diff --git a/flake.lock b/flake.lock index ec8a1fb9..1e37a0de 100644 --- a/flake.lock +++ b/flake.lock @@ -123,11 +123,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1755169038, - "narHash": "sha256-lIAE8ou7ukvoOE0nZ2lNcl/n8mnj6m2cGsx9U7Xhew4=", + "lastModified": 1755261355, + "narHash": "sha256-RQVhOuwfLSB64CMv8GMfBFZ2PXmIVleZeZskItqgD5o=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "5efc0389eaca14046e1ee2068bcba6fe64cf6e2e", + "rev": "766a57635e5afd201c5d918087e5f9c9f63bfed1", "type": "github" }, "original": { @@ -182,11 +182,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1755153894, - "narHash": "sha256-DEKeIg3MQy5GMFiFRUzcx1hGGBN2ypUPTo0jrMAdmH4=", + "lastModified": 1755240331, + "narHash": "sha256-wEtw76+R/TOHEIjYOnxADC91G6s422HGruAngbjzsDw=", "owner": "nix-community", "repo": "fenix", - "rev": "f6874c6e512bc69d881d979a45379b988b80a338", + "rev": "3f076d4502001c64877099093318b2dbd8b062a1", "type": "github" }, "original": { @@ -463,11 +463,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1755025942, - "narHash": "sha256-eKVn1PYxBsVVd6gs1IIuBQhTZmb5UNBgbC9+qBNT9cw=", + "lastModified": 1755269578, + "narHash": "sha256-KiVR83GhEdKrBQm5JqAOSLbWsH8q4sN+acoLZziZCCM=", "owner": "helix-editor", "repo": "helix", - "rev": "001efa801e28cd19147d9369890133c2d631842a", + "rev": "a4a2b50a50971bc43952f5f75d19a56689793a6a", "type": "github" }, "original": { @@ -483,11 +483,11 @@ ] }, "locked": { - "lastModified": 1755121891, - "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", + "lastModified": 1755229570, + "narHash": "sha256-soZegto0xXzG2zYlu/zjknDHv0Z7tRS5EQs+Z/VRTBg=", "owner": "nix-community", "repo": "home-manager", - "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", + "rev": "11626a4383b458f8dc5ea3237eaa04e8ab1912f3", "type": "github" }, "original": { @@ -676,11 +676,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1755184403, - "narHash": "sha256-VI+ZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8=", + "lastModified": 1755277479, + "narHash": "sha256-LrXtv1RIEds93j+OiSEvYFVX4fcGk2vrEzva19oxvco=", "owner": "hyprwm", "repo": "hyprland", - "rev": "60d769a89908c29e19100059985db15a7b6bab6a", + "rev": "edc473e8b0c14e768445422080af9978d132bff6", "type": "github" }, "original": { @@ -1143,11 +1143,11 @@ ] }, "locked": { - "lastModified": 1755136941, - "narHash": "sha256-tb7d+oBwD6ZBPzAhV/eXQs42YaZuzoNczRSPD3ubuoE=", + "lastModified": 1755223400, + "narHash": "sha256-iUAvYWdu91xO2xBmxXmAMymKvxxs1orbbUDhaubyp24=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "09708adbb33a6dbdb9c270131280284ad9e3be9c", + "rev": "97bf2750a74b02dbfc1131d99862c9ddd842a48d", "type": "github" }, "original": { @@ -1212,11 +1212,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -1276,11 +1276,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -1379,11 +1379,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1755115677, + "lastModified": 1755252692, "narHash": "sha256-98Ad2F5w1xW94KymQiBohNBYpFqMa0K28v9S1SzyTY8=", "owner": "notashelf", "repo": "nvf", - "rev": "c5dc7192496a1fad38134e54f8b4fca8ac51a9fe", + "rev": "b6490efbe0b28b3bca727ecd4846fc8006352822", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 10a4368c..560a4892 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ outputs = inputs: inputs.flake-parts.lib.mkFlake {inherit inputs;} { - systems = ["x86_64-linux"]; + systems = ["x86_64-linux" "aarch64-linux"]; imports = [ ./users diff --git a/hosts/default.nix b/hosts/default.nix index 3a9013b7..0d2b4a68 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -74,6 +74,23 @@ inputs.agenix.nixosModules.default ]; }; + ziggy = nixosSystem { + inherit specialArgs; + modules = [ + ./ziggy + "${self}/nix" + { + home-manager = { + users.cnst.imports = homeImports."cnst@ziggy"; + extraSpecialArgs = specialArgs; + }; + } + self.nixosModules.nixos + self.nixosModules.settings + self.nixosModules.server + inputs.agenix.nixosModules.default + ]; + }; toothpc = nixosSystem { inherit specialArgs; modules = [ diff --git a/hosts/kima/modules.nix b/hosts/kima/modules.nix index 5e1dbdaf..f110c7ac 100644 --- a/hosts/kima/modules.nix +++ b/hosts/kima/modules.nix @@ -28,21 +28,6 @@ }; network = { enable = true; - # extraHosts = '' - # 192.168.88.14 sobotka - # 192.168.88.14 cnst.dev - # 192.168.88.14 lidarr.cnst.dev - # 192.168.88.14 radarr.cnst.dev - # 192.168.88.14 sonarr.cnst.dev - # 192.168.88.14 prowlarr.cnst.dev - # 192.168.88.14 bazarr.cnst.dev - # 192.168.88.14 qbt.cnst.dev - # 192.168.88.14 jellyseerr.cnst.dev - # 192.168.88.14 jellyfin.cnst.dev - # 192.168.88.14 uptime.cnst.dev - # 192.168.88.14 pihole.cnst.dev - # 192.168.88.14 slskd.cnst.dev - # ''; interfaces = { "eno1" = { allowedTCPPorts = [22 80 443]; diff --git a/hosts/ziggy/default.nix b/hosts/ziggy/default.nix new file mode 100644 index 00000000..87399363 --- /dev/null +++ b/hosts/ziggy/default.nix @@ -0,0 +1,69 @@ +{ + lib, + config, + pkgs, + ... +}: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in { + users.users.cnst = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = ifTheyExist [ + "wheel" + "networkmanager" + "audio" + "video" + "git" + "mysql" + "docker" + "libvirtd" + "qemu-libvirtd" + "kvm" + "network" + "gamemode" + "adbusers" + "rtkit" + "users" + "plocate" + "fuse" + "fail2ban" + "vaultwarden" + "qbittorrent" + "lidarr" + "prowlarr" + "bazarr" + "sonarr" + "radarr" + "media" + "share" + ]; + }; + + imports = [ + ./hardware-configuration.nix + ./modules.nix + ./settings.nix + ./server.nix + ]; + + boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device = "/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897"; + + networking = { + hostName = "ziggy"; + }; + + powerManagement.enable = false; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 8 * 1024; + } + ]; + + environment.variables.NH_FLAKE = "/home/cnst/.nix-config"; + + # # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = lib.mkDefault "25.05"; +} diff --git a/hosts/ziggy/hardware-configuration.nix b/hosts/ziggy/hardware-configuration.nix new file mode 100644 index 00000000..be0b25df --- /dev/null +++ b/hosts/ziggy/hardware-configuration.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["amdgpu"]; + boot.kernelModules = []; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/a0a3595f-e61c-475c-8f4e-bfbb05582c20"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-4f289fde-55ed-4b05-a6ee-d396db2a887b".device = "/dev/disk/by-uuid/4f289fde-55ed-4b05-a6ee-d396db2a887b"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E03E-5458"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/704e09db-c7dd-462b-9560-47bbf845905d";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/ziggy/modules.nix b/hosts/ziggy/modules.nix new file mode 100644 index 00000000..a84182f7 --- /dev/null +++ b/hosts/ziggy/modules.nix @@ -0,0 +1,227 @@ +{ + nixos = { + boot = { + kernel = { + variant = "latest"; + hardware = []; + extraKernelParams = []; + }; + loader = { + default = { + enable = true; + }; + lanzaboote = { + enable = false; + }; + }; + }; + hardware = { + bluetooth = { + enable = false; + }; + graphics = { + enable = false; + vendors = []; + }; + logitech = { + enable = false; + }; + network = { + enable = true; + interfaces = { + "enp6s0" = { + allowedTCPPorts = [22 80 443 8090]; + allowedUDPPorts = [58846 6881]; + }; + }; + }; + }; + programs = { + android = { + enable = false; + }; + beekeeper = { + enable = false; + }; + blender = { + enable = false; + hip = { + enable = false; + }; + }; + corectrl = { + enable = false; + }; + fish = { + enable = true; + }; + gamemode = { + enable = false; + optimizeGpu = { + enable = false; + }; + }; + gamescope = { + enable = false; + }; + gimp = { + enable = false; + }; + gnome = { + enable = false; + }; + hyprland = { + enable = false; + }; + inkscape = { + enable = false; + }; + lutris = { + enable = false; + }; + microfetch = { + enable = true; + }; + pkgs = { + enable = true; + desktop = { + enable = false; + }; + common = { + enable = false; + }; + laptop = { + enable = false; + }; + server = { + enable = true; + }; + dev = { + enable = false; + }; + }; + mysql-workbench = { + enable = false; + }; + nh = { + enable = true; + clean = { + enable = true; + extraArgs = "--keep 9 --keep-since 51d"; + }; + }; + npm = { + enable = false; + }; + obsidian = { + enable = false; + }; + steam = { + enable = false; + }; + thunar = { + enable = false; + }; + yubikey = { + enable = false; + }; + zsh = { + enable = false; + }; + }; + services = { + agenix = { + enable = true; + sobotka = { + enable = true; + }; + }; + blueman = { + enable = false; + }; + dbus = { + enable = true; + }; + dconf = { + enable = true; + }; + flatpak = { + enable = false; + }; + fwupd = { + enable = true; + }; + gnome-keyring = { + enable = false; + }; + greetd = { + enable = false; + user = "cnst"; + }; + gvfs = { + enable = false; + }; + kanata = { + enable = false; + }; + locate = { + enable = true; + }; + mullvad = { + enable = false; + }; + nfs = { + enable = false; + server.enable = false; + client.enable = false; + }; + nix-ld = { + enable = false; + }; + openssh = { + enable = true; + }; + pcscd = { + enable = false; + }; + pipewire = { + enable = false; + }; + polkit = { + enable = false; + }; + powerd = { + enable = false; + }; + samba = { + enable = false; + }; + scx = { + enable = false; + scheduler = "scx_lavd"; + flags = "--performance"; + }; + udisks = { + enable = true; + }; + zram = { + enable = true; + }; + }; + system = { + fonts = { + enable = false; + }; + locale = { + enable = true; + defaultLocale = "en_US.UTF-8"; + extraLocale = "sv_SE.UTF-8"; + timeZone = "Europe/Stockholm"; + }; + xdg = { + enable = false; + xdgOpenUsePortal = true; + }; + }; + }; +} diff --git a/hosts/ziggy/server.nix b/hosts/ziggy/server.nix new file mode 100644 index 00000000..cccfec18 --- /dev/null +++ b/hosts/ziggy/server.nix @@ -0,0 +1,65 @@ +{config, ...}: { + server = { + enable = true; + email = "adam@cnst.dev"; + domain = "cnix.dev"; + user = "share"; + group = "share"; + uid = 974; + gid = 973; + + unbound = { + enable = true; + }; + caddy = { + enable = true; + }; + homepage-dashboard = { + enable = false; + }; + bazarr = { + enable = false; + }; + prowlarr = { + enable = false; + }; + lidarr = { + enable = false; + }; + sonarr = { + enable = false; + }; + radarr = { + enable = false; + }; + jellyseerr = { + enable = false; + }; + jellyfin = { + enable = false; + }; + uptime-kuma = { + enable = false; + }; + vaultwarden = { + enable = false; + }; + fail2ban = { + enable = false; + }; + podman = { + enable = true; + qbittorrent = { + enable = false; + port = 8080; + }; + slskd = { + enable = false; + }; + pihole = { + enable = true; + port = 8053; + }; + }; + }; +} diff --git a/hosts/ziggy/settings.nix b/hosts/ziggy/settings.nix new file mode 100644 index 00000000..ea1c6831 --- /dev/null +++ b/hosts/ziggy/settings.nix @@ -0,0 +1,9 @@ +{ + settings = { + accounts = { + username = "cnst"; + mail = "adam@cnst.dev"; + sshUser = "ziggy"; + }; + }; +} diff --git a/users/default.nix b/users/default.nix index 5be9d046..9e436b1b 100644 --- a/users/default.nix +++ b/users/default.nix @@ -22,11 +22,16 @@ ++ [ ./cnst ]; - "cnst@sobotka" = - sharedImports - ++ [ - ./cnst - ]; + # "cnst@sobotka" = + # sharedImports + # ++ [ + # ./cnst + # ]; + # "cnst@ziggy" = + # sharedImports + # ++ [ + # ./cnst + # ]; "toothpick@toothpc" = sharedImports ++ [