+1 -1

dandelion/config.nix

reviewed

··· 32 32 networking.hostName = "dandelion"; 33 33 nix.settings.max-jobs = 0; 34 34 35 35 - mInfo = { 35 35 + garden.info.host = { 36 36 sss-mount = true; 37 37 vps = true; 38 38 };

+1 -1

dandelion/hardware.nix

reviewed

··· 92 92 networks."10-wan" = { 93 93 matchConfig.Name = "enp1s0"; 94 94 networkConfig.DHCP = "ipv4"; 95 95 - address = [ "${config.nInfo.${config.networking.hostName}.ipv6}/64" ]; 95 95 + address = [ "${config.garden.info.network.${config.networking.hostName}.ipv6}/64" ]; 96 96 routes = [ { Gateway = "fe80::1"; } ]; 97 97 }; 98 98 };

+2 -4

dandelion/services/caddy.nix

reviewed

··· 2 2 # TODO: Separate caddy config into separate files 3 3 { config, pkgs, ... }: 4 4 let 5 5 - lily = config.nInfo.lily.netbird-ip; 5 5 + lily = config.garden.info.network.lily.netbird-ip; 6 6 cpCerts = pkgs.writeShellApplication { 7 7 name = "cpCerts"; 8 8 runtimeInputs = with pkgs; [ coreutils ]; ··· 30 30 esac 31 31 ''; 32 32 }; 33 33 - cpCertsCommand = 34 34 - "${cpCerts}/bin/cpCerts {event.data.identifier} {event.data.certificate_path} " 35 35 - + "{event.data.private_key_path}"; 33 33 + cpCertsCommand = "${cpCerts}/bin/cpCerts {event.data.identifier} {event.data.certificate_path} {event.data.private_key_path}"; 36 34 in 37 35 { 38 36 environment.persistence."/data/persistent".directories = [

+3 -1

flake.nix

reviewed

··· 42 42 { 43 43 # TODO: replace this with treefmt or something since the functionality to scan for all nix files is being 44 44 # deprecated 45 45 - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree; 45 45 + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree.override { 46 46 + settings.formatter.nixfmt.options = [ "-w 120" ]; 47 47 + }; 46 48 nixosConfigurations = genSystemConfigs ( 47 49 hostname: 48 50 nixpkgs.lib.nixosSystem {

+1 -1

lily/config.nix

reviewed

··· 26 26 ./services/fail2ban.nix 27 27 ]; 28 28 29 29 - mInfo = { 29 29 + garden.info.host = { 30 30 server = true; 31 31 }; 32 32

+1 -1

lily/services/fail2ban.nix

reviewed

··· 1 1 { config, ... }: 2 2 { 3 3 # Since this server is on my local network, I'm also ignoring my local ip 4 4 - services.fail2ban.ignoreIP = [ config.nInfo.lutea.ipv4-local ]; 4 4 + services.fail2ban.ignoreIP = [ config.garden.info.network.lutea.ipv4-local ]; 5 5 }

+2 -2

lutea/hardware.nix

reviewed

··· 41 41 42 42 swapDevices = [ { device = "/swap/swapfile"; } ]; 43 43 systemd.services.zswap = { 44 44 - description = "Enable zswap"; 44 44 + description = "Enable zswap"; 45 45 enable = true; 46 46 - wantedBy = ["basic.target"]; 46 46 + wantedBy = [ "basic.target" ]; 47 47 serviceConfig = { 48 48 ExecStart = '' 49 49 ${pkgs.bash}/bin/bash -c 'cd /sys/module/zswap/parameters && \

+1 -1

modules/basic.nix

reviewed

··· 57 57 services = { 58 58 acpid.enable = true; 59 59 # TODO: Setup email 60 60 - smartd.enable = config.mInfo.vps == false; 60 60 + smartd.enable = config.garden.info.host.vps == false; 61 61 }; 62 62 63 63 systemd.network.enable = true;

+3 -5

modules/binary-cache.nix

reviewed

··· 5 5 substituters = [ 6 6 (lib.mkIf ( 7 7 config.networking.hostName != "dandelion" 8 8 - ) "ssh-ng://nix-ssh@${config.nInfo.dandelion.netbird-ip}") 9 9 - (lib.mkIf (config.networking.hostName != "lily") "ssh-ng://nix-ssh@${config.nInfo.lily.netbird-ip}") 10 10 - (lib.mkIf ( 11 11 - config.networking.hostName != "lutea" 12 12 - ) "ssh-ng://nix-ssh@${config.nInfo.lutea.netbird-ip}") 8 8 + ) "ssh-ng://nix-ssh@${config.garden.info.network.dandelion.netbird-ip}") 9 9 + (lib.mkIf (config.networking.hostName != "lily") "ssh-ng://nix-ssh@${config.garden.info.network.lily.netbird-ip}") 10 10 + (lib.mkIf (config.networking.hostName != "lutea") "ssh-ng://nix-ssh@${config.garden.info.network.lutea.netbird-ip}") 13 11 ]; 14 12 }; 15 13 sshServe = {

-3

modules/browsers.nix

reviewed

··· 1 1 { pkgs, ... }: 2 2 { 3 3 - imports = [ ./unfree.nix ]; 4 4 - unfree.allowed = [ "microsoft-edge" ]; 5 5 - 6 3 nixpkgs.overlays = [ 7 4 (final: prev: { 8 5 firefox-unwrapped = prev.firefox-unwrapped.overrideAttrs (

+3 -3

modules/fail2ban.nix

reviewed

··· 12 12 rndtime = "1h"; 13 13 }; 14 14 ignoreIP = [ 15 15 - (lib.mkIf (config.networking.hostName != "dandelion") config.nInfo.dandelion.netbird-ip) 16 16 - (lib.mkIf (config.networking.hostName != "lily") config.nInfo.lily.netbird-ip) 17 17 - (lib.mkIf (config.networking.hostName != "lutea") config.nInfo.lutea.netbird-ip) 15 15 + (lib.mkIf (config.networking.hostName != "dandelion") config.garden.info.network.dandelion.netbird-ip) 16 16 + (lib.mkIf (config.networking.hostName != "lily") config.garden.info.network.lily.netbird-ip) 17 17 + (lib.mkIf (config.networking.hostName != "lutea") config.garden.info.network.lutea.netbird-ip) 18 18 ]; 19 19 maxretry = 1; 20 20 };

+1 -1

modules/games.nix

reviewed

··· 1 1 { pkgs, ... }: 2 2 { 3 3 imports = [ ./unfree.nix ]; 4 4 - unfree.allowed = [ 4 4 + garden.unfree = [ 5 5 "modrinth-app" 6 6 "modrinth-app-unwrapped" 7 7 "steam"

+1 -1

modules/gui.nix

reviewed

··· 26 26 ]; 27 27 28 28 imports = [ ./machineInfo.nix ]; 29 29 - mInfo.gui = true; 29 29 + garden.info.host.gui = true; 30 30 31 31 xdg = { 32 32 portal = {

-2

modules/im.nix

reviewed

··· 1 1 { pkgs, ... }: 2 2 { 3 3 - imports = [ ./unfree.nix ]; 4 4 - 5 3 users.users.mou.packages = with pkgs; [ 6 4 senpai 7 5 signal-desktop

+1 -1

modules/machineInfo.nix

reviewed

··· 1 1 { lib, ... }: 2 2 { 3 3 - options.mInfo = { 3 3 + options.garden.info.host = { 4 4 gui = lib.mkOption { 5 5 type = with lib.types; bool; 6 6 default = false;

+1 -1

modules/netbird.nix

reviewed

··· 11 11 12 12 services.netbird.clients.homelab = { 13 13 port = 51820; 14 14 - ui.enable = config.mInfo.gui; 14 14 + ui.enable = config.garden.info.host.gui; 15 15 }; 16 16 }

+2 -2

modules/networkInfo.nix

reviewed

··· 1 1 { lib, ... }: 2 2 { 3 3 - options.nInfo = lib.mkOption { 3 3 + options.garden.info.network = lib.mkOption { 4 4 description = "Information about every host in the network."; 5 5 type = 6 6 with lib.types; ··· 41 41 ); 42 42 }; 43 43 44 44 - config.nInfo = builtins.fromJSON (builtins.readFile ../hidden/network.json); 44 44 + config.garden.info.network = builtins.fromJSON (builtins.readFile ../hidden/network.json); 45 45 }

+4 -4

modules/remoteBuildMachines.nix

reviewed

··· 35 35 programs.ssh = { 36 36 knownHosts = { 37 37 nixremote-lily = { 38 38 - hostNames = [ config.nInfo.lily.netbird-ip ]; 38 38 + hostNames = [ config.garden.info.network.lily.netbird-ip ]; 39 39 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaReNM+eSIzbZvqahaAlanf0z89rJQIYWx/rlaS4f1Y"; 40 40 }; 41 41 nixremote-lutea = { 42 42 - hostNames = [ config.nInfo.lutea.netbird-ip ]; 42 42 + hostNames = [ config.garden.info.network.lutea.netbird-ip ]; 43 43 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNMTxa2zRmHIXt3ARlCplboWRdCsAmDlN8gDLik4vNs"; 44 44 }; 45 45 }; ··· 58 58 ''; 59 59 in 60 60 '' 61 61 - ${mkSshConfig "lily" config.nInfo.lily.netbird-ip} 62 62 - ${mkSshConfig "lutea" config.nInfo.lutea.netbird-ip} 61 61 + ${mkSshConfig "lily" config.garden.info.network.lily.netbird-ip} 62 62 + ${mkSshConfig "lutea" config.garden.info.network.lutea.netbird-ip} 63 63 ''; 64 64 }; 65 65 }

+1 -1

modules/remoteBuilder.nix

reviewed

··· 19 19 20 20 nix.settings.trusted-users = [ "nixremote" ]; 21 21 22 22 - services.openssh.settings.AllowUsers = [ "nixremote@${config.nInfo.dandelion.netbird-ip}" ]; 22 22 + services.openssh.settings.AllowUsers = [ "nixremote@${config.garden.info.network.dandelion.netbird-ip}" ]; 23 23 }

+1 -2

modules/services/dendrite.nix

reviewed

··· 16 16 } 17 17 ]; 18 18 19 19 - networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = 20 20 - [ 8008 ]; 19 19 + networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 8008 ]; 21 20 22 21 services.postgresql = { 23 22 ensureDatabases = [ "dendrite" ];

+4 -5

modules/services/nextcloud.nix

reviewed

··· 41 41 }; 42 42 43 43 # This is the port that nginx listens on by default 44 44 - networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = 45 45 - [ 80 ]; 44 44 + networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 80 ]; 46 45 47 46 services = { 48 47 redis.package = pkgs.valkey; ··· 70 69 maxUploadSize = "1G"; 71 70 notify_push = { 72 71 enable = true; 73 73 - nextcloudUrl = "http://${config.nInfo.${config.networking.hostName}.netbird-ip}"; 72 72 + nextcloudUrl = "http://${config.garden.info.network.${config.networking.hostName}.netbird-ip}"; 74 73 }; 75 74 phpOptions = { 76 75 "opcache.interned_strings_buffer" = "16"; ··· 99 98 }; 100 99 "simpleSignUpLink.shown" = false; 101 100 trusted_proxies = [ 102 102 - config.nInfo.${config.networking.hostName}.netbird-ip 103 103 - config.nInfo.dandelion.netbird-ip 101 101 + config.garden.info.network.${config.networking.hostName}.netbird-ip 102 102 + config.garden.info.network.dandelion.netbird-ip 104 103 ]; 105 104 }; 106 105 };

+2 -2

modules/services/openssh.nix

reviewed

··· 13 13 }; 14 14 15 15 services.openssh.settings.AllowUsers = [ 16 16 - "mou@${config.nInfo.lutea.netbird-ip}" 17 17 - (lib.mkIf (config.networking.hostName == "lily") "mou@${config.nInfo.lutea.ipv4-local}") 16 16 + "mou@${config.garden.info.network.lutea.netbird-ip}" 17 17 + (lib.mkIf (config.networking.hostName == "lily") "mou@${config.garden.info.network.lutea.ipv4-local}") 18 18 ]; 19 19 }

+1 -2

modules/services/pds.nix

reviewed

··· 33 33 ''; 34 34 }; 35 35 36 36 - networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = 37 37 - [ 3000 ]; 36 36 + networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 3000 ]; 38 37 39 38 services.pds = { 40 39 enable = true;

+2 -3

modules/services/tangled.nix

reviewed

··· 22 22 }; 23 23 24 24 services.openssh.settings.AllowUsers = [ 25 25 - "${config.services.tangled-knotserver.gitUser}@${config.nInfo.dandelion.netbird-ip}" 25 25 + "${config.services.tangled-knotserver.gitUser}@${config.garden.info.network.dandelion.netbird-ip}" 26 26 ]; 27 27 28 28 - networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = 29 29 - [ 5555 ]; 28 28 + networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 5555 ]; 30 29 31 30 services.tangled-knotserver = { 32 31 enable = true;

+2 -2

modules/sss-mount.nix

reviewed

··· 4 4 pkgs, 5 5 ... 6 6 }: 7 7 - lib.mkIf (config.mInfo.sss-mount == true) { 7 7 + lib.mkIf (config.garden.info.host.sss-mount == true) { 8 8 environment.systemPackages = [ pkgs.rclone ]; 9 9 10 10 fileSystems."/sss" = { ··· 18 18 "config=${pkgs.writeText "rclone-mnt.conf" '' 19 19 [sss] 20 20 type = sftp 21 21 - host = ${config.nInfo.lily.netbird-ip} 21 21 + host = ${config.garden.info.network.lily.netbird-ip} 22 22 port = 2222 23 23 user = seedling 24 24 key_file = /data/seedling/id_ed25519

+2 -3

modules/unfree.nix

reviewed

··· 1 1 { config, lib, ... }: 2 2 { 3 3 - options.unfree.allowed = lib.mkOption { 3 3 + options.garden.unfree = lib.mkOption { 4 4 type = with lib.types; listOf str; 5 5 default = [ ]; 6 6 description = "A list of unfree packages that are allowed to be installed"; 7 7 }; 8 8 9 9 - config.nixpkgs.config.allowUnfreePredicate = 10 10 - pkg: builtins.elem (lib.getName pkg) config.unfree.allowed; 9 9 + config.nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.garden.unfree; 11 10 }