nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom

rippp

nekomimi.pet 5744c2b3 cfa997a8

options
unified split
Changed files
+11 -267
common
nvidia.nix
home
regent
home.nix
hosts
focalor
default.nix
hardware.nix
modules
syncthing
default.nix
+1 -1
common/nvidia.nix
··· 31 31 # supported GPUs is at: 32 32 # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 33 33 # Only available from driver 515.43.04+ 34 - open = false; 34 + open = true; 35 35 36 36 # Enable the Nvidia settings menu, 37 37 # accessible via `nvidia-settings`.
-1
home/regent/home.nix
··· 162 162 163 163 "sway/workspaces" = { 164 164 disable-scroll = true; 165 - sort-by-name = true; 166 165 }; 167 166 tray = { 168 167 icon-size = 13;
+8 -6
hosts/focalor/default.nix
··· 29 29 ../../host-secrets.nix 30 30 ]; 31 31 32 - modules.syncthing = { 32 + services.syncthing = { 33 33 enable = true; 34 34 openDefaultPorts = true; 35 - disableDefaultFolder = true; 35 + user = "regent"; 36 + dataDir = "/home/regent"; 37 + configDir = "/home/regent/.config/syncthing"; 36 38 }; 37 39 38 40 # ============================================================================= ··· 102 104 # ============================================================================= 103 105 boot.supportedFilesystems = [ "nfs" ]; 104 106 105 - fileSystems."/mnt/storage" = { 107 + /*fileSystems."/mnt/storage" = { 106 108 device = "valefar:/storage"; 107 109 fsType = "nfs"; 108 - }; 110 + };*/ 109 111 110 112 # ============================================================================= 111 113 # SERVICES ··· 177 179 # code-server 178 180 179 181 # DHCP (disabled in favor of systemd-networkd) 180 - # useDHCP = true; 182 + networking.useDHCP = false; 181 183 # firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 182 - } 184 + }
+2 -2
hosts/focalor/hardware.nix
··· 9 9 ]; 10 10 11 11 boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod" ]; 12 - boot.initrd.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" ]; 12 + # boot.initrd.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" ]; 13 13 boot.kernelModules = [ "kvm-amd" ]; 14 14 boot.kernelParams = [ 15 15 "amd_iommu=on" 16 - "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045,1dbe:5236,1022:149c" 16 + # "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045,1dbe:5236,1022:149c" 17 17 ]; 18 18 boot.extraModulePackages = [ ]; 19 19
-257
modules/syncthing/default.nix
··· 1 - { config, lib, pkgs, ... }: 2 - 3 - with lib; 4 - let 5 - cfg = config.modules.syncthing; 6 - 7 - # Helper function to create a serviceConfig entry if the condition is met 8 - mkServiceConfigOption = name: value: mkIf (value != null) { "${name}" = value; }; 9 - 10 - # Construct the settings object for Syncthing 11 - syncthingSettings = mkMerge [ 12 - # GUI configuration 13 - (mkIf cfg.gui.enable { 14 - gui = mkMerge [ 15 - (mkIf (cfg.gui.user != null) { 16 - user = cfg.gui.user; 17 - }) 18 - ]; 19 - }) 20 - 21 - # Devices configuration 22 - (mkIf (cfg.devices != {}) { 23 - devices = mapAttrs (name: device: { 24 - id = device.id; 25 - } // optionalAttrs (device.name != null) { 26 - name = device.name; 27 - } // optionalAttrs (device.addresses != []) { 28 - addresses = device.addresses; 29 - }) cfg.devices; 30 - }) 31 - 32 - # Folders configuration 33 - (mkIf (cfg.folders != {}) { 34 - folders = mapAttrs (name: folder: { 35 - path = folder.path; 36 - devices = folder.devices; 37 - } // optionalAttrs (folder.ignorePerms != null) { 38 - ignorePerms = folder.ignorePerms; 39 - } // optionalAttrs (folder.type != null) { 40 - type = folder.type; 41 - } // optionalAttrs (folder.rescanIntervalS != null) { 42 - rescanIntervalS = folder.rescanIntervalS; 43 - } // optionalAttrs (folder.versioning != null) { 44 - versioning = folder.versioning; 45 - }) cfg.folders; 46 - }) 47 - 48 - # Extra options 49 - cfg.extraOptions 50 - ]; 51 - in 52 - { 53 - options = { 54 - modules.syncthing = { 55 - enable = mkEnableOption "Deploy syncthing"; 56 - 57 - openDefaultPorts = mkOption { 58 - type = types.bool; 59 - default = true; 60 - description = "Open ports in the firewall for Syncthing"; 61 - }; 62 - 63 - disableDefaultFolder = mkOption { 64 - type = types.bool; 65 - default = true; 66 - description = "Don't create default ~/Sync folder"; 67 - }; 68 - 69 - gui = { 70 - enable = mkEnableOption "Enable GUI configuration"; 71 - 72 - user = mkOption { 73 - type = types.nullOr types.str; 74 - default = null; 75 - description = "GUI username"; 76 - example = "myuser"; 77 - }; 78 - 79 - passwordFile = mkOption { 80 - type = types.nullOr types.path; 81 - default = null; 82 - description = "Path to file containing GUI password"; 83 - example = "config.age.secrets.syncthing-gui-password.path"; 84 - }; 85 - }; 86 - 87 - identity = { 88 - keyPath = mkOption { 89 - type = types.nullOr types.path; 90 - default = null; 91 - description = "Path to Syncthing private key for stable device ID"; 92 - example = "config.age.secrets.syncthing-key.path"; 93 - }; 94 - 95 - certPath = mkOption { 96 - type = types.nullOr types.path; 97 - default = null; 98 - description = "Path to Syncthing certificate for stable device ID"; 99 - example = "config.age.secrets.syncthing-cert.path"; 100 - }; 101 - }; 102 - 103 - devices = mkOption { 104 - type = types.attrsOf (types.submodule { 105 - options = { 106 - id = mkOption { 107 - type = types.str; 108 - description = "Device ID"; 109 - example = "DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2"; 110 - }; 111 - 112 - name = mkOption { 113 - type = types.nullOr types.str; 114 - default = null; 115 - description = "Device name (optional)"; 116 - }; 117 - 118 - addresses = mkOption { 119 - type = types.listOf types.str; 120 - default = []; 121 - description = "Device addresses"; 122 - example = [ "tcp://192.168.1.100:22000" ]; 123 - }; 124 - }; 125 - }); 126 - default = {}; 127 - description = "Syncthing devices configuration"; 128 - example = { 129 - "laptop" = { 130 - id = "DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2"; 131 - }; 132 - "phone" = { 133 - id = "ANOTHER-DEVICE-ID-GOES-HERE"; 134 - addresses = [ "tcp://192.168.1.101:22000" ]; 135 - }; 136 - }; 137 - }; 138 - 139 - folders = mkOption { 140 - type = types.attrsOf (types.submodule { 141 - options = { 142 - path = mkOption { 143 - type = types.str; 144 - description = "Local folder path"; 145 - example = "/home/myuser/Documents"; 146 - }; 147 - 148 - devices = mkOption { 149 - type = types.listOf (types.either types.str (types.submodule { 150 - options = { 151 - name = mkOption { 152 - type = types.str; 153 - description = "Device name"; 154 - }; 155 - 156 - encryptionPasswordFile = mkOption { 157 - type = types.path; 158 - description = "Path to file containing encryption password"; 159 - }; 160 - }; 161 - })); 162 - default = []; 163 - description = "List of devices that can access this folder"; 164 - example = [ "laptop" "phone" ]; 165 - }; 166 - 167 - ignorePerms = mkOption { 168 - type = types.nullOr types.bool; 169 - default = null; 170 - description = "Whether to ignore file permissions"; 171 - }; 172 - 173 - type = mkOption { 174 - type = types.nullOr (types.enum [ "sendreceive" "sendonly" "receiveonly" ]); 175 - default = null; 176 - description = "Folder type"; 177 - }; 178 - 179 - rescanIntervalS = mkOption { 180 - type = types.nullOr types.int; 181 - default = null; 182 - description = "Rescan interval in seconds"; 183 - }; 184 - 185 - versioning = mkOption { 186 - type = types.nullOr (types.submodule { 187 - options = { 188 - type = mkOption { 189 - type = types.enum [ "external" "simple" "staggered" "trashcan" ]; 190 - description = "Versioning type"; 191 - }; 192 - 193 - params = mkOption { 194 - type = types.attrsOf types.str; 195 - default = {}; 196 - description = "Versioning parameters"; 197 - }; 198 - }; 199 - }); 200 - default = null; 201 - description = "Folder versioning configuration"; 202 - }; 203 - }; 204 - }); 205 - default = {}; 206 - description = "Syncthing folders configuration"; 207 - example = { 208 - "Documents" = { 209 - path = "/home/myuser/Documents"; 210 - devices = [ "laptop" "phone" ]; 211 - ignorePerms = false; 212 - }; 213 - "Sensitive" = { 214 - path = "/home/myuser/Sensitive"; 215 - devices = [ 216 - "laptop" 217 - { 218 - name = "phone"; 219 - encryptionPasswordFile = "/run/secrets/syncthing-sensitive-password"; 220 - } 221 - ]; 222 - }; 223 - }; 224 - }; 225 - 226 - extraOptions = mkOption { 227 - type = types.attrsOf types.anything; 228 - default = {}; 229 - description = "Additional Syncthing configuration options"; 230 - }; 231 - }; 232 - }; 233 - 234 - config = mkIf cfg.enable { 235 - services.syncthing = { 236 - enable = true; 237 - openDefaultPorts = cfg.openDefaultPorts; 238 - # Set stable identity if provided 239 - key = mkIf (cfg.identity.keyPath != null) cfg.identity.keyPath; 240 - cert = mkIf (cfg.identity.certPath != null) cfg.identity.certPath; 241 - # Combine all settings 242 - settings = syncthingSettings; 243 - }; 244 - 245 - # Configure systemd service options collectively 246 - systemd.services.syncthing = { 247 - # Add environment variable to disable default folder creation 248 - environment.STNODEFAULTFOLDER = mkIf cfg.disableDefaultFolder "true"; 249 - 250 - # Add supplementary groups for secret access 251 - serviceConfig.SupplementaryGroups = [ "syncthing-secrets" ]; 252 - }; 253 - 254 - # Create a group for accessing secrets 255 - users.groups.syncthing-secrets = {}; 256 - }; 257 - }