nettika/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move marauder configs to new flake

Browse source
This commit is contained in:
Nettika 2025-06-15 02:03:09 -07:00
parent 603b693208
commit cae6d2cb09
17 changed files with 292 additions and 594 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/marauder/backup.nix → backup.nix
View file

@ -1,5 +1,4 @@
{ pkgs, config, secrets, ... }:
{
{ pkgs, config, secrets, ... }: {
systemd.services = {
notify-backup-b2-failed = {
description = "Notify on failed backup to B2";
@ -11,11 +10,10 @@
DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/1000/bus";
};
path = [ pkgs.libnotify ];
script = "notify-send -u critical \"Backup to B2 failed\" \"$(journalctl -u restic-backups-b2 -n 5 -o cat)\"";
};
restic-backups-b2 = {
onFailure = [ "notify-backup-b2-failed.service" ];
script = ''
notify-send -u critical "Backup to B2 failed" "$(journalctl -u restic-backups-b2 -n 5 -o cat)"'';
};
restic-backups-b2 = { onFailure = [ "notify-backup-b2-failed.service" ]; };
};
environment.etc = {
@ -40,11 +38,7 @@
"${config.users.users.nettika.home}/Projects"
"${config.users.users.nettika.home}/Videos"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
};
};
}

280
configuration.nix Executable file
View file

@ -0,0 +1,280 @@
{ pkgs, inputs, secrets, ... }:
let
fortune = pkgs.writeShellScript "cgi" ''
echo "Content-type: text/html"
echo ""
${pkgs.fortune}/bin/fortune
'';
ffcheck = pkgs.writeShellScriptBin "ffcheck" ''
${pkgs.ffmpeg}/bin/ffmpeg -v error -stats -hide_banner -i "$1" -c copy -f null -
'';
in {
imports = [ ./backup.nix ];
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters =
[ "https://nixcache.shelvacu.com" "https://fossar.cachix.org" ];
trusted-public-keys = [
"fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
"nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
];
trusted-users = [ "@wheel" ];
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
users.users.nettika = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.fish;
};
security.sudo.wheelNeedsPassword = false;
environment.variables = {
EDITOR = "nano";
VISUAL = "code --wait";
};
networking = {
hostName = "marauder";
firewall.enable = false;
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/648c6539-892c-40d7-8b07-23fe760df02a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/1D62-C30E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
systemd.enable = true;
availableKernelModules =
[ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
};
kernelModules = [ "kvm-amd" ];
kernelParams = [ "amd_pstate=active" ];
};
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = true;
graphics = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.vaapiVdpau ];
};
nvidia = {
open = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
amdgpuBusId = "PCI:05:00:0";
nvidiaBusId = "PCI:01:00:0";
};
};
};
environment = {
systemPackages = [ inputs.shelvacu.packages.x86_64-linux.sm64coopdx ]
++ (with pkgs; [
# Chat clients
discord
slack
element-desktop
telegram-desktop
signal-desktop
# Browsers
firefox
filezilla
# Creative
inkscape
gimp
krita
openscad-unstable
bambu-studio
# Multimedia
vlc
ffmpeg
ffcheck
aonsoku
# Code Editors
vscode
arduino-ide
# Dev Tools
nixd
nixfmt
nixpkgs-fmt
pyenv
rustup
electron
# Languages
gcc
kotlin
nodejs
php
# Command line
git-crypt
htop
jq
# Misc
obsidian
intiface-central
prismlauncher
blender
mullvad-vpn
qbittorrent
system-config-printer
]);
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.git = {
enable = true;
lfs.enable = true;
config = {
init.defaultBranch = "master";
user = {
email = "git@nettika.cat";
name = "Nettika";
};
credential.helper = "store";
};
};
programs.nano = {
enable = true;
nanorc = ''
set autoindent
set linenumbers
'';
};
programs.fish = {
enable = true;
promptInit = ''
function fish_prompt
echo -n '💜 '
set_color brgreen
echo -n (prompt_pwd)
set_color normal
echo -n ' > '
end
function fish_right_prompt
set_color bryellow
echo -n (git branch --show-current 2>/dev/null)
end
'';
shellInit = ''
set -g fish_greeting
set -g fish_prompt_pwd_full_dirs 999
'';
};
programs.direnv.enable = true;
programs.ssh.extraConfig = ''
Host quasar
HostName consortium.chat
IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
Host monolith
HostName 10.243.210.154
Host fennbox
HostName 10.243.109.199
User fenn
'';
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
services.httpd = {
enable = true;
enablePHP = true;
phpPackage = inputs.phps.packages.x86_64-linux.php80;
extraConfig = ''
ScriptAlias /fortune ${fortune}/bin/fortune
'';
virtualHosts."localhost" = {
documentRoot = "/var/www";
locations."/".index = "index.html index.php";
};
};
programs.nix-ld = { enable = true; };
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
desktopManager = {
cinnamon.enable = true;
xterm.enable = false;
};
};
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.displayManager.defaultSession = "cinnamon";
services.power-profiles-daemon.enable = false;
services.tlp.enable = true;
services.fstrim.enable = true;
services.zerotierone = {
enable = true;
joinNetworks = secrets.zerotier.networks;
};
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn; # Include GUI
};
time.timeZone = "America/Los_Angeles";
system.stateVersion = "24.05";
}

31
flake.nix
View file

@ -1,5 +1,5 @@
{
description = "Nettika's NixOS Configurations";
description = "Marauder NixOS Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
@ -8,33 +8,12 @@
};
outputs = { self, nixpkgs, ... }@inputs:
let
secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
in
{
nixosModules = {
common = import ./modules/common.nix;
prompt = import ./modules/prompt.nix;
server = import ./modules/server.nix;
zerotier = import ./modules/zerotier.nix;
};
nixosConfigurations = {
marauder = nixpkgs.lib.nixosSystem {
let secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
in {
nixosConfigurations.marauder = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./hosts/marauder ];
modules = [ ./configuration.nix ];
specialArgs = { inherit self inputs secrets; };
};
monolith = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./hosts/monolith ];
specialArgs = { inherit self inputs secrets; };
};
quasar = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./hosts/quasar ];
specialArgs = { inherit self inputs secrets; };
};
};
};
}

166
hosts/marauder/default.nix
View file

@ -1,166 +0,0 @@
{ self, pkgs, inputs, ... }:
{
imports = [
self.nixosModules.common
self.nixosModules.prompt
self.nixosModules.zerotier
./backup.nix
./dev.nix
./www.nix
./printing.nix
];
networking = {
hostName = "marauder";
firewall.enable = false;
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/648c6539-892c-40d7-8b07-23fe760df02a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/1D62-C30E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd = {
systemd.enable = true;
availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
};
kernelModules = [ "kvm-amd" ];
kernelParams = [ "amd_pstate=active" ];
};
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = true;
graphics = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.vaapiVdpau ];
};
nvidia = {
open = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
amdgpuBusId = "PCI:05:00:0";
nvidiaBusId = "PCI:01:00:0";
};
};
};
environment = {
systemPackages = [
inputs.shelvacu.packages.x86_64-linux.sm64coopdx
] ++ (with pkgs; [
# Chat clients
discord
slack
element-desktop
telegram-desktop
signal-desktop
# Browsers
firefox
filezilla
# Creative
inkscape
gimp
krita
openscad-unstable
bambu-studio
# Multimedia
vlc
ffmpeg
(callPackage ./ffcheck.nix { })
aonsoku
# Misc
obsidian
intiface-central
prismlauncher
blender
mullvad-vpn
qbittorrent
]);
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.ssh.extraConfig = ''
Host quasar
HostName consortium.chat
IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
Host monolith
HostName 10.243.210.154
Host fennbox
HostName 10.243.109.199
User fenn
'';
programs.nix-ld = {
enable = true;
};
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
desktopManager = {
cinnamon.enable = true;
xterm.enable = false;
};
};
services.displayManager = {
defaultSession = "cinnamon";
};
services.power-profiles-daemon = {
enable = false;
};
services.tlp = {
enable = true;
};
services.fstrim = {
enable = true;
};
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn; # Include GUI
};
promptEmoji = "💜";
time.timeZone = "America/Los_Angeles";
system.stateVersion = "24.05";
}

30
hosts/marauder/dev.nix
View file

@ -1,30 +0,0 @@
{ pkgs, ... }:
{
environment.variables = {
VISUAL = "code --wait";
};
environment.systemPackages = with pkgs; [
# Code Editors
vscode
arduino-ide
# Dev Tools
nixd
nixfmt
nixpkgs-fmt
pyenv
rustup
electron
# Languages
gcc
kotlin
nodejs
php
];
programs.direnv = {
enable = true;
};
}

3
hosts/marauder/ffcheck.nix
View file

@ -1,3 +0,0 @@
{ writeShellScriptBin, ffmpeg }: writeShellScriptBin "ffcheck" ''
${ffmpeg}/bin/ffmpeg -v error -stats -hide_banner -i "$1" -c copy -f null -
''

16
hosts/marauder/printing.nix
View file

@ -1,16 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
system-config-printer
];
services.printing = {
enable = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
}

26
hosts/marauder/www.nix
View file

@ -1,26 +0,0 @@
{ pkgs, inputs, ... }:
let
fortune = pkgs.writeShellScript "cgi" ''
echo "Content-type: text/html"
echo ""
${pkgs.fortune}/bin/fortune
'';
in {
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
services.httpd = {
enable = true;
enablePHP = true;
phpPackage = inputs.phps.packages.x86_64-linux.php80;
extraConfig = ''
ScriptAlias /fortune ${fortune}/bin/fortune
'';
virtualHosts."localhost" = {
documentRoot = "/var/www";
locations."/".index = "index.html index.php";
};
};
}

94
hosts/monolith/default.nix
View file

@ -1,94 +0,0 @@
{ self, pkgs, ... }:
{
imports = [
self.nixosModules.common
self.nixosModules.prompt
self.nixosModules.server
self.nixosModules.zerotier
./dns.nix
./vault.nix
];
networking = {
hostName = "monolith";
hostId = "44551c32";
firewall.allowedTCPPorts = [ 8000 ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0c335248-f2b4-4a33-86f0-e96cfac82866";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/D945-7F54";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
"/library" = {
device = "library";
fsType = "zfs";
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "zfs" ];
};
environment.systemPackages = with pkgs; [
rclone
beets
flac
screen
rustup
gcc
(callPackage ../marauder/ffcheck.nix { })
mp3val
];
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.navidrome = {
enable = true;
openFirewall = true;
settings = {
Address = "0.0.0.0";
MusicFolder = "/library/music";
Scanner.GroupAlbumReleases = "true";
ScanSchedule = "0";
};
};
systemd = {
services.reboot = {
description = "Reboot the system";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
};
};
timers.reboot = {
description = "Reboot the system every two hours";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "6h";
Persistent = true;
};
};
};
promptEmoji = "🏰";
time.timeZone = "America/Los_Angeles";
system.stateVersion = "24.05";
}

28
hosts/monolith/dns.nix
View file

@ -1,28 +0,0 @@
{ secrets, pkgs, ... }:
{
systemd.services.update-dns = {
serviceConfig.Type = "oneshot";
description = "Update the leaf.ninja DNS records";
path = with pkgs; [ curl ];
script = ''
public_ip=$(curl -s https://ifconfig.me/ip)
endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
curl \
-X PUT \
-H "Authorization: Bearer ${secrets.gandi.token}" \
-H "Content-Type: application/json" \
-d "{\"rrset_values\":[\"$public_ip\"]}" \
$endpoint/ostiary/A
'';
};
systemd.timers.update-dns = {
wantedBy = [ "timers.target" ];
partOf = [ "update-dns.service" ];
timerConfig = {
OnBootSec = "15m";
OnUnitActiveSec = "15m";
Unit = "update-dns.service";
};
};
}

20
hosts/monolith/vault.nix
View file

@ -1,20 +0,0 @@
{ secrets, ... }:
{
services.vaultwarden = {
enable = true;
config = {
domain = "https://vault.leaf.ninja";
signupsAllowed = false;
rocketAddress = "0.0.0.0";
rocketPort = 8222;
smtpHost = "smtp.migadu.com";
smtpFrom = "vaultwarden@leaf.ninja";
smtpPort = 587;
smtpSecurity = "starttls";
smtpUsername = "vaultwarden@leaf.ninja";
smtpPassword = secrets.vaultwarden.smtpPassword;
};
};
networking.firewall.allowedTCPPorts = [ 8222 ];
}

54
hosts/quasar/default.nix
View file

@ -1,54 +0,0 @@
{ self, modulesPath, pkgs, config, secrets, ... }:
{
imports = [
"${modulesPath}/virtualisation/amazon-image.nix"
self.nixosModules.common
self.nixosModules.prompt
self.nixosModules.server
];
networking = {
hostName = "quasar";
domain = "consortium.chat";
firewall.allowedTCPPorts = [ 80 443 ];
};
services.postgresql = {
enable = true;
};
services.caddy = {
enable = true;
virtualHosts = {
"${config.networking.domain}".extraConfig = ''
reverse_proxy localhost:8008
header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
'';
"matrix.${config.networking.domain}".extraConfig = ''
reverse_proxy /_matrix/* localhost:8008
reverse_proxy /_synapse/client/* localhost:8008
'';
"admin.${config.networking.domain}".extraConfig = ''
root * ${pkgs.synapse-admin}
file_server
'';
};
};
services.matrix-synapse = {
enable = true;
settings = {
server_name = config.networking.domain;
serve_server_wellknown = true;
registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
form_secret = secrets.synapse."consortium.chat".form-secret;
};
};
promptEmoji = "🌟";
time.timeZone = "America/Los_Angeles";
system.stateVersion = "24.05";
}

66
modules/common.nix
View file

@ -1,66 +0,0 @@
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nixcache.shelvacu.com"
"https://fossar.cachix.org"
];
trusted-public-keys = [
"fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
"nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
];
trusted-users = [ "@wheel" ];
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
users.users.nettika = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
shell = pkgs.fish;
};
security.sudo.wheelNeedsPassword = false;
environment.variables = {
EDITOR = "nano";
};
programs.git = {
enable = true;
lfs.enable = true;
config = {
init.defaultBranch = "master";
user = {
email = "git@nettika.cat";
name = "Nettika";
};
credential.helper = "store";
};
};
programs.nano = {
enable = true;
nanorc = ''
set autoindent
set linenumbers
'';
};
programs.fish = {
enable = true;
};
environment.systemPackages = with pkgs; [
git-crypt
htop
jq
];
}

30
modules/prompt.nix
View file

@ -1,30 +0,0 @@
{ lib, config, ... }:
{
options.promptEmoji = lib.mkOption {
type = lib.types.str;
};
config.programs.bash.promptInit = ''
PS1="\[\e]0;\u@\h: \w\a\]\n${config.promptEmoji} \[\033[1;$((UID ? 32 : 31))m\]\w \\$\[\033[0m\] "
'';
config.programs.fish = {
promptInit = ''
function fish_prompt
echo -n '${config.promptEmoji} '
set_color brgreen
echo -n (prompt_pwd)
set_color normal
echo -n ' > '
end
function fish_right_prompt
set_color bryellow
echo -n (git branch --show-current 2>/dev/null)
end
'';
shellInit = ''
set -g fish_greeting
set -g fish_prompt_pwd_full_dirs 999
'';
};
}

15
modules/server.nix
View file

@ -1,15 +0,0 @@
{ ... }:
{
networking.networkmanager.enable = true;
users.users.nettika.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHopty1QG8P+OfGxQ9CV0BI1IRB/q6yITzMZaZ6Zspid nettika@marauder"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8s5w9uAFMguVbbAamI7pKysgeLTwULXAVn5F0UDVl2 nettika@pixeltablet"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+bu4+sKKZoofLukaOE0w5gY0O1NURVjwiloj6tNG66 nettika@monolith"
];
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
}

7
modules/zerotier.nix
View file

@ -1,7 +0,0 @@
{ secrets, ... }:
{
services.zerotierone = {
enable = true;
joinNetworks = secrets.zerotier.networks;
};
}

BIN
secrets.json
View file

Binary file not shown.