diff --git a/flake.nix b/flake.nix index 4c53f34..35d8c1d 100755 --- a/flake.nix +++ b/flake.nix @@ -1,48 +1,22 @@ { description = "Home Manager && NixOS configuration"; - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nix-index-database.url = "github:nix-community/nix-index-database"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - deploy-rs = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - pre-commit-hooks = { - url = "github:cachix/pre-commit-hooks.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/24.05"; + pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; + sops-nix.url = "github:Mic92/sops-nix"; + tfa.url = "github:iofq/2fa"; + treefmt-nix.url = "github:numtide/treefmt-nix"; + home-manager = { url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; nvim = { url = "github:iofq/nvim.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - tfa = { - url = "github:iofq/2fa"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - ethereum-nix = { - #url = "github:nix-community/ethereum.nix"; - url = "git+file:///home/e/dev/ethereum.nix/"; - }; - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - microvm = { - url = "github:astro/microvm.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; }; outputs = { @@ -59,12 +33,13 @@ inherit system; config.allowUnfree = true; overlays = [ - (final: _prev: - { - inherit (inputs.nvim.packages.${final.system}) full; - inherit (inputs.tfa.packages.${final.system}) twofa; - } - // import ./overlay.nix {inherit pkgs;}) + (final: _prev: { + steam = pkgs.writeShellScriptBin "steam" '' + flatpak run com.valvesoftware.Steam -pipewire "$@" + ''; + inherit (inputs.nvim.packages.${final.system}) full; + inherit (inputs.tfa.packages.${final.system}) twofa; + }) ]; }; eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system}); @@ -72,33 +47,13 @@ in { nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system;}; homeConfigurations = import ./home-manager {inherit inputs pkgs attrs;}; - deploy.nodes = { - htz = { - hostname = "htz"; - sshUser = "e"; - remoteBuild = true; - profiles.system = { - user = "root"; - path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.htz; - }; - }; - racknerd = { - hostname = "racknerd"; - sshUser = "e"; - remoteBuild = true; - profiles.system = { - user = "root"; - path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.rknrd; - }; - }; - }; checks = { pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { src = ./.; hooks = { treefmt.enable = true; + treefmt.package = treefmtEval.${system}.config.build.wrapper; }; - settings.treefmt.package = treefmtEval.${system}.config.build.wrapper; }; }; formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper); @@ -111,7 +66,6 @@ pkgs.ssh-to-age pkgs.sops pkgs.age - inputs.deploy-rs.packages.${system}.deploy-rs treefmtEval.${system}.config.build.wrapper ]; }; diff --git a/home-manager/default.nix b/home-manager/default.nix index 27ca268..ad985cc 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -29,9 +29,6 @@ inherit (attrs) username; }; }; - modules = [ - ./home.nix - ./min.nix - ]; + modules = [./home.nix]; }; } diff --git a/home-manager/min.nix b/home-manager/min.nix deleted file mode 100644 index 5c903a1..0000000 --- a/home-manager/min.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: { - home = { - username = "e"; - }; -} diff --git a/home-manager/shared/programs/2fa/default.nix b/home-manager/shared/programs/2fa/default.nix index b33f5d3..c804a0b 100755 --- a/home-manager/shared/programs/2fa/default.nix +++ b/home-manager/shared/programs/2fa/default.nix @@ -4,7 +4,9 @@ ]; programs.gpg = { enable = true; - settings = {pinentry-mode = "loopback";}; + settings = { + pinentry-mode = "loopback"; + }; }; services.gpg-agent = { enable = true; diff --git a/home-manager/shared/programs/dev/default.nix b/home-manager/shared/programs/dev/default.nix index d89b350..88dfd7f 100644 --- a/home-manager/shared/programs/dev/default.nix +++ b/home-manager/shared/programs/dev/default.nix @@ -12,5 +12,6 @@ gnumake go jq + awscli ]; } diff --git a/home-manager/shared/programs/nvim/default.nix b/home-manager/shared/programs/nvim/default.nix index 035d976..a6cd6c7 100755 --- a/home-manager/shared/programs/nvim/default.nix +++ b/home-manager/shared/programs/nvim/default.nix @@ -1,5 +1,5 @@ {pkgs, ...}: { home.packages = with pkgs; [ - full + neovim ]; } diff --git a/home-manager/t14/home.nix b/home-manager/t14/home.nix index 25dc7f2..eb112a4 100755 --- a/home-manager/t14/home.nix +++ b/home-manager/t14/home.nix @@ -13,20 +13,22 @@ steam prismlauncher runelite - jdk17 + jdk21 # comms signal-desktop discord # apps - chromium + (chromium.override {commandLineArgs = "--load-media-router-component-extension=1";}) pcmanfm feh ffmpeg mpv + vlc wdisplays piper + calibre # font spleen @@ -47,6 +49,10 @@ hostname = "htz.10110110.xyz"; identityFile = "/home/e/.ssh/id_ed25519"; }; + "ocx" = { + hostname = "ocx.10110110.xyz"; + identityFile = "/home/e/.ssh/oracle"; + }; }; }; fonts.fontconfig.enable = lib.mkForce true; diff --git a/nixos/default.nix b/nixos/default.nix index d59b69d..e21a373 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -26,19 +26,4 @@ in { inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 ]; }; - rknrd = inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs system pkgs; - host = { - hostName = "rknrd"; - inherit (attrs) username; - }; - }; - modules = - defaultModules - ++ [ - ./configuration.nix - ./racknerd/configuration.nix - ]; - }; } diff --git a/nixos/racknerd/configuration.nix b/nixos/racknerd/configuration.nix deleted file mode 100644 index ef58305..0000000 --- a/nixos/racknerd/configuration.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - inputs, - pkgs, - config, - ... -}: { - imports = [ - ./hardware-configuration.nix - ./minecraft.nix - inputs.ethereum-nix.nixosModules.default - ]; - environment.systemPackages = with pkgs; [ - nfs-utils - vim - inputs.ethereum-nix.packages.${system}.rocketpool - docker-compose - ]; - environment.interactiveShellInit = '' - alias rp='rocketpool --allow-root' - ''; - virtualisation = { - docker = { - enable = true; - }; - }; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = false; - - networking = { - hostName = "rknrd"; - nameservers = [ - "1.1.1.1" - "8.8.8.8" - ]; - firewall = { - enable = true; - allowedTCPPorts = [22]; - allowedUDPPorts = []; - logRefusedConnections = true; - }; - }; - - services.openssh.enable = true; - services.tailscale.enable = true; - users.users = { - root = { - openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14'']; - }; - e = { - isNormalUser = true; - extraGroups = ["wheel" "docker"]; - openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14'']; - }; - }; - virtualisation.oci-containers.containers = { - signal-api = { - image = "bbernhard/signal-cli-rest-api:latest"; - ports = ["100.73.10.99:8080:8080"]; - volumes = [ - "/root/signal-cli:/home/.local/share/signal-cli" - ]; - }; - }; - systemd.timers."signal-upload" = { - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = "*:0/5"; - Unit = "signal-upload.service"; - }; - }; - systemd.services."signal-upload" = { - script = '' - ${pkgs.curl}/bin/curl -X GET -H "Content-Type application/json" 'http://rknrd.tailc353f.ts.net:8080/v1/receive/+14145029897' && ${pkgs.docker}/bin/docker run --rm --env-file=${config.sops.secrets."b2-photos-s3/env".path} -v /root/signal-cli/attachments:/root/data public.ecr.aws/aws-cli/aws-cli s3 mv /root/data/ s3://iofq-photos/signal --endpoint-url=https://s3.us-west-004.backblazeb2.com --recursive - ''; - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; - }; - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = ["e"]; - system.stateVersion = "22.11"; -} diff --git a/nixos/racknerd/hardware-configuration.nix b/nixos/racknerd/hardware-configuration.nix deleted file mode 100755 index d575822..0000000 --- a/nixos/racknerd/hardware-configuration.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - modulesPath, - ... -}: { - imports = [(modulesPath + "/profiles/qemu-guest.nix")]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - boot.loader.grub.device = "/dev/vda"; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; - boot.initrd.kernelModules = ["nvme"]; - fileSystems."/" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - swapDevices = [{device = "/dev/vda2";}]; -} diff --git a/nixos/racknerd/minecraft.nix b/nixos/racknerd/minecraft.nix deleted file mode 100644 index c428929..0000000 --- a/nixos/racknerd/minecraft.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - config, - pkgs, - ... -}: { - sops = { - defaultSopsFile = ../../secrets/restic.yaml; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - secrets = { - "b2-minecraft/env" = {}; - "b2-minecraft/repo" = {}; - "b2-minecraft/password" = {}; - "b2-photos-s3/env" = {}; - }; - }; - services.restic.backups = { - b2-minecraft = { - initialize = true; - environmentFile = config.sops.secrets."b2-minecraft/env".path; - repositoryFile = config.sops.secrets."b2-minecraft/repo".path; - passwordFile = config.sops.secrets."b2-minecraft/password".path; - - paths = [ - "/var/lib/minecraft" - ]; - timerConfig = { - OnCalendar = "00:05"; - }; - pruneOpts = [ - "--keep-daily 3" - "--keep-weekly 1" - "--keep-monthly 1" - ]; - }; - }; - services.minecraft-server = { - enable = true; - eula = true; - openFirewall = true; - declarative = true; - package = "${pkgs.minecraft-server}"; - serverProperties = { - white-list = true; - server-port = 25565; - gamemode = "survival"; - enable-command-block = "true"; - motd = "whaa"; - max-players = "10"; - view-distance = 16; - }; - whitelist = { - cjriddz = "cf36e5f7-6e7f-490a-ba76-65016338e7b4"; - k359 = "a5ccc07c-144d-4dd0-b07c-48c4d5302b58"; - }; - }; -} diff --git a/nixos/t14/backups.nix b/nixos/t14/backups.nix index 83b3c15..c25f9cf 100644 --- a/nixos/t14/backups.nix +++ b/nixos/t14/backups.nix @@ -25,7 +25,9 @@ OnCalendar = "01:00"; }; pruneOpts = [ - "--keep-last 14" + "--keep-daily 14" + "--keep-monthly 6" + "--keep-yearly 1" ]; }; }; diff --git a/nixos/t14/configuration.nix b/nixos/t14/configuration.nix index 1e34ae7..6c86bf9 100755 --- a/nixos/t14/configuration.nix +++ b/nixos/t14/configuration.nix @@ -1,4 +1,5 @@ { + config, pkgs, attrs, ... @@ -11,8 +12,6 @@ in { ./nano.nix ./backups.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; environment.systemPackages = with pkgs; [ cryptsetup @@ -20,9 +19,16 @@ in { ]; environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test"; + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + supportedFilesystems = ["zfs"]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + zfs.forceImportRoot = false; + }; # Networking networking = { - nameservers = ["1.1.1.1#one.one.one.one"]; + hostId = "1185c58e"; networkmanager = { enable = true; dns = "systemd-resolved"; @@ -35,16 +41,6 @@ in { logRefusedConnections = true; }; }; - services.resolved = { - enable = true; - fallbackDns = [ - "1.1.1.1#one.one.one.one" - ]; - extraConfig = '' - DNSOverTLS=yes - ''; - }; - services.tailscale.enable = true; # Services virtualisation = { @@ -53,48 +49,59 @@ in { dockerCompat = true; }; }; - programs.light.enable = true; + security.pam.services.swaylock = {}; - services.pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; - }; - programs.ssh = { - startAgent = true; - }; - services.flatpak.enable = true; - services.dbus.enable = true; - programs.hyprland.enable = true; xdg.portal = { enable = true; xdgOpenUsePortal = false; extraPortals = [pkgs.xdg-desktop-portal-gtk]; }; - - services.tlp = { - enable = true; - settings = { - WIFI_PWR_ON_BAT = "off"; - START_CHARGE_THRESH_BAT0 = 80; - STOP_CHARGE_THRESH_BAT0 = 85; - RADEON_DPM_STATE_ON_AC = "performance"; - RADEON_DPM_STATE_ON_BAT = "battery"; - RADEON_POWER_PROFILE_ON_AC = "high"; - RADEON_POWER_PROFILE_ON_BAT = "low"; + programs = { + light.enable = true; + hyprland.enable = true; + ssh = { + startAgent = true; }; }; + services = { + resolved = { + enable = true; + fallbackDns = [ + "1.1.1.1#one.one.one.one" + ]; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + tailscale.enable = true; + avahi.enable = true; # chromecast + pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + flatpak.enable = true; + dbus.enable = true; - services.ratbagd.enable = true; # Logitech - services.keyd = { - enable = true; - keyboards = { - default = { - ids = ["*"]; - settings = { - main = { - pause = "timeout(esc, 150, space)"; - scrolllock = "layer(shift)"; + tlp = { + enable = true; + settings = { + WIFI_PWR_ON_BAT = "off"; + START_CHARGE_THRESH_BAT0 = 80; + STOP_CHARGE_THRESH_BAT0 = 85; + }; + }; + ratbagd.enable = true; # Logitech + keyd = { + enable = true; + keyboards = { + default = { + ids = ["*"]; + settings = { + main = { + pause = "timeout(esc, 150, space)"; + scrolllock = "layer(shift)"; + }; }; }; }; @@ -115,6 +122,5 @@ in { spleen ]; fonts.fontconfig.defaultFonts.monospace = ["UbuntuMono"]; - boot.kernelPackages = pkgs.linuxPackages_latest; system.stateVersion = "22.11"; } diff --git a/overlay.nix b/overlay.nix index b4e66c5..7838aa0 100644 --- a/overlay.nix +++ b/overlay.nix @@ -1,5 +1,12 @@ -{pkgs, ...}: { +{ + inputs, + final, + pkgs, + ... +}: { steam = pkgs.writeShellScriptBin "steam" '' flatpak run com.valvesoftware.Steam -pipewire "$@" ''; + inherit (inputs.nvim.packages.${final.system}) full; + inherit (inputs.tfa.packages.${final.system}) twofa; }