diff options
Diffstat (limited to 'modules/nixos')
| -rw-r--r-- | modules/nixos/beets.nix | 73 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/k3s.nix | 29 | ||||
| -rw-r--r-- | modules/nixos/murmur.nix | 28 | ||||
| -rw-r--r-- | modules/nixos/profiles/headful.nix | 22 |
5 files changed, 143 insertions, 12 deletions
diff --git a/modules/nixos/beets.nix b/modules/nixos/beets.nix new file mode 100644 index 0000000..83cbff1 --- /dev/null +++ b/modules/nixos/beets.nix @@ -0,0 +1,73 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.beets; +in { + options.nixfiles.modules.beets.enable = + mkEnableOption "beets"; + + config = mkIf cfg.enable { + hm = let + beetsdir = "${config.dirs.data}/beets"; + in { + home.sessionVariables.BEETSDIR = beetsdir; + + programs = { + beets = { + enable = true; + + settings = { + library = "${beetsdir}/library.db"; + directory = config.userDirs.music; + plugins = "badfiles edit fetchart info mbsync scrub"; + original_date = true; + import = { + write = true; + copy = true; + move = false; + bell = true; + from_scratch = true; + }; + match = { + preferred = { + countries = [ + "JP" + "KR" + "TW" + "HK" + "CN" + "RU" + "NL" + "DE" + "AT" + "GB|UK" + "CA" + "AU" + "NZ" + "US" + ]; + original_year = true; + }; + }; + edit = { + albumfields = "album artist albumartist"; + itemfields = "track title album artist albumartist day month year genre"; + }; + fetchart = { + auto = true; + cautious = true; + cover_names = "cover Cover folder Folder art Art album Album front Front"; + sources = "filesystem coverart itunes amazon albumart wikipedia"; + }; + scrub.auto = true; + }; + }; + + bash.shellAliases.beet = "${config.hm.programs.beets.package}/bin/beet --config ${config.dirs.config}/beets/config.yaml"; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 850d93e..8ac9a29 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,6 +3,7 @@ _: { ./acme.nix ./alertmanager.nix ./android.nix + ./beets.nix ./bluetooth.nix ./common ./discord.nix @@ -21,6 +22,7 @@ _: { ./grafana.nix ./hydra.nix ./ipfs.nix + ./k3s.nix ./kde.nix ./libvirtd.nix ./lidarr.nix @@ -29,6 +31,7 @@ _: { ./matrix ./monitoring ./mpd.nix + ./murmur.nix ./nextcloud.nix ./nginx.nix ./node-exporter.nix diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix new file mode 100644 index 0000000..dcbd052 --- /dev/null +++ b/modules/nixos/k3s.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.k3s; +in { + options.nixfiles.modules.k3s = { + enable = mkEnableOption "K3s"; + }; + + config = mkIf cfg.enable { + ark.directories = [ + "/etc/rancher/k3s" + "/var/lib/rancher/k3s" + ]; + + services.k3s = { + enable = true; + role = "server"; + }; + + systemd.services.k3s.environment = { + K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml"; + K3S_KUBECONFIG_MODE = "600"; + }; + }; +} diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix new file mode 100644 index 0000000..cbd90d4 --- /dev/null +++ b/modules/nixos/murmur.nix @@ -0,0 +1,28 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.murmur; +in { + options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; + + config = mkIf cfg.enable { + secrets.murmur-environment = { + file = "${inputs.self}/secrets/murmur-environment"; + owner = "murmur"; + group = "murmur"; + }; + + services.murmur = { + enable = true; + openFirewall = true; + logDays = -1; + registerName = mkDefault my.domain.shire; + password = "$MURMUR_PASSWORD"; + environmentFile = config.secrets."murmur-environment".path; + }; + }; +} diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index d0ca777..67bec29 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -22,6 +22,7 @@ in { home.packages = with pkgs; [ calibre imv + mumble neochat tdesktop tor-browser @@ -33,18 +34,15 @@ in { boot = { kernelPackages = mkDefault pkgs.linuxPackages_latest; - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performance overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; + kernelParams = [ + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + "nowatchdog" + "kernel.nmi_watchdog=0" + # A security risk I'm willing to take for a reason[1]. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + "mitigations=off" + ]; loader = { efi.canTouchEfiVariables = true; |