cleslie/nixfiles
1
0
Fork 0
mirror of https://github.com/callumio/nixfiles.git synced 2025-12-17 03:29:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
Callum Leslie 2024-08-30 12:50:02 +01:00
commit c45c7f26a4
Signed by: cleslie
GPG key ID: D382C4AFEECEAA90
28 changed files with 1531 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

18
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,18 @@
on:
pull_request:
push:
jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: DeterminateSystems/magic-nix-cache-action@v2
- uses: cachix/cachix-action@v14
with:
name: callumio-public
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: nix-community, om
- run: nix run github:juspay/omnix -- ci run "."

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

759
flake.lock generated Normal file
View file

@ -0,0 +1,759 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": [],
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"devour-flake": {
"flake": false,
"locked": {
"lastModified": 1709858306,
"narHash": "sha256-Vey9n9hIlWiSAZ6CCTpkrL6jt4r2JvT2ik9wa2bjeC0=",
"owner": "srid",
"repo": "devour-flake",
"rev": "17b711b9deadbbc5629cb7d2b64cf86ae72af3fa",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "devour-flake",
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724895876,
"narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=",
"owner": "nix-community",
"repo": "disko",
"rev": "511388d837178979de66d14ca4a2ebd5f7991cd3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"neovim-nightly-overlay",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"neovim-nightly-overlay",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"git-hooks_2": {
"inputs": {
"flake-compat": [
"nixvim",
"nixvim",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"neovim-nightly-overlay",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixvim",
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724947644,
"narHash": "sha256-MHHrHasTngp7EYQOObHJ1a/IsRF+wodHqOckhH6uZbk=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "dba4367b9a9d9615456c430a6d6af716f6e84cef",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724435763,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"neovim-nightly-overlay": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"hercules-ci-effects": "hercules-ci-effects",
"neovim-src": "neovim-src",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1724996444,
"narHash": "sha256-bgDfNsVPleUyx6vNr5INJTLfkLycNmL3yvSBv1OguLs=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "d0f68c980e3a0a3a8e63ccca93a01f87fb77937e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"type": "github"
}
},
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1724970905,
"narHash": "sha256-6HqoxweeX3tQbchJpjUNiBKj/2P3oiQBR42B/QuB+a0=",
"owner": "neovim",
"repo": "neovim",
"rev": "4353996d0fa8e5872a334d68196d8088391960cf",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "neovim",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724561770,
"narHash": "sha256-zv8C9RNa86CIpyHwPIVO/k+5TfM8ZbjGwOOpTe1grls=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ac5694a0b855a981e81b4d9f14052e3ff46ca39e",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixinate": {
"inputs": {
"nixpkgs": [
"unstable"
]
},
"locked": {
"lastModified": 1724970318,
"narHash": "sha256-LGsZmI5LcyjAcjiKU/LztUf2206OWGR5O03OAEzhP4Y=",
"owner": "callumio",
"repo": "nixinate",
"rev": "8bcfff29a6ae466100c64bec22cb7d8215eaa3a5",
"type": "github"
},
"original": {
"owner": "callumio",
"repo": "nixinate",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1724855419,
"narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1724840184,
"narHash": "sha256-RXftd9nVNpCKHEaiMhAWiZo3U/SEdRPF0zD7s7u50Oc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4f9cb71da3ec4f76fd406a0d87a1db491eda6870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"neovim-nightly-overlay": "neovim-nightly-overlay",
"nixpkgs": [
"unstable"
],
"nixvim": "nixvim_2"
},
"locked": {
"lastModified": 1725004186,
"narHash": "sha256-jJStfMyKX2wdJBOCi4Ws+LBEtCTqAXcBeViyLF98QHc=",
"owner": "callumio",
"repo": "nixvim",
"rev": "5bbc06e0db08193f5238a10a8e239370d77158b9",
"type": "github"
},
"original": {
"owner": "callumio",
"repo": "nixvim",
"type": "github"
}
},
"nixvim_2": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_3",
"flake-parts": [
"nixvim",
"flake-parts"
],
"git-hooks": "git-hooks_2",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1724968633,
"narHash": "sha256-eb2NCdLwfXL1MuTAkoDncSl2lCJwyylV5/NM1Ws2P/U=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "2704133fe3ca616b22ed6685cc67180456eb4160",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1725012739,
"narHash": "sha256-fVf5QTrPZ6am93vP6nckzDLGWL9zuMh8dRoRtO61lZY=",
"owner": "nix-community",
"repo": "NUR",
"rev": "e5c4ddb026545819dbb9071f70160761c5098ce1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724584782,
"narHash": "sha256-7FfHv7b1jwMPSu9SPY9hdxStk8E6EeSwzqdvV69U4BM=",
"owner": "NuschtOS",
"repo": "search",
"rev": "5a08d691de30b6fc28d58ce71a5e420f2694e087",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"devour-flake": "devour-flake",
"disko": "disko",
"home-manager": "home-manager_2",
"nixinate": "nixinate",
"nixpkgs": "nixpkgs",
"nixvim": "nixvim",
"nur": "nur",
"unstable": "unstable",
"utils": "utils"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724833132,
"narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1724819573,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1722363685,
"narHash": "sha256-XCf2PIAT6lH7BwytgioPmVf/wkzXjSKScC4KzcZgb64=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "6b10f51ff73a66bb29f3bc8151a59d217713f496",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

115
flake.nix Normal file
View file

@ -0,0 +1,115 @@
{
description = "C's Nix-Config";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixinate = {
url = "github:callumio/nixinate";
inputs.nixpkgs.follows = "unstable";
};
devour-flake = {
url = "github:srid/devour-flake";
flake = false;
};
nixvim = {
url = "github:callumio/nixvim";
inputs.nixpkgs.follows = "unstable";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
# i don't need darwin!!!
inputs.darwin.follows = "";
};
utils.url = "github:gytis-ivaskevicius/flake-utils-plus";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
#omnix-flake.url = "github:juspay/omnix?dir=nix/om";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
};
outputs = {
self,
disko,
nixpkgs,
nixinate,
utils,
nur,
home-manager,
...
} @ inputs: let
inherit (utils.lib) mkApp;
mods = import ./modules {inherit utils;};
hosts = import ./hosts {inherit utils;};
overlay = import ./overlays {inherit inputs;};
in
with mods.nixosModules;
utils.lib.mkFlake {
inherit self inputs;
inherit (mods) nixosModules;
inherit (hosts) hosts;
supportedSystems = ["x86_64-linux" "aarch64-linux"];
channelsConfig.allowUnfree = true;
channelsConfig.allowBroken = false;
channels.nixpkgs.overlaysBuilder = channels: [
(final: prev: {
inherit (channels) unstable;
})
];
channels.unstable.overlaysBuilder = channels: [
(final: prev: {
jellyfin-ffmpeg = prev.jellyfin-ffmpeg.override {
ffmpeg_6-full = prev.ffmpeg_6-full.override {
withMfx = false;
withVpl = true;
};
};
})
];
sharedOverlays = [
overlay
nur.overlay
];
hostDefaults.modules = [home-manager.nixosModules.home-manager inputs.agenix.nixosModules.default] ++ mods.sharedModules;
hostDefaults.extraArgs = {
inherit inputs;
};
outputsBuilder = channels:
with channels.nixpkgs; {
defaultPackage = nixvim;
packages = utils.lib.exportPackages self.overlays channels;
formatter = alejandra;
devShell = mkShell {
packages = [just git nixvim cachix jq devour-flake agenix];
};
};
overlays = utils.lib.exportOverlays {
inherit (self) pkgs inputs;
};
apps.x86_64-linux = (nixinate.nixinate.x86_64-linux self).nixinate;
};
}

6
hosts/artemis/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
modules = [./hardware-configuration.nix];
extraArgs = {};
specialArgs = {};
system = "x86_64-linux";
}

29
hosts/artemis/hardware-configuration.nix Normal file
View file

@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "rtsx_pci_sdmmc"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
#boot.kernelPackages = pkgs.linuxPackages_latest;
fileSystems."/" = {
device = "/dev/disk/by-uuid/5488764f-a50a-4ea2-ac8d-bfe565199018";
fsType = "ext4";
};
swapDevices = [];
networking.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
hosts/default.nix Normal file
View file

@ -0,0 +1,6 @@
{utils}: let
hosts = utils.lib.exportModules [
# ./artemis
./hermes
];
in {inherit hosts;}

34
hosts/hermes/configuration.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
inputs,
...
}: let
inherit (inputs.self.nixosModules) keys;
in {
services.remote-deploy = {
enable = true;
host = "media.cleslie.uk";
port = 62480;
keys = keys.c;
buildOn = "local";
};
time.timeZone = "Europe/London";
users.users.media = {
isNormalUser = true;
extraGroups = ["wheel" "multimedia"];
openssh.authorizedKeys.keys = keys.c;
packages = with pkgs; [
tree
nixvim
];
};
environment.systemPackages = with pkgs; [
wget
tree
];
}

44
hosts/hermes/containers.nix Normal file
View file

@ -0,0 +1,44 @@
{
virtualisation = {
podman.enable = true;
podman.dockerCompat = true;
oci-containers.backend = "podman";
oci-containers.containers = {
flaresolverr = {
#image = "ghcr.io/flaresolverr/flaresolverr:latest";
#image = "ghcr.io/flaresolverr/flaresolverr:pr-1282";
image = "docker.io/alexfozor/flaresolverr:pr-1300";
autoStart = true;
ports = ["127.0.0.1:8191:8191"];
environment = {
LOG_LEVEL = "debug";
};
};
tdarr = {
image = "ghcr.io/haveagitgat/tdarr";
autoStart = true;
ports = ["0.0.0.0:8265:8265" "127.0.0.1:8266:8266"];
volumes = [
"/var/lib/tdarr/server:/app/server"
"/var/lib/tdarr/configs:/app/configs"
"/var/lib/tdarr/logs:/app/logs"
"/var/lib/media/library:/media"
"/tmp:/temp"
];
environment = {
serverIP = "0.0.0.0";
serverPort = "8266";
webUIPort = "8265";
internalNode = "true";
inContainer = "true";
ffmpegVersion = "6";
nodeName = "internal";
TZ = "Europe/London";
PUID = "1000";
PGID = "994";
};
extraOptions = ["--device=/dev/dri:/dev/dri" "--network=bridge"];
};
};
};
}

15
hosts/hermes/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
modules = [
./hardware-configuration.nix
./configuration.nix
./fail2ban.nix
./containers.nix
./networking.nix
./ssh.nix
./media.nix
];
extraArgs = {};
specialArgs = {};
system = "x86_64-linux";
channelName = "unstable";
}

106
hosts/hermes/fail2ban.nix Normal file
View file

@ -0,0 +1,106 @@
{pkgs, ...}: {
services.fail2ban = {
enable = true;
jails = {
sshd.settings = {enabled = false;};
radarr.settings = {
enabled = true;
filter = "arr";
action = ''
iptables-allports
'';
logpath = "/var/lib/radarr/.config/Radarr/logs/radarr.txt";
backend = "auto";
maxretry = 4;
bantime = "52w";
findtime = "52w";
chain = "FORWARD";
};
sonarr.settings = {
enabled = true;
filter = "arr";
action = ''
iptables-allports
'';
logpath = "/var/lib/sonarr/.config/NzbDrone/logs/sonarr.txt";
backend = "auto";
maxretry = 4;
bantime = "52w";
findtime = "52w";
chain = "FORWARD";
};
prowlarr.settings = {
enabled = true;
filter = "arr";
action = ''
iptables-allports
'';
logpath = "/var/lib/prowlarr/logs/prowlarr.txt";
backend = "auto";
maxretry = 4;
bantime = "52w";
findtime = "52w";
chain = "FORWARD";
};
jellyseerr.settings = {
enabled = true;
filter = "jellyseerr";
action = ''
iptables-allports
'';
logpath = "/var/lib/jellyseerr/logs/overseer*.log";
backend = "auto";
maxretry = 4;
bantime = "52w";
findtime = "52w";
chain = "FORWARD";
};
jellyfin.settings = {
enabled = true;
filter = "jellyfin";
action = ''
iptables-allports
'';
logpath = "/var/lib/jellyfin/log/log*.log";
backend = "auto";
maxretry = 4;
bantime = "52w";
findtime = "52w";
chain = "FORWARD";
};
};
};
environment.etc = {
"fail2ban/filter.d/arr.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
[INCLUDES]
before = common.conf
[Definition]
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S\.%%f\|
failregex = ^\s*Warn\|Auth\|Auth-Failure ip <ADDR> username '<F-USER>[^']+</F-USER>'
ignoreregex =
'');
"fail2ban/filter.d/jellyseerr.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*\[warn\]\[API\]: Failed sign-in attempt using invalid Overseerr password {"ip":"<HOST>","email":
^.*\[warn\]\[Auth\]: Failed login attempt from user with incorrect Jellyfin credentials {"account":{"ip":"<HOST>","email":
ignoreregex =
'');
"fail2ban/filter.d/jellyfin.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.
ignoreregex =
'');
};
}

39
hosts/hermes/hardware-configuration.nix Normal file
View file

@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
initrd.kernelModules = [];
kernelModules = ["kvm-intel"];
kernelParams = [
"i915.enable_guc=2"
];
extraModulePackages = [];
};
#boot.kernelPackages = pkgs.linuxPackages_latest;
fileSystems."/" = {
device = "/dev/disk/by-uuid/c2f5061f-7577-4947-ba1d-f1ba12ec3271";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/57CE-8609";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
swapDevices = [];
networking.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

148
hosts/hermes/media.nix Normal file
View file

@ -0,0 +1,148 @@
{
pkgs,
config,
lib,
...
}: let
mediaDir = "/var/lib/media";
in {
users = {
groups.multimedia = {gid = 994;};
users."root".extraGroups = ["multimedia"];
users."media".extraGroups = ["multimedia"];
};
systemd.tmpfiles.rules = [
"d ${mediaDir} 0775 - multimedia - -"
"d ${mediaDir}/torrents 0775 - multimedia -"
"d ${mediaDir}/torrents/Downloads 0775 - multimedia -"
"d ${mediaDir}/usenet 0775 - multimedia -"
"d ${mediaDir}/usenet/Downloads 0775 - multimedia -"
"d ${mediaDir}/usenet/Done 0775 - multimedia -"
"d ${mediaDir}/library/Movies 0775 - multimedia - -"
"d ${mediaDir}/library/TV 0775 - multimedia - -"
"d ${mediaDir}/library/Music 0775 - multimedia - -"
"d /var/lib/tdarr 0775 - multimedia - "
"d /var/lib/tdarr/server 0775 - multimedia - "
"d /var/lib/tdarr/configs 0775 - multimedia - "
"d /var/lib/tdarr/logs 0775 - multimedia - "
];
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
#intel-media-sdk # QSV up to 11th gen
];
};
services = {
caddy = {
enable = true;
email = "acme@cleslie.uk";
virtualHosts = {
"media.cleslie.uk".extraConfig = ''
redir /radarr /radarr/
redir /sonarr /sonarr/
redir /lidarr /lidarr/
redir /bazarr /bazarr/
redir /prowlarr /prowlarr/
redir /tdarr /tdarr/
redir /deluge /deluge/
reverse_proxy /radarr/* 127.0.0.1:7878
reverse_proxy /sonarr/* 127.0.0.1:8989
reverse_proxy /lidarr/* 127.0.0.1:8686
reverse_proxy /bazarr/* 127.0.0.1:6767
reverse_proxy /prowlarr/* 127.0.0.1:9696
reverse_proxy /tdarr/* http://127.0.0.1:8265 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
}
route /deluge/* {
uri strip_prefix deluge
reverse_proxy 127.0.0.1:8112 {
header_up X-Real-IP {remote}
header_up X-Deluge-Base "/deluge"
}
}
'';
"watch.cleslie.uk".extraConfig = ''
reverse_proxy http://localhost:8096
'';
"request.cleslie.uk".extraConfig = ''
reverse_proxy http://localhost:5055
'';
};
};
homepage-dashboard = {
enable = false;
};
jellyfin = {
enable = true;
package = pkgs.jellyfin;
group = "multimedia";
openFirewall = false;
};
jellyseerr = {
enable = true;
openFirewall = false;
};
sonarr = {
enable = true;
group = "multimedia";
openFirewall = false;
};
radarr = {
enable = true;
group = "multimedia";
openFirewall = false;
};
bazarr = {
enable = true;
group = "multimedia";
openFirewall = false;
};
prowlarr = {
enable = true;
openFirewall = false;
};
deluge = {
enable = true;
group = "multimedia";
web.enable = true;
web.openFirewall = false;
dataDir = "${mediaDir}/torrents";
declarative = true;
config = {
enabled_plugins = ["Label"];
outgoing_interface = "wg1";
allow_remote = true;
openFirewall = false;
sequential_download = true;
};
authFile = pkgs.writeTextFile {
name = "deluge-auth";
text = ''
localclient::10
'';
};
};
};
}

21
hosts/hermes/networking.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}: {
networking.hostName = "hermes";
networking = {
enableIPv6 = false;
firewall.allowedTCPPorts = [80 443 8265];
firewall.checkReversePath = false;
iproute2.enable = true;
iproute2.rttablesExtraConfig = ''
200 vpn
'';
wg-quick.interfaces.wg1 = {
configFile = config.age.secrets.wg-conf.path;
table = "vpn";
};
};
}

15
hosts/hermes/ssh.nix Normal file
View file

@ -0,0 +1,15 @@
{
services = {
openssh = {
enable = true;
ports = [62480];
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "no";
};
endlessh-go = {
enable = true;
port = 22;
openFirewall = true;
};
};
}

19
justfile Normal file
View file

@ -0,0 +1,19 @@
default:
just --list
alias r := rebuild
alias v := vim
alias u := update
alias c := cache
rebuild:
sudo nixos-rebuild switch --flake .#
vim:
nix flake lock --update-input nixvim
update:
nix flake update
cache:
devour-flake . | cachix push callumio-public

7
modules/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
system.stateVersion = "24.05";
}

17
modules/default.nix Normal file
View file

@ -0,0 +1,17 @@
{utils}: let
nixosModules = utils.lib.exportModules [
./nix.nix
./hm.nix
./boot.nix
./deploy.nix
./keys.nix
./secret.nix
];
sharedModules = with nixosModules; [
nix
hm
boot
deploy
secret
];
in {inherit nixosModules sharedModules;}

74
modules/deploy.nix Normal file
View file

@ -0,0 +1,74 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.services.remote-deploy;
in {
options.services.remote-deploy = {
enable = mkEnableOption "Enable remote deployment with nixinate.";
host = mkOption {
type = types.str;
description = "Hostname to connect to.";
};
user = mkOption {
type = types.str;
default = "deploy";
description = "Username for deploy account.";
};
group = mkOption {
type = types.str;
default = "deploy";
description = "Group for deploy account.";
};
keys = mkOption {
type = types.listOf types.str;
description = "Authorised SSH keys for deployment";
};
port = mkOption {
type = types.port;
default = 22;
description = "SSH port to use.";
};
buildOn = mkOption {
type = types.enum ["local" "remote"];
default = "local";
description = "Where to build the config.";
};
substituteOnTarget = mkOption {
type = types.bool;
default = true;
description = "Substitute closures and paths from remote";
};
};
config = mkIf cfg.enable {
_module.args = {
nixinate = {
inherit (cfg) host buildOn port substituteOnTarget;
sshUser = cfg.user;
};
};
users.groups."${cfg.group}" = {};
users.users."${cfg.user}" = {
isSystemUser = true;
shell = pkgs.bash;
inherit (cfg) group;
openssh.authorizedKeys.keys = cfg.keys;
};
nix.settings.trusted-users = [cfg.user];
security.sudo.extraRules = [
{
groups = [cfg.group];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
}

4
modules/hm.nix Normal file
View file

@ -0,0 +1,4 @@
{pkgs, ...}: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}

5
modules/keys.nix Normal file
View file

@ -0,0 +1,5 @@
{
c = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDStMNZgO26AhBz+GkwkMnnDL7nfhOblEMz+bXVaDM3M ssh@cleslie.uk"
];
}

18
modules/nix.nix Normal file
View file

@ -0,0 +1,18 @@
{
nix = {
extraOptions = "gc-keep-outputs = true";
settings = {
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://nix-community.cachix.org"
"https://callumio-public.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"callumio-public.cachix.org-1:VucOSl7vh44GdqcILwMIeHlI0ufuAnHAl8cO1U/7yhg="
];
};
};
}

3
modules/secret.nix Normal file
View file

@ -0,0 +1,3 @@
{
imports = [../secrets/secrets-configuration.nix];
}

5
overlays/default.nix Normal file
View file

@ -0,0 +1,5 @@
{inputs, ...}: _final: prev: {
nixvim = inputs.nixvim.packages.${prev.system}.default;
devour-flake = prev.callPackage inputs.devour-flake {};
agenix = inputs.agenix.packages.${prev.system}.default;
}

5
secrets/secrets-configuration.nix Normal file
View file

@ -0,0 +1,5 @@
{
age.secrets."wg-conf" = {
file = ./wg-conf.age;
};
}

10
secrets/secrets.nix Normal file
View file

@ -0,0 +1,10 @@
let
keys = import ../modules/keys.nix;
systems = {
hermes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnmnOWpdewwytd15JcnJvJWbIE8hcMu/pp1TPqsvdol";
artemis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILERlCL5ZwP/mmtBNAMtLrUwEDy+tOprUWUmsGBRlTCF";
};
allSystems = builtins.attrValues systems;
in {
"wg-conf.age".publicKeys = keys.c ++ [systems.hermes];
}

7
secrets/wg-conf.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 /RyXeg XctPskEC5nKQwQ92umIwfryLtDqmgZihaMtkeOw7RxM
H2gVqcepTLHsnbiAZRPftpxZDGmptg8fGuweyFoAhRY
-> ssh-ed25519 aSaoJQ HtQ5MYtdlvwor5K5cB7uk+c535NoORJEM6NfYWRE6Vc
7/LiMkQp4Kg/+xnnkpOD7A/ecKmkSCz4S9DqvHBpxyE
--- nUlb1sy20HiTPwOXexW1tJpbZsLbV/tOkGIyzp8Hu4M
†#¶¦* 껿Xd ¼œ:i€ü][2Si¶UåNÞëíU·Ú‹Ñ>¡Îr=Á4ÌBùÜ]+Íx<C38D>²KÃÛ-`ÀMî$+󼞯zƒ`¥ç\+¶ u‡Â&Y=´A>5mŠT($*%ò<>[XPÝ:ÆF)Õ x þBß…ÿîûKÓlç¿3.˜…}£=™gg ¶ÞRdk ¦ûÆûÊÎÈAbfT#ÉWK÷û{Þ¾@Átˆ»A:³S8´FéÇ„Kÿ·Ì…Q"<22>û(Pºsa<73>Æ0Ø¿º«G"<22>>8üJøÝs˜EjBƒýtfË<C38B><[DmzéK'¬ÑZ<C391>]ÎÔEϸ´Ùà㬒<05>Ì}²ÞWVýd?X¬<>¡x!è Àú?Øš