tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tigor:ae0b0534448fb63daff3063c715512d9f18fb878
Branches Tags
tigor:main
..
compare: tigor:a930955644ed9fa9a75369284d1c18e8516dc385
Branches Tags
tigor:main

No commits in common. "ae0b0534448fb63daff3063c715512d9f18fb878" and "a930955644ed9fa9a75369284d1c18e8516dc385" have entirely different histories.
ae0b053444 ... a930955644

23 changed files with 107 additions and 400 deletions
Show stats Expand all files Collapse all files

16
flake.lock
View file

@ -420,21 +420,6 @@
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1721549352,
"narHash": "sha256-nlXJa8RSOX0kykrIYW33ukoHYq+FOSNztHLLgqKwOp8=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "dbce39ea8664820ba9037caaf1e2fad365ed6b4b",
"type": "github"
},
"original": {
"owner": "gmodena",
"repo": "nix-flatpak",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@ -554,7 +539,6 @@
"hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib",
"neovim-nightly-overlay": "neovim-nightly-overlay",
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",

3
flake.nix
View file

@ -18,7 +18,6 @@
neovim-nightly-overlay = {
url = "github:nix-community/neovim-nightly-overlay";
};
nix-flatpak.url = "github:gmodena/nix-flatpak";
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
@ -52,13 +51,11 @@
, neovim-nightly-overlay
, nix-index-database
, rust-overlay
, nix-flatpak
, ...
}:
let
commonModules = [
nur.nixosModules.nur
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
{

11
hardware-configuration/homeserver.nix
View file

@ -41,16 +41,6 @@
"bind"
];
};
fileSystems."/nas/public/Public" = {
device = "/nas/Syncthing/Sync/Public";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
swapDevices = [ ];
@ -96,7 +86,6 @@
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;

2
home/modules/hyprland/hyprland.nix
View file

@ -227,7 +227,7 @@ in
];
};
extraConfig = /*hyprlang*/ ''
exec-once=dbus-update-activation-environment --all
exec-once=dbus-update-activation-enviroment --all
exec-once=${gnome-keyring.path} ${config.sops.secrets."gnome-keyring/${config.home.username}".path}
exec-once=foot --server

88
home/programs/yazi.nix
View file

@ -5,31 +5,32 @@ let
in
{
config = mkIf cfg.enable {
programs.yazi = {
enable = true;
enableZshIntegration = true;
keymap = {
manager.prepend_keymap = [
# {
# on = [ "m" ];
# run = "plugin bookmarks --args=save";
# desc = "Save current position as a bookmark";
# }
# {
# on = [ "'" ];
# run = "plugin bookmarks --args=jump";
# desc = "Jump to a bookmark";
# }
# {
# on = [ "b" "d" ];
# run = "plugin bookmarks --args=delete";
# desc = "Delete a bookmark";
# }
# {
# on = [ "b" "D" ];
# run = "plugin bookmarks --args=delete_all";
# desc = "Delete all bookmarks";
# }
{
on = [ "m" ];
run = "plugin bookmarks --args=save";
desc = "Save current position as a bookmark";
}
{
on = [ "'" ];
run = "plugin bookmarks --args=jump";
desc = "Jump to a bookmark";
}
{
on = [ "b" "d" ];
run = "plugin bookmarks --args=delete";
desc = "Delete a bookmark";
}
{
on = [ "b" "D" ];
run = "plugin bookmarks --args=delete_all";
desc = "Delete all bookmarks";
}
];
};
settings = {
@ -79,12 +80,6 @@ in
{ name = "*"; use = "open"; }
];
};
plugin = {
prepend_previewers = [
{ mime = "{image,audio,video}/*"; run = "mediainfo"; }
{ mime = "application/x-subrip"; run = "mediainfo"; }
];
};
};
};
home.file = {
@ -97,31 +92,22 @@ in
sha256 = "sha256-TSmZwy9jhf0D+6l4KbNQ6BjHbL0Vfo/yL3wt8bjo/EM=";
};
};
".config/yazi/plugins/mediainfo.yazi" = {
recursive = true;
source = pkgs.fetchFromGitHub {
owner = "Ape";
repo = "mediainfo.yazi";
rev = "c69314e80f5b45fe87a0e06a10d064ed54110439";
hash = "sha256-8xdBPdKSiwB7iRU8DJdTHY+BjfR9D3FtyVtDL9tNiy4=";
};
};
# ".config/yazi/init.lua".text = /*lua*/ ''
# require("bookmarks"):setup({
# last_directory = { enable = false, persist = false },
# persist = "none",
# desc_format = "full",
# notify = {
# enable = false,
# timeout = 1,
# message = {
# new = "New bookmark '<key>' -> '<folder>'",
# delete = "Deleted bookmark in '<key>'",
# delete_all = "Deleted all bookmarks",
# },
# },
# })
# '';
".config/yazi/init.lua".text = /*lua*/ ''
require("bookmarks"):setup({
last_directory = { enable = false, persist = false },
persist = "none",
desc_format = "full",
notify = {
enable = false,
timeout = 1,
message = {
new = "New bookmark '<key>' -> '<folder>'",
delete = "Deleted bookmark in '<key>'",
delete_all = "Deleted all bookmarks",
},
},
})
'';
};
};
}

6
home/programs/zsh.nix
View file

@ -30,11 +30,11 @@ in
shellAliases = {
ls = "${pkgs.eza}/bin/eza -lah";
cat = "${pkgs.bat}/bin/bat";
update = "nh os switch";
superupdate = "nh os switch --update";
uptest = "nh os test";
update = "sudo nixos-rebuild switch --flake $HOME/dotfiles";
superupdate = "(cd $HOME/dotfiles && nix flake update && sudo nixos-rebuild switch --flake $HOME/dotfiles)";
lg = "${pkgs.lazygit}/bin/lazygit";
du = "${pkgs.dust}/bin/dust";
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
jq = "${pkgs.gojq}/bin/gojq";
n = lib.mkIf config.profile.neovide.enable "neovide";

2
options/default.nix
View file

@ -8,7 +8,6 @@
./services.nix
./games.nix
./environments.nix
./flatpak.nix
];
options.profile = {
@ -64,6 +63,7 @@
android.enable = lib.mkEnableOption "android";
avahi.enable = lib.mkEnableOption "avahi";
bluetooth.enable = lib.mkEnableOption "bluetooth";
flatpak.enable = lib.mkEnableOption "flatpak";
gnome.enable = lib.mkEnableOption "gnome";
kde.enable = lib.mkEnableOption "kde";
networking.firewall = {

10
options/flatpak.nix
View file

@ -1,10 +0,0 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.profile.flatpak = {
enable = mkEnableOption "flatpak";
zen-browser.enable = mkEnableOption "zen-browser";
};
}

24
options/services.nix
View file

@ -22,29 +22,5 @@ in
wireguard.enable = mkEnableOption "wireguard";
photoprism.enable = mkEnableOption "photoprism";
navidrome.enable = mkEnableOption "navidrome";
telemetry = {
enable = mkEnableOption "telemetry";
grafana.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
loki.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
promtail.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
tempo.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
minio.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
};
};
}

5
profiles/castle.nix
View file

@ -75,11 +75,6 @@ in
dbeaver.enable = true;
kde.enable = false;
flatpak = {
enable = true;
zen-browser.enable = true;
};
microsoft-edge.enable = true;
nextcloud.enable = false;

1
profiles/homeserver.nix
View file

@ -69,7 +69,6 @@
wireguard.enable = true;
photoprism.enable = true;
navidrome.enable = true;
telemetry.enable = true;
};
};
}

31
secrets/telemetry.yaml
View file

@ -1,31 +0,0 @@
grafana:
admin_user: ENC[AES256_GCM,data:pg3WnfsF8L+/Tg==,iv:wh8VM567ClsFz7GS00OCh9kx3HZCz5GZ/BaTtOt3ksk=,tag:k6mJiktl1Met6Kzl738jpQ==,type:str]
admin_password: ENC[AES256_GCM,data:EFJfC78YtBLF5CIxLLhN9deZYcSL7/EfS4w=,iv:qrNi3WsRD26W5L67Fxch7qasEUh9vTj6HUWZs5PGz4o=,tag:bxW1CJyXOcz/pgN39ncQ+w==,type:str]
admin_email: ENC[AES256_GCM,data:2cvoq65K2/mdDuykkPVZryDJeNCK,iv:rU4jUYm+3dcvx1KooN9mWQDoovn7t+V7z1eU1m7VagE=,tag:Bhdbiq4BXO3nDwG9StUOkQ==,type:str]
secret_key: ENC[AES256_GCM,data:f4f1YF27VU/893HASHmCVL8vnsJEaHD33GOdFVpMj81MOutXqb7d03Hb1DYkDV3aMVmEdpvBcFK3SpZdFma3,iv:q6d59H1PniaVhw6tbd1maCelEGlAC4y2i38jMZ9Jn/Q=,tag:uSbCRstKy7C4Vwp+/FxF/Q==,type:str]
loki:
caddy:
basic_auth:
username: ENC[AES256_GCM,data:MRwky3O8LGS/4w==,iv:CUHjGRNc8NU5FqhqvpqbATmVE3Kg9Z0jMBFlzsAwON0=,tag:uZlxw9skd0VNLfZTJ/6ZSQ==,type:str]
#ENC[AES256_GCM,data:t+u4g7nvpq2U27CHgmu1xi2Ppwv7cJf1s6Et,iv:LtwoPoxsQn1MujHRoD6SqDLm8uN4uBpuIVmn23DDgjI=,tag:PKOHF5vcQzHszpp1sfuU0Q==,type:comment]
password: ENC[AES256_GCM,data:GcQ6x8ewxInmAcQwhhwJgXMHxd/ygkscsp2vg7PILEeaOv1heBX0fTHb0sRyAfhLxwKDH84LtGb37656,iv:UEQ7dgqNEKisalpPXFffsVzn6kXDt9DmJP6ec3LOHRE=,tag:CyPPqG2Vf8eeSVzAASintQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1KzFkak5QQ01MUVV0djVH
cXlveDhxU3RRelhNL3JQbE1xVWNlaFYzem40CmtGYlpZMTJPS2lKUGl2Vy9CVW5j
bFoyNVlJM1lmSGhSM2lGREN3N3VXWTAKLS0tIE9xWFpoTUdrVVBtOS9lckRXWGc1
bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-29T05:57:46Z"
mac: ENC[AES256_GCM,data:JGrZUe8PLjlcHULvVa8Yi8ORAW5bMKOMxSGbJ2UFji9byRGu+JHaU7gdF45lrR5XKxJZLmZesWI9fRjsnlEd9WDTEroiwFo965mYFcdmbrJb37BIRO6Thy6C77GXMNcOVW2hBgcVDckNIbAk3qgvVG2QOZ5VKwxPLVQPsfWfCFs=,iv:Do05RY+cgahdv8/Nk6RIOxBA6x28GxyErrgSQRoIR80=,tag:HoqhdhZmcS3QxXGfZyxfFw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

28
system/default.nix
View file

@ -1,9 +1,8 @@
{ hardware-configuration, profile-path, config, pkgs, ... }:
{ hardware-configuration, profile-path, config, ... }:
{
imports = [
profile-path
hardware-configuration
./flatpak
./modules
./services
./podman
@ -26,11 +25,11 @@
connect-timeout = 5
'';
# nix.gc = {
# automatic = true;
# dates = "weekly";
# options = "--delete-older-than 7d";
# };
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
i18n.defaultLocale = "en_US.UTF-8";
@ -66,19 +65,4 @@
RestartSec = "10s";
};
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/${config.profile.user.name}/dotfiles";
};
environment.variables.FLAKE = "/home/${config.profile.user.name}/dotfiles";
environment.systemPackages = with pkgs; [
# Tools for nh
nix-output-monitor
nvd
];
}

19
system/flatpak/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.flatpak;
inherit (lib.lists) optional;
in
{
config = lib.mkIf cfg.enable {
fonts.fontDir.enable = true;
services.flatpak = {
enable = true;
update.auto = {
enable = true;
onCalendar = "weekly"; # Default value
};
packages = [ ]
++ optional cfg.zen-browser.enable "io.github.zen_browser.zen";
};
};
}

1
system/modules/default.nix
View file

@ -7,6 +7,7 @@
./bluetooth.nix
./boot_loader.nix
./brightnessctl.nix
./flatpak.nix
./font.nix
./gnome.nix
./hyprland.nix

55
system/modules/flatpak.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
let
cfg = config.profile.flatpak;
in
{
config = lib.mkIf cfg.enable {
# Allow flatpak to access fonts
fonts.fontDir.enable = true;
services.flatpak.enable = true;
# system.fsPackages = [ pkgs.bindfs ];
# Allows user installed fonts to be accessed by flatpak
# fileSystems =
# let
# mkRoSymBind = path: {
# device = path;
# fsType = "fuse.bindfs";
# options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
# };
# aggregatedFonts = pkgs.buildEnv {
# name = "system-fonts";
# paths = config.fonts.packages;
# pathsToLink = [ "/share/fonts" ];
# };
# in
# {
# # Create an FHS mount to support flatpak host icons/fonts
# "/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
# "/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
# };
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
# extraPortals = with pkgs; [
# # xdg-desktop-portal-gtk
# # xdg-desktop-portal-kde
# # xdg-desktop-portal-gnome
# ];
};
# Auto update flatpak every boot with systemd
# systemd.services.flatpak-update = {
# wantedBy = [ "multi-user.target" ];
# after = [ "network-online.target" ];
# wants = [ "network-online.target" ];
# description = "Auto update flatpak every boot after network is online";
# serviceConfig = {
# Type = "oneshot";
# ExecStart = ''${pkgs.flatpak}/bin/flatpak update --assumeyes --noninteractive --system'';
# };
# };
};
}

4
system/modules/sway.nix
View file

@ -2,11 +2,11 @@
let
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
destination = "/bin/dbus-sway-enviroment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
dbus-update-activation-enviroment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
'';

6
system/modules/yazi.nix
View file

@ -1,14 +1,10 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
cfg = config.profile.programs.yazi;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
mediainfo
ffmpegthumbnailer
];
programs.yazi = {
enable = true;
settings = {

2
system/services/default.nix
View file

@ -1,8 +1,6 @@
{ ... }:
{
imports = [
./telemetry
./caddy.nix
./cockpit.nix
./forgejo.nix

20
system/services/syncthing.nix
View file

@ -143,26 +143,6 @@ in
"living-room-system"
];
};
"/nas/Syncthing/Sync/General" = {
label = "General";
id = "General";
devices = [
"s20fe"
"work-laptop"
"windows"
"living-room-system"
];
};
"/nas/Syncthing/Sync/Public" = {
label = "Public";
id = "Public";
devices = [
"s20fe"
"work-laptop"
"windows"
"living-room-system"
];
};
};
devices = {
s20fe = {

7
system/services/telemetry/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./grafana.nix
./loki.nix
];
}

59
system/services/telemetry/grafana.nix
View file

@ -1,59 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.telemetry.grafana;
inherit (lib) mkIf;
grafanaDomain = "grafana.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops.secrets =
let
opts = {
sopsFile = ../../../secrets/telemetry.yaml;
owner = "grafana";
};
in
{
"grafana/admin_user" = opts;
"grafana/admin_password" = opts;
"grafana/admin_email" = opts;
"grafana/secret_key" = opts;
};
services.caddy.virtualHosts.${grafanaDomain}.extraConfig = ''
reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
'';
services.grafana = {
enable = true;
package = pkgs.grafana;
settings = {
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/
server = {
protocol = "http"; # served behind caddy
http_addr = "0.0.0.0";
http_port = 44518;
domain = grafanaDomain;
root_url = "https://${grafanaDomain}";
enable_gzip = true;
};
database = {
type = "sqlite3";
cache_mode = "shared";
wal = true;
query_retries = 3;
};
security = {
# Admin credentials is already available in the secrets
admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";
admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";
admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";
secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
cookie_secure = true;
cookie_samesite = "lax";
strict_transport_security = true;
};
};
};
};
}

107
system/services/telemetry/loki.nix
View file

@ -1,107 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.services.telemetry.loki;
inherit (lib) mkIf;
lokiDomain = "loki.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops =
let
usernameKey = "loki/caddy/basic_auth/username";
passwordKey = "loki/caddy/basic_auth/password";
in
{
secrets =
let
opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
in
{
${usernameKey} = opts;
${passwordKey} = opts;
};
templates = {
"loki/caddy/basic_auth".content = /*sh*/ ''
LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}
LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];
};
services.caddy.virtualHosts.${lokiDomain}.extraConfig = /*caddy*/ ''
basicauth {
{$LOKI_USERNAME} {$LOKI_PASSWORD}
}
reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
'';
services.loki =
let
dataDir = config.services.loki.dataDir;
in
{
enable = true;
configuration = {
# https://grafana.com/docs/loki/latest/configure/examples/configuration-examples/
auth_enabled = false;
server = {
http_listen_address = "0.0.0.0";
http_listen_port = 3100;
grpc_listen_port = 9095;
};
common = {
path_prefix = dataDir;
replication_factor = 1;
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "inmemory";
};
};
schema_config = {
configs = [
{
from = "2024-08-29";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
filesystem = {
directory = "${dataDir}/chunks";
};
};
};
};
# https://grafana.com/docs/grafana/latest/datasources/loki/
services.grafana.provision.datasources.settings.datasources = [
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
basicAuth = true;
basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
jsonData = {
timeout = 60;
maxLines = 1000;
};
secureJsonData = {
basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
};
}
];
};
}