repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

run nixfmt

Browse Source
This commit is contained in:
Joakim Repomaa
2025-03-01 13:23:01 +02:00
parent a93d4afbcf
commit 8dfc9b5a6d
51 changed files with 1611 additions and 778 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
hosts/apu/configuration.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is availanodev";
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ ssh, pkgs, config, lib, ... }:
{
ssh,
pkgs,
config,
lib,
...
}:
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
@@ -12,7 +18,10 @@
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
};
@@ -63,11 +72,28 @@
modules.firewall = {
enable = true;
interfaces = {
koti = [ "dhcp" "dns" "ssh" "web" ];
gast = [ "dhcp" "dns" ];
iot = [ "dhcp" "dns" ];
cfg = [ "dhcp" "dns" ];
"tailscale*" = [ "ssh" "web" ];
koti = [
"dhcp"
"dns"
"ssh"
"web"
];
gast = [
"dhcp"
"dns"
];
iot = [
"dhcp"
"dns"
];
cfg = [
"dhcp"
"dns"
];
"tailscale*" = [
"ssh"
"web"
];
};
allInterfaces = [ ];
};
@@ -146,7 +172,9 @@
onState = [ "routable" ];
script = ''
#!${pkgs.runtimeShell}
${pkgs.ethtool}/bin/ethtool -K ${config.systemd.network.links."10-extern0".linkConfig.Name} rx-udp-gro-forwarding on rx-gro-list off
${pkgs.ethtool}/bin/ethtool -K ${
config.systemd.network.links."10-extern0".linkConfig.Name
} rx-udp-gro-forwarding on rx-gro-list off
'';
};
};
@@ -187,13 +215,14 @@
enable = true;
settings = {
server = {
interface = (lib.map
(name: config.systemd.network.networks."30-${name}".dhcpServerConfig.DNS)
(lib.attrNames config.modules.vlans.networks)
) ++ [
"127.0.0.1"
"::1"
];
interface =
(lib.map (name: config.systemd.network.networks."30-${name}".dhcpServerConfig.DNS) (
lib.attrNames config.modules.vlans.networks
))
++ [
"127.0.0.1"
"::1"
];
access-control = [
"10.0.0.0/8 allow"
"127.0.0.0/8 allow"
@@ -224,10 +253,11 @@
"xiaomi_aqara"
"shelly"
];
extraPackages = python3Packages: with python3Packages; [
gtts
numpy
];
extraPackages =
python3Packages: with python3Packages; [
gtts
numpy
];
config = {
homeassistant = {
name = "Koti";

66
hosts/apu/hardware-configuration.nix
View File

@@ -1,41 +1,57 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/14D2-F8F4";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/14D2-F8F4";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
swapDevices = [ ];

13
hosts/freun-dev/configuration.nix
View File

@@ -2,7 +2,12 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ssh, ... }:
{
config,
pkgs,
ssh,
...
}:
let
ipv4Address = "65.21.145.150";
ipv6Address = "2a01:4f9:c011:9ac1::1";
@@ -10,7 +15,10 @@ in
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
};
gc = {
@@ -95,7 +103,6 @@ in
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Configure keymap in X11
services.xserver.xkb.layout = "us";
services.xserver.xkb.options = "eurosign:e,caps:escape";

47
hosts/freun-dev/hardware-configuration.nix
View File

@@ -1,34 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"virtio_scsi"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/f594ffbc-4553-42e4-8206-4d762c94b4c3";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/f594ffbc-4553-42e4-8206-4d762c94b4c3";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/46F1-18E3";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/46F1-18E3";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/d9955575-d4e0-4a49-a3c5-41f54110d12b"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/d9955575-d4e0-4a49-a3c5-41f54110d12b"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

64
hosts/freun-dev/secrets.nix
View File

@@ -1,34 +1,38 @@
{ lib, config, ... }:
{
age.secrets = lib.listToAttrs
(
map (secret: { name = secret; value = { file = ../../secrets/${secret}.age; }; }) [
"gotosocial"
"immich"
"readeck"
"storage-box-credentials"
"vaultwarden"
"donetick"
"dnote"
"octodns"
"mealie"
]
) // {
smtp-password = {
file = ../../secrets/smtp-password.age;
owner =
if (config.services.grafana.enable) then
config.systemd.services.grafana.serviceConfig.User
else
"root";
age.secrets =
lib.listToAttrs (
map
(secret: {
name = secret;
value = {
file = ../../secrets/${secret}.age;
};
})
[
"gotosocial"
"immich"
"readeck"
"storage-box-credentials"
"vaultwarden"
"donetick"
"dnote"
"octodns"
"mealie"
]
)
// {
smtp-password = {
file = ../../secrets/smtp-password.age;
owner =
if (config.services.grafana.enable) then
config.systemd.services.grafana.serviceConfig.User
else
"root";
};
hastebin-tokens = {
file = ../../secrets/hastebin-tokens.age;
owner = if (config.services.hastebin.enable) then config.users.users.hastebin.name else "root";
};
};
hastebin-tokens = {
file = ../../secrets/hastebin-tokens.age;
owner =
if (config.services.hastebin.enable) then
config.users.users.hastebin.name
else
"root";
};
};
}

18
hosts/freun-dev/services.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, config, inputs, ... }:
{
pkgs,
config,
inputs,
...
}:
let
immichDataDir = "/mnt/storage/immich";
syncthingDataDir = "/mnt/storage/syncthing";
@@ -37,7 +42,7 @@ in
enable = true;
records."".MX = {
ttl = 86400;
values = [{ exchange = "${smtp.host}."; }];
values = [ { exchange = "${smtp.host}."; } ];
};
defaults.CNAME.ttl = 60;
};
@@ -45,7 +50,8 @@ in
hastebin = {
enable = true;
subdomain = "bin";
renderers = with pkgs;
renderers =
with pkgs;
let
hl = rustPlatform.buildRustPackage {
name = "syntax-renderer";
@@ -143,7 +149,11 @@ in
smtp-port = smtp.port;
smtp-username = smtp.username;
smtp-from = smtp.from;
instance-languages = [ "de" "fi" "en" ];
instance-languages = [
"de"
"fi"
"en"
];
};
};

5
hosts/radish/configuration.nix
View File

@@ -2,7 +2,10 @@
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = [
"nix-command"
"flakes"
];
auto-optimise-store = true;
};

7
hosts/radish/default.nix
View File

@@ -1,6 +1,11 @@
{ inputs, ... }:
let
inherit (inputs) lanzaboote nixos-hardware auto-cpufreq home-manager;
inherit (inputs)
lanzaboote
nixos-hardware
auto-cpufreq
home-manager
;
in
{
imports = [

80
hosts/radish/hardware-configuration.nix
View File

@@ -1,56 +1,70 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/43895585-8899-4e94-a413-889127c214f8";
allowDiscards = true;
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/01E6-6258";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/01E6-6258";
fsType = "vfat";
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
swapDevices = [ {
device = "/swap/swapfile";
size = 64*1024;
} ];
swapDevices = [
{
device = "/swap/swapfile";
size = 64 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

8
hosts/radish/hardware.nix
View File

@@ -1,4 +1,10 @@
{ pkgs, inputs, lib, config, ... }:
{
pkgs,
inputs,
lib,
config,
...
}:
let
pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
in

7
hosts/radish/host.nix
View File

@@ -3,7 +3,12 @@
networking.hostName = "radish";
time.timeZone = lib.mkForce null; # allow TZ to be set by desktop user
i18n.defaultLocale = "de_DE.UTF-8";
i18n.supportedLocales = map (locale: "${locale}.UTF-8/UTF-8") [ "C" "en_US" "de_DE" "fi_FI" ];
i18n.supportedLocales = map (locale: "${locale}.UTF-8/UTF-8") [
"C"
"en_US"
"de_DE"
"fi_FI"
];
i18n.extraLocaleSettings.LANG = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";

14
hosts/radish/secrets.nix
View File

@@ -1,9 +1,15 @@
{ lib, ... }:
{
age.secrets = lib.listToAttrs
(
map (secret: { name = secret; value = { file = ../../secrets/${secret}.age; }; }) [
age.secrets = lib.listToAttrs (
map
(secret: {
name = secret;
value = {
file = ../../secrets/${secret}.age;
};
})
[
"borgbackup-radish"
]
);
);
}

14
hosts/radish/users.nix
View File

@@ -11,7 +11,17 @@
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
subUidRanges = [{ startUid = 10000; count = 65536; }];
subGidRanges = [{ startGid = 10000; count = 65536; }];
subUidRanges = [
{
startUid = 10000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 10000;
count = 65536;
}
];
};
}