diff --git a/common/auto-upgrade.nix b/common/auto-upgrade.nix index 51d9468..f4c30b4 100644 --- a/common/auto-upgrade.nix +++ b/common/auto-upgrade.nix @@ -3,11 +3,11 @@ { system.autoUpgrade = { enable = true; - flake = "git+https://git.feal.no/felixalb/nixos-config.git"; + flake = "git+https://git.feal.no/felixalb/nixos-config.git?ref=nixos-26.05"; # TODO - restore to main flags = [ # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs. "--refresh" - "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.11-small" + "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-26.05-small" "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable" "--no-write-lock-file" ]; diff --git a/common/metrics-exporters.nix b/common/metrics-exporters.nix index 57fdd24..7566251 100644 --- a/common/metrics-exporters.nix +++ b/common/metrics-exporters.nix @@ -17,41 +17,6 @@ in { ''; }; - services.promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 28183; - grpc_listen_port = 0; - }; - clients = [ - { - url = "http://${metricsHost}:3100/loki/api/v1/push"; - } - ]; - scrape_configs = [ - { - job_name = "systemd-journal"; - journal = { - max_age = "12h"; - labels = { - job = "systemd-journal"; - host = config.networking.hostName; - }; - }; - relabel_configs = [ - { - source_labels = [ "__journal__systemd_unit" ]; - target_label = "unit"; - } - { - source_labels = [ "__journal_priority_keyword" ]; - target_label = "level"; - } - ]; - } - ]; - }; - }; + # TODO: Configure fluent-bit or rsyslog } diff --git a/flake.lock b/flake.lock index cb74fa6..79fa4d1 100644 --- a/flake.lock +++ b/flake.lock @@ -31,24 +31,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -56,16 +38,16 @@ ] }, "locked": { - "lastModified": 1778401693, - "narHash": "sha256-OVHdCqXXUF5UdGkH+FF2ZL06OLZjj2kvP2dIUmzVWoo=", + "lastModified": 1779726825, + "narHash": "sha256-RUkMrREjKDQrA+dA9+xZviGAxM5W1aVdyOr/bSYpHrE=", "owner": "nix-community", "repo": "home-manager", - "rev": "389b83002efc26f1145e89a6a8e6edc5a6435948", + "rev": "b179bde238977f7d4454fc770b1a727eaf55111c", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.11", + "ref": "release-26.05", "repo": "home-manager", "type": "github" } @@ -97,16 +79,16 @@ ] }, "locked": { - "lastModified": 1764161084, - "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", + "lastModified": 1779036909, + "narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e95de00a471d07435e0527ff4db092c84998698e", + "rev": "56c666e108467d87d13508936aade6d567f2a501", "type": "github" }, "original": { "owner": "nix-darwin", - "ref": "nix-darwin-25.11", + "ref": "nix-darwin-26.05", "repo": "nix-darwin", "type": "github" } @@ -114,17 +96,17 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1764813963, - "narHash": "sha256-Vs7Mamto+T8r1evk9myHepgHGNJkS2Kr0BF64NIei94=", + "lastModified": 1780113881, + "narHash": "sha256-AMOOt682Odr4GZwCwZ08/Q/21/Sh3DxfmOAoiQbTKhk=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "491200d6848402bbab1421cccbc15a46f08c7f78", + "rev": "d9bd57f218cda7d6aac4b52546240da0df76a1f9", "type": "github" }, "original": { @@ -135,22 +117,23 @@ }, "nixpkgs": { "locked": { - "lastModified": 1778452785, - "narHash": "sha256-7zDRz1Jr69CiWDvJSjqIF2/X8wY+d8PACt4xIvesruE=", + "lastModified": 1780203844, + "narHash": "sha256-K5sT4jTpGs15ADhviMKNBH38REpPf5Q6mM1+N6cArVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9700a8ef2f85813ee04a956ab2747a22d0b67b95", + "rev": "b51242d7d43689db2f3be91bd05d5b24fbb469c4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.11-small", + "ref": "nixos-26.05-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-2211": { "locked": { + "lastModified": 1658083977, "narHash": "sha256-yqLXI+viN5+Vx5YpG9gNapKL3/+P6Pkprc36xNdyqSU=", "type": "tarball", "url": "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz" @@ -162,27 +145,27 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1764806471, - "narHash": "sha256-NsPsz003eWD8wp8vj5BnQzPoDyeQKRUfS2dvan2Y30M=", + "lastModified": 1780020239, + "narHash": "sha256-ik+V883hTc6GG7TzjxMdhEoMV0hCbQPfsRtNsB1qWUQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6707b1809330d0f912f5813963bb29f6f194ee81", + "rev": "c85dc29a9bcafa665b8ce0654ca019cdb05e63c6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-25.11-darwin", + "ref": "nixpkgs-26.05-darwin", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1777954456, - "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { @@ -202,11 +185,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1771451240, - "narHash": "sha256-qA8rm0zxrFBVbleYEOJziggyJtZEu1DFeAo3OAkbmB4=", + "lastModified": 1780187278, + "narHash": "sha256-vIC3RsPexOT2zcacHBcIQ5CPrPIisSLiMBS6tblGLDw=", "owner": "pwndbg", "repo": "pwndbg", - "rev": "5eb91f443cefb75fae9567aa23931670dc2277a9", + "rev": "07a27367b17e2b7172d6c7a2b891e4c5471275b6", "type": "github" }, "original": { @@ -287,11 +270,11 @@ ] }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1777944972, + "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "c591bf665727040c6cc5cb409079acb22dcce33c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 656070c..deb0897 100644 --- a/flake.nix +++ b/flake.nix @@ -3,15 +3,15 @@ inputs = { # Nixpkgs and friends - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11-small"; # Remember to update ./common/auto-upgrade.nix - nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-25.11-darwin"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05-small"; # Remember to update ./common/auto-upgrade.nix + nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-26.05-darwin"; nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; + nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-26.05"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs-darwin"; - home-manager.url = "github:nix-community/home-manager/release-25.11"; + home-manager.url = "github:nix-community/home-manager/release-26.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; # Other inputs diff --git a/home/base.nix b/home/base.nix index a8e76be..fcb1229 100644 --- a/home/base.nix +++ b/home/base.nix @@ -10,7 +10,6 @@ bat bottom # ncdu - neofetch pwgen sshfs sshuttle diff --git a/home/neovim.nix b/home/neovim.nix index 6ae0967..03056fe 100644 --- a/home/neovim.nix +++ b/home/neovim.nix @@ -24,16 +24,19 @@ in { nvim-treesitter coc-css - coc-go coc-html coc-json coc-nvim vim-nix vim-puppet + + go-nvim ]; withNodeJs = true; + withPython3 = true; + withRuby = false; extraConfig = '' let mapleader = ',' diff --git a/hosts/challenger/configuration.nix b/hosts/challenger/configuration.nix index e48a31a..32c72ee 100644 --- a/hosts/challenger/configuration.nix +++ b/hosts/challenger/configuration.nix @@ -49,13 +49,23 @@ security.polkit.enable = true; # Required for nextcloud nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "nvidia-x11" - "nvidia-settings" + "nvidia-kernel-modules" + "nvidia-settings" + "nvidia-x11" ]; hardware.nvidia = { modesetting.enable = true; open = false; + # https://github.com/sircam-html/nixos-conf/blob/main/guides/nvidia-nixos-guide.md + package = config.boot.kernelPackages.nvidiaPackages.mkDriver { + version = "580.142"; + sha256_64bit = "sha256-IJFfzz/+icNVDPk7YKBKKFRTFQ2S4kaOGRGkNiBEdWM="; + sha256_aarch64 = "sha256-0000000000000000000000000000000000000000000="; + openSha256 = "sha256-0000000000000000000000000000000000000000000="; + settingsSha256 = "sha256-BnrIlj5AvXTfqg/qcBt2OS9bTDDZd3uhf5jqOtTMTQM="; + persistencedSha256 = "sha256-0000000000000000000000000000000000000000000="; + }; }; hardware.graphics.enable = true; diff --git a/hosts/challenger/exports.nix b/hosts/challenger/exports.nix index 6ca446c..dc1e17e 100644 --- a/hosts/challenger/exports.nix +++ b/hosts/challenger/exports.nix @@ -4,6 +4,7 @@ "/export/riker-backup" = { device = "/tank/backup/riker"; options = [ "bind" ]; + fsType = "none"; }; }; diff --git a/hosts/challenger/filesystems.nix b/hosts/challenger/filesystems.nix index a4c3889..c7f2483 100644 --- a/hosts/challenger/filesystems.nix +++ b/hosts/challenger/filesystems.nix @@ -9,6 +9,7 @@ zfs = { extraPools = [ "tank" ]; requestEncryptionCredentials = false; + forceImportRoot = false; }; supportedFilesystems = [ "zfs" ]; }; diff --git a/hosts/challenger/services/frigate.nix b/hosts/challenger/services/frigate.nix index ab07f96..b8c3298 100644 --- a/hosts/challenger/services/frigate.nix +++ b/hosts/challenger/services/frigate.nix @@ -5,6 +5,7 @@ device = "/tank/nvr/frigate"; depends = [ "/tank/nvr/frigate" ]; options = [ "bind" ]; + fsType = "none"; }; }; diff --git a/hosts/challenger/services/nextcloud.nix b/hosts/challenger/services/nextcloud.nix index 73af9ad..62be5bb 100644 --- a/hosts/challenger/services/nextcloud.nix +++ b/hosts/challenger/services/nextcloud.nix @@ -5,7 +5,7 @@ let in { services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; inherit hostName; home = "/tank/nextcloud"; https = true; @@ -75,7 +75,7 @@ in { environment.systemPackages = [ cfg.occ # "occ CMD" in the docs -> "sudo -u nextcloud nextcloud-occ CMD" - pkgs.nodejs_20 # For Recognize; Put /run/current-system/sw/bin/node in the "node_binary" field in the web UI -> Memories + pkgs.nodejs # For Recognize; Put /run/current-system/sw/bin/node in the "node_binary" field in the web UI -> Memories ]; sops.secrets."nextcloud/adminpass" = { diff --git a/hosts/defiant/filesystems.nix b/hosts/defiant/filesystems.nix index e355fe1..4081db1 100644 --- a/hosts/defiant/filesystems.nix +++ b/hosts/defiant/filesystems.nix @@ -3,7 +3,11 @@ # Boot drives are defined in ./hardware-configuration.nix boot = { - zfs.extraPools = [ "tank" ]; + zfs = { + extraPools = [ "tank" ]; + forceImportRoot = false; + }; + supportedFilesystems = [ "zfs" ]; }; services.prometheus.exporters.zfs.enable = true; diff --git a/hosts/defiant/libvirt.nix b/hosts/defiant/libvirt.nix index d69d1ce..3d6ee80 100644 --- a/hosts/defiant/libvirt.nix +++ b/hosts/defiant/libvirt.nix @@ -11,6 +11,7 @@ fileSystems."/var/lib/libvirt/images" = { device = "/tank/iso"; options = [ "bind" ]; + fsType = "none"; }; # On a gui-enabled machine, connect with: diff --git a/hosts/defiant/services/monitoring/grafana.nix b/hosts/defiant/services/monitoring/grafana.nix index 6c61b0c..cb8d5cd 100644 --- a/hosts/defiant/services/monitoring/grafana.nix +++ b/hosts/defiant/services/monitoring/grafana.nix @@ -9,10 +9,15 @@ in { # TODO: Migrate sqlite to postgres - settings.server = { - domain = "grafana.home.feal.no"; - http_port = 2342; - http_addr = "127.0.0.1"; + settings = { + server = { + domain = "grafana.home.feal.no"; + http_port = 2342; + http_addr = "127.0.0.1"; + }; + security = { + secret_key = "SW2YcwTIb9zpOOhoPsMm"; # TODO - Rotate + }; }; provision = { diff --git a/hosts/defiant/services/monitoring/snmp-exporter.nix b/hosts/defiant/services/monitoring/snmp-exporter.nix index e68ae2f..7b20e65 100644 --- a/hosts/defiant/services/monitoring/snmp-exporter.nix +++ b/hosts/defiant/services/monitoring/snmp-exporter.nix @@ -1,12 +1,13 @@ { config, pkgs, ... }: { - services.prometheus.exporters.snmp = { - enable = true; - configurationPath = ./snmp-exporter-conf.yml; - # snmp.yml is built from - # https://github.com/prometheus/snmp_exporter/blob/main/snmp.yml - # and - # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_MIB_Guide.pdf - }; + # TODO - Fix. Broken in 26.05 + # services.prometheus.exporters.snmp = { + # enable = true; + # configurationPath = ./snmp-exporter-conf.yml; + # # snmp.yml is built from + # # https://github.com/prometheus/snmp_exporter/blob/main/snmp.yml + # # and + # # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_MIB_Guide.pdf + # }; } diff --git a/hosts/defiant/services/pihole.nix b/hosts/defiant/services/pihole.nix index 66a6ca2..21a0ad7 100644 --- a/hosts/defiant/services/pihole.nix +++ b/hosts/defiant/services/pihole.nix @@ -4,7 +4,7 @@ let dnsHost = "192.168.10.175"; webuiListen = "127.0.1.2:5053"; in { - # Flame - Homelab dashboard/linktree + # Pihole - Ad-blocking DNS recursor and authoritative DNS/DHCP virtualisation.oci-containers.containers = { pihole = { image = "pihole/pihole"; diff --git a/hosts/defiant/services/wireguard.nix b/hosts/defiant/services/wireguard.nix index e0886e9..9098109 100644 --- a/hosts/defiant/services/wireguard.nix +++ b/hosts/defiant/services/wireguard.nix @@ -16,10 +16,10 @@ in { privateKeyFile = "/etc/wireguard/defiant.private"; postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o enp3s0 -j MASQUERADE ''; postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o enp3s0 -j MASQUERADE ''; peers = (import ../../../common/wireguard-peers.nix); diff --git a/hosts/worf/home.nix b/hosts/worf/home.nix index edb4e35..45a7cf5 100644 --- a/hosts/worf/home.nix +++ b/hosts/worf/home.nix @@ -26,7 +26,7 @@ prismlauncher restic snicat - # spotify # TODO - broken in 25.11 + spotify tldr w3m zellij