Nix configurations for my homelab
Switch to nixfmt
author
yemou
date
(Feb 28, 2025, 10:52 PM -0500)
commit
62d7ae6c
62d7ae6cf4e900ec4ba1075b9495a9f22445214e
parent
7d8ca924
7d8ca92454798c56b0ccef71a7ee8a45b9cd970d
+657
-300
+2
-1
dandelion/config.nix
+2
-1
dandelion/config.nix
+31
-8
dandelion/hardware.nix
+31
-8
dandelion/hardware.nix
···
1
-
{ lib, modulesPath, ... }: {
1
+
{ lib, modulesPath, ... }:
2
+
{
2
3
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
3
4
4
5
boot = {
5
6
initrd = {
6
-
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
7
+
availableKernelModules = [
8
+
"ahci"
9
+
"xhci_pci"
10
+
"virtio_pci"
11
+
"virtio_scsi"
12
+
"sd_mod"
13
+
"sr_mod"
14
+
];
7
15
kernelModules = [ ];
8
16
};
9
17
kernelModules = [ ];
···
25
33
"/" = {
26
34
device = "none";
27
35
fsType = "tmpfs";
28
-
options = [ "defaults" "mode=755" ];
36
+
options = [
37
+
"defaults"
38
+
"mode=755"
39
+
];
29
40
};
30
41
"/nix" = {
31
42
device = "/dev/disk/by-uuid/1b032448-bc11-4d13-9f5b-c6e980288325";
32
43
fsType = "btrfs";
33
-
options = [ "subvol=@nixos/nix" "compress=zstd" ];
44
+
options = [
45
+
"subvol=@nixos/nix"
46
+
"compress=zstd"
47
+
];
34
48
};
35
49
"/config" = {
36
50
device = "/dev/disk/by-uuid/1b032448-bc11-4d13-9f5b-c6e980288325";
37
51
fsType = "btrfs";
38
-
options = [ "subvol=@nixos/config" "compress=zstd" ];
52
+
options = [
53
+
"subvol=@nixos/config"
54
+
"compress=zstd"
55
+
];
39
56
};
40
57
"/data" = {
41
58
device = "/dev/disk/by-uuid/1b032448-bc11-4d13-9f5b-c6e980288325";
42
59
fsType = "btrfs";
43
-
options = [ "subvol=@nixos/data" "compress=zstd" ];
60
+
options = [
61
+
"subvol=@nixos/data"
62
+
"compress=zstd"
63
+
];
44
64
neededForBoot = true;
45
65
};
46
66
"/home/mou" = {
47
67
device = "/dev/disk/by-uuid/1b032448-bc11-4d13-9f5b-c6e980288325";
48
68
fsType = "btrfs";
49
-
options = [ "subvol=@home/mou" "compress=zstd" ];
69
+
options = [
70
+
"subvol=@home/mou"
71
+
"compress=zstd"
72
+
];
50
73
};
51
74
"/boot" = {
52
75
device = "/dev/disk/by-uuid/5cde8da8-fe2c-4177-90b3-000c32874610";
···
65
88
matchConfig.Name = "enp1s0";
66
89
networkConfig.DHCP = "ipv4";
67
90
address = [ "2a01:4ff:f0:41c7::1/64" ];
68
-
routes = [{ Gateway = "fe80::1"; }];
91
+
routes = [ { Gateway = "fe80::1"; } ];
69
92
};
70
93
};
71
94
+2
-1
dandelion/home.nix
+2
-1
dandelion/home.nix
+2
-1
dandelion/packages.nix
+2
-1
dandelion/packages.nix
+10
-7
dandelion/services/caddy.nix
+10
-7
dandelion/services/caddy.nix
···
28
28
esac
29
29
'';
30
30
};
31
-
cpCertsCommand = "${cpCerts}/bin/cpCerts {event.data.identifier} {event.data.certificate_path} "
31
+
cpCertsCommand =
32
+
"${cpCerts}/bin/cpCerts {event.data.identifier} {event.data.certificate_path} "
32
33
+ "{event.data.private_key_path}";
33
34
in
34
35
{
35
-
environment.persistence."/data/persistent".directories = [{
36
-
directory = "/var/www/org.butwho";
37
-
user = "mou";
38
-
group = "caddy";
39
-
mode = "0750";
40
-
}];
36
+
environment.persistence."/data/persistent".directories = [
37
+
{
38
+
directory = "/var/www/org.butwho";
39
+
user = "mou";
40
+
group = "caddy";
41
+
mode = "0750";
42
+
}
43
+
];
41
44
42
45
services.caddy = {
43
46
package = pkgs.caddy.withPlugins {
+6
-6
flake.lock
+6
-6
flake.lock
···
61
61
]
62
62
},
63
63
"locked": {
64
-
"lastModified": 1740699498,
65
-
"narHash": "sha256-r9hkKzX99CGiP1ZqH0e+SWKK4CMsRNRLyotuwrUjhTI=",
64
+
"lastModified": 1740796616,
65
+
"narHash": "sha256-JU97wIfRxeFN6rpTsUVCwWAdix+Wka4Or23907YIrFI=",
66
66
"owner": "nix-community",
67
67
"repo": "home-manager",
68
-
"rev": "b71edac7a3167026aabea82a54d08b1794088c21",
68
+
"rev": "f0b5e7e8a75abdea32bbff09ddd7b6eeb4b9b445",
69
69
"type": "github"
70
70
},
71
71
"original": {
···
145
145
"rust-overlay": "rust-overlay"
146
146
},
147
147
"locked": {
148
-
"lastModified": 1740781412,
149
-
"narHash": "sha256-lGrIdImgTyb4YLXCQ7SmUplbC4A04PrgvoA6vguxovs=",
148
+
"lastModified": 1740797373,
149
+
"narHash": "sha256-yx91jMqBvaBNKiintUmi2oKN/D8e032UzQ7xLMYyt2k=",
150
150
"owner": "roc-lang",
151
151
"repo": "roc",
152
-
"rev": "391dfb402b0ad49890ef04a5659f2f3127e0e067",
152
+
"rev": "1675a752debb253ebaa507fee50d23bd2f735aa5",
153
153
"type": "github"
154
154
},
155
155
"original": {
+23
-5
flake.nix
+23
-5
flake.nix
···
24
24
# nix-affine.url = "path:/data/local-flakes/nix-affine";
25
25
};
26
26
27
-
outputs = { self, nixpkgs, impermanence, sops-nix, home-manager, ... }@inputs:
28
-
let genSystemConfigs = nixpkgs.lib.genAttrs [ "dandelion" "fly-agaric" "lily" "lutea" ]; in {
29
-
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
30
-
nixosConfigurations = genSystemConfigs (hostname:
27
+
outputs =
28
+
{
29
+
self,
30
+
nixpkgs,
31
+
impermanence,
32
+
sops-nix,
33
+
home-manager,
34
+
...
35
+
}@inputs:
36
+
let
37
+
genSystemConfigs = nixpkgs.lib.genAttrs [
38
+
"dandelion"
39
+
"fly-agaric"
40
+
"lily"
41
+
"lutea"
42
+
];
43
+
in
44
+
{
45
+
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
46
+
nixosConfigurations = genSystemConfigs (
47
+
hostname:
31
48
nixpkgs.lib.nixosSystem {
32
49
specialArgs = inputs;
33
50
modules = [
···
44
61
};
45
62
}
46
63
];
47
-
});
64
+
}
65
+
);
48
66
};
49
67
}
+2
-1
fly-agaric/config.nix
+2
-1
fly-agaric/config.nix
+31
-8
fly-agaric/hardware.nix
+31
-8
fly-agaric/hardware.nix
···
1
-
{ lib, modulesPath, ... }: {
1
+
{ lib, modulesPath, ... }:
2
+
{
2
3
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
3
4
4
5
boot = {
5
6
initrd = {
6
-
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
7
+
availableKernelModules = [
8
+
"ahci"
9
+
"xhci_pci"
10
+
"virtio_pci"
11
+
"virtio_scsi"
12
+
"sd_mod"
13
+
"sr_mod"
14
+
];
7
15
kernelModules = [ ];
8
16
};
9
17
kernelModules = [ ];
···
25
33
"/" = {
26
34
device = "none";
27
35
fsType = "tmpfs";
28
-
options = [ "defaults" "mode=755" ];
36
+
options = [
37
+
"defaults"
38
+
"mode=755"
39
+
];
29
40
};
30
41
"/nix" = {
31
42
device = "/dev/disk/by-uuid/e224cad1-1ea2-435b-b914-b16eb400cd36";
32
43
fsType = "btrfs";
33
-
options = [ "subvol=@nixos/nix" "compress=zstd" ];
44
+
options = [
45
+
"subvol=@nixos/nix"
46
+
"compress=zstd"
47
+
];
34
48
};
35
49
"/config" = {
36
50
device = "/dev/disk/by-uuid/e224cad1-1ea2-435b-b914-b16eb400cd36";
37
51
fsType = "btrfs";
38
-
options = [ "subvol=@nixos/config" "compress=zstd" ];
52
+
options = [
53
+
"subvol=@nixos/config"
54
+
"compress=zstd"
55
+
];
39
56
};
40
57
"/data" = {
41
58
device = "/dev/disk/by-uuid/e224cad1-1ea2-435b-b914-b16eb400cd36";
42
59
fsType = "btrfs";
43
-
options = [ "subvol=@nixos/data" "compress=zstd" ];
60
+
options = [
61
+
"subvol=@nixos/data"
62
+
"compress=zstd"
63
+
];
44
64
neededForBoot = true;
45
65
};
46
66
"/home/mou" = {
47
67
device = "/dev/disk/by-uuid/e224cad1-1ea2-435b-b914-b16eb400cd36";
48
68
fsType = "btrfs";
49
-
options = [ "subvol=@home/mou" "compress=zstd" ];
69
+
options = [
70
+
"subvol=@home/mou"
71
+
"compress=zstd"
72
+
];
50
73
};
51
74
"/boot" = {
52
75
device = "/dev/disk/by-uuid/00e4dfc3-8bf9-4075-92fa-3da33ef09704";
···
65
88
matchConfig.Name = "enp1s0";
66
89
networkConfig.DHCP = "ipv4";
67
90
address = [ "2a01:4ff:f0:348a::1/64" ];
68
-
routes = [{ Gateway = "fe80::1"; }];
91
+
routes = [ { Gateway = "fe80::1"; } ];
69
92
};
70
93
};
71
94
+2
-1
fly-agaric/home.nix
+2
-1
fly-agaric/home.nix
+2
-1
fly-agaric/packages.nix
+2
-1
fly-agaric/packages.nix
+12
-7
lily/config.nix
+12
-7
lily/config.nix
···
1
-
{ ... }: {
1
+
{ ... }:
2
+
{
2
3
imports = [
3
4
./hardware.nix
4
5
./packages.nix
···
24
25
];
25
26
26
27
# TODO: Make the hidden.json public across all hosts to share more info
27
-
mInfo = let hidden = builtins.fromJSON (builtins.readFile ./hidden.json); in {
28
-
ipv4 = "192.168.1.92";
29
-
ipv6 = hidden.ipv6;
30
-
nb-ipv4 = "100.77.30.206";
31
-
server = true;
32
-
};
28
+
mInfo =
29
+
let
30
+
hidden = builtins.fromJSON (builtins.readFile ./hidden.json);
31
+
in
32
+
{
33
+
ipv4 = "192.168.1.92";
34
+
ipv6 = hidden.ipv6;
35
+
nb-ipv4 = "100.77.30.206";
36
+
server = true;
37
+
};
33
38
34
39
sops = {
35
40
defaultSopsFile = ../secrets/lily.yaml;
+38
-8
lily/hardware.nix
+38
-8
lily/hardware.nix
···
1
-
{ lib, modulesPath, ... }: {
1
+
{ lib, modulesPath, ... }:
2
+
{
2
3
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
3
4
4
5
boot = {
5
6
initrd = {
6
-
availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
7
+
availableKernelModules = [
8
+
"xhci_pci"
9
+
"ahci"
10
+
"usbhid"
11
+
"usb_storage"
12
+
"sd_mod"
13
+
];
7
14
kernelModules = [ ];
8
15
};
9
16
kernelModules = [ "kvm-intel" ];
···
25
32
"/" = {
26
33
device = "none";
27
34
fsType = "tmpfs";
28
-
options = [ "defaults" "mode=755" ];
35
+
options = [
36
+
"defaults"
37
+
"mode=755"
38
+
];
29
39
};
30
40
"/nix" = {
31
41
device = "/dev/disk/by-uuid/f31dac70-545a-41bc-97da-39fabafb2b3b";
32
42
fsType = "btrfs";
33
-
options = [ "subvol=@nixos/nix" "compress=zstd" "discard=async" ];
43
+
options = [
44
+
"subvol=@nixos/nix"
45
+
"compress=zstd"
46
+
"discard=async"
47
+
];
34
48
};
35
49
"/config" = {
36
50
device = "/dev/disk/by-uuid/f31dac70-545a-41bc-97da-39fabafb2b3b";
37
51
fsType = "btrfs";
38
-
options = [ "subvol=@nixos/config" "compress=zstd" "discard=async" ];
52
+
options = [
53
+
"subvol=@nixos/config"
54
+
"compress=zstd"
55
+
"discard=async"
56
+
];
39
57
};
40
58
"/data" = {
41
59
device = "/dev/disk/by-uuid/f31dac70-545a-41bc-97da-39fabafb2b3b";
42
60
fsType = "btrfs";
43
-
options = [ "subvol=@nixos/data" "compress=zstd" "discard=async" ];
61
+
options = [
62
+
"subvol=@nixos/data"
63
+
"compress=zstd"
64
+
"discard=async"
65
+
];
44
66
neededForBoot = true;
45
67
};
46
68
"/home/mou" = {
47
69
device = "/dev/disk/by-uuid/f31dac70-545a-41bc-97da-39fabafb2b3b";
48
70
fsType = "btrfs";
49
-
options = [ "subvol=@home/mou" "compress=zstd" "discard=async" ];
71
+
options = [
72
+
"subvol=@home/mou"
73
+
"compress=zstd"
74
+
"discard=async"
75
+
];
50
76
};
51
77
"/boot" = {
52
78
device = "/dev/disk/by-uuid/AA21-D01C";
53
79
fsType = "vfat";
54
-
options = [ "fmask=0077" "dmask=0077" "defaults" ];
80
+
options = [
81
+
"fmask=0077"
82
+
"dmask=0077"
83
+
"defaults"
84
+
];
55
85
};
56
86
};
57
87
+2
-1
lily/home.nix
+2
-1
lily/home.nix
+2
-1
lily/packages.nix
+2
-1
lily/packages.nix
+2
-1
lily/services/fail2ban.nix
+2
-1
lily/services/fail2ban.nix
+2
-1
lutea/config.nix
+2
-1
lutea/config.nix
+15
-2
lutea/hardware.nix
+15
-2
lutea/hardware.nix
···
1
-
{ lib, pkgs, modulesPath, ... }: {
1
+
{
2
+
lib,
3
+
pkgs,
4
+
modulesPath,
5
+
...
6
+
}:
7
+
{
2
8
imports = [
3
9
(modulesPath + "/installer/scan/not-detected.nix")
4
10
../modules/mounts.nix
···
6
12
7
13
boot = {
8
14
initrd = {
9
-
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
15
+
availableKernelModules = [
16
+
"xhci_pci"
17
+
"ahci"
18
+
"nvme"
19
+
"usbhid"
20
+
"usb_storage"
21
+
"sd_mod"
22
+
];
10
23
kernelModules = [ ];
11
24
};
12
25
kernel.sysctl."vm.max_map_count" = 2147483642;
+2
-1
lutea/home.nix
+2
-1
lutea/home.nix
+2
-1
lutea/packages.nix
+2
-1
lutea/packages.nix
+2
-1
modules/audio.nix
+2
-1
modules/audio.nix
+21
-4
modules/basic.nix
+21
-4
modules/basic.nix
···
1
-
{ config, pkgs, yemou-scripts, ... }: {
1
+
{
2
+
config,
3
+
pkgs,
4
+
yemou-scripts,
5
+
...
6
+
}:
7
+
{
2
8
nixpkgs.overlays = [ yemou-scripts.overlays.default ];
3
9
4
10
sops.secrets = {
···
21
27
"/var/log"
22
28
"/var/lib/nixos"
23
29
"/var/lib/systemd/coredump"
24
-
{ directory = "/var/lib/private"; mode = "0700"; }
30
+
{
31
+
directory = "/var/lib/private";
32
+
mode = "0700";
33
+
}
25
34
];
26
35
};
27
36
sessionVariables = {
···
54
63
systemd.network.enable = true;
55
64
networking = {
56
65
useNetworkd = true;
57
-
nameservers = [ "9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9" ];
66
+
nameservers = [
67
+
"9.9.9.9"
68
+
"149.112.112.112"
69
+
"2620:fe::fe"
70
+
"2620:fe::9"
71
+
];
58
72
};
59
73
60
74
users = {
···
64
78
mou = {
65
79
isNormalUser = true;
66
80
group = "mou";
67
-
extraGroups = [ "users" "wheel" ];
81
+
extraGroups = [
82
+
"users"
83
+
"wheel"
84
+
];
68
85
shell = pkgs.loksh;
69
86
hashedPasswordFile = config.sops.secrets."passwordHashes/mou".path;
70
87
};
+2
-1
modules/binary-cache.nix
+2
-1
modules/binary-cache.nix
+2
-1
modules/browsers.nix
+2
-1
modules/browsers.nix
+3
-2
modules/cloud-storage.nix
+3
-2
modules/cloud-storage.nix
+2
-1
modules/creation.nix
+2
-1
modules/creation.nix
+7
-2
modules/development/c.nix
+7
-2
modules/development/c.nix
+2
-2
modules/development/default.nix
+2
-2
modules/development/default.nix
+2
-1
modules/development/go.nix
+2
-1
modules/development/go.nix
+6
-2
modules/development/nix.nix
+6
-2
modules/development/nix.nix
+2
-1
modules/development/python.nix
+2
-1
modules/development/python.nix
+6
-2
modules/development/roc.nix
+6
-2
modules/development/roc.nix
···
1
-
{ pkgs, roc-lang, ... }: {
1
+
{ pkgs, roc-lang, ... }:
2
+
{
2
3
nixpkgs.overlays = [
3
4
(final: prev: {
4
5
roc = roc-lang.packages.${prev.system}.default;
···
6
7
})
7
8
];
8
9
9
-
users.users.mou.packages = with pkgs; [ roc roc-lang-server ];
10
+
users.users.mou.packages = with pkgs; [
11
+
roc
12
+
roc-lang-server
13
+
];
10
14
}
+2
-1
modules/development/sh.nix
+2
-1
modules/development/sh.nix
+2
-2
modules/development/sqlite.nix
+2
-2
modules/development/sqlite.nix
+2
-1
modules/development/typst.nix
+2
-1
modules/development/typst.nix
+2
-1
modules/development/zig.nix
+2
-1
modules/development/zig.nix
+6
-2
modules/dotfiles.nix
+6
-2
modules/dotfiles.nix
···
1
-
{ yemou-dotfiles, ... }: {
1
+
{ yemou-dotfiles, ... }:
2
+
{
2
3
home.file.".ssh/allowed_signers".source = "${yemou-dotfiles}/ssh/allowed_signers";
3
4
xdg.configFile = {
4
5
"git".source = "${yemou-dotfiles}/config/git";
5
-
"kak" = { recursive = true; source = "${yemou-dotfiles}/config/kak"; };
6
+
"kak" = {
7
+
recursive = true;
8
+
source = "${yemou-dotfiles}/config/kak";
9
+
};
6
10
"loksh".source = "${yemou-dotfiles}/config/loksh";
7
11
"thm".source = "${yemou-dotfiles}/config/thm";
8
12
};
+16
-13
modules/editor.nix
+16
-13
modules/editor.nix
···
1
-
{ pkgs, ... }: {
1
+
{ pkgs, ... }:
2
+
{
2
3
nixpkgs.overlays = [
3
4
(final: prev: {
4
-
kakoune-unwrapped = prev.kakoune-unwrapped.overrideAttrs (finalAttrs: prevAttrs: {
5
-
patches = (prevAttrs.patches or [ ]) ++ [
6
-
(pkgs.fetchpatch {
7
-
url = "https://patch-diff.githubusercontent.com/raw/mawww/kakoune/pull/5183.patch";
8
-
hash = "sha256-XEU9pJybAuVuh+/euL6UY+65reXeUUbI2vvI/4Ao9ug=";
9
-
})
10
-
(pkgs.fetchpatch {
11
-
url = "https://github.com/yemouu/kakoune/commit/15d4f7585fdac03e460e59b0508aecd636bd2660.patch";
12
-
hash = "sha256-v7JvtEQ/XrXnFx77kseP2LPJv93GGywP/N4wVyISu8g=";
13
-
})
14
-
];
15
-
});
5
+
kakoune-unwrapped = prev.kakoune-unwrapped.overrideAttrs (
6
+
finalAttrs: prevAttrs: {
7
+
patches = (prevAttrs.patches or [ ]) ++ [
8
+
(pkgs.fetchpatch {
9
+
url = "https://patch-diff.githubusercontent.com/raw/mawww/kakoune/pull/5183.patch";
10
+
hash = "sha256-XEU9pJybAuVuh+/euL6UY+65reXeUUbI2vvI/4Ao9ug=";
11
+
})
12
+
(pkgs.fetchpatch {
13
+
url = "https://github.com/yemouu/kakoune/commit/15d4f7585fdac03e460e59b0508aecd636bd2660.patch";
14
+
hash = "sha256-v7JvtEQ/XrXnFx77kseP2LPJv93GGywP/N4wVyISu8g=";
15
+
})
16
+
];
17
+
}
18
+
);
16
19
})
17
20
];
18
21
+5
-2
modules/email.nix
+5
-2
modules/email.nix
···
1
-
{ pkgs, ... }: {
1
+
{ pkgs, ... }:
2
+
{
2
3
3
4
nixpkgs.overlays = [
4
-
(final: prev: { sieve-editor-gui = prev.sieve-editor-gui.override { electron = final.electron-bin; }; })
5
+
(final: prev: {
6
+
sieve-editor-gui = prev.sieve-editor-gui.override { electron = final.electron-bin; };
7
+
})
5
8
];
6
9
7
10
users.users.mou.packages = with pkgs; [
+2
-1
modules/fail2ban.nix
+2
-1
modules/fail2ban.nix
+2
-1
modules/flatpak.nix
+2
-1
modules/flatpak.nix
+2
-1
modules/fonts.nix
+2
-1
modules/fonts.nix
+2
-1
modules/fwupd.nix
+2
-1
modules/fwupd.nix
+65
-55
modules/games.nix
+65
-55
modules/games.nix
···
1
-
{ lib, pkgs, ... }: {
1
+
{ lib, pkgs, ... }:
2
+
{
2
3
imports = [ ./unfree.nix ];
3
4
unfree.allowed = [
4
5
"modrinth-app"
···
11
12
12
13
nixpkgs.overlays = [
13
14
(final: prev: {
14
-
extest = prev.extest.overrideAttrs (finalAttrs: prevAttrs: {
15
-
version = "1.0.3";
15
+
extest = prev.extest.overrideAttrs (
16
+
finalAttrs: prevAttrs: {
17
+
version = "1.0.3";
16
18
17
-
src = prev.fetchFromGitHub {
18
-
owner = "Supreeeme";
19
-
repo = "extest";
20
-
rev = "1a419a1691c6accaafef6cfc962a06712d4658e9";
21
-
hash = "sha256-q0BqvdIdcUARGmaPOnzPVLtcWFHJeZ9t2jcfYxS0KTk=";
22
-
};
19
+
src = prev.fetchFromGitHub {
20
+
owner = "Supreeeme";
21
+
repo = "extest";
22
+
rev = "1a419a1691c6accaafef6cfc962a06712d4658e9";
23
+
hash = "sha256-q0BqvdIdcUARGmaPOnzPVLtcWFHJeZ9t2jcfYxS0KTk=";
24
+
};
23
25
24
-
cargoDeps = prev.rustPlatform.fetchCargoVendor {
25
-
src = finalAttrs.src;
26
-
hash = "sha256-J9HuZwZ3UYyW2unFxBeap80yPCvdVGQ7pfsdI9qU3QE=";
27
-
};
28
-
});
26
+
cargoDeps = prev.rustPlatform.fetchCargoVendor {
27
+
src = finalAttrs.src;
28
+
hash = "sha256-J9HuZwZ3UYyW2unFxBeap80yPCvdVGQ7pfsdI9qU3QE=";
29
+
};
30
+
}
31
+
);
29
32
30
-
mesa = prev.mesa.overrideAttrs (finalAttrs: prevAttrs: {
31
-
git-hash = "7276191d5944b4c3d5a272a4a07274933fac4346";
32
-
version = "25.0.0-${finalAttrs.git-hash}";
33
+
mesa = prev.mesa.overrideAttrs (
34
+
finalAttrs: prevAttrs: {
35
+
git-hash = "7276191d5944b4c3d5a272a4a07274933fac4346";
36
+
version = "25.0.0-${finalAttrs.git-hash}";
33
37
34
-
src = prev.fetchFromGitLab {
35
-
domain = "gitlab.freedesktop.org";
36
-
owner = "mesa";
37
-
repo = "mesa";
38
-
rev = "${finalAttrs.git-hash}";
39
-
hash = "sha256-y9bktQUXEf8VCrQPYcMsD5/1bC5sgK0vhRQJkc1DfE0=";
40
-
};
38
+
src = prev.fetchFromGitLab {
39
+
domain = "gitlab.freedesktop.org";
40
+
owner = "mesa";
41
+
repo = "mesa";
42
+
rev = "${finalAttrs.git-hash}";
43
+
hash = "sha256-y9bktQUXEf8VCrQPYcMsD5/1bC5sgK0vhRQJkc1DfE0=";
44
+
};
41
45
42
-
# patches = lib.lists.take 1 prevAttrs.patches;
43
-
patches = [ ./packages/mesa/opencl.patch ];
44
-
mesonFlags = lib.lists.remove (lib.mesonBool "opencl-spirv" true) prevAttrs.mesonFlags;
45
-
});
46
+
# patches = lib.lists.take 1 prevAttrs.patches;
47
+
patches = [ ./packages/mesa/opencl.patch ];
48
+
mesonFlags = lib.lists.remove (lib.mesonBool "opencl-spirv" true) prevAttrs.mesonFlags;
49
+
}
50
+
);
46
51
47
52
r2modman = prev.r2modman.override { electron = prev.electron-bin; };
48
53
···
55
60
in
56
61
(prev.rpcs3.override {
57
62
llvm_16 = prev.llvm_18;
58
-
pugixml = prev.pugixml.overrideAttrs (finalAttrs: prevAttrs: {
59
-
version = "1.15";
60
-
src = prev.fetchFromGitHub {
61
-
owner = "zeux";
62
-
repo = "pugixml";
63
-
rev = "v${finalAttrs.version}";
64
-
sha256 = "sha256-t/57lg32KgKPc7qRGQtO/GOwHRqoj78lllSaE/A8Z9Q=";
65
-
};
66
-
});
67
-
}).overrideAttrs (finalAttrs: prevAttrs: {
68
-
version = rpcs3Version;
63
+
pugixml = prev.pugixml.overrideAttrs (
64
+
finalAttrs: prevAttrs: {
65
+
version = "1.15";
66
+
src = prev.fetchFromGitHub {
67
+
owner = "zeux";
68
+
repo = "pugixml";
69
+
rev = "v${finalAttrs.version}";
70
+
sha256 = "sha256-t/57lg32KgKPc7qRGQtO/GOwHRqoj78lllSaE/A8Z9Q=";
71
+
};
72
+
}
73
+
);
74
+
}).overrideAttrs
75
+
(
76
+
finalAttrs: prevAttrs: {
77
+
version = rpcs3Version;
69
78
70
-
src = prev.fetchFromGitHub {
71
-
owner = "RPCS3";
72
-
repo = "rpcs3";
73
-
rev = rpcs3Revision;
74
-
fetchSubmodules = true;
75
-
hash = rpcs3Hash;
76
-
};
79
+
src = prev.fetchFromGitHub {
80
+
owner = "RPCS3";
81
+
repo = "rpcs3";
82
+
rev = rpcs3Revision;
83
+
fetchSubmodules = true;
84
+
hash = rpcs3Hash;
85
+
};
77
86
78
-
preConfigure = ''
79
-
cat > ./rpcs3/git-version.h <<EOF
80
-
#define RPCS3_GIT_VERSION "${rpcs3GitVersion}"
81
-
#define RPCS3_GIT_FULL_BRANCH "RPCS3/rpcs3/master"
82
-
#define RPCS3_GIT_BRANCH "HEAD"
83
-
#define RPCS3_GIT_VERSION_NO_UPDATE 1
84
-
EOF
85
-
'';
86
-
});
87
+
preConfigure = ''
88
+
cat > ./rpcs3/git-version.h <<EOF
89
+
#define RPCS3_GIT_VERSION "${rpcs3GitVersion}"
90
+
#define RPCS3_GIT_FULL_BRANCH "RPCS3/rpcs3/master"
91
+
#define RPCS3_GIT_BRANCH "HEAD"
92
+
#define RPCS3_GIT_VERSION_NO_UPDATE 1
93
+
EOF
94
+
'';
95
+
}
96
+
);
87
97
})
88
98
];
89
99
+31
-17
modules/gui.nix
+31
-17
modules/gui.nix
···
1
-
{ lib, pkgs, yemou-scripts, ... }: {
1
+
{
2
+
lib,
3
+
pkgs,
4
+
yemou-scripts,
5
+
...
6
+
}:
7
+
{
2
8
nixpkgs.overlays = [
3
9
yemou-scripts.overlays.default
4
10
(final: prev: {
5
-
nautilus = prev.nautilus.overrideAttrs (finalAttrs: prevAttrs: {
6
-
postInstall = (prevAttrs.postInstall or "") + ''
7
-
mkdir -p $out/share/xdg-desktop-portal/portals
8
-
cat > $out/share/xdg-desktop-portal/portals/nautilus.portal <<EOF
9
-
[portal]
10
-
DBusName=org.gnome.Nautilus
11
-
Interfaces=org.freedesktop.impl.portal.FileChooser
12
-
EOF
13
-
'';
14
-
});
11
+
nautilus = prev.nautilus.overrideAttrs (
12
+
finalAttrs: prevAttrs: {
13
+
postInstall =
14
+
(prevAttrs.postInstall or "")
15
+
+ ''
16
+
mkdir -p $out/share/xdg-desktop-portal/portals
17
+
cat > $out/share/xdg-desktop-portal/portals/nautilus.portal <<EOF
18
+
[portal]
19
+
DBusName=org.gnome.Nautilus
20
+
Interfaces=org.freedesktop.impl.portal.FileChooser
21
+
EOF
22
+
'';
23
+
}
24
+
);
15
25
})
16
26
];
17
27
···
56
66
dconf.enable = true;
57
67
river = {
58
68
enable = true;
59
-
package = pkgs.river.overrideAttrs (final: prev: {
60
-
postInstall = ''
61
-
echo 'DesktopNames=river;wlroots' >> contrib/river.desktop
62
-
'' + prev.postInstall;
63
-
});
69
+
package = pkgs.river.overrideAttrs (
70
+
final: prev: {
71
+
postInstall =
72
+
''
73
+
echo 'DesktopNames=river;wlroots' >> contrib/river.desktop
74
+
''
75
+
+ prev.postInstall;
76
+
}
77
+
);
64
78
# TODO: Move organize these some how
65
79
extraPackages = with pkgs; [
66
80
bemenu
···
100
114
};
101
115
102
116
# System-wide packages
103
-
environment. systemPackages = with pkgs; [ adwaita-icon-theme ];
117
+
environment.systemPackages = with pkgs; [ adwaita-icon-theme ];
104
118
105
119
# Per-user packages
106
120
users.users.mou.packages = with pkgs; [
+2
-1
modules/hardware-keys.nix
+2
-1
modules/hardware-keys.nix
+45
-9
modules/home-mounts.nix
+45
-9
modules/home-mounts.nix
···
10
10
"/home/mou/aud" = {
11
11
device = disk;
12
12
fsType = "btrfs";
13
-
options = [ "subvol=@home/mou/aud" "compress=zstd" "discard=async" ];
13
+
options = [
14
+
"subvol=@home/mou/aud"
15
+
"compress=zstd"
16
+
"discard=async"
17
+
];
14
18
};
15
19
"/home/mou/.cache" = {
16
20
device = disk;
17
21
fsType = "btrfs";
18
-
options = [ "subvol=@home/mou/cache" "compress=zstd" "discard=async" ];
22
+
options = [
23
+
"subvol=@home/mou/cache"
24
+
"compress=zstd"
25
+
"discard=async"
26
+
];
19
27
};
20
28
"/home/mou/.config" = {
21
29
device = disk;
22
30
fsType = "btrfs";
23
-
options = [ "subvol=@home/mou/config" "compress=zstd" "discard=async" ];
31
+
options = [
32
+
"subvol=@home/mou/config"
33
+
"compress=zstd"
34
+
"discard=async"
35
+
];
24
36
};
25
37
"/home/mou/dls" = {
26
38
device = disk;
27
39
fsType = "btrfs";
28
-
options = [ "subvol=@home/mou/dls" "compress=zstd" "discard=async" ];
40
+
options = [
41
+
"subvol=@home/mou/dls"
42
+
"compress=zstd"
43
+
"discard=async"
44
+
];
29
45
};
30
46
"/home/mou/doc" = {
31
47
device = disk;
32
48
fsType = "btrfs";
33
-
options = [ "subvol=@home/mou/doc" "compress=zstd" "discard=async" ];
49
+
options = [
50
+
"subvol=@home/mou/doc"
51
+
"compress=zstd"
52
+
"discard=async"
53
+
];
34
54
};
35
55
"/home/mou/.local" = {
36
56
device = disk;
37
57
fsType = "btrfs";
38
-
options = [ "subvol=@home/mou/local" "compress=zstd" "discard=async" ];
58
+
options = [
59
+
"subvol=@home/mou/local"
60
+
"compress=zstd"
61
+
"discard=async"
62
+
];
39
63
};
40
64
"/home/mou/misc" = {
41
65
device = disk;
42
66
fsType = "btrfs";
43
-
options = [ "subvol=@home/mou/misc" "compress=zstd" "discard=async" ];
67
+
options = [
68
+
"subvol=@home/mou/misc"
69
+
"compress=zstd"
70
+
"discard=async"
71
+
];
44
72
};
45
73
"/home/mou/pic" = {
46
74
device = disk;
47
75
fsType = "btrfs";
48
-
options = [ "subvol=@home/mou/pic" "compress=zstd" "discard=async" ];
76
+
options = [
77
+
"subvol=@home/mou/pic"
78
+
"compress=zstd"
79
+
"discard=async"
80
+
];
49
81
};
50
82
"/home/mou/vid" = {
51
83
device = disk;
52
84
fsType = "btrfs";
53
-
options = [ "subvol=@home/mou/vid" "compress=zstd" "discard=async" ];
85
+
options = [
86
+
"subvol=@home/mou/vid"
87
+
"compress=zstd"
88
+
"discard=async"
89
+
];
54
90
};
55
91
};
56
92
+2
-2
modules/home.nix
+2
-2
modules/home.nix
+2
-1
modules/im.nix
+2
-1
modules/im.nix
+2
-1
modules/kde.nix
+2
-1
modules/kde.nix
+2
-1
modules/machine-id.nix
+2
-1
modules/machine-id.nix
+2
-1
modules/machineInfo.nix
+2
-1
modules/machineInfo.nix
+52
-28
modules/mounts.nix
+52
-28
modules/mounts.nix
···
1
-
{ ... }: {
2
-
fileSystems = let disk = "/dev/disk/by-uuid/7bf830d4-189d-4e9b-bcb0-565f4ac69e67"; in {
3
-
"/" = {
4
-
device = "none";
5
-
fsType = "tmpfs";
6
-
options = [ "defaults" "mode=755" ];
7
-
};
8
-
"/data" = {
9
-
device = disk;
10
-
fsType = "btrfs";
11
-
options = [ "subvol=@nixos/data" "compress=zstd" "discard=async" ];
12
-
neededForBoot = true;
13
-
};
14
-
"/nix" = {
15
-
device = disk;
16
-
fsType = "btrfs";
17
-
options = [ "subvol=@nixos/nix" "compress=zstd" "discard=async" ];
18
-
};
19
-
"/config" = {
20
-
device = disk;
21
-
fsType = "btrfs";
22
-
options = [ "subvol=@nixos/config" "compress=zstd" "discard=async" ];
23
-
};
24
-
"/boot" = {
25
-
device = "/dev/disk/by-uuid/862D-85DB";
26
-
fsType = "vfat";
27
-
options = [ "fmask=0077" "dmask=0077" "defaults" ];
1
+
{ ... }:
2
+
{
3
+
fileSystems =
4
+
let
5
+
disk = "/dev/disk/by-uuid/7bf830d4-189d-4e9b-bcb0-565f4ac69e67";
6
+
in
7
+
{
8
+
"/" = {
9
+
device = "none";
10
+
fsType = "tmpfs";
11
+
options = [
12
+
"defaults"
13
+
"mode=755"
14
+
];
15
+
};
16
+
"/data" = {
17
+
device = disk;
18
+
fsType = "btrfs";
19
+
options = [
20
+
"subvol=@nixos/data"
21
+
"compress=zstd"
22
+
"discard=async"
23
+
];
24
+
neededForBoot = true;
25
+
};
26
+
"/nix" = {
27
+
device = disk;
28
+
fsType = "btrfs";
29
+
options = [
30
+
"subvol=@nixos/nix"
31
+
"compress=zstd"
32
+
"discard=async"
33
+
];
34
+
};
35
+
"/config" = {
36
+
device = disk;
37
+
fsType = "btrfs";
38
+
options = [
39
+
"subvol=@nixos/config"
40
+
"compress=zstd"
41
+
"discard=async"
42
+
];
43
+
};
44
+
"/boot" = {
45
+
device = "/dev/disk/by-uuid/862D-85DB";
46
+
fsType = "vfat";
47
+
options = [
48
+
"fmask=0077"
49
+
"dmask=0077"
50
+
"defaults"
51
+
];
52
+
};
28
53
};
29
-
};
30
54
}
+10
-7
modules/netbird.nix
+10
-7
modules/netbird.nix
···
1
-
{ config, ... }: {
2
-
environment.persistence."/data/persistent".directories = [{
3
-
directory = config.services.netbird.clients.homelab.dir.state;
4
-
mode = "0700";
5
-
user = config.services.netbird.clients.homelab.user.name;
6
-
group = config.services.netbird.clients.homelab.user.group;
7
-
}];
1
+
{ config, ... }:
2
+
{
3
+
environment.persistence."/data/persistent".directories = [
4
+
{
5
+
directory = config.services.netbird.clients.homelab.dir.state;
6
+
mode = "0700";
7
+
user = config.services.netbird.clients.homelab.user.name;
8
+
group = config.services.netbird.clients.homelab.user.group;
9
+
}
10
+
];
8
11
9
12
services.netbird.clients.homelab = {
10
13
port = 51820;
+6
-2
modules/nix.nix
+6
-2
modules/nix.nix
···
1
-
{ nixpkgs, pkgs, ... }: {
1
+
{ nixpkgs, pkgs, ... }:
2
+
{
2
3
systemd = {
3
4
services.nix-daemon.environment.TMPDIR = "/nix/tmp";
4
5
tmpfiles.rules = [ "d /nix/tmp - root root 1d" ];
···
21
22
auto-optimise-store = true;
22
23
build-dir = "/nix/tmp";
23
24
download-buffer-size = 134217728;
24
-
experimental-features = [ "nix-command" "flakes" ];
25
+
experimental-features = [
26
+
"nix-command"
27
+
"flakes"
28
+
];
25
29
keep-going = true;
26
30
use-xdg-base-directories = true;
27
31
};
+2
-1
modules/openssh.nix
+2
-1
modules/openssh.nix
+10
-8
modules/packages/buildConfig/default.nix
+10
-8
modules/packages/buildConfig/default.nix
···
1
-
{ age
2
-
, coreutils
3
-
, git
4
-
, nettools
5
-
, nixos-rebuild
6
-
, sops
7
-
, writeShellApplication
8
-
}: writeShellApplication {
1
+
{
2
+
age,
3
+
coreutils,
4
+
git,
5
+
nettools,
6
+
nixos-rebuild,
7
+
sops,
8
+
writeShellApplication,
9
+
}:
10
+
writeShellApplication {
9
11
name = "buildConfig";
10
12
runtimeInputs = [
11
13
age
+6
-1
modules/packages/nixos-rebuild-tmpdir.nix
+6
-1
modules/packages/nixos-rebuild-tmpdir.nix
···
2
2
# nixos-rebuild is a shellscript and inside that shellscript they create a tmpdir using mktemp.
3
3
# This is fine, but TMPDIR environment variable isn't available at this point, so mktemp puts the
4
4
# directory in the wrong place.
5
-
{ makeWrapper, nixos-rebuild, symlinkJoin }: symlinkJoin {
5
+
{
6
+
makeWrapper,
7
+
nixos-rebuild,
8
+
symlinkJoin,
9
+
}:
10
+
symlinkJoin {
6
11
name = "nixos-rebuild-tmpdir";
7
12
paths = [ nixos-rebuild ];
8
13
buildInputs = [ makeWrapper ];
+2
-1
modules/printing.nix
+2
-1
modules/printing.nix
+18
-5
modules/remoteBuildMachines.nix
+18
-5
modules/remoteBuildMachines.nix
···
1
-
{ config, lib, ... }: {
1
+
{ config, lib, ... }:
2
+
{
2
3
nix = {
3
4
buildMachines = [
4
5
(lib.mkIf (config.networking.hostName != "lily") {
···
6
7
system = "x86_64-linux";
7
8
maxJobs = 1;
8
9
speedFactor = 1;
9
-
supportedFeatures = [ "benchmark" "big-parallel" "kvm" "nixos-test" ];
10
+
supportedFeatures = [
11
+
"benchmark"
12
+
"big-parallel"
13
+
"kvm"
14
+
"nixos-test"
15
+
];
10
16
protocol = "ssh-ng";
11
17
sshKey = "/data/nixremote/id_ed25519";
12
18
sshUser = "nixremote";
13
-
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5hUmVOTStlU0l6Ylp2cWFoYU"
19
+
publicHostKey =
20
+
"c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5hUmVOTStlU0l6Ylp2cWFoYU"
14
21
+ "FsYW5mMHo4OXJKUUlZV3gvcmxhUzRmMVkgcm9vdEBsaWx5Cg==";
15
22
})
16
23
(lib.mkIf (config.networking.hostName != "lutea") {
···
18
25
system = "x86_64-linux";
19
26
maxJobs = 1;
20
27
speedFactor = 2;
21
-
supportedFeatures = [ "benchmark" "big-parallel" "kvm" "nixos-test" ];
28
+
supportedFeatures = [
29
+
"benchmark"
30
+
"big-parallel"
31
+
"kvm"
32
+
"nixos-test"
33
+
];
22
34
protocol = "ssh-ng";
23
35
sshKey = "/data/nixremote/id_ed25519";
24
36
sshUser = "nixremote";
25
-
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNOTVR4YTJ6Um1ISVh0M0FSbE"
37
+
publicHostKey =
38
+
"c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNOTVR4YTJ6Um1ISVh0M0FSbE"
26
39
+ "NwbGJvV1JkQ3NBbURsTjhnRExpazR2TnMgcm9vdEBsdXRlYQo=";
27
40
})
28
41
];
+2
-1
modules/remoteBuilder.nix
+2
-1
modules/remoteBuilder.nix
+6
-2
modules/services/caddy.nix
+6
-2
modules/services/caddy.nix
+25
-12
modules/services/dendrite.nix
+25
-12
modules/services/dendrite.nix
···
1
-
{ config, ... }: {
1
+
{ config, ... }:
2
+
{
2
3
imports = [ ./postgresql.nix ];
3
4
4
5
sops = {
···
8
9
'';
9
10
};
10
11
11
-
environment.persistence."/data/persistent".directories = [{
12
-
directory = "/var/lib/private/dendrite";
13
-
mode = "0700";
14
-
}];
12
+
environment.persistence."/data/persistent".directories = [
13
+
{
14
+
directory = "/var/lib/private/dendrite";
15
+
mode = "0700";
16
+
}
17
+
];
15
18
16
-
networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 8008 ];
19
+
networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts =
20
+
[ 8008 ];
17
21
18
22
services.postgresql = {
19
23
ensureDatabases = [ "dendrite" ];
20
-
ensureUsers = [{
21
-
name = "dendrite";
22
-
ensureDBOwnership = true;
23
-
}];
24
+
ensureUsers = [
25
+
{
26
+
name = "dendrite";
27
+
ensureDBOwnership = true;
28
+
}
29
+
];
24
30
};
25
31
26
32
systemd.services.dendrite.requires = [ "postgresql.service" ];
···
69
75
relay_api.database.connection_string = "";
70
76
key_server.database.connection_string = "";
71
77
logging = [
72
-
{ type = "std"; level = "warn"; }
73
-
{ type = "file"; level = "info"; params.path = "./logs"; }
78
+
{
79
+
type = "std";
80
+
level = "warn";
81
+
}
82
+
{
83
+
type = "file";
84
+
level = "info";
85
+
params.path = "./logs";
86
+
}
74
87
];
75
88
};
76
89
openRegistration = false;
+13
-6
modules/services/dufs.nix
+13
-6
modules/services/dufs.nix
···
1
-
{ config, lib, pkgs, ... }:
1
+
{
2
+
config,
3
+
lib,
4
+
pkgs,
5
+
...
6
+
}:
2
7
let
3
8
servePath = "/data/dufs";
4
-
dufsConfig = pkgs.writeText "config.yaml" (lib.generators.toYAML { } {
5
-
allow-all = true;
6
-
compress = "high";
7
-
serve-path = "${servePath}";
8
-
});
9
+
dufsConfig = pkgs.writeText "config.yaml" (
10
+
lib.generators.toYAML { } {
11
+
allow-all = true;
12
+
compress = "high";
13
+
serve-path = "${servePath}";
14
+
}
15
+
);
9
16
startDufs = pkgs.writeShellScript "dufsStart" ''
10
17
export DUFS_AUTH="mou:$(${pkgs.coreutils}/bin/cat ${config.sops.secrets."dufs/mouPW".path})@/:rw"
11
18
exec ${pkgs.dufs}/bin/dufs -c ${dufsConfig}
+2
-1
modules/services/esquid.nix
+2
-1
modules/services/esquid.nix
+10
-7
modules/services/i2pd.nix
+10
-7
modules/services/i2pd.nix
···
1
-
{ ... }: {
2
-
environment.persistence."/data/persistent".directories = [{
3
-
directory = "/var/lib/i2pd";
4
-
user = "i2pd";
5
-
group = "i2pd";
6
-
mode = "0700";
7
-
}];
1
+
{ ... }:
2
+
{
3
+
environment.persistence."/data/persistent".directories = [
4
+
{
5
+
directory = "/var/lib/i2pd";
6
+
user = "i2pd";
7
+
group = "i2pd";
8
+
mode = "0700";
9
+
}
10
+
];
8
11
9
12
networking.firewall = {
10
13
allowedUDPPorts = [ 28381 ];
+6
-2
modules/services/libvirt.nix
+6
-2
modules/services/libvirt.nix
···
1
-
{ pkgs, ... }: {
1
+
{ pkgs, ... }:
2
+
{
2
3
hardware.graphics.enable = true;
3
-
users.users.mou.extraGroups = [ "libvirtd" "kvm" ];
4
+
users.users.mou.extraGroups = [
5
+
"libvirtd"
6
+
"kvm"
7
+
];
4
8
environment.persistence."/data/persistent".directories = [ "/var/lib/libvirt" ];
5
9
6
10
virtualisation.libvirtd = {
+11
-3
modules/services/nextcloud.nix
+11
-3
modules/services/nextcloud.nix
···
1
-
{ config, lib, pkgs, ... }: {
1
+
{
2
+
config,
3
+
lib,
4
+
pkgs,
5
+
...
6
+
}:
7
+
{
2
8
environment.persistence."/data/persistent".directories = [
3
9
{
4
10
directory = "/var/lib/nextcloud";
···
40
46
};
41
47
42
48
# This is the port that nginx listens on by default
43
-
networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 80 ];
49
+
networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts =
50
+
[ 80 ];
44
51
45
52
services = {
46
53
redis.package = pkgs.valkey;
···
96
103
};
97
104
};
98
105
99
-
systemd.services.nextcloud-notify_push.environment.NEXTCLOUD_URL = lib.mkForce "http://${config.mInfo.nb-ipv4}";
106
+
systemd.services.nextcloud-notify_push.environment.NEXTCLOUD_URL =
107
+
lib.mkForce "http://${config.mInfo.nb-ipv4}";
100
108
}
+2
-1
modules/services/openssh.nix
+2
-1
modules/services/openssh.nix
+2
-1
modules/services/postgresql.nix
+2
-1
modules/services/postgresql.nix
+2
-2
modules/services/vault.nix
+2
-2
modules/services/vault.nix
+7
-1
modules/sss-mount.nix
+7
-1
modules/sss-mount.nix
+2
-1
modules/sss.nix
+2
-1
modules/sss.nix
+2
-1
modules/tools.nix
+2
-1
modules/tools.nix
+4
-3
modules/unfree.nix
+4
-3
modules/unfree.nix
···
1
-
{ config, lib, ... }: {
1
+
{ config, lib, ... }:
2
+
{
2
3
options.unfree.allowed = lib.mkOption {
3
4
type = with lib.types; listOf str;
4
5
default = [ ];
5
6
description = "A list of unfree packages that are allowed to be installed";
6
7
};
7
8
8
-
config.nixpkgs.config.allowUnfreePredicate = pkg:
9
-
builtins.elem (lib.getName pkg) config.unfree.allowed;
9
+
config.nixpkgs.config.allowUnfreePredicate =
10
+
pkg: builtins.elem (lib.getName pkg) config.unfree.allowed;
10
11
}
+12
-6
modules/vpn.nix
+12
-6
modules/vpn.nix
···
1
-
{ config, ... }: {
1
+
{ config, ... }:
2
+
{
2
3
sops.secrets."protonvpn-privateKey" = { };
3
4
4
5
networking.wg-quick.interfaces.protonvpn = {
5
6
address = [ "10.2.0.2/32" ];
6
7
privateKeyFile = config.sops.secrets."protonvpn-privateKey".path;
7
8
dns = [ "10.2.0.1" ];
8
-
peers = [{
9
-
publicKey = "lHEn/qdFKAZZjGWD3gAN1QBxuEZly7pSqaqRQRIW2hI=";
10
-
endpoint = "149.22.94.55:51820";
11
-
allowedIPs = [ "0.0.0.0/0" "::/0" ];
12
-
}];
9
+
peers = [
10
+
{
11
+
publicKey = "lHEn/qdFKAZZjGWD3gAN1QBxuEZly7pSqaqRQRIW2hI=";
12
+
endpoint = "149.22.94.55:51820";
13
+
allowedIPs = [
14
+
"0.0.0.0/0"
15
+
"::/0"
16
+
];
17
+
}
18
+
];
13
19
};
14
20
}