zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

nixpkgs-fmt everything

Browse Source
This commit is contained in:
Zuckerberg 2023-04-04 23:30:28 -06:00
parent 3c683e7b9e
commit f68a4f4431
67 changed files with 400 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/auto-update.nix
View File

@ -4,7 +4,8 @@
let
cfg = config.system.autoUpgrade;
in {
in
{
config = lib.mkIf cfg.enable {
system.autoUpgrade = {
flake = "git+https://git.neet.dev/zuckerberg/nix-config.git";

3
common/boot/bios.nix
View File

@ -3,7 +3,8 @@
with lib;
let
cfg = config.bios;
in {
in
{
options.bios = {
enable = mkEnableOption "enable bios boot";
device = mkOption {

5
common/boot/efi.nix
View File

@ -3,7 +3,8 @@
with lib;
let
cfg = config.efi;
in {
in
{
options.efi = {
enable = mkEnableOption "enable efi boot";
};
@ -19,7 +20,7 @@ in {
version = 2;
efiSupport = true;
useOSProber = true;
# memtest86.enable = true;
# memtest86.enable = true;
configurationLimit = 20;
theme = pkgs.nixos-grub2-theme;
};

3
common/boot/firmware.nix
View File

@ -3,7 +3,8 @@
with lib;
let
cfg = config.firmware;
in {
in
{
options.firmware.x86_64 = {
enable = mkEnableOption "enable x86_64 firmware";
};

18
common/boot/remote-luks-unlock.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.remoteLuksUnlock;
in {
in
{
options.remoteLuksUnlock = {
enable = lib.mkEnableOption "enable luks root remote decrypt over ssh/tor";
enableTorUnlock = lib.mkOption {
@ -61,18 +62,22 @@ in {
copy_bin_and_libs ${pkgs.haveged}/bin/haveged
'';
boot.initrd.network.postCommands = lib.mkMerge [
(''
(
''
# Add nice prompt for giving LUKS passphrase over ssh
echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile
'')
''
)
(let torRc = (pkgs.writeText "tor.rc" ''
(
let torRc = (pkgs.writeText "tor.rc" ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 22 127.0.0.1:22
''); in lib.mkIf cfg.enableTorUnlock ''
''); in
lib.mkIf cfg.enableTorUnlock ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
@ -87,7 +92,8 @@ in {
echo "tor: starting tor"
tor -f ${torRc} --verify-config
tor -f ${torRc} &
'')
''
)
];
};
}

3
common/default.nix
View File

@ -40,7 +40,8 @@ in
wget
kakoune
htop
git git-lfs
git
git-lfs
dnsutils
tmux
nethogs

3
common/flakes.nix
View File

@ -2,7 +2,8 @@
with lib;
let
cfg = config.nix.flakes;
in {
in
{
options.nix.flakes = {
enable = mkEnableOption "use nix flakes";
};

7
common/network/hosts.nix
View File

@ -22,7 +22,8 @@ let
ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion";
s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion";
};
in {
in
{
programs.ssh.knownHosts = {
ponyo = {
hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ];
@ -56,7 +57,7 @@ in {
# prebuilt cmds for easy ssh LUKS unlock
environment.shellAliases =
concatMapAttrs (host: addr: {"unlock-over-tor_${host}" = "torsocks ssh root@${addr}";}) unlock-onion-hosts
concatMapAttrs (host: addr: { "unlock-over-tor_${host}" = "torsocks ssh root@${addr}"; }) unlock-onion-hosts
//
concatMapAttrs (host: addr: {"unlock_${host}" = "ssh root@${addr}";}) unlock-clearnet-hosts;
concatMapAttrs (host: addr: { "unlock_${host}" = "ssh root@${addr}"; }) unlock-clearnet-hosts;
}

5
common/network/pia-wireguard.nix
View File

@ -72,7 +72,8 @@ let
portForwarding = cfg.forwardPortForTransmission || cfg.forwardedPort != null;
containerServiceName = "container@${config.vpn-container.containerName}.service";
in {
in
{
options.pia.wireguard = {
enable = mkEnableOption "Enable private internet access";
badPortForwardPorts = mkOption {
@ -157,7 +158,7 @@ in {
# restart once a month; PIA forwarded port expires after two months
# because the container is "PartOf" this unit, it gets restarted too
RuntimeMaxSec="30d";
RuntimeMaxSec = "30d";
};
script = ''

9
common/network/ping.nix
View File

@ -18,7 +18,7 @@ let
requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Restart="always";
serviceConfig.Restart = "always";
path = with pkgs; [ iputils ];
@ -28,17 +28,18 @@ let
};
};
combineAttrs = foldl recursiveUpdate {};
combineAttrs = foldl recursiveUpdate { };
serviceList = map serviceTemplate cfg.hosts;
services = combineAttrs serviceList;
in {
in
{
options.keepalive-ping = {
enable = mkEnableOption "Enable keep alive ping task";
hosts = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
description = ''
Hosts to ping periodically
'';

4
common/network/vpn.nix
View File

@ -30,7 +30,7 @@ in
config = mkOption {
type = types.anything;
default = {};
default = { };
example = ''
{
services.nginx.enable = true;
@ -70,7 +70,7 @@ in
localAddress = "172.16.100.2";
config = {
imports = allModules ++ [cfg.config];
imports = allModules ++ [ cfg.config ];
# speeds up evaluation
nixpkgs.pkgs = pkgs;

3
common/pc/audio.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
# enable pulseaudio support for packages
nixpkgs.config.pulseaudio = true;

3
common/pc/chromium.nix
View File

@ -49,7 +49,8 @@ let
];
};
in {
in
{
config = lib.mkIf cfg.enable {
# chromium with specific extensions + settings
programs.chromium = {

11
common/pc/default.nix
View File

@ -2,15 +2,16 @@
let
cfg = config.de;
in {
in
{
imports = [
./kde.nix
./xfce.nix
./yubikey.nix
./chromium.nix
# ./firefox.nix
# ./firefox.nix
./audio.nix
# ./torbrowser.nix
# ./torbrowser.nix
./pithos.nix
./spotify.nix
./vscodium.nix
@ -52,6 +53,10 @@ in {
jellyfin-media-player
joplin-desktop
config.inputs.deploy-rs.packages.${config.currentSystem}.deploy-rs
# For Nix IDE
nixpkgs-fmt
rnix-lsp
];
# Networking

3
common/pc/discord.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
users.users.googlebot.packages = [
pkgs.discord

3
common/pc/kde.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
# kde plasma
services.xserver = {

3
common/pc/mount-samba.nix
View File

@ -14,7 +14,8 @@ let
version_opts = "vers=3.1.1";
opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}";
in {
in
{
options.services.mount-samba = {
enable = lib.mkEnableOption "enable mounting samba shares";
};

3
common/pc/pithos.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [
(self: super: {

6
common/pc/spotify.nix
View File

@ -4,7 +4,7 @@ with lib;
let
cfg = config.services.spotifyd;
toml = pkgs.formats.toml {};
toml = pkgs.formats.toml { };
spotifydConf = toml.generate "spotify.conf" cfg.settings;
in
{
@ -17,7 +17,7 @@ in
enable = mkEnableOption "spotifyd, a Spotify playing daemon";
settings = mkOption {
default = {};
default = { };
type = toml.type;
example = { global.bitrate = 320; };
description = ''
@ -28,7 +28,7 @@ in
users = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
description = ''
Usernames to be added to the "spotifyd" group, so that they
can start and interact with the userspace daemon.

3
common/pc/steam.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
programs.steam.enable = true;
hardware.steam-hardware.enable = true; # steam controller

3
common/pc/torbrowser.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
nixpkgs.overlays = [
(self: super: {

3
common/pc/touchpad.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de.touchpad;
in {
in
{
options.de.touchpad = {
enable = lib.mkEnableOption "enable touchpad";
};

4
common/pc/vscodium.nix
View File

@ -4,8 +4,8 @@ let
cfg = config.de;
extensions = with pkgs.vscode-extensions; [
# bbenoist.Nix # nix syntax support
# arrterian.nix-env-selector # nix dev envs
# bbenoist.Nix # nix syntax support
# arrterian.nix-env-selector # nix dev envs
];
vscodium-with-extensions = pkgs.vscode-with-extensions.override {

3
common/pc/xfce.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;

3
common/pc/yubikey.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.de;
in {
in
{
config = lib.mkIf cfg.enable {
# yubikey
services.pcscd.enable = true;

6
common/server/ceph.nix
View File

@ -3,9 +3,9 @@
with lib;
let
cfg = config.ceph;
in {
options.ceph = {
};
in
{
options.ceph = { };
config = mkIf cfg.enable {
# ceph.enable = true;

3
common/server/gitea.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.gitea;
in {
in
{
options.services.gitea = {
hostname = lib.mkOption {
type = lib.types.str;

2
common/server/hydra.nix
View File

@ -20,6 +20,6 @@ in
hydraURL = "https://${domain}";
useSubstitutes = true;
notificationSender = notifyEmail;
buildMachinesFiles = [];
buildMachinesFiles = [ ];
};
}

3
common/server/icecast.nix
View File

@ -7,7 +7,8 @@
let
cfg = config.services.icecast;
in {
in
{
options.services.icecast = {
mount = lib.mkOption {
type = lib.types.str;

3
common/server/iodine.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.iodine.server;
in {
in
{
config = lib.mkIf cfg.enable {
# iodine DNS-based vpn
services.iodine.server = {

9
common/server/mailserver.nix
View File

@ -15,7 +15,8 @@ let
"bsd.ninja"
"bsd.rocks"
];
in {
in
{
config = lib.mkIf cfg.enable {
# kresd doesn't work with tailscale MagicDNS
mailserver.localDnsResolver = false;
@ -60,9 +61,11 @@ in {
sender_dependent_relayhost_maps = "hash:/var/lib/postfix/conf/sender_relay";
smtp_sender_dependent_authentication = "yes";
};
services.postfix.mapFiles.sender_relay = let
services.postfix.mapFiles.sender_relay =
let
relayHost = "[smtp.mailgun.org]:587";
in pkgs.writeText "sender_relay"
in
pkgs.writeText "sender_relay"
(concatStringsSep "\n" (map (domain: "@${domain} ${relayHost}") domains));
services.postfix.mapFiles.sasl_relay_passwd = "/run/agenix/sasl_relay_passwd";
age.secrets.sasl_relay_passwd.file = ../../secrets/sasl_relay_passwd.age;

16
common/server/matrix.nix
View File

@ -3,7 +3,8 @@
let
cfg = config.services.matrix;
certs = config.security.acme.certs;
in {
in
{
options.services.matrix = {
enable = lib.mkEnableOption "enable matrix";
element-web = {
@ -62,15 +63,15 @@ in {
settings = {
server_name = cfg.host;
enable_registration = cfg.enable_registration;
listeners = [ {
bind_addresses = ["127.0.0.1"];
listeners = [{
bind_addresses = [ "127.0.0.1" ];
port = cfg.port;
tls = false;
resources = [ {
resources = [{
compress = true;
names = [ "client" "federation" ];
} ];
} ];
}];
}];
turn_uris = [
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp"
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp"
@ -137,7 +138,8 @@ in {
];
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
};
virtualHosts.${cfg.turn.host} = { # get TLS cert for TURN server
virtualHosts.${cfg.turn.host} = {
# get TLS cert for TURN server
enableACME = true;
forceSSL = true;
};

3
common/server/mumble.nix
View File

@ -3,7 +3,8 @@
let
cfg = config.services.murmur;
certs = config.security.acme.certs;
in {
in
{
options.services.murmur.domain = lib.mkOption {
type = lib.types.str;
};

3
common/server/nextcloud.nix
View File

@ -3,7 +3,8 @@
let
cfg = config.services.nextcloud;
in {
in
{
config = lib.mkIf cfg.enable {
services.nextcloud = {
https = true;

3
common/server/nginx-stream.nix
View File

@ -5,7 +5,8 @@ let
nginxWithRTMP = pkgs.nginx.override {
modules = [ pkgs.nginxModules.rtmp ];
};
in {
in
{
options.services.nginx.stream = {
enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming";
port = lib.mkOption {

3
common/server/nginx.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.nginx;
in {
in
{
config = lib.mkIf cfg.enable {
services.nginx = {
recommendedGzipSettings = true;

3
common/server/owncast.nix
View File

@ -4,7 +4,8 @@ with lib;
let
cfg = config.services.owncast;
in {
in
{
options.services.owncast = {
hostname = lib.mkOption {
type = types.str;

5
common/server/privatebin/privatebin.nix
View File

@ -14,7 +14,8 @@ let
cp -ar $src $out
'';
};
in {
in
{
options.services.privatebin = {
enable = lib.mkEnableOption "enable privatebin";
host = lib.mkOption {
@ -30,7 +31,7 @@ in {
group = "privatebin";
isSystemUser = true;
};
users.groups.privatebin = {};
users.groups.privatebin = { };
services.nginx.enable = true;
services.nginx.virtualHosts.${cfg.host} = {

9
common/server/radio.nix
View File

@ -3,7 +3,8 @@
let
cfg = config.services.radio;
radioPackage = config.inputs.radio.packages.${config.currentSystem}.radio;
in {
in
{
options.services.radio = {
enable = lib.mkEnableOption "enable radio";
user = lib.mkOption {
@ -56,11 +57,11 @@ in {
home = cfg.dataDir;
createHome = true;
};
users.groups.${cfg.group} = {};
users.groups.${cfg.group} = { };
systemd.services.radio = {
enable = true;
after = ["network.target"];
wantedBy = ["multi-user.target"];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${radioPackage}/bin/radio ${config.services.icecast.listen.address}:${toString config.services.icecast.listen.port} ${config.services.icecast.mount} 5500";
serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group;

2
common/server/samba.nix
View File

@ -110,6 +110,6 @@
# samba user for share
users.users.cris.isSystemUser = true;
users.users.cris.group = "cris";
users.groups.cris = {};
users.groups.cris = { };
};
}

7
common/server/searx.nix
View File

@ -2,19 +2,20 @@
let
cfg = config.services.searx;
in {
in
{
config = lib.mkIf cfg.enable {
services.searx = {
environmentFile = "/run/agenix/searx";
settings = {
server.port = 43254;
server.secret_key = "@SEARX_SECRET_KEY@";
engines = [ {
engines = [{
name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
} ];
}];
};
};
services.nginx.virtualHosts."search.neet.space" = {

3
common/server/thelounge.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.thelounge;
in {
in
{
options.services.thelounge = {
fileUploadBaseUrl = lib.mkOption {
type = lib.types.str;

51
common/server/video-stream.nix
View File

@ -15,14 +15,14 @@ let
in
{
networking.firewall.allowedUDPPorts = [ rtp-port ];
networking.firewall.allowedTCPPortRanges = [ {
networking.firewall.allowedTCPPortRanges = [{
from = webrtc-peer-lower-port;
to = webrtc-peer-upper-port;
} ];
networking.firewall.allowedUDPPortRanges = [ {
}];
networking.firewall.allowedUDPPortRanges = [{
from = webrtc-peer-lower-port;
to = webrtc-peer-upper-port;
} ];
}];
virtualisation.docker.enable = true;
@ -49,12 +49,12 @@ in
ports = [
"${toStr ingest-port}:8084"
];
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/ingest";
# finalImageTag = "version-0.1.4";
# imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc";
# sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5";
# };
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/ingest";
# finalImageTag = "version-0.1.4";
# imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc";
# sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5";
# };
};
"lightspeed-react" = {
workdir = "/var/lib/lightspeed-react";
@ -62,12 +62,12 @@ in
ports = [
"${toStr web-port}:80"
];
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/react";
# finalImageTag = "version-0.1.3";
# imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6";
# sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js";
# };
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/react";
# finalImageTag = "version-0.1.3";
# imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6";
# sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js";
# };
};
"lightspeed-webrtc" = {
workdir = "/var/lib/lightspeed-webrtc";
@ -79,15 +79,18 @@ in
"${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp"
];
cmd = [
"lightspeed-webrtc" "--addr=0.0.0.0" "--ip=${domain}"
"--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" "run"
"lightspeed-webrtc"
"--addr=0.0.0.0"
"--ip=${domain}"
"--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}"
"run"
];
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/webrtc";
# finalImageTag = "version-0.1.2";
# imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf";
# sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i";
# };
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "projectlightspeed/webrtc";
# finalImageTag = "version-0.1.2";
# imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf";
# sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i";
# };
};
};
};

4
common/server/vscode/modules/vscode-server/default.nix
View File

@ -1,8 +1,8 @@
import ./module.nix ({ name, description, serviceConfig }:
{
{
systemd.user.services.${name} = {
inherit description serviceConfig;
wantedBy = [ "default.target" ];
};
})
})

4
common/server/vscode/modules/vscode-server/home.nix
View File

@ -1,6 +1,6 @@
import ./module.nix ({ name, description, serviceConfig }:
{
{
systemd.user.services.${name} = {
Unit = {
Description = description;
@ -12,4 +12,4 @@ import ./module.nix ({ name, description, serviceConfig }:
WantedBy = [ "default.target" ];
};
};
})
})

3
common/server/zerobin.nix
View File

@ -2,7 +2,8 @@
let
cfg = config.services.zerobin;
in {
in
{
options.services.zerobin = {
host = lib.mkOption {
type = lib.types.str;

16
flake.nix
View File

@ -78,11 +78,12 @@
inputs.nixpkgs-hostapd-pr
];
};
patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self=nixpkgs; });
patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self = nixpkgs; });
in patchedNixpkgs.lib.nixosSystem {
in
patchedNixpkgs.lib.nixosSystem {
inherit system;
modules = allModules ++ [path];
modules = allModules ++ [ path ];
specialArgs = {
inherit allModules;
@ -97,7 +98,8 @@
"s0" = mkSystem "x86_64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
};
packages = let
packages =
let
mkKexec = system:
(nixpkgs.lib.nixosSystem {
inherit system;
@ -108,7 +110,8 @@
inherit system;
modules = [ ./machines/ephemeral/iso.nix ];
}).config.system.build.isoImage;
in {
in
{
"x86_64-linux"."kexec" = mkKexec "x86_64-linux";
"x86_64-linux"."iso" = mkIso "x86_64-linux";
"aarch64-linux"."kexec" = mkKexec "aarch64-linux";
@ -124,7 +127,8 @@
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configName};
};
in {
in
{
s0 = mkDeploy "s0" "s0";
router = mkDeploy "router" "router";
ponyo = mkDeploy "ponyo" "ponyo.neet.dev";

6
machines/ephemeral/minimal.nix
View File

@ -7,7 +7,8 @@
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
"panic=30"
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0,115200" # enable serial console
"console=tty1"
];
@ -21,7 +22,8 @@
environment.systemPackages = with pkgs; [
cryptsetup
btrfs-progs
git git-lfs
git
git-lfs
wget
htop
dnsutils

6
machines/nat/hardware-configuration.nix
View File

@ -12,12 +12,14 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779";
{
device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0C95-1290";
{
device = "/dev/disk/by-uuid/0C95-1290";
fsType = "vfat";
};

4
machines/ponyo/configuration.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }:
{
imports =[
imports = [
./hardware-configuration.nix
];
@ -61,7 +61,7 @@
host = "radio.runyan.org";
};
};
pia.wireguard.badPortForwardPorts = [];
pia.wireguard.badPortForwardPorts = [ ];
services.nginx.virtualHosts."radio.runyan.org" = {
enableACME = true;
forceSSL = true;

9
machines/ponyo/hardware-configuration.nix
View File

@ -2,7 +2,8 @@
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
@ -22,12 +23,14 @@
boot.initrd.luks.devices."enc-pv2".device = "/dev/disk/by-uuid/e52b01b3-81c8-4bb2-ae7e-a3d9c793cb00"; # expanded disk
fileSystems."/" =
{ device = "/dev/mapper/enc-pv";
{
device = "/dev/mapper/enc-pv";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd";
{
device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd";
fsType = "ext4";
};

15
machines/ray/hardware-configuration.nix
View File

@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
# boot
@ -40,22 +41,24 @@
allowDiscards = true;
};
fileSystems."/" =
{ device = "/dev/vg/root";
{
device = "/dev/vg/root";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/vg/root";
{
device = "/dev/vg/root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2C85-2B59";
{
device = "/dev/disk/by-uuid/2C85-2B59";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/vg/swap"; }
];
[{ device = "/dev/vg/swap"; }];
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;

12
machines/router/hardware-configuration.nix
View File

@ -10,7 +10,8 @@
# Enable serial output
boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
"panic=30"
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0,115200n8" # enable serial console
];
boot.loader.grub.extraConfig = "
@ -33,16 +34,17 @@
remoteLuksUnlock.enable = true;
boot.initrd.luks.devices."enc-pv".device = "/dev/disk/by-uuid/9b090551-f78e-45ca-8570-196ed6a4af0c";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce";
{
device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689";
{
device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689";
fsType = "ext3";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }
];
[{ device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }];
nixpkgs.hostPlatform = "x86_64-linux";
}

8
machines/router/router.nix
View File

@ -97,11 +97,11 @@ in
channel = 6;
countryCode = "US";
wifi4 = {
capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+"];
capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+" ];
};
wifi5 = {
operatingChannelWidth = "20or40";
capabilities = ["MAX-A-MPDU-LEN-EXP0"];
capabilities = [ "MAX-A-MPDU-LEN-EXP0" ];
};
wifi6 = {
enable = true;
@ -137,11 +137,11 @@ in
channel = 128;
countryCode = "US";
wifi4 = {
capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-"];
capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-" ];
};
wifi5 = {
operatingChannelWidth = "160";
capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
capabilities = [ "RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7" ];
};
wifi6 = {
enable = true;

2
machines/storage/s0/configuration.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }:
{
imports =[
imports = [
./hardware-configuration.nix
];

36
machines/storage/s0/hardware-configuration.nix
View File

@ -2,7 +2,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
# boot
@ -31,28 +32,39 @@
# mounts
fileSystems."/" =
{ device = "rpool/nixos/root";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
{
device = "rpool/nixos/root";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/home" =
{ device = "rpool/nixos/home";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
{
device = "rpool/nixos/home";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/var/lib" =
{ device = "rpool/nixos/var/lib";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
{
device = "rpool/nixos/var/lib";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/var/log" =
{ device = "rpool/nixos/var/log";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
{
device = "rpool/nixos/var/log";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/data" =
{ device = "rpool/nixos/data";
fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
{
device = "rpool/nixos/data";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4FB4-738E";
{
device = "/dev/disk/by-uuid/4FB4-738E";
fsType = "vfat";
};
swapDevices = [ ];