noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-02-20 22:12:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

more moving things around

Browse Source
This commit is contained in:
Noah Masur 2025-02-16 15:40:15 -05:00
parent b36895f108
commit dc6b6f8328
No known key found for this signature in database
34 changed files with 368 additions and 386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@ -295,6 +295,9 @@
inputs.wsl.nixosModules.wsl
./platforms/nixos
];
specialArgs = {
wallpapers = inputs.wallpapers;
};
};
buildDarwin =

0
hosts/aarch64-darwin/default.nix → hosts-old/aarch64-darwin/default.nix
View File

0
hosts/aarch64-linux/default.nix → hosts-old/aarch64-linux/default.nix
View File

0
hosts/x86_64-linux/arrow/aws/ec2.tf → hosts-old/x86_64-linux/arrow/aws/ec2.tf
View File

0
hosts/x86_64-linux/arrow/aws/image.tf → hosts-old/x86_64-linux/arrow/aws/image.tf
View File

0
hosts/x86_64-linux/arrow/aws/main.tf → hosts-old/x86_64-linux/arrow/aws/main.tf
View File

0
hosts/x86_64-linux/arrow/aws/outputs.tf → hosts-old/x86_64-linux/arrow/aws/outputs.tf
View File

0
hosts/x86_64-linux/arrow/aws/variables.tf → hosts-old/x86_64-linux/arrow/aws/variables.tf
View File

0
hosts/x86_64-linux/arrow/default.nix → hosts-old/x86_64-linux/arrow/default.nix
View File

0
hosts/x86_64-linux/arrow/modules.nix → hosts-old/x86_64-linux/arrow/modules.nix
View File

0
hosts/x86_64-linux/arrow/vultr/main.tf → hosts-old/x86_64-linux/arrow/vultr/main.tf
View File

0
hosts/x86_64-linux/default.nix → hosts-old/x86_64-linux/default.nix
View File

0
hosts/x86_64-linux/hydra/default.nix → hosts-old/x86_64-linux/hydra/default.nix
View File

0
hosts/x86_64-linux/staff/default.nix → hosts-old/x86_64-linux/staff/default.nix
View File

60
hosts/aarch64-darwin/lookingglass/default.nix
View File

@ -1,60 +0,0 @@
# The Looking Glass
# System configuration for my work Macbook
{
inputs,
globals,
overlays,
...
}:
inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = { };
modules = [
../../modules/common
../../modules/darwin
(
globals
// rec {
user = "Noah.Masur";
gitName = "Noah-Masur_1701";
gitEmail = "${user}@take2games.com";
}
)
inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
{
nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
networking.hostName = "NYCM-NMASUR2";
networking.computerName = "NYCM-NMASUR2";
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true;
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
mail.user = globals.user;
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = false;
kitty.enable = true;
discord.enable = true;
firefox.enable = true;
dotfiles.enable = true;
terraform.enable = true;
python.enable = true;
rust.enable = true;
lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
}
];
}

23
hosts/flame/default.nix
View File

@ -6,12 +6,28 @@
# These days, probably use nixos-anywhere instead.
rec {
# Hardware
networking.hostName = "flame";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
hostnames =
let
baseName = "masu.rs";
in
{
budget = "money.${baseName}";
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
prometheus = "prom.${baseName}";
secrets = "vault.${baseName}";
status = "status.${baseName}";
};
};
nmasur.profiles = {
@ -21,7 +37,10 @@ rec {
};
home-manager.users."noah" = {
nmasur.settings = nmasur.settings;
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;

39
hosts/lookingglass/default.nix Normal file
View File

@ -0,0 +1,39 @@
# The Looking Glass
# System configuration for my work Macbook
rec {
networking.hostName = "NYCM-NMASUR2";
networking.computerName = "NYCM-NMASUR2";
nmasur.settings = {
username = "Noah.Masur";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
work.enable = true;
extra.enable = true;
gaming.enable = true;
};
home-manager.users."Noah.Masur" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
darwin-base.enable = true;
power-user.enable = true;
work.enable = true;
experimental.enable = true;
};
nmasur.presets.programs.git = {
name = "Noah-Masur_1701";
email = "${nmasur.settings.username}@take2games.com";
};
};
identityFile = "/Users/${nmasur.settings.username}/.ssh/id_ed25519";
}

90
hosts/swan/default.nix Normal file
View File

@ -0,0 +1,90 @@
# The Swan
# System configuration for my home NAS server
rec {
networking.hostName = "swan";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
hostnames =
let
baseName = "masu.rs";
in
{
audiobooks = "read.${baseName}";
files = "files.${baseName}";
paperless = "paper.${baseName}";
photos = "photos.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
books = "books.${baseName}";
download = "download.${baseName}";
};
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
home.enable = true;
nas.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
};
};
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
};
}

104
hosts/tempest/default.nix Normal file
View File

@ -0,0 +1,104 @@
# The Tempest
# System configuration for my desktop
rec {
# Hardware
networking.hostName = "tempest";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
home.enable = true;
gui.enable = true;
gaming.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
linux-gui.enable = true;
linux-gaming.enable = true;
power-user.enable = true;
developer.enable = true;
experimental.enable = true;
};
};
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}

142
hosts/x86_64-linux/swan/default.nix
View File

@ -1,142 +0,0 @@
# The Swan
# System configuration for my home NAS server
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
# Hardware
server = true;
physical = true;
networking.hostName = "swan";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
zfs.enable = true;
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
zramSwap.enable = true;
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024; # 4 GB
}
];
boot.zfs = {
# Automatically load the ZFS pool on boot
extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials = [
"tank/archive"
"tank/generic"
"tank/nextcloud"
"tank/generic/git"
];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
# Theming
# Server doesn't require GUI
gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
};
# Programs and services
atuin.enable = true;
neovim.enable = true;
cloudflare.enable = true;
dotfiles.enable = true;
arrs.enable = true;
filebrowser.enable = true;
services.audiobookshelf.enable = true;
services.bind.enable = true;
services.caddy.enable = true;
services.immich.enable = true;
services.jellyfin.enable = true;
services.nextcloud.enable = true;
services.calibre-web.enable = true;
services.openssh.enable = true;
services.prometheus.enable = false;
services.vmagent.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
system.autoUpgrade.enable = false;
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
# Send regular backups and litestream for DBs to an S3-like bucket
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005";
resticBucket = "noahmasur-restic";
};
# Disable passwords, only use SSH key
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
}
];
}

153
hosts/x86_64-linux/tempest/default.nix
View File

@ -1,153 +0,0 @@
# The Tempest
# System configuration for my desktop
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [
globals
inputs.home-manager.nixosModules.home-manager
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
# Hardware
physical = true;
networking.hostName = "tempest";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# I don't think I need this?
# boot.kernelParams = [
# "video=DP-0:2560x1440@165"
# "video=DP-1:1920x1080@60"
# ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Secrets must be prepared ahead before deploying
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
# Theming
# Turn on all features related to desktop and graphical applications
gui.enable = true;
# Set the system-wide theme, also used for non-graphical programs
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
media.enable = true;
dotfiles.enable = true;
firefox.enable = true;
kitty.enable = true;
_1password.enable = true;
discord.enable = true;
nautilus.enable = true;
obsidian.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
keybase.enable = true;
mullvad.enable = false;
rust.enable = true;
terraform.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
gaming = {
dwarf-fortress.enable = true;
enable = true;
steam.enable = true;
moonlight.enable = true;
legendary.enable = true;
lutris.enable = true;
ryujinx.enable = true;
};
services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}
];
}

10
pkgs/misc/wallpapers/package.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
pkgs.
pkgs.writeShellApplication
{
name = "ocr";
runtimeInputs = [ pkgs.tesseract ];
text = builtins.readFile ./ocr.sh;
}

2
platforms/home-manager/modules/nmasur/profiles/linux-base.nix
View File

@ -41,7 +41,7 @@ in
trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put";
};
shellAbbrs = {
t = "trash";
t = lib.mkDefault "trash";
};
};
};

4
platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix
View File

@ -15,7 +15,9 @@ in
config = lib.mkIf cfg.enable {
nmasur.programs.wine.enable = lib.mkDefault true;
nmasur.presets.programs = {
wine.enable = lib.mkDefault true;
};
home.packages = lib.mkDefault [
pkgs.heroic

26
platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
View File

@ -15,6 +15,32 @@ in
config = lib.mkIf cfg.enable {
nmasur.gtk.enable = lib.mkDefault true;
nmasur.presets = {
programs = {
_1password.enable = lib.mkDefault true;
aerc.enable = lib.mkDefault true;
discord.enable = lib.mkDefault true;
dotfiles.enable = lib.mkDefault true;
firefox.enable = lib.mkDefault true;
mpv.enable = lib.mkDefault true;
nautilus.enable = lib.mkDefault true;
nsxiv.enable = lib.mkDefault true;
obsidian.enable = lib.mkDefault true;
xclip.enable = lib.mkDefault true;
wezterm.enable = lib.mkDefault true;
zathura.enable = lib.mkDefault true;
};
services = {
dunst.enable = lib.mkDefault false; # Off by default
i3.enable = lib.mkDefault true;
kanata.enable = lib.mkDefault true;
keybase.enable = lib.mkDefault true;
mbsync.enable = lib.mkDefault true;
picom.enable = lib.mkDefault true;
polybar.enable = lib.mkDefault true;
volnoti.enable = lib.mkDefault true;
};
};
};
}

1
platforms/home-manager/modules/nmasur/profiles/power-user.nix
View File

@ -56,6 +56,7 @@ in
ripgrep.enable = lib.mkDefault true;
prettyping.enable = lib.mkDefault true;
weather.enable = lib.mkDefault true;
yt-dlp.enable = lib.mkDefault true;
zoxide.enable = lib.mkDefault true;
};

4
platforms/nixos/modules/nmasur/presets/services/lightdm.nix
View File

@ -2,6 +2,7 @@
config,
pkgs,
lib,
wallpapers ? null,
...
}:
@ -14,8 +15,9 @@ in
options.nmasur.presets.services.lightdm = {
enable = lib.mkEnableOption "Lightdm display manager";
wallpaper = {
type = lib.types.path;
type = lib.types.nullOr lib.types.path;
description = "Wallpaper background image file";
default = "${wallpapers}/gruvbox/road.jpg";
};
gtk.theme = {
name = lib.mkOption {

23
platforms/nixos/modules/nmasur/presets/zfs.nix
View File

@ -23,5 +23,28 @@ in
prometheus.scrapeTargets = [
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
];
zramSwap.enable = true;
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024; # 4 GB
}
];
boot.zfs = {
# Automatically load the ZFS pool on boot
extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials = [
"tank/archive"
"tank/generic"
"tank/nextcloud"
"tank/generic/git"
];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
};
}

9
platforms/nixos/modules/nmasur/profiles/base.nix
View File

@ -16,6 +16,12 @@ in
config = lib.mkIf cfg.enable {
nmasur.presets.services = {
# Allow tunneling into the machine
cloudflared.enable = lib.mkDefault true;
openssh.enable = lib.mkDefault true;
};
# Allows us to declaritively set password
users.mutableUsers = lib.mkDefault false;
@ -25,9 +31,6 @@ in
# Create a home directory for human user
isNormalUser = lib.mkDefault true;
# Automatically create a password to start
hashedPassword = lib.mkDefault config.passwordHash;
extraGroups = lib.mkDefault [
"wheel" # Sudo privileges
];

10
platforms/nixos/modules/nmasur/profiles/gaming.nix
View File

@ -17,14 +17,18 @@ in
# Enable graphics acceleration
hardware.graphics = {
enable = true;
enable32Bit = true;
enable = lib.mkDefault true;
enable32Bit = lib.mkDefault true;
};
# Enable gamemode which can be executed on a per-game basis
programs.gamemode.enable = true;
programs.gamemode.enable = lib.mkDefault true;
environment.systemPackages = with pkgs; [ moonlight-qt ];
nmasur.presets.programs = {
steam.enable = lib.mkDefault true;
};
};
}

9
platforms/nixos/modules/nmasur/profiles/gui.nix
View File

@ -53,8 +53,13 @@ in
# Detect monitors (brightness) for ddcutil
hardware.i2c.enable = lib.mkDefault true;
# Grant main user access to external monitors
users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ];
users.users.${username} = {
# Grant main user access to external monitors
extraGroups = lib.mkDefault [ "i2c" ];
# Automatically create a password to start
hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512);
};
services.xserver.displayManager = {

34
platforms/nixos/modules/nmasur/profiles/home.nix
View File

@ -16,11 +16,13 @@ in
config = lib.mkIf cfg.enable {
# Configure physical power buttons
nmasur.presets.services.logind.enable = lib.mkDefault true;
nmasur.presets.services = {
# Configure physical power buttons
logind.enable = lib.mkDefault true;
};
# Enable automatic timezone updates based on location
services.tzupdate.enable = lib.mkDefault true;
services.automatic-timezoned.enable = lib.mkDefault true;
# Allow reading from Windows drives
boot.supportedFilesystems = [ "ntfs" ];
@ -41,24 +43,26 @@ in
# Wake up tempest with a command
environment.systemPackages = [
(pkgs.writeShellScriptBin "wake-tempest" "${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D")
(pkgs.writeShellScriptBin "wake-tempest" "${lib.getExe pkgs.wakeonlan} --ip=192.168.1.255 74:56:3C:40:37:5D")
];
# Prevent wake from keyboard
powerManagement.powerDownCommands = lib.mkDefault ''
set +e
powerManagement.powerDownCommands =
lib.mkDefault # bash
''
set +e
# Fix for Gigabyte motherboard
# /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
# Disable if enabled
if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
fi
# Fix for Gigabyte motherboard
# /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
# Disable if enabled
if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
fi
sleep 2
sleep 2
set -e
'';
set -e
'';
services.udev.extraRules = lib.mkDefault ''
ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"

5
platforms/nixos/modules/nmasur/profiles/nas.nix
View File

@ -25,16 +25,17 @@ in
bind.enable = lib.mkDefault true;
caddy.enable = lib.mkDefault true;
calibre-web.enable = lib.mkDefault true;
cloudflare.enable = lib.mkDefault true;
cloudflared.enable = lib.mkDefault true;
cloudflare.enable = lib.mkDefault true;
filebrowser.enable = lib.mkDefault true;
immich.enable = lib.mkDefault true;
jellyfin.enable = lib.mkDefault true;
nextcloud.enable = lib.mkDefault true;
nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS
paperless.enable = lib.mkDefault true;
samba.enable = lib.mkDefault true;
postgresql.enable = lib.mkDefault true;
samba.enable = lib.mkDefault true;
vm-agent.enable = lib.mkDefault true;
};
};

3
platforms/nixos/modules/services/filebrowser.nix
View File

@ -20,7 +20,7 @@ let
"auth.method" = "json";
username = username;
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
password = cfg.passwordHash;
};
in
@ -31,6 +31,7 @@ in
passwordHash = lib.mkOption {
type = lib.types.str;
description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
};
};