initial commit

chris/home.nix

@@ -0,0 +1,113 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Home Manager needs a bit of information about you and the
+  # paths it should manage.
+  home.username = "chris";
+  home.homeDirectory = "/home/chris";
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "21.11"; # Did you read the comment?
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+
+  programs.git = {
+    enable = true;
+    userName = "Chris Cochrun";
+    userEmail = "chris@cochrun.xyz";
+  };
+
+  home.packages = with pkgs; [
+  ];
+
+  home.file.".config/fish/config.fish" = {
+    source = ../fish/config.fish;
+  };
+
+  home.file.".config/fish/functions" = {
+    source = ../fish/functions;
+  };
+
+  programs.nushell = {
+    enable = true;
+  };
+
+  home.file.".config/macchina" = {
+    source = ../macchina;
+    recursive = true;
+  };
+
+  home.file."bin" = {
+    source = ../scripts;
+    recursive = true;
+  };
+
+  home.shellAliases = {
+    ls = "exa -l";
+    la = "exa -la";
+    mkdir = "mkdir -pv";
+    nupd = "update-nix";
+    nupg = "upgrade-nix";
+    suspend = "systemctl suspend";
+    sysuse = "systemctl --user";
+    myip = "curl icanhazip.com";
+    nixs = "nix search nixpkgs";
+    ytd = "yt-dlp -o ~/Videos/%(title)s.%(ext)s";
+  };
+
+  programs.starship = {
+    enable = true;
+    enableBashIntegration = true;
+  };
+
+  programs.bash = {
+    enable = true;
+    bashrcExtra = ''
+    # export ENV_EFI_CODE_SECURE=/run/libvirt/nix-ovmf/OVMF_CODE.fd ENV_EFI_VARS_SECURE=/run/libvirt/nix-ovmf/OVMF_VARS.fd
+    source $(blesh-share)/ble.sh
+    ble-face auto_complete="fg=238"
+    # eval "$(starship init bash)"
+    export LESS_TERMCAP_mb=$'\e[1;32m'
+    export LESS_TERMCAP_md=$'\e[1;32m'
+    export LESS_TERMCAP_me=$'\e[0m'
+    export LESS_TERMCAP_se=$'\e[0m'
+    export LESS_TERMCAP_so=$'\e[01;33m'
+    export LESS_TERMCAP_ue=$'\e[0m'
+    export LESS_TERMCAP_us=$'\e[1;4;31m'
+    '';
+  };
+
+  programs.zsh = {
+    enable = true;
+    enableAutosuggestions = true;
+    enableCompletion = true;
+    enableSyntaxHighlighting = true;
+    autocd = true;
+    dotDir = ".config/zsh";
+    shellAliases = {
+      ls = "exa -l";
+      la = "exa -la";
+      mpf = "mpv --profile=fast";
+      mps = "mpv --profile=slow";
+      ec = "emacsclient -t";
+      ecc = "emacsclient -c";
+      mkdir = "mkdir -pv";
+      nupd = "update-nix";
+      nupg = "upgrade-nix";
+      suspend = "systemctl suspend";
+      sysuse = "systemctl --user";
+      myip = "curl icanhazip.com";
+    };
+    initExtra = ''
+      macchina
+    '';
+  };
+}

flake.nix

@@ -0,0 +1,45 @@
+{
+  description = "The Flake";
+
+  inputs = {
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
+    home-manager = {
+      url = "github:nix-community/home-manager/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-bitcoin = {
+      url = "github:fort-nix/nix-bitcoin/release";
+    };
+  };
+
+  outputs = { nixpkgs, nixpkgs-unstable, home-manager, nix-bitcoin, ... }:
+    let
+      system = "x86_64-linux";
+      username = "chris";
+      pkgsForSystem = import nixpkgs {
+        inherit system;
+        config = { allowUnfree = true; };
+      };
+
+      lib = nixpkgs.lib;
+      # unstable = nixpkgs;
+
+    in  {
+      nixosConfigurations = {
+        shen = lib.nixosSystem {
+          inherit system;
+          pkgs = pkgsForSystem;
+          modules = [
+            ./system/configuration.nix
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
+              home-manager.users.chris = import ./chris/home.nix;
+            }
+          ];
+        };
+      };
+    };
+}

scripts/update-nix

@@ -0,0 +1,6 @@
+#!/bin/sh
+currentdir=$(pwd)
+cd ~/conf
+nix flake update
+nix flake lock
+cd $currentdir

scripts/upgrade-nix

@@ -0,0 +1,5 @@
+#!/bin/sh
+currentdir=$(pwd)
+cd ~/conf
+nixos-rebuild --use-remote-sudo switch  --verbose --impure --flake .#
+cd $currentdir

system/configuration.nix

@@ -0,0 +1,379 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  nix = {
+   extraOptions = "experimental-features = nix-command flakes";
+   package = pkgs.nixFlakes; 
+  };
+
+  nixpkgs.config.allowUnFree = true;
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "shen"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "America/Chicago";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # Enable CUPS to print documents.
+  services.printing = {
+    enable = true;
+    drivers = [pkgs.gutenprint];
+    browsing = true;
+    listenAddresses = [ "*:631" ]; # Not 100% sure this is needed and you might want to restrict to the local network
+    allowFrom = [ "all" ]; # this gives access to anyone on the interface you might want to limit it see the official documentation
+    defaultShared = true; # If you want
+    extraConf = ''
+    DefaultEncryption Never
+    '';
+  };
+
+  services.avahi = {
+    enable = true;
+    publish.enable = true;
+    publish.userServices = true;
+  };
+
+  hardware.opengl = {
+   enable = true;
+   extraPackages = with pkgs; [
+    intel-media-driver
+    vaapiIntel
+    vaapiVdpau
+    libvdpau-va-gl    
+    rocm-opencl-icd
+    rocm-opencl-runtime
+    amdvlk
+   ];
+   driSupport = lib.mkDefault true;
+   driSupport32Bit = lib.mkDefault true;
+   #extraPackages32 = with pkgs; [
+   #  driversi686linux.amdvlk
+   #];
+  };
+
+  environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV";
+
+  programs.fish.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.chris = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim  
+    wget
+    yt-dlp
+    bat
+    ripgrep
+    ffmpeg-full
+    rsync
+    dutree
+    tmux
+    git
+    samba
+    exa
+    jq
+    fd
+    bc
+    sysstat
+    procs
+    btop
+    htop
+    #nvtop
+    glxinfo
+    vulkan-tools
+    pciutils
+    # blesh
+  ];
+
+  virtualisation.docker.enable = true;
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.fstrim.enable = true;
+
+  # CADDY
+  services.caddy = {
+    enable = true;
+    extraConfig = ''
+    (matrix-well-known-header) {                                     
+        # Headers                                                    
+        header Access-Control-Allow-Origin "*"                       
+        header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"                                                     
+        header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+        header Content-Type "application/json"
+    }
+    '';
+    virtualHosts = {
+      "bitwarden.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:9898
+        encode gzip
+      '';
+    };
+    virtualHosts = {
+      "staff.tfcconnection.org".extraConfig = ''
+	    encode gzip
+	    reverse_proxy localhost:8080
+	
+      redir /.well-known/carddav /remote.php/carddav 301
+      redir /.well-known/caldav /remote.php/caldav 301
+      header {
+              Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;"
+              Access-Control-Allow-Origin *
+              Referrer-Policy no-referrer-when-downgrade
+      }
+      redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301
+      '';
+    };
+    virtualHosts = {
+      "office.tfcconnection.org".extraConfig = ''
+        encode gzip
+        @collabora {
+          path /hosting/discovery # WOPI discovery URL
+          path /hosting/capabilities # Show capabilities as json
+          path /cool/* # Main websocket, uploads/downloads, presentations
+          path /cool/adminws # Main websocket, uploads/downloads, presentations
+          path /browser # Main websocket, uploads/downloads, presentations
+        }
+        reverse_proxy https://127.0.0.1:9980 {
+          transport http {
+            tls_insecure_skip_verify
+          }
+        }
+      '';
+    };
+    virtualHosts = {
+      "table.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:8181
+      '';
+    };
+    virtualHosts = {
+      "app.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:8686
+      '';
+    };
+    virtualHosts = {
+      "test.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:8880
+      '';
+    };
+    virtualHosts = {
+      "n8n.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:5678
+        header {
+              Access-Control-Allow-Origin *
+        }
+      '';
+    };
+    virtualHosts = {
+      "videosdani.tfcconnection.org".extraConfig = ''
+
+        @live {
+          protocol rtmps
+        }
+
+        reverse_proxy 172.16.1.7:9000
+        reverse_proxy @live 172.16.1.7:1935
+      '';
+    };
+    virtualHosts = {
+      "streamdani.tfcconnection.org".extraConfig = ''
+        reverse_proxy 172.16.1.7:1935
+      '';
+    };
+    virtualHosts = {
+      "tbl.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:9180
+      '';
+    };
+    virtualHosts = {
+      "ytdl.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:8686
+      '';
+    };
+    virtualHosts = {
+      "mail.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:8443
+      '';
+    };
+    virtualHosts = {
+      "data.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:8055
+      '';
+    };
+    virtualHosts = {
+      "photos.tfcconnection.org".extraConfig = ''
+        reverse_proxy localhost:2342
+      '';
+    };
+    virtualHosts = {
+      "new.tfcconnection.org".extraConfig = ''
+        encode gzip
+        root * /srv/tfcconnection
+	      file_server        
+        header {
+              Access-Control-Allow-Origin *
+        }
+      '';
+    };
+    virtualHosts = {
+      "tfcconnection.org".extraConfig = ''
+        encode gzip
+        root * /srv/tfcconnection
+	      file_server        
+        header {
+              Access-Control-Allow-Origin *
+        }
+        handle /.well-known/matrix/server {
+              import matrix-well-known-header
+              respond `{"m.server":"matrix.tfcconnection.org"}`
+        }
+
+        handle /.well-known/matrix/client {
+              import matrix-well-known-header
+              respond `{"m.homeserver":{"base_url":"https://matrix.tfcconnection.org"},"m.identity_server":{"base_url":"https://identity.matrix.org"},"im.vector.riot.jitsi": {
+              "preferredDomain": "jitsi.tfcconnection.org"
+        }}`
+        }
+      '';
+    };
+    virtualHosts = {
+      "www.tfcconnection.org".extraConfig = ''
+        encode gzip
+        root * /srv/tfcconnection
+	      file_server        
+        header {
+              Access-Control-Allow-Origin *
+        }
+      '';
+    };
+    virtualHosts = {
+      "plausible.tfcconnection.org".extraConfig = ''
+        encode gzip
+        reverse_proxy 127.0.0.1:8000
+      '';
+    };
+    virtualHosts = {
+      "sd.tfcconnection.org".extraConfig = ''
+        encode gzip
+        reverse_proxy 172.16.1.7:7860
+        header {
+              Access-Control-Allow-Origin *
+        }
+      '';
+    };
+  };
+
+  systemd.services = {
+    nextcloud-cron = {
+      enable = true;
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php";
+      };
+    };
+    nextcloud-push = {
+      enable = true;
+      serviceConfig = {
+	Environment = "PORT=7867";
+        ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php";
+      };
+    };
+    nextcloud-previews = {
+      enable = true;
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate";
+      };
+    };
+  };
+
+  systemd.timers = {
+    nextcloud-cron = {
+      enable = true;
+      partOf = ["nextcloud-cron.service"];
+      timerConfig = {
+        OnStartupSec = "2min";
+        OnUnitActiveSec = "5min";
+        Unit = "nextcloud-cron.service";
+      };
+      wantedBy = [ "timers.target" ];
+    };
+    nextcloud-previews = {
+      enable = true;
+      partOf = ["nextcloud-previews.service"];
+      timerConfig = {
+        OnCalendar = "*-*-* 00:00:30";
+        Unit = "nextcloud-previews.service";
+      };
+      wantedBy = [ "timers.target" ];
+    };
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    dates = "01:00";
+    allowReboot = false;
+  };
+
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+
+}
+

system/hardware-configuration.nix

@@ -0,0 +1,45 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelModules = [ "kvm-intel" "radeon.si_support=0" "amdgpu.si_support=1" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/33a4619f-a37c-4ab8-a6ea-fdf612b45657";
+      fsType = "btrfs";
+      options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ];
+    };
+
+  fileSystems."/storage" =
+    { device = "/dev/disk/by-label/STORAGE";
+      fsType = "btrfs";
+      options = [ "subvol=@" "noatime" "nodiratime" "compress=zstd" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/515E-CB13";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/764d7116-eba7-4404-b175-be756a7e53f6"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}