dp/nixcfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Add leviathan

Browse Source
This commit is contained in:
Daniel Patterson
2025-08-25 01:18:32 +01:00
parent fdf7719a4e
commit 8367b03304
11 changed files with 378 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"lastModified": 1760836749,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
"type": "github"
},
"original": {
@@ -41,11 +41,11 @@
]
},
"locked": {
"lastModified": 1748883665,
"narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
"lastModified": 1752264895,
"narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=",
"owner": "cachix",
"repo": "cachix",
"rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
"rev": "47053aef762f452e816e44eb9a23fbc3827b241a",
"type": "github"
},
"original": {
@@ -55,6 +55,27 @@
"type": "github"
}
},
"copyparty": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761420116,
"narHash": "sha256-k8v/AvYeJmiKMjDd4xw6oG8idyXYYxKEsObB+Dkv6N4=",
"owner": "9001",
"repo": "copyparty",
"rev": "4fcd2c41932d731b052bf1be6879b4310f4d3e10",
"type": "github"
},
"original": {
"owner": "9001",
"repo": "copyparty",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@@ -81,6 +102,7 @@
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": [
@@ -88,11 +110,11 @@
]
},
"locked": {
"lastModified": 1754158015,
"narHash": "sha256-B/o0XiDj06Knm7t/9KmLKnkrpI9s5O13qU+SNL/4Gp8=",
"lastModified": 1761427990,
"narHash": "sha256-MnrJFwdkwt0FHvRj6vbVfCBWoAPW9O9+HOldMM1yeR8=",
"owner": "cachix",
"repo": "devenv",
"rev": "062f3f42de2f6bb7382f88f6dbcbbbaa118a3791",
"rev": "7419c04fc798d5d5918413d4cb6c8629f9d4e8a3",
"type": "github"
},
"original": {
@@ -137,16 +159,15 @@
"inputs": {
"nixpkgs-lib": [
"devenv",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
@@ -156,6 +177,21 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
@@ -170,7 +206,7 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
@@ -188,7 +224,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
@@ -219,11 +255,11 @@
]
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"type": "github"
},
"original": {
@@ -262,11 +298,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1754074888,
"narHash": "sha256-trRykvG3vaprmxyI4IMN/zUYzeyaoHvJ/rb1btB+vME=",
"lastModified": 1760925941,
"narHash": "sha256-M+EJsr6z05heKk6iuh3RWZS+9gAMBwG9IyryACVpOy0=",
"owner": "tailscale",
"repo": "golink",
"rev": "491e52901739bdc284fc969c25aef08687ead4bc",
"rev": "42765dea97afa9f9f5ea167fb0df6f5372d78481",
"type": "github"
},
"original": {
@@ -303,11 +339,11 @@
]
},
"locked": {
"lastModified": 1754225444,
"narHash": "sha256-mv01SQtqlhBMavc1dgNjgqJw4WfZxy+w3xBgwJU3YmU=",
"lastModified": 1761468550,
"narHash": "sha256-nY4vyN1QdHhC5Gj3545fI2Y7FSr/gs8ID4gPmF8HPww=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0de18bd5c6681280d7ae017fa34ffd91bdcf0557",
"rev": "1830716059bfee7cbcfbfcc38d7be98e482a5762",
"type": "github"
},
"original": {
@@ -340,7 +376,7 @@
},
"i3utils": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
@@ -366,7 +402,10 @@
"devenv",
"flake-compat"
],
"flake-parts": "flake-parts",
"flake-parts": [
"devenv",
"flake-parts"
],
"git-hooks-nix": [
"devenv",
"git-hooks"
@@ -383,23 +422,23 @@
]
},
"locked": {
"lastModified": 1752773918,
"narHash": "sha256-dOi/M6yNeuJlj88exI+7k154z+hAhFcuB8tZktiW7rg=",
"lastModified": 1758763079,
"narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=",
"owner": "cachix",
"repo": "nix",
"rev": "031c3cf42d2e9391eee373507d8c12e0f9606779",
"rev": "6f0140527c2b0346df4afad7497baa08decb929f",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "devenv-2.30",
"ref": "devenv-2.30.5",
"repo": "nix",
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
@@ -420,11 +459,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1753939845,
"narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=",
"lastModified": 1761373498,
"narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "94def634a20494ee057c76998843c015909d6311",
"rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
"type": "github"
},
"original": {
@@ -468,6 +507,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"copyparty": "copyparty",
"devenv": "devenv",
"golink": "golink",
"home-manager": "home-manager_2",
@@ -547,11 +587,11 @@
]
},
"locked": {
"lastModified": 1754193284,
"narHash": "sha256-ZGLXnpXy7vcTDLC1yLQSJOclsilvK+RNFVVEeO0ei/0=",
"lastModified": 1761471016,
"narHash": "sha256-sCiTEdvR5bnsAKmm0BcR6DLN4YKSUa43xLopA0VHYww=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "ac2b25e76f5bfe1e30ae39409dfa450c5c1bc945",
"rev": "9876658e1abf52bafa06bec7b0c2ba7e03931b0e",
"type": "github"
},
"original": {
@@ -563,15 +603,15 @@
"zig": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1753963984,
"narHash": "sha256-JPiCLZHuNk11XYYCqoLoKYIgdUu2WpNccTzl4ljycTQ=",
"lastModified": 1760747435,
"narHash": "sha256-wNB/W3x+or4mdNxFPNOH5/WFckNpKgFRZk7OnOsLtm0=",
"owner": "mitchellh",
"repo": "zig-overlay",
"rev": "45772b76cdb103bd300abac4a85a34518dee65a0",
"rev": "d0f239b887b1ac736c0f3dde91bf5bf2ecf3a420",
"type": "github"
},
"original": {

12
flake.nix
View File

@@ -9,6 +9,9 @@
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
copyparty.url = "github:9001/copyparty";
copyparty.inputs.nixpkgs.follows = "nixpkgs";
devenv.url = "github:cachix/devenv";
devenv.inputs.nixpkgs.follows = "nixpkgs";
@@ -34,6 +37,7 @@
nixpkgs,
nixpkgs-stable,
agenix,
copyparty,
devenv,
golink,
home-manager,
@@ -46,6 +50,7 @@
system = "x86_64-linux";
overlays = [
copyparty.overlays.default
golink.overlays.default
nixgl.overlay
zig.overlays.default
@@ -101,6 +106,8 @@
agenix.nixosModules.default
copyparty.nixosModules.default
golink.nixosModules.default
home-manager.nixosModules.home-manager
@@ -159,6 +166,11 @@
headless = false;
np = nixpkgs;
};
leviathan = hostSystem {
hostname = "leviathan";
headless = true;
np = nixpkgs;
};
};
homeConfigurations = {
"deck" = deckSystem {

2
hosts/common/default.nix
View File

@@ -11,7 +11,7 @@
isNormalUser = true;
home = "/home/${userName}";
initialPassword = "password";
extraGroups = ["wheel" "networkmanager" "docker" "video" "syncthing"];
extraGroups = ["wheel" "networkmanager" "docker" "video" "syncthing" "audio" "media"];
uid = uid;
group = "users";
shell = pkgs.zsh;

190
hosts/leviathan/configuration.nix Normal file
View File

@@ -0,0 +1,190 @@
{
config,
lib,
pkgs,
...
}: let
zfsCompatibleKernelPackages =
lib.filterAttrs (
name: kernelPackages:
(builtins.match "linux_[0-9]+_[0-9]+" name)
!= null
&& (builtins.tryEval kernelPackages).success
&& (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)
)
pkgs.linuxKernel.packages;
latestKernelPackage = lib.last (
lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
builtins.attrValues zfsCompatibleKernelPackages
)
);
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../common
(import ../../modules).leviathan
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = lib.mkForce latestKernelPackage;
boot.supportedFilesystems = ["zfs"];
networking = {
useDHCP = false;
hostName = "leviathan";
hostId = "abcd1234";
interfaces.enp1s0.useDHCP = true;
interfaces.br0.useDHCP = true;
nameservers = [
"1.1.1.1"
];
firewall.allowedTCPPorts = [8000 8123 8095];
bridges.br0.interfaces = ["enp1s0"];
# interfaces.br0 = {
# useDHCP = false;
# ipv4.addresses = [{
# address = "192.168.1.200";
# prefixLength = 24;
# }];
# };
};
environment.systemPackages = with pkgs; [
helix
kitty # For terminfo
lazygit
];
containers.radarr = {
autoStart = true;
bindMounts = {
"/data" = {
hostPath = "/store/media";
mountPoint = "/store/media";
isReadOnly = false;
};
};
config = {
config,
pkgs,
lib,
...
}: {
services.radarr = {
enable = true;
user = "root";
group = "root";
};
system.stateVersion = "24.11";
};
};
services.openssh.settings.PermitRootLogin = "yes";
security.rtkit.enable = true;
users.groups."media".name = "media";
services = {
copyparty = {
enable = true;
settings = {
i = "100.64.214.3";
};
accounts = {
};
volumes = {
"/" = {
path = "/srv/copyparty";
access = {
rw = "*";
};
};
};
};
jellyfin = {
enable = true;
group = "media";
};
music-assistant = {
enable = true;
providers = [
"builtin_player"
"chromecast"
"hass"
"hass_players"
"soundcloud"
"spotify"
"spotify_connect"
"ytmusic"
];
};
pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
wireplumber.enable = true;
};
};
programs.virt-manager.enable = true;
virtualisation = {
libvirtd = {
enable = true;
allowedBridges = ["br0"];
};
oci-containers = {
backend = "podman";
containers.homeassistant = {
volumes = ["home-assistant:/config"];
environment.TZ = "Europe/Berlin";
image = "ghcr.io/home-assistant/home-assistant:2025.10.2";
extraOptions = [
# Use the host network namespace for all sockets
"--network=host"
# Pass devices into the container, so Home Assistant can discover and make use of them
"--device=/dev/ttyUSB0:/dev/ttyUSB0"
];
};
};
};
# systemd.services.libvirt-default-network = {
# description = "Start libvirt bridge network";
# after = ["libvirtd.service"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.libvirt}/bin/virsh net-start bridged-network";
# ExecStop = "${pkgs.libvirt}/bin/virsh net-destroy bridged-network";
# User = "root";
# };
# };
# systemd.services.libvirt-home-assistant = {
# description = "Start home assistant VM";
# after = ["libvirt-default-network.service"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.libvirt}/bin/virsh start hass";
# ExecStop = "${pkgs.libvirt}/bin/virsh destroy hass";
# User = "root";
# };
# };
system.stateVersion = "25.05"; # Did you read the comment?
}

67
hosts/leviathan/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,67 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "zpool/root";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/nix" = {
device = "zpool/nix";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var" = {
device = "zpool/var";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/home" = {
device = "zpool/home";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/95BF-1B15";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices = [
{
device = "/dev/disk/by-partuuid/db6bcd05-29fb-470a-aeba-f9f2648564af";
randomEncryption = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
modules/default.nix
View File

@@ -31,4 +31,6 @@
./gitea
];
};
leviathan = {};
}

2
users/configs/desktop/default.nix
View File

@@ -10,4 +10,6 @@
./tofi
./waybar
];
zen-browser.enable = true;
}

3
users/configs/desktop/fuzzel/default.nix
View File

@@ -1,5 +1,4 @@
{pkgs, ...}:
{
{pkgs, ...}: {
programs.fuzzel = {
enable = true;
settings = {

3
users/configs/desktop/niri/default.nix
View File

@@ -1,5 +1,4 @@
{...}:
{
{...}: {
home.file = {
".config/niri/config.kdl".source = ./config.kdl;
};

2
users/daniel/default.nix
View File

@@ -187,8 +187,6 @@ in {
vscode.enable = true;
zen-browser.enable = true;
zsh = {
enable = true;
autosuggestion.enable = true;

21
users/daniel/host-specific/leviathan/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{pkgs, ...}: let
# librespot = pkgs.callPackage ../../../../packages/librespot.nix {
# withPulseAudio = true;
# withRodio = true;
# };
in {
services.librespot = {
enable = true;
# package = librespot;
settings = {
# "zeroconf-port" = 12345;
# "verbose" = true;
"name" = "Ships Comms";
# "bitrate" = "320";
# "format" = "S32";
"disable-credential-cache" = true;
};
};
}