unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1769288238

Browse Source
This commit is contained in:
unexplrd
2026-01-24 22:57:18 +02:00
parent fa32ae5510
commit 84020b1572
94 changed files with 1428 additions and 1024 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/dunamis/configuration.nix
+42 -17
View File
@@ -4,12 +4,40 @@
lib,
...
}: {
imports = with inputs.self;
[modules.shared.nixos nixosModules.desktop nixosModules.system]
++ [./disko ./misc];
imports = with inputs; [
nix-bwrapper.nixosModules.default
self.modules.nixosPrograms.libvirt
# self.modules.nixosPrograms.opentabletdriver
self.modules.nixosPrograms.podman
# self.modules.nixosPrograms.qmk-vial
# self.modules.nixosPrograms.steam-bwrapped
self.nixosModules.desktop
self.nixosModules.shared
./disk.nix
./misc
./steam.nix
];
# overlays = [
# nix-bwrapper.overlays.default # provides `mkBwrapper`
# ];
# time.hardwareClockInLocalTime = true;
#
networking.firewall.allowedTCPPortRanges = [
{
from = 30000;
to = 65000;
}
];
desktop.dms.enable = true;
programs.corectrl.enable = true;
# programs.ydotool.enable = true;
# users.users.user.extraGroups = ["ydotool"];
services.displayManager.autoLogin = {
enable = true;
user = "user";
@@ -20,19 +48,16 @@
package = pkgs.mullvad-vpn;
};
module = (
lib.attrsets.recursiveUpdate
(builtins.fromTOML (builtins.readFile ./host.toml))
{
stylix = {
enable = true;
theme = "ashes";
polarity = "dark";
};
misc.opentabletdriver.enable = false;
misc.qmk-vial.enable = true;
virt.libvirt.enable = true;
virt.podman.enable = true;
}
unexplrd = (
lib.mkMerge [
(builtins.fromTOML (builtins.readFile ./host.toml))
{
stylix = {
enable = true;
theme = "tomorrow";
polarity = "dark";
};
}
]
);
}
hosts/dunamis/disk.nix
+45
View File
@@ -0,0 +1,45 @@
{
config,
# inputs,
...
}: let
disk = "/dev/disk/by-uuid/fe586da4-b164-4362-bcdf-9c5dd6c69a2b";
luksName = "luks-${config.networking.hostId}";
in rec {
boot.initrd.luks.devices."${luksName}".device = disk;
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/976C-7EE6";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
"/tmp" = {
device = "none";
fsType = "tmpfs";
options = ["rw" "nosuid" "nodev"];
};
"/" = {
device = "/dev/mapper/${luksName}";
fsType = "btrfs";
options = ["subvol=@nixos-root"];
};
"/nix" = {
inherit (fileSystems."/") device fsType;
options = ["subvol=@nix" "noatime"];
};
"/storage" = {
inherit (fileSystems."/") device fsType;
options = ["subvol=@storage"];
};
"/home" = {
inherit (fileSystems."/") device fsType;
options = ["subvol=@home"];
};
};
}
hosts/dunamis/disko/default.nix
-19
View File
@@ -1,19 +0,0 @@
{
config,
inputs,
...
}: let
inherit (config.networking) hostId;
disk = "/dev/disk/by-id/nvme-eui.000000000000000100a075244b5d6185";
in {
imports = with inputs; [
disko.nixosModules.disko
];
disko.devices.nodev = {
"/tmp" = {
fsType = "tmpfs";
mountOptions = ["rw" "nosuid" "nodev"];
};
};
disko.devices.disk.main = import ./disk-main.nix {inherit disk hostId;};
}
hosts/dunamis/disko/disk-main.nix
-62
View File
@@ -1,62 +0,0 @@
{
disk,
hostId,
}: {
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
ESP = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"fmask=0022"
"dmask=0022"
"noexec"
"nosuid"
"nodev"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "luks-" + hostId;
initrdUnlock = true;
settings.allowDiscards = true;
content = let
mountOptions = ["autodefrag" "compress-force=zstd" "noatime"];
in {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"@nixos-root" = {
mountpoint = "/";
mountOptions = mountOptions ++ ["noexec"];
};
"@home" = {
mountpoint = "/home";
inherit mountOptions;
};
"@storage" = {
mountpoint = "/storage";
inherit mountOptions;
};
"@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};
};
};
}
hosts/dunamis/host.toml
+1 -1
View File
@@ -7,6 +7,6 @@ stateVersion = "24.11"
[config]
locale = "uk_UA.UTF-8"
timeZone = "Europe/Kyiv"
# secureBoot = true
secureBoot = true
tpmDiskUnlock = true
hosts/dunamis/misc/audio-group.nix
+32
View File
@@ -0,0 +1,32 @@
{
security.pam.loginLimits = [
{
domain = "@audio";
item = "memlock";
type = "-";
value = "unlimited";
}
{
domain = "@audio";
item = "rtprio";
type = "-";
value = "99";
}
{
domain = "@audio";
item = "nofile";
type = "soft";
value = "99999";
}
{
domain = "@audio";
item = "nofile";
type = "hard";
value = "99999";
}
];
users = {
groups.audio = {};
users.user.extraGroups = ["audio"];
};
}
hosts/dunamis/misc/default.nix
+46 -2
View File
@@ -1,6 +1,50 @@
{
imports = [
# ./minecraft.nix
# ./nix-ssh-serve.nix
./audio-group.nix
./lact.nix
./monkeytype.nix
./nix-ssh-serve.nix
];
services.monkeytype = {
enable = false;
httpPort = 25001;
backendPort = 25002;
settings.configuration = {
results = {
savingEnabled = true;
};
users = {
signUp = false;
profiles = {
enabled = false;
};
};
dailyLeaderboards = {
enabled = true;
leaderboardExpirationTimeInDays = 15;
validModeRules = [
{
language = "english";
mode = "time";
mode2 = "15";
}
{
language = "english";
mode = "time";
mode2 = "30";
}
{
language = "english";
mode = "time";
mode2 = "60";
}
];
};
leaderboards = {
minTimeTyping = 0;
};
};
};
}
hosts/dunamis/misc/lact.nix
+19
View File
@@ -0,0 +1,19 @@
{
services.lact.enable = true;
# services.lact.settings = {
# version = 5;
# daemon = {
# log_level = "info";
# admin_group = "lact";
# disable_clocks_cleanup = false;
# apply_settings_timer = 5;
# current_profile = null;
# auto_switch_profiles = false;
# };
# }; # read-only config == can't write settings from lact gui
systemd.tmpfiles.rules = ["Z /run/lactd.sock 0660 root lact - -"];
users.groups.lact.members = ["user"];
hardware.amdgpu.overdrive.enable = true;
boot.kernelParams = ["amdgpu.ppfeaturemask=0xffffffff"];
}
hosts/dunamis/misc/monkeytype.nix
+187
View File
@@ -0,0 +1,187 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.services.monkeytype;
in {
options = {
services.monkeytype = {
enable = lib.mkEnableOption "Enable monkeytype";
settings = lib.mkOption {
# type = lib.types.set;
default = {};
};
httpPort = lib.mkOption {
type = lib.types.int;
default = 8080;
};
backendPort = lib.mkOption {
type = lib.types.int;
default = 5005;
};
frontendUrl = lib.mkOption {
type = lib.types.str;
default = "http://localhost";
};
backendUrl = lib.mkOption {
type = lib.types.str;
default = "http://localhost";
};
containerName = lib.mkOption {
type = lib.types.str;
default = "monkeytype";
};
};
};
config = let
backend-conf =
if (cfg.settings != {})
then (pkgs.formats.json {}).generate "${cfg.containerName}-backend-configuration" cfg.settings
else null;
environment = {
MONKEYTYPE_FRONTENDURL =
if (cfg.frontendUrl == "http://localhost")
then "${cfg.frontendUrl}:${toString cfg.httpPort}"
else "${cfg.frontendUrl}";
MONKEYTYPE_BACKENDURL = "${cfg.backendUrl}:${toString cfg.backendPort}";
};
in
lib.mkIf cfg.enable {
virtualisation = {
oci-containers.backend = "podman";
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
};
# Enable container name DNS for all Podman networks.
networking.firewall.interfaces = let
matchAll =
if !config.networking.nftables.enable
then "podman+"
else "podman*";
in {
"${matchAll}".allowedUDPPorts = [53];
};
virtualisation.oci-containers.containers = {
# Containers
"${cfg.containerName}-backend" = {
image = "monkeytype/monkeytype-backend:latest";
environment =
environment
// {
"DB_NAME" = "${cfg.containerName}";
"DB_URI" = "mongodb://${cfg.containerName}-mongodb:27017";
"REDIS_URI" = "redis://${cfg.containerName}-redis:6379";
};
volumes = lib.optionals (backend-conf != null) ["${backend-conf}:/app/backend/dist/backend-configuration.json:ro"];
ports = ["${toString cfg.backendPort}:5005/tcp"];
dependsOn = ["${cfg.containerName}-mongodb" "${cfg.containerName}-redis"];
log-driver = "journald";
extraOptions = [
"--health-cmd=[\"nc\", \"-z\", \"-v\", \"localhost\", \"5005\"]"
"--health-interval=5s"
"--health-retries=15"
"--health-start-period=5s"
"--health-timeout=10s"
"--network-alias=${cfg.containerName}-backend"
"--network=${cfg.containerName}_default"
];
};
"${cfg.containerName}-frontend" = {
image = "monkeytype/monkeytype-frontend:latest";
inherit environment;
ports = ["${toString cfg.httpPort}:80/tcp"];
dependsOn = ["${cfg.containerName}-backend"];
log-driver = "journald";
extraOptions = ["--network-alias=${cfg.containerName}-frontend" "--network=${cfg.containerName}_default"];
};
"${cfg.containerName}-mongodb" = {
image = "mongo:5.0.13";
volumes = ["${cfg.containerName}_mongo_data:/data/db:rw"];
log-driver = "journald";
extraOptions = [
"--health-cmd=echo 'db.stats().ok' | mongo localhost:27017/test --quiet"
"--health-interval=5s"
"--health-retries=15"
"--health-start-period=10s"
"--health-timeout=10s"
"--network-alias=${cfg.containerName}-mongodb"
"--network=${cfg.containerName}_default"
];
};
"${cfg.containerName}-redis" = {
image = "redis:6.2.6";
volumes = ["${cfg.containerName}_redis_data:/data:rw"];
log-driver = "journald";
extraOptions = [
"--health-cmd=[\"redis-cli\", \"--raw\", \"incr\", \"ping\"]"
"--health-interval=5s"
"--health-retries=15"
"--health-start-period=10s"
"--health-timeout=10s"
"--network-alias=${cfg.containerName}-redis"
"--network=${cfg.containerName}_default"
];
};
};
systemd.services = let
path = [pkgs.podman];
serviceConfig.Restart = lib.mkOverride 90 "on-failure";
after = ["podman-network-${cfg.containerName}_default.service"];
requires = ["podman-network-${cfg.containerName}_default.service"];
partOf = ["podman-compose-${cfg.containerName}-root.target"];
wantedBy = ["podman-compose-${cfg.containerName}-root.target"];
in {
"podman-${cfg.containerName}-backend" = {inherit serviceConfig after requires partOf wantedBy;};
"podman-${cfg.containerName}-frontend" = {inherit serviceConfig after requires partOf wantedBy;};
"podman-${cfg.containerName}-mongodb" = {
inherit serviceConfig partOf wantedBy;
after = after ++ ["podman-volume-${cfg.containerName}_mongo_data.service"];
requires = requires ++ ["podman-volume-${cfg.containerName}_mongo_data.service"];
};
"podman-${cfg.containerName}-redis" = {
inherit serviceConfig partOf wantedBy;
after = after ++ ["podman-volume-${cfg.containerName}_redis_data.service"];
requires = requires ++ ["podman-volume-${cfg.containerName}_redis_data.service"];
};
"podman-network-${cfg.containerName}_default" = {
inherit path partOf wantedBy;
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.ExecStop = "podman network rm -f ${cfg.containerName}_default";
script = ''
podman network inspect ${cfg.containerName}_default || podman network create ${cfg.containerName}_default
'';
};
"podman-volume-${cfg.containerName}_mongo_data" = {
inherit path partOf wantedBy;
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
podman volume inspect ${cfg.containerName}_mongo_data || podman volume create ${cfg.containerName}_mongo_data
'';
};
"podman-volume-${cfg.containerName}_redis_data" = {
inherit path partOf wantedBy;
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
podman volume inspect ${cfg.containerName}_redis_data || podman volume create ${cfg.containerName}_redis_data
'';
};
};
systemd.targets."podman-compose-${cfg.containerName}-root" = {
unitConfig.Description = "Root target generated by compose2nix.";
wantedBy = ["multi-user.target"];
};
};
}
hosts/dunamis/misc/nix-ssh-serve.nix
+14
View File
@@ -0,0 +1,14 @@
{config, ...}: let
inherit (builtins) readFile;
inherit (config.users.users) user;
in {
nix = {
sshServe = {
enable = true;
keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles;
protocol = "ssh-ng";
trusted = true;
write = true;
};
};
}
hosts/dunamis/misc/user-uni.nix
+16
View File
@@ -0,0 +1,16 @@
{
config,
pkgs,
...
}: {
users.groups.uni = {};
users.users.uni = {
createHome = true;
home = "/home/uni";
isNormalUser = true;
group = "uni";
extraGroups = ["nix" "users"];
hashedPasswordFile = config.sops.secrets."user-password-hashed".path;
shell = pkgs.fish;
};
}
hosts/dunamis/rebuild-with-x86_64-v3.nix
-9
View File
@@ -1,9 +0,0 @@
let
gcc.arch = "x86-64-v3";
in {
nix.settings.system-features = ["gccarch-${gcc.arch}"];
nixpkgs.hostPlatform = {
system = "x86_64-linux";
inherit gcc;
};
}
hosts/dunamis/steam.nix
+41
View File
@@ -0,0 +1,41 @@
{
pkgs,
perSystem,
...
}: {
programs = {
gamescope.enable = true;
gamescope.capSysNice = true;
gamemode.enable = true;
steam.enable = true;
steam.package = perSystem.mypackages.steam-bwrapped.override {
unfreePkgs = ["steam" "steam-unwrapped"];
addPkgs = let
runtimeInputs = with pkgs; [mangohud gamemode gamescope];
in
runtimeInputs
++ [
(pkgs.writeShellApplication {
name = "mygamescope";
inherit runtimeInputs;
text = ''
export LD_PRELOAD=""
export PROTON_ENABLE_WAYLAND=1
export DXVK_ALLOWFSE=true
export DXVK_HUD=compiler
gamescope -H 1440 -r 170 -f \
--adaptive-sync \
--rt \
--force-grab-cursor \
--mangoapp \
"$@"
'';
})
];
bwrapperOpts.mounts.readWrite = ["/storage/games/steam"];
};
};
}
hosts/dunamis/uni/home-configuration.nix
+1
View File
@@ -0,0 +1 @@
{flake, ...}: {imports = [flake.modules.users.uni];}
hosts/dunamis/users/user/home-configuration.nix
+8 -1
View File
@@ -1 +1,8 @@
{flake, ...}: {imports = [flake.modules.users.user];}
{
flake,
lib,
...
}: {
imports = [flake.modules.users.user];
# programs.niri.settings.input.keyboard.xkb.variant = lib.mkForce "colemak_dh,";
}