iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

july rice

Browse source
This commit is contained in:
iofq 2025-07-27 22:02:16 -05:00
parent 73f2340ac0
commit 89ab499605
10 changed files with 95 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

6
home-manager/shared/programs/dev.nix
View file

@ -5,9 +5,8 @@
gnumake
jq
tree
jujutsu
jjui
emacs-nox
shellcheck
#devops
k9s
@ -22,5 +21,8 @@
#c
gcc
#llm
aider-chat
];
}

4
home-manager/shared/programs/shell/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
./tmux.nix
./git.nix
@ -92,6 +93,7 @@
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentry.package = pkgs.pinentry-curses;
extraConfig = ''
allow-loopback-pinentry
'';

2
home-manager/shared/programs/shell/fish/functions.nix
View file

@ -32,7 +32,7 @@
if set -q FISH_JJ
return 0
end
if not jj root &>/dev/null
if not jj workspace root --ignore-working-copy &>/dev/null
return 1
end

15
home-manager/shared/programs/shell/git.nix
View file

@ -25,12 +25,12 @@
programs.jujutsu = {
enable = true;
settings = {
core = {
fsmonitor = "watchman";
watchman = {
register-snapshot-trigger = false;
};
};
# core = {
# fsmonitor = "watchman";
# watchman = {
# register-snapshot-trigger = true;
# };
# };
user = {
email = "cjriddz@protonmail.com";
name = "iofq";
@ -43,9 +43,6 @@
backend = "gpg";
key = "cjriddz@protonmail.com";
};
git = {
sign-on-push = true;
};
ui = {
default-command = [ "log" ];
conflict-marker-style = "git";

2
home-manager/t14/home.nix
View file

@ -45,7 +45,7 @@
matchBlocks = {
"consensus" = {
port = 2022;
hostname = "192.168.1.251";
hostname = "consensus.tailc353f.ts.net";
identityFile = "/home/e/.ssh/id_ed25519";
};
"10110110.xyz" = {

1
nixos/configuration.nix
View file

@ -17,6 +17,7 @@
"plugdev"
"video"
"adbusers"
"network"
];
};
};

49
nixos/consensus/configuration.nix
View file

@ -26,8 +26,8 @@
tmux
];
services = {
zfs.autoScrub.enable = true;
zfs.autoSnapshot.enable = true;
# zfs.autoScrub.enable = true;
# zfs.autoSnapshot.enable = true;
tailscale.enable = true;
k3s = {
enable = true;
@ -36,16 +36,53 @@
"--disable=traefik"
];
};
fail2ban = {
enable = true;
maxretry = 5;
bantime = "1h";
ignoreIP = [
"172.16.0.0/12"
"192.168.0.0/16"
"tailc353f.ts.net"
];
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64 128 256";
maxtime = "24h";
overalljails = true;
};
};
openssh = {
enable = true;
ports = [2022];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
PermitEmptyPasswords = false;
PermitTunnel = false;
UseDns = false;
KbdInteractiveAuthentication = false;
X11Forwarding = false;
MaxAuthTries = 3;
MaxSessions = 2;
ClientAliveInterval = 300;
ClientAliveCountMax = 0;
TCPKeepAlive = false;
AllowTcpForwarding = false;
AllowAgentForwarding = false;
LogLevel = "VERBOSE";
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
immich = {
enable = true;
# enable = true;
enable = false;
port = 2283;
host = "localhost";
openFirewall = true;
@ -73,9 +110,9 @@
};
boot = {
tmp.cleanOnBoot = true;
supportedFilesystems = ["zfs"];
zfs.forceImportRoot = false;
zfs.extraPools = ["rice"];
# supportedFilesystems = ["zfs"];
# zfs.forceImportRoot = false;
# zfs.extraPools = ["rice"];
};
networking.hostId = "91238132";
zramSwap.enable = false;

15
nixos/consensus/hardware-configuration.nix
View file

@ -1,10 +1,19 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub.device = "/dev/nvme0n1";
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { device = "/dev/mapper/vg-root"; fsType = "btrfs"; };
fileSystems."/var" = { device = "/dev/mapper/vg-var"; fsType = "btrfs"; };
fileSystems."/" = {
device = "/dev/mapper/vg-root";
fsType = "btrfs";
};
fileSystems."/var" = {
device = "/dev/mapper/vg-var";
fsType = "btrfs";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

9
nixos/t14/configuration.nix
View file

@ -24,6 +24,7 @@ in {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest;
blacklistedKernelModules = ["bluetooth"];
};
# Networking
networking = {
@ -84,6 +85,7 @@ in {
];
};
ledger.enable = true;
enableAllFirmware = true;
};
services = {
resolved = {
@ -103,8 +105,8 @@ in {
tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 40;
STOP_CHARGE_THRESH_BAT0 = 80;
START_CHARGE_THRESH_BAT0 = 60;
STOP_CHARGE_THRESH_BAT0 = 90;
CPU_BOOST_ON_AC = 1;
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_AC = "performance";
@ -113,11 +115,12 @@ in {
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
PLATFORM_PROFILE_ON_BAT = "low-power";
PLATFORM_PROFILE_ON_AC = "performance";
DEVICES_TO_DISABLE_ON_STARTUP = "bluetooth";
CPU_MIN_PERF_ON_AC = 0;
CPU_MAX_PERF_ON_AC = 100;
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 20;
CPU_MAX_PERF_ON_BAT = 40;
};
};
ratbagd.enable = true; # Logitech

15
nixos/t14/hardware-configuration.nix
View file

@ -10,15 +10,20 @@
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot = {
initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
initrd.kernelModules = ["amdgpu"];
kernelModules = ["kvm-amd"];
extraModulePackages = [];
tmp = {
useTmpfs = true;
};
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/f56e8356-3915-4ff8-957c-de7f9a72b326";
fsType = "btrfs";
options = ["compress=lzo"];
};
fileSystems."/boot" = {