574 lines
12 KiB
Nix
574 lines
12 KiB
Nix
{
|
|
inputs,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
system,
|
|
...
|
|
}: {
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-uuid/64079eb2-d3e3-47b7-a889-d5b2fee4fa82";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
"/boot" = {
|
|
device = "/dev/disk/by-uuid/BC12-6397";
|
|
fsType = "vfat";
|
|
};
|
|
};
|
|
|
|
swapDevices = [{device = "/dev/disk/by-uuid/d36507db-7392-4852-9b2a-12d2a476cd31";}];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
system.stateVersion = "23.11";
|
|
time.timeZone = "America/New_York";
|
|
|
|
age = {
|
|
secrets.token.file = ../../../secrets/token.age;
|
|
secrets.mailer_passwd.file = ../../../secrets/mailer_passwd.age;
|
|
identityPaths = ["/root/.ssh/id_ed25519"];
|
|
};
|
|
|
|
nix = {
|
|
nixPath = ["nixpkgs=flake:nixpkgs"];
|
|
registry =
|
|
(lib.mapAttrs (_: flake: {inherit flake;}))
|
|
((lib.filterAttrs (_: lib.isType "flake")) inputs);
|
|
|
|
settings = {
|
|
auto-optimise-store = true;
|
|
experimental-features = "nix-command flakes";
|
|
warn-dirty = false;
|
|
trusted-users = ["marshall"];
|
|
|
|
substituters = [
|
|
"https://cache.nixos.org"
|
|
"https://nix-community.cachix.org"
|
|
"https://nyx.chaotic.cx/"
|
|
"https://cuda-maintainers.cachix.org"
|
|
];
|
|
|
|
trusted-substituters = [
|
|
"cache.nixos.org"
|
|
"nix-community.cachix.org"
|
|
"nyx.chaotic.cx"
|
|
"cuda-maintainers.cachix.org"
|
|
];
|
|
|
|
trusted-public-keys = [
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
|
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
|
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
|
|
"conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw="
|
|
];
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
localBinInPath = true;
|
|
|
|
sessionVariables.FLAKE = "/home/marshall/nix-config";
|
|
|
|
systemPackages = [
|
|
pkgs.miniupnpc
|
|
inputs.agenix.packages.${system}.default
|
|
pkgs.codeium
|
|
];
|
|
|
|
etc =
|
|
lib.mapAttrs'
|
|
(name: value: {
|
|
name = "nix/path/${name}";
|
|
value.source = value.flake;
|
|
})
|
|
config.nix.registry;
|
|
};
|
|
|
|
fonts.packages = with pkgs; [
|
|
inter
|
|
maple-mono-SC-NF
|
|
nerdfonts
|
|
];
|
|
|
|
boot = {
|
|
kernelPackages = pkgs.linuxPackages_xanmod_latest;
|
|
supportedFilesystems = ["ntfs"];
|
|
|
|
binfmt = {
|
|
emulatedSystems = ["aarch64-linux"];
|
|
|
|
registrations.appimage = {
|
|
wrapInterpreterInShell = false;
|
|
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
|
|
recognitionType = "magic";
|
|
offset = 0;
|
|
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
|
|
magicOrExtension = ''\x7fELF....AI\x02'';
|
|
};
|
|
};
|
|
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
};
|
|
|
|
hardware = {
|
|
pulseaudio.enable = false;
|
|
|
|
bluetooth = {
|
|
enable = true;
|
|
powerOnBoot = true;
|
|
};
|
|
|
|
opengl = {
|
|
enable = true;
|
|
driSupport32Bit = true;
|
|
extraPackages = with pkgs; [
|
|
libGL
|
|
libGLU
|
|
];
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = "polaris-nix";
|
|
networkmanager.enable = true;
|
|
firewall.enable = false;
|
|
};
|
|
|
|
security = {
|
|
pam.services.gdm.enableGnomeKeyring = true;
|
|
rtkit.enable = true;
|
|
|
|
sudo.extraConfig = ''
|
|
Defaults lecture = never
|
|
'';
|
|
};
|
|
|
|
programs = {
|
|
fish.enable = true;
|
|
gnupg.agent.enable = true;
|
|
ssh.startAgent = true;
|
|
|
|
nix-ld = {
|
|
enable = true;
|
|
libraries = with pkgs; [
|
|
SDL
|
|
SDL2
|
|
SDL2_image
|
|
SDL2_mixer
|
|
SDL2_ttf
|
|
SDL_image
|
|
SDL_mixer
|
|
SDL_ttf
|
|
alsa-lib
|
|
at-spi2-atk
|
|
at-spi2-core
|
|
atk
|
|
bzip2
|
|
cairo
|
|
cups
|
|
curlWithGnuTls
|
|
dbus
|
|
dbus-glib
|
|
desktop-file-utils
|
|
e2fsprogs
|
|
expat
|
|
flac
|
|
fontconfig
|
|
freeglut
|
|
freetype
|
|
fribidi
|
|
fuse
|
|
fuse3
|
|
gdk-pixbuf
|
|
glew110
|
|
glib
|
|
gmp
|
|
gst_all_1.gst-plugins-base
|
|
gst_all_1.gst-plugins-ugly
|
|
gst_all_1.gstreamer
|
|
gtk2
|
|
harfbuzz
|
|
icu
|
|
keyutils.lib
|
|
libgcc
|
|
libGL
|
|
libGLU
|
|
libappindicator-gtk2
|
|
libcaca
|
|
libcanberra
|
|
libcap
|
|
libclang.lib
|
|
libdbusmenu
|
|
libdrm
|
|
libgcrypt
|
|
libgpg-error
|
|
libidn
|
|
libjack2
|
|
libjpeg
|
|
libmikmod
|
|
libogg
|
|
libpng12
|
|
libpulseaudio
|
|
librsvg
|
|
libsamplerate
|
|
libthai
|
|
libtheora
|
|
libtiff
|
|
libudev0-shim
|
|
libusb1
|
|
libuuid
|
|
libvdpau
|
|
libvorbis
|
|
libvpx
|
|
libxcrypt-legacy
|
|
libxkbcommon
|
|
libxml2
|
|
mesa
|
|
nspr
|
|
nss
|
|
openssl
|
|
p11-kit
|
|
pango
|
|
pixman
|
|
python3
|
|
speex
|
|
stdenv.cc.cc
|
|
tbb
|
|
udev
|
|
vulkan-loader
|
|
wayland
|
|
xorg.libICE
|
|
xorg.libSM
|
|
xorg.libX11
|
|
xorg.libXScrnSaver
|
|
xorg.libXcomposite
|
|
xorg.libXcursor
|
|
xorg.libXdamage
|
|
xorg.libXext
|
|
xorg.libXfixes
|
|
xorg.libXft
|
|
xorg.libXi
|
|
xorg.libXinerama
|
|
xorg.libXmu
|
|
xorg.libXrandr
|
|
xorg.libXrender
|
|
xorg.libXt
|
|
xorg.libXtst
|
|
xorg.libXxf86vm
|
|
xorg.libpciaccess
|
|
xorg.libxcb
|
|
xorg.xcbutil
|
|
xorg.xcbutilimage
|
|
xorg.xcbutilkeysyms
|
|
xorg.xcbutilrenderutil
|
|
xorg.xcbutilwm
|
|
xorg.xkeyboardconfig
|
|
xz
|
|
zlib
|
|
];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
eternal-terminal.enable = true;
|
|
tailscale.enable = true;
|
|
xe-guest-utilities.enable = true;
|
|
|
|
code-server = {
|
|
enable = true;
|
|
disableTelemetry = true;
|
|
disableUpdateCheck = true;
|
|
disableWorkspaceTrust = true;
|
|
host = "0.0.0.0";
|
|
port = 8080;
|
|
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$alg3SXBFSkhzbDRhZXlCRw$2COxhvVifNMmIIozs14AkQ";
|
|
user = "marshall";
|
|
group = "users";
|
|
extraEnvironment = {
|
|
NIX_LD = lib.fileContents "${pkgs.stdenv.cc}/nix-support/dynamic-linker";
|
|
NIX_LD_LIBRARY_PATH = with pkgs;
|
|
lib.makeLibraryPath [
|
|
SDL
|
|
SDL2
|
|
SDL2_image
|
|
SDL2_mixer
|
|
SDL2_ttf
|
|
SDL_image
|
|
SDL_mixer
|
|
SDL_ttf
|
|
alsa-lib
|
|
at-spi2-atk
|
|
at-spi2-core
|
|
atk
|
|
bzip2
|
|
cairo
|
|
cups
|
|
curlWithGnuTls
|
|
dbus
|
|
dbus-glib
|
|
desktop-file-utils
|
|
e2fsprogs
|
|
expat
|
|
flac
|
|
fontconfig
|
|
freeglut
|
|
freetype
|
|
fribidi
|
|
fuse
|
|
fuse3
|
|
gdk-pixbuf
|
|
glew110
|
|
glib
|
|
gmp
|
|
gst_all_1.gst-plugins-base
|
|
gst_all_1.gst-plugins-ugly
|
|
gst_all_1.gstreamer
|
|
gtk2
|
|
harfbuzz
|
|
icu
|
|
keyutils.lib
|
|
libgcc
|
|
libGL
|
|
libGLU
|
|
libappindicator-gtk2
|
|
libcaca
|
|
libcanberra
|
|
libcap
|
|
libclang.lib
|
|
libdbusmenu
|
|
libdrm
|
|
libgcrypt
|
|
libgpg-error
|
|
libidn
|
|
libjack2
|
|
libjpeg
|
|
libmikmod
|
|
libogg
|
|
libpng12
|
|
libpulseaudio
|
|
librsvg
|
|
libsamplerate
|
|
libthai
|
|
libtheora
|
|
libtiff
|
|
libudev0-shim
|
|
libusb1
|
|
libuuid
|
|
libvdpau
|
|
libvorbis
|
|
libvpx
|
|
libxcrypt-legacy
|
|
libxkbcommon
|
|
libxml2
|
|
mesa
|
|
nspr
|
|
nss
|
|
openssl
|
|
p11-kit
|
|
pango
|
|
pixman
|
|
python3
|
|
speex
|
|
stdenv.cc.cc
|
|
tbb
|
|
udev
|
|
vulkan-loader
|
|
wayland
|
|
xorg.libICE
|
|
xorg.libSM
|
|
xorg.libX11
|
|
xorg.libXScrnSaver
|
|
xorg.libXcomposite
|
|
xorg.libXcursor
|
|
xorg.libXdamage
|
|
xorg.libXext
|
|
xorg.libXfixes
|
|
xorg.libXft
|
|
xorg.libXi
|
|
xorg.libXinerama
|
|
xorg.libXmu
|
|
xorg.libXrandr
|
|
xorg.libXrender
|
|
xorg.libXt
|
|
xorg.libXtst
|
|
xorg.libXxf86vm
|
|
xorg.libpciaccess
|
|
xorg.libxcb
|
|
xorg.xcbutil
|
|
xorg.xcbutilimage
|
|
xorg.xcbutilkeysyms
|
|
xorg.xcbutilrenderutil
|
|
xorg.xcbutilwm
|
|
xorg.xkeyboardconfig
|
|
xz
|
|
zlib
|
|
];
|
|
};
|
|
};
|
|
|
|
forgejo = let
|
|
forgejoDomain = "git.pupbrained.xyz";
|
|
in {
|
|
enable = true;
|
|
user = "git";
|
|
group = "git";
|
|
lfs.enable = true;
|
|
secrets.mailer.PASSWD = config.age.secrets.mailer_passwd.path;
|
|
settings = {
|
|
log.LEVEL = "Debug";
|
|
DEFAULT.APP_NAME = "MarGit";
|
|
|
|
actions = {
|
|
ENABLED = true;
|
|
DEFAULT_ACTIONS_URL = "github";
|
|
};
|
|
|
|
database = {
|
|
SQLITE_JOURNAL_MODE = "WAL";
|
|
LOG_SQL = false;
|
|
};
|
|
|
|
federation.ENABLED = true;
|
|
|
|
mailer = {
|
|
ENABLED = true;
|
|
SMTP_ADDR = "email-smtp.us-east-2.amazonaws.com";
|
|
FROM = "noreply@git.pupbrained.xyz";
|
|
USER = "AKIAVIRH7PRQXI3FCBZ4";
|
|
SEND_AS_PLAIN_TEXT = true;
|
|
};
|
|
|
|
metrics = {
|
|
ENABLED = true;
|
|
ENABLED_ISSUE_BY_REPOSITORY = true;
|
|
ENABLED_ISSUE_BY_LABEL = true;
|
|
};
|
|
|
|
oauth2_client = {
|
|
ACCOUNT_LINKING = "login";
|
|
USERNAME = "nickname";
|
|
ENABLE_AUTO_REGISTRATION = false;
|
|
REGISTER_EMAIL_CONFIRM = false;
|
|
UPDATE_AVATAR = true;
|
|
};
|
|
|
|
packages.ENABLED = true;
|
|
|
|
repository = {
|
|
DEFAULT_PRIVATE = "private";
|
|
ENABLE_PUSH_CREATE_USER = true;
|
|
ENABLE_PUSH_CREATE_ORG = true;
|
|
};
|
|
|
|
server = {
|
|
HTTP_ADDR = "0.0.0.0";
|
|
HTTP_PORT = 6610;
|
|
DOMAIN = forgejoDomain;
|
|
ROOT_URL = "https://${forgejoDomain}/";
|
|
SSH_USER = "git";
|
|
SSH_DOMAIN = "ssh.pupbrained.xyz";
|
|
};
|
|
|
|
service = {
|
|
DISABLE_REGISTRATION = false;
|
|
SHOW_REGISTRATION_BUTTON = true;
|
|
REGISTER_EMAIL_CONFIRM = false;
|
|
ENABLE_NOTIFY_MAIL = true;
|
|
};
|
|
|
|
session.COOKIE_SECURE = true;
|
|
|
|
ui = {
|
|
DEFAULT_THEME = "forgejo-auto";
|
|
};
|
|
|
|
"ui.meta".AUTHOR = "MarGit";
|
|
};
|
|
};
|
|
|
|
matrix-conduit = {
|
|
enable = true;
|
|
package = pkgs.conduwuit_git;
|
|
settings.global.database_backend = "rocksdb";
|
|
settings.global.allow_registration = true;
|
|
settings.global.address = "0.0.0.0";
|
|
settings.global.server_name = "pupbrained.xyz";
|
|
settings.global.registration_token = "blehh";
|
|
};
|
|
|
|
openssh = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
pipewire = {
|
|
enable = true;
|
|
pulse.enable = true;
|
|
|
|
alsa = {
|
|
enable = true;
|
|
support32Bit = true;
|
|
};
|
|
};
|
|
|
|
xserver = {
|
|
enable = true;
|
|
displayManager.gdm.enable = true;
|
|
desktopManager.gnome.enable = true;
|
|
layout = "us";
|
|
xkbVariant = "";
|
|
};
|
|
};
|
|
|
|
systemd.services.cloudflared = {
|
|
description = "Point traffic to tunnel subdomain";
|
|
wantedBy = ["default.target"];
|
|
serviceConfig = {
|
|
EnvironmentFile = config.age.secrets.token.path;
|
|
Type = "oneshot";
|
|
ExecStart = "${lib.getExe pkgs.cloudflared} tunnel --no-autoupdate run";
|
|
};
|
|
};
|
|
|
|
users.users.marshall = {
|
|
isNormalUser = true;
|
|
shell = pkgs.fish;
|
|
extraGroups = ["wheel" "libvirtd" "kvm"];
|
|
};
|
|
|
|
users.groups.git = {};
|
|
|
|
users.users.git = {
|
|
isSystemUser = true;
|
|
useDefaultShell = true;
|
|
group = "git";
|
|
home = config.services.forgejo.stateDir;
|
|
};
|
|
|
|
i18n = {
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
extraLocaleSettings = {
|
|
LC_ADDRESS = "en_US.UTF-8";
|
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
LC_MEASUREMENT = "en_US.UTF-8";
|
|
LC_MONETARY = "en_US.UTF-8";
|
|
LC_NAME = "en_US.UTF-8";
|
|
LC_NUMERIC = "en_US.UTF-8";
|
|
LC_PAPER = "en_US.UTF-8";
|
|
LC_TELEPHONE = "en_US.UTF-8";
|
|
LC_TIME = "en_US.UTF-8";
|
|
};
|
|
};
|
|
}
|