initial commit to self-hosted git

author: tdback <tyler@tdback.net> 2024-12-21 15:32:13 -0500
committer: tdback <tyler@tdback.net> 2024-12-21 15:32:13 -0500
commit: 0a5754541bb01e96021ca7ee74f1256a8ee68bc4 (patch)
tree: 2d0b8089e98239963a1e240cff676b1515fc8431 /modules/profiles
15 files changed, 288 insertions, 0 deletions
diff --git a/modules/profiles/common/default.nix b/modules/profiles/common/default.nix
new file mode 100644
index 0000000..c25fece
--- /dev/null
+++ b/modules/profiles/common/default.nix
@@ -0,0 +1,46 @@
+{ inputs, lib, pkgs, ... }:
+{
+  nix = {
+    settings = {
+      trusted-users = [ "@wheel" "root" ];
+      experimental-features = lib.mkDefault [
+        "nix-command"
+        "flakes"
+        "pipe-operators"
+      ];
+      auto-optimise-store = true;
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 14d";
+    };
+  };
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = (_: true);
+    };
+    overlays = [
+      (final: prev: {
+        unstable = import inputs.nixpkgs-unstable {
+          system = final.system;
+          config.allowUnfree = true;
+        };
+      })
+    ];
+  };
+
+  programs = {
+    git.enable = true;
+    htop.enable = true;
+    neovim = {
+      enable = true;
+      package = pkgs.unstable.neovim-unwrapped;
+      viAlias = true;
+      vimAlias = true;
+      defaultEditor = true;
+    };
+  };
+}
diff --git a/modules/profiles/fstrim/default.nix b/modules/profiles/fstrim/default.nix
new file mode 100644
index 0000000..03da691
--- /dev/null
+++ b/modules/profiles/fstrim/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  services.fstrim = {
+    enable = true;
+    interval = "weekly";
+  };
+}
diff --git a/modules/profiles/libvirtd/default.nix b/modules/profiles/libvirtd/default.nix
new file mode 100644
index 0000000..fa617d1
--- /dev/null
+++ b/modules/profiles/libvirtd/default.nix
@@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      ovmf.enable = true;
+      runAsRoot = false;
+    };
+    onBoot = "ignore";
+    onShutdown = "shutdown";
+  };
+
+  programs.virt-manager.enable = true;
+
+  # Add any users in the 'wheel' group to the 'libvirtd' group.
+  users.groups.libvirtd.members = let users = config.users.users; in
+    builtins.attrNames users
+    |> builtins.filter (
+      x: builtins.elem "wheel" users.${x}.extraGroups
+    );
+}
diff --git a/modules/profiles/nvidia/default.nix b/modules/profiles/nvidia/default.nix
new file mode 100644
index 0000000..50e0f6f
--- /dev/null
+++ b/modules/profiles/nvidia/default.nix
@@ -0,0 +1,16 @@
+{ config, ... }:
+{
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    open = false;
+    nvidiaSettings = true;
+    forceFullCompositionPipeline = true;
+    modesetting.enable = true;
+    powerManagement = {
+      enable = false;
+      finegrained = false;
+    };
+  };
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+}
diff --git a/modules/profiles/pipewire/default.nix b/modules/profiles/pipewire/default.nix
new file mode 100644
index 0000000..ac70f08
--- /dev/null
+++ b/modules/profiles/pipewire/default.nix
@@ -0,0 +1,13 @@
+{ ... }:
+{
+  services.pipewire = {
+    enable = true;
+    alsa = {
+      enable = true;
+      support32Bit = true;
+    };
+    pulse.enable = true;
+  };
+
+  security.rtkit.enable = true;
+}
diff --git a/modules/profiles/podman/default.nix b/modules/profiles/podman/default.nix
new file mode 100644
index 0000000..1ec3406
--- /dev/null
+++ b/modules/profiles/podman/default.nix
@@ -0,0 +1,12 @@
+{ ... }:
+{
+  virtualisation = {
+    containers.enable = true;
+    oci-containers.backend = "podman";
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+}
diff --git a/modules/profiles/security/default.nix b/modules/profiles/security/default.nix
new file mode 100644
index 0000000..47fe1a3
--- /dev/null
+++ b/modules/profiles/security/default.nix
@@ -0,0 +1,16 @@
+{ lib, ... }:
+{
+  security = {
+    polkit.enable = true;
+
+    sudo.enable = lib.mkDefault false;
+    doas = {
+      enable = lib.mkDefault true;
+      extraRules = [{
+        groups = [ "wheel" ];
+        keepEnv = true;
+        persist = true;
+      }];
+    };
+  };
+}
diff --git a/modules/profiles/share/default.nix b/modules/profiles/share/default.nix
new file mode 100644
index 0000000..c4ee4ff
--- /dev/null
+++ b/modules/profiles/share/default.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  users = {
+    users.share = {
+      uid = 994;
+      isSystemUser = true;
+      group = "share";
+    };
+    groups.share.gid = 994;
+  };
+}
diff --git a/modules/profiles/steam/default.nix b/modules/profiles/steam/default.nix
new file mode 100644
index 0000000..c8008f9
--- /dev/null
+++ b/modules/profiles/steam/default.nix
@@ -0,0 +1,8 @@
+{ ... }:
+{
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+}
diff --git a/modules/profiles/upgrade/default.nix b/modules/profiles/upgrade/default.nix
new file mode 100644
index 0000000..32c49a8
--- /dev/null
+++ b/modules/profiles/upgrade/default.nix
@@ -0,0 +1,30 @@
+{ inputs, config, ... }:
+{
+  system.autoUpgrade = {
+    enable = true;
+    flake = inputs.self.outPath;
+    flags = [
+      "--update-input"
+      "nixpkgs"
+      "-L"
+    ];
+    dates = "Sat *-*-* 06:00:00";
+    randomizedDelaySec = "45min";
+    allowReboot = true;
+  };
+
+  systemd.services."reboot-alert" =
+    let
+      hostname = config.networking.hostName;
+      dependencies = [ "network-online.target" ];
+    in {
+      wantedBy = [ "multi-user.target" ];
+      wants = dependencies;
+      after = dependencies;
+      serviceConfig.Type = "oneshot";
+      script = ''
+        /run/current-system/sw/bin/pushover -t "${hostname} restarted" \
+          "${hostname} has restarted on $(date '+%a, %b %d at %T %p %Z')."
+      '';
+    };
+}
diff --git a/modules/profiles/vpn/default.nix b/modules/profiles/vpn/default.nix
new file mode 100644
index 0000000..0482c31
--- /dev/null
+++ b/modules/profiles/vpn/default.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  networking.nameservers = [ "9.9.9.9" ];
+
+  services = {
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+
+    resolved = {
+      enable = true;
+      dnssec = "true";
+      domains = [ "~." ];
+      dnsovertls = "true";
+    };
+  };
+}
diff --git a/modules/profiles/wireguard/default.nix b/modules/profiles/wireguard/default.nix
new file mode 100644
index 0000000..8c25d7a
--- /dev/null
+++ b/modules/profiles/wireguard/default.nix
@@ -0,0 +1,15 @@
+{ ... }:
+let
+  port = 51820;
+in
+{
+  networking = {
+    firewall.allowedUDPPorts = [ port ];
+
+    wg-quick.interfaces.wg0 = {
+      autostart = true;
+      listenPort = port;
+      configFile = "/etc/wireguard/wg0.conf";
+    };
+  };
+}
diff --git a/modules/profiles/wireshark/default.nix b/modules/profiles/wireshark/default.nix
new file mode 100644
index 0000000..d4d0627
--- /dev/null
+++ b/modules/profiles/wireshark/default.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark;
+  };
+
+  # Add any users in the 'wheel' group to the 'wireshark' group.
+  users.groups.wireshark.members = let users = config.users.users; in
+    builtins.attrNames users
+    |> builtins.filter (
+      x: builtins.elem "wheel" users.${x}.extraGroups
+    );
+}
diff --git a/modules/profiles/x11/default.nix b/modules/profiles/x11/default.nix
new file mode 100644
index 0000000..52e7975
--- /dev/null
+++ b/modules/profiles/x11/default.nix
@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+{
+  services = {
+    xserver = {
+      enable = true;
+      xkb.layout = "us";
+      displayManager.lightdm.enable = true;
+      windowManager.bspwm.enable = true;
+    };
+
+    displayManager.autoLogin = {
+      enable = true;
+      user = "tdback";
+    };
+  };
+
+  hardware.graphics.enable32Bit = true;
+
+  environment.systemPackages = with pkgs.xorg; [
+    libX11
+    xset
+  ];
+
+  fonts.packages = with pkgs; [
+    dejavu_fonts
+    dina-font
+    iosevka-comfy.comfy-motion-fixed
+    liberation_ttf
+    noto-fonts
+    noto-fonts-emoji
+    ubuntu_font_family
+  ];
+}
diff --git a/modules/profiles/zfs/default.nix b/modules/profiles/zfs/default.nix
new file mode 100644
index 0000000..8344450
--- /dev/null
+++ b/modules/profiles/zfs/default.nix
@@ -0,0 +1,28 @@
+{ lib, pkgs, ... }:
+{
+  boot = {
+    zfs.forceImportRoot = false;
+    supportedFilesystems.zfs = lib.mkForce true;
+  };
+
+  services.zfs = {
+    autoScrub.enable = true;
+    zed = {
+      enableMail = false;
+      settings = {
+        ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+        ZED_EMAIL_ADDR = [ "root" ];
+        ZED_EMAIL_PROG = "/run/current-system/sw/bin/pushover";
+        ZED_EMAIL_OPTS = "-t '@SUBJECT@'";
+        ZED_NOTIFY_INTERVAL_SECS = 3600;
+        ZED_NOTIFY_VERBOSE = true;
+        ZED_USE_ENCLOSURE_LEDS = true;
+        ZED_SCRUB_AFTER_RESILVER = true;
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    zfs
+  ];
+}
author	tdback <tyler@tdback.net>	2024-12-21 15:32:13 -0500
committer	tdback <tyler@tdback.net>	2024-12-21 15:32:13 -0500
commit	0a5754541bb01e96021ca7ee74f1256a8ee68bc4 (patch)
tree	2d0b8089e98239963a1e240cff676b1515fc8431 /modules/profiles