pupbrained/nix-config
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nix-config/systems/x86_64-linux/polaris-nix/default.nix

576 lines
12 KiB
Nix
Raw Permalink Blame History

{
inputs,
lib,
config,
pkgs,
system,
...
}: {
facter.reportPath = ./facter.json;
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/64079eb2-d3e3-47b7-a889-d5b2fee4fa82";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/BC12-6397";
fsType = "vfat";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/d36507db-7392-4852-9b2a-12d2a476cd31";}];
nixpkgs.config.allowUnfree = true;
system.stateVersion = "23.11";
time.timeZone = "America/New_York";
age = {
secrets.token.file = ../../../secrets/token.age;
secrets.mailer_passwd.file = ../../../secrets/mailer_passwd.age;
identityPaths = ["/root/.ssh/id_ed25519"];
};
nix = {
nixPath = ["nixpkgs=flake:nixpkgs"];
registry =
(lib.mapAttrs (_: flake: {inherit flake;}))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
settings = {
auto-optimise-store = true;
experimental-features = "nix-command flakes";
warn-dirty = false;
trusted-users = ["marshall"];
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://nyx.chaotic.cx/"
"https://cuda-maintainers.cachix.org"
];
trusted-substituters = [
"cache.nixos.org"
"nix-community.cachix.org"
"nyx.chaotic.cx"
"cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw="
];
};
};
environment = {
localBinInPath = true;
sessionVariables.FLAKE = "/home/marshall/nix-config";
systemPackages = [
pkgs.miniupnpc
inputs.agenix.packages.${system}.default
pkgs.codeium
];
etc =
lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
};
fonts.packages = with pkgs; [
inter
maple-mono-SC-NF
nerdfonts
];
boot = {
kernelPackages = pkgs.linuxPackages_xanmod_latest;
supportedFilesystems = ["ntfs"];
binfmt = {
emulatedSystems = ["aarch64-linux"];
registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
magicOrExtension = ''\x7fELF....AI\x02'';
};
};
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
opengl = {
enable = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
libGL
libGLU
];
};
};
networking = {
hostName = "polaris-nix";
networkmanager.enable = true;
firewall.enable = false;
};
security = {
pam.services.gdm.enableGnomeKeyring = true;
rtkit.enable = true;
sudo.extraConfig = ''
Defaults lecture = never
'';
};
programs = {
fish.enable = true;
gnupg.agent.enable = true;
ssh.startAgent = true;
nix-ld = {
enable = true;
libraries = with pkgs; [
SDL
SDL2
SDL2_image
SDL2_mixer
SDL2_ttf
SDL_image
SDL_mixer
SDL_ttf
alsa-lib
at-spi2-atk
at-spi2-core
atk
bzip2
cairo
cups
curlWithGnuTls
dbus
dbus-glib
desktop-file-utils
e2fsprogs
expat
flac
fontconfig
freeglut
freetype
fribidi
fuse
fuse3
gdk-pixbuf
glew110
glib
gmp
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-ugly
gst_all_1.gstreamer
gtk2
harfbuzz
icu
keyutils.lib
libgcc
libGL
libGLU
libappindicator-gtk2
libcaca
libcanberra
libcap
libclang.lib
libdbusmenu
libdrm
libgcrypt
libgpg-error
libidn
libjack2
libjpeg
libmikmod
libogg
libpng12
libpulseaudio
librsvg
libsamplerate
libthai
libtheora
libtiff
libudev0-shim
libusb1
libuuid
libvdpau
libvorbis
libvpx
libxcrypt-legacy
libxkbcommon
libxml2
mesa
nspr
nss
openssl
p11-kit
pango
pixman
python3
speex
stdenv.cc.cc
tbb
udev
vulkan-loader
wayland
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libpciaccess
xorg.libxcb
xorg.xcbutil
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.xkeyboardconfig
xz
zlib
];
};
};
services = {
eternal-terminal.enable = true;
tailscale.enable = true;
xe-guest-utilities.enable = true;
code-server = {
enable = true;
disableTelemetry = true;
disableUpdateCheck = true;
disableWorkspaceTrust = true;
host = "0.0.0.0";
port = 8080;
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$alg3SXBFSkhzbDRhZXlCRw$2COxhvVifNMmIIozs14AkQ";
user = "marshall";
group = "users";
extraEnvironment = {
NIX_LD = lib.fileContents "${pkgs.stdenv.cc}/nix-support/dynamic-linker";
NIX_LD_LIBRARY_PATH = with pkgs;
lib.makeLibraryPath [
SDL
SDL2
SDL2_image
SDL2_mixer
SDL2_ttf
SDL_image
SDL_mixer
SDL_ttf
alsa-lib
at-spi2-atk
at-spi2-core
atk
bzip2
cairo
cups
curlWithGnuTls
dbus
dbus-glib
desktop-file-utils
e2fsprogs
expat
flac
fontconfig
freeglut
freetype
fribidi
fuse
fuse3
gdk-pixbuf
glew110
glib
gmp
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-ugly
gst_all_1.gstreamer
gtk2
harfbuzz
icu
keyutils.lib
libgcc
libGL
libGLU
libappindicator-gtk2
libcaca
libcanberra
libcap
libclang.lib
libdbusmenu
libdrm
libgcrypt
libgpg-error
libidn
libjack2
libjpeg
libmikmod
libogg
libpng12
libpulseaudio
librsvg
libsamplerate
libthai
libtheora
libtiff
libudev0-shim
libusb1
libuuid
libvdpau
libvorbis
libvpx
libxcrypt-legacy
libxkbcommon
libxml2
mesa
nspr
nss
openssl
p11-kit
pango
pixman
python3
speex
stdenv.cc.cc
tbb
udev
vulkan-loader
wayland
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libpciaccess
xorg.libxcb
xorg.xcbutil
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.xkeyboardconfig
xz
zlib
];
};
};
forgejo = let
forgejoDomain = "git.pupbrained.xyz";
in {
enable = true;
user = "git";
group = "git";
lfs.enable = true;
secrets.mailer.PASSWD = config.age.secrets.mailer_passwd.path;
settings = {
log.LEVEL = "Debug";
DEFAULT.APP_NAME = "MarGit";
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
database = {
SQLITE_JOURNAL_MODE = "WAL";
LOG_SQL = false;
};
federation.ENABLED = true;
mailer = {
ENABLED = true;
SMTP_ADDR = "email-smtp.us-east-2.amazonaws.com";
FROM = "noreply@git.pupbrained.xyz";
USER = "AKIAVIRH7PRQXI3FCBZ4";
SEND_AS_PLAIN_TEXT = true;
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
ENABLED_ISSUE_BY_LABEL = true;
};
oauth2_client = {
ACCOUNT_LINKING = "login";
USERNAME = "nickname";
ENABLE_AUTO_REGISTRATION = false;
REGISTER_EMAIL_CONFIRM = false;
UPDATE_AVATAR = true;
};
packages.ENABLED = true;
repository = {
DEFAULT_PRIVATE = "private";
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
server = {
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = 6610;
DOMAIN = forgejoDomain;
ROOT_URL = "https://${forgejoDomain}/";
SSH_USER = "git";
SSH_DOMAIN = "ssh.pupbrained.xyz";
};
service = {
DISABLE_REGISTRATION = false;
SHOW_REGISTRATION_BUTTON = true;
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = true;
};
session.COOKIE_SECURE = true;
ui = {
DEFAULT_THEME = "forgejo-auto";
};
"ui.meta".AUTHOR = "MarGit";
};
};
matrix-conduit = {
enable = true;
package = pkgs.conduwuit_git;
settings.global.database_backend = "rocksdb";
settings.global.allow_registration = true;
settings.global.address = "0.0.0.0";
settings.global.server_name = "pupbrained.xyz";
settings.global.registration_token = "blehh";
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
pipewire = {
enable = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
layout = "us";
xkbVariant = "";
};
};
systemd.services.cloudflared = {
description = "Point traffic to tunnel subdomain";
wantedBy = ["default.target"];
serviceConfig = {
EnvironmentFile = config.age.secrets.token.path;
Type = "oneshot";
ExecStart = "${lib.getExe pkgs.cloudflared} tunnel --no-autoupdate run";
};
};
users.users.marshall = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ["wheel" "libvirtd" "kvm"];
};
users.groups.git = {};
users.users.git = {
isSystemUser = true;
useDefaultShell = true;
group = "git";
home = config.services.forgejo.stateDir;
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}
Reference in a new issue View git blame Copy permalink