blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: blake:d4f55ea04221c8388df9281c5c7c61dfd5f36b4c
Branches Tags
blake:trunk
..
compare: blake:6d3ae434a5296704bea9066e6454e08caa97e7e6
Branches Tags
blake:trunk

3 Commits
d4f55ea042 ... 6d3ae434a5

Author SHA1 Message Date
blake
6d3ae434a5 so much shit my b, adding db backups tho 2025-10-17 19:42:39 -05:00
blake
1cc6abb89a testing use of unstable 2025-10-17 16:11:31 -05:00
blake
25122a4c9c restructure hosts 2025-10-17 16:03:44 -05:00
14 changed files with 200 additions and 57 deletions
Expand all files Collapse all files

36
flake.lock generated
View File

@@ -88,6 +88,23 @@
"type": "github"
}
},
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1758543057,
"narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
"owner": "Homebrew",
"repo": "brew",
"rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "4.6.12",
"repo": "brew",
"type": "github"
}
},
"copyparty": {
"inputs": {
"flake-utils": "flake-utils",
@@ -285,6 +302,24 @@
"type": "github"
}
},
"nix-homebrew": {
"inputs": {
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1758598228,
"narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "nix-homebrew",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1748162331,
@@ -386,6 +421,7 @@
"copyparty": "copyparty",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nix-homebrew": "nix-homebrew",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nvf": "nvf",

18
flake.nix
View File

@@ -10,6 +10,7 @@
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-homebrew.url = "github:zhaofengli/nix-homebrew";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
@@ -40,6 +41,7 @@
nixpkgs,
nixpkgs-unstable,
nix-darwin,
nix-homebrew,
...
} @ inputs: let
systems = {
@@ -55,7 +57,7 @@
system = systems.x86_64;
specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
modules = [
./hosts/snowbelle/configuration.nix
./hosts/nixos/snowbelle/configuration.nix
inputs.home-manager.nixosModules.default
];
};
@@ -63,7 +65,7 @@
system = systems.x86_64;
specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
modules = [
./hosts/vaniville/configuration.nix
./hosts/nixos/vaniville/configuration.nix
inputs.home-manager.nixosModules.default
];
};
@@ -71,10 +73,18 @@
darwinConfigurations = {
CEN-IT-07 = nix-darwin.lib.darwinSystem {
system = systems.darwin;
specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
specialArgs = {inherit inputs stable_pkgs unstable_pkgs nix-homebrew;};
modules = [
./hosts/cen-it-07/configuration.nix
./hosts/darwin/cen-it-07/configuration.nix
inputs.home-manager.darwinModules.default
nix-homebrew.darwinModules.nix-homebrew
{
nix-homebrew = {
enable = true; # install homebrew
enableRosetta = true; # install homebrew for rosetta as well
user = "blake"; # user owning homebrew prefix
};
}
];
};
};

40
hosts/darwin/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
pkgs,
config,
lib,
inputs,
...
}: {
imports = [
];
# base system package install list
environment.systemPackages = with pkgs; [
wget
curl
rsync
git
age
fzf
neofetch
usbutils
pciutils
python3
vim
lf
btop
powertop
];
# set timezone
time.timeZone = "America/Chicago";
# allow proprietary packages
nixpkgs.config.allowUnfree = true;
# enable flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
users.defaultUserShell = pkgs.zsh;
}

0
hosts/default.nix → hosts/nixos/default.nix
View File

12
hosts/snowbelle/configuration.nix → hosts/nixos/snowbelle/configuration.nix
View File

@@ -8,12 +8,12 @@ in
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../hosts
../../users/blake
../../modules/system
../../modules/holocron
../../modules/homelab
../../modules/homelab/minecraft_recpro
../../nixos
../../../users/blake
../../../modules/system
../../../modules/holocron
../../../modules/homelab
../../../modules/homelab/minecraft_recpro
];
system = {

0
hosts/snowbelle/hardware-configuration.nix → hosts/nixos/snowbelle/hardware-configuration.nix
View File

0
hosts/vaniville/configuration.nix → hosts/nixos/vaniville/configuration.nix
View File

2
modules/holocron/perms/default.nix
View File

@@ -42,7 +42,7 @@ in {
user=$(basename "$user_dir")
echo "starting $user_dir"
chown -Rc "$user:$user" "$user_dir"
chmod -Rc 700 "$user_dir"
chmod -Rc 770 "$user_dir"
fi
done
echo "fin"

10
modules/holocron/smb/default.nix
View File

@@ -16,6 +16,16 @@ let
"create mask" = "0775";
"directory mask" = "0775";
};
timemachine = {
"path" = "/mnt/Shares/tm_share";
"valid users" = "username";
"public" = "no";
"writeable" = "yes";
"force user" = "username";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
users = {
path = "/holocron/users";
browseable = true;

33
modules/homelab/immich/default.nix
View File

@@ -1,12 +1,16 @@
{ pkgs, config, lib, inputs, ... }:
let
{
pkgs,
config,
lib,
inputs,
unstable_pkgs,
...
}: let
service = "immich";
cfg = config.homelab.${service};
sec = config.sops.secrets;
homelab = config.homelab;
in
{
in {
options.homelab.${service} = {
enable = lib.mkEnableOption "enables ${service}";
@@ -43,7 +47,6 @@ in
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = {gid = lib.mkForce cfg.ids;};
@@ -55,26 +58,31 @@ in
home = cfg.data_dir;
createHome = true;
group = service;
extraGroups = [ "video" "render" ];
extraGroups = ["video" "render" "blake"];
};
# enable the ${service} service
services.${service} = {
enable = true;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
#package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
package = unstable_pkgs.x86_64.immich;
openFirewall = true;
user = service;
group = service;
mediaLocation = cfg.data_dir;
host = "0.0.0.0";
port = cfg.port;
settings.server.externalDomain = "https://pics.blakedheld.xyz";
settings = null;
#settings.server.externalDomain = "https://photos.blakedheld.xyz";
};
# override umask to make permissions work out
# systemd.services."${toString service}-server".serviceConfig = {
# UMask = lib.mkForce "0007";
# };
# systemd.services."${toString service}-machine-learning".serviceConfig = {
# UMask = lib.mkForce "0007";
# };
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
@@ -89,12 +97,15 @@ in
};
# add to glance
homelab.glance.links.services = [{
homelab.glance.links.services = [
{
title = service;
url = "https://photos.${homelab.public_domain}";
error-url = "http://${homelab.host_ip}:${toString cfg.port}";
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}"; }];
icon = "di:${service}";
}
];
# add to backups
system.backups.baks = {

43
modules/system/backups/default.nix
View File

@@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
/*
this module enables a backup script made with borg!
to use import & set the options below
@@ -13,13 +17,11 @@ in a borg archive to the specified repo
${service} = { paths = [ cfg.data_dir ]; };
};
*/
let
cfg = config.system.backups;
sec = config.sops.secrets;
borg = "${pkgs.borgbackup}/bin/borg";
in
{
in {
options.system.backups = {
enable = lib.mkEnableOption "enables backups with borg";
baks = lib.mkOption {
@@ -45,7 +47,6 @@ in
};
config = lib.mkIf (cfg.enable && cfg.baks != {}) {
systemd.tmpfiles.rules = [
"d /holocron/archives 2770 root archives - -"
];
@@ -78,8 +79,8 @@ in
if [ "$mode" = "split" ]; then
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (bak_name: bak_paths:
''
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
@@ -100,7 +101,8 @@ in
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::$archive\""
''
) cfg.baks)}
)
cfg.baks)}
exit 0
else
# flatten all paths from cfg.baks into one big list
@@ -152,6 +154,29 @@ in
};
};
# db backups
services.mysqlBackup = lib.mkIf config.services.mysql.enable {
# mc servers use this
enable = true;
location = "/var/backup/mysql";
user = "root";
startAt = "03:58";
compression = "zstd";
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
};
services.postgresqlBackup = config.services.postgresql.enable {
# immich uses this
enable = true;
location = "/var/backup/postgresql";
compression = "gzip"; # optional: "xz", "zstd", "none"
startAt = "03:58";
user = "postgres";
databases = ["immich"]; # set to all databases defined in esure databases
#databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
};
services.mysql.ensureDatabases = ["FUCKING_NOTICE_ME"];
# install borg binary
environment.systemPackages = with pkgs; [borgbackup tree];

2
users/blake/default.nix
View File

@@ -10,7 +10,7 @@
users = {
blake = {
isNormalUser = true;
extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable sudo for the user.
extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" "immich" ]; # Enable sudo for the user.
uid = 1000;
shell = pkgs.zsh;
group = "blake";

10
users/blake/dots/darwin/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{
pkgs,
config,
lib,
inputs,
...
}:
{
}

5
users/blake/home.nix
View File

@@ -12,13 +12,14 @@
homeDirectory = "/home/blake";
};
home_darwin = {
username = "bdhelderman";
homeDirectory = "/Users/bdhelderman";
username = "bhelderman";
homeDirectory = "/Users/bhelderman";
};
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
./dots/darwin
./dots/neovim
./dots/lf
./dots/zsh