From 93ea194da4298c6e882ac98f1570fb5e8f8b3e97 Mon Sep 17 00:00:00 2001 From: ediblerope Date: Wed, 1 Apr 2026 21:14:16 +0100 Subject: [PATCH] Reorganise hardware vs host config, tidy settings and services --- common.nix | 2 + hosts/FredOS-Gaming.nix | 18 +------ hosts/FredOS-Macbook.nix | 70 ++++++--------------------- hosts/FredOS-Mediaserver.nix | 45 +---------------- hosts/hardware/FredOS-Gaming.nix | 22 ++++++--- hosts/hardware/FredOS-Macbook.nix | 31 +++++++++--- hosts/hardware/FredOS-Mediaserver.nix | 45 +++++++++++++++-- readme.md | 56 +++++++++++++-------- services/qbittorrent-nox.nix | 14 ++++++ services/server-permissions.nix | 22 ++------- services/sonarr.nix | 6 +++ settings/audio.nix | 30 ++++++------ settings/users.nix | 19 +++----- 13 files changed, 185 insertions(+), 195 deletions(-) diff --git a/common.nix b/common.nix index 95a2858..5f6a2c7 100644 --- a/common.nix +++ b/common.nix @@ -54,6 +54,8 @@ boot.initrd.verbose = false; ############################################################################# + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Use latest kernel boot.kernelPackages = pkgs.linuxPackages_latest; diff --git a/hosts/FredOS-Gaming.nix b/hosts/FredOS-Gaming.nix index 8b4f078..ddb9db7 100644 --- a/hosts/FredOS-Gaming.nix +++ b/hosts/FredOS-Gaming.nix @@ -23,19 +23,8 @@ onlyoffice-desktopeditors vscodium ]; - + programs.nix-ld.enable = true; - services.lact.enable = true; - hardware.graphics = { - enable = true; - enable32Bit = true; - }; - services.xserver.videoDrivers = ["amdgpu"]; - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.kernelModules = [ "ntsync" ]; - - # Enable AMD GPU overdrive for overclocking/undervolting - boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" "acpi_osi=\"!Windows 2015\"" "amdgpu.freesync_video=1"]; programs.steam = { enable = true; @@ -46,10 +35,7 @@ ]; }; }; - - # Bootloader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.configurationLimit = 5; boot.initrd.systemd.enable = true; }; diff --git a/hosts/FredOS-Macbook.nix b/hosts/FredOS-Macbook.nix index 3c5dd5d..a7b730c 100644 --- a/hosts/FredOS-Macbook.nix +++ b/hosts/FredOS-Macbook.nix @@ -1,60 +1,22 @@ { config, pkgs, lib, inputs, ... }: { - config = lib.mkMerge [ - { - nixpkgs.config.allowInsecurePredicate = pkg: - (lib.hasPrefix "broadcom-sta" (lib.getName pkg)); - } + config = lib.mkIf (config.networking.hostName == "FredOS-Macbook") { + environment.systemPackages = with pkgs; [ + tlp + vesktop + adwaita-icon-theme + mission-center + vlc + geary + proton-vpn + onlyoffice-desktopeditors + ]; - (lib.mkIf (config.networking.hostName == "FredOS-Macbook") { - # ... all your other settings (tlp, boot, firmware) ... + services.tlp.enable = false; + services.power-profiles-daemon.enable = true; - environment.systemPackages = with pkgs; [ - tlp - vesktop - adwaita-icon-theme - mission-center - vlc - geary - proton-vpn - onlyoffice-desktopeditors - ]; - - - services.tlp.enable = false; - services.power-profiles-daemon.enable = true; - - hardware.facetimehd.enable = true; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - blacklistedKernelModules = [ "b43" "bcma" "ssb" ]; - kernelParams = [ "acpi_osi=" ]; - }; - hardware.enableRedistributableFirmware = true; - boot.loader.systemd-boot.configurationLimit = 5; - boot.initrd.systemd.enable = true; - - services.xserver.deviceSection = lib.mkDefault '' - Option "TearFree" "true" - ''; - - #Enable Bluetooth - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - Experimental = true; - }; - }; - }; - }) - ]; + boot.loader.systemd-boot.configurationLimit = 5; + boot.initrd.systemd.enable = true; + }; } diff --git a/hosts/FredOS-Mediaserver.nix b/hosts/FredOS-Mediaserver.nix index 55cc87a..a27c18a 100644 --- a/hosts/FredOS-Mediaserver.nix +++ b/hosts/FredOS-Mediaserver.nix @@ -1,41 +1,6 @@ { config, pkgs, lib, ... }: { config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { - # Individual Data Disks - fileSystems."/mnt/disk1" = { - device = "/dev/disk/by-uuid/90ae3493-38c1-4473-b409-e9d99c3b315e"; - fsType = "ext4"; - }; - - fileSystems."/mnt/disk2" = { - device = "/dev/disk/by-uuid/7145223e-f285-424a-a114-cb0b1b64e068"; - fsType = "ext4"; - }; - - fileSystems."/mnt/disk3" = { - device = "/dev/disk/by-uuid/58cecfd5-2fd7-4c4b-b3a1-0bf5e9d0beab"; - fsType = "ext4"; - }; - - fileSystems."/mnt/disk4" = { - device = "/dev/disk/by-uuid/317660ef-bd75-4fa4-bd20-f96a3926bf7b"; - fsType = "ext4"; - }; - - # The Combined MergerFS Pool - fileSystems."/mnt/storage" = { - device = "/mnt/disk1:/mnt/disk2:/mnt/disk3:/mnt/disk4"; - fsType = "fuse.mergerfs"; - options = [ - "defaults" - "allow_other" - "use_ino" - "cache.files=partial" - "dropcacheonclose=true" - "category.create=mfs" - ]; - }; - # Create symlink from home to storage systemd.tmpfiles.rules = [ "L+ /home/fred/storage - - - - /mnt/storage" @@ -57,7 +22,7 @@ # Enable Docker virtualisation.docker.enable = true; - + # Basic networking networking.useDHCP = lib.mkDefault true; @@ -67,13 +32,5 @@ enable = true; settings.PermitRootLogin = "no"; }; - - # Boot loader - boot.loader.grub = { - enable = true; - # Includes all 4 physical disks for redundancy - devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" ]; - useOSProber = true; - }; }; } diff --git a/hosts/hardware/FredOS-Gaming.nix b/hosts/hardware/FredOS-Gaming.nix index eb61896..22f4446 100644 --- a/hosts/hardware/FredOS-Gaming.nix +++ b/hosts/hardware/FredOS-Gaming.nix @@ -6,10 +6,15 @@ ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelModules = [ "kvm-amd" "ntsync" ]; boot.extraModulePackages = [ ]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" "acpi_osi=\"!Windows 2015\"" "amdgpu.freesync_video=1" ]; + fileSystems."/" = { device = "/dev/disk/by-uuid/e2731038-9c65-430a-8628-b018cd6b8d9f"; fsType = "ext4"; @@ -25,13 +30,14 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - networking.hostName = "FredOS-Gaming"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + hardware.graphics = { + enable = true; + enable32Bit = true; + }; + services.xserver.videoDrivers = [ "amdgpu" ]; + services.lact.enable = true; system.stateVersion = "25.11"; -} \ No newline at end of file +} diff --git a/hosts/hardware/FredOS-Macbook.nix b/hosts/hardware/FredOS-Macbook.nix index 288cdfd..7b15780 100644 --- a/hosts/hardware/FredOS-Macbook.nix +++ b/hosts/hardware/FredOS-Macbook.nix @@ -8,7 +8,12 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + boot.blacklistedKernelModules = [ "b43" "bcma" "ssb" ]; + boot.kernelParams = [ "acpi_osi=" ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; fileSystems."/" = { device = "/dev/disk/by-uuid/e295ac26-bf7e-4b93-bc97-74c3c01de0e3"; @@ -25,13 +30,27 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - networking.hostName = "FredOS-Macbook"; + hardware.enableRedistributableFirmware = true; + hardware.facetimehd.enable = true; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + nixpkgs.config.allowInsecurePredicate = pkg: + (lib.hasPrefix "broadcom-sta" (lib.getName pkg)); - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + services.xserver.deviceSection = lib.mkDefault '' + Option "TearFree" "true" + ''; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + Experimental = true; + }; + }; + }; system.stateVersion = "25.11"; -} \ No newline at end of file +} diff --git a/hosts/hardware/FredOS-Mediaserver.nix b/hosts/hardware/FredOS-Mediaserver.nix index 1508118..5afbd2f 100644 --- a/hosts/hardware/FredOS-Mediaserver.nix +++ b/hosts/hardware/FredOS-Mediaserver.nix @@ -15,14 +15,53 @@ fsType = "ext4"; }; + # Individual Data Disks + fileSystems."/mnt/disk1" = { + device = "/dev/disk/by-uuid/90ae3493-38c1-4473-b409-e9d99c3b315e"; + fsType = "ext4"; + }; + + fileSystems."/mnt/disk2" = { + device = "/dev/disk/by-uuid/7145223e-f285-424a-a114-cb0b1b64e068"; + fsType = "ext4"; + }; + + fileSystems."/mnt/disk3" = { + device = "/dev/disk/by-uuid/58cecfd5-2fd7-4c4b-b3a1-0bf5e9d0beab"; + fsType = "ext4"; + }; + + fileSystems."/mnt/disk4" = { + device = "/dev/disk/by-uuid/317660ef-bd75-4fa4-bd20-f96a3926bf7b"; + fsType = "ext4"; + }; + + # The Combined MergerFS Pool + fileSystems."/mnt/storage" = { + device = "/mnt/disk1:/mnt/disk2:/mnt/disk3:/mnt/disk4"; + fsType = "fuse.mergerfs"; + options = [ + "defaults" + "allow_other" + "use_ino" + "cache.files=partial" + "dropcacheonclose=true" + "category.create=mfs" + ]; + }; + swapDevices = [ ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - networking.hostName = "FredOS-Mediaserver"; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + boot.loader.grub = { + enable = true; + # Includes all 4 physical disks for redundancy + devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" ]; + useOSProber = true; + }; system.stateVersion = "25.11"; -} \ No newline at end of file +} diff --git a/readme.md b/readme.md index b5942f8..fc63bb0 100644 --- a/readme.md +++ b/readme.md @@ -16,20 +16,41 @@ Flake-based NixOS configuration for three machines, built and deployed directly ├── .github │ └── workflows │ └── update.yml # Auto-updates flake.lock daily -├── apps # Per-app config files -├── home-manager # Home Manager config +├── apps +│ ├── fastfetch.nix # Fastfetch config +│ ├── flatpaks.nix # Flatpak apps +│ └── zen.nix # Zen browser config +├── home-manager +│ ├── fred.nix # User-level Home Manager config +│ └── gnome-hm.nix # GNOME Home Manager settings ├── hosts -│ ├── FredOS-Gaming.nix # Gaming-specific config -│ ├── FredOS-Macbook.nix # Macbook-specific config -│ ├── FredOS-Mediaserver.nix # Mediaserver-specific config +│ ├── FredOS-Gaming.nix # Gaming: packages, Steam, boot options +│ ├── FredOS-Macbook.nix # Macbook: packages, power management, boot options +│ ├── FredOS-Mediaserver.nix # Mediaserver: packages, networking, SSH │ └── hardware -│ ├── FredOS-Gaming.nix # Hardware config + bootloader + hostname -│ ├── FredOS-Macbook.nix -│ └── FredOS-Mediaserver.nix -├── services # Service definitions -├── settings # Shared system settings (GNOME, locale, audio, etc.) +│ ├── FredOS-Gaming.nix # AMD GPU, kernel modules, filesystems, bootloader, hostname +│ ├── FredOS-Macbook.nix # Broadcom WiFi, Intel GPU, Bluetooth, filesystems, bootloader, hostname +│ └── FredOS-Mediaserver.nix # Intel CPU, data disks, mergerfs pool, GRUB, hostname +├── services +│ ├── bazarr.nix # Subtitle management +│ ├── cloudflare-ddns.nix # Cloudflare dynamic DNS +│ ├── game-servers.nix # Game server definitions +│ ├── go2rtc.nix # Camera/RTSP streaming +│ ├── jellyfin.nix # Media server +│ ├── nginx.nix # Reverse proxy +│ ├── omnisearch.nix # OmniSearch service +│ ├── prowlarr.nix # Indexer manager +│ ├── qbittorrent-nox.nix # Torrent client +│ ├── radarr.nix # Movie management +│ ├── server-permissions.nix # File/dir permission setup +│ └── sonarr.nix # TV management +├── settings +│ ├── audio.nix # PipeWire / audio config +│ ├── gnome.nix # GNOME desktop settings +│ ├── locale.nix # Locale, timezone, keyboard +│ └── users.nix # User accounts ├── walls # Wallpapers -├── common.nix # Shared config for all hosts +├── common.nix # Shared config imported by all hosts ├── flake.lock # Auto-generated, updated daily by GitHub Actions └── flake.nix # Flake inputs and host definitions ``` @@ -62,7 +83,7 @@ clean # sudo nix-collect-garbage -d ### 1. Fresh NixOS install -Boot the NixOS installer and complete the standard installation. Note the `system.stateVersion` it generates — you'll need it later. +Boot the NixOS installer and complete the standard installation. ### 2. Enable flakes temporarily @@ -78,23 +99,18 @@ sudo nixos-rebuild switch ### 3. Create the hardware config on GitHub -Copy the contents of `/etc/nixos/hardware-configuration.nix` and create `hosts/hardware/FredOS-NEWHOST.nix` on GitHub. Append the following to it: +Copy the contents of `/etc/nixos/hardware-configuration.nix` and create `hosts/hardware/FredOS-NEWHOST.nix` on GitHub. Append the hostname and bootloader config to it: ```nix networking.hostName = "FredOS-NEWHOST"; -# Match what the installer configured — systemd-boot for UEFI: +# For UEFI/systemd-boot machines: boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; -boot.loader.systemd-boot.configurationLimit = 5; -boot.initrd.systemd.enable = true; # For BIOS/GRUB machines instead: # boot.loader.grub.enable = true; # boot.loader.grub.devices = [ "/dev/sda" ]; # verify with: sudo grub-probe --target=disk / - -nix.settings.experimental-features = [ "nix-command" "flakes" ]; -system.stateVersion = "25.11"; # use the version the installer generated ``` ### 4. Register the host in flake.nix @@ -113,7 +129,7 @@ Create `hosts/FredOS-NEWHOST.nix` on GitHub for any machine-specific packages or { config, pkgs, lib, ... }: { config = lib.mkIf (config.networking.hostName == "FredOS-NEWHOST") { - # host-specific config here + # host-specific packages and services here }; } ``` diff --git a/services/qbittorrent-nox.nix b/services/qbittorrent-nox.nix index f21d0c2..4674757 100644 --- a/services/qbittorrent-nox.nix +++ b/services/qbittorrent-nox.nix @@ -19,6 +19,20 @@ gid = 3000; }; + systemd.tmpfiles.rules = [ + # qbittorrent app data + "d /var/lib/qbittorrent 0755 qbittorrent media -" + "d /var/lib/qbittorrent/.config 0755 qbittorrent media -" + "d /var/lib/qbittorrent/.config/qBittorrent 0755 qbittorrent media -" + "d /var/lib/qbittorrent/.local 0755 qbittorrent media -" + "d /var/lib/qbittorrent/.local/share 0755 qbittorrent media -" + "d /var/lib/qbittorrent/.local/share/qBittorrent 0755 qbittorrent media -" + + # Storage - qbittorrent downloads here + "d /mnt/storage/torrents/downloads 2775 qbittorrent media -" + "Z /mnt/storage/torrents/downloads 2775 qbittorrent media -" + ]; + systemd.services.qbittorrent-nox = { description = "qBittorrent-nox service"; after = [ "network.target" ]; diff --git a/services/server-permissions.nix b/services/server-permissions.nix index 33a675a..1a4bbea 100644 --- a/services/server-permissions.nix +++ b/services/server-permissions.nix @@ -3,25 +3,9 @@ { config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { systemd.tmpfiles.rules = [ - # qbittorrent app data - "d /var/lib/qbittorrent 0755 qbittorrent media -" - "d /var/lib/qbittorrent/.config 0755 qbittorrent media -" - "d /var/lib/qbittorrent/.config/qBittorrent 0755 qbittorrent media -" - "d /var/lib/qbittorrent/.local 0755 qbittorrent media -" - "d /var/lib/qbittorrent/.local/share 0755 qbittorrent media -" - "d /var/lib/qbittorrent/.local/share/qBittorrent 0755 qbittorrent media -" - - # Storage - qbittorrent downloads here - "d /mnt/storage/torrents/downloads 2775 qbittorrent media -" - "Z /mnt/storage/torrents/downloads 2775 qbittorrent media -" - - # Shows - sonarr organises, bazarr writes subtitles - "d /mnt/storage/torrents/shows 2775 sonarr media -" - "Z /mnt/storage/torrents/shows 2775 sonarr media -" - - # Audiobooks - "d /mnt/storage/torrents/audiobooks 2775 sonarr media -" - "Z /mnt/storage/torrents/audiobooks 2775 sonarr media -" + # Audiobooks - manually managed, no dedicated service yet + "d /mnt/storage/torrents/audiobooks 2775 fred media -" + "Z /mnt/storage/torrents/audiobooks 2775 fred media -" ]; }; } diff --git a/services/sonarr.nix b/services/sonarr.nix index 516234f..bfa732e 100644 --- a/services/sonarr.nix +++ b/services/sonarr.nix @@ -19,5 +19,11 @@ group = "media"; extraGroups = [ "media" ]; }; + + systemd.tmpfiles.rules = [ + # Shows - sonarr organises, bazarr writes subtitles + "d /mnt/storage/torrents/shows 2775 sonarr media -" + "Z /mnt/storage/torrents/shows 2775 sonarr media -" + ]; }; } diff --git a/settings/audio.nix b/settings/audio.nix index e38c329..2644569 100644 --- a/settings/audio.nix +++ b/settings/audio.nix @@ -1,21 +1,23 @@ # audio.nix { config, pkgs, lib, ... }: { - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; + config = lib.mkIf (lib.elem config.networking.hostName [ "FredOS-Gaming" "FredOS-Macbook" ]) { + services.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; - extraConfig."pipewire-pulse"."10-quirk-rules" = { - "pulse.rules" = [ - { - matches = [ { "application.name" = "~Chromium.*"; } ]; - actions = { quirks = [ "block-source-volume" ]; }; - } - ]; + extraConfig."pipewire-pulse"."10-quirk-rules" = { + "pulse.rules" = [ + { + matches = [ { "application.name" = "~Chromium.*"; } ]; + actions = { quirks = [ "block-source-volume" ]; }; + } + ]; + }; }; }; } diff --git a/settings/users.nix b/settings/users.nix index 468eb05..476ff28 100644 --- a/settings/users.nix +++ b/settings/users.nix @@ -2,16 +2,13 @@ { config, pkgs, lib, ... }: { - config = lib.mkIf (lib.elem config.networking.hostName [ "FredOS-Gaming" "FredOS-Macbook" "FredOS-Mediaserver" ]) { - # Define a user account. Don't forget to set a password with 'passwd'. - users.users.fred = { - isNormalUser = true; - description = "fred"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - packages = with pkgs; [ - bazaar - fastfetch - ]; - }; + # Define a user account. Don't forget to set a password with 'passwd'. + users.users.fred = { + isNormalUser = true; + description = "fred"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + packages = with pkgs; [ + bazaar + ]; }; }