From 02f85eaa36a0400e9d64298b59c26b29835c45bd Mon Sep 17 00:00:00 2001 From: Chris Cochrun Date: Fri, 27 Jan 2023 11:20:01 -0600 Subject: [PATCH] initial commit --- chris/home.nix | 113 +++++++++ flake.nix | 45 ++++ scripts/update-nix | 6 + scripts/upgrade-nix | 5 + system/configuration.nix | 379 ++++++++++++++++++++++++++++++ system/hardware-configuration.nix | 45 ++++ 6 files changed, 593 insertions(+) create mode 100644 chris/home.nix create mode 100644 flake.nix create mode 100644 scripts/update-nix create mode 100644 scripts/upgrade-nix create mode 100644 system/configuration.nix create mode 100644 system/hardware-configuration.nix diff --git a/chris/home.nix b/chris/home.nix new file mode 100644 index 0000000..45e883c --- /dev/null +++ b/chris/home.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the + # paths it should manage. + home.username = "chris"; + home.homeDirectory = "/home/chris"; + + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + home.stateVersion = "21.11"; # Did you read the comment? + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + programs.git = { + enable = true; + userName = "Chris Cochrun"; + userEmail = "chris@cochrun.xyz"; + }; + + home.packages = with pkgs; [ + ]; + + home.file.".config/fish/config.fish" = { + source = ../fish/config.fish; + }; + + home.file.".config/fish/functions" = { + source = ../fish/functions; + }; + + programs.nushell = { + enable = true; + }; + + home.file.".config/macchina" = { + source = ../macchina; + recursive = true; + }; + + home.file."bin" = { + source = ../scripts; + recursive = true; + }; + + home.shellAliases = { + ls = "exa -l"; + la = "exa -la"; + mkdir = "mkdir -pv"; + nupd = "update-nix"; + nupg = "upgrade-nix"; + suspend = "systemctl suspend"; + sysuse = "systemctl --user"; + myip = "curl icanhazip.com"; + nixs = "nix search nixpkgs"; + ytd = "yt-dlp -o ~/Videos/%(title)s.%(ext)s"; + }; + + programs.starship = { + enable = true; + enableBashIntegration = true; + }; + + programs.bash = { + enable = true; + bashrcExtra = '' + # export ENV_EFI_CODE_SECURE=/run/libvirt/nix-ovmf/OVMF_CODE.fd ENV_EFI_VARS_SECURE=/run/libvirt/nix-ovmf/OVMF_VARS.fd + source $(blesh-share)/ble.sh + ble-face auto_complete="fg=238" + # eval "$(starship init bash)" + export LESS_TERMCAP_mb=$'\e[1;32m' + export LESS_TERMCAP_md=$'\e[1;32m' + export LESS_TERMCAP_me=$'\e[0m' + export LESS_TERMCAP_se=$'\e[0m' + export LESS_TERMCAP_so=$'\e[01;33m' + export LESS_TERMCAP_ue=$'\e[0m' + export LESS_TERMCAP_us=$'\e[1;4;31m' + ''; + }; + + programs.zsh = { + enable = true; + enableAutosuggestions = true; + enableCompletion = true; + enableSyntaxHighlighting = true; + autocd = true; + dotDir = ".config/zsh"; + shellAliases = { + ls = "exa -l"; + la = "exa -la"; + mpf = "mpv --profile=fast"; + mps = "mpv --profile=slow"; + ec = "emacsclient -t"; + ecc = "emacsclient -c"; + mkdir = "mkdir -pv"; + nupd = "update-nix"; + nupg = "upgrade-nix"; + suspend = "systemctl suspend"; + sysuse = "systemctl --user"; + myip = "curl icanhazip.com"; + }; + initExtra = '' + macchina + ''; + }; +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..07a15e4 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "The Flake"; + + inputs = { + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; + home-manager = { + url = "github:nix-community/home-manager/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nix-bitcoin = { + url = "github:fort-nix/nix-bitcoin/release"; + }; + }; + + outputs = { nixpkgs, nixpkgs-unstable, home-manager, nix-bitcoin, ... }: + let + system = "x86_64-linux"; + username = "chris"; + pkgsForSystem = import nixpkgs { + inherit system; + config = { allowUnfree = true; }; + }; + + lib = nixpkgs.lib; + # unstable = nixpkgs; + + in { + nixosConfigurations = { + shen = lib.nixosSystem { + inherit system; + pkgs = pkgsForSystem; + modules = [ + ./system/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.chris = import ./chris/home.nix; + } + ]; + }; + }; + }; +} diff --git a/scripts/update-nix b/scripts/update-nix new file mode 100644 index 0000000..26908ae --- /dev/null +++ b/scripts/update-nix @@ -0,0 +1,6 @@ +#!/bin/sh +currentdir=$(pwd) +cd ~/conf +nix flake update +nix flake lock +cd $currentdir \ No newline at end of file diff --git a/scripts/upgrade-nix b/scripts/upgrade-nix new file mode 100644 index 0000000..7f1e368 --- /dev/null +++ b/scripts/upgrade-nix @@ -0,0 +1,5 @@ +#!/bin/sh +currentdir=$(pwd) +cd ~/conf +nixos-rebuild --use-remote-sudo switch --verbose --impure --flake .# +cd $currentdir diff --git a/system/configuration.nix b/system/configuration.nix new file mode 100644 index 0000000..5ce0f96 --- /dev/null +++ b/system/configuration.nix @@ -0,0 +1,379 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nix = { + extraOptions = "experimental-features = nix-command flakes"; + package = pkgs.nixFlakes; + }; + + nixpkgs.config.allowUnFree = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "shen"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + drivers = [pkgs.gutenprint]; + browsing = true; + listenAddresses = [ "*:631" ]; # Not 100% sure this is needed and you might want to restrict to the local network + allowFrom = [ "all" ]; # this gives access to anyone on the interface you might want to limit it see the official documentation + defaultShared = true; # If you want + extraConf = '' + DefaultEncryption Never + ''; + }; + + services.avahi = { + enable = true; + publish.enable = true; + publish.userServices = true; + }; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + rocm-opencl-icd + rocm-opencl-runtime + amdvlk + ]; + driSupport = lib.mkDefault true; + driSupport32Bit = lib.mkDefault true; + #extraPackages32 = with pkgs; [ + # driversi686linux.amdvlk + #]; + }; + + environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; + + programs.fish.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.chris = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + wget + yt-dlp + bat + ripgrep + ffmpeg-full + rsync + dutree + tmux + git + samba + exa + jq + fd + bc + sysstat + procs + btop + htop + #nvtop + glxinfo + vulkan-tools + pciutils + # blesh + ]; + + virtualisation.docker.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.fstrim.enable = true; + + # CADDY + services.caddy = { + enable = true; + extraConfig = '' + (matrix-well-known-header) { + # Headers + header Access-Control-Allow-Origin "*" + header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" + header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" + header Content-Type "application/json" + } + ''; + virtualHosts = { + "bitwarden.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:9898 + encode gzip + ''; + }; + virtualHosts = { + "staff.tfcconnection.org".extraConfig = '' + encode gzip + reverse_proxy localhost:8080 + + redir /.well-known/carddav /remote.php/carddav 301 + redir /.well-known/caldav /remote.php/caldav 301 + header { + Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" + Access-Control-Allow-Origin * + Referrer-Policy no-referrer-when-downgrade + } + redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 + ''; + }; + virtualHosts = { + "office.tfcconnection.org".extraConfig = '' + encode gzip + @collabora { + path /hosting/discovery # WOPI discovery URL + path /hosting/capabilities # Show capabilities as json + path /cool/* # Main websocket, uploads/downloads, presentations + path /cool/adminws # Main websocket, uploads/downloads, presentations + path /browser # Main websocket, uploads/downloads, presentations + } + reverse_proxy https://127.0.0.1:9980 { + transport http { + tls_insecure_skip_verify + } + } + ''; + }; + virtualHosts = { + "table.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:8181 + ''; + }; + virtualHosts = { + "app.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:8686 + ''; + }; + virtualHosts = { + "test.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:8880 + ''; + }; + virtualHosts = { + "n8n.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:5678 + header { + Access-Control-Allow-Origin * + } + ''; + }; + virtualHosts = { + "videosdani.tfcconnection.org".extraConfig = '' + + @live { + protocol rtmps + } + + reverse_proxy 172.16.1.7:9000 + reverse_proxy @live 172.16.1.7:1935 + ''; + }; + virtualHosts = { + "streamdani.tfcconnection.org".extraConfig = '' + reverse_proxy 172.16.1.7:1935 + ''; + }; + virtualHosts = { + "tbl.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:9180 + ''; + }; + virtualHosts = { + "ytdl.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:8686 + ''; + }; + virtualHosts = { + "mail.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:8443 + ''; + }; + virtualHosts = { + "data.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:8055 + ''; + }; + virtualHosts = { + "photos.tfcconnection.org".extraConfig = '' + reverse_proxy localhost:2342 + ''; + }; + virtualHosts = { + "new.tfcconnection.org".extraConfig = '' + encode gzip + root * /srv/tfcconnection + file_server + header { + Access-Control-Allow-Origin * + } + ''; + }; + virtualHosts = { + "tfcconnection.org".extraConfig = '' + encode gzip + root * /srv/tfcconnection + file_server + header { + Access-Control-Allow-Origin * + } + handle /.well-known/matrix/server { + import matrix-well-known-header + respond `{"m.server":"matrix.tfcconnection.org"}` + } + + handle /.well-known/matrix/client { + import matrix-well-known-header + respond `{"m.homeserver":{"base_url":"https://matrix.tfcconnection.org"},"m.identity_server":{"base_url":"https://identity.matrix.org"},"im.vector.riot.jitsi": { + "preferredDomain": "jitsi.tfcconnection.org" + }}` + } + ''; + }; + virtualHosts = { + "www.tfcconnection.org".extraConfig = '' + encode gzip + root * /srv/tfcconnection + file_server + header { + Access-Control-Allow-Origin * + } + ''; + }; + virtualHosts = { + "plausible.tfcconnection.org".extraConfig = '' + encode gzip + reverse_proxy 127.0.0.1:8000 + ''; + }; + virtualHosts = { + "sd.tfcconnection.org".extraConfig = '' + encode gzip + reverse_proxy 172.16.1.7:7860 + header { + Access-Control-Allow-Origin * + } + ''; + }; + }; + + systemd.services = { + nextcloud-cron = { + enable = true; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; + }; + }; + nextcloud-push = { + enable = true; + serviceConfig = { + Environment = "PORT=7867"; + ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; + }; + }; + nextcloud-previews = { + enable = true; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; + }; + }; + }; + + systemd.timers = { + nextcloud-cron = { + enable = true; + partOf = ["nextcloud-cron.service"]; + timerConfig = { + OnStartupSec = "2min"; + OnUnitActiveSec = "5min"; + Unit = "nextcloud-cron.service"; + }; + wantedBy = [ "timers.target" ]; + }; + nextcloud-previews = { + enable = true; + partOf = ["nextcloud-previews.service"]; + timerConfig = { + OnCalendar = "*-*-* 00:00:30"; + Unit = "nextcloud-previews.service"; + }; + wantedBy = [ "timers.target" ]; + }; + }; + + system.autoUpgrade = { + enable = true; + dates = "01:00"; + allowReboot = false; + }; + + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? + +} + diff --git a/system/hardware-configuration.nix b/system/hardware-configuration.nix new file mode 100644 index 0000000..3dec09b --- /dev/null +++ b/system/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelModules = [ "kvm-intel" "radeon.si_support=0" "amdgpu.si_support=1" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/33a4619f-a37c-4ab8-a6ea-fdf612b45657"; + fsType = "btrfs"; + options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ]; + }; + + fileSystems."/storage" = + { device = "/dev/disk/by-label/STORAGE"; + fsType = "btrfs"; + options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/515E-CB13"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/764d7116-eba7-4404-b175-be756a7e53f6"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}