diff --git a/flake.nix b/flake.nix index 4653f20..1610b92 100644 --- a/flake.nix +++ b/flake.nix @@ -295,6 +295,9 @@ inputs.wsl.nixosModules.wsl ./platforms/nixos ]; + specialArgs = { + wallpapers = inputs.wallpapers; + }; }; buildDarwin = diff --git a/hosts/aarch64-darwin/default.nix b/hosts-old/aarch64-darwin/default.nix similarity index 100% rename from hosts/aarch64-darwin/default.nix rename to hosts-old/aarch64-darwin/default.nix diff --git a/hosts/aarch64-linux/default.nix b/hosts-old/aarch64-linux/default.nix similarity index 100% rename from hosts/aarch64-linux/default.nix rename to hosts-old/aarch64-linux/default.nix diff --git a/hosts/x86_64-linux/arrow/aws/ec2.tf b/hosts-old/x86_64-linux/arrow/aws/ec2.tf similarity index 100% rename from hosts/x86_64-linux/arrow/aws/ec2.tf rename to hosts-old/x86_64-linux/arrow/aws/ec2.tf diff --git a/hosts/x86_64-linux/arrow/aws/image.tf b/hosts-old/x86_64-linux/arrow/aws/image.tf similarity index 100% rename from hosts/x86_64-linux/arrow/aws/image.tf rename to hosts-old/x86_64-linux/arrow/aws/image.tf diff --git a/hosts/x86_64-linux/arrow/aws/main.tf b/hosts-old/x86_64-linux/arrow/aws/main.tf similarity index 100% rename from hosts/x86_64-linux/arrow/aws/main.tf rename to hosts-old/x86_64-linux/arrow/aws/main.tf diff --git a/hosts/x86_64-linux/arrow/aws/outputs.tf b/hosts-old/x86_64-linux/arrow/aws/outputs.tf similarity index 100% rename from hosts/x86_64-linux/arrow/aws/outputs.tf rename to hosts-old/x86_64-linux/arrow/aws/outputs.tf diff --git a/hosts/x86_64-linux/arrow/aws/variables.tf b/hosts-old/x86_64-linux/arrow/aws/variables.tf similarity index 100% rename from hosts/x86_64-linux/arrow/aws/variables.tf rename to hosts-old/x86_64-linux/arrow/aws/variables.tf diff --git a/hosts/x86_64-linux/arrow/default.nix b/hosts-old/x86_64-linux/arrow/default.nix similarity index 100% rename from hosts/x86_64-linux/arrow/default.nix rename to hosts-old/x86_64-linux/arrow/default.nix diff --git a/hosts/x86_64-linux/arrow/modules.nix b/hosts-old/x86_64-linux/arrow/modules.nix similarity index 100% rename from hosts/x86_64-linux/arrow/modules.nix rename to hosts-old/x86_64-linux/arrow/modules.nix diff --git a/hosts/x86_64-linux/arrow/vultr/main.tf b/hosts-old/x86_64-linux/arrow/vultr/main.tf similarity index 100% rename from hosts/x86_64-linux/arrow/vultr/main.tf rename to hosts-old/x86_64-linux/arrow/vultr/main.tf diff --git a/hosts/x86_64-linux/default.nix b/hosts-old/x86_64-linux/default.nix similarity index 100% rename from hosts/x86_64-linux/default.nix rename to hosts-old/x86_64-linux/default.nix diff --git a/hosts/x86_64-linux/hydra/default.nix b/hosts-old/x86_64-linux/hydra/default.nix similarity index 100% rename from hosts/x86_64-linux/hydra/default.nix rename to hosts-old/x86_64-linux/hydra/default.nix diff --git a/hosts/x86_64-linux/staff/default.nix b/hosts-old/x86_64-linux/staff/default.nix similarity index 100% rename from hosts/x86_64-linux/staff/default.nix rename to hosts-old/x86_64-linux/staff/default.nix diff --git a/hosts/aarch64-darwin/lookingglass/default.nix b/hosts/aarch64-darwin/lookingglass/default.nix deleted file mode 100644 index 8d85e1f..0000000 --- a/hosts/aarch64-darwin/lookingglass/default.nix +++ /dev/null @@ -1,60 +0,0 @@ -# The Looking Glass -# System configuration for my work Macbook - -{ - inputs, - globals, - overlays, - ... -}: - -inputs.darwin.lib.darwinSystem { - system = "aarch64-darwin"; - specialArgs = { }; - modules = [ - ../../modules/common - ../../modules/darwin - ( - globals - // rec { - user = "Noah.Masur"; - gitName = "Noah-Masur_1701"; - gitEmail = "${user}@take2games.com"; - } - ) - inputs.home-manager.darwinModules.home-manager - inputs.mac-app-util.darwinModules.default - { - nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays; - networking.hostName = "NYCM-NMASUR2"; - networking.computerName = "NYCM-NMASUR2"; - identityFile = "/Users/Noah.Masur/.ssh/id_ed25519"; - gui.enable = true; - theme = { - colors = (import ../../colorscheme/gruvbox-dark).dark; - dark = true; - }; - mail.user = globals.user; - atuin.enable = true; - charm.enable = true; - neovim.enable = true; - mail.enable = true; - mail.aerc.enable = true; - mail.himalaya.enable = false; - kitty.enable = true; - discord.enable = true; - firefox.enable = true; - dotfiles.enable = true; - terraform.enable = true; - python.enable = true; - rust.enable = true; - lua.enable = true; - obsidian.enable = true; - kubernetes.enable = true; - _1password.enable = true; - slack.enable = true; - wezterm.enable = true; - yt-dlp.enable = true; - } - ]; -} diff --git a/hosts/flame/default.nix b/hosts/flame/default.nix index 01124f2..240b2ff 100644 --- a/hosts/flame/default.nix +++ b/hosts/flame/default.nix @@ -6,12 +6,28 @@ # These days, probably use nixos-anywhere instead. rec { - # Hardware networking.hostName = "flame"; nmasur.settings = { username = "noah"; fullName = "Noah Masur"; + hostnames = + let + baseName = "masu.rs"; + in + { + budget = "money.${baseName}"; + git = "git.${baseName}"; + influxdb = "influxdb.${baseName}"; + irc = "irc.${baseName}"; + metrics = "metrics.${baseName}"; + minecraft = "minecraft.${baseName}"; + n8n = "n8n.${baseName}"; + notifications = "ntfy.${baseName}"; + prometheus = "prom.${baseName}"; + secrets = "vault.${baseName}"; + status = "status.${baseName}"; + }; }; nmasur.profiles = { @@ -21,7 +37,10 @@ rec { }; home-manager.users."noah" = { - nmasur.settings = nmasur.settings; + nmasur.settings = { + username = nmasur.settings.username; + fullName = nmasur.settings.fullName; + }; nmasur.profiles = { common.enable = true; linux-base.enable = true; diff --git a/hosts/lookingglass/default.nix b/hosts/lookingglass/default.nix new file mode 100644 index 0000000..e3259ff --- /dev/null +++ b/hosts/lookingglass/default.nix @@ -0,0 +1,39 @@ +# The Looking Glass +# System configuration for my work Macbook + +rec { + networking.hostName = "NYCM-NMASUR2"; + networking.computerName = "NYCM-NMASUR2"; + + nmasur.settings = { + username = "Noah.Masur"; + fullName = "Noah Masur"; + }; + + nmasur.profiles = { + base.enable = true; + work.enable = true; + extra.enable = true; + gaming.enable = true; + }; + + home-manager.users."Noah.Masur" = { + nmasur.settings = { + username = nmasur.settings.username; + fullName = nmasur.settings.fullName; + }; + nmasur.profiles = { + common.enable = true; + darwin-base.enable = true; + power-user.enable = true; + work.enable = true; + experimental.enable = true; + }; + nmasur.presets.programs.git = { + name = "Noah-Masur_1701"; + email = "${nmasur.settings.username}@take2games.com"; + }; + }; + + identityFile = "/Users/${nmasur.settings.username}/.ssh/id_ed25519"; +} diff --git a/hosts/swan/default.nix b/hosts/swan/default.nix new file mode 100644 index 0000000..37c3798 --- /dev/null +++ b/hosts/swan/default.nix @@ -0,0 +1,90 @@ +# The Swan +# System configuration for my home NAS server + +rec { + networking.hostName = "swan"; + + nmasur.settings = { + username = "noah"; + fullName = "Noah Masur"; + hostnames = + let + baseName = "masu.rs"; + in + { + audiobooks = "read.${baseName}"; + files = "files.${baseName}"; + paperless = "paper.${baseName}"; + photos = "photos.${baseName}"; + stream = "stream.${baseName}"; + content = "cloud.${baseName}"; + books = "books.${baseName}"; + download = "download.${baseName}"; + }; + }; + + nmasur.profiles = { + base.enable = true; + server.enable = true; + home.enable = true; + nas.enable = true; + }; + + home-manager.users."noah" = { + nmasur.settings = { + username = nmasur.settings.username; + fullName = nmasur.settings.fullName; + }; + nmasur.profiles = { + common.enable = true; + linux-base.enable = true; + }; + }; + + # Not sure what's necessary but too afraid to remove anything + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "sd_mod" + ]; + + # Required for transcoding + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelParams = [ + "radeon.si_support=0" + "amdgpu.si_support=1" + "radeon.cik_support=0" + "amdgpu.cik_support=1" + "amdgpu.dc=1" + ]; + + # Required binary blobs to boot on this machine + hardware.enableRedistributableFirmware = true; + + # Prioritize efficiency over performance + powerManagement.cpuFreqGovernor = "powersave"; + + # Allow firmware updates + hardware.cpu.intel.updateMicrocode = true; + + # ZFS + # Generated with: head -c 8 /etc/machine-id + networking.hostId = "600279f4"; # Random ID required for ZFS + + # Sets root ext4 filesystem instead of declaring it manually + disko = { + enableConfig = true; + devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); + }; + + # Allows private remote access over the internet + nmasur.presets.services.cloudflared = { + tunnel = { + id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2"; + credentialsFile = ../../private/cloudflared-swan.age; + ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org"; + }; + }; +} diff --git a/hosts/tempest/default.nix b/hosts/tempest/default.nix new file mode 100644 index 0000000..f706978 --- /dev/null +++ b/hosts/tempest/default.nix @@ -0,0 +1,104 @@ +# The Tempest +# System configuration for my desktop + +rec { + # Hardware + networking.hostName = "tempest"; + + nmasur.settings = { + username = "noah"; + fullName = "Noah Masur"; + }; + + nmasur.profiles = { + base.enable = true; + home.enable = true; + gui.enable = true; + gaming.enable = true; + }; + + home-manager.users."noah" = { + nmasur.settings = { + username = nmasur.settings.username; + fullName = nmasur.settings.fullName; + }; + nmasur.profiles = { + common.enable = true; + linux-base.enable = true; + linux-gui.enable = true; + linux-gaming.enable = true; + power-user.enable = true; + developer.enable = true; + experimental.enable = true; + }; + }; + + # Not sure what's necessary but too afraid to remove anything + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + + # Graphics and VMs + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelModules = [ "kvm-amd" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; + + # Required binary blobs to boot on this machine + hardware.enableRedistributableFirmware = true; + + # Prioritize performance over efficiency + powerManagement.cpuFreqGovernor = "performance"; + + # Allow firmware updates + hardware.cpu.amd.updateMicrocode = true; + + # Helps reduce GPU fan noise under idle loads + hardware.fancontrol.enable = true; + hardware.fancontrol.config = '' + # Configuration file generated by pwmconfig, changes will be lost + INTERVAL=10 + DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0 + DEVNAME=hwmon0=amdgpu + FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input + FCFANS= hwmon0/pwm1=hwmon0/fan1_input + MINTEMP=hwmon0/pwm1=50 + MAXTEMP=hwmon0/pwm1=70 + MINSTART=hwmon0/pwm1=100 + MINSTOP=hwmon0/pwm1=10 + MINPWM=hwmon0/pwm1=10 + MAXPWM=hwmon0/pwm1=240 + ''; + + # File systems must be declared in order to boot + + # This is the root filesystem containing NixOS + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + # This is the boot filesystem for Grub + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + # Allows private remote access over the internet + nmasur.presets.services.cloudflared = { + tunnel = { + id = "ac133a82-31fb-480c-942a-cdbcd4c58173"; + credentialsFile = ../../private/cloudflared-tempest.age; + ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org"; + }; + }; + + # Allows requests to force machine to wake up + # This network interface might change, needs to be set specifically for each machine. + # Or set usePredictableInterfaceNames = false + networking.interfaces.enp5s0.wakeOnLan.enable = true; +} diff --git a/hosts/x86_64-linux/swan/default.nix b/hosts/x86_64-linux/swan/default.nix deleted file mode 100644 index 191a528..0000000 --- a/hosts/x86_64-linux/swan/default.nix +++ /dev/null @@ -1,142 +0,0 @@ -# The Swan -# System configuration for my home NAS server - -{ - inputs, - globals, - overlays, - ... -}: - -inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - globals - inputs.home-manager.nixosModules.home-manager - inputs.disko.nixosModules.disko - ../../modules/common - ../../modules/nixos - { - nixpkgs.overlays = overlays; - - # Hardware - server = true; - physical = true; - networking.hostName = "swan"; - - # Not sure what's necessary but too afraid to remove anything - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usb_storage" - "sd_mod" - ]; - - # Required for transcoding - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.kernelParams = [ - "radeon.si_support=0" - "amdgpu.si_support=1" - "radeon.cik_support=0" - "amdgpu.cik_support=1" - "amdgpu.dc=1" - ]; - - # Required binary blobs to boot on this machine - hardware.enableRedistributableFirmware = true; - - # Prioritize efficiency over performance - powerManagement.cpuFreqGovernor = "powersave"; - - # Allow firmware updates - hardware.cpu.intel.updateMicrocode = true; - - # ZFS - zfs.enable = true; - # Generated with: head -c 8 /etc/machine-id - networking.hostId = "600279f4"; # Random ID required for ZFS - - # Sets root ext4 filesystem instead of declaring it manually - disko = { - enableConfig = true; - devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); - }; - - zramSwap.enable = true; - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; # 4 GB - } - ]; - - boot.zfs = { - # Automatically load the ZFS pool on boot - extraPools = [ "tank" ]; - # Only try to decrypt datasets with keyfiles - requestEncryptionCredentials = [ - "tank/archive" - "tank/generic" - "tank/nextcloud" - "tank/generic/git" - ]; - # If password is requested and fails, continue to boot eventually - passwordTimeout = 300; - }; - - # Theming - - # Server doesn't require GUI - gui.enable = false; - - # Still require colors for programs like Neovim, K9S - theme = { - colors = (import ../../colorscheme/gruvbox-dark).dark; - }; - - # Programs and services - atuin.enable = true; - neovim.enable = true; - cloudflare.enable = true; - dotfiles.enable = true; - arrs.enable = true; - filebrowser.enable = true; - services.audiobookshelf.enable = true; - services.bind.enable = true; - services.caddy.enable = true; - services.immich.enable = true; - services.jellyfin.enable = true; - services.nextcloud.enable = true; - services.calibre-web.enable = true; - services.openssh.enable = true; - services.prometheus.enable = false; - services.vmagent.enable = true; - services.samba.enable = true; - services.paperless.enable = true; - services.postgresql.enable = true; - system.autoUpgrade.enable = false; - - # Allows private remote access over the internet - cloudflareTunnel = { - enable = true; - id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2"; - credentialsFile = ../../private/cloudflared-swan.age; - ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org"; - }; - - # Send regular backups and litestream for DBs to an S3-like bucket - backup.s3 = { - endpoint = "s3.us-west-002.backblazeb2.com"; - bucket = "noahmasur-backup"; - accessKeyId = "0026b0e73b2e2c80000000005"; - resticBucket = "noahmasur-restic"; - }; - - # Disable passwords, only use SSH key - publicKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" - ]; - } - ]; -} diff --git a/hosts/x86_64-linux/tempest/default.nix b/hosts/x86_64-linux/tempest/default.nix deleted file mode 100644 index d1e21d9..0000000 --- a/hosts/x86_64-linux/tempest/default.nix +++ /dev/null @@ -1,153 +0,0 @@ -# The Tempest -# System configuration for my desktop - -{ - inputs, - globals, - overlays, - ... -}: - -inputs.nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { - pkgs-stable = import inputs.nixpkgs-stable { inherit system; }; - pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; }; - }; - modules = [ - globals - inputs.home-manager.nixosModules.home-manager - ../../modules/common - ../../modules/nixos - { - nixpkgs.overlays = overlays; - - # Hardware - physical = true; - networking.hostName = "tempest"; - - # Not sure what's necessary but too afraid to remove anything - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usb_storage" - "usbhid" - "sd_mod" - ]; - - # Graphics and VMs - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.kernelModules = [ "kvm-amd" ]; - services.xserver.videoDrivers = [ "amdgpu" ]; - - # I don't think I need this? - # boot.kernelParams = [ - # "video=DP-0:2560x1440@165" - # "video=DP-1:1920x1080@60" - # ]; - - # Required binary blobs to boot on this machine - hardware.enableRedistributableFirmware = true; - - # Prioritize performance over efficiency - powerManagement.cpuFreqGovernor = "performance"; - - # Allow firmware updates - hardware.cpu.amd.updateMicrocode = true; - - # Helps reduce GPU fan noise under idle loads - hardware.fancontrol.enable = true; - hardware.fancontrol.config = '' - # Configuration file generated by pwmconfig, changes will be lost - INTERVAL=10 - DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0 - DEVNAME=hwmon0=amdgpu - FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input - FCFANS= hwmon0/pwm1=hwmon0/fan1_input - MINTEMP=hwmon0/pwm1=50 - MAXTEMP=hwmon0/pwm1=70 - MINSTART=hwmon0/pwm1=100 - MINSTOP=hwmon0/pwm1=10 - MINPWM=hwmon0/pwm1=10 - MAXPWM=hwmon0/pwm1=240 - ''; - - # File systems must be declared in order to boot - - # This is the root filesystem containing NixOS - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - - # This is the boot filesystem for Grub - fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; - - # Secrets must be prepared ahead before deploying - passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512; - - # Theming - - # Turn on all features related to desktop and graphical applications - gui.enable = true; - - # Set the system-wide theme, also used for non-graphical programs - theme = { - colors = (import ../../colorscheme/gruvbox-dark).dark; - dark = true; - }; - wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg"; - gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark"; - - # Programs and services - atuin.enable = true; - charm.enable = true; - neovim.enable = true; - media.enable = true; - dotfiles.enable = true; - firefox.enable = true; - kitty.enable = true; - _1password.enable = true; - discord.enable = true; - nautilus.enable = true; - obsidian.enable = true; - mail.enable = true; - mail.aerc.enable = true; - mail.himalaya.enable = true; - keybase.enable = true; - mullvad.enable = false; - rust.enable = true; - terraform.enable = true; - wezterm.enable = true; - yt-dlp.enable = true; - gaming = { - dwarf-fortress.enable = true; - enable = true; - steam.enable = true; - moonlight.enable = true; - legendary.enable = true; - lutris.enable = true; - ryujinx.enable = true; - }; - services.vmagent.enable = true; # Enables Prometheus metrics - services.openssh.enable = true; # Required for Cloudflare tunnel and identity file - - # Allows private remote access over the internet - cloudflareTunnel = { - enable = true; - id = "ac133a82-31fb-480c-942a-cdbcd4c58173"; - credentialsFile = ../../private/cloudflared-tempest.age; - ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org"; - }; - - # Allows requests to force machine to wake up - # This network interface might change, needs to be set specifically for each machine. - # Or set usePredictableInterfaceNames = false - networking.interfaces.enp5s0.wakeOnLan.enable = true; - } - ]; -} diff --git a/pkgs/misc/wallpapers/package.nix b/pkgs/misc/wallpapers/package.nix new file mode 100644 index 0000000..a0ed316 --- /dev/null +++ b/pkgs/misc/wallpapers/package.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +pkgs. + +pkgs.writeShellApplication + { + name = "ocr"; + runtimeInputs = [ pkgs.tesseract ]; + text = builtins.readFile ./ocr.sh; + } diff --git a/platforms/home-manager/modules/nmasur/profiles/linux-base.nix b/platforms/home-manager/modules/nmasur/profiles/linux-base.nix index cb38d2e..b55c167 100644 --- a/platforms/home-manager/modules/nmasur/profiles/linux-base.nix +++ b/platforms/home-manager/modules/nmasur/profiles/linux-base.nix @@ -41,7 +41,7 @@ in trash = lib.mkDefault "${pkgs.trash-cli}/bin/trash-put"; }; shellAbbrs = { - t = "trash"; + t = lib.mkDefault "trash"; }; }; }; diff --git a/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix b/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix index 7cc2ad4..e399edb 100644 --- a/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix +++ b/platforms/home-manager/modules/nmasur/profiles/linux-gaming.nix @@ -15,7 +15,9 @@ in config = lib.mkIf cfg.enable { - nmasur.programs.wine.enable = lib.mkDefault true; + nmasur.presets.programs = { + wine.enable = lib.mkDefault true; + }; home.packages = lib.mkDefault [ pkgs.heroic diff --git a/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix b/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix index 6f6d70a..3013187 100644 --- a/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix +++ b/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix @@ -15,6 +15,32 @@ in config = lib.mkIf cfg.enable { nmasur.gtk.enable = lib.mkDefault true; + nmasur.presets = { + programs = { + _1password.enable = lib.mkDefault true; + aerc.enable = lib.mkDefault true; + discord.enable = lib.mkDefault true; + dotfiles.enable = lib.mkDefault true; + firefox.enable = lib.mkDefault true; + mpv.enable = lib.mkDefault true; + nautilus.enable = lib.mkDefault true; + nsxiv.enable = lib.mkDefault true; + obsidian.enable = lib.mkDefault true; + xclip.enable = lib.mkDefault true; + wezterm.enable = lib.mkDefault true; + zathura.enable = lib.mkDefault true; + }; + services = { + dunst.enable = lib.mkDefault false; # Off by default + i3.enable = lib.mkDefault true; + kanata.enable = lib.mkDefault true; + keybase.enable = lib.mkDefault true; + mbsync.enable = lib.mkDefault true; + picom.enable = lib.mkDefault true; + polybar.enable = lib.mkDefault true; + volnoti.enable = lib.mkDefault true; + }; + }; }; } diff --git a/platforms/home-manager/modules/nmasur/profiles/power-user.nix b/platforms/home-manager/modules/nmasur/profiles/power-user.nix index 8cf98a7..f98e811 100644 --- a/platforms/home-manager/modules/nmasur/profiles/power-user.nix +++ b/platforms/home-manager/modules/nmasur/profiles/power-user.nix @@ -56,6 +56,7 @@ in ripgrep.enable = lib.mkDefault true; prettyping.enable = lib.mkDefault true; weather.enable = lib.mkDefault true; + yt-dlp.enable = lib.mkDefault true; zoxide.enable = lib.mkDefault true; }; diff --git a/platforms/nixos/modules/nmasur/presets/services/lightdm.nix b/platforms/nixos/modules/nmasur/presets/services/lightdm.nix index 353d5d6..df0953d 100644 --- a/platforms/nixos/modules/nmasur/presets/services/lightdm.nix +++ b/platforms/nixos/modules/nmasur/presets/services/lightdm.nix @@ -2,6 +2,7 @@ config, pkgs, lib, + wallpapers ? null, ... }: @@ -14,8 +15,9 @@ in options.nmasur.presets.services.lightdm = { enable = lib.mkEnableOption "Lightdm display manager"; wallpaper = { - type = lib.types.path; + type = lib.types.nullOr lib.types.path; description = "Wallpaper background image file"; + default = "${wallpapers}/gruvbox/road.jpg"; }; gtk.theme = { name = lib.mkOption { diff --git a/platforms/nixos/modules/nmasur/presets/zfs.nix b/platforms/nixos/modules/nmasur/presets/zfs.nix index 8a560b9..111a32c 100644 --- a/platforms/nixos/modules/nmasur/presets/zfs.nix +++ b/platforms/nixos/modules/nmasur/presets/zfs.nix @@ -23,5 +23,28 @@ in prometheus.scrapeTargets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}" ]; + + zramSwap.enable = true; + swapDevices = [ + { + device = "/swapfile"; + size = 4 * 1024; # 4 GB + } + ]; + + boot.zfs = { + # Automatically load the ZFS pool on boot + extraPools = [ "tank" ]; + # Only try to decrypt datasets with keyfiles + requestEncryptionCredentials = [ + "tank/archive" + "tank/generic" + "tank/nextcloud" + "tank/generic/git" + ]; + # If password is requested and fails, continue to boot eventually + passwordTimeout = 300; + }; + }; } diff --git a/platforms/nixos/modules/nmasur/profiles/base.nix b/platforms/nixos/modules/nmasur/profiles/base.nix index 332d1be..8c2c7e9 100644 --- a/platforms/nixos/modules/nmasur/profiles/base.nix +++ b/platforms/nixos/modules/nmasur/profiles/base.nix @@ -16,6 +16,12 @@ in config = lib.mkIf cfg.enable { + nmasur.presets.services = { + # Allow tunneling into the machine + cloudflared.enable = lib.mkDefault true; + openssh.enable = lib.mkDefault true; + }; + # Allows us to declaritively set password users.mutableUsers = lib.mkDefault false; @@ -25,9 +31,6 @@ in # Create a home directory for human user isNormalUser = lib.mkDefault true; - # Automatically create a password to start - hashedPassword = lib.mkDefault config.passwordHash; - extraGroups = lib.mkDefault [ "wheel" # Sudo privileges ]; diff --git a/platforms/nixos/modules/nmasur/profiles/gaming.nix b/platforms/nixos/modules/nmasur/profiles/gaming.nix index c9e5456..26c7df0 100644 --- a/platforms/nixos/modules/nmasur/profiles/gaming.nix +++ b/platforms/nixos/modules/nmasur/profiles/gaming.nix @@ -17,14 +17,18 @@ in # Enable graphics acceleration hardware.graphics = { - enable = true; - enable32Bit = true; + enable = lib.mkDefault true; + enable32Bit = lib.mkDefault true; }; # Enable gamemode which can be executed on a per-game basis - programs.gamemode.enable = true; + programs.gamemode.enable = lib.mkDefault true; environment.systemPackages = with pkgs; [ moonlight-qt ]; + nmasur.presets.programs = { + steam.enable = lib.mkDefault true; + }; + }; } diff --git a/platforms/nixos/modules/nmasur/profiles/gui.nix b/platforms/nixos/modules/nmasur/profiles/gui.nix index 890c7c8..78fa3cf 100644 --- a/platforms/nixos/modules/nmasur/profiles/gui.nix +++ b/platforms/nixos/modules/nmasur/profiles/gui.nix @@ -53,8 +53,13 @@ in # Detect monitors (brightness) for ddcutil hardware.i2c.enable = lib.mkDefault true; - # Grant main user access to external monitors - users.users.${username}.extraGroups = lib.mkDefault [ "i2c" ]; + users.users.${username} = { + # Grant main user access to external monitors + extraGroups = lib.mkDefault [ "i2c" ]; + + # Automatically create a password to start + hashedPassword = lib.mkDefault (lib.fileContents ../../../../../misc/password.sha512); + }; services.xserver.displayManager = { diff --git a/platforms/nixos/modules/nmasur/profiles/home.nix b/platforms/nixos/modules/nmasur/profiles/home.nix index 998a98c..45983de 100644 --- a/platforms/nixos/modules/nmasur/profiles/home.nix +++ b/platforms/nixos/modules/nmasur/profiles/home.nix @@ -16,11 +16,13 @@ in config = lib.mkIf cfg.enable { - # Configure physical power buttons - nmasur.presets.services.logind.enable = lib.mkDefault true; + nmasur.presets.services = { + # Configure physical power buttons + logind.enable = lib.mkDefault true; + }; # Enable automatic timezone updates based on location - services.tzupdate.enable = lib.mkDefault true; + services.automatic-timezoned.enable = lib.mkDefault true; # Allow reading from Windows drives boot.supportedFilesystems = [ "ntfs" ]; @@ -41,24 +43,26 @@ in # Wake up tempest with a command environment.systemPackages = [ - (pkgs.writeShellScriptBin "wake-tempest" "${pkgs.wakeonlan}/bin/wakeonlan --ip=192.168.1.255 74:56:3C:40:37:5D") + (pkgs.writeShellScriptBin "wake-tempest" "${lib.getExe pkgs.wakeonlan} --ip=192.168.1.255 74:56:3C:40:37:5D") ]; # Prevent wake from keyboard - powerManagement.powerDownCommands = lib.mkDefault '' - set +e + powerManagement.powerDownCommands = + lib.mkDefault # bash + '' + set +e - # Fix for Gigabyte motherboard - # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/ - # Disable if enabled - if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then - echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup - fi + # Fix for Gigabyte motherboard + # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/ + # Disable if enabled + if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then + echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup + fi - sleep 2 + sleep 2 - set -e - ''; + set -e + ''; services.udev.extraRules = lib.mkDefault '' ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled" ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled" diff --git a/platforms/nixos/modules/nmasur/profiles/nas.nix b/platforms/nixos/modules/nmasur/profiles/nas.nix index b0ed12f..6099eb8 100644 --- a/platforms/nixos/modules/nmasur/profiles/nas.nix +++ b/platforms/nixos/modules/nmasur/profiles/nas.nix @@ -25,16 +25,17 @@ in bind.enable = lib.mkDefault true; caddy.enable = lib.mkDefault true; calibre-web.enable = lib.mkDefault true; - cloudflare.enable = lib.mkDefault true; cloudflared.enable = lib.mkDefault true; + cloudflare.enable = lib.mkDefault true; filebrowser.enable = lib.mkDefault true; immich.enable = lib.mkDefault true; jellyfin.enable = lib.mkDefault true; nextcloud.enable = lib.mkDefault true; nix-autoupgrade.enable = lib.mkDefault false; # Off by default for NAS paperless.enable = lib.mkDefault true; - samba.enable = lib.mkDefault true; postgresql.enable = lib.mkDefault true; + samba.enable = lib.mkDefault true; + vm-agent.enable = lib.mkDefault true; }; }; diff --git a/platforms/nixos/modules/services/filebrowser.nix b/platforms/nixos/modules/services/filebrowser.nix index 9795119..da6ef64 100644 --- a/platforms/nixos/modules/services/filebrowser.nix +++ b/platforms/nixos/modules/services/filebrowser.nix @@ -20,7 +20,7 @@ let "auth.method" = "json"; username = username; # Generate password: htpasswd -nBC 10 "" | tr -d ':\n' - password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za"; + password = cfg.passwordHash; }; in @@ -31,6 +31,7 @@ in passwordHash = lib.mkOption { type = lib.types.str; description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' ''; + default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za"; }; };