derped/nixos
1
0
Fork 0
Code Releases Activity

Format the entire project.

Browse source
This commit is contained in:
Kevin Baensch 2023-09-11 20:23:04 +02:00
parent 1dc50ae17d
commit 6f9db5e3a4
Signed by: derped
GPG key ID: C0F1D326C7626543
115 changed files with 3451 additions and 2901 deletions
Download patch file Download diff file Expand all files Collapse all files

46
machines/Lilim/configuration.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
services.cron.enable = false;
networking.dhcpcd.extraConfig = "noarp";
@ -8,10 +10,30 @@
# low latency audio stuff
security.pam.loginLimits = [
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
{ domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; }
{ domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; }
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
];
environment = {
etc = {
@ -20,11 +42,11 @@
'';
};
variables = {
DSSI_PATH = "$HOME/.dssi:$HOME/.nix-profile/lib/dssi:/run/current-system/sw/lib/dssi";
DSSI_PATH = "$HOME/.dssi:$HOME/.nix-profile/lib/dssi:/run/current-system/sw/lib/dssi";
LADSPA_PATH = "$HOME/.ladspa:$HOME/.nix-profile/lib/ladspa:/run/current-system/sw/lib/ladspa";
LV2_PATH = "$HOME/.lv2:$HOME/.nix-profile/lib/lv2:/run/current-system/sw/lib/lv2";
LXVST_PATH = "$HOME/.lxvst:$HOME/.nix-profile/lib/lxvst:/run/current-system/sw/lib/lxvst";
VST_PATH = "$HOME/.vst:$HOME/.nix-profile/lib/vst:/run/current-system/sw/lib/vst";
LV2_PATH = "$HOME/.lv2:$HOME/.nix-profile/lib/lv2:/run/current-system/sw/lib/lv2";
LXVST_PATH = "$HOME/.lxvst:$HOME/.nix-profile/lib/lxvst:/run/current-system/sw/lib/lxvst";
VST_PATH = "$HOME/.vst:$HOME/.nix-profile/lib/vst:/run/current-system/sw/lib/vst";
};
};
services = {
@ -38,8 +60,8 @@
};
};
boot = {
kernelModules = [ "snd-usb-audio" "snd-aloop" "snd-seq" "snd-rawmidi" ];
kernelParams = [ "threadirq" ];
kernelModules = ["snd-usb-audio" "snd-aloop" "snd-seq" "snd-rawmidi"];
kernelParams = ["threadirq"];
extraModprobeConfig = ''
options snd-usb-audio nrpacks=1
'';

51
machines/Lilim/hardware-configuration.nix
View file

@ -1,32 +1,35 @@
{ nixpkgs, config, pkgs, ... }:
let
{
nixpkgs,
config,
pkgs,
...
}: let
cfg = config.machine;
in {
imports = [ "${nixpkgs}/nixos/modules/installer/scan/not-detected.nix" ];
imports = ["${nixpkgs}/nixos/modules/installer/scan/not-detected.nix"];
boot = {
loader.systemd-boot = {
enable = true;
# signed = true;
# signing-key = "${cfg.secretPath}/secureboot/db.key";
# signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
# signed = true;
# signing-key = "${cfg.secretPath}/secureboot/db.key";
# signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
};
loader.efi.canTouchEfiVariables = true;
tmp = {
useTmpfs = true;
cleanOnBoot= true;
cleanOnBoot = true;
};
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
kernelModules = [ "acpi_call" "i915" "kvm-intel" "uinput" ];
initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"];
kernelModules = ["acpi_call" "i915" "kvm-intel" "uinput"];
# 5_10 breaks my touchpad/mouse buttons
# https://bbs.archlinux.org/viewtopic.php?id=254885
# maybe modprobe hid_rmi or i2c_i801
# blacklistedKernelModules = [ "i2c_i801" ];
extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; #pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];
kernelParams = [ "intel_iommu=on" ];
extraModulePackages = with config.boot.kernelPackages; [acpi_call]; #pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];
kernelParams = ["intel_iommu=on"];
extraModprobeConfig = ''
options i915 enable_fbc=1 enable_guc=3
'';
@ -37,26 +40,26 @@ in {
};
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b37b48a8-5dcb-4f4d-ad71-1b26500b3e5f";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/b37b48a8-5dcb-4f4d-ad71-1b26500b3e5f";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/546A-A3D1";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/546A-A3D1";
fsType = "vfat";
};
hardware = {
firmware = with pkgs; [ firmwareLinuxNonfree ];
firmware = with pkgs; [firmwareLinuxNonfree];
cpu.intel.updateMicrocode = true;
enableAllFirmware = false;
ksm.enable = true;
opengl = {
driSupport = true;
extraPackages = with pkgs; [ intel-media-driver libvdpau-va-gl libva (vaapiIntel.override {enableHybridCodec = true;}) vaapiVdpau intel-media-driver ];
extraPackages = with pkgs; [intel-media-driver libvdpau-va-gl libva (vaapiIntel.override {enableHybridCodec = true;}) vaapiVdpau intel-media-driver];
driSupport32Bit = true;
extraPackages32 = with pkgs.pkgsi686Linux; [ libvdpau-va-gl libva (vaapiIntel.override {enableHybridCodec = true;}) vaapiVdpau ];
extraPackages32 = with pkgs.pkgsi686Linux; [libvdpau-va-gl libva (vaapiIntel.override {enableHybridCodec = true;}) vaapiVdpau];
};
pulseaudio = {
@ -81,7 +84,7 @@ in {
};
services = {
upower.enable = true;
xserver.videoDrivers = [ "intel" ];
xserver.videoDrivers = ["intel"];
};
time.timeZone = "Europe/Berlin";

37
machines/Lilim/options.nix
View file

@ -1,8 +1,9 @@
{ pkgs, lib, ... }:
with lib;
{
pkgs,
lib,
...
}:
with lib; {
imports = [
../../options/copySysConf.nix
];
@ -13,7 +14,12 @@ with lib;
enable = true;
waitOnline = false;
};
administrators = [ { name = "derped"; id = 1337; } ];
administrators = [
{
name = "derped";
id = 1337;
}
];
conffiles = [
"etcfiles"
"etcvars"
@ -59,15 +65,26 @@ with lib;
"cups"
"mullvad"
"mariaDB"
"docker" "podman"
"docker"
"podman"
];
firewall = {
enable = true;
allowPing = true;
allowedUDPPorts = [ 24642 ];
allowedTCPPorts = [ 24642 ];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedUDPPorts = [24642];
allowedTCPPorts = [24642];
allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
};
};

6
machines/Lilim/sops.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
sops = {
defaultSopsFile = ./secrets.yaml;
age = {

4
machines/Marid/configuration.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
services.cron.enable = false;
security.pki.certificateFiles = [
./certs/proxy

35
machines/Marid/hardware-configuration.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, modulesPath, ... }:
let
{
config,
pkgs,
modulesPath,
...
}: let
cfg = config.machine;
in {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
loader.systemd-boot = {
@ -12,12 +15,12 @@ in {
loader.efi.canTouchEfiVariables = true;
tmp = {
useTmpfs = true;
cleanOnBoot= true;
cleanOnBoot = true;
};
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
kernelModules = [ "kvm-amd" ];
initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
kernelModules = ["kvm-amd"];
kernelParams = [
# get backlight service to work part one (fixes systemd backlight service)
"acpi_backlight=native"
@ -29,18 +32,18 @@ in {
};
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/cf8db7d5-5da7-4fb9-818d-ed5dd2815f0d";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/cf8db7d5-5da7-4fb9-818d-ed5dd2815f0d";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/96E4-9DF3";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/96E4-9DF3";
fsType = "vfat";
};
hardware = {
firmware = with pkgs; [ firmwareLinuxNonfree ];
firmware = with pkgs; [firmwareLinuxNonfree];
enableAllFirmware = true;
ksm.enable = true;
opengl = {

26
machines/Marid/options.nix
View file

@ -1,15 +1,21 @@
{ pkgs, lib, ... }:
with lib;
{
pkgs,
lib,
...
}:
with lib; {
imports = [
../../options/copySysConf.nix
];
config.machine = {
allowUnfree = true;
hostName = "Marid";
administrators = [ { name = "derped"; id = 1337; } ];
administrators = [
{
name = "derped";
id = 1337;
}
];
conffiles = [
"etcfiles"
"etcvars"
@ -37,7 +43,7 @@ with lib;
"emacs::org"
"emacs::php-mode"
"emacs::web-mode"
"emacs::yasnippet"
"emacs::yasnippet"
"extra"
"mail_utils"
"python3"
@ -53,10 +59,10 @@ with lib;
firewall = {
enable = true;
allowPing = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedUDPPortRanges = [ ];
allowedTCPPortRanges = [ ];
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
};
};

6
machines/Marid/sops.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
sops = {
defaultSopsFile = ./secrets.yaml;
age = {

15
machines/Ophanim/configuration.nix
View file

@ -1,17 +1,16 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
system.autoUpgrade.enable = false;
# services.vsftp = {
# enable = true;
# ssl_sslv3 = true;
# forceLocalDataSSL = true;
# writeEnable = false;
# userlist = [];
# };
# services.vsftp = {
# enable = true;
# ssl_sslv3 = true;
# forceLocalDataSSL = true;
# writeEnable = false;
# userlist = [];
# };
services.haveged.enable = true;
programs.zsh.promptInit = ''PROMPT="%(!.%B%F{magenta}.%B%F{cyan}%n@)%m %F{blue}%(!.%1~.%~) ''${vcs_info_msg_0_}%F{blue}%(!.#.$)%k%b%f "'';

28
machines/Ophanim/hardware-configuration.nix
View file

@ -1,15 +1,17 @@
{ nixpkgs, pkgs, ... }:
{
imports =
[ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
];
nixpkgs,
pkgs,
...
}: {
imports = [
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
];
boot = {
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod"];
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ ];
extraModulePackages = [ ];
kernelModules = [];
extraModulePackages = [];
loader.grub = {
enable = true;
device = "/dev/sda"; # or "nodev" for efi only
@ -18,10 +20,10 @@
time.timeZone = "Europe/Berlin";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/fa0c2ff3-59f9-4c00-8153-c2c2ef0f0e84";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/fa0c2ff3-59f9-4c00-8153-c2c2ef0f0e84";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
}

61
machines/Ophanim/options.nix
View file

@ -1,15 +1,26 @@
{ config, lib, ... }:
with lib;
let
{
config,
lib,
...
}:
with lib; let
cfg = config.machine;
in {
config.machine = rec {
hostName = "Ophanim";
domain = "ophanim.de";
administrators = [ { name = "derped"; id = 1337; } ];
mailAccounts = [ { name = "derped"; aliases = [ "postmaster" "baensch" ]; } ];
administrators = [
{
name = "derped";
id = 1337;
}
];
mailAccounts = [
{
name = "derped";
aliases = ["postmaster" "baensch"];
}
];
allowUnfree = true;
conffiles = [
"etcvars"
@ -23,26 +34,40 @@ in {
services = [
"acme"
"gitea"
# "hydra"
# "hydra"
"mailserver"
"mariaDB"
"nextcloud"
"nginx"
"openssh"
];
vHosts = (let base = domain; in [
{ domain = base; service = "simple"; }
# { domain = "builder.${base}"; service = "hydra"; }
# { domain = "cache.${base}"; service = "cache"; }
{ domain = "storage.${base}"; service = "nextcloud"; }
{ domain = "mail.${base}"; service = "mail"; }
{ domain = "git.${base}"; service = "gitea"; }
]);
vHosts = let
base = domain;
in [
{
domain = base;
service = "simple";
}
# { domain = "builder.${base}"; service = "hydra"; }
# { domain = "cache.${base}"; service = "cache"; }
{
domain = "storage.${base}";
service = "nextcloud";
}
{
domain = "mail.${base}";
service = "mail";
}
{
domain = "git.${base}";
service = "gitea";
}
];
firewall = {
enable = true;
allowPing = false;
allowedUDPPorts = [ 22 80 443 7776 ];
allowedTCPPorts = [ 80 443 7776 ];
allowedUDPPorts = [22 80 443 7776];
allowedTCPPorts = [80 443 7776];
};
};
}

6
machines/Ophanim/sops.nix
View file

@ -1,6 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
sops = {
defaultSopsFile = ./secrets.yaml;
age = {