qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

Compare commits

base: qenya:df688efb7969657432d231518fd3b2fb688e7c83
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
..
compare: qenya:52e3168f8d66378f03112a1b24f4c2e2d4e5b349
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

5 commits
df688efb79 ... 52e3168f8d

Author SHA1 Message Date
Katherina Walshe-Grey
52e3168f8d pipewire-low-latency: Remove 
Not sure it every really did anything useful, and even if it did, my
current streaming setup doesn't need it any more
 2025-03-17 03:00:24 +00:00
Katherina Walshe-Grey
d8e85815bd users: custom property to define users with root 2025-03-17 02:57:15 +00:00
Katherina Walshe-Grey
55000c365a web-redirect: init new service for simple domain redirects 2025-03-17 02:25:28 +00:00
Katherina Walshe-Grey
addbf7ac3e orm: move actual.qenya.tel -> actual.unspecified.systems 2025-03-17 02:01:22 +00:00
Katherina Walshe-Grey
a658c88fc0 flake.lock: Update 
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/0b95936d94ea2a3ce66538f299351cf0b491aa15?dir=pkgs/firefox-addons' (2025-03-07)
  → 'gitlab:rycee/nur-expressions/5a0ac85616aa6b166ea715a41bc1255bb802b189?dir=pkgs/firefox-addons' (2025-03-16)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/95711f926676018d279ba09fe7530d03b5d5b3e2' (2025-03-07)
  → 'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4' (2025-03-14)
• Updated input 'lix-module':
    'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba' (2025-01-18)
  → 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911' (2025-03-13)
• Updated input 'lix-module/lix':
    'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?narHash=sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g%3D&rev=2837da71ec1588c1187d2e554719b15904a46c8b' (2025-01-18)
  → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?narHash=sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW%2BDvDtuv9SwQZZcs%3D&rev=079528098f5998ba13c88821a2eca1005c1695de' (2025-01-18)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/20755fa05115c84be00b04690630cb38f0a203ad' (2025-03-07)
  → 'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0' (2025-03-13)
• Updated input 'nixpkgs-small':
    'github:NixOS/nixpkgs/9290fda826610430b3fc8cc98443c3a2faaaf151' (2025-03-07)
  → 'github:NixOS/nixpkgs/f182029bf7f08a57762b4c762d0917b6803ceff4' (2025-03-15)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/10069ef4cf863633f57238f179a0297de84bd8d3' (2025-03-06)
  → 'github:NixOS/nixpkgs/c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5' (2025-03-15)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/f104cca31ba6c0403b678ad9428726476b503782' (2025-03-07)
  → 'github:NixOS/nixpkgs/f985965fff9d4e5df55df0489ef113d09a6ee08d' (2025-03-16)
• Updated input 'randomcat':
    'github:randomnetcat/nix-configs/814314b94a4d44197d2708d4b48d9df1d14892e2' (2025-03-07)
  → 'github:randomnetcat/nix-configs/a448b9a9ce66f8e1d1a1de1205f384da25574c7b' (2025-03-16)
 2025-03-16 15:09:01 +00:00
12 changed files with 112 additions and 112 deletions
Download patch file Download diff file Expand all files Collapse all files

22
common/users/default.nix
View file

@ -1,3 +1,9 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption types genAttrs;
cfg = config.fountain;
in
{ {
# TODO: consider DRY-ing these # TODO: consider DRY-ing these
imports = [ imports = [
@ -7,5 +13,21 @@
./trungle.nix ./trungle.nix
]; ];
options.fountain = {
admins = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of users who should have root on this system";
};
};
config = {
users.mutableUsers = false; users.mutableUsers = false;
users.users = genAttrs cfg.admins
(name: {
extraGroups = [ "wheel" ];
}
);
};
} }

58
flake.lock generated
View file

@ -93,11 +93,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1741379467, "lastModified": 1742097805,
"narHash": "sha256-f314Ke28BGoVh4TK8FCzlPZgOl+oV7PvLyPF++ln9M4=", "narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "0b95936d94ea2a3ce66538f299351cf0b491aa15", "rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -217,11 +217,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741378606, "lastModified": 1741955947,
"narHash": "sha256-ytDmwV93lZ1f6jswJkxEQz5cBlwje/2rH/yUZDADZNs=", "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "95711f926676018d279ba09fe7530d03b5d5b3e2", "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,14 +234,14 @@
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1737234286, "lastModified": 1737234286,
"narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=",
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "rev": "079528098f5998ba13c88821a2eca1005c1695de",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
@ -254,11 +254,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737237494, "lastModified": 1741892773,
"narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=",
"ref": "stable", "ref": "stable",
"rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911",
"revCount": 127, "revCount": 130,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module" "url": "https://git.lix.systems/lix-project/nixos-module"
}, },
@ -270,11 +270,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741332913, "lastModified": 1741862977,
"narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "20755fa05115c84be00b04690630cb38f0a203ad", "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -301,11 +301,11 @@
}, },
"nixpkgs-small": { "nixpkgs-small": {
"locked": { "locked": {
"lastModified": 1741318725, "lastModified": 1742072093,
"narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", "narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", "rev": "f182029bf7f08a57762b4c762d0917b6803ceff4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -317,11 +317,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1741246872, "lastModified": 1742069588,
"narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +333,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1741323510, "lastModified": 1742095305,
"narHash": "sha256-zQL0iErtVTxywxyWc7ajRmRNCncny95uD+2wmBHYOzc=", "narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f104cca31ba6c0403b678ad9428726476b503782", "rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -373,11 +373,11 @@
"randomcat": { "randomcat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1741308008, "lastModified": 1742090267,
"narHash": "sha256-J+7n6svwbpvSoUgFfjfYNVAT50SarBYiwLgTIixjYlM=", "narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=",
"owner": "randomnetcat", "owner": "randomnetcat",
"repo": "nix-configs", "repo": "nix-configs",
"rev": "814314b94a4d44197d2708d4b48d9df1d14892e2", "rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/elucredassa/default.nix
View file

@ -37,7 +37,7 @@ in
}; };
fountain.users.qenya.enable = true; fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ]; fountain.admins = [ "qenya" ];
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

2
hosts/kalessin/default.nix
View file

@ -15,7 +15,7 @@ in
networking.domain = "birdsong.network"; networking.domain = "birdsong.network";
fountain.users.qenya.enable = true; fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ]; fountain.admins = [ "qenya" ];
fountain.users.randomcat.enable = true; fountain.users.randomcat.enable = true;
fountain.users.trungle.enable = true; fountain.users.trungle.enable = true;

4
hosts/kilgharrah/default.nix
View file

@ -27,12 +27,10 @@ in
console.keyMap = "uk"; console.keyMap = "uk";
services.xserver.xkb.layout = "gb"; services.xserver.xkb.layout = "gb";
qenya.services.pipewire.lowLatency.enable = true;
fountain.users.qenya.enable = true; fountain.users.qenya.enable = true;
age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age;
users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path;
users.users.qenya.extraGroups = [ "wheel" ]; fountain.admins = [ "qenya" ];
home-manager.users.qenya = { pkgs, ... }: { home-manager.users.qenya = { pkgs, ... }: {
home.packages = with pkgs; [ obs-studio ]; home.packages = with pkgs; [ obs-studio ];
# For the moment, this hosts some network-accessible services, so we want it on 24/7 # For the moment, this hosts some network-accessible services, so we want it on 24/7

13
hosts/orm/default.nix
View file

@ -12,7 +12,7 @@
networking.domain = "birdsong.network"; networking.domain = "birdsong.network";
fountain.users.qenya.enable = true; fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ]; fountain.admins = [ "qenya" ];
qenya.base-server.enable = true; qenya.base-server.enable = true;
qenya.services.distributed-builds = { qenya.services.distributed-builds = {
@ -57,7 +57,16 @@
}; };
networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ]; networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ];
qenya.services.actual.enable = true; qenya.services.actual = {
enable = true;
domain = "actual.unspecified.systems";
};
fountain.services.web-redirect = {
enable = true;
domains = {
"actual.qenya.tel" = "actual.unspecified.systems";
};
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

2
hosts/tohru/default.nix
View file

@ -31,10 +31,10 @@ in
nix.optimise.automatic = mkForce false; nix.optimise.automatic = mkForce false;
fountain.users.qenya.enable = true; fountain.users.qenya.enable = true;
fountain.admins = [ "qenya" ];
age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age;
users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path;
users.users.qenya.extraGroups = [ users.users.qenya.extraGroups = [
"wheel" # sudo
"networkmanager" # UI wifi configuration "networkmanager" # UI wifi configuration
"dialout" # access to serial ports "dialout" # access to serial ports
]; ];

19
hosts/yevaud/default.nix
View file

@ -16,7 +16,7 @@
networking.domain = "birdsong.network"; networking.domain = "birdsong.network";
fountain.users.qenya.enable = true; fountain.users.qenya.enable = true;
users.users.qenya.extraGroups = [ "wheel" ]; fountain.admins = [ "qenya" ];
qenya.base-server.enable = true; qenya.base-server.enable = true;
qenya.services.distributed-builds = { qenya.services.distributed-builds = {
@ -40,20 +40,17 @@
enable = true; enable = true;
domain = "git.unspecified.systems"; domain = "git.unspecified.systems";
}; };
fountain.services.web-redirect = {
enable = true;
domains = {
"git.katherina.rocks" = "git.unspecified.systems";
"git.qenya.tel" = "git.unspecified.systems";
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"git.katherina.rocks" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.unspecified.systems$request_uri";
};
"git.qenya.tel" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.unspecified.systems$request_uri";
};
"birdsong.network" = { "birdsong.network" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

8
services/actual.nix
View file

@ -1,20 +1,22 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.qenya.services.actual; cfg = config.qenya.services.actual;
domain = "actual.qenya.tel";
in in
{ {
options.qenya.services.actual = { options.qenya.services.actual = {
enable = mkEnableOption "Actual Budget"; enable = mkEnableOption "Actual Budget";
domain = mkOption {
type = types.str;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
${domain} = { ${cfg.domain} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:5006/"; locations."/".proxyPass = "http://127.0.0.1:5006/";

2
services/default.nix
View file

@ -6,7 +6,7 @@
./forgejo.nix ./forgejo.nix
./jellyfin.nix ./jellyfin.nix
./navidrome.nix ./navidrome.nix
./pipewire-low-latency.nix
./remote-builder.nix ./remote-builder.nix
./web-redirect.nix
]; ];
} }

58
services/pipewire-low-latency.nix
View file

@ -1,58 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.qenya.services.pipewire.lowLatency;
in
{
options.qenya.services.pipewire.lowLatency = {
enable = mkEnableOption "config to decrease sound latency (increasing CPU load) for e.g. streaming";
# TODO: might be an idea to have the numbers be configurable
};
config = mkIf cfg.enable {
# TODO: needs more testing
services.pipewire.extraConfig = {
pipewire."92-low-latency" = {
context.properties = {
default.clock.rate = 48000;
default.clock.quantum = 32;
default.clock.min-quantum = 32;
default.clock.max-quantum = 32;
};
};
pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
};
};
# Available from NixOS 24.11. Lifted from https://nixos.wiki/wiki/PipeWire - probably need to adjust numbers
# services.pipewire.wireplumber.extraLuaConfig.main."99-alsa-lowlatency" = ''
# alsa_monitor.rules = {
# {
# matches = {{{ "node.name", "matches", "alsa_output.*" }}};
# apply_properties = {
# ["audio.format"] = "S32LE",
# ["audio.rate"] = "96000", -- for USB soundcards it should be twice your desired rate
# ["api.alsa.period-size"] = 2, -- defaults to 1024, tweak by trial-and-error
# -- ["api.alsa.disable-batch"] = true, -- generally, USB soundcards use the batch mode
# },
# },
# }
# '';
};
}

30
services/web-redirect.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.fountain.services.web-redirect;
in
{
options.fountain.services.web-redirect = {
enable = mkEnableOption "Module to do simple 301 redirects from one domain to another";
domains = mkOption {
type = types.attrsOf types.str;
description = "Mapping from source domain to destination domain";
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts = builtins.mapAttrs
(name: value: {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://${value}$request_uri";
})
cfg.domains;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}