pluh 🗣

2025-03-01 22:21:00 +01:00 · 2025-03-01 22:21:00 +01:00 · 668140531b
commit 668140531b
parent 3ad9944baa
59 changed files with 985 additions and 219 deletions
--- a/classes/headful/cosmic.nix
+++ b/classes/headful/cosmic.nix
@ -0,0 +1,15 @@
+{inputs, ...}: {
+  imports = [
+    inputs.nixos-cosmic.nixosModules.default
+  ];
+
+  nix.settings = {
+    substituters = ["https://cosmic.cachix.org/"];
+    trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
+  };
+
+  services = {
+    desktopManager.cosmic.enable = true;
+    displayManager.cosmic-greeter.enable = true;
+  };
+}
--- a/classes/headful/fs.nix
+++ b/classes/headful/fs.nix
@ -1,15 +0,0 @@
-{
-  boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";
-
-  fileSystems = {
-    "/" = {
-      fsType = "ext4";
-      device = "/dev/mapper/main";
-      options = ["noatime"];
-    };
-    "/boot" = {
-      label = "BOOT";
-      fsType = "vfat";
-    };
-  };
-}
--- a/classes/headful/gtk.nix
+++ b/classes/headful/gtk.nix
@ -0,0 +1,5 @@
+{
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+
+  programs.dconf.enable = true;
+}
--- a/classes/headful/hardware.nix
+++ b/classes/headful/hardware.nix
@ -7,15 +7,10 @@
    opentabletdriver.enable = true;
    graphics = {
      enable = true;
-      enable32Bit = true;
      extraPackages = [
        pkgs.libvdpau-va-gl
        pkgs.vaapiVdpau
      ];
-      extraPackages32 = [
-        pkgs.pkgsi686Linux.libvdpau-va-gl
-        pkgs.pkgsi686Linux.vaapiVdpau
-      ];
    };
  };
 }
--- a/classes/headful/plasma.nix
+++ b/classes/headful/plasma.nix
@ -1,27 +0,0 @@
-{pkgs, ...}: {
-  services = {
-    desktopManager.plasma6.enable = true;
-    displayManager.sddm = {
-      enable = true;
-      wayland.enable = true;
-    };
-  };
-
-  environment.systemPackages = [
-    pkgs.kdePackages.sddm-kcm
-    pkgs.kdePackages.discover
-    pkgs.kdePackages.kate
-  ];
-
-  programs = {
-    kdeconnect.enable = true;
-    partition-manager.enable = true;
-  };
-
-  xdg.portal = {
-    xdgOpenUsePortal = true;
-    extraPortals = [pkgs.xdg-desktop-portal-gtk];
-  };
-
-  programs.dconf.enable = true;
-}
--- a/classes/headless/fs.nix
+++ b/classes/headless/fs.nix
@ -1,13 +0,0 @@
-{
-  fileSystems = {
-    "/" = {
-      fsType = "ext4";
-      label = "main";
-      options = ["noatime"];
-    };
-    "/boot" = {
-      label = "BOOT";
-      fsType = "vfat";
-    };
-  };
-}
--- a/classes/headless/grafana.nix
+++ b/classes/headless/grafana.nix
@ -0,0 +1,43 @@
+{
+  services.grafana = {
+    enable = true;
+    domain = "grafana.pele";
+    port = 9010;
+    addr = "127.0.0.1";
+
+    # WARNING: this should match nginx setup!
+    # prevents "Request origin is not authorized"
+    rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live
+
+    protocol = "http";
+    analytics.reporting.enable = false;
+
+    provision = {
+      enable = true;
+      datasources = [
+        {
+          name = "Prometheus";
+          type = "prometheus";
+          access = "proxy";
+          url = "http://127.0.0.1:${toString config.services.prometheus.port}";
+        }
+        {
+          name = "Loki";
+          type = "loki";
+          access = "proxy";
+          url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
+        }
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts.${config.services.grafana.domain} = {
+    locations."/" = {
+      proxyPass = "http://${lib.formatHostPort {
+        host = config.services.grafana.addr;
+        inherit (config.services.grafana) port;
+      }}";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/classes/headless/loki.nix
+++ b/classes/headless/loki.nix
@ -0,0 +1,79 @@
+{
+  services.loki = {
+    enable = true;
+    configuration = {
+      server.http_listen_port = 3030;
+      auth_enabled = false;
+
+      ingester = {
+        lifecycler = {
+          address = "127.0.0.1";
+          ring = {
+            kvstore = {
+              store = "inmemory";
+            };
+            replication_factor = 1;
+          };
+        };
+        chunk_idle_period = "1h";
+        max_chunk_age = "1h";
+        chunk_target_size = 999999;
+        chunk_retain_period = "30s";
+        max_transfer_retries = 0;
+      };
+
+      schema_config = {
+        configs = [
+          {
+            from = "2022-06-06";
+            store = "boltdb-shipper";
+            object_store = "filesystem";
+            schema = "v12";
+            index = {
+              prefix = "index_";
+              period = "24h";
+            };
+          }
+        ];
+      };
+
+      storage_config = {
+        boltdb_shipper = {
+          active_index_directory = "/var/lib/loki/boltdb-shipper-active";
+          cache_location = "/var/lib/loki/boltdb-shipper-cache";
+          cache_ttl = "24h";
+          shared_store = "filesystem";
+        };
+
+        filesystem = {
+          directory = "/var/lib/loki/chunks";
+        };
+      };
+
+      limits_config = {
+        reject_old_samples = true;
+        reject_old_samples_max_age = "168h";
+      };
+
+      chunk_store_config = {
+        max_look_back_period = "0s";
+      };
+
+      table_manager = {
+        retention_deletes_enabled = false;
+        retention_period = "0s";
+      };
+
+      compactor = {
+        working_directory = "/var/lib/loki";
+        shared_store = "filesystem";
+        compactor_ring = {
+          kvstore = {
+            store = "inmemory";
+          };
+        };
+      };
+    };
+    # user, group, dataDir, extraFlags, (configFile)
+  };
+}
--- a/classes/headless/prometheus.nix
+++ b/classes/headless/prometheus.nix
@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services.prometheus = {
+    enable = true;
+    port = 3020;
+
+    exporters = {
+      node = {
+        enable = true;
+        port = 3021;
+        enabledCollectors = ["systemd"];
+      };
+    };
+
+    scrapeConfigs = [
+      {
+        job_name = "nodes";
+        static_configs = [
+          {
+            targets = let
+              target = lib.formatHostPort {
+                host = config.services.prometheus.exporters.node.listenAddr;
+                inherit (config.services.prometheus.exporters.node) port;
+              };
+            in [target];
+          }
+        ];
+      }
+    ];
+  };
+}
--- a/classes/headless/promtail.nix
+++ b/classes/headless/promtail.nix
@ -0,0 +1,42 @@
+{config, ...}: {
+  services.promtail = {
+    enable = true;
+
+    configuration = {
+      server = {
+        http_listen_port = 3031;
+        grpc_listen_port = 0;
+      };
+
+      positions = {
+        filename = "/tmp/positions.yaml";
+      };
+
+      clients = [
+        {
+          url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
+        }
+      ];
+
+      scrape_configs = [
+        {
+          job_name = "journal";
+          journal = {
+            max_age = "12h";
+            labels = {
+              job = "systemd-journal";
+              host = "pihole";
+            };
+          };
+          relabel_configs = [
+            {
+              source_labels = ["__journal__systemd_unit"];
+              target_label = "unit";
+            }
+          ];
+        }
+      ];
+    };
+    # extraFlags
+  };
+}
--- a/classes/kiosk/cosmic.nix
+++ b/classes/kiosk/cosmic.nix
@ -0,0 +1,31 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.nixos-cosmic.nixosModules.default
+  ];
+
+  nix.settings = {
+    substituters = ["https://cosmic.cachix.org/"];
+    trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
+  };
+
+  services = {
+    desktopManager.cosmic.enable = true;
+    displayManager.cosmic-greeter.enable = true;
+
+    greetd.settings.initial_session = {
+      user = config.users.mainUser;
+      command = ''
+        ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"}
+      '';
+    };
+  };
+
+  environment.cosmic.excludePackages = [
+    pkgs.cosmic-store
+  ];
+}
--- a/classes/kiosk/flatpak.nix
+++ b/classes/kiosk/flatpak.nix
@ -0,0 +1,14 @@
+{inputs, ...}: {
+  imports = [
+    inputs.flatpak.nixosModules.nix-flatpak
+  ];
+
+  services.flatpak = {
+    enable = true;
+
+    update.auto = {
+      enable = true;
+      onCalendar = "weekly";
+    };
+  };
+}
--- a/classes/kiosk/fonts.nix
+++ b/classes/kiosk/fonts.nix
@ -0,0 +1,26 @@
+{pkgs, ...}: {
+  fonts = {
+    enableDefaultPackages = true;
+    packages = [
+      pkgs.noto-fonts
+      pkgs.noto-fonts-extra
+      pkgs.noto-fonts-cjk-sans
+      pkgs.noto-fonts-cjk-serif
+      pkgs.noto-fonts-monochrome-emoji
+      pkgs.noto-fonts-color-emoji
+    ];
+
+    fontconfig = {
+      enable = true;
+
+      defaultFonts = {
+        monospace = ["Noto Sans Mono"];
+        sansSerif = ["Noto Sans"];
+        serif = ["Noto Serif"];
+        emoji = ["Noto Color Emoji" "Noto Emoji"];
+      };
+    };
+
+    fontDir.enable = true;
+  };
+}
--- a/classes/kiosk/gtk.nix
+++ b/classes/kiosk/gtk.nix
@ -0,0 +1,5 @@
+{
+  xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
+
+  programs.dconf.enable = true;
+}
--- a/classes/kiosk/hardware.nix
+++ b/classes/kiosk/hardware.nix
@ -0,0 +1,16 @@
+{pkgs, ...}: {
+  hardware = {
+    bluetooth.enable = true;
+    steam-hardware.enable = true;
+    xone.enable = true;
+    xpadneo.enable = true;
+    opentabletdriver.enable = true;
+    graphics = {
+      enable = true;
+      extraPackages = [
+        pkgs.libvdpau-va-gl
+        pkgs.vaapiVdpau
+      ];
+    };
+  };
+}
--- a/classes/kiosk/location.nix
+++ b/classes/kiosk/location.nix
@ -0,0 +1,3 @@
+{
+  location.provider = "geoclue2";
+}
--- a/classes/kiosk/mullvad.nix
+++ b/classes/kiosk/mullvad.nix
@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  services.mullvad-vpn = {
+    enable = true;
+    package = pkgs.mullvad-vpn;
+  };
+}
--- a/classes/kiosk/networking.nix
+++ b/classes/kiosk/networking.nix
@ -0,0 +1,10 @@
+{config, ...}: {
+  services.resolved.enable = true;
+
+  networking.networkmanager = {
+    enable = true;
+    dns = "systemd-resolved";
+  };
+
+  users.groups.networkmanager.members = config.users.normalUsers;
+}
--- a/classes/kiosk/pipewire.nix
+++ b/classes/kiosk/pipewire.nix
@ -0,0 +1,11 @@
+{
+  security.rtkit.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    wireplumber.enable = true;
+    alsa.enable = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}
--- a/classes/kiosk/wayland.nix
+++ b/classes/kiosk/wayland.nix
@ -0,0 +1,6 @@
+{
+  environment.sessionVariables = {
+    NIXOS_OZONE_WL = "1";
+    SDL_VIDEODRIVER = "wayland";
+  };
+}
--- a/classes/kiosk/xdg.nix
+++ b/classes/kiosk/xdg.nix
@ -0,0 +1,3 @@
+{
+  xdg.portal.xdgOpenUsePortal = true;
+}