diff --git a/common/constants.nix b/common/constants.nix index 4dde043..cb500ff 100644 --- a/common/constants.nix +++ b/common/constants.nix @@ -40,6 +40,7 @@ with lib; { prowlarr = 30784; radarr = 37196; sonarr = 32438; + tailscale = 62662; vault = 25487; }; description = '' @@ -97,11 +98,37 @@ with lib; { The username across all devices. ''; }; + zfsPoolOptions = mkOption { + type = types.attrsOf types.str; + default = { + ashift = "12"; + autotrim = "on"; + listsnapshots = "on"; + }; + description = '' + The default options for ZFS pools. + ''; + }; + zfsRootFsOptions = mkOption { + type = types.attrsOf types.str; + default = { + acltype = "posix"; + atime = "off"; + compression = "zstd"; + dnodesize = "auto"; + mountpoint = "none"; + normalization = "formD"; + xattr = "sa"; + }; + description = '' + The default root filesystem options for ZFS pools. + ''; + }; wildcard = mkOption { type = types.str; default = "0.0.0.0"; description = '' - The localhost address. + The wildcard address for binding to all interfaces. ''; }; }; diff --git a/common/default.nix b/common/default.nix index a19972f..89a8f9e 100644 --- a/common/default.nix +++ b/common/default.nix @@ -3,9 +3,10 @@ home-manager.nixosModules.default sops-nix.nixosModules.default ./constants.nix + ./network.nix + ./nix.nix ./secrets.nix ./users.nix - ./nix.nix ]; home-manager.sharedModules = [inputs.plasma-manager.homeModules.plasma-manager]; diff --git a/common/network.nix b/common/network.nix new file mode 100644 index 0000000..0248414 --- /dev/null +++ b/common/network.nix @@ -0,0 +1,8 @@ +{config, ...}: { + networking.nftables.enable = true; + + services.tailscale = { + enable = true; + port = config.constants.port.tailscale; + }; +} diff --git a/common/nix.nix b/common/nix.nix index fe604b2..ae93df7 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -1,4 +1,6 @@ {config, ...}: { + boot.tmp.cleanOnBoot = true; + nix = { gc = { automatic = true; diff --git a/common/users.nix b/common/users.nix index 1442f21..21f938a 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,5 +1,6 @@ { config, + lib, pkgs, ... }: @@ -239,7 +240,7 @@ in { }; }; resolved.enable = true; - syncthing = { + syncthing = lib.mkIf config.services.syncthing.enable { configDir = "${homeDir}/.config/syncthing"; dataDir = "${homeDir}/.local/share/syncthing"; openDefaultPorts = true; diff --git a/flake.lock b/flake.lock index 763ca4a..492479c 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ "candy-icons": { "flake": false, "locked": { - "lastModified": 1769644786, - "narHash": "sha256-XyFhC4I7Y1ppTfLs7em+hXmXx6jQ09rJxcf66EwoK7g=", + "lastModified": 1771031264, + "narHash": "sha256-SzZMCNNTIctzFqx2qHwE4y4lioctpum39AyRrylurZA=", "ref": "refs/heads/master", - "rev": "ade95a235a50e5ea653a02fd3773c214ac43d425", - "revCount": 1361, + "rev": "b0a85a7414504191342b0c6d073c6f9233cb923a", + "revCount": 1363, "type": "git", "url": "https://github.com/EliverLara/candy-icons" }, @@ -102,24 +102,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -292,7 +274,7 @@ "nix-custom": { "inputs": { "candy-icons": "candy-icons", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], @@ -304,11 +286,11 @@ "yorha-sound-theme": "yorha-sound-theme" }, "locked": { - "lastModified": 1770172667, - "narHash": "sha256-eLYjm0L/eG5pvBrcRtf3Q2LQMsJyZcITubf9qywzAPQ=", + "lastModified": 1771303763, + "narHash": "sha256-zx1XQR1IfcPSS1869Q4m9XlkZdACypLDEIgXnRYuUrI=", "ref": "refs/heads/main", - "rev": "e355f045a9b6b53b6f58cd4521a762e1147cdca2", - "revCount": 50, + "rev": "7e351308706847a018407e5871c6cb869eb80399", + "revCount": 51, "type": "git", "url": "https://forgejo.invariantspace.com/macronova/nix-custom" }, @@ -401,7 +383,6 @@ "root": { "inputs": { "disko": "disko", - "flake-utils": "flake-utils", "hardware": "hardware", "home-manager": "home-manager", "jovian": "jovian", @@ -436,11 +417,11 @@ "sweet-ambar-blue": { "flake": false, "locked": { - "lastModified": 1769979298, - "narHash": "sha256-FJwCsmp5XM4nYwwttHHlKhl5RVeoWfuY69fuh/+iMNE=", + "lastModified": 1770763753, + "narHash": "sha256-X3w4vciP0JubTezbslLLi7gBuk7Bx4V6qklFbedKcqU=", "ref": "Ambar-Blue", - "rev": "a045584aee6e0bec19579ef304e482fee9093296", - "revCount": 356, + "rev": "0c3d02ce438606719db854697aaea87f13a0272a", + "revCount": 357, "type": "git", "url": "https://github.com/EliverLara/Sweet" }, @@ -453,11 +434,11 @@ "sweet-ambar-blue-dark": { "flake": false, "locked": { - "lastModified": 1769979020, - "narHash": "sha256-WGe6zkffqcZRkWStGUE1ozegLWaZsmAj0m+TF2Ypxqk=", + "lastModified": 1770763766, + "narHash": "sha256-oYi00RU1bWl/7pEANdZTASTCazsC+a+ItogrNsHy1JQ=", "ref": "Ambar-Blue-Dark", - "rev": "d004b00508ae963f1e42269a5f86120c27b22fe3", - "revCount": 439, + "rev": "3fe9cba71b5dbdfc442e2daa97f80115f530603b", + "revCount": 440, "type": "git", "url": "https://github.com/EliverLara/Sweet" }, @@ -515,21 +496,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "yorha-grub-theme": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index d483782..16a9813 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,6 @@ inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/disko"; }; - flake-utils.url = "github:numtide/flake-utils"; hardware.url = "github:nixos/nixos-hardware"; home-manager = { inputs.nixpkgs.follows = "nixpkgs"; @@ -41,7 +40,6 @@ outputs = inputs @ { self, - flake-utils, nixpkgs, nix-custom, pre-commit-hooks, @@ -49,6 +47,7 @@ }: let linuxCfgDir = ./linux; templateDir = ./template; + eachSystem = nixpkgs.lib.genAttrs ["x86_64-linux"]; in { nixosConfigurations = @@ -59,6 +58,7 @@ # Import config from folder (linuxCfgDir + "/${instance}") # Common setups + ./common ({pkgs, ...}: { networking.hostName = instance; nixpkgs.overlays = [nix-custom.overlays.default]; @@ -75,21 +75,22 @@ }) (builtins.readDir templateDir); } - // ( - flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; - in { - checks.pre-commit-check = pre-commit-hooks.lib.${system}.run { + // { + checks = eachSystem (system: { + pre-commit-check = pre-commit-hooks.lib.${system}.run { src = ./.; hooks.alejandra.enable = true; }; - devShells.default = let + }); + devShells = eachSystem (system: { + default = let + pkgs = nixpkgs.legacyPackages.${system}; pre-commit = self.checks.${system}.pre-commit-check; in pkgs.mkShell { inherit (pre-commit) shellHook; buildInputs = pre-commit.enabledPackages; }; - }) - ); + }); + }; } diff --git a/linux/nebula/configuration.nix b/linux/nebula/configuration.nix index b31f09c..542c43b 100644 --- a/linux/nebula/configuration.nix +++ b/linux/nebula/configuration.nix @@ -3,12 +3,9 @@ # and in the NixOS manual (accessible by running `nixos-help`). {...}: { # Configure boot loader - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - tmp.cleanOnBoot = true; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; }; # This value determines the NixOS release from which the default diff --git a/linux/nebula/default.nix b/linux/nebula/default.nix index a6c63aa..c42d0cb 100644 --- a/linux/nebula/default.nix +++ b/linux/nebula/default.nix @@ -1,9 +1,9 @@ +# Home media server — hosts Jellyfin, Forgejo, Matrix Conduit, and media management services {inputs, ...}: { imports = with inputs; [ disko.nixosModules.default hardware.nixosModules.common-cpu-amd hardware.nixosModules.common-cpu-amd-pstate - ../../common ./conduit.nix ./configuration.nix ./disko.nix @@ -12,7 +12,6 @@ ./jellyfin.nix ./network.nix ./syncthing.nix - ./tailscale.nix ./zfs.nix ]; } diff --git a/linux/nebula/disko.nix b/linux/nebula/disko.nix index 1dcc0f5..2744d0b 100644 --- a/linux/nebula/disko.nix +++ b/linux/nebula/disko.nix @@ -1,4 +1,4 @@ -{...}: { +{config, ...}: { disko.devices = { # Partition the physical disk disk.storage = { @@ -29,20 +29,8 @@ # Construct the primary zfs pool for this system. zpool.zroot = { type = "zpool"; - options = { - ashift = "12"; - autotrim = "on"; - listsnapshots = "on"; - }; - rootFsOptions = { - acltype = "posix"; - atime = "off"; - compression = "zstd"; - dnodesize = "auto"; - mountpoint = "none"; - normalization = "formD"; - xattr = "sa"; - }; + options = config.constants.zfsPoolOptions; + rootFsOptions = config.constants.zfsRootFsOptions; datasets = { # Encrypt main dataset main = { diff --git a/linux/nebula/network.nix b/linux/nebula/network.nix index d25857c..dd53cb9 100644 --- a/linux/nebula/network.nix +++ b/linux/nebula/network.nix @@ -6,8 +6,11 @@ enable = true; wifi.backend = "iwd"; }; - nftables.enable = true; wireless.iwd.enable = true; }; - services.openssh.enable = true; + + services = { + openssh.enable = true; + tailscale.useRoutingFeatures = "both"; + }; } diff --git a/linux/nebula/tailscale.nix b/linux/nebula/tailscale.nix deleted file mode 100644 index 4175495..0000000 --- a/linux/nebula/tailscale.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - services.tailscale = { - enable = true; - port = 25555; - useRoutingFeatures = "both"; - }; -} diff --git a/linux/nebula/zfs.nix b/linux/nebula/zfs.nix index 279eeb2..5a32691 100644 --- a/linux/nebula/zfs.nix +++ b/linux/nebula/zfs.nix @@ -1,6 +1,4 @@ {...}: { - boot.loader.grub.zfsSupport = true; - services.zfs = { autoScrub.enable = true; trim.enable = true; diff --git a/linux/protostar/configuration.nix b/linux/protostar/configuration.nix index 5a7ae3b..fd7d6d6 100644 --- a/linux/protostar/configuration.nix +++ b/linux/protostar/configuration.nix @@ -3,13 +3,9 @@ # and in the NixOS manual (accessible by running `nixos-help`). {...}: { # Configuration boot - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - - tmp.cleanOnBoot = true; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; }; # Change secrets file diff --git a/linux/protostar/default.nix b/linux/protostar/default.nix index fc223c1..1c3297d 100644 --- a/linux/protostar/default.nix +++ b/linux/protostar/default.nix @@ -1,14 +1,13 @@ +# Game console — Steam Deck running Jovian-NixOS with Steam and KDE Plasma {inputs, ...}: { imports = with inputs; [ disko.nixosModules.default jovian.nixosModules.default - ../../common ./configuration.nix ./disko.nix ./gui.nix ./hardware-configuration.nix ./network.nix ./syncthing.nix - ./tailscale.nix ]; } diff --git a/linux/protostar/network.nix b/linux/protostar/network.nix index bc090d1..ad43f2c 100644 --- a/linux/protostar/network.nix +++ b/linux/protostar/network.nix @@ -6,7 +6,7 @@ enable = true; wifi.backend = "iwd"; }; - nftables.enable = true; }; + services.openssh.enable = true; } diff --git a/linux/protostar/tailscale.nix b/linux/protostar/tailscale.nix deleted file mode 100644 index e849749..0000000 --- a/linux/protostar/tailscale.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - services.tailscale = { - enable = true; - port = 25172; - useRoutingFeatures = "client"; - }; -} diff --git a/linux/quasar/configuration.nix b/linux/quasar/configuration.nix index de4b373..f741eb9 100644 --- a/linux/quasar/configuration.nix +++ b/linux/quasar/configuration.nix @@ -23,7 +23,6 @@ theme = "target_2"; themePackages = [pkgs.adi1090x-plymouth-themes]; }; - tmp.cleanOnBoot = true; }; # This option defines the first version of NixOS you have installed on this particular machine, diff --git a/linux/quasar/default.nix b/linux/quasar/default.nix index 0c7a1ca..e52fdd0 100644 --- a/linux/quasar/default.nix +++ b/linux/quasar/default.nix @@ -1,8 +1,8 @@ +# Home personal computer — primary desktop workstation with KDE Plasma, gaming, and development {inputs, ...}: { imports = [ inputs.disko.nixosModules.default - ../../common ./configuration.nix ./device.nix ./disko.nix @@ -10,7 +10,6 @@ ./hardware-configuration.nix ./network.nix ./syncthing.nix - ./tailscale.nix ./zfs.nix ] ++ (with inputs.hardware.nixosModules; [ diff --git a/linux/quasar/disko.nix b/linux/quasar/disko.nix index 7b11a49..32a295b 100644 --- a/linux/quasar/disko.nix +++ b/linux/quasar/disko.nix @@ -1,4 +1,4 @@ -{...}: { +{config, ...}: { disko.devices = { # Partition the physical disk disk = { @@ -46,24 +46,12 @@ # Declare zfs pools for this system. zpool = let - options = { - ashift = "12"; - autotrim = "on"; - listsnapshots = "on"; - }; - rootFsOptions = { - acltype = "posix"; - atime = "off"; - compression = "zstd"; - dnodesize = "auto"; - mountpoint = "none"; - normalization = "formD"; - xattr = "sa"; - }; + inherit (config.constants) zfsPoolOptions zfsRootFsOptions; in { zactive = { type = "zpool"; - inherit options rootFsOptions; + options = zfsPoolOptions; + rootFsOptions = zfsRootFsOptions; datasets = { # Encrypt main dataset main = { @@ -98,7 +86,8 @@ zarchive = { type = "zpool"; - inherit options rootFsOptions; + options = zfsPoolOptions; + rootFsOptions = zfsRootFsOptions; datasets = { snapshot.type = "zfs_fs"; # Reserve space for performance diff --git a/linux/quasar/gui.nix b/linux/quasar/gui.nix index 02daf8a..7fbac75 100644 --- a/linux/quasar/gui.nix +++ b/linux/quasar/gui.nix @@ -53,43 +53,7 @@ in { ]; }; obs-studio.enable = true; - zathura = { - enable = true; - options = { - completion-bg = "#504945"; - completion-fg = "#ebdbb2"; - completion-group-bg = "#3c3836"; - completion-group-fg = "#928374"; - completion-highlight-bg = "#83a598"; - completion-highlight-fg = "#504945"; - default-bg = "#1d2021"; - default-fg = "#ebdbb2"; - highlight-active-color = "#fe8019"; - highlight-color = "#fabd2f"; - index-active-bg = "#83a598"; - index-active-fg = "#504945"; - index-bg = "#504945"; - index-fg = "#ebdbb2"; - inputbar-bg = "#1d2021"; - inputbar-fg = "#ebdbb2"; - notification-bg = "#1d2021"; - notification-error-bg = "#1d2021"; - notification-error-fg = "#fb4934"; - notification-fg = "#b8bb26"; - notification-warning-bg = "#1d2021"; - notification-warning-fg = "#fabd2f"; - recolor = "true"; - recolor-darkcolor = "#ebdbb2"; - recolor-keephue = "true"; - recolor-lightcolor = "#1d2021"; - render-loading = "true"; - render-loading-bg = "#1d2021"; - render-loading-fg = "#ebdbb2"; - selection-clipboard = "clipboard"; - statusbar-bg = "#504945"; - statusbar-fg = "#ebdbb2"; - }; - }; + zathura.enable = true; }; services = { easyeffects.enable = true; diff --git a/linux/quasar/network.nix b/linux/quasar/network.nix index f1d8a02..9261fe3 100644 --- a/linux/quasar/network.nix +++ b/linux/quasar/network.nix @@ -5,7 +5,6 @@ enable = true; wifi.backend = "iwd"; }; - nftables.enable = true; wireless.iwd.enable = true; }; } diff --git a/linux/quasar/tailscale.nix b/linux/quasar/tailscale.nix deleted file mode 100644 index 399eb4e..0000000 --- a/linux/quasar/tailscale.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - services.tailscale = { - enable = true; - port = 62662; - useRoutingFeatures = "client"; - }; -} diff --git a/linux/singularity/configuration.nix b/linux/singularity/configuration.nix index 37ea500..614be03 100644 --- a/linux/singularity/configuration.nix +++ b/linux/singularity/configuration.nix @@ -1,8 +1,5 @@ {...}: { - boot = { - loader.grub.device = "/dev/sda"; - tmp.cleanOnBoot = true; - }; + boot.loader.grub.device = "/dev/sda"; constants.sopsFile = ../../common/auths.yaml; diff --git a/linux/singularity/default.nix b/linux/singularity/default.nix index 405b2eb..e5a38a6 100644 --- a/linux/singularity/default.nix +++ b/linux/singularity/default.nix @@ -1,7 +1,7 @@ +# Public beacon — cloud VPS providing reverse proxy, mail server, Headscale VPN, and Vaultwarden {inputs, ...}: { imports = with inputs; [ mailserver.nixosModules.default - ../../common ./caddy.nix ./configuration.nix ./hardware-configuration.nix diff --git a/linux/singularity/headscale.nix b/linux/singularity/headscale.nix index 0f819df..94bd36c 100644 --- a/linux/singularity/headscale.nix +++ b/linux/singularity/headscale.nix @@ -1,21 +1,14 @@ {config, ...}: { - services = { - headscale = with config.constants; { - enable = true; - address = localhost; - port = port.headscale; - settings = { - dns = { - base_domain = "tailscale.${domain}"; - override_local_dns = false; - }; - server_url = "https://headscale.${domain}"; + services.headscale = with config.constants; { + enable = true; + address = localhost; + port = port.headscale; + settings = { + dns = { + base_domain = "tailscale.${domain}"; + override_local_dns = false; }; - }; - tailscale = { - enable = true; - port = 27919; - useRoutingFeatures = "both"; + server_url = "https://headscale.${domain}"; }; }; } diff --git a/linux/singularity/network.nix b/linux/singularity/network.nix index 2d023df..0ed9621 100644 --- a/linux/singularity/network.nix +++ b/linux/singularity/network.nix @@ -2,7 +2,6 @@ networking = { firewall.allowedTCPPorts = with config.constants.port; [http https]; hostId = "2cadb253"; - nftables.enable = true; }; services = { @@ -12,6 +11,7 @@ domains = builtins.attrNames config.services.caddy.virtualHosts; }; openssh.enable = true; + tailscale.useRoutingFeatures = "both"; }; sops.secrets.cloudflare = {};