShells = forEachSystem (pkgs: import ./shell.nix { inherit pkgs; }); devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
formatter = forEachSystem (pkgs: pkgs.treefmt); formatter = forEachSystem (pkgs: pkgs.alejandra);
nixosConfigurations = { nixosConfigurations = {
bob = lib.nixosSystem { bob = lib.nixosSystem {
modules = [ modules = [./systems/bob];
./systems/bob specialArgs = {inherit inputs outputs;};
];
specialArgs = { inherit inputs outputs; };
}; };
jeeves = lib.nixosSystem { jeeves = lib.nixosSystem {
modules = [ modules = [./systems/jeeves];
./systems/jeeves specialArgs = {inherit inputs outputs;};
];
specialArgs = { inherit inputs outputs; };
}; };
rhapsody-in-green = lib.nixosSystem { rhapsody-in-green = lib.nixosSystem {
modules = [ modules = [./systems/rhapsody-in-green];
./systems/rhapsody-in-green specialArgs = {inherit inputs outputs;};
];
specialArgs = { inherit inputs outputs; };
}; };
brendans-system = lib.nixosSystem { muninn = lib.nixosSystem {
modules = [ modules = [./systems/muninn];
./systems/brendans-system specialArgs = {inherit inputs outputs;};
];
specialArgs = { inherit inputs outputs; };
}; };
}; };
}; };

3
overlays/default.nix
View File

@@ -1,5 +1,4 @@
{ inputs, ... }: {inputs, ...}: {
{
# When applied, the stable nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.stable' # When applied, the stable nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.stable'
stable = final: _prev: { stable = final: _prev: {
stable = import inputs.nixpkgs-stable { stable = import inputs.nixpkgs-stable {

6
shell.nix
View File

@@ -1,8 +1,4 @@
{ {pkgs ? import <nixpkgs> {}, ...}: {
pkgs ? import <nixpkgs> { },
...
}:
{
default = pkgs.mkShell { default = pkgs.mkShell {
NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations"; NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [

27
systems/bob/default.nix
View File

@@ -1,7 +1,6 @@
{ {
imports = [ imports = [
../../users/richie ../../users/richie
../../users/gaming
../../common/global ../../common/global
../../common/optional/desktop.nix ../../common/optional/desktop.nix
../../common/optional/docker.nix ../../common/optional/docker.nix
@@ -9,14 +8,11 @@
../../common/optional/steam.nix ../../common/optional/steam.nix
../../common/optional/syncthing_base.nix ../../common/optional/syncthing_base.nix
../../common/optional/systemd-boot.nix ../../common/optional/systemd-boot.nix
../../common/optional/update.nix
../../common/optional/yubikey.nix ../../common/optional/yubikey.nix
../../common/optional/zerotier.nix ../../common/optional/zerotier.nix
./hardware.nix ./hardware.nix
./nvidia.nix ./nvidia.nix
./syncthing.nix ./syncthing.nix
./games.nix
./llms.nix
]; ];
networking = { networking = {
@@ -26,17 +22,28 @@
networkmanager.enable = true; networkmanager.enable = true;
}; };
services = { hardware = {
displayManager = { pulseaudio.enable = false;
enable = true; bluetooth = {
autoLogin = {
user = "gaming";
enable = true; enable = true;
powerOnBoot = true;
}; };
defaultSession = "plasma";
}; };
security.rtkit.enable = true;
services = {
openssh.ports = [ 262 ]; openssh.ports = [ 262 ];
printing.enable = true;
snapshot_manager.enable = true;
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";

7
systems/bob/games.nix
View File

@@ -1,7 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
osu-lazer-bin
jellyfin-media-player
];
}

2
systems/bob/hardware.nix
View File

@@ -26,8 +26,6 @@
device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2"; device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2";
bypassWorkqueues = true; bypassWorkqueues = true;
allowDiscards = true; allowDiscards = true;
keyFileSize = 4096;
keyFile = "/dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0374620080067131-0:0";
}; };
}; };
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];

24
systems/bob/llms.nix
View File

@@ -1,24 +0,0 @@
{
services = {
ollama = {
enable = true;
loadModels = [
"codellama:7b"
"deepseek-r1:1.5b"
"deepseek-r1:7b"
"deepseek-r1:8b"
"deepseek-r1:14b"
"deepseek-r1:32b"
"llama3.2:3b"
"mistral-nemo:12b"
];
acceleration = "cuda";
openFirewall = true;
};
open-webui = {
enable = true;
openFirewall = true;
host = "192.168.90.25";
};
};
}

29
systems/bob/syncthing.nix
View File

@@ -1,7 +1,8 @@
{ {
services.syncthing.settings.folders = { services.syncthing.settings.folders = {
"dotfiles" = { "notes" = {
path = "/home/richie/dotfiles"; id = "l62ul-lpweo"; # cspell:disable-line
path = "/home/richie/notes";
devices = [ devices = [
"jeeves" "jeeves"
"rhapsody-in-green" "rhapsody-in-green"
@@ -29,5 +30,29 @@
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
}; };
"projects" = {
id = "vyma6-lqqrz"; # cspell:disable-line
path = "/home/richie/projects";
devices = [
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"temp" = {
id = "bob_temp";
path = "/home/richie/temp";
devices = [
"jeeves"
];
fsWatcherEnabled = true;
};
"vault" = {
path = "/home/richie/vault";
devices = [
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
}; };
} }

37
systems/brendans-system/default.nix
View File

@@ -1,37 +0,0 @@
{
imports = [
../../users/brendan
../../common/global
../../common/optional/desktop.nix
../../common/optional/docker.nix
../../common/optional/steam.nix
../../common/optional/systemd-boot.nix
../../common/optional/update.nix
../../common/optional/zerotier.nix
./hardware.nix
./nvidia.nix
./programs.nix
];
networking = {
hostName = "brendans-system";
hostId = "7c678a41";
firewall.enable = true;
networkmanager.enable = true;
};
services = {
displayManager = {
enable = true;
autoLogin = {
user = "gaming";
enable = true;
};
defaultSession = "plasma";
};
openssh.ports = [ 262 ];
};
system.stateVersion = "24.05";
}

14
systems/brendans-system/nvidia.nix
View File

@@ -1,14 +0,0 @@
{ config, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
nvidiaSettings = true;
open = true;
};
nvidia-container-toolkit.enable = true;
};
}

6
systems/brendans-system/programs.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
jellyfin-media-player
];
}

33
systems/jeeves/default.nix
View File

@@ -1,3 +1,6 @@
let
vars = import ./vars.nix;
in
{ {
imports = [ imports = [
../../users/richie ../../users/richie
@@ -7,12 +10,14 @@
../../common/optional/syncthing_base.nix ../../common/optional/syncthing_base.nix
../../common/optional/zerotier.nix ../../common/optional/zerotier.nix
./docker ./docker
./services
./hardware.nix ./hardware.nix
./home_assistant.nix
./networking.nix ./networking.nix
./programs.nix ./programs.nix
./runners ./runner.nix
./services.nix
./syncthing.nix ./syncthing.nix
./transmission.nix
]; ];
boot.zfs.extraPools = [ boot.zfs.extraPools = [
@@ -24,9 +29,31 @@
services = { services = {
openssh.ports = [ 629 ]; openssh.ports = [ 629 ];
nix-serve = {
enable = true;
secretKeyFile = "${vars.storage_secrets}/services/nix-cache/cache-priv-key.pem";
openFirewall = true;
};
plex = {
enable = true;
dataDir = vars.media_plex;
openFirewall = true;
};
smartd.enable = true; smartd.enable = true;
snapshot_manager.path = ./snapshot_config.toml; snapshot_manager = {
enable = true;
path = ./snapshot_config.toml;
};
sysstat.enable = true;
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";

19
systems/jeeves/docker/audiobookshelf.nix Normal file
View File

@@ -0,0 +1,19 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers.audiobookshelf = {
image = "ghcr.io/advplyr/audiobookshelf:latest";
volumes = [
"${vars.media_docker_configs}/audiobookshelf:/config"
"${vars.media_docker_configs}/audiobookshelf:/metadata"
"${vars.storage_library}/audiobooks:/audiobooks"
"${vars.storage_library}/books:/books"
];
environment = {
TZ = "America/New_York";
};
extraOptions = [ "--network=web" ];
autoStart = true;
};
}

15
systems/jeeves/docker/filebrowser.nix Normal file
View File

@@ -0,0 +1,15 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers.filebrowser = {
image = "hurlenko/filebrowser:latest";
extraOptions = [ "--network=web" ];
volumes = [
"/zfs:/data"
"${vars.media_docker_configs}/filebrowser:/config"
];
autoStart = true;
user = "1000:users";
};
}

12
systems/jeeves/docker/grafana.nix Normal file
View File

@@ -0,0 +1,12 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers.grafana = {
image = "grafana/grafana-enterprise:latest";
volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
user = "600:600";
extraOptions = [ "--network=web" ];
autoStart = true;
};
}

32
systems/jeeves/services/haproxy.cfg → systems/jeeves/docker/haproxy.cfg
View File

@@ -22,52 +22,50 @@ defaults
#Application Setup #Application Setup
frontend ContentSwitching frontend ContentSwitching
bind *:80 bind *:80
bind *:443 ssl crt /zfs/storage/secrets/docker/cloudflare.pem bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
mode http mode http
# tmmworkshop.com # tmmworkshop.com
acl host_audiobookshelf hdr(host) -i audiobookshelf.tmmworkshop.com acl host_audiobookshelf hdr(host) -i audiobookshelf.tmmworkshop.com
acl host_cache hdr(host) -i cache.tmmworkshop.com acl host_cache hdr(host) -i cache.tmmworkshop.com
acl host_filebrowser hdr(host) -i filebrowser.tmmworkshop.com acl host_filebrowser hdr(host) -i filebrowser.tmmworkshop.com
acl host_grafana hdr(host) -i grafana.tmmworkshop.com
acl host_homeassistant hdr(host) -i homeassistant.tmmworkshop.com acl host_homeassistant hdr(host) -i homeassistant.tmmworkshop.com
acl host_jellyfin hdr(host) -i jellyfin.tmmworkshop.com acl host_photoprism hdr(host) -i photoprism.tmmworkshop.com
acl host_share hdr(host) -i share.tmmworkshop.com
acl host_uptime_kuma hdr(host) -i uptimekuma-jeeves.tmmworkshop.com acl host_uptime_kuma hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
use_backend audiobookshelf_nodes if host_audiobookshelf use_backend audiobookshelf_nodes if host_audiobookshelf
use_backend cache_nodes if host_cache use_backend cache_nodes if host_cache
use_backend filebrowser_nodes if host_filebrowser use_backend filebrowser_nodes if host_filebrowser
use_backend grafana_nodes if host_grafana
use_backend homeassistant_nodes if host_homeassistant use_backend homeassistant_nodes if host_homeassistant
use_backend jellyfin if host_jellyfin use_backend photoprism_nodes if host_photoprism
use_backend share_nodes if host_share
use_backend uptime_kuma_nodes if host_uptime_kuma use_backend uptime_kuma_nodes if host_uptime_kuma
backend audiobookshelf_nodes backend audiobookshelf_nodes
mode http mode http
server server 192.168.90.40:8000 server server audiobookshelf:80
backend cache_nodes backend cache_nodes
mode http mode http
server server 192.168.90.40:5000 server server 192.168.90.40:5000
backend grafana_nodes
mode http
server server grafana:3000
backend filebrowser_nodes backend filebrowser_nodes
mode http mode http
server server 192.168.90.40:8080 server server filebrowser:8080
backend homeassistant_nodes backend homeassistant_nodes
mode http mode http
server server 192.168.95.14:8123 server server 192.168.95.14:8123
backend jellyfin backend photoprism_nodes
option httpchk
option forwardfor
http-check send meth GET uri /health
http-check expect string Healthy
server jellyfin 192.168.95.14:8096
backend share_nodes
mode http mode http
server server 192.168.95.14:8091 server server photoprism:2342
backend uptime_kuma_nodes backend uptime_kuma_nodes
mode http mode http
server server 192.168.95.14:3001 server server uptime_kuma:3001

53
systems/jeeves/docker/photoprism.nix Normal file
View File

@@ -0,0 +1,53 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers.photoprism = {
image = "photoprism/photoprism:latest";
volumes = [
"${vars.media_docker_configs}/photoprism:/photoprism/storage"
"${vars.storage_photos}/originals:/photoprism/originals"
"${vars.storage_photos}/import:/photoprism/import"
];
environment = {
PHOTOPRISM_ADMIN_USER="admin";
PHOTOPRISM_AUTH_MODE="password";
PHOTOPRISM_DISABLE_TLS="false";
PHOTOPRISM_DEFAULT_TLS="true";
PHOTOPRISM_ORIGINALS_LIMIT="30000";
PHOTOPRISM_HTTP_COMPRESSION="gzip";
PHOTOPRISM_LOG_LEVEL="info";
PHOTOPRISM_READONLY="false";
PHOTOPRISM_EXPERIMENTAL="false";
PHOTOPRISM_DISABLE_CHOWN="false";
PHOTOPRISM_DISABLE_WEBDAV="false";
PHOTOPRISM_DISABLE_SETTINGS="false";
PHOTOPRISM_DISABLE_TENSORFLOW="false";
PHOTOPRISM_DISABLE_FACES="false";
PHOTOPRISM_DISABLE_CLASSIFICATION="false";
PHOTOPRISM_DISABLE_VECTORS="false";
PHOTOPRISM_DISABLE_RAW="false";
PHOTOPRISM_RAW_PRESETS="false";
PHOTOPRISM_SIDECAR_YAML="true";
PHOTOPRISM_BACKUP_ALBUMS="true";
PHOTOPRISM_BACKUP_DATABASE="true";
PHOTOPRISM_BACKUP_SCHEDULE="daily";
PHOTOPRISM_INDEX_SCHEDULE="";
PHOTOPRISM_AUTO_INDEX="300";
PHOTOPRISM_AUTO_IMPORT= "-1";
PHOTOPRISM_DETECT_NSFW="false";
PHOTOPRISM_UPLOAD_NSFW="true";
PHOTOPRISM_DATABASE_DRIVER="sqlite";
PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App";
PHOTOPRISM_SITE_DESCRIPTION="";
PHOTOPRISM_SITE_AUTHOR="";
PHOTOPRISM_UID="600";
PHOTOPRISM_GID="600";
# PHOTOPRISM_UMASK: 0000
};
environmentFiles = ["${vars.storage_secrets}/docker/photoprism"];
autoStart = true;
extraOptions = [ "--network=web" ];
};
}

32
systems/jeeves/docker/postgresql.nix Normal file
View File

@@ -0,0 +1,32 @@
let
vars = import ../vars.nix;
in
{
users = {
users.postgres = {
isSystemUser = true;
group = "postgres";
uid = 999;
};
groups.postgres = {
gid = 999;
};
};
virtualisation.oci-containers.containers = {
postgres = {
image = "postgres:17";
ports = [ "5432:5432" ];
volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
environment = {
POSTGRES_USER = "admin";
POSTGRES_DB = "archive";
POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
};
environmentFiles = [ "${vars.storage_secrets}/docker/postgres" ];
autoStart = true;
user = "postgres:postgres";
};
};
}

11
systems/jeeves/docker/qbit.nix
View File

@@ -3,15 +3,8 @@ let
in in
{ {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [ 6881 8082 29432 ];
6881 allowedUDPPorts = [ 6881 29432 ];
8082
29432
];
allowedUDPPorts = [
6881
29432
];
}; };
virtualisation.oci-containers.containers.qbit = { virtualisation.oci-containers.containers.qbit = {
image = "ghcr.io/linuxserver/qbittorrent:5.0.2"; image = "ghcr.io/linuxserver/qbittorrent:5.0.2";

8
systems/jeeves/docker/qbitvpn.nix
View File

@@ -3,11 +3,7 @@ let
in in
{ {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [ 6882 8081 8118 ];
6882
8081
8118
];
allowedUDPPorts = [ 6882 ]; allowedUDPPorts = [ 6882 ];
}; };
virtualisation.oci-containers.containers.qbitvpn = { virtualisation.oci-containers.containers.qbitvpn = {
@@ -40,7 +36,7 @@ in
DELUGE_DAEMON_LOG_LEVEL = "debug"; DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug"; DELUGE_WEB_LOG_LEVEL = "debug";
}; };
environmentFiles = [ "${vars.storage_secrets}/docker/qbitvpn" ]; environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"];
autoStart = true; autoStart = true;
}; };
} }

39
systems/jeeves/docker/reverse_proxy.nix Normal file
View File

@@ -0,0 +1,39 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:latest";
user = "600:600";
environment = {
TZ = "Etc/EST";
};
volumes = [
"${vars.storage_secrets}/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem"
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
];
dependsOn = [
"audiobookshelf"
"filebrowser"
"grafana"
"photoprism"
"uptime_kuma"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
cloud_flare_tunnel = {
image = "cloudflare/cloudflared:latest";
user = "600:600";
cmd = [
"tunnel"
"run"
];
environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"];
dependsOn = [ "haproxy" ];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
}

15
systems/jeeves/docker/share.nix
View File

@@ -1,15 +0,0 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers.share = {
image = "ubuntu/apache2:2.4-22.04_beta";
ports = [ "8091:80" ];
volumes = [
"${../../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
"${vars.media_share}:/data"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
}

3
systems/jeeves/docker/uptime_kuma.nix
View File

@@ -4,8 +4,7 @@ in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
uptime_kuma = { uptime_kuma = {
ports = [ "3001:3001" ]; image = "louislam/uptime-kuma:latest";
image = "louislam/uptime-kuma:1.23.16-debian";
volumes = [ volumes = [
"${vars.media_docker_configs}/uptime_kuma:/app/data" "${vars.media_docker_configs}/uptime_kuma:/app/data"
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"

43
systems/jeeves/hardware.nix
View File

@@ -1,11 +1,6 @@
{ config, lib, modulesPath, ... }:
{ {
config, imports =[ (modulesPath + "/installer/scan/not-detected.nix") ];
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = { boot = {
loader = { loader = {
@@ -93,32 +88,22 @@
bypassWorkqueues = true; bypassWorkqueues = true;
allowDiscards = true; allowDiscards = true;
}; };
"luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device = "luks-storage_pool-wwn-0x5000cca23bc438dd-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1";
"/dev/disk/by-id/wwn-0x5000cca23bc438dd-part1"; "luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1";
"luks-storage_pool-wwn-0x5000cca23bd035f5-part1".device = "luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1";
"/dev/disk/by-id/wwn-0x5000cca23bd035f5-part1"; "luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1";
"luks-storage_pool-wwn-0x5000cca23bd00ad6-part1".device = "luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
"/dev/disk/by-id/wwn-0x5000cca23bd00ad6-part1"; "luks-storage_pool-wwn-0x5000cca23bd02746-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
"luks-storage_pool-wwn-0x5000cca23bcf313e-part1".device = "luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
"/dev/disk/by-id/wwn-0x5000cca23bcf313e-part1"; "luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device = "/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
"luks-storage_pool-wwn-0x5000cca23bcdf3b8-part1".device =
"/dev/disk/by-id/wwn-0x5000cca23bcdf3b8-part1";
"luks-storage_pool-wwn-0x5000cca23bd02746-part1".device =
"/dev/disk/by-id/wwn-0x5000cca23bd02746-part1";
"luks-storage_pool-wwn-0x5000cca23bcf9f89-part1".device =
"/dev/disk/by-id/wwn-0x5000cca23bcf9f89-part1";
"luks-storage_pool-wwn-0x5000cca23bd00ae9-part1".device =
"/dev/disk/by-id/wwn-0x5000cca23bd00ae9-part1";
# Torrenting pool # Torrenting pool
"luks-torrenting_pool-wwn-0x500a0751e6c3c01e-part1" = { "luks-torrenting_pool-wwn-0x500a0751e6c3c01e-part1" = {
device = "/dev/disk/by-id/wwn-0x500a0751e6c3c01e-part1"; device = "/dev/disk/by-id/wwn-0x500a0751e6c3c01e-part1";
bypassWorkqueues = true; bypassWorkqueues = true;
allowDiscards = true; allowDiscards = true;
}; };
"luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device = "luks-torrenting_pool-wwn-0x5000cca264f080a3-part1".device = "/dev/disk/by-id/wwn-0x5000cca264f080a3-part1";
"/dev/disk/by-id/wwn-0x5000cca264f080a3-part1"; "luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device = "/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
"luks-torrenting_pool-wwn-0x5000cca298c33ae5-part1".device =
"/dev/disk/by-id/wwn-0x5000cca298c33ae5-part1";
# cspell:enable # cspell:enable
}; };
}; };
@@ -137,8 +122,8 @@
fsType = "zfs"; fsType = "zfs";
}; };
"/nix" = { "/nix" =
device = "root_pool/nix"; { device = "root_pool/nix";
fsType = "zfs"; fsType = "zfs";
}; };

57
systems/jeeves/home_assistant.nix Normal file
View File

@@ -0,0 +1,57 @@
let
vars = import ./vars.nix;
in
{
services.home-assistant = {
enable = true;
openFirewall = true;
configDir = vars.media_home_assistant;
config = {
http = {
server_port = 8123;
server_host = [
"192.168.95.14"
"192.168.90.40"
"192.168.98.4"
];
use_x_forwarded_for = true;
trusted_proxies = "172.18.0.0/24";
};
homeassistant = {
time_zone = "America/New_York";
unit_system = "imperial";
temperature_unit = "F";
};
assist_pipeline = { };
backup = { };
bluetooth = { };
config = { };
dhcp = { };
energy = { };
history = { };
homeassistant_alerts = { };
image_upload = { };
logbook = { };
media_source = { };
mobile_app = { };
ssdp = { };
sun = { };
webhook = { };
zeroconf = { };
automation = "!include automations.yaml";
script = "!include scripts.yaml";
scene = "!include scenes.yaml";
group = "!include groups.yaml";
};
extraPackages =
python3Packages: with python3Packages; [
psycopg2
gtts
aioesphomeapi
esphome-dashboard-api
bleak-esphome
pymetno
];
extraComponents = [ "isal" ];
};
}

24
systems/jeeves/networking.nix
View File

@@ -7,12 +7,25 @@
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
netdevs = {
"20-ioit-vlan" = {
netdevConfig = {
Kind = "vlan";
Name = "ioit-vlan";
};
vlanConfig.Id = 20;
};
};
networks = { networks = {
"10-1GB_Primary" = { "10-1GB_Primary" = {
matchConfig.Name = "enp98s0f0"; matchConfig.Name = "enp98s0f0";
address = [ "192.168.95.14/24" ]; address = [ "192.168.95.14/24" ];
routes = [ { Gateway = "192.168.95.1"; } ]; routes = [{ Gateway = "192.168.95.1"; }];
vlan = [ "ioit-vlan" ];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
"10-1GB_Secondary" = { "10-1GB_Secondary" = {
@@ -28,6 +41,15 @@
matchConfig.Name = "enp97s0f1np1"; matchConfig.Name = "enp97s0f1np1";
DHCP = "yes"; DHCP = "yes";
}; };
"40-ioit-vlan" = {
matchConfig.Name = "ioit-vlan";
DHCP = "yes";
}; };
}; };
};
services.zerotierone = {
enable = true;
joinNetworks = [ "e4da7455b2ae64ca" ];
};
} }

29
systems/jeeves/runner.nix Normal file
View File

@@ -0,0 +1,29 @@
{ pkgs, ... }:
let
vars = import ./vars.nix;
in
{
users = {
users.github-runners = {
isSystemUser = true;
group = "github-runners";
uid = 601;
};
groups.github-runners = {
gid = 601;
};
};
services.github-runners.nix_builder = {
enable = true;
replace = true;
workDir = "/zfs/media/github-runners/nix_builder/";
url = "https://github.com/RichieCahill/dotfiles";
extraLabels = [ "nixos" ];
tokenFile = "${vars.storage_secrets}/services/github_runners/nix_builder";
user = "github-runners";
group = "github-runners";
extraPackages = [ pkgs.nixos-rebuild ];
# extraEnvironment
};
}

26
systems/jeeves/runners/default.nix
View File

@@ -1,26 +0,0 @@
{ pkgs, ... }:
{
imports = [ ./nix_builder.nix ];
users = {
users.github-runners = {
shell = pkgs.bash;
isSystemUser = true;
group = "github-runners";
uid = 601;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/S8i+BNX/12JNKg+5EKGX7Aqimt5KM+ve3wt/SyWuO github-runners" # cspell:disable-line
];
};
groups.github-runners.gid = 601;
};
services.nix_builder.containers = {
nix-builder-0.enable = true;
nix-builder-1.enable = true;
nix-builder-2.enable = true;
nix-builder-3.enable = true;
nix-builder-4.enable = true;
nix-builder-5.enable = true;
};
}

101
systems/jeeves/runners/nix_builder.nix
View File

@@ -1,101 +0,0 @@
{ config, lib, ... }:
with lib;
let
vars = import ../vars.nix;
in
{
options.services.nix_builder.containers = mkOption {
type = types.attrsOf (
types.submodule (
{ name, ... }:
{
options.enable = mkEnableOption "GitHub runner container";
}
)
);
default = { };
description = "GitHub runner container configurations";
};
config.containers = mapAttrs (
name: cfg:
mkIf cfg.enable {
autoStart = true;
bindMounts = {
"/storage" = {
mountPoint = "/zfs/media/github-runners/${name}";
isReadOnly = false;
};
"/secrets".mountPoint = "${vars.storage_secrets}/services/github-runners/${name}";
"ssh-keys".mountPoint = "${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners";
};
config =
{
config,
pkgs,
lib,
...
}:
{
nix.settings = {
trusted-substituters = [
"https://cache.nixos.org"
"https://cache.tmmworkshop.com"
"https://nix-community.cachix.org"
];
substituters = [
"https://cache.nixos.org/?priority=2&want-mass-query=true"
"https://cache.tmmworkshop.com/?priority=2&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.tmmworkshop.com:jHffkpgbmEdstQPoihJPYW9TQe6jnQbWR2LqkNGV3iA="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
experimental-features = [
"flakes"
"nix-command"
];
};
programs.ssh.extraConfig = ''
Host jeeves
Port 629
User github-runners
HostName 192.168.95.14
IdentityFile ${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
'';
services.github-runners.${name} = {
enable = true;
replace = true;
workDir = "/zfs/media/github-runners/${name}";
url = "https://github.com/RichieCahill/dotfiles";
extraLabels = [ "nixos" ];
tokenFile = "${vars.storage_secrets}/services/github-runners/${name}";
user = "github-runners";
group = "github-runners";
extraPackages = with pkgs; [
nixfmt-rfc-style
nixos-rebuild
openssh
treefmt
];
};
users = {
users.github-runners = {
shell = pkgs.bash;
isSystemUser = true;
group = "github-runners";
uid = 601;
};
groups.github-runners.gid = 601;
};
system.stateVersion = "24.11";
};
}
) config.services.nix_builder.containers;
}

4
systems/jeeves/scripts/zfs.sh
View File

@@ -19,11 +19,12 @@ sudo zpool add torrenting -o ashift=12 special
sudo zfs create -o compression=zstd-9 media/docker sudo zfs create -o compression=zstd-9 media/docker
sudo zfs create -o recordsize=1M -o compression=zstd-19 media/library sudo zfs create -o recordsize=1M -o compression=zstd-19 media/library
sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners
sudo zfs create -o exec=off media/minio
sudo zfs create -o copies=3 media/notes sudo zfs create -o copies=3 media/notes
sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/photoprism_mariadb media/photoprism_mariadb
sudo zfs create -o compression=zstd-9 media/plex sudo zfs create -o compression=zstd-9 media/plex
sudo zfs create -o compression=zstd-9 media/services sudo zfs create -o compression=zstd-9 media/services
sudo zfs create -o compression=zstd-19 media/home_assistant sudo zfs create -o compression=zstd-19 media/home_assistant
sudo zfs create -o exec=off media/share
sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres
# storage datasets # storage datasets
@@ -37,3 +38,4 @@ sudo zfs create -o compression=zstd-19 storage/syncthing
# torrenting datasets # torrenting datasets
sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbit sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbit
sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbitvpn sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/qbitvpn
sudo zfs create -o recordsize=16K -o exec=off -o sync=disabled torrenting/transmission

6
systems/jeeves/services/systemd.nix → systems/jeeves/services.nix
View File

@@ -4,7 +4,7 @@
... ...
}: }:
let let
vars = import ../vars.nix; vars = import ./vars.nix;
in in
{ {
systemd = { systemd = {
@@ -13,7 +13,7 @@ in
description = "maintains /zfs/storage/plex permissions"; description = "maintains /zfs/storage/plex permissions";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${../scripts/plex_permission.sh}"; ExecStart = "${pkgs.bash}/bin/bash ${./scripts/plex_permission.sh}";
}; };
}; };
startup_validation = { startup_validation = {
@@ -25,7 +25,7 @@ in
serviceConfig = { serviceConfig = {
EnvironmentFile = "${vars.storage_secrets}/services/server-validation"; EnvironmentFile = "${vars.storage_secrets}/services/server-validation";
Type = "oneshot"; Type = "oneshot";
ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_system --config-file='${./validate_system.toml}'"; ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_jeeves";
}; };
}; };
}; };

14
systems/jeeves/services/audiobookshelf.nix
View File

@@ -1,14 +0,0 @@
{ lib, ... }:
let
vars = import ../vars.nix;
in
{
services.audiobookshelf = {
enable = true;
openFirewall = true;
host = "192.168.90.40";
};
systemd.services.audiobookshelf.serviceConfig.WorkingDirectory =
lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
users.users.audiobookshelf.home = lib.mkForce "${vars.media_docker_configs}/audiobookshelf";
}

17
systems/jeeves/services/cloud_flare_tunnel.nix
View File

@@ -1,17 +0,0 @@
{ pkgs, ... }:
let
vars = import ../vars.nix;
in
{
systemd.services.cloud_flare_tunnel = {
description = "cloud_flare_tunnel proxy's traffic through cloudflare";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
EnvironmentFile = "${vars.storage_secrets}/docker/cloud_flare_tunnel";
ExecStart = "${pkgs.cloudflared}/bin/cloudflared --no-autoupdate tunnel run";
Restart = "on-failure";
};
};
}

9
systems/jeeves/services/default.nix
View File

@@ -1,9 +0,0 @@
{ lib, ... }:
{
imports =
let
files = builtins.attrNames (builtins.readDir ./.);
nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files;
in
map (file: ./. + "/${file}") nixFiles;
}

10
systems/jeeves/services/duckdns.nix
View File

@@ -1,10 +0,0 @@
let
vars = import ../vars.nix;
in
{
services.duckdns = {
enable = true;
tokenFile = "${vars.storage_secrets}/services/duckdns/token";
domainsFile = "${vars.storage_secrets}/services/duckdns/domains";
};
}

23
systems/jeeves/services/filebrowser.nix
View File

@@ -1,23 +0,0 @@
{
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
networking.firewall.allowedTCPPorts = [ 8080 ];
systemd.services.filebrowser = {
description = "filebrowser";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "richie";
Group = "users";
ExecStart = "${pkgs.filebrowser}/bin/filebrowser --root=/zfs --address=0.0.0.0 --database=${vars.media_docker_configs}/filebrowser/filebrowser.db";
Restart = "on-failure";
};
};
}

11
systems/jeeves/services/haproxy.nix
View File

@@ -1,11 +0,0 @@
{
networking.firewall.allowedTCPPorts = [
80
443
];
services.haproxy = {
enable = true;
config = builtins.readFile ./haproxy.cfg;
};
}

69
systems/jeeves/services/home_assistant.nix
View File

@@ -1,69 +0,0 @@
let
vars = import ../vars.nix;
in
{
services = {
home-assistant = {
enable = true;
openFirewall = true;
configDir = vars.media_home_assistant;
config = {
http = {
server_port = 8123;
server_host = [
"192.168.95.14"
"192.168.90.40"
];
use_x_forwarded_for = true;
trusted_proxies = "192.168.95.0/24";
};
homeassistant = {
time_zone = "America/New_York";
unit_system = "us_customary";
temperature_unit = "F";
};
assist_pipeline = { };
backup = { };
bluetooth = { };
config = { };
dhcp = { };
energy = { };
history = { };
homeassistant_alerts = { };
image_upload = { };
logbook = { };
media_source = { };
mobile_app = { };
ssdp = { };
sun = { };
webhook = { };
zeroconf = { };
automation = "!include automations.yaml";
script = "!include scripts.yaml";
scene = "!include scenes.yaml";
group = "!include groups.yaml";
};
extraPackages =
python3Packages: with python3Packages; [
aioesphomeapi
aiounifi
bleak-esphome
esphome-dashboard-api
gtts
jellyfin-apiclient-python
psycopg2
pymetno
pyownet
rokuecp
uiprotect
wakeonlan
];
extraComponents = [ "isal" ];
};
esphome = {
enable = true;
openFirewall = true;
address = "192.168.90.40";
};
};
}

10
systems/jeeves/services/jellyfin.nix
View File

@@ -1,10 +0,0 @@
let
vars = import ../vars.nix;
in
{
services.jellyfin = {
enable = true;
openFirewall = true;
dataDir = "${vars.media_services}/jellyfin";
};
}

10
systems/jeeves/services/nix_serve.nix
View File

@@ -1,10 +0,0 @@
let
vars = import ../vars.nix;
in
{
services.nix-serve = {
enable = true;
secretKeyFile = "${vars.storage_secrets}/services/nix-cache/cache-priv-key.pem";
openFirewall = true;
};
}

127
systems/jeeves/services/postgress.nix
View File

@@ -1,127 +0,0 @@
{ pkgs, ... }:
let
vars = import ../vars.nix;
in
{
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_17_jit;
enableTCPIP = true;
enableJIT = true;
dataDir = "${vars.media_database}/postgres";
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all all trust
# ipv4
host all all 127.0.0.1/32 trust
host all all 192.168.90.1/24 trust
# ipv6
host all all ::1/128 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
# Let other names login as themselves
superuser_map richie postgres
'';
ensureUsers = [
{
name = "postgres";
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
{
name = "richie";
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
];
# Thank you NotAShelf
# https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
settings = {
# Connectivity;
max_connections = 100;
superuser_reserved_connections = 3;
# Memory Settings;
shared_buffers = "1024 MB";
work_mem = "32 MB";
maintenance_work_mem = "320 MB";
huge_pages = "off";
effective_cache_size = "2 GB";
effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
# Monitoring;
shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
track_io_timing = "on"; # measure exact block IO times;
track_functions = "pl"; # track execution times of pl-language procedures if any;
# Replication;
wal_level = "replica"; # consider using at least "replica";
max_wal_senders = 0;
synchronous_commit = "on";
# Checkpointing: ;
checkpoint_timeout = "15 min";
checkpoint_completion_target = 0.9;
max_wal_size = "1024 MB";
min_wal_size = "512 MB";
# WAL writing;
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
# Background writer;
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
# Parallel queries: ;
max_worker_processes = 6;
max_parallel_workers_per_gather = 3;
max_parallel_maintenance_workers = 3;
max_parallel_workers = 6;
parallel_leader_participation = "on";
# Advanced features ;
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
# log slow queries
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
# logging configuration
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
};
};
}

13
systems/jeeves/services/validate_system.toml
View File

@@ -1,13 +0,0 @@
zpool = ["root_pool", "storage", "torrenting", "media"]
services = [
"audiobookshelf",
"cloud_flare_tunnel",
"haproxy",
"docker-qbit",
"docker-qbitvpn",
"docker-uptime_kuma",
"docker",
"filebrowser",
"home-assistant",
"jellyfin",
]

78
systems/jeeves/syncthing.nix
View File

@@ -2,18 +2,13 @@ let
vars = import ./vars.nix; vars = import ./vars.nix;
in in
{ {
networking.firewall.allowedTCPPorts = [ 8384 ];
services.syncthing = { services.syncthing = {
guiAddress = "192.168.90.40:8384"; guiAddress = "192.168.90.40:8384";
settings = { settings.folders = {
devices.davids-server.id = "7GXTDGR-AOXFW2O-K6J7NM3-XYZNRRW-AKHAFWM-GBOWUPQ-OA6JIWD-ER7RDQL"; # cspell:disable-line "bob_temp" = {
folders = { path = "${vars.storage_syncthing}/bob_temp";
"dotfiles" = {
path = "/home/richie/dotfiles";
devices = [ devices = [
"bob" "jeeves"
"rhapsody-in-green"
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
}; };
@@ -21,8 +16,8 @@ in
id = "l62ul-lpweo"; # cspell:disable-line id = "l62ul-lpweo"; # cspell:disable-line
path = vars.media_notes; path = vars.media_notes;
devices = [ devices = [
"bob"
"rhapsody-in-green" "rhapsody-in-green"
"davids-server"
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
}; };
@@ -51,6 +46,7 @@ in
id = "vyma6-lqqrz"; # cspell:disable-line id = "vyma6-lqqrz"; # cspell:disable-line
path = "${vars.storage_syncthing}/projects"; path = "${vars.storage_syncthing}/projects";
devices = [ devices = [
"bob"
"rhapsody-in-green" "rhapsody-in-green"
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
@@ -62,68 +58,6 @@ in
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
}; };
"vault" = {
path = "/home/richie/vault";
devices = [
"rhapsody-in-green"
"davids-server"
];
fsWatcherEnabled = true;
};
"backup" = {
path = "${vars.storage_syncthing}/backup";
devices = [
"davids-server"
];
fsWatcherEnabled = true;
};
#
"davids-backup1" = {
id = "8229p-8z3tm"; # cspell:disable-line
path = "${vars.storage_syncthing}/davids_backups/1";
devices = [
"davids-server"
];
fsWatcherEnabled = true;
type = "receiveencrypted";
};
"davids-backup2" = {
id = "iciw3-dp6ao"; # cspell:disable-line
path = "${vars.storage_syncthing}/davids_backups/2";
devices = [
"davids-server"
];
fsWatcherEnabled = true;
type = "receiveencrypted";
};
"davids-backup3" = {
id = "9si6m-bnkjb"; # cspell:disable-line
path = "${vars.storage_syncthing}/davids_backups/3";
devices = [
"davids-server"
];
fsWatcherEnabled = true;
type = "receiveencrypted";
};
"davids-backup4" = {
id = "qjyfy-uupj4"; # cspell:disable-line
path = "${vars.storage_syncthing}/davids_backups/4";
devices = [
"davids-server"
];
fsWatcherEnabled = true;
type = "receiveencrypted";
};
"davids-backup5" = {
id = "fm4h5-emsu2"; # cspell:disable-line
path = "${vars.storage_syncthing}/davids_backups/5";
devices = [
"davids-server"
];
fsWatcherEnabled = true;
type = "receiveencrypted";
};
};
}; };
}; };
} }

28
systems/jeeves/transmission.nix Normal file
View File

@@ -0,0 +1,28 @@
{ pkgs, ... }:
let
vars = import ./vars.nix;
in
{
environment.systemPackages = with pkgs; [
transmission-rss
];
services.transmission = {
enable = true;
package = pkgs.transmission_4;
home = "${vars.media_docker_configs}/transmission";
group = "users";
openRPCPort = true;
openPeerPorts = true;
openFirewall = true;
webHome = pkgs.flood-for-transmission;
settings = {
message-level = 2;
incomplete-dir-enabled = true;
incomplete-dir = "${vars.torrenting_transmission}/incomplete";
download-dir = "${vars.torrenting_transmission}/download";
download-queue-enabled = false;
peer-limit-global = 10000;
peer-limit-per-torrent = 100;
};
};
}

5
systems/jeeves/vars.nix
View File

@@ -9,9 +9,9 @@ in
media_database = "${zfs_media}/database"; media_database = "${zfs_media}/database";
media_docker = "${zfs_media}/docker"; media_docker = "${zfs_media}/docker";
media_docker_configs = "${zfs_media}/docker/configs"; media_docker_configs = "${zfs_media}/docker/configs";
media_mirror = "${zfs_media}/mirror";
media_share = "${zfs_media}/share";
media_services = "${zfs_media}/services"; media_services = "${zfs_media}/services";
media_services_configs = "${zfs_media}/services/configs";
media_mirror = "${zfs_media}/mirror";
media_notes = "${zfs_media}/notes"; media_notes = "${zfs_media}/notes";
media_plex = "${zfs_media}/plex"; media_plex = "${zfs_media}/plex";
media_home_assistant = "${zfs_media}/home_assistant"; media_home_assistant = "${zfs_media}/home_assistant";
@@ -25,4 +25,5 @@ in
# torrenting # torrenting
torrenting_qbit = "${zfs_torrenting}/qbit"; torrenting_qbit = "${zfs_torrenting}/qbit";
torrenting_qbitvpn = "${zfs_torrenting}/qbitvpn"; torrenting_qbitvpn = "${zfs_torrenting}/qbitvpn";
torrenting_transmission = "${zfs_torrenting}/transmission";
} }

61
systems/muninn/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{ inputs, pkgs, ... }:
{
imports = [
../../users/gaming
../../users/richie
../../common/global
../../common/optional/desktop.nix
../../common/optional/steam.nix
../../common/optional/systemd-boot.nix
../../common/optional/update.nix
./hardware.nix
inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
];
environment.systemPackages = with pkgs; [
plex-media-player
];
networking = {
hostName = "muninn";
hostId = "a43179c5";
firewall.enable = true;
networkmanager.enable = true;
};
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
firmware = [ pkgs.sof-firmware ];
};
security.rtkit.enable = true;
services = {
displayManager = {
enable = true;
autoLogin = {
user = "gaming";
enable = true;
};
defaultSession = "steam";
# defaultSession = "plasma";
};
openssh.ports = [ 295 ];
printing.enable = true;
snapshot_manager.enable = true;
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
};
system.stateVersion = "24.05";
}

32
systems/brendans-system/hardware.nix → systems/muninn/hardware.nix
View File

@@ -1,12 +1,4 @@
# Do not modify this file! It was generated by nixos-generate-config { config, lib, modulesPath, ... }:
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@@ -16,21 +8,20 @@
availableKernelModules = [ availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
"ahci" "thunderbolt"
"usbhid"
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
]; ];
kernelModules = [ ]; kernelModules = [ ];
luks.devices."luks-root-pool-nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2" = { luks.devices."luks-root-pool-nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2"; device = "/dev/disk/by-id/nvme-INTEL_SSDPEKKW256G7_BTPY63820XBH256D-part2";
bypassWorkqueues = true; bypassWorkqueues = true;
allowDiscards = true; allowDiscards = true;
keyFileSize = 4096; keyFileSize = 4096;
keyFile = "/dev/disk/by-id/usb-Samsung_Flash_Drive_FIT_0374620080067131-0:0"; keyFile = "/dev/disk/by-id/usb-SanDisk_Ultra_T_C_4C530001020919102244-0:0";
}; };
}; };
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
@@ -45,13 +36,18 @@
fsType = "zfs"; fsType = "zfs";
}; };
"/nix" = {
device = "root_pool/nix";
fsType = "zfs";
};
"/var" = { "/var" = {
device = "root_pool/var"; device = "root_pool/var";
fsType = "zfs"; fsType = "zfs";
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/609D-FF29"; device = "/dev/disk/by-uuid/12CE-A600";
fsType = "vfat"; fsType = "vfat";
options = [ options = [
"fmask=0077" "fmask=0077"
@@ -62,8 +58,6 @@
swapDevices = [ ]; swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

21
systems/rhapsody-in-green/default.nix
View File

@@ -13,7 +13,6 @@
./hardware.nix ./hardware.nix
./syncthing.nix ./syncthing.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd inputs.nixos-hardware.nixosModules.framework-13-7040-amd
inputs.nixos-cosmic.nixosModules.default
]; ];
networking = { networking = {
@@ -23,10 +22,28 @@
networkmanager.enable = true; networkmanager.enable = true;
}; };
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
security.rtkit.enable = true;
services = { services = {
openssh.ports = [ 922 ]; openssh.ports = [ 922 ];
desktopManager.cosmic.enable = true; printing.enable = true;
snapshot_manager.enable = true;
zfs = {
trim.enable = true;
autoScrub.enable = true;
};
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";

7
systems/rhapsody-in-green/hardware.nix
View File

@@ -1,9 +1,4 @@
{ { config, lib, modulesPath, ... }:
config,
lib,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

12
systems/rhapsody-in-green/syncthing.nix
View File

@@ -1,17 +1,10 @@
{ {
services.syncthing.settings.folders = { services.syncthing.settings.folders = {
"dotfiles" = {
path = "/home/richie/dotfiles";
devices = [
"jeeves"
"bob"
];
fsWatcherEnabled = true;
};
"notes" = { "notes" = {
id = "l62ul-lpweo"; # cspell:disable-line id = "l62ul-lpweo"; # cspell:disable-line
path = "/home/richie/notes"; path = "/home/richie/notes";
devices = [ devices = [
"bob"
"jeeves" "jeeves"
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
@@ -41,6 +34,7 @@
id = "vyma6-lqqrz"; # cspell:disable-line id = "vyma6-lqqrz"; # cspell:disable-line
path = "/home/richie/projects"; path = "/home/richie/projects";
devices = [ devices = [
"bob"
"jeeves" "jeeves"
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
@@ -56,7 +50,7 @@
"vault" = { "vault" = {
path = "/home/richie/vault"; path = "/home/richie/vault";
devices = [ devices = [
"jeeves" "bob"
]; ];
fsWatcherEnabled = true; fsWatcherEnabled = true;
}; };

529
tools/installer.py
View File

@@ -2,10 +2,8 @@
from __future__ import annotations from __future__ import annotations
import curses
import logging import logging
import sys import sys
from collections import defaultdict
from os import getenv from os import getenv
from pathlib import Path from pathlib import Path
from random import getrandbits from random import getrandbits
@@ -111,9 +109,7 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
"-O normalization=formD " "-O normalization=formD "
"-O relatime=on " "-O relatime=on "
"-O xattr=sa " "-O xattr=sa "
"-O mountpoint=legacy " "-O mountpoint=none "
"-O compression=zstd "
"-O atime=off "
"root_pool " "root_pool "
) )
if len(pool_disks) == 1: if len(pool_disks) == 1:
@@ -131,100 +127,26 @@ def create_zfs_pool(pool_disks: Sequence[str], mnt_dir: str) -> None:
def create_zfs_datasets() -> None: def create_zfs_datasets() -> None:
"""Create ZFS datasets.""" """Create ZFS datasets."""
default_options = "-o compression=zstd -o atime=off -o mountpoint=legacy"
bash_wrapper(f"zfs create {default_options} -o canmount=noauto root_pool/root")
for dataset in ("home", "var"):
bash_wrapper(f"zfs create {default_options} root_pool/{dataset}")
bash_wrapper("zfs create -o canmount=noauto -o reservation=10G root_pool/root")
bash_wrapper("zfs create root_pool/home")
bash_wrapper("zfs create root_pool/var -o reservation=1G")
bash_wrapper("zfs create -o compression=zstd-9 -o reservation=10G root_pool/nix")
datasets = bash_wrapper("zfs list -o name") datasets = bash_wrapper("zfs list -o name")
expected_datasets = { expected_datasets = {"root_pool/root", "root_pool/home", "root_pool/var"}
"root_pool/root",
"root_pool/home",
"root_pool/var",
"root_pool/nix",
}
missing_datasets = expected_datasets.difference(datasets.splitlines()) missing_datasets = expected_datasets.difference(datasets.splitlines())
if missing_datasets: if missing_datasets:
logging.critical(f"Failed to create pools {missing_datasets}") logging.critical(f"Failed to create pools {missing_datasets}")
sys.exit(1) sys.exit(1)
def get_cpu_manufacturer() -> str:
"""Get the CPU manufacturer."""
output = bash_wrapper("cat /proc/cpuinfo")
id_vendor = {"AuthenticAMD": "amd", "GenuineIntel": "intel"}
for line in output.splitlines():
if "vendor_id" in line:
return id_vendor[line.split(": ")[1].strip()]
def get_boot_drive_id(disk: str) -> str:
"""Get the boot drive ID."""
output = bash_wrapper(f"lsblk -o UUID {disk}-part1")
return output.splitlines()[1]
def create_nix_hardware_file(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
"""Create a NixOS hardware file."""
cpu_manufacturer = get_cpu_manufacturer()
devices = ""
if encrypt:
disk = disks[0]
devices = (
f' luks.devices."luks-root-pool-{disk.split("/")[-1]}-part2"'
"= {\n"
f' device = "{disk}-part2";\n'
" bypassWorkqueues = true;\n"
" allowDiscards = true;\n"
" };\n"
)
host_id = format(getrandbits(32), "08x")
nix_hardware = (
"{ config, lib, modulesPath, ... }:\n"
"{\n"
' imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];\n\n'
" boot = {\n"
" initrd = {\n"
' availableKernelModules = [ \n "ahci"\n "ehci_pci"\n "nvme"\n "sd_mod"\n "usb_storage"\n "usbhid"\n "xhci_pci"\n ];\n'
" kernelModules = [ ];\n"
f" {devices}"
" };\n"
f' kernelModules = [ "kvm-{cpu_manufacturer}" ];\n'
" extraModulePackages = [ ];\n"
" };\n\n"
" fileSystems = {\n"
' "/" = lib.mkDefault {\n device = "root_pool/root";\n fsType = "zfs";\n };\n\n'
' "/home" = {\n device = "root_pool/home";\n fsType = "zfs";\n };\n\n'
' "/var" = {\n device = "root_pool/var";\n fsType = "zfs";\n };\n\n'
' "/nix" = {\n device = "root_pool/nix";\n fsType = "zfs";\n };\n\n'
' "/boot" = {\n'
f' device = "/dev/disk/by-uuid/{get_boot_drive_id(disks[0])}";\n'
' fsType = "vfat";\n options = [\n "fmask=0077"\n "dmask=0077"\n ];\n };\n };\n\n'
" swapDevices = [ ];\n\n"
" networking.useDHCP = lib.mkDefault true;\n\n"
' nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";\n'
f" hardware.cpu.{cpu_manufacturer}.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;\n"
f' networking.hostId = "{host_id}";\n'
"}\n"
)
Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").write_text(nix_hardware)
def install_nixos(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None: def install_nixos(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
"""Install NixOS.""" """Install NixOS."""
bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/root {mnt_dir}") bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/root {mnt_dir}")
bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/home {mnt_dir}/home") bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/home {mnt_dir}/home")
bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/var {mnt_dir}/var") bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/var {mnt_dir}/var")
bash_wrapper(f"mount -o X-mount.mkdir -t zfs root_pool/nix {mnt_dir}/nix")
for disk in disks: for disk in disks:
bash_wrapper(f"mkfs.vfat -n EFI {disk}-part1") bash_wrapper(f"mkfs.vfat -n EFI {disk}-part1")
@@ -235,20 +157,43 @@ def install_nixos(mnt_dir: str, disks: Sequence[str], encrypt: bool) -> None:
bash_wrapper(f"nixos-generate-config --root {mnt_dir}") bash_wrapper(f"nixos-generate-config --root {mnt_dir}")
create_nix_hardware_file(mnt_dir, disks, encrypt) host_id = format(getrandbits(32), "08x")
nix_hardware = Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").read_text()
nix_hardware = nix_hardware.replace(
";\n}", f';\n networking.hostId = "{host_id}";' "\n}"
)
if encrypt:
test = [
f' "luks-root-pool-{disk.split("/")[-1]}-part2".device = "{disk}-part2";\n'
for disk in disks
]
encrypted_disks = (
";\n boot.initrd.luks.devices = {\n" f"{''.join(test)}" " };\n" "}"
)
nix_hardware = nix_hardware.replace(";\n}", encrypted_disks)
Path(f"{mnt_dir}/etc/nixos/hardware-configuration.nix").write_text(nix_hardware)
run(("nixos-install", "--root", mnt_dir), check=True) # noqa: S603 run(("nixos-install", "--root", mnt_dir), check=True) # noqa: S603
def installer( def main() -> None:
disks: set[str],
swap_size: int,
reserve: int,
encrypt_key: str | None,
) -> None:
"""Main.""" """Main."""
configure_logger("DEBUG")
logging.info("Starting installation") logging.info("Starting installation")
disks = ("/dev/disk/by-id/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",)
# Set swap size in GB, set to 1 if you don't want swap to take up too much space
swap_size = 1
reserve = 0
encrypt_key = getenv("ENCRYPT_KEY")
for disk in disks: for disk in disks:
partition_disk(disk, swap_size, reserve) partition_disk(disk, swap_size, reserve)
@@ -266,7 +211,7 @@ def installer(
if encrypt_key: if encrypt_key:
pool_disks = [ pool_disks = [
f"/dev/mapper/luks-root-pool-{disk.split('/')[-1]}-part2" for disk in disks f'/dev/mapper/luks-root-pool-{disk.split("/")[-1]}-part2' for disk in disks
] ]
else: else:
pool_disks = [f"{disk}-part2" for disk in disks] pool_disks = [f"{disk}-part2" for disk in disks]
@@ -280,403 +225,5 @@ def installer(
logging.info("Installation complete") logging.info("Installation complete")
class Cursor:
def __init__(self):
self.x_position = 0
self.y_position = 0
self.height = 0
self.width = 0
def set_height(self, height: int):
self.height = height
def set_width(self, width: int):
self.width = width
def x_bounce_check(self, cursor: int) -> int:
cursor = max(0, cursor)
return min(self.width - 1, cursor)
def y_bounce_check(self, cursor: int) -> int:
cursor = max(0, cursor)
return min(self.height - 1, cursor)
def set_x(self, x: int):
self.x_position = self.x_bounce_check(x)
def set_y(self, y: int):
self.y_position = self.y_bounce_check(y)
def get_x(self) -> int:
return self.x_position
def get_y(self) -> int:
return self.y_position
def move_up(self):
self.set_y(self.y_position - 1)
def move_down(self):
self.set_y(self.y_position + 1)
def move_left(self):
self.set_x(self.x_position - 1)
def move_right(self):
self.set_x(self.x_position + 1)
def navigation(self, key: int) -> None:
action = {
curses.KEY_DOWN: self.move_down,
curses.KEY_UP: self.move_up,
curses.KEY_RIGHT: self.move_right,
curses.KEY_LEFT: self.move_left,
}
action.get(key, lambda: None)()
class State:
"""State class to store the state of the program."""
def __init__(self):
self.key = 0
self.cursor = Cursor()
self.swap_size = 0
self.show_swap_input = False
self.reserve_size = 0
self.show_reserve_input = False
self.selected_device_ids = set()
def get_selected_devices(self) -> tuple[str]:
"""Get selected devices."""
return tuple(self.selected_device_ids)
def get_device(raw_device: str) -> dict[str, str]:
raw_device_components = raw_device.split(" ")
return {
thing.split("=")[0].lower(): thing.split("=")[1].strip('"')
for thing in raw_device_components
}
def get_devices() -> list[dict[str, str]]:
"""Get a list of devices."""
# --bytes
raw_devices = bash_wrapper("lsblk --paths --pairs").splitlines()
return [get_device(raw_device) for raw_device in raw_devices]
def get_device_id_mapping() -> dict[str, set[str]]:
"""Get a list of device ids.
Returns:
list[str]: the list of device ids
"""
device_ids = bash_wrapper("find /dev/disk/by-id -type l").splitlines()
device_id_mapping: dict[str, set[str]] = defaultdict(set)
for device_id in device_ids:
device = bash_wrapper(f"readlink -f {device_id}").strip()
device_id_mapping[device].add(device_id)
return device_id_mapping
def calculate_device_menu_padding(
devices: list[dict[str, str]], column: str, padding: int = 0
) -> int:
return max(len(device[column]) for device in devices) + padding
def draw_device_ids(
state: State,
row_number: int,
menu_start_x: int,
std_screen: curses.window,
menu_width: list[int],
device_ids: set[str],
) -> tuple[State, int]:
for device_id in sorted(device_ids):
row_number = row_number + 1
if row_number == state.cursor.get_y() and state.cursor.get_x() in menu_width:
std_screen.attron(curses.A_BOLD)
if state.key == ord(" "):
if device_id not in state.selected_device_ids:
state.selected_device_ids.add(device_id)
else:
state.selected_device_ids.remove(device_id)
if device_id in state.selected_device_ids:
std_screen.attron(curses.color_pair(7))
std_screen.addstr(row_number, menu_start_x, f" {device_id}")
std_screen.attroff(curses.color_pair(7))
std_screen.attroff(curses.A_BOLD)
return state, row_number
def draw_device_menu(
std_screen: curses.window,
devices: list[dict[str, str]],
device_id_mapping: dict[str, set[str]],
state: State,
menu_start_y: int = 0,
menu_start_x: int = 0,
) -> State:
"""draw the device menu and handle user input
Args:
std_screen (curses.window): the curses window to draw on
devices (list[dict[str, str]]): the list of devices to draw
device_id_mapping (dict[str, set[str]]): the list of device ids to draw
state (State): the state object to update
menu_start_y (int, optional): the y position to start drawing the menu. Defaults to 0.
menu_start_x (int, optional): the x position to start drawing the menu. Defaults to 0.
Returns:
State: the updated state object
"""
padding = 2
name_padding = calculate_device_menu_padding(devices, "name", padding)
size_padding = calculate_device_menu_padding(devices, "size", padding)
type_padding = calculate_device_menu_padding(devices, "type", padding)
mountpoints_padding = calculate_device_menu_padding(devices, "mountpoints", padding)
device_header = f"{'Name':{name_padding}}{'Size':{size_padding}}{'Type':{type_padding}}{'Mountpoints':{mountpoints_padding}}"
menu_width = range(menu_start_x, len(device_header) + menu_start_x)
std_screen.addstr(menu_start_y, menu_start_x, device_header, curses.color_pair(5))
devises_list_start = menu_start_y + 1
row_number = devises_list_start
for device in devices:
row_number = row_number + 1
device_name = device["name"]
device_row = (
f"{device_name:{name_padding}}"
f"{device['size']:{size_padding}}"
f"{device['type']:{type_padding}}"
f"{device['mountpoints']:{mountpoints_padding}}"
)
std_screen.addstr(row_number, menu_start_x, device_row)
state, row_number = draw_device_ids(
state=state,
row_number=row_number,
menu_start_x=menu_start_x,
std_screen=std_screen,
menu_width=menu_width,
device_ids=device_id_mapping[device_name],
)
return state, row_number
def debug_menu(std_screen: curses.window, key: int) -> None:
height, width = std_screen.getmaxyx()
width_height = "Width: {}, Height: {}".format(width, height)
std_screen.addstr(height - 4, 0, width_height, curses.color_pair(5))
key_pressed = f"Last key pressed: {key}"[: width - 1]
if key == 0:
key_pressed = "No key press detected..."[: width - 1]
std_screen.addstr(height - 3, 0, key_pressed)
for i in range(0, 8):
std_screen.addstr(height - 2, i * 3, f"{i}██", curses.color_pair(i))
def status_bar(
std_screen: curses.window,
cursor: Cursor,
width: int,
height: int,
) -> None:
std_screen.attron(curses.A_REVERSE)
std_screen.attron(curses.color_pair(3))
status_bar = (
f"Press 'q' to exit | STATUS BAR | Pos: {cursor.get_x()}, {cursor.get_y()}"
)
std_screen.addstr(height - 1, 0, status_bar)
std_screen.addstr(height - 1, len(status_bar), " " * (width - len(status_bar) - 1))
std_screen.attroff(curses.color_pair(3))
std_screen.attroff(curses.A_REVERSE)
def set_color() -> None:
curses.start_color()
curses.use_default_colors()
for i in range(0, curses.COLORS):
curses.init_pair(i + 1, i, -1)
def get_text_input(std_screen: curses.window, prompt: str, y: int, x: int) -> str:
curses.echo()
std_screen.addstr(y, x, prompt)
input_str = ""
while True:
key = std_screen.getch()
if key == ord("\n"):
break
elif key == 27: # ESC key
input_str = ""
break
elif key in (curses.KEY_BACKSPACE, ord("\b"), 127):
input_str = input_str[:-1]
std_screen.addstr(y, x + len(prompt), input_str + " ")
else:
input_str += chr(key)
std_screen.refresh()
curses.noecho()
return input_str
def swap_size_input(
std_screen: curses.window,
state: State,
swap_offset: int,
) -> State:
swap_size_text = "Swap size (GB): "
std_screen.addstr(swap_offset, 0, f"{swap_size_text}{state.swap_size}")
if state.key == ord("\n") and state.cursor.get_y() == swap_offset:
state.show_swap_input = True
if state.show_swap_input:
swap_size_str = get_text_input(std_screen, swap_size_text, swap_offset, 0)
try:
state.swap_size = int(swap_size_str)
state.show_swap_input = False
except ValueError:
std_screen.addstr(
swap_offset, 0, "Invalid input. Press any key to continue."
)
std_screen.getch()
state.show_swap_input = False
return state
def reserve_size_input(
std_screen: curses.window,
state: State,
reserve_offset: int,
) -> State:
reserve_size_text = "reserve size (GB): "
std_screen.addstr(reserve_offset, 0, f"{reserve_size_text}{state.reserve_size}")
if state.key == ord("\n") and state.cursor.get_y() == reserve_offset:
state.show_reserve_input = True
if state.show_reserve_input:
reserve_size_str = get_text_input(
std_screen, reserve_size_text, reserve_offset, 0
)
try:
state.reserve_size = int(reserve_size_str)
state.show_reserve_input = False
except ValueError:
std_screen.addstr(
reserve_offset, 0, "Invalid input. Press any key to continue."
)
std_screen.getch()
state.show_reserve_input = False
return state
def draw_menu(std_screen: curses.window) -> State:
"""draw the menu and handle user input
Args:
std_screen (curses.window): the curses window to draw on
Returns:
State: the state object
"""
# Clear and refresh the screen for a blank canvas
std_screen.clear()
std_screen.refresh()
set_color()
state = State()
devices = get_devices()
device_id_mapping = get_device_id_mapping()
# Loop where k is the last character pressed
while state.key != ord("q"):
std_screen.clear()
height, width = std_screen.getmaxyx()
state.cursor.set_height(height)
state.cursor.set_width(width)
state.cursor.navigation(state.key)
state, device_menu_size = draw_device_menu(
std_screen=std_screen,
state=state,
devices=devices,
device_id_mapping=device_id_mapping,
)
swap_offset = device_menu_size + 2
swap_size_input(
std_screen=std_screen,
state=state,
swap_offset=swap_offset,
)
reserve_size_input(
std_screen=std_screen,
state=state,
reserve_offset=swap_offset + 1,
)
status_bar(std_screen, state.cursor, width, height)
debug_menu(std_screen, state.key)
std_screen.move(state.cursor.get_y(), state.cursor.get_x())
std_screen.refresh()
state.key = std_screen.getch()
return state
def main() -> None:
configure_logger("DEBUG")
state = curses.wrapper(draw_menu)
encrypt_key = getenv("ENCRYPT_KEY")
logging.info("installing_nixos")
logging.info(f"disks: {state.selected_device_ids}")
logging.info(f"swap_size: {state.swap_size}")
logging.info(f"reserve: {state.reserve_size}")
logging.info(f"encrypted: {bool(encrypt_key)}")
sleep(3)
installer(
disks=state.get_selected_devices(),
swap_size=state.swap_size,
reserve=state.reserve_size,
encrypt_key=encrypt_key,
)
if __name__ == "__main__": if __name__ == "__main__":
main() main()

14
treefmt.toml
View File

@@ -1,14 +0,0 @@
# One CLI to format the code tree - https://github.com/numtide/treefmt
[global]
# Glob patterns of files to exclude
excludes = [".git/"]
[formatter.nixfmt]
# Formatter to run
command = "nixfmt"
# Command-line arguments for the command
#options = []
# Glob pattern of files to include
includes = ["*.nix"]

49
users/brendan/default.nix
View File

@@ -1,49 +0,0 @@
{
pkgs,
config,
...
}:
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
sops.secrets.brendan_password = {
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
users = {
users.brendan = {
isNormalUser = true;
hashedPasswordFile = "${config.sops.secrets.brendan_password.path}";
shell = pkgs.zsh;
group = "brendan";
extraGroups =
[
"audio"
"video"
"wheel"
"users"
]
++ ifTheyExist [
"dialout"
"docker"
"hass"
"libvirtd"
"networkmanager"
"plugdev"
"scanner"
"uaccess"
"wireshark"
];
uid = 1001;
};
groups.brendan.gid = 1001;
};
home-manager.users.brendan = import ./systems/${config.networking.hostName}.nix;
}

9
users/brendan/home/cli/default.nix
View File

@@ -1,9 +0,0 @@
{
imports = [
./direnv.nix
./git.nix
./zsh.nix
];
programs.starship.enable = true;
}

8
users/brendan/home/cli/direnv.nix
View File

@@ -1,8 +0,0 @@
{
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
}

12
users/brendan/home/cli/git.nix
View File

@@ -1,12 +0,0 @@
{
programs.git = {
enable = true;
userEmail = "XXXXXXXXXXXXXXXXX";
userName = "XXXXXXXXXXXXXXXXX";
extraConfig = {
pull.rebase = true;
color.ui = true;
};
lfs.enable = true;
};
}

29
users/brendan/home/cli/zsh.nix
View File

@@ -1,29 +0,0 @@
{
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
history.size = 10000;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"docker"
"docker-compose"
"colored-man-pages"
"rust"
"systemd"
"tmux"
"ufw"
"z"
];
};
shellAliases = {
"lrt" = "eza --icons -lsnew";
"ls" = "eza";
"ll" = "eza --long --group";
"la" = "eza --all";
"rebuild" = "sudo nixos-rebuild switch --flake /home/brendan/dotfiles#$HOST";
};
};
}

21
users/brendan/home/global.nix
View File

@@ -1,21 +0,0 @@
{ config, ... }:
{
imports = [
./cli
./programs.nix
];
programs = {
home-manager.enable = true;
git.enable = true;
};
home = {
username = "brendan";
homeDirectory = "/home/${config.home.username}";
stateVersion = "24.05";
sessionVariables = {
FLAKE = "$HOME/dotfiles";
};
};
}

28
users/brendan/home/gui/default.nix
View File

@@ -1,28 +0,0 @@
{ pkgs, ... }:
{
imports = [
./firefox
./vscode
];
home.packages = with pkgs; [
candy-icons
chromium
discord-canary
gimp
gparted
mediainfo
nemo
nemo-fileroller
obs-studio
obsidian
prismlauncher
proxychains
prusa-slicer
signal-desktop
sweet-nova
util-linux
vlc
zoom-us
];
}

255
users/brendan/home/gui/firefox/default.nix
View File

@@ -1,255 +0,0 @@
{ inputs, ... }:
{
imports = [ ./search_engines.nix ];
programs.firefox = {
enable = true;
profiles.richie = {
extensions = with inputs.firefox-addons.packages.x86_64-linux; [
bitwarden
darkreader
dearrow
fastforwardteam
return-youtube-dislikes
sponsorblock
ublock-origin
];
search = {
force = true;
default = "kagi";
order = [
"kagi"
"DuckDuckGo"
"Google"
];
};
settings = {
# SECTION: FASTFOX
# GENERAL
"content.notify.interval" = 100000;
# GFX
"gfx.canvas.accelerated.cache-items" = 4096;
"gfx.canvas.accelerated.cache-size" = 512;
"gfx.content.skia-font-cache-size" = 20;
# DISK CACHE
"browser.cache.jsbc_compression_level" = 3;
# MEDIA CACHE
"media.memory_cache_max_size" = 65536;
"media.cache_readahead_limit" = 7200;
"media.cache_resume_threshold" = 3600;
# IMAGE CACHE
"image.mem.decode_bytes_at_a_time" = 32768;
# NETWORK
"network.buffer.cache.size" = 262144;
"network.buffer.cache.count" = 128;
"network.http.max-connections" = 1800;
"network.http.max-persistent-connections-per-server" = 10;
"network.http.max-urgent-start-excessive-connections-per-host" = 5;
"network.http.pacing.requests.enabled" = false;
"network.dnsCacheExpiration" = 3600;
"network.dns.max_high_priority_threads" = 8;
"network.ssl_tokens_cache_capacity" = 10240;
# SPECULATIVE LOADING
"network.dns.disablePrefetch" = true;
"network.prefetch-next" = false;
"network.predictor.enabled" = false;
# EXPERIMENTAL
"layout.css.grid-template-masonry-value.enabled" = true;
"dom.enable_web_task_scheduling" = true;
"layout.css.has-selector.enabled" = true;
"dom.security.sanitizer.enabled" = true;
# SECTION: SECUREFOX
# TRACKING PROTECTION
"browser.contentblocking.category" = "strict";
"urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
"urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
"network.cookie.sameSite.noneRequiresSecure" = true;
"browser.download.start_downloads_in_tmp_dir" = true;
"browser.helperApps.deleteTempFileOnExit" = true;
"browser.uitour.enabled" = false;
"privacy.globalprivacycontrol.enabled" = true;
# OCSP & CERTS / HPKP
"security.OCSP.enabled" = 0;
"security.remote_settings.crlite_filters.enabled" = true;
"security.pki.crlite_mode" = 2;
# SSL / TLS
"security.ssl.treat_unsafe_negotiation_as_broken" = true;
"browser.xul.error_pages.expert_bad_cert" = true;
"security.tls.enable_0rtt_data" = false;
# DISK AVOIDANCE
"browser.privatebrowsing.forceMediaMemoryCache" = true;
"browser.sessionstore.interval" = 60000;
# SHUTDOWN & SANITIZING
"privacy.history.custom" = true;
# SEARCH / URL BAR
"browser.search.separatePrivateDefault.ui.enabled" = true;
"browser.urlbar.update2.engineAliasRefresh" = true;
# PREF: restore search engine suggestions
"browser.search.suggest.enabled" = true;
"browser.urlbar.suggest.quicksuggest.sponsored" = false;
"browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
"browser.formfill.enable" = false;
"security.insecure_connection_text.enabled" = true;
"security.insecure_connection_text.pbmode.enabled" = true;
"network.IDN_show_punycode" = true;
# HTTPS-FIRST POLICY
"dom.security.https_first" = true;
"dom.security.https_first_schemeless" = true;
# PASSWORDS
"signon.formlessCapture.enabled" = false;
"signon.rememberSignons" = false;
"signon.privateBrowsingCapture.enabled" = false;
"network.auth.subresource-http-auth-allow" = 1;
"editor.truncate_user_pastes" = false;
# MIXED CONTENT + CROSS-SITE
"security.mixed_content.block_display_content" = true;
"security.mixed_content.upgrade_display_content" = true;
"security.mixed_content.upgrade_display_content.image" = true;
"pdfjs.enableScripting" = false;
"extensions.postDownloadThirdPartyPrompt" = false;
# HEADERS / REFERERS
"network.http.referer.XOriginTrimmingPolicy" = 2;
# CONTAINERS
"privacy.userContext.ui.enabled" = true;
# WEBRTC
"media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
"media.peerconnection.ice.default_address_only" = true;
# SAFE BROWSING
"browser.safebrowsing.downloads.remote.enabled" = false;
# MOZILLA
# PREF: allow websites to ask you to receive site notifications
"permissions.default.desktop-notification" = 0; # allow websites to ask
# PREF: allow websites to ask you for your location
"permissions.default.geo" = 0;
"geo.provider.network.url" =
"https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"permissions.manager.defaultsUrl" = "";
"webchannel.allowObject.urlWhitelist" = "";
# TELEMETRY
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.server" = "data:,";
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.updatePing.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.coverage.opt-out" = true;
"toolkit.coverage.opt-out" = true;
"toolkit.coverage.endpoint.base" = "";
"browser.ping-centre.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
# EXPERIMENTS
"app.shield.optoutstudies.enabled" = false;
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
# CRASH REPORTS
"breakpad.reportURL" = "";
"browser.tabs.crashReporting.sendReport" = false;
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
# DETECTION
"captivedetect.canonicalURL" = "";
"network.captive-portal-service.enabled" = false;
"network.connectivity-service.enabled" = false;
# SECTION: PESKYFOX
# MOZILLA UI
"browser.privatebrowsing.vpnpromourl" = "";
"extensions.getAddons.showPane" = false;
"extensions.htmlaboutaddons.recommendations.enabled" = false;
"browser.discovery.enabled" = false;
"browser.shell.checkDefaultBrowser" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
"browser.preferences.moreFromMozilla" = false;
"browser.tabs.tabmanager.enabled" = false;
"browser.aboutConfig.showWarning" = false;
"browser.aboutwelcome.enabled" = false;
# THEME ADJUSTMENTS
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.compactmode.show" = true;
"browser.display.focus_ring_on_anything" = true;
"browser.display.focus_ring_style" = 0;
"browser.display.focus_ring_width" = 0;
"layout.css.prefers-color-scheme.content-override" = 2;
# COOKIE BANNER HANDLING
"cookiebanners.service.mode" = 1;
"cookiebanners.service.mode.privateBrowsing" = 1;
# FULLSCREEN NOTICE
"full-screen-api.transition-duration.enter" = "0 0";
"full-screen-api.transition-duration.leave" = "0 0";
"full-screen-api.warning.delay" = -1;
"full-screen-api.warning.timeout" = 0;
# URL BAR
"browser.urlbar.suggest.calculator" = true;
"browser.urlbar.unitConversion.enabled" = true;
"browser.urlbar.trending.featureGate" = false;
# NEW TAB PAGE
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
# POCKET
"extensions.pocket.enabled" = false;
# DOWNLOADS
"browser.download.always_ask_before_handling_new_types" = true;
"browser.download.manager.addToRecentDocs" = false;
# PDF
"browser.download.open_pdf_attachments_inline" = true;
# TAB BEHAVIOR
"browser.bookmarks.openInTabClosesMenu" = false;
"browser.menu.showViewImageInfo" = true;
"findbar.highlightAll" = true;
"layout.word_select.eat_space_to_next_word" = false;
# SECTION: MY OVERRIDES
"browser.startup.homepage" = "https://google.com";
"identity.fxaccounts.enabled" = false;
# SECTION SMOOTHFOX
# OPTION: SHARPEN SCROLLING *
"apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
"mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
"general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
"general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
"general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
};
};
};
}

3
users/brendan/home/gui/firefox/github.svg
View File

@@ -1,3 +0,0 @@
<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M16 0C7.16 0 0 7.16 0 16C0 23.08 4.58 29.06 10.94 31.18C11.74 31.32 12.04 30.84 12.04 30.42C12.04 30.04 12.02 28.78 12.02 27.44C8 28.18 6.96 26.46 6.64 25.56C6.46 25.1 5.68 23.68 5 23.3C4.44 23 3.64 22.26 4.98 22.24C6.24 22.22 7.14 23.4 7.44 23.88C8.88 26.3 11.18 25.62 12.1 25.2C12.24 24.16 12.66 23.46 13.12 23.06C9.56 22.66 5.84 21.28 5.84 15.16C5.84 13.42 6.46 11.98 7.48 10.86C7.32 10.46 6.76 8.82 7.64 6.62C7.64 6.62 8.98 6.2 12.04 8.26C13.32 7.9 14.68 7.72 16.04 7.72C17.4 7.72 18.76 7.9 20.04 8.26C23.1 6.18 24.44 6.62 24.44 6.62C25.32 8.82 24.76 10.46 24.6 10.86C25.62 11.98 26.24 13.4 26.24 15.16C26.24 21.3 22.5 22.66 18.94 23.06C19.52 23.56 20.02 24.52 20.02 26.02C20.02 28.16 20 29.88 20 30.42C20 30.84 20.3 31.34 21.1 31.18C27.42 29.06 32 23.06 32 16C32 7.16 24.84 0 16 0V0Z" fill="white"/>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 957 B

BIN
users/brendan/home/gui/firefox/kagi.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 924 B

84
users/brendan/home/gui/firefox/search_engines.nix
View File

@@ -1,84 +0,0 @@
{ pkgs, ... }:
{
programs.firefox.profiles.richie.search.engines = {
"Nix Options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "type";
value = "packages";
}
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@o" ];
};
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@n" ];
};
"kagi" = {
urls = [
{
template = "https://kagi.com/search?";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
icon = ./kagi.png;
};
github = {
urls = [
{
template = "https://github.com/search?";
params = [
{
name = "q";
value = "{searchTerms}";
}
{
name = "type";
value = "code";
}
];
}
];
icon = ./github.svg;
definedAliases = [ "@g" ];
};
};
}

19
users/brendan/home/gui/vscode/default.nix
View File

@@ -1,19 +0,0 @@
{ config, pkgs, ... }:
let
vscode_dir = "/home/richie/projects/nix-dotfiles/users/richie/home/gui/vscode";
in
{
# mutable symlinks to key binds and settings
xdg.configFile."Code/User/settings.json".source =
config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
xdg.configFile."Code/User/keybindings.json".source =
config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
home.packages = with pkgs; [ nil ];
programs.vscode = {
enable = true;
package = pkgs.vscode;
mutableExtensionsDir = true;
};
}

68
users/brendan/home/gui/vscode/extension_manager.py
View File

@@ -1,68 +0,0 @@
from subprocess import run
def get_installed_extensions():
process = run("code --list-extensions".split(), check=True, capture_output=True)
return set(process.stdout.decode("utf-8").strip().split("\n"))
def main():
print("starting vscode extension manager")
extensions = {
# vscode
"ms-azuretools.vscode-docker",
"ms-vscode-remote.remote-containers",
"ms-vscode-remote.remote-ssh-edit",
"ms-vscode-remote.remote-ssh",
"ms-vscode.hexeditor",
"ms-vscode.remote-explorer",
"ms-vsliveshare.vsliveshare",
"oderwat.indent-rainbow",
"usernamehw.errorlens",
# git
"codezombiech.gitignore",
"eamodio.gitlens",
"gitHub.vscode-github-actions",
# python
"charliermarsh.ruff",
"ms-python.python",
"ms-python.vscode-pylance",
"ms-python.debugpy",
# rust
"rust-lang.rust-analyzer",
# MD
"davidanson.vscode-markdownlint",
"yzhang.markdown-all-in-one",
# configs
"redhat.vscode-yaml",
"tamasfe.even-better-toml",
# shell
"timonwong.shellcheck",
"foxundermoon.shell-format",
# nix
"jnoortheen.nix-ide",
# database
"mtxr.sqltools-driver-pg",
"mtxr.sqltools",
# other
"esbenp.prettier-vscode",
"mechatroner.rainbow-csv",
"streetsidesoftware.code-spell-checker",
"supermaven.supermaven",
}
installed_extensions = get_installed_extensions()
missing_extensions = extensions.difference(installed_extensions)
for extension in missing_extensions:
run(f"code --install-extension {extension} --force".split(), check=True)
if extra_extensions := installed_extensions.difference(extensions):
print(f"Extra extensions installed: {extra_extensions}")
print("vscode extension manager finished")
if __name__ == "__main__":
main()

20
users/brendan/home/gui/vscode/keybindings.json
View File

@@ -1,20 +0,0 @@
[
{
"key": "shift+alt+f",
"command": "editor.action.formatDocument",
"when": "editorHasDocumentFormattingProvider && editorTextFocus && !editorReadonly && !inCompositeEditor"
},
{
"key": "alt+a d",
"command": "cSpell.addWordToWorkspaceSettings"
},
{
"key": "ctrl+shift+`",
"command": "workbench.action.createTerminalEditor"
},
{
"key": "ctrl+shift+`",
"command": "-workbench.action.terminal.new",
"when": "terminalProcessSupported || terminalWebExtensionContributedProfile"
}
]

71
users/brendan/home/gui/vscode/settings.json
View File

@@ -1,71 +0,0 @@
{
// vscode settings
"diffEditor.ignoreTrimWhitespace": false,
"editor.formatOnSave": true,
"editor.minimap.renderCharacters": false,
"editor.minimap.showSlider": "always",
"explorer.confirmDelete": false,
"explorer.confirmDragAndDrop": false,
"explorer.confirmPasteNative": false,
"files.autoSave": "afterDelay",
"git.autofetch": true,
"git.confirmSync": false,
"git.fetchOnPull": true,
"git.pruneOnFetch": true,
"terminal.integrated.scrollback": 10000,
"update.mode": "none",
"workbench.colorTheme": "Default Dark+",
// turns off all sounds and announcements
"accessibility.signals.terminalCommandFailed": {
"sound": "off",
"announcement": "off"
},
"accessibility.signals.terminalQuickFix": {
"sound": "off",
"announcement": "off"
},
"accessibility.signals.terminalBell": {
"sound": "off",
"announcement": "off"
},
// database settings
"sqltools.connections": [
{
"previewLimit": 50,
"server": "192.168.90.40",
"port": 5432,
"askForPassword": true,
"driver": "PostgreSQL",
"name": "main",
"database": "postgres",
"username": "richie"
}
],
// formatters
"[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" },
"[python]": { "editor.defaultFormatter": "charliermarsh.ruff" },
"[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" },
// spell check
"cSpell.enabled": true,
"cSpell.language": "en,en-US",
"cSpell.enableFiletypes": ["bat", "csv", "nix", "toml"],
"cSpell.userWords": ["Cahill", "syncthing"],
// nix
"nix.enableLanguageServer": true,
"nix.serverPath": "nil",
// force the use of rust-analyzer from dev shell
"rust-analyzer.server.path": "rust-analyzer",
"redhat.telemetry.enabled": true,
"gitlens.plusFeatures.enabled": false,
// new
"hediet.vscode-drawio.resizeImages": null
}

16
users/brendan/home/programs.nix
View File

@@ -1,16 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
# python
poetry
python313
ruff
# nix
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixfmt-rfc-style
treefmt
];
}

41
users/brendan/home/ssh_config.nix
View File

@@ -1,41 +0,0 @@
{
programs.ssh = {
enable = true;
matchBlocks = {
jeeves = {
hostname = "192.168.90.40";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 629;
dynamicForwards = [ { port = 9050; } ];
};
unlock-jeeves = {
hostname = "192.168.95.14";
user = "root";
identityFile = "~/.ssh/id_ed25519";
port = 2222;
};
jeevesjr = {
hostname = "192.168.90.35";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 352;
dynamicForwards = [ { port = 9050; } ];
};
bob = {
hostname = "192.168.90.25";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 262;
dynamicForwards = [ { port = 9050; } ];
};
rhapsody-in-green = {
hostname = "192.168.90.221";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 922;
};
};
};
}

10
users/gaming/default.nix
View File

@@ -4,19 +4,13 @@
... ...
}: }:
{ {
sops.secrets.gaming_password = {
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
users = { users = {
users.gaming = { users.gaming = {
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = "${config.sops.secrets.gaming_password.path}";
shell = pkgs.zsh; shell = pkgs.zsh;
group = "gaming"; group = "gaming";
extraGroups = [ extraGroups =
[
"audio" "audio"
"video" "video"
"users" "users"

5
users/gaming/home/firefox.nix
View File

@@ -18,6 +18,8 @@
order = [ "Google" ]; order = [ "Google" ];
}; };
settings = { settings = {
# Makes Firefox use the PlayStation 5 user agent
"general.useragent.override" = "Mozilla/5.0 (PlayStation; PlayStation 5/10.01) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15,gzip(gfe),gzip(gfe)";
# SECTION: FASTFOX # SECTION: FASTFOX
# GENERAL # GENERAL
@@ -137,8 +139,7 @@
"permissions.default.desktop-notification" = 0; # allow websites to ask "permissions.default.desktop-notification" = 0; # allow websites to ask
# PREF: allow websites to ask you for your location # PREF: allow websites to ask you for your location
"permissions.default.geo" = 0; "permissions.default.geo" = 0;
"geo.provider.network.url" = "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"permissions.manager.defaultsUrl" = ""; "permissions.manager.defaultsUrl" = "";
"webchannel.allowObject.urlWhitelist" = ""; "webchannel.allowObject.urlWhitelist" = "";

3
users/gaming/home/global.nix
View File

@@ -13,5 +13,8 @@
username = "gaming"; username = "gaming";
homeDirectory = "/home/${config.home.username}"; homeDirectory = "/home/${config.home.username}";
stateVersion = "24.05"; stateVersion = "24.05";
sessionVariables = {
FLAKE = "$HOME/Projects/dotfiles";
};
}; };
} }

2
users/gaming/home/programs.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
chromium wget
]; ];
} }

0
users/gaming/systems/bob.nix → users/gaming/systems/muninn.nix
View File

22
users/richie/default.nix
View File

@@ -2,26 +2,15 @@
pkgs, pkgs,
config, config,
... ...
}: }: let
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in in {
{ users.users.richie = {
sops.secrets.richie_password = {
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
users = {
users.richie = {
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = "${config.sops.secrets.richie_password.path}";
shell = pkgs.zsh; shell = pkgs.zsh;
group = "richie"; group = "richie";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPtuYhiJHRTYhNaDmTcJOqJASk7D8mIn6u3F1IN5AFJ bob" # cspell:disable-line
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZFsc9CSH03ZUP7y81AHwSyjLwFmcshVFCyxDcYhBT rhapsody-in-green" # cspell:disable-line "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZFsc9CSH03ZUP7y81AHwSyjLwFmcshVFCyxDcYhBT rhapsody-in-green" # cspell:disable-line
]; ];
extraGroups = extraGroups =
@@ -45,7 +34,8 @@ in
uid = 1000; uid = 1000;
}; };
groups.richie.gid = 1000; users.groups.richie = {
gid = 1000;
}; };
home-manager.users.richie = import ./systems/${config.networking.hostName}.nix; home-manager.users.richie = import ./systems/${config.networking.hostName}.nix;

5
users/richie/home/cli/git.nix
View File

@@ -3,10 +3,5 @@
enable = true; enable = true;
userEmail = "Richie@tmmworkshop.com"; userEmail = "Richie@tmmworkshop.com";
userName = "Richie Cahill"; userName = "Richie Cahill";
extraConfig = {
pull.rebase = true;
color.ui = true;
};
lfs.enable = true;
}; };
} }

7
users/richie/home/cli/zsh.nix
View File

@@ -18,14 +18,17 @@
]; ];
}; };
shellAliases = { shellAliases = {
"sgc" = "sudo git -C /root/dotfiles";
## Utilities
"lrt" = "eza --icons -lsnew"; "lrt" = "eza --icons -lsnew";
"ls" = "eza"; "ls" = "eza";
"ll" = "eza --long --group"; "ll" = "eza --long --group";
"la" = "eza --all"; "la" = "eza --all";
"rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'"; "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
"rebuild" = "sudo nixos-rebuild switch --flake /home/richie/dotfiles#$HOST"; "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/projects/dotfiles#$HOST";
"nix-test" = "nixos-rebuild test --flake /home/richie/dotfiles"; "nix-test" = "nixos-rebuild test --flake /home/richie/projects/dotfiles";
}; };
}; };
} }

2
users/richie/home/global.nix
View File

@@ -16,7 +16,7 @@
homeDirectory = "/home/${config.home.username}"; homeDirectory = "/home/${config.home.username}";
stateVersion = "24.05"; stateVersion = "24.05";
sessionVariables = { sessionVariables = {
FLAKE = "$HOME/dotfiles"; FLAKE = "$HOME/Projects/dotfiles";
}; };
}; };
} }

1
users/richie/home/gui/default.nix
View File

@@ -8,7 +8,6 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
candy-icons candy-icons
chromium
discord-canary discord-canary
gimp gimp
gparted gparted

9
users/richie/home/gui/firefox/default.nix
View File

@@ -17,11 +17,7 @@
search = { search = {
force = true; force = true;
default = "kagi"; default = "kagi";
order = [ order = [ "kagi" "DuckDuckGo" "Google" ];
"kagi"
"DuckDuckGo"
"Google"
];
}; };
settings = { settings = {
# SECTION: FASTFOX # SECTION: FASTFOX
@@ -142,8 +138,7 @@
"permissions.default.desktop-notification" = 0; # allow websites to ask "permissions.default.desktop-notification" = 0; # allow websites to ask
# PREF: allow websites to ask you for your location # PREF: allow websites to ask you for your location
"permissions.default.geo" = 0; "permissions.default.geo" = 0;
"geo.provider.network.url" = "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"permissions.manager.defaultsUrl" = ""; "permissions.manager.defaultsUrl" = "";
"webchannel.allowObject.urlWhitelist" = ""; "webchannel.allowObject.urlWhitelist" = "";

3
users/richie/home/gui/kitty.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
programs.kitty = { programs.kitty = {
enable = true; enable = true;
font.name = "IntoneMono Nerd Font"; font.name = "IntoneMono Nerd Font";

6
users/richie/home/gui/vscode/default.nix
View File

@@ -4,10 +4,8 @@ let
in in
{ {
# mutable symlinks to key binds and settings # mutable symlinks to key binds and settings
xdg.configFile."Code/User/settings.json".source = xdg.configFile."Code/User/settings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json"; xdg.configFile."Code/User/keybindings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
xdg.configFile."Code/User/keybindings.json".source =
config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
home.packages = with pkgs; [ nil ]; home.packages = with pkgs; [ nil ];

14
users/richie/home/gui/vscode/settings.json
View File

@@ -30,20 +30,6 @@
"announcement": "off" "announcement": "off"
}, },
// database settings
"sqltools.connections": [
{
"previewLimit": 50,
"server": "192.168.90.40",
"port": 5432,
"askForPassword": true,
"driver": "PostgreSQL",
"name": "main",
"database": "postgres",
"username": "richie"
}
],
// formatters // formatters
"[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },

3
users/richie/home/programs.nix
View File

@@ -50,8 +50,7 @@
nix-output-monitor nix-output-monitor
nix-prefetch nix-prefetch
nix-tree nix-tree
nixfmt-rfc-style nixpkgs-fmt
treefmt
inputs.system_tools.packages.x86_64-linux.default inputs.system_tools.packages.x86_64-linux.default
]; ];
} }

Some files were not shown because too many files have changed in this diff Show More