diff --git a/README.md b/README.md index 87fdf860..6f6e4db2 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This config is primarily organized for my own use, you may find individual servi ### Installation You can install this flake from any system with the Nix package manager installed, including any official images. Disko is used to automatically format your drive according to a declared config. -Use ``nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount ./filename.nix`` to format the disk with Disko. +Use ``nix-shell -p disko --run "sudo disko --mode destroy,format,mount ./disko.nix"`` to format the disk with Disko. You will likely want to generate a per hardware nix file using ``nixos-generate-config --root ./ --no-filesystems``, and adapt it to fit the format of ``/hosts``, to ensure essential drivers are loaded on boot. Once formatted and adjusted, NixOS can be installed to the mounted drive with ``nixos-install --root /mnt --flake .#host``, where ``host`` is a hostname defined in this flake. diff --git a/flake.lock b/flake.lock index ed171014..1a7b3ce5 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ }, "crane": { "locked": { - "lastModified": 1746291859, - "narHash": "sha256-DdWJLA+D5tcmrRSg5Y7tp/qWaD05ATI4Z7h22gd1h7Q=", + "lastModified": 1748970125, + "narHash": "sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA=", "owner": "ipetkov", "repo": "crane", - "rev": "dfd9a8dfd09db9aad544c4d3b6c47b12562544a5", + "rev": "323b5746d89e04b22554b061522dfce9e4c49b18", "type": "github" }, "original": { @@ -60,11 +60,11 @@ ] }, "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -108,11 +108,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1748665073, - "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "owner": "nix-community", "repo": "home-manager", - "rev": "282e1e029cb6ab4811114fc85110613d72771dea", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1748683484, - "narHash": "sha256-RXiY6t9E9oLEtfdGChHk/OIPqxYg1tu8XLvbPnJlfi4=", + "lastModified": 1749495634, + "narHash": "sha256-NPifVq2XZGRCsLBoUt6M5YUTiIh23+ubq57w7mSODt8=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "6f6bd4a27fb01c9dd623a157d769f34561407f47", + "rev": "c40d2f31f92571bf341497884174a132829ef0fc", "type": "github" }, "original": { @@ -338,11 +338,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1747056319, - "narHash": "sha256-qSKcBaISBozadtPq6BomnD+wIYTZIkiua3UuHLaD52c=", + "lastModified": 1749471908, + "narHash": "sha256-uGfPqd43KTomeIVWUzHu3hGLWFsqYibhWLt2OaRic28=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85", + "rev": "00292388ad3b497763b81568d6ee5e1c4a2bcf85", "type": "github" }, "original": { @@ -385,11 +385,11 @@ ] }, "locked": { - "lastModified": 1748570485, - "narHash": "sha256-oDnEc/rxyDf+uUXO56Z2TJtrrQoBe0Z4MCIRaY6lVZ0=", + "lastModified": 1749607590, + "narHash": "sha256-vvu9zoaYuuPIGG9YKRBMNqOELGN+x2qHbEK6PrZ/Ky0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "6c961ee42ff2301ee61c75aa42cbe8c8adecf3c8", + "rev": "83aaf9c7e3caa39608992e723cfb997624920a35", "type": "github" }, "original": { @@ -445,11 +445,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1748748623, - "narHash": "sha256-ajFTvgFyRxLMjpJxK+KOEp2+dNRl/Bc8Mnby7W8uPk4=", + "lastModified": 1749614785, + "narHash": "sha256-yn6eDwnUr9vZYpneg+XNh0/tC1KA9a+yXxvFMEzOfco=", "owner": "nix-community", "repo": "NUR", - "rev": "58a80c3ede0cdfa480f3bd8f0e79c010677f2a07", + "rev": "14f8439ad1190d3dd09f9fcc6a033d9710d68806", "type": "github" }, "original": { @@ -471,11 +471,11 @@ ] }, "locked": { - "lastModified": 1746537231, - "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -508,11 +508,11 @@ ] }, "locked": { - "lastModified": 1747017456, - "narHash": "sha256-C/U12fcO+HEF071b5mK65lt4XtAIZyJSSJAg9hdlvTk=", + "lastModified": 1749436897, + "narHash": "sha256-OkDtaCGQQVwVFz5HWfbmrMJR99sFIMXHCHEYXzUJEJY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "5b07506ae89b025b14de91f697eba23b48654c52", + "rev": "e7876c387e35dc834838aff254d8e74cf5bd4f19", "type": "github" }, "original": { @@ -523,11 +523,11 @@ }, "stable": { "locked": { - "lastModified": 1749024892, - "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", + "lastModified": 1750005367, + "narHash": "sha256-h/aac1dGLhS3qpaD2aZt25NdKY7b+JT0ZIP2WuGsJMU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", + "rev": "6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3", "type": "github" }, "original": { @@ -589,11 +589,11 @@ }, "unstable": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 012a73be..03a9d53f 100644 --- a/flake.nix +++ b/flake.nix @@ -65,7 +65,14 @@ name = "bunhive"; # NixPKGs - nixpkgs = import stable { system = "x86_64-linux"; }; + nixpkgs = import stable { + overlays = [ + blender.overlays.default + minecraft.overlay + ]; + system = "x86_64-linux"; + }; + specialArgs = inputs; # Use a different Nixpkgs import on some systems @@ -73,7 +80,15 @@ }; # Import the default config to all hosts - defaults.imports = [ ./modules/system ]; + defaults.imports = [ + ./modules/system + disko.nixosModules.disko + hm.nixosModules.home-manager + impermanence.nixosModules.impermanence + jovian.nixosModules.default + lanzaboote.nixosModules.lanzaboote + minecraft.nixosModules.minecraft-servers + ]; # Desktops tower.imports = [ ./hosts/tower ]; @@ -88,7 +103,6 @@ midas.imports = [ ./hosts/midas ]; kitty.imports = [ ./hosts/kitty ]; detritus.imports = [ ./hosts/detritus ]; - elder.imports = [ ./hosts/elder ]; prophet.imports = [ ./hosts/prophet ]; }; } diff --git a/hosts/detritus/boot/default.nix b/hosts/detritus/boot/default.nix index de4af487..a0b1cae3 100644 --- a/hosts/detritus/boot/default.nix +++ b/hosts/detritus/boot/default.nix @@ -2,10 +2,6 @@ { boot = { kernelPackages = pkgs.linuxPackages_hardened; - kernelParams = [ - "amdgpu.si_support=1" - "radeon.si_support=0" - ]; - loader.systemd-boot.enable = true; + loader.limine.enable = true; }; } diff --git a/hosts/detritus/default.nix b/hosts/detritus/default.nix index 8f265437..010d2eca 100644 --- a/hosts/detritus/default.nix +++ b/hosts/detritus/default.nix @@ -12,9 +12,11 @@ stateVersion = "25.05"; }; - deployment.targetHost = "5dd:9cd7:f286:e2c7:4c3b:c2e1:7832:97a3"; + deployment.targetHost = "53a:2092:12ff:889c:2e1f:1d79:f05a:cadd"; networking.hostId = "0917a5c1"; services.nfs.server.enable = true; + + virtualisation.libvirtd.enable = true; } diff --git a/hosts/detritus/disko/default.nix b/hosts/detritus/disko/default.nix index 69872c6c..09ce1b53 100644 --- a/hosts/detritus/disko/default.nix +++ b/hosts/detritus/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; device = "/dev/sda"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,7 +27,7 @@ size = "100%"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -37,7 +36,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/detritus/filesystems/default.nix b/hosts/detritus/filesystems/default.nix index 57f1c404..63042a0a 100644 --- a/hosts/detritus/filesystems/default.nix +++ b/hosts/detritus/filesystems/default.nix @@ -10,7 +10,5 @@ "subvol=storage" ]; }; - - "detritus".enable = false; }; } diff --git a/hosts/elder/boot/default.nix b/hosts/elder/boot/default.nix deleted file mode 100644 index 20a7f4e7..00000000 --- a/hosts/elder/boot/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_hardened; - kernelParams = [ - "amdgpu.si_support=1" - "radeon.si_support=0" - ]; - loader.grub.enable = true; - }; -} diff --git a/hosts/elder/default.nix b/hosts/elder/default.nix deleted file mode 100644 index 648248ee..00000000 --- a/hosts/elder/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -{ - imports = [ - ./boot - ./disko - ./filesystems - ./hardware - ]; - - system = { - nixos.tags = [ "server" ]; - stateVersion = "25.05"; - }; - - deployment.targetHost = "570:3651:7f2:c26b:bccd:725b:be00:8a18"; - - networking.hostId = "447645a9"; - - services.nfs.server.enable = true; -} diff --git a/hosts/elder/disko/default.nix b/hosts/elder/disko/default.nix deleted file mode 100644 index 2191e808..00000000 --- a/hosts/elder/disko/default.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, disko, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - main = { - size = "100%"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "compress=zstd" - "ssd" - ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ - "compress=zstd" - "noexec" - "ssd" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "compress=zstd" - "ssd" - ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "compress=zstd" - "ssd" - ]; - }; - "/persist/.snapshots" = { }; - "/persist/home" = { }; - "/persist/home/.snapshots" = { }; - }; - }; - }; - swap = { - size = "8G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems."/persist".neededForBoot = true; -} diff --git a/hosts/elder/filesystems/default.nix b/hosts/elder/filesystems/default.nix deleted file mode 100644 index 0c254c44..00000000 --- a/hosts/elder/filesystems/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - fileSystems = { - "/persist/storage" = { - device = "/dev/disk/by-uuid/5c3c533b-1c70-4411-854a-37fa794fc17c"; - fsType = "btrfs"; - options = [ - "nofail" - "nosuid" - "subvol=storage" - ]; - }; - - "elder".enable = false; - }; -} diff --git a/hosts/elder/hardware/default.nix b/hosts/elder/hardware/default.nix deleted file mode 100644 index 6dcb3faa..00000000 --- a/hosts/elder/hardware/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "ahci" - "ehci_pci" - "sd_mod" - "sr_mod" - "uhci_hcd" - "usbhid" - ]; - kernelModules = [ "dm-snapshot" ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - hardware.cpu.intel.updateMicrocode = true; - - nixpkgs.hostPlatform = "x86_64-linux"; -} diff --git a/hosts/flight/boot/default.nix b/hosts/flight/boot/default.nix index bd399e82..2d553d61 100644 --- a/hosts/flight/boot/default.nix +++ b/hosts/flight/boot/default.nix @@ -1,8 +1,11 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { boot = { - kernelPackages = pkgs.linuxPackages_latest; - loader.grub.enable = true; + kernelPackages = pkgs.linuxPackages; + loader.limine = { + enable = true; + biosDevice = lib.mkForce "/dev/disk/by-id/ata-XSTAR_SSD_64GB_XSFA2011000462"; + }; plymouth.enable = true; }; } diff --git a/hosts/flight/default.nix b/hosts/flight/default.nix index c3b0bc3b..fe3b545a 100644 --- a/hosts/flight/default.nix +++ b/hosts/flight/default.nix @@ -2,10 +2,9 @@ { imports = [ ./boot - ./disko ./filesystems ./hardware - ./services + ./root ./user ]; @@ -14,5 +13,5 @@ stateVersion = "25.05"; }; - deployment.targetHost = ""; + deployment.targetHost = "409:b2b1:966c:b13:6d67:2d6b:45e2:f048"; } diff --git a/hosts/flight/disko/default.nix b/hosts/flight/disko/default.nix deleted file mode 100644 index 4d195170..00000000 --- a/hosts/flight/disko/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ config, disko, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/sda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "${config.networking.hostName}-disk"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "compress=zstd" - "ssd" - ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ - "compress=zstd" - "noexec" - "ssd" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "compress=zstd" - "ssd" - ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "compress=zstd" - "ssd" - ]; - }; - "/persist/.snapshots" = { }; - "/persist/home" = { }; - "/persist/home/.snapshots" = { }; - }; - }; - }; - swap = { - size = "8G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems."/persist".neededForBoot = true; -} diff --git a/hosts/flight/filesystems/default.nix b/hosts/flight/filesystems/default.nix index f02cc20b..8a568d0f 100644 --- a/hosts/flight/filesystems/default.nix +++ b/hosts/flight/filesystems/default.nix @@ -2,7 +2,7 @@ { fileSystems = { "/persist/storage" = { - device = "/dev/disk/by-uuid/d0d6783f-ad51-4d85-b8a9-3374f6460ef6"; + device = "/dev/disk/by-uuid/3d6f81f2-7fa5-40a2-85bb-56f4cab63773"; fsType = "btrfs"; options = [ "nofail" diff --git a/hosts/flight/hardware/default.nix b/hosts/flight/hardware/default.nix index ba47de8a..fa1b984c 100644 --- a/hosts/flight/hardware/default.nix +++ b/hosts/flight/hardware/default.nix @@ -1,22 +1,35 @@ -{ modulesPath, ... }: +{ config, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { availableKernelModules = [ - "ahci" "ehci_pci" + "ahci" + "xhci_pci" + "usb_storage" "sd_mod" "sr_mod" - "xhci_pci" ]; kernelModules = [ "dm-snapshot" ]; }; kernelModules = [ "kvm-intel" ]; }; - hardware.cpu.intel.updateMicrocode = true; + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware = { + cpu.intel.updateMicrocode = true; + nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.legacy_390; + prime = { + sync.enable = true; + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:1:0:0"; + }; + }; + }; nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/hosts/flight/root/default.nix b/hosts/flight/root/default.nix new file mode 100644 index 00000000..7bccd4b8 --- /dev/null +++ b/hosts/flight/root/default.nix @@ -0,0 +1,54 @@ +{ config, name, ... }: +{ + boot.initrd.luks.devices."${name}-disk".device = "/dev/disk/by-uuid/0fc43c11-c382-4e37-812b-8866b1b20e68"; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/FA96-EF11"; + fsType = "vfat"; + options = [ "umask=0077" ]; + }; + + "/" = { + device = "/dev/disk/by-uuid/bbaf733b-14af-417b-b1c8-2f0534995483"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "ssd" + "subvol=root" + ]; + }; + "/prev" = { + device = "/dev/disk/by-uuid/bbaf733b-14af-417b-b1c8-2f0534995483"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "noexec" + "ssd" + "subvol=prev" + ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/bbaf733b-14af-417b-b1c8-2f0534995483"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "ssd" + "subvol=nix" + ]; + }; + + "/persist" = { + device = "/dev/disk/by-uuid/bbaf733b-14af-417b-b1c8-2f0534995483"; + fsType = "btrfs"; + neededForBoot = true; + options = [ + "compress=zstd" + "ssd" + "subvol=persist" + ]; + }; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/93ac8c5c-c947-4b45-a12a-146e87398517"; } ]; +} diff --git a/hosts/flight/services/default.nix b/hosts/flight/services/default.nix deleted file mode 100644 index 3c638bd3..00000000 --- a/hosts/flight/services/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: -{ - networking.useNetworkd = lib.mkForce false; - - services.globalprotect.enable = true; - - virtualisation = { - libvirtd.enable = true; - vmware.host.enable = true; - }; -} diff --git a/hosts/flight/user/default.nix b/hosts/flight/user/default.nix index 43b57345..e408de6a 100644 --- a/hosts/flight/user/default.nix +++ b/hosts/flight/user/default.nix @@ -1,8 +1,7 @@ -{ config, ... }: +{ config, lib, ... }: { - home-manager.users."${config.vars.mainUser}".home = { - guifull.enable = true; - school.enable = true; - enableNixpkgsReleaseCheck = false; + home-manager.users."${config.vars.mainUser}" = { + home.guifull.enable = true; + wayland.windowManager.sway.extraSessionCommands = lib.mkForce ""; }; } diff --git a/hosts/hidden/boot/default.nix b/hosts/hidden/boot/default.nix index 85554c2c..1919dae1 100644 --- a/hosts/hidden/boot/default.nix +++ b/hosts/hidden/boot/default.nix @@ -2,7 +2,7 @@ { boot = { kernelPackages = pkgs.linuxPackages_6_14; - loader.systemd-boot.enable = true; + loader.limine.enable = true; plymouth.enable = true; }; } diff --git a/hosts/hidden/disko/default.nix b/hosts/hidden/disko/default.nix index c7209669..60a3aa22 100644 --- a/hosts/hidden/disko/default.nix +++ b/hosts/hidden/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; device = "/dev/sda"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,12 +27,12 @@ size = "100%"; content = { type = "luks"; - name = "${config.networking.hostName}-disk"; + name = "${name}-disk"; settings.allowDiscards = true; passwordFile = "/tmp/secret.key"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -43,7 +42,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/intuos/disko/default.nix b/hosts/intuos/disko/default.nix index 4d195170..e204a376 100644 --- a/hosts/intuos/disko/default.nix +++ b/hosts/intuos/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; device = "/dev/sda"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,12 +27,12 @@ size = "100%"; content = { type = "luks"; - name = "${config.networking.hostName}-disk"; + name = "${name}-disk"; settings.allowDiscards = true; passwordFile = "/tmp/secret.key"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -43,7 +42,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/jupiter/boot/default.nix b/hosts/jupiter/boot/default.nix index ff9d9cee..17b17837 100644 --- a/hosts/jupiter/boot/default.nix +++ b/hosts/jupiter/boot/default.nix @@ -2,7 +2,7 @@ { boot = { kernelPackages = pkgsStable.linuxPackages_6_14; - loader.systemd-boot.enable = true; + loader.limine.enable = true; plymouth.enable = true; }; } diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index 0f4db580..7271d00e 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -17,5 +17,5 @@ deployment.targetHost = "5ce:969c:40d1:9575:f5e:591d:c377:a20b"; - #jovian.steam.enable = true; + jovian.steam.enable = true; } diff --git a/hosts/jupiter/disko/default.nix b/hosts/jupiter/disko/default.nix index 900c8a59..abb7808a 100644 --- a/hosts/jupiter/disko/default.nix +++ b/hosts/jupiter/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; device = "/dev/nvme0n1"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,7 +27,7 @@ size = "100%"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -37,7 +36,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/jupiter/jovian/default.nix b/hosts/jupiter/jovian/default.nix index ec180913..b8d075e9 100644 --- a/hosts/jupiter/jovian/default.nix +++ b/hosts/jupiter/jovian/default.nix @@ -1,9 +1,6 @@ { config, lib, pkgs, jovian, ... }: { - imports = [ - ./gnome - jovian.nixosModules.default - ]; + imports = [ ./desktop ]; config = lib.mkIf config.jovian.steam.enable { jovian = { @@ -21,23 +18,31 @@ }; }; - boot = { - kernelPackages = lib.mkForce pkgs.linuxPackages_jovian; - kernelParams = [ "amd_pstate=active" ]; - }; + # Evil kernel + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_jovian; programs.steam.extest.enable = true; + hardware.xone.enable = true; + + # Use networkmanager for ui compatibility + networking = { + networkmanager.enable = true; + wireless.enable = lib.mkForce false; + }; + + # Disable conflicting services services = { keyd.enable = lib.mkForce false; tlp.enable = lib.mkForce false; }; - hardware.xone.enable = true; - - networking = { - networkmanager.enable = true; - wireless.enable = lib.mkForce false; + # Disable network filesystems + fileSystems = { + "midas".enable = false; + "kitty".enable = false; + "detritus".enable = false; + "prophet".enable = false; }; environment.persistence."/persist".directories = [ diff --git a/hosts/jupiter/jovian/gnome/default.nix b/hosts/jupiter/jovian/desktop/default.nix similarity index 100% rename from hosts/jupiter/jovian/gnome/default.nix rename to hosts/jupiter/jovian/desktop/default.nix diff --git a/hosts/kitty/boot/default.nix b/hosts/kitty/boot/default.nix index e21b5c06..a0b1cae3 100644 --- a/hosts/kitty/boot/default.nix +++ b/hosts/kitty/boot/default.nix @@ -2,6 +2,6 @@ { boot = { kernelPackages = pkgs.linuxPackages_hardened; - loader.systemd-boot.enable = true; + loader.limine.enable = true; }; } diff --git a/hosts/kitty/disko/default.nix b/hosts/kitty/disko/default.nix index 2191e808..5959c753 100644 --- a/hosts/kitty/disko/default.nix +++ b/hosts/kitty/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; - device = "/dev/sda"; + device = "/dev/disk/by-id/ata-KINGSTON_SA400S37120G_50026B7783DBB232"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,7 +27,7 @@ size = "100%"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -37,7 +36,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/kitty/filesystems/default.nix b/hosts/kitty/filesystems/default.nix index 2ed8bf2c..0e452e07 100644 --- a/hosts/kitty/filesystems/default.nix +++ b/hosts/kitty/filesystems/default.nix @@ -9,7 +9,5 @@ "nosuid" ]; }; - - "kitty".enable = false; }; } diff --git a/hosts/midas/disko/default.nix b/hosts/midas/disko/default.nix index 60e95465..7978befb 100644 --- a/hosts/midas/disko/default.nix +++ b/hosts/midas/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; - device = "/dev/nvme0n1"; + device = "/dev/disk/by-id/nvme-eui.00080d03001365cc"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,12 +27,12 @@ size = "100%"; content = { type = "luks"; - name = "${config.networking.hostName}-disk"; + name = "${name}-disk"; settings.allowDiscards = true; passwordFile = "/tmp/secret.key"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -43,7 +42,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/midas/filesystems/default.nix b/hosts/midas/filesystems/default.nix index 96197c20..3048a803 100644 --- a/hosts/midas/filesystems/default.nix +++ b/hosts/midas/filesystems/default.nix @@ -10,7 +10,5 @@ "subvol=persist" ]; }; - - "midas".enable = false; }; } diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix index 439e9348..cddcad85 100644 --- a/hosts/midas/services/default.nix +++ b/hosts/midas/services/default.nix @@ -5,6 +5,7 @@ services = { cloudflare-dyndns.enable = true; forgejo.enable = true; + hedgedoc.enable = true; icecast.enable = true; jellyfin.enable = true; mastodon.enable = true; diff --git a/hosts/prophet/boot/default.nix b/hosts/prophet/boot/default.nix index 7b5230b7..5c3db6a2 100644 --- a/hosts/prophet/boot/default.nix +++ b/hosts/prophet/boot/default.nix @@ -3,6 +3,6 @@ boot = { binfmt.emulatedSystems = [ "x86_64-linux" ]; kernelPackages = pkgs.linuxPackages_hardened; - loader.systemd-boot.enable = true; + loader.limine.enable = true; }; } diff --git a/hosts/prophet/disko/default.nix b/hosts/prophet/disko/default.nix index 4961d53b..aad74c04 100644 --- a/hosts/prophet/disko/default.nix +++ b/hosts/prophet/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; - device = "/dev/nvme0n1"; + device = "/dev/disk/by-id/scsi-3609c958403f14cd29ff94a5a2e405cc2"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,7 +27,7 @@ size = "100%"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -37,7 +36,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/prophet/filesystems/default.nix b/hosts/prophet/filesystems/default.nix index c6d09166..dda781b9 100644 --- a/hosts/prophet/filesystems/default.nix +++ b/hosts/prophet/filesystems/default.nix @@ -9,7 +9,5 @@ "nosuid" ]; }; - - "prophet".enable = false; }; } diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index 2c073669..bb1ea3e0 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -15,7 +15,5 @@ deployment.targetHost = "4e4:535:9d47:f367:becd:6557:458d:5b1b"; - services.xserver.videoDrivers = [ "nvidia" ]; - virtualisation.libvirtd.enable = true; } diff --git a/hosts/tower/disko/default.nix b/hosts/tower/disko/default.nix index b4d328cf..72540892 100644 --- a/hosts/tower/disko/default.nix +++ b/hosts/tower/disko/default.nix @@ -1,16 +1,15 @@ -{ config, disko, ... }: +{ config, name, ... }: { - imports = [ disko.nixosModules.disko ]; - disko.devices = { disk = { - "${config.networking.hostName}" = { + "${name}" = { type = "disk"; - device = "/dev/nvme0n1"; + device = "/dev/disk/by-id/nvme-INTEL_SSDPEKNU512GZ_BTKA20550TKC512A"; content = { type = "gpt"; partitions = { boot = { + priority = 1; size = "1M"; type = "EF02"; }; @@ -28,12 +27,12 @@ size = "100%"; content = { type = "luks"; - name = "${config.networking.hostName}-disk"; + name = "${name}-disk"; settings.allowDiscards = true; passwordFile = "/tmp/secret.key"; content = { type = "lvm_pv"; - vg = "${config.networking.hostName}"; + vg = "${name}"; }; }; }; @@ -43,7 +42,7 @@ }; lvm_vg = { - "${config.networking.hostName}" = { + "${name}" = { type = "lvm_vg"; lvs = { root = { diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix index 37db4d04..0f983e1b 100644 --- a/hosts/tower/filesystems/default.nix +++ b/hosts/tower/filesystems/default.nix @@ -3,24 +3,32 @@ fileSystems = { # Games and such "/mnt/Linux1" = { - device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4"; - fsType = "ext4"; + device = "/dev/disk/by-label/Linux1"; + fsType = "btrfs"; options = [ "nofail" "nosuid" ]; }; "/mnt/Linux2" = { - device = "/dev/disk/by-uuid/f08e4f38-162c-402f-ba2a-5925151b78bf"; - fsType = "ext4"; + device = "/dev/disk/by-label/Linux2"; + fsType = "btrfs"; options = [ "nofail" "nosuid" ]; }; "/mnt/Linux3" = { - device = "/dev/disk/by-uuid/e7bc75bd-c371-4b28-b212-7be9b1fad339"; - fsType = "ext4"; + device = "/dev/disk/by-label/Linux3"; + fsType = "btrfs"; + options = [ + "nofail" + "nosuid" + ]; + }; + "/mnt/Linux4" = { + device = "/dev/disk/by-label/Linux4"; + fsType = "btrfs"; options = [ "nofail" "nosuid" diff --git a/hosts/tower/hardware/default.nix b/hosts/tower/hardware/default.nix index 37c93ab7..a374acd5 100644 --- a/hosts/tower/hardware/default.nix +++ b/hosts/tower/hardware/default.nix @@ -16,6 +16,8 @@ kernelModules = [ "kvm-amd" ]; }; + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.cpu.amd.updateMicrocode = true; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/hosts/tower/user/default.nix b/hosts/tower/user/default.nix index 0f9048b5..bdfb086b 100644 --- a/hosts/tower/user/default.nix +++ b/hosts/tower/user/default.nix @@ -1,7 +1,4 @@ -{ config, lib, ... }: +{ config, ... }: { - home-manager.users."${config.vars.mainUser}" = { - home.guifull.enable = true; - services.swayidle.enable = lib.mkForce false; - }; + home-manager.users."${config.vars.mainUser}".home.guifull.enable = true; } diff --git a/modules/home/programs/terminal/ranger/default.nix b/modules/home/programs/terminal/ranger/default.nix index 942fb179..0cc9a969 100644 --- a/modules/home/programs/terminal/ranger/default.nix +++ b/modules/home/programs/terminal/ranger/default.nix @@ -1,11 +1,11 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, pkgsUnstable, ... }: { programs.ranger = { enable = true; - #package = pkgs.ranger; + package = pkgsUnstable.ranger; settings = { preview_images = true; - #preview_images_method = "sixel"; + preview_images_method = "sixel"; dirname_in_tabs = true; autosave_bookmarks = false; show_hidden = true; diff --git a/modules/home/variables/displays/default.nix b/modules/home/variables/displays/default.nix index e923dc96..44f7e4eb 100644 --- a/modules/home/variables/displays/default.nix +++ b/modules/home/variables/displays/default.nix @@ -2,11 +2,11 @@ { vars.displays = { tower1 = "Microstep MSI G24C 0000000000001"; - tower2 = "BNQ BenQ GW2270 6CH00781019"; + tower2 = "Dell Inc. DELL P2214H KW14V4965YKS"; tower3 = "Eizo Nanao Corporation CG223W 23252050"; - tower4 = "Samsung Electric Company SAMSUNG Unknown"; + tower4 = "Sony SONY TV 0x01010101"; - detritus1 = "Dell Inc. DELL P2214H KW14V4965YKS"; - detritus2 = "HannStar Display Corp iP192A 051AW1WY03797"; + intuos1 = "Wacom Tech Cintiq W1310 MIRACULIX"; + intuos2 = "BNQ BenQ GW2270 6CH00781019"; }; } diff --git a/modules/home/wms/programs/kanshi/default.nix b/modules/home/wms/programs/kanshi/default.nix index 0d18aa3d..235b9aa9 100644 --- a/modules/home/wms/programs/kanshi/default.nix +++ b/modules/home/wms/programs/kanshi/default.nix @@ -11,6 +11,13 @@ mode = "1920x1080@143.979996Hz"; }; } + { + output = { + criteria = tower3; + mode = "1680x1050@59.883"; + transform = "90"; + }; + } # Profiles { @@ -20,19 +27,22 @@ { criteria = tower1; position = "3840,405"; + status = "enable"; } { criteria = tower2; position = "1920,405"; + status = "enable"; } { criteria = tower3; position = "5760,0"; - transform = "90"; + status = "enable"; } { criteria = tower4; position = "0,405"; + status = "enable"; } ]; }; @@ -44,49 +54,34 @@ { criteria = tower1; position = "1920,405"; + status = "enable"; } { criteria = tower2; position = "0,405"; + status = "enable"; } { criteria = tower3; position = "3840,0"; - transform = "90"; - } - ]; - }; - } - - { - profile = { - name = "detritus"; - outputs = [ - { - criteria = detritus1; - position = "0,0"; - } - { - criteria = detritus2; - position = "1920,0"; - scale = 0.85; - } - ]; - }; - } - - { - profile = { - name = "byod"; - outputs = [ - { - criteria = "Dell Inc. DELL U3423WE H8LGMP3"; - scale = 1.15; status = "enable"; } + ]; + }; + } + + { + profile = { + name = "intuos"; + outputs = [ { - criteria = "eDP-1"; - status = "disable"; + criteria = intuos1; + position = "1920,278"; + scale = 1.80; + } + { + criteria = intuos2; + position = "0,0"; } ]; }; diff --git a/modules/home/wms/programs/waybar/default.nix b/modules/home/wms/programs/waybar/default.nix index ad68a398..1ddb8963 100644 --- a/modules/home/wms/programs/waybar/default.nix +++ b/modules/home/wms/programs/waybar/default.nix @@ -238,7 +238,7 @@ output = [ "!${config.vars.displays.tower2}" "!${config.vars.displays.tower3}" - "!${config.vars.displays.detritus2}" + "!${config.vars.displays.intuos2}" "*" ]; modules-left = [ @@ -273,7 +273,7 @@ output = [ config.vars.displays.tower2 config.vars.displays.tower3 - config.vars.displays.detritus2 + config.vars.displays.intuos2 ]; modules-left = [ "sway/workspaces" diff --git a/modules/home/wms/sway/inputs/default.nix b/modules/home/wms/sway/inputs/default.nix index 512ce6de..7b27d603 100644 --- a/modules/home/wms/sway/inputs/default.nix +++ b/modules/home/wms/sway/inputs/default.nix @@ -1,13 +1,12 @@ -{ ... }: +{ config, ... }: { # HID devices wayland.windowManager.sway.config.input = { - "9610:4103:SINOWEALTH_Game_Mouse" = { - pointer_accel = "-0.9"; - }; - "9639:64097:Compx_2.4G_Receiver_Mouse" = { - pointer_accel = "-0.82"; - }; + "9610:4103:SINOWEALTH_Game_Mouse".pointer_accel = "-0.9"; + "9639:64097:Compx_2.4G_Receiver_Mouse".pointer_accel = "-0.82"; + "type:touch".map_to_output = ''"${config.vars.displays.intuos1}"''; + + # Wildcard, affects everything "*" = { accel_profile = "flat"; dwt = "disabled"; diff --git a/modules/home/wms/sway/outputs/default.nix b/modules/home/wms/sway/outputs/default.nix index 8416e7dd..cd954b47 100644 --- a/modules/home/wms/sway/outputs/default.nix +++ b/modules/home/wms/sway/outputs/default.nix @@ -38,6 +38,11 @@ (assign "${tower1}" workspaces1) ++ (assign "${tower2}" workspaces2) ++ (assign "${tower3}" workspaces3) ++ - (assign "${tower4}" workspaces4); + (assign "${tower4}" workspaces4) ++ + + (assign "${intuos2}" workspaces1) ++ + (assign "${intuos2}" workspaces2) ++ + (assign "${intuos1}" workspaces3) ++ + (assign "${intuos1}" workspaces4); }; } diff --git a/modules/system/devices/boot/default.nix b/modules/system/devices/boot/default.nix index 40fd3718..9a139f45 100644 --- a/modules/system/devices/boot/default.nix +++ b/modules/system/devices/boot/default.nix @@ -1,19 +1,16 @@ { lib, pkgs, ... }: { imports = [ - ./grub ./lanzaboote + ./limine ./plymouth ./services - ./systemd ]; boot = { - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; blacklistedKernelModules = [ "pcspkr" ]; - kernel.sysctl = { - "vm.max_map_count" = 2147483642; - "kernel.sysrq" = 1; - }; + kernel.sysctl."vm.max_map_count" = 2147483642; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + loader.systemd-boot.editor = false; }; } diff --git a/modules/system/devices/boot/grub/default.nix b/modules/system/devices/boot/grub/default.nix deleted file mode 100644 index 99105e9c..00000000 --- a/modules/system/devices/boot/grub/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, ... }: -{ - boot.loader.grub = { - enable = lib.mkDefault false; - efiSupport = true; - efiInstallAsRemovable = true; - }; -} diff --git a/modules/system/devices/boot/lanzaboote/default.nix b/modules/system/devices/boot/lanzaboote/default.nix index b3eb4940..796a3a40 100644 --- a/modules/system/devices/boot/lanzaboote/default.nix +++ b/modules/system/devices/boot/lanzaboote/default.nix @@ -1,7 +1,5 @@ -{ config, pkgs, lanzaboote, ... }: +{ config, pkgs, ... }: { - imports = [ lanzaboote.nixosModules.lanzaboote ]; - boot.lanzaboote.pkiBundle = "/etc/secureboot"; environment = { diff --git a/modules/system/devices/boot/limine/default.nix b/modules/system/devices/boot/limine/default.nix new file mode 100644 index 00000000..20024f19 --- /dev/null +++ b/modules/system/devices/boot/limine/default.nix @@ -0,0 +1,8 @@ +{ config, pkgs, name, ... }: +{ + boot.loader.limine = { + biosSupport = !pkgs.stdenv.hostPlatform.isAarch64; + efiInstallAsRemovable = true; + efiSupport = true; + }; +} diff --git a/modules/system/devices/boot/plymouth/default.nix b/modules/system/devices/boot/plymouth/default.nix index 993a6e6f..1586477a 100644 --- a/modules/system/devices/boot/plymouth/default.nix +++ b/modules/system/devices/boot/plymouth/default.nix @@ -2,7 +2,6 @@ { config.boot = lib.mkIf config.boot.plymouth.enable { consoleLogLevel = 0; - loader.timeout = 0; initrd.verbose = false; kernelParams = [ "loglevel=3" diff --git a/modules/system/devices/boot/services/root-reset/default.nix b/modules/system/devices/boot/services/root-reset/default.nix index 44d2a1b7..632066ed 100644 --- a/modules/system/devices/boot/services/root-reset/default.nix +++ b/modules/system/devices/boot/services/root-reset/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, name, ... }: { boot.initrd.systemd.services.root-reset = { enable = config.environment.persistence."/persist".enable; @@ -10,7 +10,7 @@ serviceConfig.Type = "oneshot"; script = '' mkdir -p /mnt - mount -t btrfs /dev/${config.networking.hostName}/root /mnt + mount -t btrfs /dev/${name}/root /mnt if [[ -e /mnt/prev ]]; then btrfs subvolume delete /mnt/prev diff --git a/modules/system/devices/boot/systemd/default.nix b/modules/system/devices/boot/systemd/default.nix deleted file mode 100644 index bc13baff..00000000 --- a/modules/system/devices/boot/systemd/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - boot.loader.systemd-boot = { - editor = false; - graceful = true; - }; -} diff --git a/modules/system/devices/disks/filesystems/default.nix b/modules/system/devices/disks/filesystems/default.nix index 71fe167e..20d77e04 100644 --- a/modules/system/devices/disks/filesystems/default.nix +++ b/modules/system/devices/disks/filesystems/default.nix @@ -11,9 +11,9 @@ }; }; - services = lib.mkIf config.environment.persistence."/persist".enable { + services = { btrfs.autoScrub = { - enable = true; + enable = (config.fileSystems."/".fsType == "btrfs"); interval = "weekly"; }; fstrim.enable = true; diff --git a/modules/system/devices/disks/impermanence/default.nix b/modules/system/devices/disks/impermanence/default.nix index 9c555679..8f6d1794 100644 --- a/modules/system/devices/disks/impermanence/default.nix +++ b/modules/system/devices/disks/impermanence/default.nix @@ -1,12 +1,17 @@ -{ impermanence, ... }: +{ ... }: { - imports = [ impermanence.nixosModules.impermanence ]; - environment.persistence."/persist" = { hideMounts = true; directories = [ "/storage" - "/var/lib/nixos" + { + directory = "/var/lib/nixos"; + mode = "0700"; + } + { + directory = "/var/lib/nixos-containers"; + mode = "0700"; + } ]; files = [ "/etc/machine-id" ]; }; diff --git a/modules/system/devices/networking/hosts/default.nix b/modules/system/devices/networking/hosts/default.nix index 0be8aad1..c2f38678 100644 --- a/modules/system/devices/networking/hosts/default.nix +++ b/modules/system/devices/networking/hosts/default.nix @@ -12,7 +12,6 @@ "${midas.config.deployment.targetHost}" = [ "midas" ]; "${kitty.config.deployment.targetHost}" = [ "kitty" ]; "${detritus.config.deployment.targetHost}" = [ "detritus" ]; - "${elder.config.deployment.targetHost}" = [ "elder" ]; "${prophet.config.deployment.targetHost}" = [ "prophet" ]; }; } diff --git a/modules/system/devices/networking/mounts/default.nix b/modules/system/devices/networking/mounts/default.nix index ef41e273..b8e7913a 100644 --- a/modules/system/devices/networking/mounts/default.nix +++ b/modules/system/devices/networking/mounts/default.nix @@ -2,8 +2,9 @@ { fileSystems = let common = { - fsType = "nfs4"; + fsType = "nfs"; options = [ + "noatime" "noauto" "soft" "x-systemd.automount" @@ -22,10 +23,6 @@ device = "detritus:/storage"; mountPoint = "/network/Detritus"; }; - "elder" = common // { - device = "elder:/storage"; - mountPoint = "/network/Elder"; - }; "prophet" = common // { device = "prophet:/storage"; mountPoint = "/network/Prophet"; diff --git a/modules/system/devices/video/amd/default.nix b/modules/system/devices/video/amd/default.nix new file mode 100644 index 00000000..8d349fec --- /dev/null +++ b/modules/system/devices/video/amd/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + boot.kernelParams = [ "amd_pstate=active" ]; + + hardware.amdgpu.legacySupport.enable = true; +} diff --git a/modules/system/devices/video/default.nix b/modules/system/devices/video/default.nix index 6db0c37f..d4d981ae 100644 --- a/modules/system/devices/video/default.nix +++ b/modules/system/devices/video/default.nix @@ -1,6 +1,9 @@ { config, pkgs, ... }: { - imports = [ ./nvidia ]; + imports = [ + ./amd + ./nvidia + ]; hardware.graphics = { enable = builtins.elem "pc" config.system.nixos.tags; diff --git a/modules/system/devices/video/nvidia/default.nix b/modules/system/devices/video/nvidia/default.nix index 261ba237..ebc7cd42 100644 --- a/modules/system/devices/video/nvidia/default.nix +++ b/modules/system/devices/video/nvidia/default.nix @@ -8,10 +8,14 @@ hardware.nvidia = { modesetting.enable = true; nvidiaSettings = false; - open = true; + open = if lib.versionOlder config.hardware.nvidia.package.version "560" then false else true; + powerManagement.enable = config.hardware.nvidia.open; }; - nixpkgs.allowUnfreePackages = [ "nvidia-x11" ]; + nixpkgs = { + allowUnfreePackages = [ "nvidia-x11" ]; + config.nvidia.acceptLicense = true; + }; specialisation = lib.mkIf (lib.elem "nvidia" config.services.xserver.videoDrivers) { nouveau.configuration.config.services.xserver.videoDrivers = lib.mkForce [ "nouveau" ]; diff --git a/modules/system/programs/home-manager/default.nix b/modules/system/programs/home-manager/default.nix index d7e2ce31..b72752ef 100644 --- a/modules/system/programs/home-manager/default.nix +++ b/modules/system/programs/home-manager/default.nix @@ -1,7 +1,5 @@ -{ hm, stable, unstable, blender, impermanence, nur, ... }: +{ stable, unstable, blender, impermanence, nur, ... }: { - imports = [ hm.nixosModules.home-manager ]; - home-manager = { useUserPackages = true; backupFileExtension = "bak"; diff --git a/modules/system/secrets/networks/default.nix b/modules/system/secrets/networks/default.nix index 78d2b0bb..23f458ad 100644 Binary files a/modules/system/secrets/networks/default.nix and b/modules/system/secrets/networks/default.nix differ diff --git a/modules/system/services/general/libvirtd/default.nix b/modules/system/services/general/libvirtd/default.nix index bbf47a4e..0ff033dc 100644 --- a/modules/system/services/general/libvirtd/default.nix +++ b/modules/system/services/general/libvirtd/default.nix @@ -20,7 +20,8 @@ "pci=routeirq" ]; - programs.virt-manager.enable = true; + # Enable the gui manager + programs.virt-manager.enable = builtins.elem "pc" config.system.nixos.tags; # Allow looking glass to be accessed by users systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ]; diff --git a/modules/system/services/general/ssh/default.nix b/modules/system/services/general/ssh/default.nix index 90bd0dee..3616641c 100644 --- a/modules/system/services/general/ssh/default.nix +++ b/modules/system/services/general/ssh/default.nix @@ -11,7 +11,17 @@ }; }; - programs.ssh.startAgent = true; + programs.ssh = { + startAgent = true; + + # Don't host prompt for servers + knownHosts = { + midas.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcFMvrx9/iUZ1mEubf+QF1i3LNTxFhaU/1zFSjdo0kK"; + kitty.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrGmsya5DXKuXO6jNjUlrYHqk49KLzxM/60GXtLRLrL"; + detritus.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPD9m/rUjb88C4Kin2YhMrMVigu5IEf20FzwfAvz8SI"; + prophet.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrp3Y/X2BRUENx+0GMTmB1VDA6SiwkGgdJMHSdMMepM"; + }; + }; security.pam.services.sshd.allowNullPassword = true; diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 62396890..59510325 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -3,6 +3,7 @@ imports = [ ./cfdyndns ./forgejo + ./hedgedoc ./icecast ./incus ./jellyfin diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index af4d132f..34b29076 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -8,17 +8,17 @@ lfs.enable = true; settings = { server = { - DOMAIN = "git.${config.vars.mainDomain}"; - ROOT_URL = "https://git.${config.vars.mainDomain}:443"; + DOMAIN = "git.${config.vars.primeDomain}"; + ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:443"; HTTP_PORT = 3110; SSH_PORT = 2299; START_SSH_SERVER = true; }; mailer = { ENABLED = true; - SMTP_ADDR = "mx.${config.vars.mainDomain}"; - FROM = "NixFox Git "; - USER = "noreply@${config.vars.mainDomain}"; + SMTP_ADDR = "mx.${config.vars.mailDomain}"; + FROM = "NixFox Git "; + USER = "noreply@${config.vars.primeDomain}"; PASSWD = config.secrets.mailPass.nixfoxNoReply; PROTOCOL = "smtps"; }; @@ -32,7 +32,7 @@ networking.firewall.allowedTCPPorts = [ 2299 ]; - services.cloudflare-dyndns.domains = [ "git.${config.vars.mainDomain}" ]; + services.cloudflare-dyndns.domains = [ config.services.forgejo.settings.server.DOMAIN ]; environment.persistence."/persist".directories = [ "/var/lib/forgejo" ]; }; diff --git a/modules/system/services/server/forgejo/nginx/default.nix b/modules/system/services/server/forgejo/nginx/default.nix index ad2223ad..a40ab52b 100644 --- a/modules/system/services/server/forgejo/nginx/default.nix +++ b/modules/system/services/server/forgejo/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."git.${config.vars.mainDomain}" = lib.mkIf config.services.forgejo.enable { + services.nginx.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = lib.mkIf config.services.forgejo.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/hedgedoc/default.nix b/modules/system/services/server/hedgedoc/default.nix new file mode 100644 index 00000000..c2be42e0 --- /dev/null +++ b/modules/system/services/server/hedgedoc/default.nix @@ -0,0 +1,15 @@ +{ config, ... }: +{ + imports = [ ./nginx ]; + + services.hedgedoc.settings = { + domain = "hedgedoc.${config.vars.primeDomain}"; + port = 8001; + host = "127.0.0.1"; + protocolUseSSL = true; + allowOrigin = [ + "localhost" + config.services.hedgedoc.settings.domain + ]; + }; +} diff --git a/modules/system/services/server/hedgedoc/nginx/default.nix b/modules/system/services/server/hedgedoc/nginx/default.nix new file mode 100644 index 00000000..9848af75 --- /dev/null +++ b/modules/system/services/server/hedgedoc/nginx/default.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: +{ + services.nginx.virtualHosts."${config.services.hedgedoc.settings.domain}" = lib.mkIf config.services.hedgedoc.enable { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}"; + proxyWebsockets = true; + }; + }; +} diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 498c184f..453f339f 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -7,7 +7,7 @@ services.icecast = { listen.port = 73; - hostname = "radio.${config.vars.mainDomain}"; + hostname = "radio.${config.vars.primeDomain}"; admin = { user = "admin"; password = config.secrets.cast.adminPass; @@ -17,7 +17,7 @@ ${config.secrets.cast.sourcePass} Canada - contact@${config.vars.mainDomain} + contact@${config.vars.primeDomain} ''; }; } diff --git a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix index 8d200cb7..d26b68b3 100644 --- a/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/nixbops/default.nix @@ -7,7 +7,7 @@ settings.init.allow_root.set(true) settings.scheduler.fast_queues.set(2) - stream = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/storage/Music/NixBops")) + stream = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/network/Midas/Music/NixBops")) stream_fallback = fallback([stream, stream]) output.icecast( diff --git a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix index 6f520910..36e22aef 100644 --- a/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix +++ b/modules/system/services/server/icecast/liquidsoap/nixscrap/default.nix @@ -7,7 +7,7 @@ settings.init.allow_root.set(true) settings.scheduler.fast_queues.set(2) - stream = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/storage/Music/Scrap")) + stream = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/network/Midas/Music/Scrap")) stream_fallback = fallback([stream, stream]) output.icecast( diff --git a/modules/system/services/server/icecast/nginx/default.nix b/modules/system/services/server/icecast/nginx/default.nix index 8993503a..120cbb66 100644 --- a/modules/system/services/server/icecast/nginx/default.nix +++ b/modules/system/services/server/icecast/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."radio.${config.vars.mainDomain}" = lib.mkIf config.services.icecast.enable { + services.nginx.virtualHosts."${config.services.icecast.hostname}" = lib.mkIf config.services.icecast.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/jellyfin/nginx/default.nix b/modules/system/services/server/jellyfin/nginx/default.nix index d79599e9..550749ae 100644 --- a/modules/system/services/server/jellyfin/nginx/default.nix +++ b/modules/system/services/server/jellyfin/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."jelly.${config.vars.mainDomain}" = lib.mkIf config.services.jellyfin.enable { + services.nginx.virtualHosts."jelly.${config.vars.primeDomain}" = lib.mkIf config.services.jellyfin.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/default.nix b/modules/system/services/server/mailserver/default.nix index c2418a80..744cde04 100644 --- a/modules/system/services/server/mailserver/default.nix +++ b/modules/system/services/server/mailserver/default.nix @@ -9,7 +9,7 @@ config = lib.mkIf config.mailserver.enable { mailserver = { - fqdn = "mx.${config.vars.mainDomain}"; + fqdn = "mx.${config.vars.mailDomain}"; domains = [ "nixfox.ca" "bloxelcom.net" diff --git a/modules/system/services/server/mailserver/go-autoconfig/default.nix b/modules/system/services/server/mailserver/go-autoconfig/default.nix index 0a9d5746..6854adb1 100644 --- a/modules/system/services/server/mailserver/go-autoconfig/default.nix +++ b/modules/system/services/server/mailserver/go-autoconfig/default.nix @@ -7,13 +7,13 @@ enable = true; settings = { service_addr = ":1323"; - domain = "autoconfig.nixfox.ca"; + domain = "autoconfig.${config.vars.mailDomain}"; imap = { - server = "mx.nixfox.ca"; + server = "mx.${config.vars.mailDomain}"; port = 143; }; smtp = { - server = "mx.nixfox.ca"; + server = "mx.${config.vars.mailDomain}"; port = 587; }; }; diff --git a/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix b/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix index 14937c85..d612fce4 100644 --- a/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix +++ b/modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."autoconfig.${config.vars.mainDomain}" = lib.mkIf config.services.go-autoconfig.enable { + services.nginx.virtualHosts."autoconfig.${config.vars.mailDomain}" = lib.mkIf config.services.go-autoconfig.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/radicale/default.nix b/modules/system/services/server/mailserver/radicale/default.nix index 6321c3d1..f553819b 100644 --- a/modules/system/services/server/mailserver/radicale/default.nix +++ b/modules/system/services/server/mailserver/radicale/default.nix @@ -19,7 +19,7 @@ htpasswd_encryption = "bcrypt"; }; }; - cloudflare-dyndns.domains = [ "cal.nixfox.ca" ]; + cloudflare-dyndns.domains = [ "cal.${config.vars.mailDomain}" ]; }; environment.persistence."/persist".directories = [ "/var/lib/radicale" ]; diff --git a/modules/system/services/server/mailserver/radicale/nginx/default.nix b/modules/system/services/server/mailserver/radicale/nginx/default.nix index 71b9481b..8d70efbf 100644 --- a/modules/system/services/server/mailserver/radicale/nginx/default.nix +++ b/modules/system/services/server/mailserver/radicale/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."cal.${config.vars.mainDomain}" = lib.mkIf config.services.radicale.enable { + services.nginx.virtualHosts."cal.${config.vars.mailDomain}" = lib.mkIf config.services.radicale.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/roundcube/default.nix b/modules/system/services/server/mailserver/roundcube/default.nix index ac7ad946..c4fc9784 100644 --- a/modules/system/services/server/mailserver/roundcube/default.nix +++ b/modules/system/services/server/mailserver/roundcube/default.nix @@ -3,9 +3,9 @@ config = lib.mkIf config.mailserver.enable { services.roundcube = { enable = true; - hostName = "mail.${config.vars.mainDomain}"; + hostName = "mail.${config.vars.mailDomain}"; extraConfig = '' - $config['smtp_server'] = "tls://mx.${config.vars.mainDomain}"; + $config['smtp_server'] = "tls://mx.${config.vars.mailDomain}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; diff --git a/modules/system/services/server/mastodon/default.nix b/modules/system/services/server/mastodon/default.nix index 7a8786b2..9cc7bee6 100644 --- a/modules/system/services/server/mastodon/default.nix +++ b/modules/system/services/server/mastodon/default.nix @@ -2,16 +2,16 @@ { config = lib.mkIf config.services.mastodon.enable { services.mastodon = { - localDomain = "social.nixfox.ca"; + localDomain = "social.${config.vars.primeDomain}"; streamingProcesses = 4; configureNginx = true; smtp = { createLocally = false; - host = "mx.nixfox.ca"; + host = "mx.${config.vars.mailDomain}"; port = 587; authenticate = true; - fromAddress = "NixFox Mastodon "; - user = "noreply@nixfox.ca"; + fromAddress = "NixFox Mastodon "; + user = "noreply@${config.vars.primeDomain}"; passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.mailPass.nixfoxNoReply; }; }; diff --git a/modules/system/services/server/matrix/coturn/default.nix b/modules/system/services/server/matrix/coturn/default.nix index bf7c5ec5..9ef549de 100644 --- a/modules/system/services/server/matrix/coturn/default.nix +++ b/modules/system/services/server/matrix/coturn/default.nix @@ -12,7 +12,7 @@ max-port = 50000; use-auth-secret = true; static-auth-secret = config.secrets.coturnSecret; - realm = "turn.${config.vars.mainDomain}"; + realm = "turn.${config.vars.primeDomain}"; cert = "/var/lib/acme/${config.services.coturn.realm}/fullchain.pem"; pkey = "/var/lib/acme/${config.services.coturn.realm}/key.pem"; }; diff --git a/modules/system/services/server/matrix/coturn/nginx/default.nix b/modules/system/services/server/matrix/coturn/nginx/default.nix index dc53becb..c0466107 100644 --- a/modules/system/services/server/matrix/coturn/nginx/default.nix +++ b/modules/system/services/server/matrix/coturn/nginx/default.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { config = lib.mkIf config.services.coturn.enable { - services.nginx.virtualHosts."turn.${config.vars.mainDomain}" = { + services.nginx.virtualHosts."turn.${config.vars.primeDomain}" = { enableACME = true; forceSSL = true; listen = [{ @@ -12,7 +12,7 @@ locations."/".proxyPass = "http://127.0.0.1:1380"; }; - security.acme.certs."turn.${config.vars.mainDomain}" = { + security.acme.certs."turn.${config.vars.primeDomain}" = { group = "turnserver"; postRun = "systemctl restart coturn.service"; }; diff --git a/modules/system/services/server/matrix/element/default.nix b/modules/system/services/server/matrix/element/default.nix index 34326b31..a1ba1067 100644 --- a/modules/system/services/server/matrix/element/default.nix +++ b/modules/system/services/server/matrix/element/default.nix @@ -4,14 +4,14 @@ nixpkgs.config.element-web.conf = { default_server_config."m.homeserver" = { - base_url = "https://matrix.${config.vars.mainDomain}"; - server_name = "matrix.${config.vars.mainDomain}"; + base_url = "https://matrix.${config.vars.primeDomain}"; + server_name = "matrix.${config.vars.primeDomain}"; }; branding = { - auth_header_logo_url = "https://www.${config.vars.mainDomain}/images/copyright/profile.png"; - #welcome_background_url = "https://www.${config.vars.mainDomain}/images/backgrounds/template-background.png"; + auth_header_logo_url = "https://www.${config.vars.primeDomain}/images/copyright/profile.png"; + #welcome_background_url = "https://www.${config.vars.primeDomain}/images/backgrounds/template-background.png"; }; - embedded_pages.home_url = "https://www.${config.vars.mainDomain}/"; + embedded_pages.home_url = "https://www.${config.vars.primeDomain}/"; disable_custom_urls = true; disable_guests = true; default_theme = "dark"; diff --git a/modules/system/services/server/matrix/element/nginx/default.nix b/modules/system/services/server/matrix/element/nginx/default.nix index 960f3598..86c601a3 100644 --- a/modules/system/services/server/matrix/element/nginx/default.nix +++ b/modules/system/services/server/matrix/element/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: { - services.nginx.virtualHosts."chat.${config.vars.mainDomain}" = lib.mkIf config.services.matrix-synapse.enable { + services.nginx.virtualHosts."chat.${config.vars.primeDomain}" = lib.mkIf config.services.matrix-synapse.enable { enableACME = true; addSSL = true; root = "${pkgs.element-web}"; diff --git a/modules/system/services/server/matrix/synapse/default.nix b/modules/system/services/server/matrix/synapse/default.nix index fb557659..40f890a3 100644 --- a/modules/system/services/server/matrix/synapse/default.nix +++ b/modules/system/services/server/matrix/synapse/default.nix @@ -5,16 +5,16 @@ config = lib.mkIf config.services.matrix-synapse.enable { services.matrix-synapse = { settings = { - server_name = "${config.vars.mainDomain}"; - public_baseurl = "https://matrix.${config.vars.mainDomain}"; + server_name = "${config.vars.primeDomain}"; + public_baseurl = "https://matrix.${config.vars.primeDomain}"; suppress_key_server_warning = true; # Email notifications about account status email = { - notif_from = "NixFox Matrix "; - smtp_host = "mx.${config.vars.mainDomain}"; - smtp_user = "noreply@${config.vars.mainDomain}"; + smtp_host = "mx.${config.vars.mailDomain}"; + smtp_user = "noreply@${config.vars.primeDomain}"; smtp_pass = config.secrets.mailPass.nixfoxNoReply; + notif_from = "NixFox Matrix "; enable_tls = true; smtp_port = 587; require_transport_security = true; diff --git a/modules/system/services/server/matrix/synapse/nginx/default.nix b/modules/system/services/server/matrix/synapse/nginx/default.nix index f50834ad..dd71d56d 100644 --- a/modules/system/services/server/matrix/synapse/nginx/default.nix +++ b/modules/system/services/server/matrix/synapse/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."matrix.${config.vars.mainDomain}" = lib.mkIf config.services.matrix-synapse.enable { + services.nginx.virtualHosts."matrix.${config.vars.primeDomain}" = lib.mkIf config.services.matrix-synapse.enable { enableACME = true; forceSSL = true; locations = { diff --git a/modules/system/services/server/minecraft/default.nix b/modules/system/services/server/minecraft/default.nix index a2a9131b..da5539fa 100644 --- a/modules/system/services/server/minecraft/default.nix +++ b/modules/system/services/server/minecraft/default.nix @@ -3,17 +3,13 @@ imports = [ ./common ./servers - minecraft.nixosModules.minecraft-servers ]; config = lib.mkIf config.services.minecraft-servers.enable { - nixpkgs = { - overlays = [ minecraft.overlay ]; - allowUnfreePackages = [ "minecraft-server" ]; - }; - services.minecraft-servers.eula = true; + nixpkgs.allowUnfreePackages = [ "minecraft-server" ]; + environment.persistence."/persist".directories = [ "/srv/minecraft" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/blockworld/default.nix b/modules/system/services/server/minecraft/servers/blockworld/default.nix index 0f5b1363..5f9c1e68 100644 --- a/modules/system/services/server/minecraft/servers/blockworld/default.nix +++ b/modules/system/services/server/minecraft/servers/blockworld/default.nix @@ -14,6 +14,6 @@ symlinks = config.services.minecraft-servers.common.paperSymlinks; files = config.services.minecraft-servers.common.configFiles; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.blockworld.enable [ "bloxel.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.blockworld.enable [ "bloxel.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/cornworld/default.nix b/modules/system/services/server/minecraft/servers/cornworld/default.nix index 33fcaec7..28161ebc 100644 --- a/modules/system/services/server/minecraft/servers/cornworld/default.nix +++ b/modules/system/services/server/minecraft/servers/cornworld/default.nix @@ -13,6 +13,6 @@ symlinks = config.services.minecraft-servers.common.paperSymlinks; files = config.services.minecraft-servers.common.configFiles; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.cornworld.enable [ "corn.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.cornworld.enable [ "corn.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix index 11d2eecd..da6bcdc9 100644 --- a/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix +++ b/modules/system/services/server/minecraft/servers/dewdemolisher/default.nix @@ -13,6 +13,6 @@ symlinks = config.services.minecraft-servers.common.paperSymlinks; files = config.services.minecraft-servers.common.configFiles; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.dewdemolisher.enable [ "dew.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.dewdemolisher.enable [ "dew.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/johnside/default.nix b/modules/system/services/server/minecraft/servers/johnside/default.nix index 9af650a4..0c8933af 100644 --- a/modules/system/services/server/minecraft/servers/johnside/default.nix +++ b/modules/system/services/server/minecraft/servers/johnside/default.nix @@ -26,6 +26,6 @@ }; files = config.services.minecraft-servers.common.configFiles; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.johnside.enable [ "john.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.johnside.enable [ "john.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/marsh/default.nix b/modules/system/services/server/minecraft/servers/marsh/default.nix index 3eb18bfd..f6a3030d 100644 --- a/modules/system/services/server/minecraft/servers/marsh/default.nix +++ b/modules/system/services/server/minecraft/servers/marsh/default.nix @@ -13,6 +13,6 @@ symlinks = config.services.minecraft-servers.common.paperSymlinks; files = config.services.minecraft-servers.common.configFiles; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.marsh.enable [ "marsh.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.marsh.enable [ "marsh.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/skyblock/default.nix b/modules/system/services/server/minecraft/servers/skyblock/default.nix index 2a538120..12ae26a7 100644 --- a/modules/system/services/server/minecraft/servers/skyblock/default.nix +++ b/modules/system/services/server/minecraft/servers/skyblock/default.nix @@ -13,6 +13,6 @@ symlinks = config.services.minecraft-servers.common.paperSymlinks; files = config.services.minecraft-servers.common.configFiles; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.skyblock.enable [ "skyblock.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.skyblock.enable [ "skyblock.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/minecraft/servers/uberbeta/default.nix b/modules/system/services/server/minecraft/servers/uberbeta/default.nix index 1e1c35ff..ef58b477 100644 --- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix +++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix @@ -18,6 +18,6 @@ in { server-port = 30005; }; }; - cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.vars.mainDomain}" ]; + cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.vars.primeDomain}" ]; }; } diff --git a/modules/system/services/server/nextcloud/default.nix b/modules/system/services/server/nextcloud/default.nix index 4425c795..87bfffda 100644 --- a/modules/system/services/server/nextcloud/default.nix +++ b/modules/system/services/server/nextcloud/default.nix @@ -8,7 +8,7 @@ config = lib.mkIf config.services.nextcloud.enable { services.nextcloud = { package = pkgs.nextcloud31; - hostName = "files.${config.vars.mainDomain}"; + hostName = "files.${config.vars.primeDomain}"; https = true; config = { adminuser = "admin"; @@ -19,11 +19,11 @@ trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ config.services.nextcloud.hostName ]; overwriteprotocol = "https"; - mail_smtphost = "mx.${config.vars.mainDomain}"; - mail_domain = "${config.vars.mainDomain}"; + mail_smtphost = "mx.${config.vars.mailDomain}"; + mail_domain = "${config.vars.primeDomain}"; mail_from_address = "noreply"; mail_smtpauth = "true"; - mail_smtpname = "noreply@${config.vars.mainDomain}"; + mail_smtpname = "noreply@${config.vars.primeDomain}"; mail_smtppassword = config.secrets.mailPass.nixfoxNoReply; mail_smtpmode = "smtp"; mail_smtpport = 587; diff --git a/modules/system/services/server/nextcloud/nginx/default.nix b/modules/system/services/server/nextcloud/nginx/default.nix index 2ae51b50..5cc87b9a 100644 --- a/modules/system/services/server/nextcloud/nginx/default.nix +++ b/modules/system/services/server/nextcloud/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."files.${config.vars.mainDomain}" = lib.mkIf config.services.nextcloud.enable { + services.nginx.virtualHosts."files.${config.vars.primeDomain}" = lib.mkIf config.services.nextcloud.enable { enableACME = true; addSSL = true; locations."/" = { diff --git a/modules/system/services/server/nginx/acme/default.nix b/modules/system/services/server/nginx/acme/default.nix index 234eae09..941c8a64 100644 --- a/modules/system/services/server/nginx/acme/default.nix +++ b/modules/system/services/server/nginx/acme/default.nix @@ -3,7 +3,7 @@ config = lib.mkIf config.services.nginx.enable { security.acme = { acceptTerms = true; - defaults.email = "contact@${config.vars.mainDomain}"; + defaults.email = "contact@${config.vars.primeDomain}"; }; environment.persistence."/persist".directories = [ "/var/lib/acme" ]; }; diff --git a/modules/system/services/server/owncast/nginx/default.nix b/modules/system/services/server/owncast/nginx/default.nix index 87fbf579..47fcaae0 100644 --- a/modules/system/services/server/owncast/nginx/default.nix +++ b/modules/system/services/server/owncast/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."live.${config.vars.mainDomain}" = lib.mkIf config.services.owncast.enable { + services.nginx.virtualHosts."live.${config.vars.primeDomain}" = lib.mkIf config.services.owncast.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/transmission/nginx/default.nix b/modules/system/services/server/transmission/nginx/default.nix index e7db20d5..5a66482f 100644 --- a/modules/system/services/server/transmission/nginx/default.nix +++ b/modules/system/services/server/transmission/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."tor.${config.vars.mainDomain}" = lib.mkIf config.services.transmission.enable { + services.nginx.virtualHosts."tor.${config.vars.primeDomain}" = lib.mkIf config.services.transmission.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index 3ab93f9c..d46dd0ac 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -4,16 +4,16 @@ config = lib.mkIf config.services.vaultwarden.enable { services.vaultwarden.config = { - domain = "https://pass.${config.vars.mainDomain}"; + domain = "https://pass.${config.vars.primeDomain}"; signupsAllowed = false; rocketAddress = "127.0.0.1"; rocketPort = 8222; # Smtp email - smtpHost = "mx.${config.vars.mainDomain}"; - smtpFrom = "noreply@${config.vars.mainDomain}"; + smtpHost = "mx.${config.vars.mailDomain}"; + smtpFrom = "noreply@${config.vars.primeDomain}"; smtpFromName = "Vaultwarden"; - smtpUsername = "noreply@${config.vars.mainDomain}"; + smtpUsername = "noreply@${config.vars.primeDomain}"; smtpPassword = config.secrets.mailPass.nixfoxNoReply; smtpSecurity = "starttls"; smtpPort = 587; diff --git a/modules/system/services/server/vaultwarden/nginx/default.nix b/modules/system/services/server/vaultwarden/nginx/default.nix index cc85f420..7ae72aeb 100644 --- a/modules/system/services/server/vaultwarden/nginx/default.nix +++ b/modules/system/services/server/vaultwarden/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."pass.${config.vars.mainDomain}" = lib.mkIf config.services.vaultwarden.enable { + services.nginx.virtualHosts."pass.${config.vars.primeDomain}" = lib.mkIf config.services.vaultwarden.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/settings/nix/default.nix b/modules/system/settings/nix/default.nix index 8f4eda56..02cb38e6 100644 --- a/modules/system/settings/nix/default.nix +++ b/modules/system/settings/nix/default.nix @@ -3,7 +3,6 @@ imports = [ ./cache ./channels - ./distributed ./maintenence ./unfree ]; diff --git a/modules/system/settings/nix/distributed/default.nix b/modules/system/settings/nix/distributed/default.nix deleted file mode 100644 index a57f9ee4..00000000 --- a/modules/system/settings/nix/distributed/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, nodes, ... }: -{ - nix = { - # Machines to build derviations on - buildMachines = with nodes; [ - { - hostName = "midas"; - system = midas.config.nixpkgs.hostPlatform.system; - supportedFeatures = midas.config.nix.settings.system-features; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUZjRk12cng5L2lVWjFtRXViZitRRjFpM0xOVHhGaGFVLzF6RlNqZG8wa0sgcm9vdEBraXR0eQo="; - protocol = "ssh-ng"; - sshKey = "/root/.ssh/buildkey"; - maxJobs = 8; - } - { - hostName = "kitty"; - system = kitty.config.nixpkgs.hostPlatform.system; - supportedFeatures = kitty.config.nix.settings.system-features; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlyR21zeWE1RFhLdVhPNmpOalVscllIcWs0OUtMenhNLzYwR1h0TFJMckwgcm9vdEBraXR0eQo="; - protocol = "ssh-ng"; - sshKey = "/root/.ssh/buildkey"; - maxJobs = 8; - } - { - hostName = "detritus"; - system = detritus.config.nixpkgs.hostPlatform.system; - supportedFeatures = detritus.config.nix.settings.system-features; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU4rR3ZMcm80RFZtbHZtWGNhc1UxZ2N0SVg5cWN0N21adEVscEI3MzVBb0wgcm9vdEBkZXRyaXR1cwo="; - protocol = "ssh-ng"; - sshKey = "/root/.ssh/buildkey"; - maxJobs = 8; - } - { - hostName = "elder"; - system = elder.config.nixpkgs.hostPlatform.system; - supportedFeatures = elder.config.nix.settings.system-features; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUZqbUo2Ymt1TzU3Z3A2R1pERWZSMU83a3JkZjV3aXFyT0JDNXB6VERsOTEgcm9vdEBlbGRlcgo="; - protocol = "ssh-ng"; - sshKey = "/root/.ssh/buildkey"; - maxJobs = 8; - } - { - hostName = "prophet"; - system = prophet.config.nixpkgs.hostPlatform.system; - supportedFeatures = prophet.config.nix.settings.system-features; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNycDNZL1gyQlJVRU54KzBHTVRtQjFWREE2U2l3a0dnZEpNSFNkTU1lcE0gcm9vdEBwcm9waGV0Cg=="; - protocol = "ssh-ng"; - sshKey = "/root/.ssh/buildkey"; - maxJobs = 8; - } - ]; - - # Enable distributed builds - distributedBuilds = true; - - settings = { - # Serve derivations more efficiently, using substituters - substituters = [ - "ssh-ng://midas" - "ssh-ng://kitty" - "ssh-ng://detritus" - "ssh-ng://elder" - "ssh-ng://prophet" - ]; - trusted-public-keys = [ - "midas:YpyfZyVlTlPjzcVsYBnN13EgeK95y1WXxm9h1V8tM7E=" - "kitty:QLl9Do4v+2Q/fapozUGoXIKJul+Zck3yAsmAo9Lg4is=" - "detritus:xtQVaIyDIBWS+EAU11dBsW9BUMT7aAZRPjKp3Udgdvc=" - "elder:U+zIEvxNeqOxAWbZyrJzDNrJF1GJdcrLEYbIqmKGd7U=" - "prophet:NPlWmuX1vz95uUIddQXlwrkmdSMZW1U27CdEY812brg=" - ]; - - # Settings to sign the derivations and allow building - max-jobs = if builtins.elem "server" config.system.nixos.tags then "auto" else 0; - secret-key-files = "/var/lib/nixos/cache-priv-key.pem"; - trusted-users = [ "root" ]; - }; - }; -} diff --git a/modules/system/variables/default.nix b/modules/system/variables/default.nix index cc613993..42927b33 100644 --- a/modules/system/variables/default.nix +++ b/modules/system/variables/default.nix @@ -6,6 +6,7 @@ config.vars = { mainUser = "bun"; - mainDomain = "nixfox.ca"; + primeDomain = "nixfox.ca"; + mailDomain = "nixfox.ca"; }; }