qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity

Compare commits

base: qenya:df688efb7969657432d231518fd3b2fb688e7c83
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
...
compare: qenya:52e3168f8d66378f03112a1b24f4c2e2d4e5b349
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

5 commits
df688efb79 ... 52e3168f8d

Author SHA1 Message Date
Katherina Walshe-Grey 52e3168f8d pipewire-low-latency: Remove 
Not sure it every really did anything useful, and even if it did, my
current streaming setup doesn't need it any more
 2025-03-17 03:00:24 +00:00
Katherina Walshe-Grey d8e85815bd users: custom property to define users with root 2025-03-17 02:57:15 +00:00
Katherina Walshe-Grey 55000c365a web-redirect: init new service for simple domain redirects 2025-03-17 02:25:28 +00:00
Katherina Walshe-Grey addbf7ac3e orm: move actual.qenya.tel -> actual.unspecified.systems 2025-03-17 02:01:22 +00:00
Katherina Walshe-Grey a658c88fc0 flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/0b95936d94ea2a3ce66538f299351cf0b491aa15?dir=pkgs/firefox-addons' (2025-03-07)
  → 'gitlab:rycee/nur-expressions/5a0ac85616aa6b166ea715a41bc1255bb802b189?dir=pkgs/firefox-addons' (2025-03-16)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/95711f926676018d279ba09fe7530d03b5d5b3e2' (2025-03-07)
  → 'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4' (2025-03-14)
• Updated input 'lix-module':
    'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba' (2025-01-18)
  → 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911' (2025-03-13)
• Updated input 'lix-module/lix':
    '2837da71ec.tar.gz?narHash=sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g%3D&rev=2837da71ec1588c1187d2e554719b15904a46c8b' (2025-01-18)
  → '079528098f.tar.gz?narHash=sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW%2BDvDtuv9SwQZZcs%3D&rev=079528098f5998ba13c88821a2eca1005c1695de' (2025-01-18)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/20755fa05115c84be00b04690630cb38f0a203ad' (2025-03-07)
  → 'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0' (2025-03-13)
• Updated input 'nixpkgs-small':
    'github:NixOS/nixpkgs/9290fda826610430b3fc8cc98443c3a2faaaf151' (2025-03-07)
  → 'github:NixOS/nixpkgs/f182029bf7f08a57762b4c762d0917b6803ceff4' (2025-03-15)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/10069ef4cf863633f57238f179a0297de84bd8d3' (2025-03-06)
  → 'github:NixOS/nixpkgs/c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5' (2025-03-15)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/f104cca31ba6c0403b678ad9428726476b503782' (2025-03-07)
  → 'github:NixOS/nixpkgs/f985965fff9d4e5df55df0489ef113d09a6ee08d' (2025-03-16)
• Updated input 'randomcat':
    'github:randomnetcat/nix-configs/814314b94a4d44197d2708d4b48d9df1d14892e2' (2025-03-07)
  → 'github:randomnetcat/nix-configs/a448b9a9ce66f8e1d1a1de1205f384da25574c7b' (2025-03-16)
 2025-03-16 15:09:01 +00:00
12 changed files with 112 additions and 112 deletions
Show stats Expand all files Collapse all files

22
common/users/default.nix
View file

@ -1,3 +1,9 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption types genAttrs;
cfg = config.fountain;
in
{
# TODO: consider DRY-ing these
imports = [
@ -7,5 +13,21 @@
./trungle.nix
];
options.fountain = {
admins = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of users who should have root on this system";
};
};
config = {
users.mutableUsers = false;
users.users = genAttrs cfg.admins
(name: {
extraGroups = [ "wheel" ];
}
);
};
}

58
flake.lock
View file

@ -93,11 +93,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1741379467,
"narHash": "sha256-f314Ke28BGoVh4TK8FCzlPZgOl+oV7PvLyPF++ln9M4=",
"lastModified": 1742097805,
"narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "0b95936d94ea2a3ce66538f299351cf0b491aa15",
"rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189",
"type": "gitlab"
},
"original": {
@ -217,11 +217,11 @@
]
},
"locked": {
"lastModified": 1741378606,
"narHash": "sha256-ytDmwV93lZ1f6jswJkxEQz5cBlwje/2rH/yUZDADZNs=",
"lastModified": 1741955947,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "95711f926676018d279ba09fe7530d03b5d5b3e2",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
"type": "github"
},
"original": {
@ -234,14 +234,14 @@
"flake": false,
"locked": {
"lastModified": 1737234286,
"narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=",
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b",
"narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=",
"rev": "079528098f5998ba13c88821a2eca1005c1695de",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b"
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz"
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
}
},
"lix-module": {
@ -254,11 +254,11 @@
]
},
"locked": {
"lastModified": 1737237494,
"narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=",
"lastModified": 1741892773,
"narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=",
"ref": "stable",
"rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba",
"revCount": 127,
"rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911",
"revCount": 130,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
@ -270,11 +270,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1741332913,
"narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=",
"lastModified": 1741862977,
"narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "20755fa05115c84be00b04690630cb38f0a203ad",
"rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0",
"type": "github"
},
"original": {
@ -301,11 +301,11 @@
},
"nixpkgs-small": {
"locked": {
"lastModified": 1741318725,
"narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=",
"lastModified": 1742072093,
"narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9290fda826610430b3fc8cc98443c3a2faaaf151",
"rev": "f182029bf7f08a57762b4c762d0917b6803ceff4",
"type": "github"
},
"original": {
@ -317,11 +317,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1741246872,
"narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=",
"lastModified": 1742069588,
"narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10069ef4cf863633f57238f179a0297de84bd8d3",
"rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
"type": "github"
},
"original": {
@ -333,11 +333,11 @@
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1741323510,
"narHash": "sha256-zQL0iErtVTxywxyWc7ajRmRNCncny95uD+2wmBHYOzc=",
"lastModified": 1742095305,
"narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f104cca31ba6c0403b678ad9428726476b503782",
"rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d",
"type": "github"
},
"original": {
@ -373,11 +373,11 @@
"randomcat": {
"flake": false,
"locked": {
"lastModified": 1741308008,
"narHash": "sha256-J+7n6svwbpvSoUgFfjfYNVAT50SarBYiwLgTIixjYlM=",
"lastModified": 1742090267,
"narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=",
"owner": "randomnetcat",
"repo": "nix-configs",
"rev": "814314b94a4d44197d2708d4b48d9df1d14892e2",
"rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b",
"type": "github"
},
"original": {

2
hosts/elucredassa/default.nix
View file

@ -37,7 +37,7 @@ in
};
fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ];
fountain.admins = [ "qenya" ];
system.stateVersion = "24.11";
}

2
hosts/kalessin/default.nix
View file

@ -15,7 +15,7 @@ in
networking.domain = "birdsong.network";
fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ];
fountain.admins = [ "qenya" ];
fountain.users.randomcat.enable = true;
fountain.users.trungle.enable = true;

4
hosts/kilgharrah/default.nix
View file

@ -27,12 +27,10 @@ in
console.keyMap = "uk";
services.xserver.xkb.layout = "gb";
qenya.services.pipewire.lowLatency.enable = true;
fountain.users.qenya.enable = true;
age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age;
users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path;
users.users.qenya.extraGroups = [ "wheel" ];
fountain.admins = [ "qenya" ];
home-manager.users.qenya = { pkgs, ... }: {
home.packages = with pkgs; [ obs-studio ];
# For the moment, this hosts some network-accessible services, so we want it on 24/7

13
hosts/orm/default.nix
View file

@ -12,7 +12,7 @@
networking.domain = "birdsong.network";
fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ];
fountain.admins = [ "qenya" ];
qenya.base-server.enable = true;
qenya.services.distributed-builds = {
@ -57,7 +57,16 @@
};
networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ];
qenya.services.actual.enable = true;
qenya.services.actual = {
enable = true;
domain = "actual.unspecified.systems";
};
fountain.services.web-redirect = {
enable = true;
domains = {
"actual.qenya.tel" = "actual.unspecified.systems";
};
};
system.stateVersion = "23.11";
}

2
hosts/tohru/default.nix
View file

@ -31,10 +31,10 @@ in
nix.optimise.automatic = mkForce false;
fountain.users.qenya.enable = true;
fountain.admins = [ "qenya" ];
age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age;
users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path;
users.users.qenya.extraGroups = [
"wheel" # sudo
"networkmanager" # UI wifi configuration
"dialout" # access to serial ports
];

19
hosts/yevaud/default.nix
View file

@ -16,7 +16,7 @@
networking.domain = "birdsong.network";
fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ];
fountain.admins = [ "qenya" ];
qenya.base-server.enable = true;
qenya.services.distributed-builds = {
@ -40,20 +40,17 @@
enable = true;
domain = "git.unspecified.systems";
};
fountain.services.web-redirect = {
enable = true;
domains = {
"git.katherina.rocks" = "git.unspecified.systems";
"git.qenya.tel" = "git.unspecified.systems";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"git.katherina.rocks" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.unspecified.systems$request_uri";
};
"git.qenya.tel" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.unspecified.systems$request_uri";
};
"birdsong.network" = {
forceSSL = true;
enableACME = true;

8
services/actual.nix
View file

@ -1,20 +1,22 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.qenya.services.actual;
domain = "actual.qenya.tel";
in
{
options.qenya.services.actual = {
enable = mkEnableOption "Actual Budget";
domain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts = {
${domain} = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:5006/";

2
services/default.nix
View file

@ -6,7 +6,7 @@
./forgejo.nix
./jellyfin.nix
./navidrome.nix
./pipewire-low-latency.nix
./remote-builder.nix
./web-redirect.nix
];
}

58
services/pipewire-low-latency.nix
View file

@ -1,58 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.qenya.services.pipewire.lowLatency;
in
{
options.qenya.services.pipewire.lowLatency = {
enable = mkEnableOption "config to decrease sound latency (increasing CPU load) for e.g. streaming";
# TODO: might be an idea to have the numbers be configurable
};
config = mkIf cfg.enable {
# TODO: needs more testing
services.pipewire.extraConfig = {
pipewire."92-low-latency" = {
context.properties = {
default.clock.rate = 48000;
default.clock.quantum = 32;
default.clock.min-quantum = 32;
default.clock.max-quantum = 32;
};
};
pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
};
};
# Available from NixOS 24.11. Lifted from https://nixos.wiki/wiki/PipeWire - probably need to adjust numbers
# services.pipewire.wireplumber.extraLuaConfig.main."99-alsa-lowlatency" = ''
# alsa_monitor.rules = {
# {
# matches = {{{ "node.name", "matches", "alsa_output.*" }}};
# apply_properties = {
# ["audio.format"] = "S32LE",
# ["audio.rate"] = "96000", -- for USB soundcards it should be twice your desired rate
# ["api.alsa.period-size"] = 2, -- defaults to 1024, tweak by trial-and-error
# -- ["api.alsa.disable-batch"] = true, -- generally, USB soundcards use the batch mode
# },
# },
# }
# '';
};
}

30
services/web-redirect.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.fountain.services.web-redirect;
in
{
options.fountain.services.web-redirect = {
enable = mkEnableOption "Module to do simple 301 redirects from one domain to another";
domains = mkOption {
type = types.attrsOf types.str;
description = "Mapping from source domain to destination domain";
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts = builtins.mapAttrs
(name: value: {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://${value}$request_uri";
})
cfg.domains;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}