bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 00:29:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: reorganize flake structure and consolidate user config

Browse source 
Directory structure:
- Move from src/ to root level (system/, user/)
- Remove unused machines (workstation, vm, laptop)

User configuration:
- Add user/home.nix for shared defaults (pass, essentials, default modules)
- Centralize user options in user/default.nix
- Move submodules to consistent paths (bash/bash, git/git, neovim/nvim, vim/vim)

Module reorganization:
- Flatten nested module structures (remove /modules/ subdirs)
- Split CLI vs GUI tools (dev/ for CLI, gui/dev/ for GUI)
- Move neovim/vim to top-level modules (not under utils/)
- Remove security.enable - pass now in user/home.nix
- Remove utils.enable - essentials now in user/home.nix
- Add security/yubikey module with yubikey-manager, age-plugin-yubikey
- Move pcb, design to gui/dev/
- Replace penpot docker wrapper with nixpkgs penpot-desktop
- Remove i3 config
- Remove deprecated wsl.nativeSystemd option

GUI improvements:
- Browser-focused mimeApps in gui/default.nix
- Each WM handles its own auto-start via profileExtra

Cleanup:
- Update README with new structure
- Update justfile paths and valid systems
- Fix submodule paths in .gitmodules
This commit is contained in:
Bryan Ramos 2026-03-14 15:26:18 -04:00
parent ac95d1c23d
commit 14efa80cab
141 changed files with 505 additions and 1561 deletions
Download patch file Download diff file Expand all files Collapse all files

105
system/machines/server/modules/frigate/default.nix Normal file
View file

@ -0,0 +1,105 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.frigate;
nginx = config.modules.system.nginx;
domain = "ramos.codes";
in
{
options.modules.system.frigate = {
enable = mkEnableOption "Enable Frigate NVR";
};
config = mkIf cfg.enable {
services.frigate = {
enable = true;
hostname = "frigate.${domain}";
# vaapiDriver = "i965"; # Haswell only supports H.264, not HEVC
settings = {
mqtt.enabled = false;
# ffmpeg.hwaccel_args = "preset-vaapi"; # Disabled - camera uses HEVC which Haswell can't decode
record = {
enabled = true;
# 24/7 recording - needs better hardware
# retain = {
# days = 14;
# mode = "all";
# };
};
cameras = {
doorbell = {
enabled = true;
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.1.167/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
living_room = {
enabled = false;
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.1.147/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
kitchen = {
enabled = false;
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.1.147/cam/realmonitor?channel=2&subtype=0";
roles = [ "record" ];
}];
};
parking_lot = {
enabled = true;
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.1.194/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
porch = {
enabled = false;
detect.enabled = false;
ffmpeg.inputs = [{
path = "rtsp://admin:ocu?u3Su@192.168.0.43/cam/realmonitor?channel=1&subtype=0";
roles = [ "record" ];
}];
};
};
};
};
# Add SSL to frigate's nginx virtualHost
services.nginx.virtualHosts."frigate.${domain}" = mkIf nginx.enable {
useACMEHost = domain;
forceSSL = true;
};
# Bind mount caches into the 3TB frigate LVM volume
systemd.tmpfiles.rules = [
"d /var/lib/frigate/cache 0750 frigate frigate -"
"d /var/lib/frigate/nginx-cache 0750 nginx nginx -"
];
fileSystems."/var/cache/frigate" = {
device = "/var/lib/frigate/cache";
options = [ "bind" ];
};
fileSystems."/var/cache/nginx/frigate" = {
device = "/var/lib/frigate/nginx-cache";
options = [ "bind" ];
};
# Backup recordings/database, exclude caches
modules.system.backup = {
paths = [ "/var/lib/frigate" ];
exclude = [ "*/cache" "*/nginx-cache" ];
};
};
}