Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

nixberry: first steps towards new config

Browse source
This commit is contained in:
Christoph Hollizeck 2025-11-21 14:51:19 +01:00
parent 7139d729e6
commit 0322c74f99
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
6 changed files with 374 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

137
flake.lock generated
View file

@ -33,6 +33,22 @@
"type": "github" "type": "github"
} }
}, },
"argononed": {
"flake": false,
"locked": {
"lastModified": 1729566243,
"narHash": "sha256-DPNI0Dpk5aym3Baf5UbEe5GENDrSmmXVdriRSWE+rgk=",
"owner": "nvmd",
"repo": "argononed",
"rev": "16dbee54d49b66d5654d228d1061246b440ef7cf",
"type": "github"
},
"original": {
"owner": "nvmd",
"repo": "argononed",
"type": "github"
}
},
"blobs": { "blobs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -123,27 +139,6 @@
"type": "github" "type": "github"
} }
}, },
"fenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1763707297,
"narHash": "sha256-Bd9VGavwFBLpyU4pjiWfv73gUibNj8dc3xmOW8ff3bI=",
"owner": "nix-community",
"repo": "fenix",
"rev": "7c2d3a165a4a080fdcb6c191d8f9768281c99f75",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1245,6 +1240,53 @@
"type": "github" "type": "github"
} }
}, },
"nixos-images": {
"inputs": {
"nixos-stable": [
"nixos-raspberrypi",
"nixpkgs"
],
"nixos-unstable": [
"nixos-raspberrypi",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747747741,
"narHash": "sha256-LUOH27unNWbGTvZFitHonraNx0JF/55h30r9WxqrznM=",
"owner": "nvmd",
"repo": "nixos-images",
"rev": "cbbd6db325775096680b65e2a32fb6187c09bbb4",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "sdimage-installer",
"repo": "nixos-images",
"type": "github"
}
},
"nixos-raspberrypi": {
"inputs": {
"argononed": "argononed",
"nixos-images": "nixos-images",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1758967172,
"narHash": "sha256-zRASAVS7tX7gPdvCUbi2m7KGX0jNuMlaOFqbkUZhu9k=",
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"rev": "09c214a30e5a27e0fa92a9975b91c82ba05d1f17",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "main",
"repo": "nixos-raspberrypi",
"type": "github"
}
},
"nixos-wsl": { "nixos-wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
@ -1393,6 +1435,22 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1758583444,
"narHash": "sha256-OnYthHIsVIMrZDWtCEp6Zde8ZtMcEBnpyCIdtTKU7bo=",
"owner": "nvmd",
"repo": "nixpkgs",
"rev": "d8551a2038e21091fce8157e070bdb25dca0a94f",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "modules-with-keys-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1763421233, "lastModified": 1763421233,
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
@ -1408,7 +1466,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1763553727, "lastModified": 1763553727,
"narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=", "narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=",
@ -1424,7 +1482,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1763191728, "lastModified": 1763191728,
"narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=", "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",
@ -1440,7 +1498,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1761236834, "lastModified": 1761236834,
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
@ -1456,7 +1514,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1762977756, "lastModified": 1762977756,
"narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
@ -1499,7 +1557,6 @@
"inputs": { "inputs": {
"catppuccin": "catppuccin", "catppuccin": "catppuccin",
"devenv": "devenv", "devenv": "devenv",
"fenix": "fenix",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"git-hooks": "git-hooks_2", "git-hooks": "git-hooks_2",
"gpg-base-conf": "gpg-base-conf", "gpg-base-conf": "gpg-base-conf",
@ -1516,8 +1573,9 @@
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nix-ld": "nix-ld", "nix-ld": "nix-ld",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-raspberrypi": "nixos-raspberrypi",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-latest-factorio": "nixpkgs-latest-factorio", "nixpkgs-latest-factorio": "nixpkgs-latest-factorio",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
@ -1530,23 +1588,6 @@
"zls": "zls" "zls": "zls"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1763648203,
"narHash": "sha256-/WJdebbRD+m5vr2xy/bJdCpqd7YHSMapjuXAM/0lvtA=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "eaaa2da9fbbfd7a79ff501e0563351cb2004574a",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1573,7 +1614,7 @@
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_5",
"git-hooks": "git-hooks_3", "git-hooks": "git-hooks_3",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1763564778, "lastModified": 1763564778,
@ -1591,7 +1632,7 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1763607916, "lastModified": 1763607916,
@ -1669,7 +1710,7 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1762938485, "lastModified": 1762938485,
@ -1762,7 +1803,7 @@
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1763663426, "lastModified": 1763663426,

34
flake.nix
View file

@ -1,5 +1,5 @@
{ {
description = "All encompassing flake"; description = "Infrastructure flake for my machines";
outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules); outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
@ -25,12 +25,6 @@
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
# Run unpatched dynamically compiled binaries
nix-ld = { nix-ld = {
url = "github:Mic92/nix-ld"; url = "github:Mic92/nix-ld";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -41,6 +35,15 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
# Support for special cases
nixos-wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-raspberrypi.url = "github:nvmd/nixos-raspberrypi/main";
############
nix-gaming = { nix-gaming = {
url = "github:fufexan/nix-gaming"; url = "github:fufexan/nix-gaming";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -77,7 +80,7 @@
niri-flake = { niri-flake = {
url = "github:sodiboo/niri-flake"; url = "github:sodiboo/niri-flake";
# url = "github:Daholli/niri-flake/1067d35dd18f6a55f79873c944f1427a9eb7caa7"; # url = "github:Daholli/niri-flake/1067d35dd18f6a55f79873c944f1427a9eb7caa7"; # for debugging
inputs = { inputs = {
niri-stable.follows = "niri"; niri-stable.follows = "niri";
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
@ -89,9 +92,8 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# GPG default configuration
gpg-base-conf = { gpg-base-conf = {
url = "github:drduh/config"; url = "github:drduh/config"; # GPG default configuration
flake = false; flake = false;
}; };
@ -99,8 +101,8 @@
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
################ ###
## inputs for dev shells # inputs for dev shells
git-hooks = { git-hooks = {
url = "github:cachix/git-hooks.nix"; url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -111,7 +113,7 @@
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; };
# zig # Zig
zig-overlay = { zig-overlay = {
url = "github:mitchellh/zig-overlay"; url = "github:mitchellh/zig-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -122,12 +124,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.zig-overlay.follows = "zig-overlay"; inputs.zig-overlay.follows = "zig-overlay";
}; };
# rust
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
} }

30
modules/flake-parts/host-machines.nix
View file

@ -19,18 +19,32 @@ in
name = lib.removePrefix prefix name; name = lib.removePrefix prefix name;
}; };
}; };
raspberrypis = [ "nixberry" ];
in in
{ {
name = lib.removePrefix prefix name; name = lib.removePrefix prefix name;
value = inputs.nixpkgs.lib.nixosSystem { value =
inherit specialArgs; if builtins.elem name raspberrypis then
modules = module.imports ++ [ inputs.nixos-raspberrypi.lib.nixosSystem {
inputs.home-manager.nixosModules.home-manager inherit specialArgs;
{ modules = module.imports ++ [
home-manager.extraSpecialArgs = specialArgs; inputs.home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
} }
]; else
}; inputs.nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = module.imports ++ [
inputs.home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
} }
)) ))
]; ];

1
modules/hosts/loptland/default.nix
View file

@ -33,6 +33,7 @@ in
# System modules # System modules
base base
server server
loptland-acme
hydra hydra
forgejo forgejo
forgejo-runner forgejo-runner

248
modules/hosts/nixberry/default.nix
View file

@ -5,7 +5,251 @@
let let
in in
{ {
flake.modules.nixos."hosts/nixberry" = { flake.modules.nixos."hosts/nixberry" =
{ inputs, pkgs, ... }:
let
}; ipAddress = "192.168.178.2";
sopsFile = ../../../secrets/secrets-nixberry.yaml;
kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
in
{
nixpkgs = {
config.allowUnfree = true;
hostPlatform = {
system = "aarch64-linux";
};
overlays = [
(self: super: {
inherit (kernelBundle) raspberrypiWirelessFirmware;
inherit (kernelBundle) raspberrypifw;
})
];
};
boot = {
loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw;
loader.raspberryPi.bootloader = "kernel";
kernelPackages = kernelBundle.linuxPackages_rpi5;
};
system.nixos.tags =
let
cfg = config.boot.loader.raspberryPi;
in
[
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
imports =
with config.flake.modules.nixos;
with inputs.nixos-raspberrypi.nixosModules;
[
inputs.catppuccin.nixosModules.catppuccin
raspberry-pi-5.base
raspberry-pi-5.page-size-16k # Recommended: optimizations and fixes for issues arising from 16k memory page size (only for systems running default rpi5 (bcm2712) kernel)
raspberry-pi-5.bluetooth
raspberry-pi-5.display-vc4 # display
# System modules
base
server
cholli
]
++ [
{
home-manager.users.cholli = {
imports = with config.flake.modules.homeManager; [
inputs.catppuccin.homeModules.catppuccin
# components
base
# Activate all user based config
cholli
];
};
}
];
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
networking = {
interfaces.end0 = {
ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
useDHCP = true;
};
interfaces.wlan0 = {
ipv4.addresses = [
{
address = "192.168.178.3";
prefixLength = 24;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.178.1";
interface = "wlan0";
};
wireless = {
enable = true;
networks = {
"Slow Internet" = {
pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
};
};
};
firewall = {
allowedTCPPorts = [
443
53
80
];
allowedUDPPorts = [
53
];
};
};
services.adguardhome = {
enable = true;
host = ipAddress;
port = 80;
settings = {
http = {
address = "0.0.0.0:80";
};
dns = {
ratelimit = 0;
bind_hosts = [ "0.0.0.0" ];
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.8.4.4"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
};
filters =
map
(url: {
enabled = true;
url = url;
})
[
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
];
statistics = {
enabled = true;
interval = "8760h";
};
};
};
services.home-assistant = {
enable = true;
configWritable = true;
extraComponents = [
"default_config"
"analytics"
"shopping_list"
"fritzbox"
"met"
"esphome"
"rpi_power"
"tuya"
];
customComponents = with pkgs.home-assistant-custom-components; [
smartthinq-sensors
sleep_as_android
];
extraPackages =
python3Packages: with python3Packages; [
ical
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
mushroom
bubble-card
clock-weather-card
vacuum-card
];
config = {
homeassistant = {
latitude = 49.4;
longitude = 8.6;
temperature_unit = "C";
unit_system = "metric";
external_url = "https://ha.christophhollizeck.dev";
internal_url = "http://192.168.178.2:8123";
};
default_config = "";
mobile_app = "";
recorder = "";
lovelace = {
# mode = "yaml";
resources = [
{
url = "/local/nixos-lovelace-modules/vacuum-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/bubble-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/clock-weather-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/mushroom.js";
type = "module";
}
];
};
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"100.86.250.97" # loptland tailscale
];
};
};
openFirewall = true;
};
};
} }

2
modules/server/acme.nix
View file

@ -1,5 +1,5 @@
topLevel: { topLevel: {
flake.modules.nixos.server = flake.modules.nixos.loptland-acme =
{ {
config, config,
lib, lib,