aboutsummaryrefslogtreecommitdiff
path: root/nix
diff options
context:
space:
mode:
Diffstat (limited to 'nix')
-rw-r--r--nix/flake.nix69
-rw-r--r--nix/modules/configuration.nix53
-rw-r--r--nix/modules/cuda.nix9
-rw-r--r--nix/modules/default.nix21
-rw-r--r--nix/modules/dovecot.nix8
-rw-r--r--nix/modules/git-daemon.nix9
-rw-r--r--nix/modules/home/default.nix220
-rw-r--r--nix/modules/i2pd.nix11
-rw-r--r--nix/modules/nginx.nix47
-rw-r--r--nix/modules/nvidia.nix21
-rw-r--r--nix/modules/nvme-simple.nix35
-rw-r--r--nix/modules/ollama.nix8
-rw-r--r--nix/modules/postfix.nix8
-rw-r--r--nix/modules/xserver.nix8
-rw-r--r--nix/systems/affinity/default.nix13
15 files changed, 375 insertions, 165 deletions
diff --git a/nix/flake.nix b/nix/flake.nix
index 2efc624..2420325 100644
--- a/nix/flake.nix
+++ b/nix/flake.nix
@@ -29,44 +29,53 @@
outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: {
nixosConfigurations = {
installer = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- (
- { pkgs, modulesPath, ... }:
- {
- imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
- }
- )
- ./systems/installer/default.nix
- ];
+ system = "x86_64-linux";
+ modules = [
+ (
+ { pkgs, modulesPath, ... }:
+ {
+ imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ];
+ }
+ )
+ ./systems/installer/default.nix
+ ];
};
continuity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- { nixpkgs.overlays = [ nur.overlays.default ]; }
- { home-manager.extraSpecialArgs = attrs; }
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
- ./modules/sda-simple.nix
- ./systems/continuity/default.nix
- ];
+ ./modules/sda-simple.nix
+ ./systems/continuity/default.nix
+ ];
};
- spontaneity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [];
+ affinity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ { nixpkgs.overlays = [ nur.overlays.default ]; }
+ { home-manager.extraSpecialArgs = attrs; }
+ ./modules/nvme-simple.nix
+ ./systems/affinity/default.nix
+ ];
};
- affinity = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- specialArgs = attrs;
- modules = [];
+ spontaneity = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs = attrs;
+ modules = [];
};
};
};
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index 4387767..4f821e2 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -6,6 +6,14 @@
./pipewire.nix
./tor.nix
./kubo.nix
+ ./nvidia.nix
+ ./cuda.nix
+ ./nginx.nix
+ ./git-daemon.nix
+ ./postfix.nix
+ ./dovecot.nix
+ ./ollama.nix
+ ./i2pd.nix
];
documentation = {
@@ -17,9 +25,9 @@
environment = {
etc = {
securetty.text = ''
- # /etc/securetty: list of terminals on which root is allowed to login.
- # See securetty(5) and login(1).
- '';
+ # /etc/securetty: list of terminals on which root is allowed to login.
+ # See securetty(5) and login(1).
+ '';
};
};
@@ -30,9 +38,9 @@
"restricthome"."/home/*".Z.mode = "~0700";
"restrictetcnixos"."/etc/nixos/*".Z = {
- mode = "0000";
- user = "root";
- group = "root";
+ mode = "0000";
+ user = "root";
+ group = "root";
};
};
};
@@ -43,15 +51,15 @@
initrd = {
availableKernelModules = [
- "xhci_pci"
- "ahci"
- "usb_storage"
- "sd_mod"
- "nvme"
- "sd_mod"
- "ehci_pci"
- "rtsx_pci_sdmmc"
- "usbhid"
+ "xhci_pci"
+ "ahci"
+ "usb_storage"
+ "sd_mod"
+ "nvme"
+ "sd_mod"
+ "ehci_pci"
+ "rtsx_pci_sdmmc"
+ "usbhid"
];
kernelModules = [ ];
@@ -66,7 +74,7 @@
systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.secureBoot.enable);
efi.canTouchEfiVariables = true;
};
-
+
kernelModules = [
"snd-seq"
"snd-rawmidi"
@@ -209,9 +217,9 @@
udev = {
extraRules = '''';
packages = with pkgs; [
- platformio-core
- platformio-core.udev
- openocd
+ platformio-core
+ platformio-core.udev
+ openocd
];
};
@@ -281,12 +289,17 @@
vim
curl
];
-
+
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
];
+ git = {
+ isSystemUser = true;
+ home = "/srv/git";
+ shell = "${pkgs.git}/bin/git-shell";
+ };
"${config.monorepo.vars.userName}" = {
initialPassword = "${config.monorepo.vars.userName}";
isNormalUser = true;
diff --git a/nix/modules/cuda.nix b/nix/modules/cuda.nix
new file mode 100644
index 0000000..0c90278
--- /dev/null
+++ b/nix/modules/cuda.nix
@@ -0,0 +1,9 @@
+{ config, lib, pkgs, ... }:
+{
+ environment.systemPackages = with pkgs; [
+ cudatoolkit
+ cudaPackages.cudnn
+ cudaPackages.libcublas
+ linuxPackages.nvidia_x11
+ ];
+}
diff --git a/nix/modules/default.nix b/nix/modules/default.nix
index 9d06837..9cdd616 100644
--- a/nix/modules/default.nix
+++ b/nix/modules/default.nix
@@ -9,12 +9,13 @@
options = {
monorepo = {
profiles = {
- cuda.enable = lib.mkEnableOption "Enables CUDA support";
- documentation.enable = lib.mkEnableOption "Enables documentation on system.";
- secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl.";
- pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup";
- tor.enable = lib.mkEnableOption "Enables tor along with torsocks";
- home.enable = lib.mkEnableOption "Enables home user";
+ cuda.enable = lib.mkEnableOption "Enables CUDA support";
+ documentation.enable = lib.mkEnableOption "Enables documentation on system.";
+ secureBoot.enable = lib.mkEnableOption "Enables secure boot. See sbctl.";
+ pipewire.enable = lib.mkEnableOption "Enables pipewire low latency audio setup";
+ tor.enable = lib.mkEnableOption "Enables tor along with torsocks";
+ home.enable = lib.mkEnableOption "Enables home user";
+ server.enable = lib.mkEnableOption "Enables server services";
};
};
};
@@ -32,10 +33,10 @@
monorepo = {
profiles = {
- documentation.enable = lib.mkDefault true;
- pipewire.enable = lib.mkDefault true;
- tor.enable = lib.mkDefault true;
- home.enable = lib.mkDefault true;
+ documentation.enable = lib.mkDefault true;
+ pipewire.enable = lib.mkDefault true;
+ tor.enable = lib.mkDefault true;
+ home.enable = lib.mkDefault true;
};
};
};
diff --git a/nix/modules/dovecot.nix b/nix/modules/dovecot.nix
new file mode 100644
index 0000000..2921ad8
--- /dev/null
+++ b/nix/modules/dovecot.nix
@@ -0,0 +1,8 @@
+{ config, lib, ... }:
+{
+ services.dovecot2 = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ enableImap = true;
+ enablePop3 = true;
+ };
+}
diff --git a/nix/modules/git-daemon.nix b/nix/modules/git-daemon.nix
new file mode 100644
index 0000000..e71356e
--- /dev/null
+++ b/nix/modules/git-daemon.nix
@@ -0,0 +1,9 @@
+{ config, lib, ... }:
+{
+ services.gitDaemon = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ exportAll = true;
+ listenAddress = "0.0.0.0";
+ basePath = "/srv/git";
+ };
+}
diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix
index a38ee24..1f87d57 100644
--- a/nix/modules/home/default.nix
+++ b/nix/modules/home/default.nix
@@ -39,117 +39,134 @@
crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets";
art.enable = lib.mkEnableOption "Enables various art programs";
music.enable = lib.mkEnableOption "Enables mpd";
+ workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)";
hyprland = {
- enable = lib.mkEnableOption "Enables hyprland";
- monitors = lib.mkOption {
- type = lib.types.listOf lib.types.str;
- default = [
- "HDMI-A-1"
- "eDP-1"
- "DP-2"
- "DP-3"
- "LVDS-1"
- ];
- example = [];
- description = "Hyprland monitors";
- };
+ enable = lib.mkEnableOption "Enables hyprland";
+ monitors = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [
+ "HDMI-A-1"
+ "eDP-1"
+ "DP-2"
+ "DP-3"
+ "LVDS-1"
+ ];
+ example = [];
+ description = "Hyprland monitors";
+ };
};
email = {
- email = lib.mkOption {
- type = lib.types.str;
- default = "ret2pop@gmail.com";
- example = "john@example.com";
- description = "Email address and imaps/smtps account";
- };
- imapsServer = lib.mkOption {
- type = lib.types.str;
- default = "imap.gmail.com";
- example = "imap.example.com";
- description = "imaps server address";
- };
- smtpsServer = lib.mkOption {
- type = lib.types.str;
- default = "smtp.gmail.com";
- example = "smtp.example.com";
- description = "smtp server address";
- };
- enable = lib.mkEnableOption "Enables email";
+ email = lib.mkOption {
+ type = lib.types.str;
+ default = "ret2pop@gmail.com";
+ example = "john@example.com";
+ description = "Email address and imaps/smtps account";
+ };
+ imapsServer = lib.mkOption {
+ type = lib.types.str;
+ default = "imap.gmail.com";
+ example = "imap.example.com";
+ description = "imaps server address";
+ };
+ smtpsServer = lib.mkOption {
+ type = lib.types.str;
+ default = "smtp.gmail.com";
+ example = "smtp.example.com";
+ description = "smtp server address";
+ };
+ enable = lib.mkEnableOption "Enables email";
};
};
};
config = {
home.packages = (if config.monorepo.profiles.email.enable then [ pkgs.mu ] else [])
- ++
- (if config.monorepo.profiles.lang-c.enable then (with pkgs; [
- autobuild
- clang
- gdb
- gnumake
- bear
- clang-tools
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-js.enable then (with pkgs; [
- nodejs
- bun
- yarn
- typescript
- vscode-langservers-extracted
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-rust.enable then (with pkgs; [
- cargo
- rust-analyzer
- rustfmt
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-python.enable then (with pkgs; [
- poetry
- python3
- python312Packages.jedi
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-sol.enable then (with pkgs; [
- solc
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-openscad.enable then (with pkgs; [
- openscad
- openscad-lsp
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-sh.enable then (with pkgs; [
- bash-language-server
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-coq.enable then (with pkgs; [
- coq
- ]) else [])
- ++
- (if config.monorepo.profiles.lang-nix.enable then (with pkgs; [
- nil
- nixd
- nixfmt-rfc-style
- ]) else [])
- ++
- (if config.monorepo.profiles.crypto.enable then (with pkgs; [
- bitcoin
- electrum
- monero-cli
- monero-gui
- ]) else [])
- ++
- (if config.monorepo.profiles.art.enable then (with pkgs; [
- inkscape
- krita
- ]) else [])
- ++
- (if config.monorepo.profiles.music.enable then (with pkgs; [
- mpc-cli
- sox
- ]) else []);
+ ++
+ (if config.monorepo.profiles.lang-c.enable then (with pkgs; [
+ autobuild
+ clang
+ gdb
+ gnumake
+ bear
+ clang-tools
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-js.enable then (with pkgs; [
+ nodejs
+ bun
+ yarn
+ typescript
+ vscode-langservers-extracted
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-rust.enable then (with pkgs; [
+ cargo
+ rust-analyzer
+ rustfmt
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-python.enable then (with pkgs; [
+ poetry
+ python3
+ python312Packages.jedi
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-sol.enable then (with pkgs; [
+ solc
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-openscad.enable then (with pkgs; [
+ openscad
+ openscad-lsp
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-sh.enable then (with pkgs; [
+ bash-language-server
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-coq.enable then (with pkgs; [
+ coq
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-nix.enable then (with pkgs; [
+ nil
+ nixd
+ nixfmt-rfc-style
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.crypto.enable then (with pkgs; [
+ bitcoin
+ electrum
+ monero-cli
+ monero-gui
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.art.enable then (with pkgs; [
+ inkscape
+ krita
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.music.enable then (with pkgs; [
+ mpc-cli
+ sox
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.workstation.enable then (with pkgs; [
+ alsa-utils
+ alsa-scarlett-gui
+ ardour
+ audacity
+ blender
+ fluidsynth
+ qjackctl
+ qsynth
+ qpwgraph
+ imagemagick
+ inkscape
+ kdenlive
+ kicad
+ ]) else []);
monorepo.profiles = {
enable = lib.mkDefault true;
@@ -170,6 +187,7 @@
crypto.enable = lib.mkDefault true;
art.enable = lib.mkDefault true;
+ workstation.enable = lib.mkDefault true;
};
};
}
diff --git a/nix/modules/i2pd.nix b/nix/modules/i2pd.nix
new file mode 100644
index 0000000..ef4f63f
--- /dev/null
+++ b/nix/modules/i2pd.nix
@@ -0,0 +1,11 @@
+{ config, lib, ... }:
+{
+ services.i2pd = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ address = "0.0.0.0";
+ inTunnels = {
+ };
+ outTunnels = {
+ };
+ };
+}
diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix
new file mode 100644
index 0000000..7d8a24a
--- /dev/null
+++ b/nix/modules/nginx.nix
@@ -0,0 +1,47 @@
+{ config, services, ... }:
+{
+ services.nginx = {
+ enable = true;
+
+ # Use recommended settings
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+
+ # Only allow PFS-enabled ciphers with AES256
+ sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+ appendHttpConfig = ''
+ # Add HSTS header with preloading to HTTPS requests.
+ # Adding this header to HTTP requests is discouraged
+ map $scheme $hsts_header {
+ https "max-age=31536000; includeSubdomains; preload";
+ }
+ add_header Strict-Transport-Security $hsts_header;
+
+ # Enable CSP for your services.
+ #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+
+ # Minimize information leaked to other domains
+ add_header 'Referrer-Policy' 'origin-when-cross-origin';
+
+ # Disable embedding as a frame
+ add_header X-Frame-Options DENY;
+
+ # Prevent injection of code in other mime types (XSS Attacks)
+ add_header X-Content-Type-Options nosniff;
+
+ # This might create errors
+ proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+'';
+
+ virtualHosts = {
+ "ret2pop.net" = {
+ # addSSL = true;
+ # enableACME = true;
+ root = "/home/preston/ret2pop-website/";
+ };
+ };
+ };
+}
diff --git a/nix/modules/nvidia.nix b/nix/modules/nvidia.nix
new file mode 100644
index 0000000..b59035c
--- /dev/null
+++ b/nix/modules/nvidia.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+{
+ hardware = {
+ opengl.extraPackages = with pkgs; [
+ vaapiVdpau
+ libvdpau-va-gl
+ nvidia-vaapi-driver
+ ];
+
+ nvidia = {
+ modesetting.enable = true;
+ powerManagement = {
+ enable = true;
+ finegrained = false;
+ };
+ nvidiaSettings = true;
+ open = false;
+ package = config.boot.kernelPackages.nvidiaPackages.stable;
+ };
+ };
+}
diff --git a/nix/modules/nvme-simple.nix b/nix/modules/nvme-simple.nix
new file mode 100644
index 0000000..665c17e
--- /dev/null
+++ b/nix/modules/nvme-simple.nix
@@ -0,0 +1,35 @@
+{
+ disko.devices = {
+ disk = {
+ my-disk = {
+ device = "/dev/nvme0n1";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ type = "EF00";
+ size = "500M";
+ priority = 1;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ root = {
+ size = "100%";
+ priority = 2;
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/nix/modules/ollama.nix b/nix/modules/ollama.nix
new file mode 100644
index 0000000..f9f4dc9
--- /dev/null
+++ b/nix/modules/ollama.nix
@@ -0,0 +1,8 @@
+{ config, lib, ... }:
+{
+ services.ollama = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ acceleration = "cuda";
+ host = "0.0.0.0";
+ };
+}
diff --git a/nix/modules/postfix.nix b/nix/modules/postfix.nix
new file mode 100644
index 0000000..90eb253
--- /dev/null
+++ b/nix/modules/postfix.nix
@@ -0,0 +1,8 @@
+{ config, lib, ... }:
+{
+ services.postfix = {
+ enable = true;
+ config = {
+ };
+ };
+}
diff --git a/nix/modules/xserver.nix b/nix/modules/xserver.nix
index 52ca559..d6f7ab1 100644
--- a/nix/modules/xserver.nix
+++ b/nix/modules/xserver.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
services.xserver = {
enable = lib.mkDefault true;
@@ -8,8 +8,8 @@
windowManager = {
i3 = {
- enable = true;
- package = pkgs.i3-gaps;
+ enable = true;
+ package = pkgs.i3-gaps;
};
};
@@ -23,6 +23,6 @@
options = "caps:escape";
};
- videoDrivers = [];
+ videoDrivers = (if config.monorepo.profiles.cuda.enable then [ "nvidia" ] else []);
};
}
diff --git a/nix/systems/affinity/default.nix b/nix/systems/affinity/default.nix
new file mode 100644
index 0000000..703103d
--- /dev/null
+++ b/nix/systems/affinity/default.nix
@@ -0,0 +1,13 @@
+{ config, lib, ... }:
+{
+ imports = [
+ ../../modules/default.nix
+ ];
+ config.monorepo = {
+ profiles = {
+ server.enable = true;
+ cuda.enable = true;
+ };
+ vars.hostName = "affinity";
+ };
+}