derped/nixos
1
0
Fork 0
Code Releases Activity

Format project using nixfmt rfc candidate.

Browse source
This commit is contained in:
Kevin Baensch 2024-11-20 20:32:38 +01:00
parent 1f63817684
commit a9f7fe416f
Signed by: derped
GPG key ID: C0F1D326C7626543
91 changed files with 1347 additions and 1000 deletions
Download patch file Download diff file Expand all files Collapse all files

14
machines/Lilim/configuration.nix
View file

@ -2,7 +2,8 @@
pkgs,
lib,
...
}: {
}:
{
services.cron.enable = false;
networking.dhcpcd.extraConfig = "noarp";
@ -56,7 +57,7 @@
};
joycond.enable = true;
udev = {
packages = [];
packages = [ ];
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
@ -64,8 +65,13 @@
};
};
boot = {
kernelModules = ["snd-usb-audio" "snd-aloop" "snd-seq" "snd-rawmidi"];
kernelParams = ["threadirq"];
kernelModules = [
"snd-usb-audio"
"snd-aloop"
"snd-seq"
"snd-rawmidi"
];
kernelParams = [ "threadirq" ];
extraModprobeConfig = ''
options snd-usb-audio nrpacks=1
'';

34
machines/Lilim/hardware-configuration.nix
View file

@ -3,10 +3,12 @@
config,
pkgs,
...
}: let
}:
let
cfg = config.machine;
in {
imports = ["${nixpkgs}/nixos/modules/installer/scan/not-detected.nix"];
in
{
imports = [ "${nixpkgs}/nixos/modules/installer/scan/not-detected.nix" ];
boot = {
loader.systemd-boot = {
@ -22,14 +24,24 @@ in {
};
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"];
kernelModules = ["acpi_call" "i915" "kvm-intel" "uinput"];
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [
"acpi_call"
"i915"
"kvm-intel"
"uinput"
];
# 5_10 breaks my touchpad/mouse buttons
# https://bbs.archlinux.org/viewtopic.php?id=254885
# maybe modprobe hid_rmi or i2c_i801
# blacklistedKernelModules = [ "i2c_i801" ];
extraModulePackages = with config.boot.kernelPackages; [acpi_call]; #pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];
kernelParams = ["intel_iommu=on"];
extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; # pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];
kernelParams = [ "intel_iommu=on" ];
extraModprobeConfig = ''
options i915 enable_fbc=1 enable_guc=3
'';
@ -51,13 +63,15 @@ in {
};
hardware = {
firmware = with pkgs; [firmwareLinuxNonfree];
firmware = with pkgs; [ firmwareLinuxNonfree ];
cpu.intel.updateMicrocode = true;
enableAllFirmware = false;
ksm.enable = true;
graphics = {
extraPackages = with pkgs; [ (intel-vaapi-driver.override { enableHybridCodec = true; }) ];
extraPackages32 = with pkgs.pkgsi686Linux; [ (intel-vaapi-driver.override { enableHybridCodec = true; }) ];
extraPackages32 = with pkgs.pkgsi686Linux; [
(intel-vaapi-driver.override { enableHybridCodec = true; })
];
};
pulseaudio = {
@ -82,7 +96,7 @@ in {
};
services = {
upower.enable = true;
xserver.videoDrivers = ["intel"];
xserver.videoDrivers = [ "intel" ];
};
environment.variables.LIBVA_DRIVER_NAME = "i915";
time.timeZone = "Europe/Berlin";

7
machines/Lilim/options.nix
View file

@ -3,7 +3,8 @@
lib,
...
}:
with lib; {
with lib;
{
imports = [
../../options/copySysConf.nix
];
@ -51,8 +52,8 @@ with lib; {
firewall = {
enable = true;
allowPing = true;
allowedUDPPorts = [24642];
allowedTCPPorts = [24642];
allowedUDPPorts = [ 24642 ];
allowedTCPPorts = [ 24642 ];
allowedUDPPortRanges = [
{
from = 1714;

3
machines/Lilim/sops.nix
View file

@ -2,7 +2,8 @@
config,
lib,
...
}: {
}:
{
sops = {
defaultSopsFile = ./secrets.yaml;
age = {

3
machines/Marid/configuration.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.cron.enable = false;
security.pki.certificateFiles = [
./certs/proxy

20
machines/Marid/hardware-configuration.nix
View file

@ -3,10 +3,12 @@
pkgs,
modulesPath,
...
}: let
}:
let
cfg = config.machine;
in {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader.systemd-boot = {
@ -19,8 +21,14 @@ in {
};
kernelPackages = pkgs.linuxPackages_latest;
initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
kernelModules = ["kvm-amd"];
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [
# get backlight service to work part one (fixes systemd backlight service)
"acpi_backlight=native"
@ -43,7 +51,7 @@ in {
};
hardware = {
firmware = with pkgs; [firmwareLinuxNonfree];
firmware = with pkgs; [ firmwareLinuxNonfree ];
enableAllFirmware = true;
ksm.enable = true;
opengl = {

11
machines/Marid/options.nix
View file

@ -3,7 +3,8 @@
lib,
...
}:
with lib; {
with lib;
{
imports = [
../../options/copySysConf.nix
];
@ -41,10 +42,10 @@ with lib; {
firewall = {
enable = true;
allowPing = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedUDPPortRanges = [ ];
allowedTCPPortRanges = [ ];
};
};

3
machines/Marid/sops.nix
View file

@ -2,7 +2,8 @@
config,
lib,
...
}: {
}:
{
sops = {
defaultSopsFile = ./secrets.yaml;
age = {

17
machines/Ophanim/hardware-configuration.nix
View file

@ -2,16 +2,23 @@
nixpkgs,
pkgs,
...
}: {
}:
{
imports = [
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
];
boot = {
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod"];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"sd_mod"
"sr_mod"
];
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [];
extraModulePackages = [];
kernelModules = [ ];
extraModulePackages = [ ];
loader.grub = {
enable = true;
device = "/dev/sda"; # or "nodev" for efi only
@ -25,5 +32,5 @@
fsType = "ext4";
};
swapDevices = [];
swapDevices = [ ];
}

78
machines/Ophanim/options.nix
View file

@ -3,9 +3,11 @@
lib,
...
}:
with lib; let
with lib;
let
cfg = config.machine;
in {
in
{
config.machine = rec {
hostName = "Ophanim";
domain = "ophanim.de";
@ -18,7 +20,10 @@ in {
mailAccounts = [
{
name = "derped";
aliases = ["postmaster" "baensch"];
aliases = [
"postmaster"
"baensch"
];
}
];
allowUnfree = true;
@ -42,37 +47,48 @@ in {
"nginx"
"openssh"
];
vHosts = let
base = domain;
in [
{
domain = base;
service = "simple";
}
# { domain = "builder.${base}"; service = "hydra"; }
# { domain = "cache.${base}"; service = "cache"; }
{
domain = "storage.${base}";
service = "nextcloud";
}
{
domain = "mail.${base}";
service = "mail";
}
{
domain = "git.${base}";
service = "forgejo";
}
{
domain = "food.${base}";
service = "tandoor";
}
];
vHosts =
let
base = domain;
in
[
{
domain = base;
service = "simple";
}
# { domain = "builder.${base}"; service = "hydra"; }
# { domain = "cache.${base}"; service = "cache"; }
{
domain = "storage.${base}";
service = "nextcloud";
}
{
domain = "mail.${base}";
service = "mail";
}
{
domain = "git.${base}";
service = "forgejo";
}
{
domain = "food.${base}";
service = "tandoor";
}
];
firewall = {
enable = true;
allowPing = false;
allowedUDPPorts = [22 80 443 7776];
allowedTCPPorts = [80 443 7776];
allowedUDPPorts = [
22
80
443
7776
];
allowedTCPPorts = [
80
443
7776
];
};
};
}

3
machines/Ophanim/sops.nix
View file

@ -2,7 +2,8 @@
config,
lib,
...
}: {
}:
{
sops = {
defaultSopsFile = ./secrets.yaml;
age = {

6
machines/Sheol/august.nix
View file

@ -18,7 +18,11 @@
};
fileSystems."/home/august/Videos" = {
device = "/mnt/WD/Videos/Movies/";
options = [ "nofail" "bind" "x-systemd.automount" ];
options = [
"nofail"
"bind"
"x-systemd.automount"
];
neededForBoot = false;
};
}

23
machines/Sheol/configuration.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services = {
avahi = {
enable = true;
@ -13,16 +14,18 @@
};
# udp5353 1024-65535
networking.firewall = let
range = {
from = 1024;
to = 65535;
networking.firewall =
let
range = {
from = 1024;
to = 65535;
};
in
{
allowedUDPPorts = [ 5353 ];
allowedUDPPortRanges = [ range ];
allowedTCPPortRanges = [ range ];
};
in {
allowedUDPPorts = [ 5353 ];
allowedUDPPortRanges = [ range ];
allowedTCPPortRanges = [ range ];
};
networking.dhcpcd.extraConfig = "noarp";
system.stateVersion = "24.05";
}

41
machines/Sheol/hardware-configuration.nix
View file

@ -1,11 +1,16 @@
{nixos-hardware, ...}: {
{ nixos-hardware, ... }:
{
imports = [
nixos-hardware.nixosModules.raspberry-pi-5
];
boot = {
kernelParams = [ "8250.nr_uarts=11" "console=ttyAMA10,9600" "console=tty0" ];
supportedFilesystems = ["btrfs"];
kernelParams = [
"8250.nr_uarts=11"
"console=ttyAMA10,9600"
"console=tty0"
];
supportedFilesystems = [ "btrfs" ];
initrd.systemd.enableTpm2 = false;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = false;
@ -14,7 +19,12 @@
"/" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=2G" "mode=755" "noexec"];
options = [
"defaults"
"size=2G"
"mode=755"
"noexec"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/F8BB-8019";
@ -23,25 +33,40 @@
"/nix" = {
device = "/dev/disk/by-uuid/7741fa2e-ce5d-4aef-bf3c-8e283e973409";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
neededForBoot = true;
};
"/persist" = {
device = "/dev/disk/by-uuid/7741fa2e-ce5d-4aef-bf3c-8e283e973409";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noexec"];
options = [
"subvol=persist"
"compress=zstd"
"noexec"
];
neededForBoot = true;
};
"/snapshots" = {
device = "/dev/disk/by-uuid/7741fa2e-ce5d-4aef-bf3c-8e283e973409";
fsType = "btrfs";
options = ["subvol=snapshots" "compress=zstd" "noexec"];
options = [
"subvol=snapshots"
"compress=zstd"
"noexec"
];
neededForBoot = false;
};
"/mnt/WD" = {
device = "/dev/disk/by-uuid/EA2866C92866947B";
fsType = "ntfs";
options = ["nofail" "x-systemd.automount"];
options = [
"nofail"
"x-systemd.automount"
];
neededForBoot = false;
};
};

3
machines/Sheol/impermanence.nix
View file

@ -1,4 +1,5 @@
{impermanence, ...}: {
{ impermanence, ... }:
{
imports = [
impermanence.nixosModules.impermanence
];

3
machines/Sheol/options.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
../../options/copySysConf.nix
];

3
machines/Sheol/sops.nix
View file

@ -2,7 +2,8 @@
config,
lib,
...
}: {
}:
{
sops = {
defaultSopsFile = ./secrets.yaml;
age = {