upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-06-16 18:15:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: init

Browse source
This commit is contained in:
Nick 2024-10-06 15:25:05 -05:00
commit c19ea940bd
320 changed files with 23845 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

29
systems/desktop/boot.nix Executable file
View file

@ -0,0 +1,29 @@
{
pkgs,
config,
...
}: {
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = ["ntfs"];
initrd = {
network.openvpn.enable = true;
availableKernelModules = ["nvme" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd" "vfio-pci" "v4l2loopback"];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

13
systems/desktop/default.nix Executable file
View file

@ -0,0 +1,13 @@
{lib, ...}: {
imports = [
./boot.nix
./filesystem.nix
./graphics.nix
./hardware.nix
./networking.nix
./sops.nix
./ssh.nix
];
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

82
systems/desktop/filesystem.nix Executable file
View file

@ -0,0 +1,82 @@
{
flake,
config,
...
}: let
inherit (flake.config.people) user0 user1;
inherit (flake.config.system.device) desktop server nas;
secrets0 = config.sops.secrets."network/synology".path;
secrets1 = config.sops.secrets."network/server".path;
in {
fileSystems = let
synologyDrives = [
"folder0"
"folder1"
"folder2"
"folder3"
];
storageDrives = [
"storage0"
"storage1"
];
sambaDrives = [
"samba0"
];
synologyMounts = folder: {
name = "${nas.${folder}.mount}";
value = {
device = nas.${folder}.device;
fsType = "cifs";
options = nas.${folder}.options ++ ["credentials=${secrets0}"];
};
};
storageMounts = storage: {
name = "${desktop.${storage}.mount}";
value = {
device = desktop.${storage}.device;
fsType = "ext4";
options = desktop.${storage}.options;
};
};
sambaMounts = samba: {
name = "${server.${samba}.mount}";
value = {
device = server.${samba}.device;
fsType = "cifs";
options = server.${samba}.options ++ ["credentials=${secrets1}"];
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/9ea15b16-068a-4c1b-8152-096b901f1ae7";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/8A33-9662";
fsType = "vfat";
options = desktop.boot.options;
};
}
// (builtins.listToAttrs (map synologyMounts synologyDrives))
// (builtins.listToAttrs (map storageMounts storageDrives))
// (builtins.listToAttrs (map sambaMounts sambaDrives));
swapDevices = [
{device = "/dev/disk/by-uuid/b21d20df-f272-4c0c-8e7a-5effac3373f8";}
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
"Z ${config.home-manager.users.${user1}.home.homeDirectory} 0755 ${user1} users -"
"Z ${desktop.storage0.mount} 0755 ${user0} users -"
"Z ${desktop.storage1.mount} 0755 ${user0} users -"
];
services.udisks2.enable = true;
}

18
systems/desktop/graphics.nix Executable file
View file

@ -0,0 +1,18 @@
{pkgs, ...}: {
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
rocmPackages.clr.icd
pkgs.amdvlk
];
extraPackages32 = [
pkgs.driversi686Linux.amdvlk
];
};
};
boot.initrd.kernelModules = ["amdgpu"];
}

13
systems/desktop/hardware.nix Executable file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}: {
hardware = {
firmware = [pkgs.rtl8761b-firmware];
enableAllFirmware = true;
ledger.enable = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

33
systems/desktop/networking.nix Executable file
View file

@ -0,0 +1,33 @@
{
lib,
flake,
...
}: let
inherit (flake.config.system.device) desktop;
in {
networking = {
hostName = desktop.name;
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
4333 # Feishin
2234 # Soulseek
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

41
systems/desktop/sops.nix Executable file
View file

@ -0,0 +1,41 @@
{flake, ...}: let
inherit (flake.config.people) user0;
inherit (flake.config.people.user.${user0}) git;
in {
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = false;
age = {
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = false;
};
secrets = {
"ssh/private" = {
path = "/home/${user0}/.ssh/id_ed25519";
owner = user0;
};
"ssh/public" = {
path = "/home/${user0}/.ssh/id_ed25519.pub";
owner = user0;
};
"ssh/hosts" = {
path = "/home/${user0}/.ssh/known_hosts";
owner = user0;
};
"network/synology" = {
path = "/var/lib/secrets/synology";
owner = "root";
mode = "600";
};
"network/server" = {
path = "/var/lib/secrets/server";
owner = "root";
mode = "600";
};
"discord-token" = {
path = "${git.path0}/zookeeper/.env";
owner = user0;
};
};
};
}

8
systems/desktop/ssh.nix Executable file
View file

@ -0,0 +1,8 @@
{flake, ...}: let
inherit (flake.config.people) user0;
inherit (flake.config.people.user.${user0}) sshKeys;
in {
users.users.${user0} = {
openssh.authorizedKeys.keys = sshKeys;
};
}

34
systems/fallaryn/boot.nix Executable file
View file

@ -0,0 +1,34 @@
{
pkgs,
config,
...
}: {
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = ["ntfs"];
initrd = {
availableKernelModules = ["amdgpu" "nvme" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd" "vfio-pci" "v4l2loopback"];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = false;
grub = {
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
};
};
};
}

13
systems/fallaryn/default.nix Executable file
View file

@ -0,0 +1,13 @@
{lib, ...}: {
imports = [
./boot.nix
./filesystem.nix
./graphics.nix
./hardware.nix
./networking.nix
./sops.nix
./ssh.nix
];
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

65
systems/fallaryn/filesystem.nix Executable file
View file

@ -0,0 +1,65 @@
{
config,
flake,
...
}: let
inherit (flake.config.people) user2;
inherit (flake.config.system.device) fallaryn nas;
secrets0 = config.sops.secrets."network/fallaryn".path;
in {
imports = [];
fileSystems = let
synologyDrives = [
"folder2"
];
storageDrives = [
"storage0"
"storage1"
];
synologyMounts = folder: {
name = "${nas.${folder}.mount}";
value = {
device = nas.${folder}.device;
fsType = "cifs";
options = nas.${folder}.options ++ ["credentials=${secrets0}"];
};
};
storageMounts = storage: {
name = "${fallaryn.${storage}.mount}";
value = {
device = fallaryn.${storage}.device;
fsType = "ext4";
options = fallaryn.${storage}.options;
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/d02cb367-26e0-4708-8840-75dcc4362ff4";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/22BD-5A25";
fsType = "vfat";
options = fallaryn.boot.options;
};
}
// (builtins.listToAttrs (map synologyMounts synologyDrives))
// (builtins.listToAttrs (map storageMounts storageDrives));
swapDevices = [
{device = "/dev/disk/by-uuid/cc7ab213-26c9-4567-91ca-9dba6e98c9d1";}
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user2}.home.homeDirectory} 0755 ${user2} users -"
"Z ${fallaryn.storage0.mount} 0755 ${user2} users -"
"Z ${fallaryn.storage1.mount} 0755 ${user2} users -"
];
services.udisks2.enable = true;
}

17
systems/fallaryn/graphics.nix Executable file
View file

@ -0,0 +1,17 @@
{pkgs, ...}: {
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
rocmPackages.clr.icd
pkgs.amdvlk
];
extraPackages32 = [
pkgs.driversi686Linux.amdvlk
];
};
};
boot.initrd.kernelModules = ["amdgpu"];
}

12
systems/fallaryn/hardware.nix Executable file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}: {
hardware = {
firmware = [pkgs.rtl8761b-firmware];
enableAllFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

29
systems/fallaryn/networking.nix Executable file
View file

@ -0,0 +1,29 @@
{
lib,
flake,
...
}: let
inherit (flake.config.system.device) fallaryn;
in {
networking = {
hostName = fallaryn.name;
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

30
systems/fallaryn/sops.nix Executable file
View file

@ -0,0 +1,30 @@
{flake, ...}: let
inherit
(flake.config.people)
user2
;
in {
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = false;
age = {
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = false;
};
secrets = {
"ssh/private" = {
path = "/home/${user2}/.ssh/id_ed25519";
owner = user2;
};
"ssh/public" = {
path = "/home/${user2}/.ssh/id_ed25519.pub";
owner = user2;
};
"network/fallaryn" = {
path = "/etc/fallaryn-synology";
owner = "root";
mode = "600";
};
};
};
}

8
systems/fallaryn/ssh.nix Executable file
View file

@ -0,0 +1,8 @@
{flake, ...}: let
inherit (flake.config.people) user0;
inherit (flake.config.people.user.${user0}) sshKeys;
in {
users.users.${user0} = {
openssh.authorizedKeys.keys = sshKeys;
};
}

28
systems/laptop/boot.nix Executable file
View file

@ -0,0 +1,28 @@
{
pkgs,
config,
...
}: {
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = ["ntfs"];
initrd = {
availableKernelModules = ["nvme" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd" "vfio-pci" "v4l2loopback"];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

13
systems/laptop/default.nix Executable file
View file

@ -0,0 +1,13 @@
{lib, ...}: {
imports = [
./boot.nix
./filesystem.nix
./graphics.nix
./hardware.nix
./networking.nix
./sops.nix
./ssh.nix
];
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

66
systems/laptop/filesystem.nix Executable file
View file

@ -0,0 +1,66 @@
{
flake,
config,
...
}: let
inherit (flake.config.people) user0 user1 user2;
inherit (flake.config.system.device) laptop nas server;
secrets0 = config.sops.secrets."network/synology".path;
secrets1 = config.sops.secrets."network/server".path;
in {
fileSystems = let
synologyDrives = [
"folder0"
"folder1"
"folder4"
];
sambaDrives = [
"samba0"
];
synologyMounts = folder: {
name = "${nas.${folder}.mount}";
value = {
device = nas.${folder}.device;
fsType = "cifs";
options = nas.${folder}.options ++ ["credentials=${secrets0}"];
};
};
sambaMounts = samba: {
name = "${server.${samba}.mount}";
value = {
device = server.${samba}.device;
fsType = "cifs";
options = server.${samba}.options ++ ["credentials=${secrets1}"];
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/e8a3dd5a-7b71-4d86-b157-bac5e0ba7429";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/E946-BD04";
fsType = "vfat";
options = laptop.boot.options;
};
}
// (builtins.listToAttrs (map synologyMounts synologyDrives))
// (builtins.listToAttrs (map sambaMounts sambaDrives));
swapDevices = [
{device = "/dev/disk/by-uuid/7730bd62-75e2-4b6c-8dcd-f18189ee2845";}
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
"Z ${config.home-manager.users.${user1}.home.homeDirectory} 0755 ${user1} users -"
"Z ${config.home-manager.users.${user2}.home.homeDirectory} 0755 ${user2} users -"
];
services.udisks2.enable = true;
}

17
systems/laptop/graphics.nix Executable file
View file

@ -0,0 +1,17 @@
{pkgs, ...}: {
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
rocmPackages.clr.icd
pkgs.amdvlk
];
extraPackages32 = [
pkgs.driversi686Linux.amdvlk
];
};
};
boot.initrd.kernelModules = ["amdgpu"];
}

12
systems/laptop/hardware.nix Executable file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}: {
hardware = {
firmware = [pkgs.rtl8761b-firmware];
enableAllFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

28
systems/laptop/networking.nix Executable file
View file

@ -0,0 +1,28 @@
{
lib,
flake,
...
}: let
inherit (flake.config.system.device) laptop;
in {
networking = {
hostName = laptop.name;
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

41
systems/laptop/sops.nix Executable file
View file

@ -0,0 +1,41 @@
{flake, ...}: let
inherit
(flake.config.people)
user0
user1
;
in {
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = false;
age = {
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = false;
};
secrets = {
"ssh/private" = {
path = "/home/${user0}/.ssh/id_ed25519";
owner = user0;
};
"ssh/public" = {
path = "/home/${user0}/.ssh/id_ed25519.pub";
owner = user0;
};
"network/synology" = {
path = "/var/lib/secrets/synology";
owner = "root";
mode = "600";
};
"network/server" = {
path = "/var/lib/secrets/server";
owner = "root";
mode = "600";
};
"network/${user1}" = {
path = "/var/lib/secrets/${user1}";
owner = "root";
mode = "600";
};
};
};
}

8
systems/laptop/ssh.nix Executable file
View file

@ -0,0 +1,8 @@
{flake, ...}: let
inherit (flake.config.people) user0;
inherit (flake.config.people.user.${user0}) sshKeys;
in {
users.users.${user0} = {
openssh.authorizedKeys.keys = sshKeys;
};
}

28
systems/server/boot.nix Executable file
View file

@ -0,0 +1,28 @@
{
pkgs,
config,
...
}: {
boot = {
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback.out
];
supportedFilesystems = ["ntfs"];
initrd = {
availableKernelModules = ["nvme" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd" "vfio-pci" "v4l2loopback"];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
systemd-boot.enable = true;
};
};
}

13
systems/server/default.nix Executable file
View file

@ -0,0 +1,13 @@
{lib, ...}: {
imports = [
./boot.nix
./filesystem.nix
./graphics.nix
./hardware.nix
./networking.nix
./sops.nix
./ssh.nix
];
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
system.stateVersion = lib.mkForce "24.05";
}

45
systems/server/filesystem.nix Executable file
View file

@ -0,0 +1,45 @@
{
flake,
config,
...
}: let
inherit (flake.config.people) user0;
inherit (flake.config.system.device) server;
in {
fileSystems = let
storageDrives = [
"storage0"
];
storageMounts = storage: {
name = "${server.${storage}.mount}";
value = {
device = server.${storage}.device;
fsType = "ext4";
options = server.${storage}.options;
};
};
in
{
"/" = {
device = "/dev/disk/by-uuid/de4e681b-0667-4bf8-8d6e-c50894aa41cd";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/C68D-B1C0";
fsType = "vfat";
};
}
// (builtins.listToAttrs (map storageMounts storageDrives));
swapDevices = [
{device = "/dev/disk/by-uuid/259fcc06-912c-4bd3-b781-8f77449e935a";}
];
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
"Z ${server.storage0.mount} 2775 root root -"
];
services.udisks2.enable = true;
}

18
systems/server/graphics.nix Executable file
View file

@ -0,0 +1,18 @@
{pkgs, ...}: {
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
rocmPackages.clr.icd
pkgs.amdvlk
];
extraPackages32 = [
pkgs.driversi686Linux.amdvlk
];
};
};
boot.initrd.kernelModules = ["amdgpu"];
services.xserver.videoDrivers = ["amdgpu"];
}

12
systems/server/hardware.nix Executable file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}: {
hardware = {
firmware = [pkgs.rtl8761b-firmware];
enableAllFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

38
systems/server/networking.nix Executable file
View file

@ -0,0 +1,38 @@
{
lib,
flake,
...
}: let
inherit (flake.config.system.device) server;
in {
networking = {
hostName = server.name;
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
25 # SMTP
139 # SMTP
587 # SMTP
];
};
};
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish = {
enable = true;
userServices = true;
};
};
sshd.enable = true;
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}

26
systems/server/sops.nix Executable file
View file

@ -0,0 +1,26 @@
{flake, ...}: let
inherit (flake.config.people) user0;
in {
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
validateSopsFiles = false;
age = {
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = false;
};
secrets = {
"ssh/private" = {
path = "/home/${user0}/.ssh/id_ed25519";
owner = user0;
};
"ssh/public" = {
path = "/home/${user0}/.ssh/id_ed25519.pub";
owner = user0;
};
"discord-token" = {
path = "/home/${user0}/projects/zookeeper/.env";
owner = user0;
};
};
};
}

8
systems/server/ssh.nix Executable file
View file

@ -0,0 +1,8 @@
{flake, ...}: let
inherit (flake.config.people) user0;
inherit (flake.config.people.user.${user0}) sshKeys;
in {
users.users.${user0} = {
openssh.authorizedKeys.keys = sshKeys;
};
}