Bun/ROCKPro64-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bunch of stuff to get this ready for a two user system

Browse source
This commit is contained in:
Jimbo 2025-02-28 13:11:45 -05:00
parent 2144d9ef61
commit 7eb3b1a0fa
119 changed files with 214 additions and 214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -28,7 +28,7 @@
}@inputs:
{
nixosConfigurations.rubble = nixpkgs.lib.nixosSystem {
modules = [ ./host ];
modules = [ ./system ];
specialArgs = inputs;
};
};

0
modules/home/default.nix → home/jimbo/default.nix
View file

0
host/id_ed25519.pub → home/jimbo/id_ed25519.pub
View file

0
modules/home/programs/btop/default.nix → home/jimbo/programs/btop/default.nix
View file

0
modules/home/programs/default.nix → home/jimbo/programs/default.nix
View file

0
modules/home/programs/eza/default.nix → home/jimbo/programs/eza/default.nix
View file

0
modules/home/programs/fastfetch/config.jsonc → home/jimbo/programs/fastfetch/config.jsonc
View file

0
modules/home/programs/fastfetch/default.nix → home/jimbo/programs/fastfetch/default.nix
View file

0
modules/home/programs/fastfetch/small/default.nix → home/jimbo/programs/fastfetch/small/default.nix
View file

0
modules/home/programs/fastfetch/small/small.jsonc → home/jimbo/programs/fastfetch/small/small.jsonc
View file

0
modules/home/programs/git/default.nix → home/jimbo/programs/git/default.nix
View file

0
modules/home/programs/headless/default.nix → home/jimbo/programs/headless/default.nix
View file

0
modules/home/programs/neovim/default.nix → home/jimbo/programs/neovim/default.nix
View file

0
modules/home/programs/nh/default.nix → home/jimbo/programs/nh/default.nix
View file

0
modules/home/programs/nix-index/default.nix → home/jimbo/programs/nix-index/default.nix
View file

0
modules/home/programs/ranger/default.nix → home/jimbo/programs/ranger/default.nix
View file

0
modules/home/programs/tmux/default.nix → home/jimbo/programs/tmux/default.nix
View file

0
modules/home/programs/zsh/default.nix → home/jimbo/programs/zsh/default.nix
View file

0
modules/home/settings/aliases/default.nix → home/jimbo/settings/aliases/default.nix
View file

0
modules/home/settings/default.nix → home/jimbo/settings/default.nix
View file

0
modules/home/settings/nix/default.nix → home/jimbo/settings/nix/default.nix
View file

0
modules/home/user/default.nix → home/jimbo/user/default.nix
View file

19
host/default.nix
View file

@ -1,19 +0,0 @@
{ ... }:
{
imports = [
./disko
./hardware
../modules/system
];
networking = {
hostName = "rubble";
hostId = "e0b1fcef";
};
system = {
extlinux.enable = true;
wireless.enable = true;
stateVersion = "24.11";
};
}

48
modules/system/accounts/users/custom/jules/default.nix
View file

@ -1,48 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.sysusers = lib.mkOption {
type = lib.types.attrs;
};
config = {
sysusers.main = "jimbo";
users.users."${config.sysusers.main}" = {
hashedPassword = config.secrets.mainAccPass;
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../../../../../hosts/tower/id_ed25519.pub
../../../../../../hosts/envy/id_ed25519.pub
../../../../../../hosts/redmond/id_ed25519.pub
../../../../../../hosts/kitty/id_ed25519.pub
../../../../../../hosts/midas/id_ed25519.pub
../../../../../../hosts/prophet/id_ed25519.pub
../../../../../../hosts/rubble/id_ed25519.pub
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
];
extraGroups = [
"wheel"
"audio"
"video"
"input"
"disk"
"dialout"
"rtkit"
"kvm"
"libvirtd"
"qemu-libvirtd"
"nginx"
"minecraft"
"nfsShare"
];
uid = 1000;
shell = pkgs.zsh;
};
home-manager.users."${config.sysusers.main}" = import ../../../../../home;
};
}

38
modules/system/accounts/users/custom/main/default.nix
View file

@ -1,38 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.sysusers = lib.mkOption {
type = lib.types.attrs;
};
config = {
sysusers.main = "jimbo";
users.users."${config.sysusers.main}" = {
hashedPassword = config.secrets.mainAccPass;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
];
extraGroups = [
"wheel"
"audio"
"video"
"input"
"disk"
"dialout"
"rtkit"
"kvm"
"libvirtd"
"qemu-libvirtd"
"nginx"
"nfsShare"
];
uid = 1000;
shell = pkgs.zsh;
};
home-manager.users."${config.sysusers.main}" = import ../../../../../home;
};
}

16
modules/system/default.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }:
{
imports = [
./accounts
./devices
./programs
./secrets
./services
./settings
];
options.system = with lib; {
desktop.enable = lib.mkEnableOption "Enable desktop apps and services";
server.enable = lib.mkEnableOption "Enable server apps and services";
};
}

10
modules/system/devices/boot/extlinux/default.nix
View file

@ -1,10 +0,0 @@
{ config, lib, ... }:
{
options.system.extlinux.enable = lib.mkEnableOption "Enable extlinux";
config.boot.loader = lib.mkIf config.system.extlinux.enable {
grub.enable = false;
systemd-boot.enable = lib.mkForce false;
generic-extlinux-compatible.enable = true;
};
}

46
modules/system/devices/disks/impermanence/main/default.nix
View file

@ -1,46 +0,0 @@
{ config, ... }:
{
environment.persistence."/persist" = {
hideMounts = true;
users.${config.sysusers.main} = {
directories = [
"Keepers"
"Documents"
"Pictures"
"Videos"
"Games"
"VMs"
".snapshots"
".mozilla"
".thunderbird"
".config/blender"
".config/dconf"
".config/vesktop"
".config/sunshine"
".config/heroic"
".config/obs-studio"
".local/share/mpd"
".local/share/nvim/undo"
".local/share/PrismLauncher"
".local/share/Steam"
".local/share/TelegramDesktop"
".local/state/wireplumber"
".cache/nix-index"
{ directory = ".ssh"; mode = "0700"; }
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
];
files = [
".zsh_history"
".local/state/lazygit/state.yml"
".local/share/applications" # Create directory so nothing generates inside of it
];
};
};
}

13
modules/system/devices/networking/wireless/default.nix
View file

@ -1,13 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.system.wireless.enable = lib.mkEnableOption "Enable wireless stack";
config = lib.mkIf config.system.wireless.enable {
networking.wireless.iwd.enable = true;
environment = {
systemPackages = with pkgs; [ impala ];
persistence."/persist".directories = [ "/var/lib/iwd/" ];
};
};
}

BIN
modules/system/secrets/default.nix
View file

Binary file not shown.

7
modules/system/settings/security/polkit/default.nix
View file

@ -1,7 +0,0 @@
{ config, lib, ... }:
{
security = lib.mkIf config.system.desktop.enable {
polkit.enable = true;
rtkit.enable = true;
};
}

0
modules/system/accounts/default.nix → system/accounts/default.nix
View file

0
modules/system/accounts/groups/default.nix → system/accounts/groups/default.nix
View file

0
modules/system/accounts/groups/nfsShare/default.nix → system/accounts/groups/nfsShare/default.nix
View file

4
modules/system/accounts/users/custom/default.nix → system/accounts/users/custom/default.nix
View file

@ -1,7 +1,9 @@
{ home-manager, ... }:
{
imports = [
./main
./jules
./jimbo
home-manager.nixosModules.home-manager
];
}

29
system/accounts/users/custom/jimbo/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
{
users.users.jimbo = {
hashedPassword = config.secrets.jimboAccPass;
isNormalUser = true;
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
];
extraGroups = [
"wheel"
"input"
"disk"
"dialout"
"rtkit"
"kvm"
"libvirtd"
"qemu-libvirtd"
"nginx"
"nfsShare"
];
uid = 1000;
shell = pkgs.zsh;
};
home-manager.users.jimbo = import ../../../../../home/jimbo;
}

27
system/accounts/users/custom/jules/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
{
users.users.jules = {
hashedPassword = config.secrets.jimboAccPass;
isNormalUser = true;
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwxJcAWuHkKy/Ar37aIoqg34CDcZu7/bh978nYkOgzj jules@jules-pc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOszCNP+6rkIS75GyFVhn9o6QpUuGdx/J4rjzROrpSl jules@xeta"
];
extraGroups = [
"wheel"
"input"
"disk"
"dialout"
"kvm"
"libvirtd"
"qemu-libvirtd"
"nginx"
"nfsShare"
];
uid = 1001;
shell = pkgs.fish;
};
#home-manager.users.jules = import ../../../../../jules/home;
}

0
modules/system/accounts/users/default.nix → system/accounts/users/default.nix
View file

0
modules/system/accounts/users/system/default.nix → system/accounts/users/system/default.nix
View file

0
modules/system/accounts/users/system/jellyfin/default.nix → system/accounts/users/system/jellyfin/default.nix
View file

0
modules/system/accounts/users/system/liquidsoap/default.nix → system/accounts/users/system/liquidsoap/default.nix
View file

0
modules/system/accounts/users/system/nextcloud/default.nix → system/accounts/users/system/nextcloud/default.nix
View file

0
modules/system/accounts/users/system/nginx/default.nix → system/accounts/users/system/nginx/default.nix
View file

24
system/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, ... }:
{
imports = [
./accounts
./devices
./programs
./secrets
./services
./settings
];
options.system = with lib; {
server.enable = mkEnableOption "Enable server apps and services";
};
config = {
networking = {
hostName = "rubble";
hostId = "e0b1fcef";
};
system.stateVersion = "24.11";
};
}

0
modules/system/devices/boot/default.nix → system/devices/boot/default.nix
View file

8
system/devices/boot/extlinux/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
boot.loader = {
grub.enable = false;
systemd-boot.enable = false;
generic-extlinux-compatible.enable = true;
};
}

0
modules/system/devices/boot/services/default.nix → system/devices/boot/services/default.nix
View file

0
modules/system/devices/boot/services/root-reset/default.nix → system/devices/boot/services/root-reset/default.nix
View file

1
modules/system/devices/default.nix → system/devices/default.nix
View file

@ -3,6 +3,7 @@
imports = [
./boot
./disks
./hardware
./networking
];
}

1
modules/system/devices/disks/default.nix → system/devices/disks/default.nix
View file

@ -1,6 +1,7 @@
{ ... }:
{
imports = [
./disko
./filesystems
./immutable
./impermanence

8
host/disko/default.nix → system/devices/disks/disko/default.nix
View file

@ -68,8 +68,12 @@
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/persist/.snapshots" = { };
"/persist/home/${config.sysusers.main}" = { };
"/persist/home/${config.sysusers.main}/.snapshots" = { };
"/persist/home/jules" = { };
"/persist/home/jules/.snapshots" = { };
"/persist/home/jimbo" = { };
"/persist/home/jimbo/.snapshots" = { };
};
};
};

0
modules/system/devices/disks/filesystems/default.nix → system/devices/disks/filesystems/default.nix
View file

0
modules/system/devices/disks/immutable/default.nix → system/devices/disks/immutable/default.nix
View file

4
modules/system/devices/disks/impermanence/default.nix → system/devices/disks/impermanence/default.nix
View file

@ -1,8 +1,10 @@
{ impermanence, ... }:
{
imports = [
./main
./jules
./jimbo
./root
impermanence.nixosModules.impermanence
];
}

26
system/devices/disks/impermanence/jimbo/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, ... }:
{
environment.persistence."/persist" = {
hideMounts = true;
users.jimbo = {
directories = [
"Keepers"
"Documents"
"Pictures"
"Videos"
"VMs"
".snapshots"
".cache/nix-index"
{ directory = ".ssh"; mode = "0700"; }
{ directory = ".gnupg"; mode = "0700"; }
];
files = [
".zsh_history"
".local/state/lazygit/state.yml"
];
};
};
}

26
system/devices/disks/impermanence/jules/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, ... }:
{
environment.persistence."/persist" = {
hideMounts = true;
users.jules = {
directories = [
"Keepers"
"Documents"
"Pictures"
"Videos"
"VMs"
".snapshots"
".cache/nix-index"
{ directory = ".ssh"; mode = "0700"; }
{ directory = ".gnupg"; mode = "0700"; }
];
files = [
".zsh_history"
".local/state/lazygit/state.yml"
];
};
};
}

0
modules/system/devices/disks/impermanence/root/default.nix → system/devices/disks/impermanence/root/default.nix
View file

3
modules/system/devices/disks/snapper/default.nix → system/devices/disks/snapper/default.nix
View file

@ -1,7 +1,8 @@
{ ... }:
{
imports = [
./main
./jules
./jimbo
./root
];

4
modules/system/devices/disks/snapper/main/default.nix → system/devices/disks/snapper/jimbo/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }:
{
services.snapper.configs.${config.sysusers.main} = lib.mkIf config.environment.persistence."/persist".enable {
SUBVOLUME = "/persist/home/${config.sysusers.main}";
services.snapper.configs.jimbo = lib.mkIf config.environment.persistence."/persist".enable {
SUBVOLUME = "/persist/home/jimbo";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_DAILY = 1;

12
system/devices/disks/snapper/jules/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, ... }:
{
services.snapper.configs.jules = lib.mkIf config.environment.persistence."/persist".enable {
SUBVOLUME = "/persist/home/jules";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
TIMELINE_LIMIT_DAILY = 1;
TIMELINE_LIMIT_WEEKLY = 1;
TIMELINE_LIMIT_MONTHLY = 0;
TIMELINE_LIMIT_YEARLY = 0;
};
}

0
modules/system/devices/disks/snapper/root/default.nix → system/devices/disks/snapper/root/default.nix
View file

0
host/hardware/default.nix → system/devices/hardware/default.nix
View file

14
modules/system/devices/networking/default.nix → system/devices/networking/default.nix
View file

@ -1,9 +1,10 @@
{ config, ... }:
{ config, pkgs, ... }:
{
imports = [ ./wireless ];
networking = {
wireless.enable = false;
wireless = {
enable = false;
iwd.enable = true;
};
dhcpcd.enable = true;
nftables.enable = true;
firewall.allowPing = false;
@ -21,4 +22,9 @@
fallbackDns = config.networking.nameservers;
dnsovertls = "true";
};
environment = {
systemPackages = with pkgs; [ impala ];
persistence."/persist".directories = [ "/var/lib/iwd/" ];
};
}

0
modules/system/programs/default.nix → system/programs/default.nix
View file

0
modules/system/programs/git/default.nix → system/programs/git/default.nix
View file

0
modules/system/programs/home-manager/default.nix → system/programs/home-manager/default.nix
View file

0
modules/system/programs/shells/default.nix → system/programs/shells/default.nix
View file

29
system/secrets/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
{
options.secrets = lib.mkOption {
type = lib.types.attrs;
};
config.secrets = {
# User passwords, generated with 'mkpasswd -m sha-512'
jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
# Initial password for apps that ask for it
initialPass = "changeme";
# Cloudflare API key
flareApiKey = "CLOUDFLARE_API_TOKEN=changeme";
# Matrix secrets
matrixSecret = "changeme";
coturnSecret = "changeme";
# Transmission credentials, plaintext
transmissionCredFile = ''
{
"rpc-username": "jimbo",
"rpc-password": "changeme"
}
'';
};
}

0
modules/system/services/default.nix → system/services/default.nix
View file

0
modules/system/services/general/default.nix → system/services/general/default.nix
View file

0
modules/system/services/general/earlyoom/default.nix → system/services/general/earlyoom/default.nix
View file

2
modules/system/services/general/libvirtd/default.nix → system/services/general/libvirtd/default.nix
View file

@ -33,7 +33,5 @@
"virbr0"
"virbr1"
];
systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ];
};
}

0
modules/system/services/general/snowflake/default.nix → system/services/general/snowflake/default.nix
View file

0
modules/system/services/general/ssh/default.nix → system/services/general/ssh/default.nix
View file

0
modules/system/services/general/ssh/fail2ban/default.nix → system/services/general/ssh/fail2ban/default.nix
View file

0
modules/system/services/general/tlp/default.nix → system/services/general/tlp/default.nix
View file

0
modules/system/services/general/userborn/default.nix → system/services/general/userborn/default.nix
View file

0
modules/system/services/server/cfdyndns/default.nix → system/services/server/cfdyndns/default.nix
View file

0
modules/system/services/server/default.nix → system/services/server/default.nix
View file

0
modules/system/services/server/fileserver/default.nix → system/services/server/fileserver/default.nix
View file

0
modules/system/services/server/fileserver/jellyfin/default.nix → system/services/server/fileserver/jellyfin/default.nix
View file

0
modules/system/services/server/fileserver/jellyfin/nginx/default.nix → system/services/server/fileserver/jellyfin/nginx/default.nix
View file

0
modules/system/services/server/fileserver/nextcloud/collabora/default.nix → system/services/server/fileserver/nextcloud/collabora/default.nix
View file

0
modules/system/services/server/fileserver/nextcloud/default.nix → system/services/server/fileserver/nextcloud/default.nix
View file

0
modules/system/services/server/fileserver/nextcloud/nginx/default.nix → system/services/server/fileserver/nextcloud/nginx/default.nix
View file

0
modules/system/services/server/fileserver/nfs/default.nix → system/services/server/fileserver/nfs/default.nix
View file

0
modules/system/services/server/forgejo/default.nix → system/services/server/forgejo/default.nix
View file

0
modules/system/services/server/forgejo/nginx/default.nix → system/services/server/forgejo/nginx/default.nix
View file

0
modules/system/services/server/mysql/default.nix → system/services/server/mysql/default.nix
View file

0
modules/system/services/server/socialserver/default.nix → system/services/server/socialserver/default.nix
View file

0
modules/system/services/server/socialserver/mastodon/default.nix → system/services/server/socialserver/mastodon/default.nix
View file

0
modules/system/services/server/socialserver/matrix/coturn/default.nix → system/services/server/socialserver/matrix/coturn/default.nix
View file

0
modules/system/services/server/socialserver/matrix/coturn/nginx/default.nix → system/services/server/socialserver/matrix/coturn/nginx/default.nix
View file

0
modules/system/services/server/socialserver/matrix/default.nix → system/services/server/socialserver/matrix/default.nix
View file

0
modules/system/services/server/socialserver/matrix/element/default.nix → system/services/server/socialserver/matrix/element/default.nix
View file

0
modules/system/services/server/socialserver/matrix/element/nginx/default.nix → system/services/server/socialserver/matrix/element/nginx/default.nix
View file

0
modules/system/services/server/socialserver/matrix/synapse/default.nix → system/services/server/socialserver/matrix/synapse/default.nix
View file

0
modules/system/services/server/socialserver/matrix/synapse/nginx/default.nix → system/services/server/socialserver/matrix/synapse/nginx/default.nix
View file

0
modules/system/services/server/socialserver/owncast/default.nix → system/services/server/socialserver/owncast/default.nix
View file

0
modules/system/services/server/socialserver/owncast/nginx/default.nix → system/services/server/socialserver/owncast/nginx/default.nix
View file

Some files were not shown because too many files have changed in this diff Show more